This is a good tip. I use a separate account for internet facing apps, but it can be a pain having to enter passwords so much. I was thinking of creating a simple app to drop priv to lesser users. I didn't think of sudo as having this functionality, only as increasing priv to root.
On the other hand, this is something I have been wondering for a long time: how secure is sudo? Are the developers knowledgeable enough to steer away from the many possible security gotchas in such a utility?
Having a terms of use is a good idea, it will help you legitimate users to know what is acceptable, but it won't get rid of trolls. At least half the trolls are psychopaths. (the other half bored kids)
Psychopaths love lots of detailed rules, because they love screwing the system, and lots of rules not only disrupt legitimate activity, assuming they are enforced uniformly, they allow the psychopath to dance around them without breaking them.
Let's say for example, you make a rule saying "only IT personnel are allowed to set foot in the server room." They'll happily obey the rule and just lean in the room or use a stick and take things / mess with stuff. You can revise the rule, but they'll just find a way around it or try something somewhere else. Once you have been around them for a while, you realize you can't just make rules to solve the troll problem.
If you really keep on them for a long time, eventually they stop trying to disrupt things, but as soon as you turn your back, they'll start back up again. The only hope is to identify them and get rid of them one way or another. If you are stuck with them for some reason, well, ignoring them is the least waste of energy.
Who said he was using the account to download music and movies? Of which I assume you imply are ones infringing copyright. Ssh and bittorrent have many other uses.
You are the one who must be young. Yes, I know it may affect getting a job, but the employers who would screen you out because of something "immoral" you did as a teenager are control freaks who will burn you out. Professionals do business to get work done, not play kindergarten games of who did what. They only look at your history to find things relevant to the job. I suppose you think it is okay for them to tell you which church to attend and where to live. You may make a little more money, but the costs of dealing with them will more than overrun the value of the extra cash. I'd rather not work for someone who thinks behaving like the Taliban is acceptable. There are religions which ban coffee, tea, even soda. Why should I have to obey all of their tenets?
In a couple of years when you have gone through a few divorces and have stress related health problems, among other things, you will know what I am talking about. And as for being social, you don't know what that is. Just because you don't see a person doesn't mean you don't have a connection. I'm sure plenty of people have said the same things about the telephone and letters.
It would take a long explanation for a satisfactory response. I think I put together a detailed comparison between the two, but I'm not sure if I still have the file.
Ever notice how many open source critics call it communism? It isn't just because of MS schills. A lot of that has to do with Stallman's constant crap. He constantly trashes Linux, apparently because he is jealous of its success. He thinks he should be the only one to get credit for anything open source. He is very controlling, especially with GNU projects or any projects similar to a GNU one. GNU projects are free as in "freedom", but not if you want to compete or make a fork. For example, I've seen messages on the front pages of a few projects which seemed to indicate some GNU/FSF people were harrassing them. Namely Cinepaint (a GIMP fork) and TenDRA (a compiler). One has to wonder why all the development stopped on TenDRA. It looked like a viable project.
Basically he is an extremist who wants to eliminate anyone who is a threat to his "leadership." Yes, he doesn't kill people, but his paranoid actions don't seem far off from Stalin. I would suppose he has the same psychological disorder.
I still don't get why people even use facebook (or any social sites). Near as I can tell, it's a vestige of the adolescent misconception that you are the center of the universe and everything you do is interesting and important.
It is called being social. Maybe everyone will not think what you do is interesting and important, but some will. This may be a foreign concept to you, but they are often called friends and family. Perhaps you live in your parents basement, so they know everything you do, and you don't have any friends. Many other people do have friends, and they don't live in their parents basement, so they need a way to keep in touch with those people, and perhaps even find some new friends.
can't imagine trying to explain what I did 30+ years later when I was in my mid teens.
If someone is trying to judge you for something that happened 30 years ago when you were a teenager, they either have some other motive (perhaps you don't belong to their "one true religion") or they are a psychopath. Most people change and learn much after their teen years and it is quite unfair to judge them for things they did at that time. Obviously while they are teenagers, they need to be disciplined, but doing it long after is just being an asshole.
If someone raises a stink about something that long ago, tell them to fuck off. If they are a prospective employer, you probably don't want to work for them. Think about it. What kind of life would you have if you live around such people. No wonder you don't want any friends.;-)
If you want to see how ridiculous this seems, replace 'pedophile' with 'straight male' and child with 'woman'. You end up with "straight male = sick woman raping motherfucker".
Sorry to tell you this, but this is the opinion of the majority of women and police in the US. It is not true, but that doesn't stop them. I think it stems from the desire to be self-righteous and have easy answers. If you assume every male is a piece of shit, you don't have to think if they are guilty of anything or not, just attack them as if they are.
If you, as a male, become disabled, nobody will care. They'll just say "get a job, you lazy loser!" Even if you have kidney failure and had two strokes, and you can't be active (including just standing) for more than two hours/day, not to mention numerous mental defects which make working impossible. Yet a woman who doesn't have any children, is fully able bodied, but decides she doesn't want to work can screw the system all she wants and no one will try to stop her.
I have been told handheld radar guns can be several percent off. The guy who told me said he was a security guard somewhere and they did tests and found radar guns were too inacurrate for them to use.
Yes, good point. Malformed files can potentially attack any program with buffer overflow bugs and other security holes. This is why it is important to run programs as a separate user. I usually try to have one account for network facing programs, and one for important files. That way, not only will an attacker have trouble taking over my system, but she will not be able to mess with important work.
I also try not to compile programs as root (only run install). I remember hearing about one open source project who were cracked, and the script kiddie put some sort of nasty code into the configure script. People who compiled as a lesser user didn't get the trojan installed. For a while, I created a special admin user just for installing. It had permissions to write files in/usr/bin/usr/lib and such, but not/etc or/bin. This wasn't supported by my distro though (ownership was clobbered every time I installed a package), so I gave up.
These procedures are not bulletproof, but is better than nothing.
I'm going to jump in, because I don't think anyone explained this.
Windows runs lots of services (server programs) by default, some of which have vulnerabilities. Some of which can't be turned off, because of the way MS programmed them. If you wonder why they are there, this is how things like filesharing works: it has a server program which will reply when someone else on the lan broadcasts asking for other shares. If someone creates specially formed packets, they can break into those vulnerable services, and you are rooted.
There could also be vulnerablilities in the kernel (main system), but they are rare. You could also be infected if you opened up a shared folder, and someone / a program uploads a hostile program to it, and you run that program.
This is in addition to getting infected by visiting a hostile site with an insecure browser.
I may not have explained this very well, but hopefully you get the idea.
The RIAA? What about software companies? Ever hear of the BSA? If any of them can selectively prosecute anyone who runs their programs even if it was legally paid for, then we are all in trouble.
Though, I finally got through to the site, and it may not be quite as bad. It looks as though the court found you have to obey the EULA. I'm not sure I like that either. After all, you often don't get to see the EULA until after you buy the software and open the box. Even more so, because the stores claim some "copyright law" requires it, they won't take back opened software. Certainly sounds like they are making people sign a blank contract to me...
This is why fingerprints are used. Even just checking a few random digits makes it worlds harder for a MitM attack to evade detection.
Obviously, it doesn't help if the person checking the fingerprint doesn't know what it should be, but one would think with all the publicity they get, TPB should be able to get their real fingerprint out there. Non-famous people could use a phone call: "The third number in my fingerprint is 4f."
Isn't good muscular control part of good technique? Maybe such a computer program couldn't train someone in all aspects of singing, but I would imagine it could help them improve some aspects of their technique...
That sounded familiar, like something I have heard of before called GeekPAC. I thought they had a website, but I can't find it. However there are stories about it on linux journal and Lisa Rein's blog. I don't know what happened to them.
You should realize there are a lot of congressmen, so "donating" 9k or so to each one would cost somewhere around $100k or $1M+ (you do the math if you want to know the exact amount), that isn't exactly cheap. I suppose if a hundred thousand geeks get together and pay $10 each, you'd have the million you need.:-)
Apparently not. My dialysis center runs all Microsoft OSes, and I've even heard the techs complain about how they were sure they entered info, but it wasn't in the system. Sounds like a familiar problem.
Their system also seems to miscalculate the amount of fluid to be taken off. At first I thought maybe it was just trying to challenge the presumed dry weight which was in the system, but if this were the case, then why have the techs started calcuating it by hand? I have observed this in two dialysis centers, so I would imagine it is happening in all of the dialysis centers owned by the same company.
At any rate, obviously there is a major defect somewhere, and it would be surprising if someone was not killed by it already. If you take off too much fluid during dialysis, it can easily be a life threatening situation. They haven't stopped using this system, which I'm sure they would if criminal or even civil punishments were involved, so I would say no, criminal punishments do not come about due to flaws in medical software.
In fact, how would anyone trace it down to the computer in the first place? Most people assume computers give flawless answers, they just expect them to crash a lot, so if a computer gave an incorrect answer to a calculation or missing information, and that error got someone killed, who would even think to check the computer? They would probably just blame the nurse or technician. Plus I do not think there is a tracking / recording system to tell you what result the computer gave anyway. How would you prove it?
As far as banks and the like, since when have you heard of a teller being arrested for losing a check or mistyping information? It happens all the time, and if the victum can't prove it, then they are shit out of luck. If they can, then the bank just corrects the error. The only time I've heard of bank employees being arrested were for obvious deliberate fraud. It is probably the same way with computer software.
I don't understand why it should cost so much. If I understand how this works correctly, then from the hardware end, you just need a camera, a laser, and something to deflect the laser light. Correct?
I can't think off the top of my head what would be best to deflect the light, but couldn't you just buy one of those cheap lazer pointers and probably use a camera you already have? I would think any HD camcorder would give at least somewhat decent results. Perhaps even SD camcorders or webcams may work. You won't have really accurate models, but they would be something to work with.
As for the software, isn't it simple trigonometry or geometry? Calculate where the laser light is hitting from the coordinates given from the camera. There is only going to be one spec of light, assuming your object is not transparent or reflective... Yeah, it would be more difficult to determine where the speck of light is from the laser if your room is lighted, but if you are just doing small objects, you could just make use a box with the inside walls painted flat black.
I haven't tried ATI's proprietary opengl drivers, the only ATI video card I've had in the past couple of years was a Rage XL which was used unaccelerated. I made those comments because many idiots are claiming Nvidia drivers are decent. They are not. Just because ATI makes crap drivers which are worse doesn't change that fact. So what if a few things work. The driver causes major system unstabliity.
It is like saying Windows 98 was the greatest operating system ever because Windows ME sucked. They both suck bad.
I suppose if you think Microsoft's OS as the gold standard, you wouldn't notice this problem, but I do. I consider the system locking up or going down even once a week to be a major problem, and if one has to play with settings at random to keep this from happening, well, that doesn't raise my confidence level.
It is not too soon. I'm guessing you haven't tried the Nvidia driver on linux, because compared to what I have experienced, the ATI bugs you listed don't sound very bad. I had to turn off all the features and I am afraid to try anything which may be out of the ordinary on my Nvidia machine because it risks constant crashes. My machine with intel graphics may not allow mplayer to play in the root window, but at least it doesn't completely crash the system hard.
Running a linux system with the proprietary Nvidia drivers reminds me of my days "having fun" with Win98. Right now, I am migrating from that Nvidia system to one with an i810 chipset, partly because the driver issues really piss me off. If ATI cards start coming with open source drivers which support 2d/video and 3d well enough, I will probably buy one even if I am on a tight budget at the time.
I've had an ATI bt878 TV card for about 10 years, and it has always worked with linux. In fact, for much of that time, I have used that card with linux as my primary source of television. It requires xawtv to change channels, but for general capturing the v4l driver works with any program.
As for remote controls, I don't use one, but I thought about buying a Snapstream Firefly mini. It says it is a hid device which acts as a keyboard, so it should be fully compatible with linux...
There was a time in the '90s where copy protection more or less disappeared. I had to come to the point where nearly every software review had a complaint about the copy protection, and nearly everyone who bought software refused to buy anything which had copy protection, but it happened.
Now there is a new generation of computer users and computer programmers/ vendors. Let's just hope they are smart enough to drop the copy protection crap, which only causes problems for legitimate users and just gives script kiddies more street creds for cracking the "latest and greatest" schemes.
Do more than just ask for Linux drivers. Ask them to release programming specs, then not only will you have open source drivers, but you can also find other ways to use it...
Slashdot Mirror
This is a good tip. I use a separate account for internet facing apps, but it can be a pain having to enter passwords so much. I was thinking of creating a simple app to drop priv to lesser users. I didn't think of sudo as having this functionality, only as increasing priv to root.
On the other hand, this is something I have been wondering for a long time: how secure is sudo? Are the developers knowledgeable enough to steer away from the many possible security gotchas in such a utility?
Having a terms of use is a good idea, it will help you legitimate users to know what is acceptable, but it won't get rid of trolls. At least half the trolls are psychopaths. (the other half bored kids)
Psychopaths love lots of detailed rules, because they love screwing the system, and lots of rules not only disrupt legitimate activity, assuming they are enforced uniformly, they allow the psychopath to dance around them without breaking them.
Let's say for example, you make a rule saying "only IT personnel are allowed to set foot in the server room." They'll happily obey the rule and just lean in the room or use a stick and take things / mess with stuff. You can revise the rule, but they'll just find a way around it or try something somewhere else. Once you have been around them for a while, you realize you can't just make rules to solve the troll problem.
If you really keep on them for a long time, eventually they stop trying to disrupt things, but as soon as you turn your back, they'll start back up again. The only hope is to identify them and get rid of them one way or another. If you are stuck with them for some reason, well, ignoring them is the least waste of energy.
Who said he was using the account to download music and movies? Of which I assume you imply are ones infringing copyright. Ssh and bittorrent have many other uses.
Why not both? A vertical screen for viewing text, images, data, etc. And a horizontal one for playing with widgets, data entry, and the like.
You are the one who must be young. Yes, I know it may affect getting a job, but the employers who would screen you out because of something "immoral" you did as a teenager are control freaks who will burn you out. Professionals do business to get work done, not play kindergarten games of who did what. They only look at your history to find things relevant to the job. I suppose you think it is okay for them to tell you which church to attend and where to live. You may make a little more money, but the costs of dealing with them will more than overrun the value of the extra cash. I'd rather not work for someone who thinks behaving like the Taliban is acceptable. There are religions which ban coffee, tea, even soda. Why should I have to obey all of their tenets?
In a couple of years when you have gone through a few divorces and have stress related health problems, among other things, you will know what I am talking about. And as for being social, you don't know what that is. Just because you don't see a person doesn't mean you don't have a connection. I'm sure plenty of people have said the same things about the telephone and letters.
It would take a long explanation for a satisfactory response. I think I put together a detailed comparison between the two, but I'm not sure if I still have the file.
Ever notice how many open source critics call it communism? It isn't just because of MS schills. A lot of that has to do with Stallman's constant crap. He constantly trashes Linux, apparently because he is jealous of its success. He thinks he should be the only one to get credit for anything open source. He is very controlling, especially with GNU projects or any projects similar to a GNU one. GNU projects are free as in "freedom", but not if you want to compete or make a fork. For example, I've seen messages on the front pages of a few projects which seemed to indicate some GNU/FSF people were harrassing them. Namely Cinepaint (a GIMP fork) and TenDRA (a compiler). One has to wonder why all the development stopped on TenDRA. It looked like a viable project.
Basically he is an extremist who wants to eliminate anyone who is a threat to his "leadership." Yes, he doesn't kill people, but his paranoid actions don't seem far off from Stalin. I would suppose he has the same psychological disorder.
It is called being social. Maybe everyone will not think what you do is interesting and important, but some will. This may be a foreign concept to you, but they are often called friends and family. Perhaps you live in your parents basement, so they know everything you do, and you don't have any friends. Many other people do have friends, and they don't live in their parents basement, so they need a way to keep in touch with those people, and perhaps even find some new friends.
If someone is trying to judge you for something that happened 30 years ago when you were a teenager, they either have some other motive (perhaps you don't belong to their "one true religion") or they are a psychopath. Most people change and learn much after their teen years and it is quite unfair to judge them for things they did at that time. Obviously while they are teenagers, they need to be disciplined, but doing it long after is just being an asshole.
If someone raises a stink about something that long ago, tell them to fuck off. If they are a prospective employer, you probably don't want to work for them. Think about it. What kind of life would you have if you live around such people. No wonder you don't want any friends. ;-)
Sorry to tell you this, but this is the opinion of the majority of women and police in the US. It is not true, but that doesn't stop them. I think it stems from the desire to be self-righteous and have easy answers. If you assume every male is a piece of shit, you don't have to think if they are guilty of anything or not, just attack them as if they are.
If you, as a male, become disabled, nobody will care. They'll just say "get a job, you lazy loser!" Even if you have kidney failure and had two strokes, and you can't be active (including just standing) for more than two hours/day, not to mention numerous mental defects which make working impossible. Yet a woman who doesn't have any children, is fully able bodied, but decides she doesn't want to work can screw the system all she wants and no one will try to stop her.
I have been told handheld radar guns can be several percent off. The guy who told me said he was a security guard somewhere and they did tests and found radar guns were too inacurrate for them to use.
It would be nice to have a study for credible evidence... A quick search turns up this article from a site called radarbusters.
Yes, good point. Malformed files can potentially attack any program with buffer overflow bugs and other security holes. This is why it is important to run programs as a separate user. I usually try to have one account for network facing programs, and one for important files. That way, not only will an attacker have trouble taking over my system, but she will not be able to mess with important work.
I also try not to compile programs as root (only run install). I remember hearing about one open source project who were cracked, and the script kiddie put some sort of nasty code into the configure script. People who compiled as a lesser user didn't get the trojan installed. For a while, I created a special admin user just for installing. It had permissions to write files in /usr/bin /usr/lib and such, but not /etc or /bin. This wasn't supported by my distro though (ownership was clobbered every time I installed a package), so I gave up.
These procedures are not bulletproof, but is better than nothing.
I'm going to jump in, because I don't think anyone explained this.
Windows runs lots of services (server programs) by default, some of which have vulnerabilities. Some of which can't be turned off, because of the way MS programmed them. If you wonder why they are there, this is how things like filesharing works: it has a server program which will reply when someone else on the lan broadcasts asking for other shares. If someone creates specially formed packets, they can break into those vulnerable services, and you are rooted.
There could also be vulnerablilities in the kernel (main system), but they are rare. You could also be infected if you opened up a shared folder, and someone / a program uploads a hostile program to it, and you run that program.
This is in addition to getting infected by visiting a hostile site with an insecure browser.
I may not have explained this very well, but hopefully you get the idea.
The RIAA? What about software companies? Ever hear of the BSA? If any of them can selectively prosecute anyone who runs their programs even if it was legally paid for, then we are all in trouble.
Though, I finally got through to the site, and it may not be quite as bad. It looks as though the court found you have to obey the EULA. I'm not sure I like that either. After all, you often don't get to see the EULA until after you buy the software and open the box. Even more so, because the stores claim some "copyright law" requires it, they won't take back opened software. Certainly sounds like they are making people sign a blank contract to me...
This is why fingerprints are used. Even just checking a few random digits makes it worlds harder for a MitM attack to evade detection.
Obviously, it doesn't help if the person checking the fingerprint doesn't know what it should be, but one would think with all the publicity they get, TPB should be able to get their real fingerprint out there. Non-famous people could use a phone call: "The third number in my fingerprint is 4f."
Do you really need special software for the scanner, or are you talking about the drivers being buggy?
Isn't good muscular control part of good technique? Maybe such a computer program couldn't train someone in all aspects of singing, but I would imagine it could help them improve some aspects of their technique...
That sounded familiar, like something I have heard of before called GeekPAC. I thought they had a website, but I can't find it. However there are stories about it on linux journal and Lisa Rein's blog. I don't know what happened to them.
You should realize there are a lot of congressmen, so "donating" 9k or so to each one would cost somewhere around $100k or $1M+ (you do the math if you want to know the exact amount), that isn't exactly cheap. I suppose if a hundred thousand geeks get together and pay $10 each, you'd have the million you need. :-)
Apparently not. My dialysis center runs all Microsoft OSes, and I've even heard the techs complain about how they were sure they entered info, but it wasn't in the system. Sounds like a familiar problem.
Their system also seems to miscalculate the amount of fluid to be taken off. At first I thought maybe it was just trying to challenge the presumed dry weight which was in the system, but if this were the case, then why have the techs started calcuating it by hand? I have observed this in two dialysis centers, so I would imagine it is happening in all of the dialysis centers owned by the same company.
At any rate, obviously there is a major defect somewhere, and it would be surprising if someone was not killed by it already. If you take off too much fluid during dialysis, it can easily be a life threatening situation. They haven't stopped using this system, which I'm sure they would if criminal or even civil punishments were involved, so I would say no, criminal punishments do not come about due to flaws in medical software.
In fact, how would anyone trace it down to the computer in the first place? Most people assume computers give flawless answers, they just expect them to crash a lot, so if a computer gave an incorrect answer to a calculation or missing information, and that error got someone killed, who would even think to check the computer? They would probably just blame the nurse or technician. Plus I do not think there is a tracking / recording system to tell you what result the computer gave anyway. How would you prove it?
As far as banks and the like, since when have you heard of a teller being arrested for losing a check or mistyping information? It happens all the time, and if the victum can't prove it, then they are shit out of luck. If they can, then the bank just corrects the error. The only time I've heard of bank employees being arrested were for obvious deliberate fraud. It is probably the same way with computer software.
Thank you. You just gave me an idea for search terms of spanking material. Party time!
You mean this one? www.david-laserscanner.com -- I am not sure, this one seems to be shareware...
I don't understand why it should cost so much. If I understand how this works correctly, then from the hardware end, you just need a camera, a laser, and something to deflect the laser light. Correct?
I can't think off the top of my head what would be best to deflect the light, but couldn't you just buy one of those cheap lazer pointers and probably use a camera you already have? I would think any HD camcorder would give at least somewhat decent results. Perhaps even SD camcorders or webcams may work. You won't have really accurate models, but they would be something to work with.
As for the software, isn't it simple trigonometry or geometry? Calculate where the laser light is hitting from the coordinates given from the camera. There is only going to be one spec of light, assuming your object is not transparent or reflective... Yeah, it would be more difficult to determine where the speck of light is from the laser if your room is lighted, but if you are just doing small objects, you could just make use a box with the inside walls painted flat black.
I haven't tried ATI's proprietary opengl drivers, the only ATI video card I've had in the past couple of years was a Rage XL which was used unaccelerated. I made those comments because many idiots are claiming Nvidia drivers are decent. They are not. Just because ATI makes crap drivers which are worse doesn't change that fact. So what if a few things work. The driver causes major system unstabliity.
It is like saying Windows 98 was the greatest operating system ever because Windows ME sucked. They both suck bad.
I suppose if you think Microsoft's OS as the gold standard, you wouldn't notice this problem, but I do. I consider the system locking up or going down even once a week to be a major problem, and if one has to play with settings at random to keep this from happening, well, that doesn't raise my confidence level.
It is not too soon. I'm guessing you haven't tried the Nvidia driver on linux, because compared to what I have experienced, the ATI bugs you listed don't sound very bad. I had to turn off all the features and I am afraid to try anything which may be out of the ordinary on my Nvidia machine because it risks constant crashes. My machine with intel graphics may not allow mplayer to play in the root window, but at least it doesn't completely crash the system hard.
Running a linux system with the proprietary Nvidia drivers reminds me of my days "having fun" with Win98. Right now, I am migrating from that Nvidia system to one with an i810 chipset, partly because the driver issues really piss me off. If ATI cards start coming with open source drivers which support 2d/video and 3d well enough, I will probably buy one even if I am on a tight budget at the time.
I've had an ATI bt878 TV card for about 10 years, and it has always worked with linux. In fact, for much of that time, I have used that card with linux as my primary source of television. It requires xawtv to change channels, but for general capturing the v4l driver works with any program.
As for remote controls, I don't use one, but I thought about buying a Snapstream Firefly mini. It says it is a hid device which acts as a keyboard, so it should be fully compatible with linux...
There was a time in the '90s where copy protection more or less disappeared. I had to come to the point where nearly every software review had a complaint about the copy protection, and nearly everyone who bought software refused to buy anything which had copy protection, but it happened.
Now there is a new generation of computer users and computer programmers/ vendors. Let's just hope they are smart enough to drop the copy protection crap, which only causes problems for legitimate users and just gives script kiddies more street creds for cracking the "latest and greatest" schemes.
Do more than just ask for Linux drivers. Ask them to release programming specs, then not only will you have open source drivers, but you can also find other ways to use it...