Yep, not ideal. But it'll be interesting to see whether MS's claims of having a faster response time to security incidents that the Linux community stands up.
Have you seen what happens to people who report security issues to MS? Follow the full-disclosure and bugtraq lists sometime; you will be astounded. MS repeatedly ignores reports until there is an exploit. They have gone so far as to lock hotmail accounts of people reporting issues.
They have repeatedly demonstrated a knee jerk reaction to deny problems until they're public, at which point they announce that they've been working been on it all along.
Honestly, with their resources, they could give Linux a serious run on patch speed, but only if they change their mindset first.
At what point will the government and public at large decide that "enough is enough?" Do people have to die before someone takes this seriously?
Day after day, example after example, the world is inundated with successful attacks.
We can say, "Well, people are stupid... They should know not to click on attachments," The reality is though, that "1 in 7" users have problems with the power button.
There is no future security in blaming the end user. It's high time that we look at the systems that allow this type of invasion, replace where necessary, and train the users accordingly.
The talk of cost becomes irrelevant when recovery costs are totalled. Just wait for the first wrongful death suit revolving around an insecure system failure.
If we insist that users are accountable, we must also demand that the corporate citizens are accountable.
Unless you are posting to slashdot using your original IBM PC and a 300 baud Hayes modem you are a hypocrite.
Reverse Engineering has brought you most everything you use in your life, from your television to your sneakers.
Since reverse engineering is legal, neither criminal or civil penalties apply.
Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".
Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.
If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.
When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?
The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.
I absolutely refuse to delay any deployment of Linux.
By submitting to the FUD, we have allowed the terrorists to win.
I, for one, will not surrender, will not buckle to extortion, and will never concede to SCO, or any other company that thinks they can control what I put on my servers, through litigation.
As far as I know, there has been no legal action on the part of SCO against any user or corporation that employs Linux. All they have done is threaten.
How much did they pay you, Gardner? Did they threaten you too?
There is a parallel here; Most large corporations heve given up on the virus war, and have implemented "Virus Management" strategies.
They have basically said, "Ok, we can't keep them out,so we'll just let them in a little bit."
So now we're doing the same thing on the security front. I must admit, I'm not all that surprised.
The cynic in me says, "That's what you get for outsourcing all those tech jobs."
I understand your point, but do not concede that it is inevitible.
The concept of a vigilante mob, does not dovetail with an organized House UnNetizen Activites Committee, btw.
In this case, it appears that we may have found a tool that works to fix one particular problem. If so, I see no reason to cease employing it.
Blacklisting is ineffective; there are more open relays springing up every day than can be kept up with. Even so, with the concept of blacklists, the bandwidth is still wasted. A better solution is required, further up the chain.
Remember, this started on an anti-spam list. There is no other purpose for the existence of this list. When the problem goes away, so does the list.
There are, and always will be, other projects, (or windmills to tilt, if you prefer:) ), for which technical prowess is required. That does not indicate an escalation of power or abuse thereof, but merely a linear approach to solving problems.
At best this will result in a reduction of spam that's too small to measure.
It only takes one snowflake to start an avalanche.
Visualize this:
One man decides he has had enough, and pursues this spammer with all the tools at his disposal, including posting an article on Slashdot. Now, consider that the vast majority of/.'rs have also had enough, and quite a few decide that this is a good method of pulling the bugs out from under the rocks.
At this point, the grassroot movement starts, and the spammers start scrambling for other rocks. As momentum grows, the word about this methodology reaches more and more people, who likewise have had enough. Eventually, by starting with this one snowflake, spam can become an abberation, instead of the norm.
So why should anybody care?
Because there is hope, and apathy/acceptance gives them the victory. I'd rather take them out of the game, myself.
Now all I need is open source drivers for the 54g PCI and PCMCIA.
I use one of these access points; my first network nmap after installing it was disconcerting. I had thought that someone was war driving, when I found the 2.4.5 -O.
The last thing I expected to find was a Linux kernel.
At least they had the __________ to step up and honor the GPL.
Scanning scripts exist everywhere, but this isn't one of them. This is a repository for known vulnerabilities, which will serve admins far more than kiddies.
I can quickly check the db for issues on any proposed software, etc....
Slashdot Mirror
There are prepatched 2.6.0 installers here.
Minion is working fast towards a resolution, but it still looks like the drivers are below existing 4496 performance levels.
Yep, not ideal. But it'll be interesting to see whether MS's claims of having a faster response time to security incidents that the Linux community stands up.
Have you seen what happens to people who report security issues to MS? Follow the full-disclosure and bugtraq lists sometime; you will be astounded. MS repeatedly ignores reports until there is an exploit. They have gone so far as to lock hotmail accounts of people reporting issues.
They have repeatedly demonstrated a knee jerk reaction to deny problems until they're public, at which point they announce that they've been working been on it all along.
Honestly, with their resources, they could give Linux a serious run on patch speed, but only if they change their mindset first.
At what point will the government and public at large decide that "enough is enough?" Do people have to die before someone takes this seriously?
Day after day, example after example, the world is inundated with successful attacks.
We can say, "Well, people are stupid... They should know not to click on attachments," The reality is though, that "1 in 7" users have problems with the power button.
There is no future security in blaming the end user. It's high time that we look at the systems that allow this type of invasion, replace where necessary, and train the users accordingly.
The talk of cost becomes irrelevant when recovery costs are totalled. Just wait for the first wrongful death suit revolving around an insecure system failure.
If we insist that users are accountable, we must also demand that the corporate citizens are accountable.
I hope you get sued and you go to jail.
Unless you are posting to slashdot using your original IBM PC and a 300 baud Hayes modem you are a hypocrite.
Reverse Engineering has brought you most everything you use in your life, from your television to your sneakers.
Since reverse engineering is legal, neither criminal or civil penalties apply.
BTW, being sued does not lead to incarceration.
Public institutions like Indiana University have to be sensitive to the First Amendment rights of the spammers.
First Amendment rights do not apply to spam. First, let's look at just the communication aspect of it. Spam is not directed at an individual per se, but at a list of millions of people. The fact is, though, that individuals DO receive it personally. It is in their face, staring at them from their mailbox. This is not a soapbox preacher that you can just walk away from; we are forced to deal with it on a personal level, at our own expense. The First Amendment guarantees "Free Speech", not a "forced audience".
Now, let's look at the content side of spam. It has been determined repeatedly that the First Amendment is not protection for unproven claims, scams, or lack of "truth in advertising". Companies and individuals who have parlayed these things into First Amendment cases have invariably lost.
If a person or company wishes to advertise to me, they may do so. Advertising, historically, is at the expense of the company, not the consumer.
When I get spam from an open relay, with forged headers, bad return info, and base64 encoded, exactly how much do they think I'm going to spend on their product? Exactly how seriously do they think I'll take them?
The answer is: I take them very seriously indeed. Not for any reason that they hope for, however. I CAN and WILL pursue them, catch them, and put them under the brightest light that I can find.
Because, I am a spammerhunter.
I absolutely refuse to delay any deployment of Linux.
By submitting to the FUD, we have allowed the terrorists to win.
I, for one, will not surrender, will not buckle to extortion, and will never concede to SCO, or any other company that thinks they can control what I put on my servers, through litigation.
As far as I know, there has been no legal action on the part of SCO against any user or corporation that employs Linux. All they have done is threaten.
How much did they pay you, Gardner? Did they threaten you too?
We don't just delete spam, we delete spammers.
Let's see...
1....
2....
3...George! Watch out for that...(splat)...nevermind.
2.5
hdparm -c1 -d1 -u1 -a1 /dev/hda
Speaking of spammer wars, here's a place to engage the enemy: Spammerhunters.
They can run, but they cannot hide.
I have had many people call me in panic, because windows performed an "Illegal Operation". They were worried that they were in trouble.
I think that the parallel stands legitimately; this is a function of perception, not fact.
We are talking about users, after all.
Indeed they positively welcome intruders open arms and open legs
:)
You owe me a cup of coffee, a shirt, and a keyboard.
And to think that they just got the "Homeland Security" contract.
Actually, I don't see it the same way. That was basically the same type of wall, on different systems.
That was not so much tolerance, as it was the only protection, and it still applies, except for idiot admins who use the same password over and over.
This is more of an internal "protect the data stream" kind of thing.
I concur.
There is a parallel here; Most large corporations heve given up on the virus war, and have implemented "Virus Management" strategies.
They have basically said, "Ok, we can't keep them out,so we'll just let them in a little bit."
So now we're doing the same thing on the security front. I must admit, I'm not all that surprised.
The cynic in me says, "That's what you get for outsourcing all those tech jobs."
There are times, however, when we need to revisit the past, to get a better perception of the present.
The man had an incredible insight into the social development of mankind as a whole.
He was the fictional equivalent of Alvin Toffler, (i.e. Future Shock), and Desmond Morris, (i.e. The Naked Ape).
It never fails to amaze me how often we lose sight of our collective image. It's things like this that make me slow down, and look around.
I am SO confused. You have quite an imagination, or some really good chemistry skills. :)
You underestimate yourself, sir.
I, for one, am highly motivated by your example.
Thank you!
I understand your point, but do not concede that it is inevitible.
:) ), for which technical prowess is required. That does not indicate an escalation of power or abuse thereof, but merely a linear approach to solving problems.
The concept of a vigilante mob, does not dovetail with an organized House UnNetizen Activites Committee, btw.
In this case, it appears that we may have found a tool that works to fix one particular problem. If so, I see no reason to cease employing it.
Blacklisting is ineffective; there are more open relays springing up every day than can be kept up with. Even so, with the concept of blacklists, the bandwidth is still wasted. A better solution is required, further up the chain.
Remember, this started on an anti-spam list. There is no other purpose for the existence of this list. When the problem goes away, so does the list.
There are, and always will be, other projects, (or windmills to tilt, if you prefer
You have no idea how much joy you just gave me. Cheers, mate!
Consider my sleeves rolled up.
At best this will result in a reduction of spam that's too small to measure.
/.'rs have also had enough, and quite a few decide that this is a good method of pulling the bugs out from under the rocks.
It only takes one snowflake to start an avalanche.
Visualize this:
One man decides he has had enough, and pursues this spammer with all the tools at his disposal, including posting an article on Slashdot. Now, consider that the vast majority of
At this point, the grassroot movement starts, and the spammers start scrambling for other rocks. As momentum grows, the word about this methodology reaches more and more people, who likewise have had enough. Eventually, by starting with this one snowflake, spam can become an abberation, instead of the norm.
So why should anybody care?
Because there is hope, and apathy/acceptance gives them the victory. I'd rather take them out of the game, myself.
The very BEST treatise on the subject is here.
It would be great if the patent holder stopped at the 3, (excluding zeroth), laws of robotics.
First Law:
A robot may not injure a human being, or, through inaction, allow a human being to come to harm.
Second Law:
A robot must obey orders given it by human beings, except where such orders would conflict with the First Law.
Third Law:
A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
I'd bet my bottom dollar, though, that it'll turn out to be more like Murphy's new directive list in Robocop 2.
We live in a society where the "PC" crowd will pick at this until the other AI, (Artificial Insanity), is the result.
Now all I need is open source drivers for the 54g PCI and PCMCIA.
I use one of these access points; my first network nmap after installing it was disconcerting. I had thought that someone was war driving, when I found the 2.4.5 -O.
The last thing I expected to find was a Linux kernel.
At least they had the __________ to step up and honor the GPL.
Thanks for the supplemental info. It's good to know that my initial perception was closer to the mark.
I'm also grateful that you saw my comment as constructive criticism rather than a flame.
Neither was intended, it was meant merely as an observation; even so, kudos for separating the wheat from the chaff.
Apparantly so.
As a matter of fact, I found no data about fixes/patches whatsoever, or even what the vulnerabilities are. Just a damn script for exploit.
The site is junk; stuff broken everywhere, and pointed to the wrong pages.
Hmmmm.....
I suppose I'll have to throw myself on my own sword.
After digging through the "whisper" entries, it looks as if that is ALL it is... a repository for scripts.
My apologies. I did read the overview, but it doesn't coincide with the actual database.
This is disturbing.
This doesn't seem as bad as that...
Scanning scripts exist everywhere, but this isn't one of them. This is a repository for known vulnerabilities, which will serve admins far more than kiddies.
I can quickly check the db for issues on any proposed software, etc....
This is not another virlab.