There are several ways to implement a backdoor, and many of them are practically invisible. There is no need at all to open a port and handle incoming traffic (wich would be very obvious). Instead if you want to implement a backdoor you could just leave some input-parameters of a service unchecked so it can be exploited by a buffer overflow. If anyone notices this flaw later you can still say "Ooops... but hey, everyone makes mistakes. I'll just fix it..."
I know that buffer-overflows are not a good example since they are not easily exploitable in SE-Linux anymore (iirc). But the basic concept remains still applicable.
Maybe thast's the reason a big Company like MS takes so long to correct some very simple bugs, like the one about BMP-files in IE (http://xforce.iss.net/xforce/xfdb/15210). As soon as they fixed all their bugs they would be forced to release a new Windows-Version with new backdoors^d^d^d^d^d^dvulnerabilities.
Who guarantees that MS really didn't know about some of the bugs initially and they didn't just provide a list to NSA?
Interesting. I'm no professional about biology, so I might be wrong.
But from a logic point of view: If a generation with severel individuals, each of them with minor changes compared to it's ancestors, is born, for some individuals their changes will be an advantage, for some the changes are a disadvantage.
The weaker individuals will not spontanously die, but they might have fewer chidren or maybe only few of their children will survive. The stronger individuals will have more children, or if they have the same amount of children they are in a better position to feed their children / let them survive.
Thus, the next generation will still have some (few) individuals with the inherited weaknes plus some new minor changes and some (more) with the strength inherited plus some minor changes.
Now it is still possible, that one of the weaker individual is affected so positively by its changes that it is now the strongest among all of his generation.
Where is the flaw in my logic? Or does evolution theory realy exclude this scenario?
In a book (of course I don't have the title again.. grrrr...) describing the technical version of evolution I saw that the weaker results are still considered for further development, you just have to put more weight on the stronger results.
Evolution != bruteforcing. With bruteforcing (e.g. trying to guess a password with a dictionary) there is no "being on the right path" or whatever. It's just wrong or right. Evolution is survive of the fittest, do minor changes in different direction on an existing system and let see which one will lead closer to success.(Just like sex;-)) Take many of the fittest and do the same again. The some time take some of the not so fit and try as well the same.
On the other hand you are right: This trial and error seems to lead to better results in the long run compared to deterministic creation. But this scheme is already adopted by science. IIRC there was a distributed computing project simulating a robot with a defined task and changing the parameters of the robot. The different clients exchanged the information about the results. I don't remember anymore the name or the homepage of the project, I think it was already 4 or 5 years ago...
IANL, I don't know exactly if it's ok to post a "personal" letter. But since the letter starts with "Dear Sir or Madam" in spite of my name mentioned in my first mail I think, their reply is not that personal...
I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions.
Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts.
Interesting option. But I don't know, if a "real complain" does apply for this article, since the article is mor about suspections, not so much about firm allegations.
The GPL makes no judgements or comments on such a scenario. It is trivial to conceive of scenarios where a product built from GPL code is not even in the same market as the GPL code itself, let alone "competing".
Depends on the point of view.
If it is about an enhancement for a company the company is not enforced to publish the enhancements.
If it's an enhancement for other poeple it is a competing product.
If it's a new product with a completely different purpose it is not competing with the original product, but the developer of the new product is still competing with the GPL-Community since the GPL-Community wants to offer a big vriaty of SW.
It is not to prevent non-GPLed products from "competing" with GPLed products.
Of course it's not, I never said so.
The point of the GPL is to increase the communal pool of "free" source code by requiring anyone who develops and distributes some utilising GPL code to also GPL any code they create whilst doing so.
I do agree to this one, actually it's what I already said: The aim is to build a community, a team. Whoever want's to take part is invited, those who don't don't have to. (Maybe, this was not the intention, I don't know RMS personally, I don't even know much about him. But this is the result.)
It's not about "you" or "your code", it's about "them" and "their code".
It's not about "my" code and "their" code. It's about "OUR" code, since the GPL does (stated there or not) enforce in a limited extension a team-work between all poeple obeying this license.
I cannot require other people to use my code. It's their decision.
And yes, I think it is just fair enough, if they want to build up on other peoples work they should work together with those other people / the author of the original software.
It's sort of a teamwork, everyone can take part (with all positive and negative consequenzes) or look for another team.
But you are not allowed to take the result of the teamwork and build up a competing team with it. (Of course I know there are more or less competing teams using the GPL, but somehow they are still working together in one GPL-Team since they still share the source whenever it makes sence.)
An analogy would be if someone would steal SCOs source code to implement a competing operating system - that would also be unacceptable.
>>>>>>>>>> There are several points completele missed in this article. Evidence for my claims is given by the links mentioned below.
1) The main function of the worm is not to attack SCO Servers but to turn the infected desctop into a remote controlled robot with a keylogger.
2) The worm is _very_ likely not written by a private person in his freetime but by the russian Spam mafia wich needs those remotely controlled desktops as mail-relays to send spam.
3) The big majority of the Linux-Community does not think at all that all Software (or even all Operating Systems) have to remain free. They just expect that a license applied to a software is to be honored. This claim should be valid for any license, even the GPL.
For more evidence about the complete voidness of SCOs IP-Claims information is gahtered at
http://www.groklaw.net
All information there is elaborated and with information where the source of the information is.
regards
PS: I'm a progammer earning my money with closed source. That does not hinder me to be a fan of Open Source products and to publish something once in a while.
Hope, it was politely enough and the spelling ok. I'm a native German, was never very well in foreign languages.
This might be right for You and the Software You need. For most schoolars its not. They could do pretty well with OpenOffice, Mozilla and stuff like that. For the most technical subjects there is enough educational software available as well, plus some software development tools for programming lessons, a data-base and a better networking support. Why should a proprietary, expensive (well, not expensive for the schoolars, but expensive for those who are blinded for other choices later on) System be the default? If you need so special Software which is only for MS-Windows available (btw: I do as well, my PC at work runs Windows because I need a cross-compiler which is only avalable for MS-Systems) you are probably flexible enough to change to Windows for that purpose.
I don't understand your fear. Even if they put their proprietary software on top of linux they will do a good job keep the basic system stable, that way they will return a lot to the community.
Freenet is a good start, but it is way to slow. I think, we need something average, it does not need to be _that_ secure. The average number of hops used should be lowered, and a cypher wich is faster butnot 100% reliable should do as well. The only important thing is that the cipher remains strong enough that no court can expecteveryone to decrypt all files cached on his own harddisk or forwarded to other poeple. Funny thing: Due to DMCA in USA a very weak (and therefore fast!) algorithm should already do the trick, since the customer is probably not even allowed to decrypt data wich is supposed for him;-))
Doesn't help much. I think the progress-bar was already implemented, when the patent was granted; anyway, when the big companies sue you, you will need a lawyer first -> you need money. It doesn't help at all to win the case if you are already bankrupt before the case realy starts. (Even if you win the case, they will find dozents of other patents to sue you until one juge is stupid enough to decide against you or you are not able anymore to pay your lawyers)
With Microsoft Internet Protocol version 6 (IPv6) installed and Internet Connection Firewall (ICF) or Basic Firewall enabled, the firewall filters Internet Protocol version 4 (IPv4) traffic, but the basic firewall and the ICF does not block or filter IPv6 traffic.
Note ICF is available on Microsoft Windows XP and Microsoft Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition. Basic Firewall is a component of Routing and Remote Access that you can enable for any public interface on a computer running both Routing and Remote Access and a member of the Windows Server 2003 family.
last night I browsed to a crack site (that's software cracks, not the other kind) which proceeded to load and apparently sent some JavaScript or something which INSTANTLY crashed Opera (V7.11) AND Win...
Do you have the link still? Or can you try to get the script with wget if you don't want to publish your surfing habits? I'd like to take a look at the Script and to feed it to mozilla.
Superpower? They have a lot of internal divisions and disagreements to deal with before they get to that level.
It's true, and I'm proud of it. I hope we will learn to solve our problems in a democratic manner. Democracy does not mean that everyone agrees to a plan, diversity is allowed.
Only if majority decides something someone doesn't like this someone should still do his best to support the decision afterwards, and this lesson is still to be learned by some countries. But the easiest way to learn the lesson is to have an opponent in common.
Slashdot Mirror
F*ck! The tinfoilhat-tags around "Maybe thats's" and "NSA?" are not shown. Should have used the preview...
*Meep* Wrong!
There are several ways to implement a backdoor, and many of them are practically invisible. There is no need at all to open a port and handle incoming traffic (wich would be very obvious). Instead if you want to implement a backdoor you could just leave some input-parameters of a service unchecked so it can be exploited by a buffer overflow. If anyone notices this flaw later you can still say "Ooops... but hey, everyone makes mistakes. I'll just fix it..."
I know that buffer-overflows are not a good example since they are not easily exploitable in SE-Linux anymore (iirc). But the basic concept remains still applicable.
Maybe thast's the reason a big Company like MS takes so long to correct some very simple bugs, like the one about BMP-files in IE (http://xforce.iss.net/xforce/xfdb/15210). As soon as they fixed all their bugs they would be forced to release a new Windows-Version with new backdoors^d^d^d^d^d^dvulnerabilities.
Who guarantees that MS really didn't know about some of the bugs initially and they didn't just provide a list to NSA?
regards,
q.kontinuum
Interesting. I'm no professional about biology, so I might be wrong.
But from a logic point of view: If a generation with severel individuals, each of them with minor changes compared to it's ancestors, is born, for some individuals their changes will be an advantage, for some the changes are a disadvantage.
The weaker individuals will not spontanously die, but they might have fewer chidren or maybe only few of their children will survive. The stronger individuals will have more children, or if they have the same amount of children they are in a better position to feed their children / let them survive.
Thus, the next generation will still have some (few) individuals with the inherited weaknes plus some new minor changes and some (more) with the strength inherited plus some minor changes.
Now it is still possible, that one of the weaker individual is affected so positively by its changes that it is now the strongest among all of his generation.
Where is the flaw in my logic? Or does evolution theory realy exclude this scenario?
In a book (of course I don't have the title again.. grrrr...) describing the technical version of evolution I saw that the weaker results are still considered for further development, you just have to put more weight on the stronger results.
Evolution != bruteforcing. With bruteforcing (e.g. trying to guess a password with a dictionary) there is no "being on the right path" or whatever. It's just wrong or right. Evolution is survive of the fittest, do minor changes in different direction on an existing system and let see which one will lead closer to success.(Just like sex ;-)) Take many of the fittest and do the same again. The some time take some of the not so fit and try as well the same.
On the other hand you are right: This trial and error seems to lead to better results in the long run compared to deterministic creation. But this scheme is already adopted by science. IIRC there was a distributed computing project simulating a robot with a defined task and changing the parameters of the robot. The different clients exchanged the information about the results. I don't remember anymore the name or the homepage of the project, I think it was already 4 or 5 years ago...
I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions.
Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts.
No, it's not about taking anything. It's only about giving something and "them" giving something in return on their free will.
Interesting option. But I don't know, if a "real complain" does apply for this article, since the article is mor about suspections, not so much about firm allegations.
Depends on the point of view.
- If it is about an enhancement for a company the company is not enforced to publish the enhancements.
- If it's an enhancement for other poeple it is a competing product.
- If it's a new product with a completely different purpose it is not competing with the original product, but the developer of the new product is still competing with the GPL-Community since the GPL-Community wants to offer a big vriaty of SW.
It is not to prevent non-GPLed products from "competing" with GPLed products.Of course it's not, I never said so.
The point of the GPL is to increase the communal pool of "free" source code by requiring anyone who develops and distributes some utilising GPL code to also GPL any code they create whilst doing so.
I do agree to this one, actually it's what I already said: The aim is to build a community, a team. Whoever want's to take part is invited, those who don't don't have to. (Maybe, this was not the intention, I don't know RMS personally, I don't even know much about him. But this is the result.)
It's not about "you" or "your code", it's about "them" and "their code".
It's not about "my" code and "their" code. It's about "OUR" code, since the GPL does (stated there or not) enforce in a limited extension a team-work between all poeple obeying this license.
And yes, I think it is just fair enough, if they want to build up on other peoples work they should work together with those other people / the author of the original software.
It's sort of a teamwork, everyone can take part (with all positive and negative consequenzes) or look for another team.
But you are not allowed to take the result of the teamwork and build up a competing team with it. (Of course I know there are more or less competing teams using the GPL, but somehow they are still working together in one GPL-Team since they still share the source whenever it makes sence.)
An analogy would be if someone would steal SCOs source code to implement a competing operating system - that would also be unacceptable.
I wrote some feedback:
0 4/ 28worm.htmls news/detail/d efault.asp?contentItemId=733®ion=america
>>>>>>>>>>
There are several points completele missed in this article. Evidence for my claims is given by the links mentioned below.
1) The main function of the worm is not to attack SCO Servers but to turn the infected desctop into a remote controlled robot with a keylogger.
2) The worm is _very_ likely not written by a private person in his freetime but by the russian Spam mafia wich needs those remotely controlled desktops as mail-relays to send spam.
3) The big majority of the Linux-Community does not think at all that all Software (or even all Operating Systems) have to remain free. They just expect that a license applied to a software is to be honored. This claim should be valid for any license, even the GPL.
http://www.ajc.com/business/content/business/01
http://www.messagelabs.com/news/viru
For more evidence about the complete voidness of SCOs IP-Claims information is gahtered at
http://www.groklaw.net
All information there is elaborated and with information where the source of the information is.
regards
PS: I'm a progammer earning my money with closed source. That does not hinder me to be a fan of Open Source products and to publish something once in a while.
Hope, it was politely enough and the spelling ok. I'm a native German, was never very well in foreign languages.
Afaik Linux-PCs where also available in Europe. "Europe" is this tiny, little, and "old" continent around 5000km east.
Sorry, could not resist...
This might be right for You and the Software You need. For most schoolars its not. They could do pretty well with OpenOffice, Mozilla and stuff like that. For the most technical subjects there is enough educational software available as well, plus some software development tools for programming lessons, a data-base and a better networking support. Why should a proprietary, expensive (well, not expensive for the schoolars, but expensive for those who are blinded for other choices later on) System be the default? If you need so special Software which is only for MS-Windows available (btw: I do as well, my PC at work runs Windows because I need a cross-compiler which is only avalable for MS-Systems) you are probably flexible enough to change to Windows for that purpose.
I don't understand your fear. Even if they put their proprietary software on top of linux they will do a good job keep the basic system stable, that way they will return a lot to the community.
Greetings
q.kontinuum
Bullshit, it means the stability of the kernel is really cool now ;-)
Freenet is a good start, but it is way to slow. I think, we need something average, it does not need to be _that_ secure. The average number of hops used should be lowered, and a cypher wich is faster butnot 100% reliable should do as well. The only important thing is that the cipher remains strong enough that no court can expecteveryone to decrypt all files cached on his own harddisk or forwarded to other poeple. Funny thing: Due to DMCA in USA a very weak (and therefore fast!) algorithm should already do the trick, since the customer is probably not even allowed to decrypt data wich is supposed for him ;-))
Doesn't help much. I think the progress-bar was already implemented, when the patent was granted; anyway, when the big companies sue you, you will need a lawyer first -> you need money. It doesn't help at all to win the case if you are already bankrupt before the case realy starts. (Even if you win the case, they will find dozents of other patents to sue you until one juge is stupid enough to decide against you or you are not able anymore to pay your lawyers)
http://support.microsoft.com/default.aspx?scid=kb; en-us;306203
With Microsoft Internet Protocol version 6 (IPv6) installed and Internet Connection Firewall (ICF) or Basic Firewall enabled, the firewall filters Internet Protocol version 4 (IPv4) traffic, but the basic firewall and the ICF does not block or filter IPv6 traffic.
Note ICF is available on Microsoft Windows XP and Microsoft Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition. Basic Firewall is a component of Routing and Remote Access that you can enable for any public interface on a computer running both Routing and Remote Access and a member of the Windows Server 2003 family.
Anyway, thx for the hint, maybe take some time to look for it then.
Do you have the link still? Or can you try to get the script with wget if you don't want to publish your surfing habits? I'd like to take a look at the Script and to feed it to mozilla.
regards, q.kontinuum
Show me the free available specification of the so called MS-document standard and I will show you the specification of the OOo-document format. Deal?
Hint: specifications for proprietary formats (like MS Products generate it) are not provided for everyone!
It's true, and I'm proud of it. I hope we will learn to solve our problems in a democratic manner. Democracy does not mean that everyone agrees to a plan, diversity is allowed.
Only if majority decides something someone doesn't like this someone should still do his best to support the decision afterwards, and this lesson is still to be learned by some countries. But the easiest way to learn the lesson is to have an opponent in common.
The kilo shall be defined to be 1/80 of my weight. In return for the honor I promis to make the worlds people slim down.