The Author: Nick Petreley, a noted and repeated anti-microsoft (as opposed to pro-linux) grandstander The Theme: get traffic and ad impressions for CNN by trolling slashdot into citing their article The Bait: A limply humorous spoof on a moderately interesting movie. The Content: a puerile sissy-slap in the face of Microsoft, roughly equivalent to "nyah nyah, your OS is unstable" The Result: pay dirt. The gullible slashdot authority falls for it. Tens of thousands of ad impressions line CNN's pockets. Microsoft is *yawn* yet again trashed on slashdot. No provocation in the form of actual news is required. Humor Level: Three boston cream pies out of ten. Sucker Level: Off the charts. -konstant
Don't worry about consolidation of the CA structure into one or two "elite" trees. If you are running Internet Exploder, you can see quite easily that there is no such threat. Tools|Internet Options|Content|Certificates Click on the tab that says Trusted Root Certification Authorities. You'll see that there are about four other CA's in the root store that ships with Windows. Since everyone under Windows has those root certs, there is nothing to prevent those CA's from becoming just as powerful as Verisign or Thawte save capitalistic competition. Now, you could legitimately disparage Verisign for distributing certs in such a promiscuous fashion (their "30 day trial" keys), but hopefully as consumers become savvier, they will not reward such behavior. -konstant
Now get on a Winbox as a "normal user" and try to trash the system or install something like BO that allows others to remotely mess with your system. Pretty easy, isn't it?
Ok, that makes sense. Once you get into the Windows box by having the victim install back orifice, you can trash the machine. However, I was under the impression that these problems were well understood before BackOrifice came along.
What I was wondering was what makes BackOrifice itself revolutionary? What does BackOrifice expose that we didn't already know?
Or is it just supposed to be a toolkit, something like root kits in Linux?
You've completely missed the point fuckhead. I am sure Microshaft is willing to make things a bit more secure to suck down that fat $100 bill from your wallet. Al least with linux/BSD/Unix, you can fix it right... FOR FREE. You sir obviously have more money than brains.
I have very little money.
Microsoft releases SR, SPs, and even the entire "Second Editon" of Win98 (sort of a glorified SP) for free. Microsoft does not require that you pay for security fixes. If you are having trouble finding those patches, they can be located at:
But the big difference--and this just goes to show you're completely lacking that Golden Clue--is that if a problem pops up with a Unix system (fuck redhat and fuck rpms, too) we can actually fix the goddamn thing ourselves.
I don't believe I said anywhere that Microsoft was better than Linux did I? I didn't mean to imply that.
Do you really personally fix the source code yourself when your Linux box gets hacked? You have a lot more skill than I do. I wouldn't know where to start.
BO and the 2k is a series of abilities already present in windows software. -just made so ANYONE can use it. Not just microsnot. The point is that Microsnot puts it in the system in the first place, and nobody knows or cares. BTW, Ive known and hung with these guys in the past, they are right. Dont read the fine print, look at the big picture of what they are trying to tell everyone, and act on it.
Since you've hung out with them, maybe you have an insight I dont. However, Microsoft does release software tools that administer Windows remotely, under the name Microsoft SMS (System Management Server). Their website is:
If you do read BugTraq, you'd know that both RedHat and MS have a pretty decent record for acknowledging security holes quickly. The difference is that MS recommends a cheesy workaround and says "wait for the next Service Pack" (which break things more often than not; ZD's Tips for NT Admins include not applying Service Packs unless you know you need them, which is sad). RedHat meanwhile posts the URLs for updated packages in their messages.
Right now I am browsing Microsoft's "Security Update" website with a new install of Win98:
Could someone please clarify something about BO2k for me? In the interview with reference to Back Orifice, they state:
A hell of a lot of people should be upset their computers are wide open.
Now, as I understand it, Back Orifice will not run unless the victim (excuse me, "remote client") voluntarily installs it or is tricked into doing so. cDc also repeatedly emphasizes that BO2k can be used as a legitimate administration tool.
Are cDc suggesting that if I can write a remote administration program for an operating system, then that system is "wide open"? On what system is this impossible? If there is such a system, isn't that a failing of the OS rather than a security plus?
I know very little about cracking, but it seems to me the only security compromise in the BO2k scenario is social engineering. "Click on this c00l zip file, dude!"
Where's the security flaw? The fact that, once I have user permissions, I can do bad stuff? I thought... well isn't that obvious???
NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
Which is completely unlike the statement "Shit wouldn't happen if you'd just gone to Red Hat's ftp site to download the latest patches, trolled the newstgroups to find the appropriate HowTos, read BugTraq for three weeks prior to installation, been running the correct firewall, never opened any ports other than 80, never installed anything that had a 'd' at the end, and had Linus Torvalds personally supervising the installation. You stupid BillG-loving Windoze Luzer."
I would like to know how cDc can make blanket statments about WinNT5/"2000" security? Security issues are the primary reason OS's get delayed from ship at Microsoft. Are they basing this statement upon how difficult it was to crack RC2, which is a beta? I'm assuming they at least have used win2k...
[1 Jebediah 3:22] Yea, and Hemos took up his sling, and girt himself about the loins withal. And he was passing wroth.
[1 Jebediah 3:23] And Hemos left behind the tent of his fathers and the laps of his wives, for THE LORD sayeth, "Smite the Nanites, for they are a wicked people, full of sloth and blasphemy against My dominion."
[1 Jebediah 3:24] And with a jawbone, yea, even the jawbone of an ass, did he smite them. And the Nanites fell before him. Much woe was there in the tents of the Nanite women, and they did rend their garments with very fear.
[1 Jebediah 3:25] And Hemos rejoiced in THE LORD, who is God, saying "Behold, I am full with the spirit of THE LORD."
Let me first say this is a very funny joke to play on the NSA if they indeed are still running the Echelon program. I can imagine them drawing straws to find out who'll be the poor schmoe hitting the reboot button all day long on Jam Echelon day...
But in response to some of the alarmist posts I saw in the old, archived Echelon discussion, may I just remark "The Man does not care about you! You are not interesting to the Man! The Man consider the lint on his Armani suit to be more important than your entire existence, the existence of your parents, and those of your future children, spouses, and pets! You are a nobody! Wake up and get a life!"
While in college I hung out with a pretty leftist crowd. Lots of megaphone demagoguery on the quad about starving babies in Iraq, etc, etc. Well, okay, let's just be frank and say quite a few of my acquaintances were just polishing their manifestos for the day when the socialist revolution happened and they would be called upon to lead their brave comrades into a People's Utopia. Not that I didn't largely agree with them, but they were definitely nuts.
Anyway, these people were obsessed with the notion that the FBI/CIA/NSA/Shadowy NWO/paranoid three-letter-acronym(TLA) du-jour was spying on them. They had read more biographies of Dr. Spock and Mumia Abu Jamal than was quite good for them, and since those activists were their heros, they were convinced that the Powers That Be would treat them as shady characters worthy of a File in the Black Room. Frequently I would overhear these people in their little cells talking in hushed but excited voices about a "friend-of-a-friend" who had gone to CIA headquarters and demanded his file, "and it was verrrry interesting..."
(Aside: when they set up the FOIA over the web, I actually sent in a request to the CIA to pull references to my name. After several pieces of correspondence taped shut with duct tape, they formally declared they did not know who the hell I was and would I please stop sending them letters?)
Now you see, the CIA/FBI/NSA simply has better things to do than track every punk college student who thinks Castro's Cuba would probably be a sea of golden grain/ring of frolicking workers/god's daisy chain if only the nasty US government would stop trying to sanction it out of existence. Lots of college kids have these ideas. Lots of college kids talk about these ideas. They are discussed so often and openly that they have almost become part of the establishment - a rite of passage for white yuppie larva passing through on their way to productive careers as Cogs in the Machine. Why would the CIA give a fuck if yet one more kerchief-bedecked hashhead had stumbled upon the notion that, whoah, we're like only ciphers in this like vast capitalist machine!
Similarly, why on earth would the NSA give a rat's ass about anything you have to think or say? The simple, undeniable fact is that you and I are totally irrelevant. As they go around chanting in Fight Club "I am not special. I am not a beautiful unique snowflake." Damn right we aren't. We couldn't destabilize this country if you tried. What would we do? Put pr0n up on all the major homepages of the information infrastructure?
No doubt there are some people that the government is watching, even today. These are people who are coordinating real revolutions, underground sects, militarized religious organizations that dream of dropping acid into the water supply someday. Political enemies of the Republicrats, Black Panthers, whatever. Not slashdot readers.
Let's repeat that. Not slashdot readers. We are irrelevant in the grand powergames of nations. Sorry for the depressing news. I can already hear some of you squawking "Speak for yourself! You have no idea of the dark byways I travel! I am unique! I am dangerous! I am special! I am unlike the common man!"
Ok, sure. Maybe you are. Just remember the quote: "The common man believes he isn't."
It's just a MIDI file with random delays between notes. It is so realistic that when they played it at a session of my local Oompah Band we could hardly believe our ears! -konstant
MS has a strong opportunity here to squash the growth of Linux into the mindspace of PHB's and daytraders. People who know very little about technology, and wouldn't know a FAT from a hole in the ground, only have the somewhat ephemerally defined concept of "open source" to explain the ravishing success of Linux they keep hearing about in PCWeek, Salon, what have you. They don't know why Windoze Suxx or why Linux Rulez, but they do have a feeling that open source has something to do with it. What has kept MS from open-sourcing macro-Windows? Primarily their fear of two things. Firstly, they want people eating out of their hands for upgrades, and secondly they want strict control over the tree so that they can push out system-level support for the latest version of BackOffice and their productivity apps, which combine to almost all of their revenue. But CE sucks, even from Microsoft's perspective. None of the really cool products that Microsoft makes can run in a CE environment. CE simply is not a money maker. Rather, it is a blockade against the PalmOS people, Linux, and any other vendor of embedded OSs that might someday trump Microsoft if average people ever get tired of desktop PCs. IOW, Microsoft doesn't care right now about controlling CE. It doesn't do them very much good. Open source CE! Of course! It will 1) supplant Linux in the minds of PHBs - "Why use open source Linux (a hacker's toy) when you can use open source Windows!" 2) improve the quality of CE while the desktop market still dominates. When/if palmtops and embedded systems ever really become the jazz, all MS has to do it snatch up the now lean-and-nimble CE, put stronger central controls in place, and ride that puppy down the road to riches. If MS wants to kill Linux's entry into the palm space, and probably it does, this seems like an excellent way to do it when combined with proper marketing. -konstant
IANAL, but this article seems to be implying that the burden of proof rests upon the defendant in patent-violation cases. If this is the case, then it creates a curious set of conditions in relation to the openness of the product code base. Software that is open, and thus can be inspected freely, is far easier to defend against charges such as these than is the case with closed software. If the the code is kept proprietary, then the only means by which a developer can prove innocence is to allow a court-supervised inspection of the code. This causes all sorts of legal troubles, because typically the suing corporation has a vested interest in learning how the proprietary code works.
You may remember Microsoft's tiptoeing with the Caldera case (I think it was Caldera). They had to explain at length to the judge that opening their Windows code as a defense exhibit would endanger their business model. The code could only be examined after much legal wrangling and numerous NDAs had been signed. No doubt this is pretty costly - legal work doesn't come cheap.
By contrast, since the code of open-source projects is, by definition, open, we might expect fewer spurious suits of this kind levied against FSF/OSS products. Why press your luck suing somebody when you know quite plainly they have not violated your patent and that it would cost them nothing (apart from lawyer overhead) to demonstrate that fact. It's a financially losing proposition. The incentive to settle and let the patent pirate laugh its way to the bank is far smaller.
By the same token though, if you do open your source, you'd better be damn sure you really aren't violating any proprietary code.
Why is this story posted on slashdot? Is it simply to provide people with a forum to make snide remarks about Microsoft? Aren't there enough legitimate opportunities to do that already?
In case you don't realize this guys, 20000 geeks' livelihoods depend directly upon Microsoft. Twenty thousand employees and their families are directly influenced by software piracy. Pirated copies of software cost Microsoft money, and do you think they'll be passing that cost along to BillG? Forget it. It comes straight out of the base employees' salaries.
Hey, I know you guys don't like patents. I know you don't like copyrighted software. I know you don't like Microsoft. I get what you're saying. What some of you don't seem to get, though, is that as long as our industry operates on those principles, ordinary peoples' lives can be harmed by flippant acts of "rebellion" such as piracy.
If you want to change software, advocacy is the best way. Look how much has already been accomplished by those means. Laughing about guerilla tactics like cracking and piracy only reinforce the negative stereotypes of this movement.
How's this for an idea - if I want to make a large contribution to a candiate, I have to go through an anonymizing proxy.
That's an interesting idea, but it has drawbacks. Namely that we have no assurance the politician and the donor have not conferred secretly. Such a combination surely would be worse than the corrupt but discoverable method we employ today.
After the massive disenchantment expressed by long-time SW fans over The Phantom Menace, this move by Lucas is upsetting, but not surprising. He's heard the frequent complaints that TPM was too trivial and candied, and despite his incessant protestations that this was just a "children's movie, for children", you know he's gotta be feeling the criticism.
After being idolized by so many of us for so long, how could he not be disturbed by our sudden loss of faith?
So Lucas is trying to prove he is not namby-pamby, and that the Ewoks and Jar Jar really aren't his notion of "pivotal characters". He wants to demonstrate to us that hey can be dark and brooding, and that terror still exists in the Star Wars universe.
But what a cheap means to do it! Kill off an old favorite (and notably, one who added more color than content to the series) and suddenly you gain both the attention and the approbation of people who have grown out of comical pratfalls. All it takes is a call to a popular author - you don't even have to invest your creative labor!
Sad. I suspect we will see increasing amounts of this as Lucas marches towards his next multi-million dollar flop. I predict large fuzzy giggling bunnies from outer space will dominate the next movie, and in the books Leia will get gang raped.
This is a problem with our democracy, not just a problem with MS. Most residents of Washington state are aware that Senator Slade Gorton eats out of the hand of not just Microsoft, but also Boeing and Weyerhaueser, the next two largest local companies. Politicians who perhaps are already inclined towards helping business can easily be swayed with strategic "contributions". Microsoft clearly forsees a future in which it has emerged from the current anti-trust battle and continues to practice dubious business tactics. They wish to avoid a repeat of the current finagle. This offers us an interesting insight into their corporate mentality - evidently BillG doesn't believe he is going to lose the DoJ case. Not in the long run, at any rate. The dismaying part is that they are correct. You can own Congress. As I once heard someone say, "A congressman is the best long-term investment of all". Soft money has to go. Disclosure is poor at the moment, but even full disclosure would be ridiculously ineffective. The whole point of representative democracy is that I don't have to monitor every legislative detail that comes down the pike. What then are the chances that I will want to monitor every financial detail? Politicians will "fully disclose" their contributions buried somewhere in the back pages of the classifieds, and nobody will ever read them. The Supreme Court has several times ruled that money is speech. They are right, but they take it to illogical extremes. A contribution to the campaign of my favorite politician is indeed a means of indicating my support for him or her. But does a person with ten times as much disposable cash as myself really have ten times as much to say? Far from it. Let's put some teeth into limits on campaign contributions. Ban soft money and PACs. Microsoft can only do this because the corrupt infrastructure allows it. -konstant
You mean, two competing products are.... competing????
Here is the text of the gigantic image:
Bumpty Ride
Buckle up. If you're still using that "free" X server that came with your Linux distribution, well, hazardous conditions lie ahead.
The X Server is the graphics sub-system in a Linux or UNIX installation. It is more than twice the size of the Linux kernel and much, much busier. Critical communications, fonts, drawing, windowing, mouse, keyboard, memory functions, and more all depend on the X server.
When the X server "falls over" - crashes - the entire operating system goes down. And usually, the user unfairly blames Linux itself.
To make your graphical Linux all that it can be, you need a commercial quaklity X server that's proven itself in thousands of mission-critical applications. An X server that delivers the full power of your graphics hardware to your LCD or monitor in the form of crisp, clean, and fast images. For all that, you need Accelerated-X.
Unmatched stability. Lightning-fast graphics. Superior performance. You'll find accelerated-X is like a fresh set of tires on brand-new blacktop. Want a test drive? Steer your browser to our website.
IMHO, if the Justice Department wants to start looking into computer crime, how about looking into how a *lot* of computer companies (and by no means do I just mean MS, although they are one of the major perps) put out buggy software and then sell the security or software patches?
That is a very foolish and partisan sentiment. It is also unsound legal thinking. The moment that it becomes illegal or fiscally dangerous to ship unstable software, you will see exactly one thing: less software will be shipped, and the companies that do ship will be huge megaglomerates like Microsoft that can afford to settle a lawsuit. Small developers will have to join the conglomerates in order to preserve their asse(t)s.
If you don't believe me, it is very simple to demonstrate I'm right. Medicine has been going down this path ever since "malpractice" entered the vocabulary of people like yourself. How many small-time doctors do you visit these days? They are a dying breed because they can't afford the insurance or the risk of being sued for accidents beyond their control.
If I could be sued for every bug in every program I have written, I would never publicly release software. It is impossible to track down every bug in software. You are deluded by your hatred for Microsoft if you think otherwise. The greater the complexity, the greater the number of inevitable bugs.
If software harms somebody, then you can sue the maker. If software is buggy, then the market will take care of it. Unless people don't share your opinion of what is acceptably buggy.
I say keep software free and clear. Don't introduce parasitic lawyers into what is, despite griping from people like yourself, very nearly a perfect industry.
Cracking is a crime. I won't suggest it ought to be a crime. I won't say I'm happy it's a crime. But it is a crime. AKA illegal, breakin de law, no-no, stoppit.
While cracking is a crime, it is perfectly appropriate for the DOJ to enforce laws against it. One of the most effective measures against criminal activity is preventive education. AKA propaganda, ministry of truth, marketing, flak.
The activities described on the cited page are illegal. The people most commonly engaged in them are young. The DOJ is using the bully pulpit in a means that is just as effective and admirable as the "Just say No" campaign of the 80's. I don't agree with anti-drug laws, and I don't agree with some anti-cracking laws, but I have complete respect for the men and women who must enforce those laws, regardless of their wisdom.
Wonderful! Now I will be smart, impotent, and resistant to radiation! The evolution of a new human subspecies!
Actually, if you read the article, you see that the indication of neural growth is in the dendrite fibers. If you don't remember from high school biology, the dendrites are the feathery tentacles on one side of the nerve cell opposite to the long trailing axon on the other. Here's a pic:
These scientists in Israel have remarked that prolonged exposure to caffeiene promotes growth of the dendrite forest. New dendrite trunks don't sprout, but the ones that alread exist become "leafier". Now, there are many theories about what constitutes a "smart" brain. Repeated study of Einstein's chilled gray blob have failed to turn up any manifest differences from brains of the average population. However, it's generally accepted that the interconnection between cells, handled by the axons and dendrites, has a bearing on our ability to remember data and patterns. The better and more efficient your connections, the faster you can see patterns in your daily experiences, and the smarter you are.
The key word is "efficient". This caffeiene-promoted boost in dendrite growth may be fairly random. If so, then the connections it is forming between cells may not be relevant to efficient pattern retrieval. This would actually slow down your thought processes by weaking the strength of the electrochemical signal along the "correct" pattern pathway. Your axon bodies only release so much neurotransmitter at any given time, so the potency is weakened by a proliferation of recipient dendrites.
I can't be the only one. I work for a hi-tech company, I love gadgetry, I'm entranced by the latest "thing", but I simply don't watch television. When I do use the TV, it's for movies. I don't even know what channels I receive.
Spending my entire day in front of one monitor merely to go home to another (in lower res at that:) doesn't gel with me.
Maybe TV is a dying medium. Once you've been exposed to the stimulus of interactive content - of actual people responding to your assertions and replying with their own - sitting in front of a glowing CRT that feeds you laugh tracks just can't kick the endorphins back to their former highs.
Set-tops are betting on the addiction of people to their televisions. The manufacturers fancy that Joe Smith, who watches the typical eight hours a day, can be eased into a new dependency, this time on their "content" services like chat and news. But isn't that sort of thing anathema to Joe Smith's entire way of life? If he wanted stimulation, he could find it in a book or in a bar. He doesn't want it. He wants to be deadened for a few hours before bedtime.
Wake up. Go to work. Come home. Go to sleep.
Why would he allow thought and stress, both of which are prevalent on the internet, to encroach upon his mental down time?
OTOH, I could be wrong. Could be that with their combination of flair and verbal communication, set-tops will spark a slow return to literacy and a new appreciation for personal expression. That would be an excellent thing, although I'm a little dubious at this point.
This is just the sort of thing I want to hear. Embed those puppies in my skin! I want to be green and foodless by the year 2020 goddammit!
But seriously, this is great news. Considering the shamefully small amount of money that goes into researching renewable sources of energy, I'm always delighted when they hit a new breakthrough. Solar is especially attractive - imagine running your entire home off a refrigerator-sized panel adhered to the roof. Total personal independence!
Unfortunately, there are severe limits at the moment. I recently looked into roofing a home with solar panels. Turns out that it would cost around $20k to be self-sufficient (and then only just barely). I worked it out, and it seems that with my monthly electricity costs, it would take me 103 years to pay that off.
The trouble is that even the theoretical output of solar cells is low. It's bounded severely by the surface area because of the limitations of the diode materials available to us today. Turns out that even if you have full light shining on the surface, you can only get about 29% efficiency - and that's theoretical. In reality, it's less. Here's a site that explains the technical details:
Now, I have heard some clever ideas for increasing the efficiency. For example, one team discovered purely by accident that they could increase surface area by making the silicon layer extremely "spikey" on a microscopic level. The sunlight bounces around inside the spikes and is more likely to ultimately by trapped by a cell. I think the theoretical number they cited was 40% efficiency, but right now that's still vaporware.
I wonder whether some slashdotter is brave enough to post the original ACS paper. I don't have access. I'd love to see what efficiency numbers these people are touting. Anybody?
IANAL, but... Let's just hope that no major corporations discover how flimsy a protection the GPL really is.
Legal and accurate though it might be, the GPL has a fatal shortcoming as a protectant of open source rights, namely that it costs money to enforce.
I'm sure many of you are familiar with the practice among American convicts of filing spurious lawsuits against the prison system in an attempt to wear it down. Inmates have filed civil rights claims against everything from the temperature of the bathwater to the flavor of peanut butter served in the cafeteria. These lawsuits are not serious, but they cannot be prevented because the right to sue has been tied by the courts to the rights of free speech. The upshot is that DA's offices are exhausted in some counties with the sheer expense of filing counterclaims and motions to dismiss.
If someone really wanted to demolish the open source protections on a product, all they would have to do is reverse this tactic. A lot of open source programmers and "foundations" just don't have the money to fight more than a handful of costly legal battles. All a company would have to do would be to publish and illegally patent hundreds of modules that broke the GPL on an open source product. Then build the product out of the patented "proprietary" modules. Challengers to the legality of this maneuver would have to prove one by one that the modules were not legal, costing them thousands of dollars. And if they suceed for some module, well, it's simple enough to produce a legitimately proprietary version for one small part. Pretty soon you exhaust the original open source devs and they give up. Viola!
What we need, as other have said, is some sort of fund to hire crack lawyers. Like the ACLU, except for open source.
Slashdot Mirror
The Author: Nick Petreley, a noted and repeated anti-microsoft (as opposed to pro-linux) grandstander The Theme: get traffic and ad impressions for CNN by trolling slashdot into citing their article The Bait: A limply humorous spoof on a moderately interesting movie. The Content: a puerile sissy-slap in the face of Microsoft, roughly equivalent to "nyah nyah, your OS is unstable" The Result: pay dirt. The gullible slashdot authority falls for it. Tens of thousands of ad impressions line CNN's pockets. Microsoft is *yawn* yet again trashed on slashdot. No provocation in the form of actual news is required. Humor Level: Three boston cream pies out of ten. Sucker Level: Off the charts.
-konstant
Don't worry about consolidation of the CA structure into one or two "elite" trees. If you are running Internet Exploder, you can see quite easily that there is no such threat. Tools|Internet Options|Content|Certificates Click on the tab that says Trusted Root Certification Authorities. You'll see that there are about four other CA's in the root store that ships with Windows. Since everyone under Windows has those root certs, there is nothing to prevent those CA's from becoming just as powerful as Verisign or Thawte save capitalistic competition. Now, you could legitimately disparage Verisign for distributing certs in such a promiscuous fashion (their "30 day trial" keys), but hopefully as consumers become savvier, they will not reward such behavior.
-konstant
Now get on a Winbox as a "normal user" and try to trash the system or install something like BO that allows others to remotely mess with your system. Pretty easy, isn't it?
Ok, that makes sense. Once you get into the Windows box by having the victim install back orifice, you can trash the machine. However, I was under the impression that these problems were well understood before BackOrifice came along.
What I was wondering was what makes BackOrifice itself revolutionary? What does BackOrifice expose that we didn't already know?
Or is it just supposed to be a toolkit, something like root kits in Linux?
-konstant
You've completely missed the point fuckhead. I am sure Microshaft is willing to make things a bit more secure to suck down that fat $100 bill from your wallet. Al least with linux/BSD/Unix, you can fix it right... FOR FREE. You sir obviously have more money than brains.
I have very little money.
Microsoft releases SR, SPs, and even the entire "Second Editon" of Win98 (sort of a glorified SP) for free. Microsoft does not require that you pay for security fixes. If you are having trouble finding those patches, they can be located at:
http://windowsupdate.microsoft.com
or, if your security issue is in Office, from:
http://officeupdate.com
I do not believe you are stating a fact.
-konstant
But the big difference--and this just goes to show you're completely lacking that Golden Clue--is that if a problem pops up with a Unix system (fuck redhat and fuck rpms, too) we can actually fix the goddamn thing ourselves.
I don't believe I said anywhere that Microsoft was better than Linux did I? I didn't mean to imply that.
Do you really personally fix the source code yourself when your Linux box gets hacked? You have a lot more skill than I do. I wouldn't know where to start.
-konstant
BO and the 2k is a series of abilities already present in windows software. -just made so ANYONE can use it. Not just microsnot. The point is that Microsnot puts it in the system in the first place, and nobody knows or cares. BTW, Ive known and hung with these guys in the past, they are right. Dont read the fine print, look at the big picture of what they are trying to tell everyone, and act on it.
Since you've hung out with them, maybe you have an insight I dont. However, Microsoft does release software tools that administer Windows remotely, under the name Microsoft SMS (System Management Server). Their website is:
http://www.microsoft.com/smsmg mt/default.asp?RLD=263
I do not believe you are stating a fact.
-konstant
If you do read BugTraq, you'd know that both RedHat and MS have a pretty decent record for acknowledging security holes quickly. The difference is that MS recommends a cheesy workaround and says "wait for the next Service Pack" (which break things more often than not; ZD's Tips for NT Admins include not applying Service Packs unless you know you need them, which is sad). RedHat meanwhile posts the URLs for updated packages in their messages.
Right now I am browsing Microsoft's "Security Update" website with a new install of Win98:
http://windowsupdate.microsoft.com
I count eleven security patches that are not placed in SR's. Now I am browsing Microsoft's Office Update website:
http://officeupdate.com/
The first four links are for security patches that are not in an SP.
I do not believe you are stating a fact.
-konstant
Could someone please clarify something about BO2k for me? In the interview with reference to Back Orifice, they state:
A hell of a lot of people should be upset their computers are wide open.
Now, as I understand it, Back Orifice will not run unless the victim (excuse me, "remote client") voluntarily installs it or is tricked into doing so. cDc also repeatedly emphasizes that BO2k can be used as a legitimate administration tool.
Are cDc suggesting that if I can write a remote administration program for an operating system, then that system is "wide open"? On what system is this impossible? If there is such a system, isn't that a failing of the OS rather than a security plus?
I know very little about cracking, but it seems to me the only security compromise in the BO2k scenario is social engineering. "Click on this c00l zip file, dude!"
Where's the security flaw? The fact that, once I have user permissions, I can do bad stuff? I thought... well isn't that obvious???
-konstant
From the interview...
NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
Which is completely unlike the statement "Shit wouldn't happen if you'd just gone to Red Hat's ftp site to download the latest patches, trolled the newstgroups to find the appropriate HowTos, read BugTraq for three weeks prior to installation, been running the correct firewall, never opened any ports other than 80, never installed anything that had a 'd' at the end, and had Linus Torvalds personally supervising the installation. You stupid BillG-loving Windoze Luzer."
I would like to know how cDc can make blanket statments about WinNT5/"2000" security? Security issues are the primary reason OS's get delayed from ship at Microsoft. Are they basing this statement upon how difficult it was to crack RC2, which is a beta? I'm assuming they at least have used win2k...
-konstant
Weren't Nanites one of the biblical peoples?
[1 Jebediah 3:22] Yea, and Hemos took up his sling, and girt himself about the loins withal. And he was passing wroth.
[1 Jebediah 3:23] And Hemos left behind the tent of his fathers and the laps of his wives, for THE LORD sayeth, "Smite the Nanites, for they are a wicked people, full of sloth and blasphemy against My dominion."
[1 Jebediah 3:24] And with a jawbone, yea, even the jawbone of an ass, did he smite them. And the Nanites fell before him. Much woe was there in the tents of the Nanite women, and they did rend their garments with very fear.
[1 Jebediah 3:25] And Hemos rejoiced in THE LORD, who is God, saying "Behold, I am full with the spirit of THE LORD."
-konstant
Let me first say this is a very funny joke to play on the NSA if they indeed are still running the Echelon program. I can imagine them drawing straws to find out who'll be the poor schmoe hitting the reboot button all day long on Jam Echelon day...
But in response to some of the alarmist posts I saw in the old, archived Echelon discussion, may I just remark "The Man does not care about you! You are not interesting to the Man! The Man consider the lint on his Armani suit to be more important than your entire existence, the existence of your parents, and those of your future children, spouses, and pets! You are a nobody! Wake up and get a life!"
While in college I hung out with a pretty leftist crowd. Lots of megaphone demagoguery on the quad about starving babies in Iraq, etc, etc. Well, okay, let's just be frank and say quite a few of my acquaintances were just polishing their manifestos for the day when the socialist revolution happened and they would be called upon to lead their brave comrades into a People's Utopia. Not that I didn't largely agree with them, but they were definitely nuts.
Anyway, these people were obsessed with the notion that the FBI/CIA/NSA/Shadowy NWO/paranoid three-letter-acronym(TLA) du-jour was spying on them. They had read more biographies of Dr. Spock and Mumia Abu Jamal than was quite good for them, and since those activists were their heros, they were convinced that the Powers That Be would treat them as shady characters worthy of a File in the Black Room. Frequently I would overhear these people in their little cells talking in hushed but excited voices about a "friend-of-a-friend" who had gone to CIA headquarters and demanded his file, "and it was verrrry interesting..."
(Aside: when they set up the FOIA over the web, I actually sent in a request to the CIA to pull references to my name. After several pieces of correspondence taped shut with duct tape, they formally declared they did not know who the hell I was and would I please stop sending them letters?)
Now you see, the CIA/FBI/NSA simply has better things to do than track every punk college student who thinks Castro's Cuba would probably be a sea of golden grain/ring of frolicking workers/god's daisy chain if only the nasty US government would stop trying to sanction it out of existence. Lots of college kids have these ideas. Lots of college kids talk about these ideas. They are discussed so often and openly that they have almost become part of the establishment - a rite of passage for white yuppie larva passing through on their way to productive careers as Cogs in the Machine. Why would the CIA give a fuck if yet one more kerchief-bedecked hashhead had stumbled upon the notion that, whoah, we're like only ciphers in this like vast capitalist machine!
Similarly, why on earth would the NSA give a rat's ass about anything you have to think or say? The simple, undeniable fact is that you and I are totally irrelevant. As they go around chanting in Fight Club "I am not special. I am not a beautiful unique snowflake." Damn right we aren't. We couldn't destabilize this country if you tried. What would we do? Put pr0n up on all the major homepages of the information infrastructure?
No doubt there are some people that the government is watching, even today. These are people who are coordinating real revolutions, underground sects, militarized religious organizations that dream of dropping acid into the water supply someday. Political enemies of the Republicrats, Black Panthers, whatever. Not slashdot readers.
Let's repeat that. Not slashdot readers. We are irrelevant in the grand powergames of nations. Sorry for the depressing news. I can already hear some of you squawking "Speak for yourself! You have no idea of the dark byways I travel! I am unique! I am dangerous! I am special! I am unlike the common man!"
Ok, sure. Maybe you are. Just remember the quote: "The common man believes he isn't."
Moderation bombs away!
-konstant
It's just a MIDI file with random delays between notes. It is so realistic that when they played it at a session of my local Oompah Band we could hardly believe our ears!
-konstant
MS has a strong opportunity here to squash the growth of Linux into the mindspace of PHB's and daytraders. People who know very little about technology, and wouldn't know a FAT from a hole in the ground, only have the somewhat ephemerally defined concept of "open source" to explain the ravishing success of Linux they keep hearing about in PCWeek, Salon, what have you. They don't know why Windoze Suxx or why Linux Rulez, but they do have a feeling that open source has something to do with it. What has kept MS from open-sourcing macro-Windows? Primarily their fear of two things. Firstly, they want people eating out of their hands for upgrades, and secondly they want strict control over the tree so that they can push out system-level support for the latest version of BackOffice and their productivity apps, which combine to almost all of their revenue. But CE sucks, even from Microsoft's perspective. None of the really cool products that Microsoft makes can run in a CE environment. CE simply is not a money maker. Rather, it is a blockade against the PalmOS people, Linux, and any other vendor of embedded OSs that might someday trump Microsoft if average people ever get tired of desktop PCs. IOW, Microsoft doesn't care right now about controlling CE. It doesn't do them very much good. Open source CE! Of course! It will 1) supplant Linux in the minds of PHBs - "Why use open source Linux (a hacker's toy) when you can use open source Windows!" 2) improve the quality of CE while the desktop market still dominates. When/if palmtops and embedded systems ever really become the jazz, all MS has to do it snatch up the now lean-and-nimble CE, put stronger central controls in place, and ride that puppy down the road to riches. If MS wants to kill Linux's entry into the palm space, and probably it does, this seems like an excellent way to do it when combined with proper marketing.
-konstant
IANAL, but this article seems to be implying that the burden of proof rests upon the defendant in patent-violation cases. If this is the case, then it creates a curious set of conditions in relation to the openness of the product code base. Software that is open, and thus can be inspected freely, is far easier to defend against charges such as these than is the case with closed software. If the the code is kept proprietary, then the only means by which a developer can prove innocence is to allow a court-supervised inspection of the code. This causes all sorts of legal troubles, because typically the suing corporation has a vested interest in learning how the proprietary code works.
You may remember Microsoft's tiptoeing with the Caldera case (I think it was Caldera). They had to explain at length to the judge that opening their Windows code as a defense exhibit would endanger their business model. The code could only be examined after much legal wrangling and numerous NDAs had been signed. No doubt this is pretty costly - legal work doesn't come cheap.
By contrast, since the code of open-source projects is, by definition, open, we might expect fewer spurious suits of this kind levied against FSF/OSS products. Why press your luck suing somebody when you know quite plainly they have not violated your patent and that it would cost them nothing (apart from lawyer overhead) to demonstrate that fact. It's a financially losing proposition. The incentive to settle and let the patent pirate laugh its way to the bank is far smaller.
By the same token though, if you do open your source, you'd better be damn sure you really aren't violating any proprietary code.
-konstant
Why is this story posted on slashdot? Is it simply to provide people with a forum to make snide remarks about Microsoft? Aren't there enough legitimate opportunities to do that already?
In case you don't realize this guys, 20000 geeks' livelihoods depend directly upon Microsoft. Twenty thousand employees and their families are directly influenced by software piracy. Pirated copies of software cost Microsoft money, and do you think they'll be passing that cost along to BillG? Forget it. It comes straight out of the base employees' salaries.
Hey, I know you guys don't like patents. I know you don't like copyrighted software. I know you don't like Microsoft. I get what you're saying. What some of you don't seem to get, though, is that as long as our industry operates on those principles, ordinary peoples' lives can be harmed by flippant acts of "rebellion" such as piracy.
If you want to change software, advocacy is the best way. Look how much has already been accomplished by those means. Laughing about guerilla tactics like cracking and piracy only reinforce the negative stereotypes of this movement.
-konstant
How's this for an idea - if I want to make a large contribution to a candiate, I have to go through an anonymizing proxy.
That's an interesting idea, but it has drawbacks. Namely that we have no assurance the politician and the donor have not conferred secretly. Such a combination surely would be worse than the corrupt but discoverable method we employ today.
-konstant
After the massive disenchantment expressed by long-time SW fans over The Phantom Menace, this move by Lucas is upsetting, but not surprising. He's heard the frequent complaints that TPM was too trivial and candied, and despite his incessant protestations that this was just a "children's movie, for children", you know he's gotta be feeling the criticism.
After being idolized by so many of us for so long, how could he not be disturbed by our sudden loss of faith?
So Lucas is trying to prove he is not namby-pamby, and that the Ewoks and Jar Jar really aren't his notion of "pivotal characters". He wants to demonstrate to us that hey can be dark and brooding, and that terror still exists in the Star Wars universe.
But what a cheap means to do it! Kill off an old favorite (and notably, one who added more color than content to the series) and suddenly you gain both the attention and the approbation of people who have grown out of comical pratfalls. All it takes is a call to a popular author - you don't even have to invest your creative labor!
Sad. I suspect we will see increasing amounts of this as Lucas marches towards his next multi-million dollar flop. I predict large fuzzy giggling bunnies from outer space will dominate the next movie, and in the books Leia will get gang raped.
-konstant
This is a problem with our democracy, not just a problem with MS. Most residents of Washington state are aware that Senator Slade Gorton eats out of the hand of not just Microsoft, but also Boeing and Weyerhaueser, the next two largest local companies. Politicians who perhaps are already inclined towards helping business can easily be swayed with strategic "contributions". Microsoft clearly forsees a future in which it has emerged from the current anti-trust battle and continues to practice dubious business tactics. They wish to avoid a repeat of the current finagle. This offers us an interesting insight into their corporate mentality - evidently BillG doesn't believe he is going to lose the DoJ case. Not in the long run, at any rate. The dismaying part is that they are correct. You can own Congress. As I once heard someone say, "A congressman is the best long-term investment of all". Soft money has to go. Disclosure is poor at the moment, but even full disclosure would be ridiculously ineffective. The whole point of representative democracy is that I don't have to monitor every legislative detail that comes down the pike. What then are the chances that I will want to monitor every financial detail? Politicians will "fully disclose" their contributions buried somewhere in the back pages of the classifieds, and nobody will ever read them. The Supreme Court has several times ruled that money is speech. They are right, but they take it to illogical extremes. A contribution to the campaign of my favorite politician is indeed a means of indicating my support for him or her. But does a person with ten times as much disposable cash as myself really have ten times as much to say? Far from it. Let's put some teeth into limits on campaign contributions. Ban soft money and PACs. Microsoft can only do this because the corrupt infrastructure allows it.
-konstant
You mean, two competing products are.... competing????
Here is the text of the gigantic image:
Bumpty Ride
Buckle up. If you're still using that "free" X server that came with your Linux distribution, well, hazardous conditions lie ahead.
The X Server is the graphics sub-system in a Linux or UNIX installation. It is more than twice the size of the Linux kernel and much, much busier. Critical communications, fonts, drawing, windowing, mouse, keyboard, memory functions, and more all depend on the X server.
When the X server "falls over" - crashes - the entire operating system goes down. And usually, the user unfairly blames Linux itself.
To make your graphical Linux all that it can be, you need a commercial quaklity X server that's proven itself in thousands of mission-critical applications. An X server that delivers the full power of your graphics hardware to your LCD or monitor in the form of crisp, clean, and fast images. For all that, you need Accelerated-X.
Unmatched stability. Lightning-fast graphics. Superior performance. You'll find accelerated-X is like a fresh set of tires on brand-new blacktop. Want a test drive? Steer your browser to our website.
-konstant
IMHO, if the Justice Department wants to start looking into computer crime, how about looking into how a *lot* of computer companies (and by no means do I just mean MS, although they are one of the major perps) put out buggy software and then sell the security or software patches?
That is a very foolish and partisan sentiment. It is also unsound legal thinking. The moment that it becomes illegal or fiscally dangerous to ship unstable software, you will see exactly one thing: less software will be shipped, and the companies that do ship will be huge megaglomerates like Microsoft that can afford to settle a lawsuit. Small developers will have to join the conglomerates in order to preserve their asse(t)s.
If you don't believe me, it is very simple to demonstrate I'm right. Medicine has been going down this path ever since "malpractice" entered the vocabulary of people like yourself. How many small-time doctors do you visit these days? They are a dying breed because they can't afford the insurance or the risk of being sued for accidents beyond their control.
If I could be sued for every bug in every program I have written, I would never publicly release software. It is impossible to track down every bug in software. You are deluded by your hatred for Microsoft if you think otherwise. The greater the complexity, the greater the number of inevitable bugs.
If software harms somebody, then you can sue the maker. If software is buggy, then the market will take care of it. Unless people don't share your opinion of what is acceptably buggy.
I say keep software free and clear. Don't introduce parasitic lawyers into what is, despite griping from people like yourself, very nearly a perfect industry.
-konstant
Cracking is a crime. I won't suggest it ought to be a crime. I won't say I'm happy it's a crime. But it is a crime. AKA illegal, breakin de law, no-no, stoppit.
While cracking is a crime, it is perfectly appropriate for the DOJ to enforce laws against it. One of the most effective measures against criminal activity is preventive education. AKA propaganda, ministry of truth, marketing, flak.
The activities described on the cited page are illegal. The people most commonly engaged in them are young. The DOJ is using the bully pulpit in a means that is just as effective and admirable as the "Just say No" campaign of the 80's. I don't agree with anti-drug laws, and I don't agree with some anti-cracking laws, but I have complete respect for the men and women who must enforce those laws, regardless of their wisdom.
-konstant
Wonderful! Now I will be smart, impotent, and resistant to radiation! The evolution of a new human subspecies!
Actually, if you read the article, you see that the indication of neural growth is in the dendrite fibers. If you don't remember from high school biology, the dendrites are the feathery tentacles on one side of the nerve cell opposite to the long trailing axon on the other. Here's a pic:
http://www.pva.org/pn/9805cell/fig1a.gif
These scientists in Israel have remarked that prolonged exposure to caffeiene promotes growth of the dendrite forest. New dendrite trunks don't sprout, but the ones that alread exist become "leafier". Now, there are many theories about what constitutes a "smart" brain. Repeated study of Einstein's chilled gray blob have failed to turn up any manifest differences from brains of the average population. However, it's generally accepted that the interconnection between cells, handled by the axons and dendrites, has a bearing on our ability to remember data and patterns. The better and more efficient your connections, the faster you can see patterns in your daily experiences, and the smarter you are.
The key word is "efficient". This caffeiene-promoted boost in dendrite growth may be fairly random. If so, then the connections it is forming between cells may not be relevant to efficient pattern retrieval. This would actually slow down your thought processes by weaking the strength of the electrochemical signal along the "correct" pattern pathway. Your axon bodies only release so much neurotransmitter at any given time, so the potency is weakened by a proliferation of recipient dendrites.
Don't throw away your textbooks just yet.
-konstant
I can't be the only one. I work for a hi-tech company, I love gadgetry, I'm entranced by the latest "thing", but I simply don't watch television. When I do use the TV, it's for movies. I don't even know what channels I receive.
:) doesn't gel with me.
Spending my entire day in front of one monitor merely to go home to another (in lower res at that
Maybe TV is a dying medium. Once you've been exposed to the stimulus of interactive content - of actual people responding to your assertions and replying with their own - sitting in front of a glowing CRT that feeds you laugh tracks just can't kick the endorphins back to their former highs.
Set-tops are betting on the addiction of people to their televisions. The manufacturers fancy that Joe Smith, who watches the typical eight hours a day, can be eased into a new dependency, this time on their "content" services like chat and news. But isn't that sort of thing anathema to Joe Smith's entire way of life? If he wanted stimulation, he could find it in a book or in a bar. He doesn't want it. He wants to be deadened for a few hours before bedtime.
Wake up.
Go to work.
Come home.
Go to sleep.
Why would he allow thought and stress, both of which are prevalent on the internet, to encroach upon his mental down time?
OTOH, I could be wrong. Could be that with their combination of flair and verbal communication, set-tops will spark a slow return to literacy and a new appreciation for personal expression. That would be an excellent thing, although I'm a little dubious at this point.
We'll see.
-konstant
This is just the sort of thing I want to hear. Embed those puppies in my skin! I want to be green and foodless by the year 2020 goddammit!
But seriously, this is great news. Considering the shamefully small amount of money that goes into researching renewable sources of energy, I'm always delighted when they hit a new breakthrough. Solar is especially attractive - imagine running your entire home off a refrigerator-sized panel adhered to the roof. Total personal independence!
Unfortunately, there are severe limits at the moment. I recently looked into roofing a home with solar panels. Turns out that it would cost around $20k to be self-sufficient (and then only just barely). I worked it out, and it seems that with my monthly electricity costs, it would take me 103 years to pay that off.
http://www.mcn.org/a/mendom otive/Products/Unisolar2.htm
The trouble is that even the theoretical output of solar cells is low. It's bounded severely by the surface area because of the limitations of the diode materials available to us today. Turns out that even if you have full light shining on the surface, you can only get about 29% efficiency - and that's theoretical. In reality, it's less. Here's a site that explains the technical details:
http://www.nrel.gov/ncpv/documents/ pvpaper.html
Now, I have heard some clever ideas for increasing the efficiency. For example, one team discovered purely by accident that they could increase surface area by making the silicon layer extremely "spikey" on a microscopic level. The sunlight bounces around inside the spikes and is more likely to ultimately by trapped by a cell.
I think the theoretical number they cited was 40% efficiency, but right now that's still vaporware.
I wonder whether some slashdotter is brave enough to post the original ACS paper. I don't have access. I'd love to see what efficiency numbers these people are touting. Anybody?
-konstant
IANAL, but... Let's just hope that no major corporations discover how flimsy a protection the GPL really is.
Legal and accurate though it might be, the GPL has a fatal shortcoming as a protectant of open source rights, namely that it costs money to enforce.
I'm sure many of you are familiar with the practice among American convicts of filing spurious lawsuits against the prison system in an attempt to wear it down. Inmates have filed civil rights claims against everything from the temperature of the bathwater to the flavor of peanut butter served in the cafeteria. These lawsuits are not serious, but they cannot be prevented because the right to sue has been tied by the courts to the rights of free speech. The upshot is that DA's offices are exhausted in some counties with the sheer expense of filing counterclaims and motions to dismiss.
If someone really wanted to demolish the open source protections on a product, all they would have to do is reverse this tactic. A lot of open source programmers and "foundations" just don't have the money to fight more than a handful of costly legal battles. All a company would have to do would be to publish and illegally patent hundreds of modules that broke the GPL on an open source product. Then build the product out of the patented "proprietary" modules. Challengers to the legality of this maneuver would have to prove one by one that the modules were not legal, costing them thousands of dollars. And if they suceed for some module, well, it's simple enough to produce a legitimately proprietary version for one small part. Pretty soon you exhaust the original open source devs and they give up. Viola!
What we need, as other have said, is some sort of fund to hire crack lawyers. Like the ACLU, except for open source.
-konstant