I think that's a great idea. The greatest enabler of them all for piracy is obviously Windows, and it is aided and abetted by the Internet. Let's sue Microsoft, and whoever it is which owns Teh Interwebs. Al Gore wasn't it? Or maybe the United Nations?:-)
Re:Pop Quiz for Chem Geeks or Biologists
on
Chemical Words List
·
· Score: 1
Sorry, Ma isn't Magnesium, or even Manganese. Using your logic (which I admire), the most commonly occurring element in the word "mammAls" is aluminum.
Re:Pop Quiz for Chem Geeks or Biologists
on
Chemical Words List
·
· Score: 1
Yep, the answer is indeed Calcium. Most people pick Iron because of the blood, but of course our bones are the greatest repository of Calcium, specifically in trabecular and compact bone formation. Dietary calcium, often considered to be a "mineral", is of course a metal -- but in the diet is found in ionic form (Ca2+). Somehow, the body takes in calcium in mineral form (such as Calcium Carbonate), and produces an amazing thing called hydroxyapatite (CaPO4, calcium phosphate, plus some trace elements and water.)
BTW, the Ma. comment was excellent, but Magnesium is Mg and Manganese is Mn, unfortuntely I'm note aware of any element with symbol "Ma." A more fitting answer might be "Al(uminum.)" In any case, this is all periodically interesting. -- cheers Paul Gillingwater
Pop Quiz for Chem Geeks or Biologists
on
Chemical Words List
·
· Score: 2, Interesting
OK, let's see how many of you really understand BioChemistry. Pop quiz time: which METAL occurs most commonly in mammals?
Don't google it -- just put down your best answer, and we'll see what firms up.
As a long-time Linux advocate, I must admit to a little Schadenfreude in the latest WMF exploit, however as a responsible member of the security community, I think we have to take this problem very seriously.
Whilst Microsoft may indeed publish an official patch in the next few days, they have no way to push it out to all the vulnerable systems. Savvy admins may have already applied the unofficial patch, and kudos to them.
However, the biggest problem is the great masses of unpatched systems that will never receive an official or unofficial patch. For them, I am afraid the only solution is a fix which exploits the vulnerability to patch the system automatically. If this is not done, it will exacerbate the problem of DDOS botnets and Spam relays, making life even worse for the rest of us.
Experienced security people will recall this has been done before. I suspect this may be the only way to patch enough of the vulnerable systems that won't be protected either by Microsoft's efforts or those of a competent admin. Any takers?
Security is indeed a thankless task, but if you manage it properly, you can get proper recognition.
First, one of the keys to security is Risk Assessment. Either do it yourself (using the OCTAVE methodology), or hire outside consultants to guide/mentor you through the process.
Next, learn a little about security. Join SANS, take the CISSP training/exam, or become an Information Systems Auditor (COBIT, CISA are relevant.)
I wrote a brief introduction to security (released under GNU Documentation License) for those who wish to learn the basics of Risks, Controls, etc. Just read chapters 1 and 2.
It's also a great idea to make friends with the Auditors in your company. Find out what you can do to make their jobs easier. Talk to your Chief Security Officer (if you have one, then the job of security is halfway to success!)
As others in this thread have posted, DOCUMENT EVERYTHING. Always follow the chain of command (unless something clearly illegal is involved.) Don't violate your ethics, and keep improving! -- cheers Paul Gillingwater
For the last five years, I have been running a company with 10 people which lives from open source.
We have made enough money to sustain the company (and pay high Austrian taxes), but not enough to get wealthy.
Specifically, we have made money from other people's efforts, i.e., Nessus, Snort and NMAP. We've done this by building on the work of others, and putting a usuable front end on them for corporations (we call it Event Horizon), plus adding commercial-grade support. Sourcefire did the same thing for Snort (we're a reseller of theirs too).
In return, we have released two major projects to the Open Source community: Outreach Project Tool (a project management and collaboration support Web gateway), and Database of Managed Objects, an audit support tool used to document security systems.
We haven't made any money out of OPT or DMO, but we have earned money from supporting the work of others. We won't mind if other people make money out of products we have developed -- that's the freedom which GPL offers.
About the future -- we are trying to earn license fees from DMO, since we just released it under GPL, but so far no takers. Please download it, try it out, and if you like it for your company, then persuade them to take a license. It works under Windows and Linux too!
--
cheers
Paul Gillingwater
P.S. I may be the CEO with an MBA, but I still write code...
One complaint I've often heard is how Apache is difficult to install for beginners. I came across a great answer to this question recently. Check out the Apache Friends XAMPP package, which combines Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.
It's very easy to install, and is set up to be easily administered. I now recommend it to users of my recently released DMO software, which provides a kind of Object-based DB layer on top of MySQL.
It seems obvious that this would be a great way to increase the user-accessibility for sight impaired users, if we can offer text-only adventures, which work well with a Linux speech synthesizer.
I think we have a perfect opportunity here. I think that former FEMA Director Michael Brown would be the perfect next chief of the USPTO. After all, he did such a great job at FEMA, so how hard can it be?
Granted, it's not easy. But it's also not wildly difficult to use the constrained keyspace of a credit card to generate a dictionary of all possible hashes for valid credit cards (remember, the key space is even further constrained by check digits implicit in the numbers), and store that on a simple lookup table on more or more Blu-Ray DVDs.
Re:while snort is a fine piece of software ...
on
CheckPoint Acquires Snort
·
· Score: 5, Informative
Plus you might find that a shellcode exploit requires a shellcode sled, which can be detected. And many of the people who use Snort might not know that Sourcefire has made a major innovation with RNA -- a passive traffic analysis system which tells you what hosts are in your LAN, and what ports are being used -- kind of like NTOP, but with better consolidation and reporting.
Re:Ethics & Technology - Mangan's blog is
on
Airbus A380 Under Fire
·
· Score: 0, Flamebait
As a foreign engineer working in Vienna, I think this guy is about as dumb as a box of rocks. For a start, you don't mess around with the legal system [t]here -- especially the contempt of court issue, which resulted from him posting about a sub judice matter on his blog. Second, he should have listened to his first lawyer, who suggested he leave the country, and drop the matter. Anyone failing to heed advice from legal professionals which they pay for is only buying themselves trouble. Thirdly, the guy is a Baptist Churchgoer -- which tells me he's not very bright. I have yet to meet anyone who is both "super smart" and believes in the classical Christian God -- any rational analysis would lead to questioning of that type of faith. (I'm not exempting Islam, Hinduism or any other mainstream religious belief from this general observation. Heck, he probably believes in a Creation myth too!)
After all, any "super smart" guy knows that Pastafarianism is the One True Path -- all hail the FSM!
Having said the above, I still feel there is a place for "whistle-blower" laws, and am surprised to hear that they don't exist in Austria.
I've worked with IDS for more than 8 years, and Snort for at least 6 years. Currently, I recommend Sourcefire to my customers. Why? Well, Snort with commercial support is great, but it's not enough. Sourcefire however developed RNA, which does passive network protocol analysis, and builds a knowledge base of vulnerbilities and hosts -- and allows IDS rules to be tuned according to relevance. (Note that RNA doesn't help when it comes to IPS.)
Having said that, I am generally against deploying any fully-automated IPS responses, due to the possibilities of false positives and potential for new attack vectors (i.e., a crafty attacker using the defenses against you.)
Until expert systems are as smart as experienced IDS analysts, the best defense is a dedicated team of people who deploy early-warning systems, and who watch the network carefully, 24x7, aided by tools like RNA. If you're really serious about security, however, you will develop two teams: Read Team and Blue Team. Let one handle defense, the other run attacks, and let the games begin... and don't forget to cycle people between the teams!
Incidentally, I was programming COBOL in the 1970's, and can still write a little Perl when necessary. The zOS system is something of a hybrid, based on OS/390 with some UNIX shells and POSIX compliance -- as many posters pointed out, any half decent admin or programmer should be able to learn their way around in a few weeks.
According to various Irish historians, St. Colmcille borrowed a psalm book from St. Finian and secretly copied it. Someone told St. Finian and he demanded the copy. St. Colmcille refused. The high king said "to every cow its calf and to every book its copy."
St. Colmcille still refused, and so a battle was fought in 561 A.D. The armies clashed at Cooldrumman and over 3,000 men were reputed to have been slain. Colmcille built a monastery and then exiled himself in repentance.
This represents the earliest European edict in regard to copyright -- so let the battle cry ring out:
I'm sorry, but a warp drive is impossible, as is any attempt to go faster than the speed of light. Our only hope is to *change* the speed of light, then build special engines which leave the spaceship perfectly stationary, and move the whole universe around them instead.:-)
Naturally, the engines used in the "Planetary Express" are the same engines used by the Lensmen for their "Inertialess Drives...."
Choosing the right wood, shaping it, fletching the arrows. This is "ancient tech" which can be learned today, and is its own reward. Why, there are even courses in this available!
It's amazing how effective a recurve bow with 40lbs strain is in the right hands....
It's not over-reacting. Whilst I have been inconvenienced by this myself, it's clear that the *only* way to put pressure on ISPs who host (or tolerate) known spammers is to attack them indirectly, which is through their other (legitimate) customers. Once a significant fraction of customers complain, the ISP will take the correct action -- otherwise, they will continue to contribute to the SPAM problem.
Disclaimer: it's been more than 12 years since I ran an ISP, but my attitude to SPAM has certainly hardened over the years. MAPS was right.
I am a professor at a small University, and encourage my students to use open source options, such as OpenOffice.org. I have no problems with PDF, however it's not so easy to submit PDFs to TurnItIn.com -- but this objection can easily be overcome, by requiring the student him/herself to make their own submission to TurnItIn.com, and then attach the results to their paper.
The only problems I would have would be if a student used an early beta of OpenOffice.org (such as build SRC680), which introduced briefly the.oot format. Naturally, I can unzip the file and use sed to edit the manifest in the XML, but it's a pain. I'd happily accept.rdf,.sxw,.sdw,.odt,.doc and even Word Perfect and LaTeX if the student wanted to put some effort into it!
Sir, I don't think you're going far enough. We need to also think about the computing task of representing all the letters of the Alphabet, plus digits, and some punctuation characters. So, let's take this idea of yours, this BCD, and extend it....
Slashdot Mirror
I think that's a great idea. The greatest enabler of them all for piracy is obviously Windows, and it is aided and abetted by the Internet. Let's sue Microsoft, and whoever it is which owns Teh Interwebs. Al Gore wasn't it? Or maybe the United Nations? :-)
Sorry, Ma isn't Magnesium, or even Manganese. Using your logic (which I admire), the most commonly occurring element in the word "mammAls" is aluminum.
Yep, the answer is indeed Calcium. Most people pick Iron because of the blood, but of course our bones are the greatest repository of Calcium, specifically in trabecular and compact bone formation. Dietary calcium, often considered to be a "mineral", is of course a metal -- but in the diet is found in ionic form (Ca2+). Somehow, the body takes in calcium in mineral form (such as Calcium Carbonate), and produces an amazing thing called hydroxyapatite (CaPO4, calcium phosphate, plus some trace elements and water.)
BTW, the Ma. comment was excellent, but Magnesium is Mg and Manganese is Mn, unfortuntely I'm note aware of any element with symbol "Ma." A more fitting answer might be "Al(uminum.)" In any case, this is all periodically interesting.
--
cheers
Paul Gillingwater
OK, let's see how many of you really understand BioChemistry. Pop quiz time: which METAL occurs most commonly in mammals?
Don't google it -- just put down your best answer, and we'll see what firms up.
As a long-time Linux advocate, I must admit to a little Schadenfreude in the latest WMF exploit, however as a responsible member of the security community, I think we have to take this problem very seriously.
Whilst Microsoft may indeed publish an official patch in the next few days, they have no way to push it out to all the vulnerable systems. Savvy admins may have already applied the unofficial patch, and kudos to them.
However, the biggest problem is the great masses of unpatched systems that will never receive an official or unofficial patch. For them, I am afraid the only solution is a fix which exploits the vulnerability to patch the system automatically. If this is not done, it will exacerbate the problem of DDOS botnets and Spam relays, making life even worse for the rest of us.
Experienced security people will recall this has been done before. I suspect this may be the only way to patch enough of the vulnerable systems that won't be protected either by Microsoft's efforts or those of a competent admin. Any takers?
Security is indeed a thankless task, but if you manage it properly, you can get proper recognition.
First, one of the keys to security is Risk Assessment. Either do it yourself (using the OCTAVE methodology), or hire outside consultants to guide/mentor you through the process.
Next, learn a little about security. Join SANS, take the CISSP training/exam, or become an Information Systems Auditor (COBIT, CISA are relevant.)
I wrote a brief introduction to security (released under GNU Documentation License) for those who wish to learn the basics of Risks, Controls, etc. Just read chapters 1 and 2.
If you wish to start documenting your systems, check out my Database of Managed Objects.
It's also a great idea to make friends with the Auditors in your company. Find out what you can do to make their jobs easier. Talk to your Chief Security Officer (if you have one, then the job of security is halfway to success!)
As others in this thread have posted, DOCUMENT EVERYTHING. Always follow the chain of command (unless something clearly illegal is involved.) Don't violate your ethics, and keep improving!
--
cheers
Paul Gillingwater
Sorry, I posted a bad link to the Outreach Project Tool. There is a great demo site here.
For the last five years, I have been running a company with 10 people which lives from open source.
We have made enough money to sustain the company (and pay high Austrian taxes), but not enough to get wealthy.
Specifically, we have made money from other people's efforts, i.e., Nessus, Snort and NMAP. We've done this by building on the work of others, and putting a usuable front end on them for corporations (we call it Event Horizon), plus adding commercial-grade support. Sourcefire did the same thing for Snort (we're a reseller of theirs too).
In return, we have released two major projects to the Open Source community: Outreach Project Tool (a project management and collaboration support Web gateway), and Database of Managed Objects, an audit support tool used to document security systems.
We haven't made any money out of OPT or DMO, but we have earned money from supporting the work of others. We won't mind if other people make money out of products we have developed -- that's the freedom which GPL offers.
About the future -- we are trying to earn license fees from DMO, since we just released it under GPL, but so far no takers. Please download it, try it out, and if you like it for your company, then persuade them to take a license. It works under Windows and Linux too!
--cheers
Paul Gillingwater
P.S. I may be the CEO with an MBA, but I still write code...
It's very easy to install, and is set up to be easily administered. I now recommend it to users of my recently released DMO software, which provides a kind of Object-based DB layer on top of MySQL.
It seems obvious that this would be a great way to increase the user-accessibility for sight impaired users, if we can offer text-only adventures, which work well with a Linux speech synthesizer.
I think we have a perfect opportunity here. I think that former FEMA Director Michael Brown would be the perfect next chief of the USPTO. After all, he did such a great job at FEMA, so how hard can it be?
Next to impossible?
Granted, it's not easy. But it's also not wildly difficult to use the constrained keyspace of a credit card to generate a dictionary of all possible hashes for valid credit cards (remember, the key space is even further constrained by check digits implicit in the numbers), and store that on a simple lookup table on more or more Blu-Ray DVDs.
Plus you might find that a shellcode exploit requires a shellcode sled, which can be detected. And many of the people who use Snort might not know that Sourcefire has made a major innovation with RNA -- a passive traffic analysis system which tells you what hosts are in your LAN, and what ports are being used -- kind of like NTOP, but with better consolidation and reporting.
As a foreign engineer working in Vienna, I think this guy is about as dumb as a box of rocks. For a start, you don't mess around with the legal system [t]here -- especially the contempt of court issue, which resulted from him posting about a sub judice matter on his blog. Second, he should have listened to his first lawyer, who suggested he leave the country, and drop the matter. Anyone failing to heed advice from legal professionals which they pay for is only buying themselves trouble. Thirdly, the guy is a Baptist Churchgoer -- which tells me he's not very bright. I have yet to meet anyone who is both "super smart" and believes in the classical Christian God -- any rational analysis would lead to questioning of that type of faith. (I'm not exempting Islam, Hinduism or any other mainstream religious belief from this general observation. Heck, he probably believes in a Creation myth too!)
After all, any "super smart" guy knows that Pastafarianism is the One True Path -- all hail the FSM!
Having said the above, I still feel there is a place for "whistle-blower" laws, and am surprised to hear that they don't exist in Austria.
Having said that, I am generally against deploying any fully-automated IPS responses, due to the possibilities of false positives and potential for new attack vectors (i.e., a crafty attacker using the defenses against you.)
Until expert systems are as smart as experienced IDS analysts, the best defense is a dedicated team of people who deploy early-warning systems, and who watch the network carefully, 24x7, aided by tools like RNA. If you're really serious about security, however, you will develop two teams: Read Team and Blue Team. Let one handle defense, the other run attacks, and let the games begin... and don't forget to cycle people between the teams!
deimtee has it exactly right -- mod her/him up.
Incidentally, I was programming COBOL in the 1970's, and can still write a little Perl when necessary. The zOS system is something of a hybrid, based on OS/390 with some UNIX shells and POSIX compliance -- as many posters pointed out, any half decent admin or programmer should be able to learn their way around in a few weeks.
According to various Irish historians, St. Colmcille borrowed a psalm book from St. Finian and secretly copied it. Someone told St. Finian and he demanded the copy. St. Colmcille refused. The high king said "to every cow its calf and to every book its copy."
St. Colmcille still refused, and so a battle was fought in 561 A.D. The armies clashed at Cooldrumman and over 3,000 men were reputed to have been slain. Colmcille built a monastery and then exiled himself in repentance.
This represents the earliest European edict in regard to copyright -- so let the battle cry ring out:
To every cow its calf, to every book its copy!
A closer approximation is 355/113.
I'm sorry, but a warp drive is impossible, as is any attempt to go faster than the speed of light. Our only hope is to *change* the speed of light, then build special engines which leave the spaceship perfectly stationary, and move the whole universe around them instead. :-)
Naturally, the engines used in the "Planetary Express" are the same engines used by the Lensmen for their "Inertialess Drives...."
Choosing the right wood, shaping it, fletching the arrows. This is "ancient tech" which can be learned today, and is its own reward. Why, there are even courses in this available!
It's amazing how effective a recurve bow with 40lbs strain is in the right hands....
It's not over-reacting. Whilst I have been inconvenienced by this myself, it's clear that the *only* way to put pressure on ISPs who host (or tolerate) known spammers is to attack them indirectly, which is through their other (legitimate) customers. Once a significant fraction of customers complain, the ISP will take the correct action -- otherwise, they will continue to contribute to the SPAM problem.
Disclaimer: it's been more than 12 years since I ran an ISP, but my attitude to SPAM has certainly hardened over the years. MAPS was right.
I am a professor at a small University, and encourage my students to use open source options, such as OpenOffice.org. I have no problems with PDF, however it's not so easy to submit PDFs to TurnItIn.com -- but this objection can easily be overcome, by requiring the student him/herself to make their own submission to TurnItIn.com, and then attach the results to their paper.
.oot format. Naturally, I can unzip the file and use sed to edit the manifest in the XML, but it's a pain. I'd happily accept .rdf, .sxw, .sdw, .odt, .doc and even Word Perfect and LaTeX if the student wanted to put some effort into it!
The only problems I would have would be if a student used an early beta of OpenOffice.org (such as build SRC680), which introduced briefly the
They should have just asked this guy. He memorized Pi to 22,514 digits. I'm sure with incentive he could take it out to 40,000.
Sir, I don't think you're going far enough. We need to also think about the computing task of representing all the letters of the Alphabet, plus digits, and some punctuation characters. So, let's take this idea of yours, this BCD, and extend it....
... and I contributed it to the Da Vinci institute's Museum of Future Inventions.
Slashdot regulars will remember the Da Vinci institute from this story.