I dont think we will ever have a fully secure box, these vulnerabilies will continue to pop up occassionally and there's nothing we (the developers) can do about that. It is just a testimony of the fact that we are imperfect beings and sooner or later we will have our errors exposed. It is not a bad thing, in the evolutionary way of dealing things, this (finding and sorting out bugs) could probably be a good thing. Having said that, I think developers do have control over how they respond to these problems, like coming up a problem that doesn't just band-aid the wound hoping to find a cure for in the future. Also developers have control over how fast they respond. On both criterias, open source peer reviewing is winner over closed sourced development. One tends to promote security through openness and and in the other security through obscurity like think MSFT( Read comments from a MSFT bigwig who said the only reason MSFT servers are compromised because the vulnerabilities are announced).
:By the way i suppose everyone is aware of the
fundraising campaign by :phk to be able to precisely work on vfs for>
FreeBSD-5 (please, i don't know :if mentioning this name here is kosher, don't
flame me...). By reading his:memo:http://people.freebsd.org/~phk/plan.html :i cannot refrain remarking some similarities between the work he wants to :engage into, and your own agenda on vfs. Isn't it appearing as some sort of :duplication of work in a domain where very unfortunately resources are :scarce?
: :-- :Michel Talon
I came across that but I really doubt that our visions are even
remotely similar. Our work is going to be based on our well tested
LWKT stuff. FreeBSD-5 does not have any LWKT stuff, or anything
remotely similar to it. It also strikes me odd that it should require
money for work to progress. I realize that there are potentially many
people who would like to work on open source to the exclusion of
their normal jobs, but the meager amounts of money that can be raised
by our projects does not come close to replacement income for even a
single person. Money also severely skews the governance structure,
creating pressures and consequences that can result in a failure of
the normal open source peer review process. In fact, I believe this is
precisely what has occured in the FreeBSD project, on multiple occassions,
in the last few years.
-Matt
Matthew Dillon
I am a vegan but not for the obvious reasons (which I find to be commendable as well). I was raised a buddhist, for a brief moment ate meat when I came to the US, didn't like it so now I am back to being a vegetarian again.
for MSFT to survive in the future will be open sourcing critical sections of the OS. I mean windows XP is a huge piece of software, the real cost is in maintaining it not necessarily production. Now imagine longhorn and how much it tries to accomplish. I dont see MSFT being able to afford it single handedly in the future. Especially if MSFT wants to position itself as a company that is selling a software that is not only ubiquitous but secure as well.
Microsoft Corp. officials on Thursday said the company is investigating the leak of a piece of code that is capable of generating activation keys for Windows Server 2003 and other enterprise products.
The tool, known as a key generator, can be used to produce the random alphanumeric keys that are needed to activate the software upon installation.
The arrival of the key generator was noted in a posting by Microsoft enthusiast site Neowin.net earlier in the week. However, the group withdrew the listing for an undisclosed reason.
More
Capitalism has it's pitfalls, you might count this as one of them. You can't really stop people from trying to sell you. Internet as we know is the commons, everybody 'ought' to have equal share of it, but in reality you can't ensure that, just like resources in real life. People will continue to abuse it, the only way to stop it might be stopping the usage of the resource, which in the very least isn't practical at all.
I bet it would have made it more relevant. Too bad the cities in utah didn't have the budget to fund it. But then again, I hope private sector has improvements in the offing. I am curious, what would be the biggest improvement on the next generation broadband connection other than connection speed?
Could be, I come from a country where we had a lot of violence over the years. When I immigrated to the US, I wish that was something that I'd completely left behind.
After seeing that video where a russian soldier gets beheaded, I have vowed not to watching videos like this anymore. If anything else, it desensitizes us about humanity. Sure lot of bad things happen in the world but that doesn't mean we need to watch it night and day. Some people seemed to be obsessed with watching these stuff almost to the level that they are addicted to it. Now that is pornographic.
I mean come on. You're talking about restricting our desires to promote what we have. It just goes against human nature. And getting angry because of spammers is overrated because how hard is it to use the 'delete' button?
I see acquisition in the offing. SUN tries to do a lot of things just like microsoft except without a clearcut vision on where they want to head. Look at Java, JDS, Linux offerings, Office software and virtually everything else. It is sad to see the innovations it has brought to the computing world pile up as wasted effort due to bad strategy.
For one, as a shareholder I vote to get rid of mcnealy and schwartz, both of them are showbabies without zero creativity.
with no direction. One moment they are advocating how big linux and OSS movement is, the next moment a backhand deal with MSFT. I wouldn't trust SUN too much.
So is it just a matter of more transistors = more power? I was thinking more in the lines of shortcoming of the x86 architecture, that makes it structurally inefficient. I am not trashing intel folks here, my prof told me that Intel probably had some of the best engineers in the world working on x86 stuff and the evolution of it has been nothing sort of remarkable.
shouldn't 64 bit architecture support 2^64 bits of ram. Why is the RAM only restricted to 8/16GB. Is the apple computer not a true 64 bit architecture?
I see this version supports upto 16GB of ram, does MacOS X support it too. Also the most highend model of apple can only support 8GB, so what is the point of having the OS support 16GB when you can't use it?
From their website:
Cool Features: Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY
Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
PPTP broker: you can perform man in the middle attack against PPTP tunnels
Plug-ins support : You can create your own plugin using the ettercap's API.
List of available plugins
Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
Paket filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter
Kill a connection: from the connections list you can kill all the connections you want
Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN
Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
Port Stealing: a new method to sniff on switched LAN without ARP poisoning...
http://ettercap.sourceforge.net/
Does anybody use this anymore? itunes and wma player are pretty good at what they do. winamp is a relic of the past, folk need to move on to something more modern.
Slashdot Mirror
It has a big learning curve, other than the tool is very handy.
I dont think we will ever have a fully secure box, these vulnerabilies will continue to pop up occassionally and there's nothing we (the developers) can do about that. It is just a testimony of the fact that we are imperfect beings and sooner or later we will have our errors exposed. It is not a bad thing, in the evolutionary way of dealing things, this (finding and sorting out bugs) could probably be a good thing. Having said that, I think developers do have control over how they respond to these problems, like coming up a problem that doesn't just band-aid the wound hoping to find a cure for in the future. Also developers have control over how fast they respond. On both criterias, open source peer reviewing is winner over closed sourced development. One tends to promote security through openness and and in the other security through obscurity like think MSFT( Read comments from a MSFT bigwig who said the only reason MSFT servers are compromised because the vulnerabilities are announced).
From dragonfly.kernel:
:By the way i suppose everyone is aware of the
fundraising campaign by
:phk to be able to precisely work on vfs for>
FreeBSD-5 (please, i don't know
:if mentioning this name here is kosher, don't
flame me ...). By reading his :memo :http://people.freebsd.org/~phk/plan.html
:i cannot refrain remarking some similarities between the work he wants to
:engage into, and your own agenda on vfs. Isn't it appearing as some sort of
:duplication of work in a domain where very unfortunately resources are
:scarce?
:
:--
:Michel Talon
I came across that but I really doubt that our visions are even remotely similar. Our work is going to be based on our well tested LWKT stuff. FreeBSD-5 does not have any LWKT stuff, or anything remotely similar to it. It also strikes me odd that it should require money for work to progress. I realize that there are potentially many people who would like to work on open source to the exclusion of their normal jobs, but the meager amounts of money that can be raised by our projects does not come close to replacement income for even a single person. Money also severely skews the governance structure, creating pressures and consequences that can result in a failure of the normal open source peer review process. In fact, I believe this is precisely what has occured in the FreeBSD project, on multiple occassions, in the last few years. -Matt Matthew Dillon
How does it work? Does the DVD contain information on where the inappropriate contents are? If so then, will it work on older DVDs as well?
Actually, spending 50 billion dollars to maintain the software probably wouldn't be a good financial decision.
I am a vegan but not for the obvious reasons (which I find to be commendable as well). I was raised a buddhist, for a brief moment ate meat when I came to the US, didn't like it so now I am back to being a vegetarian again.
for MSFT to survive in the future will be open sourcing critical sections of the OS. I mean windows XP is a huge piece of software, the real cost is in maintaining it not necessarily production. Now imagine longhorn and how much it tries to accomplish. I dont see MSFT being able to afford it single handedly in the future. Especially if MSFT wants to position itself as a company that is selling a software that is not only ubiquitous but secure as well.
Microsoft Readies for Software Bootleg Binge
Microsoft Corp. officials on Thursday said the company is investigating the leak of a piece of code that is capable of generating activation keys for Windows Server 2003 and other enterprise products. The tool, known as a key generator, can be used to produce the random alphanumeric keys that are needed to activate the software upon installation. The arrival of the key generator was noted in a posting by Microsoft enthusiast site Neowin.net earlier in the week. However, the group withdrew the listing for an undisclosed reason. More
Capitalism has it's pitfalls, you might count this as one of them. You can't really stop people from trying to sell you. Internet as we know is the commons, everybody 'ought' to have equal share of it, but in reality you can't ensure that, just like resources in real life. People will continue to abuse it, the only way to stop it might be stopping the usage of the resource, which in the very least isn't practical at all.
I bet it would have made it more relevant. Too bad the cities in utah didn't have the budget to fund it. But then again, I hope private sector has improvements in the offing. I am curious, what would be the biggest improvement on the next generation broadband connection other than connection speed?
Could be, I come from a country where we had a lot of violence over the years. When I immigrated to the US, I wish that was something that I'd completely left behind.
After seeing that video where a russian soldier gets beheaded, I have vowed not to watching videos like this anymore. If anything else, it desensitizes us about humanity. Sure lot of bad things happen in the world but that doesn't mean we need to watch it night and day. Some people seemed to be obsessed with watching these stuff almost to the level that they are addicted to it. Now that is pornographic.
I mean come on. You're talking about restricting our desires to promote what we have. It just goes against human nature. And getting angry because of spammers is overrated because how hard is it to use the 'delete' button?
I see acquisition in the offing. SUN tries to do a lot of things just like microsoft except without a clearcut vision on where they want to head. Look at Java, JDS, Linux offerings, Office software and virtually everything else. It is sad to see the innovations it has brought to the computing world pile up as wasted effort due to bad strategy. For one, as a shareholder I vote to get rid of mcnealy and schwartz, both of them are showbabies without zero creativity.
with no direction. One moment they are advocating how big linux and OSS movement is, the next moment a backhand deal with MSFT. I wouldn't trust SUN too much.
Sorry, yes that's the one.
didn't the first one clock mach 7 (7 times the speed of sound? Or am I talking about the some other vehicle?
and it costs 79 cents for a single song.
So is it just a matter of more transistors = more power? I was thinking more in the lines of shortcoming of the x86 architecture, that makes it structurally inefficient. I am not trashing intel folks here, my prof told me that Intel probably had some of the best engineers in the world working on x86 stuff and the evolution of it has been nothing sort of remarkable.
Why does x86 processors consume so much power? What is it about other processors like powerpc and transmeta that makes it more energy friendly?
shouldn't 64 bit architecture support 2^64 bits of ram. Why is the RAM only restricted to 8/16GB. Is the apple computer not a true 64 bit architecture?
I see this version supports upto 16GB of ram, does MacOS X support it too. Also the most highend model of apple can only support 8GB, so what is the point of having the OS support 16GB when you can't use it?
From their website:
Cool Features: Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!
SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX
HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY
Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it
PPTP broker: you can perform man in the middle attack against PPTP tunnels
Plug-ins support : You can create your own plugin using the ettercap's API. List of available plugins
Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)
Paket filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.
OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter
Kill a connection: from the connections list you can kill all the connections you want
Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.
Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN
Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)
Port Stealing: a new method to sniff on switched LAN without ARP poisoning...
http://ettercap.sourceforge.net/
But the ability to play from other people's computers seems pretty nice. I like itunes, it has a very sane interface.
Does anybody use this anymore? itunes and wma player are pretty good at what they do. winamp is a relic of the past, folk need to move on to something more modern.