Why? Every time a Federal law is passed that conservatives don't like they trot out the "States' Rights" flag and wave it around using the defintion of States' Rights to be the idea that local people are better able to govern themselves than some remote beast of a government in D.C. The same principle should hold true at the state level vs. counties and municipalities. Austin is a drop of Liberal society in a sea of rednecks and is surely better able to govern itself than a bunch of hicks representing other areas. What's good for the goose, etc.etc.
Oh. I see. They only love it when the Federal Government is instituting something they disagree with. Then it's all "States' rights!" and "Founding fathers!" But when it comes to conservatives imposing their will, they don't give a shit about the will of local political majorities.
Bush jr. caused a lot of damage (and debt) with the useless second war in Iraq that we'll be suffering with for decades to come. You can draw a straight line from the second war in Iraq to ISIS. However, I think Trump will make us pine for the "good old days" of Bush jr.
After moving to the Midwest I couldn't find soda. I'd go to my local grocery store or Wal-Mart and ask for "soda" and people would look at me confusedly and say they don't carry it. So, I had to switch to 'pop.'
I agree about the learning. (Insert favorite quote here re: perils of not learning history) I just don't see this as being particularly apropos. Posting irrelevant tidbits dilutes Slashdot's value as "News for Nerds."
I've got it on an old Toshiba Satellite laptop
on
Windows 95 Turns 20
·
· Score: 4, Insightful
I purchased a Toshiba Satellite laptop with WFW 3.11 in early '95 that I upgraded to Win 95 in September of that year. I pulled it out of the closet three years ago and it still boots up with the clean install I put on it when I moved on to newer hardware.
Ah, the bad old days of.dll conflicts, memory managers, point drivers for PCMCIA cards, and coax. I don't miss any of it.
The policy of escorting employees off the property is SOP nowadays due to HR's fear of vindictive ex-employees causing havoc/damage to the company. Sure it is somewhat humiliating, especially if you've been employed for a long time and put alot of yourself into the organization. However, I understand the reasoning. And while I haven't had this happen to me exactly, I have had my admin privileges revoked when I was laid off. Sure it pissed me off at the time, especially as I'd been there for a long time and people should have known better than fear my retaliation. But, had I been vindictive, I could have caused a great deal of damage and idled a large number of people given a couple of minutes continued admin access to the systems, so I understand the reasoning and the necessity.
OK, it's a pet peeve, but I hate it when people use "fired" for people let go through no fault of their own. One gets "fired" for fucking up, one is "laid off" due to someone else fucking up.
If you have physical access to the machine, it doesn't matter. You can rewrite the BIOS. And then, yes, it is an advantage to malware authors if there's only a couple of kinds of BIOS, because their malware only has to support those kinds. So yes, reuse of code becomes a "problem" for the rest of us if viewed from that perspective. It's not clear though that life would be any better for users overall if there were more kinds of BIOS. As bad as Phoenix, Award et al can be at making BIOS that works, I shudder when I imagine vendors rolling their own. I'll live with the disease, thanks.
Yeah, I agree with with regards to the physical access vector. I have a background doing IT in a DOD TS/SCI environment for three years and a TS environment for eight with DOE. Our (those of use who knew what we were doing) had the philosophy that if you had physical access to a system then you could pwn it. AT DOE it wasn't our duty to design systems with any consideration of the "insider threat" unless it was for the use of FORNATs. Systems for US use relied mostly upon personnel and site physical security.
I do disagree that a greater number of targets being more burdensome for the black hats outweighs the security benefits of supporting a smaller code base. The former is merely supposed security through obscurity. A basic rule of thumb of security is to minimize the attack surface. One of the primary strategies to accomplish this with regard to information security in a software environment is to reduce the amount of code running.
Manufacturers/vendors don't write their own BIOSs; they license them from the likes of Phoenix Technologies and Insyde. These licensors don't write a completely new BIOS and bits for each licensee, let alone for each motherboard and their variants. As such, of course there is code reuse. Imagine the probable security issues there would be if each Vendor, let alone motherboard, received a BIOS that was written from scratch. QA would be a nightmare, as would the security of the code.
The problem isn't the reuse of code. The problem is that the code that was reused had security vulnerabilities.
Here's a link http://www.fda.gov/NewsEvents/... to an announcement for an obesity treatment that modifies the signals of the Vagus nerve via a surgically implanted device. The study implanted the device into two groups of patients, but was only actually activated for one group, though both groups thought it was for both. I'd say that was the use of the placebo effect via surgery.
Three months is long enough to produce a code monkey, not a software developer, let alone a computer scientist. I venture the result of such a regimen would be someone who is ready for an apprenticeship, not produce anything on their own.
The OA uses the term "Linux backdoor," but then goes on to describe it as a add-in kernel module. It's not a backdoor, but rather a rogue kernel module someone has written. The module in question, ipt_ip_udp, isn't part of the Linux kernel. It's merely a module some black hat wrote to provide remote access to an already compromised system. This is just FUD and self-promotion by NCC Group to make what they found sound much more important than it really was, no doubt to increase their client base. What crap.
To sum up, it isn't a Linux back door and it isn't a vulnerability in the Linux kernel source code. It's merely a rootkit.
So, they introduced a backdoor into software that can be/is used to secure US nuclear secrets, in the hopes only they would be able to take advantage of it? This is just another variant of "security through obscurity." Really, really fucking stupid!
Niven's Law: "There is a technical, literary term for those who mistake the opinions and beliefs of characters in a novel for those of the author. The term is "idiot."
I have seen no evidence that Heinlein believed that the idea of Citizenship in ST should be realized. If you can cite some credible, non-fiction source where Heinlein advocates the realization of the governmental form for found in ST, I would be most interested. I believe Heinlein was a strong believer in one realizing the existence of, and paying one's debts to society, and nothing more.
Secondly, you err in your statement re: ST "That only those who serve in the military and commit violence...." Full-Citizenship afforded one the opportunity to vote, hold elected office, and teach the high school History and Moral Philosophy course. Obtaining this required NATIONAL SERVICE of some sort, the form of which was based upon the needs of society and the aptitude and skills of the individual in question. There was ABSOLUTELY NO requirement that one serve in the military nor participate in some form of violence (war?) in the name of their country. You are incorrectly trying to tie the requirement of jingoistic beliefs with citizenship requirements in Starship Troopers. Perhaps you should go back and read it again.
Thirdly, the article is about the MOVIE by Paul Verhoeven, not Heinlein novel. The movie does indeed poke fun at jingoistic ideals, portrays a fascist government, etc. whose military intelligence service wears SS-like uniforms, has a national news service that uses heavy-handed propaganda techniques. I had not read any of the critiques of the movie upon its release, and am surprised that these obvious themes and messages weren't remarked upon.
I guess by my 'nick you can guess I'm a bit of a Heinlein fan.:-)
Life in Russia sucks, and it doesn't surprise me at all that this was developed there and gained such widespread use. I bet the rural population was hit particularly hard by this drug.
I also won't be surprised if it finds a receptive userbase in US cities.
Your attitude is typical of egocentric anarchistic coders with zero sense of social responsibility. Thankfully the majority of Western civilization believes and acts otherwise in relation to their fellow humans. Else we'd live entirely in a 'might makes right' society.
I hope your lack of a sense of professional responsibility extends to those professions upon which you rely, and that you do not expect them to act out of anything other than base mercenary motivations. And I hope you accept personal responsibility for all ill that comes your way in life. After all, it isn't anyone else's fault than your own that you don't have limitless resources and time to spend to prevent it.
...but not disclosing it to the vendor first and giving them a chance to release a fix is both unprofessional and irresponsible. Add in the fact that this is coming from a Google employee makes it inexcusable, and reflects poorly on Google. If I were his manager he would certainly receive a reprimand.
Check out www.virusbtn.com for their VB100 comparison of antivirus solutions. Avira free comes out ahead of the majority of the best known commercial offerings.
One might think that the jurisdiction is that in which the damage occurred. i.e. if the servers were in the US, that is where it lies. This is simply an international attack, the same as mailing a bomb from one country to the next.
There is a far too prevalent belief or ethic amongst the techno-educated from the former Soviet republics that it is their right to take advantage of whoever is 'stupid' enough to be vulnerable to their skills. This needs to come to an end. The Internet is not the cyber wild west. I am not saying that the US should be the marshal, let Interpol do it, or whoever. It just needs to be done.
Slashdot Mirror
EA's upset that these guys are illegally distributing the binaries. Why not distribute a tool that patches the binaries? Wouldn't this be legal?
Create regulations that provide for large fines. Companies rarely care about anything unless it costs them money.
Why? Every time a Federal law is passed that conservatives don't like they trot out the "States' Rights" flag and wave it around using the defintion of States' Rights to be the idea that local people are better able to govern themselves than some remote beast of a government in D.C. The same principle should hold true at the state level vs. counties and municipalities. Austin is a drop of Liberal society in a sea of rednecks and is surely better able to govern itself than a bunch of hicks representing other areas. What's good for the goose, etc.etc.
/. cut off (shortened) my title without any indication while writing it. It was:
But. But. But I thought conservatives LOVE/cherish local control.
I wish one could edit posts as can be done in other comment systems.
Oh. I see. They only love it when the Federal Government is instituting something they disagree with. Then it's all "States' rights!" and "Founding fathers!" But when it comes to conservatives imposing their will, they don't give a shit about the will of local political majorities.
How convenient for them.
Bush jr. caused a lot of damage (and debt) with the useless second war in Iraq that we'll be suffering with for decades to come. You can draw a straight line from the second war in Iraq to ISIS. However, I think Trump will make us pine for the "good old days" of Bush jr.
After moving to the Midwest I couldn't find soda. I'd go to my local grocery store or Wal-Mart and ask for "soda" and people would look at me confusedly and say they don't carry it. So, I had to switch to 'pop.'
I agree about the learning. (Insert favorite quote here re: perils of not learning history) I just don't see this as being particularly apropos. Posting irrelevant tidbits dilutes Slashdot's value as "News for Nerds."
I purchased a Toshiba Satellite laptop with WFW 3.11 in early '95 that I upgraded to Win 95 in September of that year. I pulled it out of the closet three years ago and it still boots up with the clean install I put on it when I moved on to newer hardware.
Ah, the bad old days of .dll conflicts, memory managers, point drivers for PCMCIA cards, and coax. I don't miss any of it.
The policy of escorting employees off the property is SOP nowadays due to HR's fear of vindictive ex-employees causing havoc/damage to the company. Sure it is somewhat humiliating, especially if you've been employed for a long time and put alot of yourself into the organization. However, I understand the reasoning. And while I haven't had this happen to me exactly, I have had my admin privileges revoked when I was laid off. Sure it pissed me off at the time, especially as I'd been there for a long time and people should have known better than fear my retaliation. But, had I been vindictive, I could have caused a great deal of damage and idled a large number of people given a couple of minutes continued admin access to the systems, so I understand the reasoning and the necessity.
OK, it's a pet peeve, but I hate it when people use "fired" for people let go through no fault of their own. One gets "fired" for fucking up, one is "laid off" due to someone else fucking up.
If you have physical access to the machine, it doesn't matter. You can rewrite the BIOS. And then, yes, it is an advantage to malware authors if there's only a couple of kinds of BIOS, because their malware only has to support those kinds. So yes, reuse of code becomes a "problem" for the rest of us if viewed from that perspective. It's not clear though that life would be any better for users overall if there were more kinds of BIOS. As bad as Phoenix, Award et al can be at making BIOS that works, I shudder when I imagine vendors rolling their own. I'll live with the disease, thanks.
Yeah, I agree with with regards to the physical access vector. I have a background doing IT in a DOD TS/SCI environment for three years and a TS environment for eight with DOE. Our (those of use who knew what we were doing) had the philosophy that if you had physical access to a system then you could pwn it. AT DOE it wasn't our duty to design systems with any consideration of the "insider threat" unless it was for the use of FORNATs. Systems for US use relied mostly upon personnel and site physical security.
I do disagree that a greater number of targets being more burdensome for the black hats outweighs the security benefits of supporting a smaller code base. The former is merely supposed security through obscurity. A basic rule of thumb of security is to minimize the attack surface. One of the primary strategies to accomplish this with regard to information security in a software environment is to reduce the amount of code running.
Manufacturers/vendors don't write their own BIOSs; they license them from the likes of Phoenix Technologies and Insyde. These licensors don't write a completely new BIOS and bits for each licensee, let alone for each motherboard and their variants. As such, of course there is code reuse. Imagine the probable security issues there would be if each Vendor, let alone motherboard, received a BIOS that was written from scratch. QA would be a nightmare, as would the security of the code.
The problem isn't the reuse of code. The problem is that the code that was reused had security vulnerabilities.
The text of the article refers to follow-up visits and adjustments to the device, presumably including the ability to enable/ disable the device.
Here's a link http://www.fda.gov/NewsEvents/... to an announcement for an obesity treatment that modifies the signals of the Vagus nerve via a surgically implanted device. The study implanted the device into two groups of patients, but was only actually activated for one group, though both groups thought it was for both. I'd say that was the use of the placebo effect via surgery.
Three months is long enough to produce a code monkey, not a software developer, let alone a computer scientist. I venture the result of such a regimen would be someone who is ready for an apprenticeship, not produce anything on their own.
The OA uses the term "Linux backdoor," but then goes on to describe it as a add-in kernel module. It's not a backdoor, but rather a rogue kernel module someone has written. The module in question, ipt_ip_udp, isn't part of the Linux kernel. It's merely a module some black hat wrote to provide remote access to an already compromised system. This is just FUD and self-promotion by NCC Group to make what they found sound much more important than it really was, no doubt to increase their client base. What crap.
To sum up, it isn't a Linux back door and it isn't a vulnerability in the Linux kernel source code. It's merely a rootkit.
So, they introduced a backdoor into software that can be/is used to secure US nuclear secrets, in the hopes only they would be able to take advantage of it? This is just another variant of "security through obscurity." Really, really fucking stupid!
Niven's Law: "There is a technical, literary term for those who mistake the opinions and beliefs of characters in a novel for those of the author. The term is "idiot."
I have seen no evidence that Heinlein believed that the idea of Citizenship in ST should be realized. If you can cite some credible, non-fiction source where Heinlein advocates the realization of the governmental form for found in ST, I would be most interested. I believe Heinlein was a strong believer in one realizing the existence of, and paying one's debts to society, and nothing more.
Secondly, you err in your statement re: ST "That only those who serve in the military and commit violence...." Full-Citizenship afforded one the opportunity to vote, hold elected office, and teach the high school History and Moral Philosophy course. Obtaining this required NATIONAL SERVICE of some sort, the form of which was based upon the needs of society and the aptitude and skills of the individual in question. There was ABSOLUTELY NO requirement that one serve in the military nor participate in some form of violence (war?) in the name of their country. You are incorrectly trying to tie the requirement of jingoistic beliefs with citizenship requirements in Starship Troopers. Perhaps you should go back and read it again.
Thirdly, the article is about the MOVIE by Paul Verhoeven, not Heinlein novel. The movie does indeed poke fun at jingoistic ideals, portrays a fascist government, etc. whose military intelligence service wears SS-like uniforms, has a national news service that uses heavy-handed propaganda techniques. I had not read any of the critiques of the movie upon its release, and am surprised that these obvious themes and messages weren't remarked upon.
I guess by my 'nick you can guess I'm a bit of a Heinlein fan. :-)
Life in Russia sucks, and it doesn't surprise me at all that this was developed there and gained such widespread use. I bet the rural population was hit particularly hard by this drug.
I also won't be surprised if it finds a receptive userbase in US cities.
Your attitude is typical of egocentric anarchistic coders with zero sense of social responsibility. Thankfully the majority of Western civilization believes and acts otherwise in relation to their fellow humans. Else we'd live entirely in a 'might makes right' society.
I hope your lack of a sense of professional responsibility extends to those professions upon which you rely, and that you do not expect them to act out of anything other than base mercenary motivations. And I hope you accept personal responsibility for all ill that comes your way in life. After all, it isn't anyone else's fault than your own that you don't have limitless resources and time to spend to prevent it.
...but not disclosing it to the vendor first and giving them a chance to release a fix is both unprofessional and irresponsible. Add in the fact that this is coming from a Google employee makes it inexcusable, and reflects poorly on Google. If I were his manager he would certainly receive a reprimand.
Aha! Russia has retaliated for our meteor strike over Chelyabinsk!! ;-)
In case you don't get the reference:
http://rt.com/politics/zhirinovsky-meteorite-american-weapon-316/
Check out www.virusbtn.com for their VB100 comparison of antivirus solutions. Avira free comes out ahead of the majority of the best known commercial offerings.
One might think that the jurisdiction is that in which the damage occurred. i.e. if the servers were in the US, that is where it lies. This is simply an international attack, the same as mailing a bomb from one country to the next.
There is a far too prevalent belief or ethic amongst the techno-educated from the former Soviet republics that it is their right to take advantage of whoever is 'stupid' enough to be vulnerable to their skills. This needs to come to an end. The Internet is not the cyber wild west. I am not saying that the US should be the marshal, let Interpol do it, or whoever. It just needs to be done.