More seriously, wouldn't it be more interesting to have a CAD/software model of the system. By trying it out in a simulation, generations to come might learn a trick or two about engineering, thus, thinking better.
A joyous effort however.
OT: Postscript printing in Java? UML drawing app?
on
Swing
·
· Score: 1
I assume there is a way to produce PS in Java. Which?
I want (to find or make) an UMl drawing app in Java... Where?
1. Build a light secondary image (say, separate iopener.net) for the hackers and accept them as clients as well. Either sell a secondary set - open with specs for extending [some of] both software and software - with a higher price, or other kind of bundled goodies that fit the needs of this client group. Collect and publish the hacks and use what you want for your future products.
Yes. I would love to produce client apps with it rather than any other script language. Then again, we/do/ have applets. Perl just would be more free software and less proprietary quirks. Still, Iå'm afraid it would behave differently on different OSes.
Moreover, security restrictions like blocking access to file system, most sockets etc. would be required.
3) If people who wrote web pages for a living knew perl, there would be better web pages.
If people knew how to program, we would be out of jobs. Nobody knows everything, and Perl is - due to its heritage (can you hate awk?) - a difficult language to learn.
4) Items 1-3 are the posters opinions.
So why did you post them? if you submit something, it should be no less than the absolute, objective truth... er... sure?
Well, perhaps that's better, though, since you are guaranteed death, and a quick one. Better than being paralyzed for life, which is what often happens in a car accident
Please enlighten me, is this called positive or negative thinking?^)
I'll include this stuff too into an exoskeleton short story I'm working on - anyone in USA willing to host it for/. readers? I'd hate to pay the international traffic cost...
I've been sitting here behind a 700kbps line for two years now. I love it and I hate it. Half of the company I work in does this, but I'm one of the most home-staying ones. Recently they bought me a laptop to use on way to work, to see me more often, but it doesn't have wireless net yet, so here I sit in my pile^H^H^H^Hpit.
Expect your phase to get even worse messed up. Expect a new kind of freedom (no clothes at work!) and a new kind of slavery - at home.
Request a perfect line. "512kbps should be enough."
If you're outgoing, social, don't do it. Unless people like you so much they come over, giving you natural breaks.
It's a stretch of sanity, both physical and mental:), but worth it if you really want it.
Maybe I should come back when I've thought a bit better what to say. Nevertheless, I take my situation as an interesting experiment. It is not actually a well-established way of working, so... You'll be on your own, after all, finding out your own way of doing it, I guess.
so as a normal user I dont have the right to run a program[?]
Wrong. Only suid-exec would be restricted to read-only, single-mode -modifiable partitions.
1. You don't need root for a virus to spread
True indeed. However, you can limit the ports, devices and other resources that user-space programs can control, thus limiting the effectiveness (autospreadability) of programs such as the DDoS servers.
If your distributor gets a virus and compiles a binary release, you have a virus on lots of machines.
True. This is the original C-compiler trust problem, to which there is no cure. Total security is impossible, but assumed a distribution is secure, better security is much more achievable than is the case now with most distros.
It is an arms race.
You are right - and text above is my contribution to it:) These are ways to enhance security, cutting virii spreadage, not any final salvation:)
On the "research or not-research" part you contradict yourself, but I agree with what I read as your general idea. Security development must be open.
Base level security is a must, but not at the expense of usage.
Yes. A power user would most likely explicitly disable the security restrictions that bother him/her. My point is about distributions getting made secure by default because users are too lazy/dummy to handle it, so we'd be able to route around the weakest link in security - the uncaring user.
What the heck, my boxes are full of holes. Kind of proves the point. If the installed distributions were secure, the holes would be far and few.
I do sound like a Nazi here, but we might really avoid DDoS and disk-wipage if world ever were made like this.
DDoS has proved a few points:
everyone who controls a computer is in effect a sysadmin of that computer
ethical responsibility of a sysadmin is to ensure it cannot be compromised to be used as a weapon (ie. platform for further attacks/virii)
everyone (1) is not able to be a good sysadmin (2)
thus, distributions need to be secure by default (RedHat!major paradigm shift required!)
there will always be buffer overflows or comparable ways to gain root on a running system
thus, security must focus on disabling root from further compromising of a running system. (an on-site boot to single-user mode could still be used for unlimited maintenance.)
Security updates must by default for dummy/lazy sysadmins be executed automatically from a trusted source.
Systems must be made automatically proactive in tracking security compromises (even attempted) and reporting them efficiently.
Physically read-only disk drives
All suid-exec capable disks should be impossible to write on (except in single-user mode)
Specs how to cut your IDE cable to make an IDE drive physically read-only have to be spread (is this possible? Please show us how!)
mount (and/or VFS?) should come as a version that allows only
suidexec from physically read-only drives
default (/etc/fstab specified) mounts except in runlevel 1 for maintenance.
init: runlevel 1 should only be accessible through local boot, not by dropping into it.
to maintain remote systems, root can
prepare a maintenance script
call techsupport to reboot single, execute maintenance, that reboots back to production
/proc access denial
access to resources such as kernel memory is a definite security risk
ipchains must be restrictive by default
Reject all unnecessary traffic
Track port scans and known attacks
Be smart about DoS/spoofing and drop obvious attack traffic in routers/gateways/firewalls
*BSD should be preferred for servers
Linux is great (power user) desktop system
OpenBSD comes with OpenSSH, crypted fs, etc
An uncompromised server can be used as an authoritative source for rebuilding compromised clients.
In short: Desktop-style virus inspection is inferior to a system built to be secure. System administrators/developers must be wise. No standard software can patch sloppy systems.
Above all: Distribution builders must take the responsibility of security of the systems installed from a distribution. End-users can not be trusted. They should work their way around security restriction if they need; not vice versa.
Share? Hate? Especially distribution builders, please respond!
"look you bastards, I got a degree in physics, I'm not an idiot and I know how to RTFM!"
You wouldn't be that badly off with that, I guess - you'd end up with an employer with a wider view.
Even seriously, I'd hire an RTFM person over any MSCE or RHSE. It's a different level of capability to be able to say "I'll read the man page and do it" than "sorry, I can't do it because I haven't done it before".
I myself can't even claim having any official degree, yet people keep asking me over. But that's just the current market.
Obviously this kind of activity (remember Norway) can take place anywhere on the globe, pressed by interested parties big enough. So if you run any kind of a minuscular server (web/mail/etc) anywhere, in order to secure your information against theft by bigger players, make deals with at least two equal partners to replicate all your information and services to prevent total DoS by natural disasters or governmental intervention.
C'mon, it's just a month, and you're travelling through half the world or whatever. Use your time in the meatspace for a change.
Then again, who am I to blame; a month in Istanbul with maybe three computerless days all in all. I happened to stay above a nice cybercafe:)
Seriously, I'd count on the cafe's for web access and leave everything else. Maybe meet some geeks along the way, now that your question made it to slashdot:)
It would seem to me to take some work on top of what was released to be able to attack the server CPU market.
I"d love to see these happen in next five years:
- Code Morpher for Alpha, PPC,... - Code Morpher to recognize the instruction set of a binary - "optimization practically finalized for this piece of code" bit - a TM CPU bus for several chips to share the same translation cache (how necessary is this actually?) - communication interface for operating systems - ability to save final VLIW version of code beside the original binaries
Those would in essence offer the ability to turn a system eventually to VLIW binaries without actually putting any effort to it.
Once TM has covered its development investment:
- Open Source the Code Morpher -> worldwide development of support for - any chips - integration with high-level compilers.
"No stop signs! No speed limits!" - AC/DC: Hghway to Hell
Social Democracy is a middle path that tries to ensure both capitalistic freedom and social security for individuals. Those being, freedom to the limit of hurting other participants/outsiders - so the state/people (in democracy, largely associated) wields power over any participant, including corporations, security as not being cast out of society to the level of starvage or homelessness. You are encouraged to work/form your own life, but not left alone in despair in case it some time just won't work out.
Mentioned countries really do function with such a system and are wealthy. Not to talk about the level of education among the citizen, boosting in turn such successes as Linus' work and Nokia.
It'll render all current crypto-systems (save for know-if-they're-eavesdropping systems like Quantum Crypto, which isn't really encryption, exactly) obsolete.
I just don't get how it could render one-time pads obsolete. Not that they'd be really useful, but the outcome is essentially 'real random noise'. You'd have to test against guesses based on the nature of the pad generator used.
if(/It's been (\w+) lately/ && ($1 eq 'quiet') && ! -f '/var/log/festival.pid' ) { say("Your really should redownload that festival"); say("Remember, when the pipe from irc to the speech synthesizer brought all those voices to your room?"); say("It sure was scary, but you were relieved in the long run, "); say("weren't you?"); }
Any natural disaster big enough, like the current series of earthqueakes in Turkiye, can make your whole physical location just disappear in a cloud of dust.
With either good friends or severe costs, you'll be able to replicate the whole service on a server on another continent, ready to jump into action in the worst case. The DNS will take a while to update:I
Different realistic solutions have seemingly been covered enough so far, so I'll stretch a bit further for some food for thought. Please, forget for a moment that limits exist for implementability;/
Ultimately an individual human should be identifiable as is, without a key list printed on paper/plastic card, but not just a single password either. Also, the flesh-carried challenges should be one-use and of unlimited supply.
We do carry an extreme neural computing device on each of our shoulders, expandable to a few "animal" species (gorillas come to mind). If such an analog "computer"s likely responses to a set of questionnaire could be simulated by digital machinery, and if that set of challenge key-value (question-answer) results could be trusted upon to be static.yet of near-infinite [sic] supply, an unique challenge could be presented to a human as a simple question, to which it could answer with an appropriate key. You'd probably have to allow a few failures each time though;)
The keys could be logical questions about changing subjects, that touch areas of the individual's thinking known and trusted (unconscious?) to the challenger. No birth dates or such crap; rather "Does a mother have the right to shout at your little sister of age 9, if the latter behaves maliciously?". Answers could be of forms like "depends on what the shouting is for." Areas of thought where the answer is formed should be just that: based on little changing patterns related to clear concepts (family, rights, simple behavior) that can be mapped by a series of questions, yet which are individual enough to personalize us... uuh, serious oversimplifying. Well, think about it if you will. What makes one individe?
Slashdot Mirror
A beowulf of these!
(sorry! I had to!)
More seriously, wouldn't it be more interesting to have a CAD/software model of the system. By trying it out in a simulation, generations to come might learn a trick or two about engineering, thus, thinking better.
A joyous effort however.
I assume there is a way to produce PS in Java. Which?
I want (to find or make) an UMl drawing app in Java... Where?
Sorry for OT.
[nothing new here, really?]
1. Build a light secondary image (say, separate iopener.net) for the hackers and accept them as clients as well. Either sell a secondary set - open with specs for extending [some of] both software and software - with a higher price, or other kind of bundled goodies that fit the needs of this client group. Collect and publish the hacks and use what you want for your future products.
2. sell them here in Finland, too
1) OO is overrated.
/do/ have applets. Perl just would be more free software and less proprietary quirks. Still, Iå'm afraid it would behave differently on different OSes.
No. Hype sucks, but OO is required.
2) Perl is powerful.
Yes. I would love to produce client apps with it rather than any other script language. Then again, we
Moreover, security restrictions like blocking access to file system, most sockets etc. would be required.
3) If people who wrote web pages for a living knew perl, there would be better web pages.
If people knew how to program, we would be out of jobs. Nobody knows everything, and Perl is - due to its heritage (can you hate awk?) - a difficult language to learn.
4) Items 1-3 are the posters opinions.
So why did you post them? if you submit something, it should be no less than the absolute, objective truth... er... sure?
Well, perhaps that's better, though, since you are guaranteed death, and a quick one. Better than being paralyzed for life, which is what often happens in a car accident
Please enlighten me, is this called positive or negative thinking?^)
Easiest place, except for scyscrapers
I'll include this stuff too into an exoskeleton short story I'm working on - anyone in USA willing to host it for
Traffic queues in the air...
If crashing drunk drivers aren't enough for you, try in at 60 mph at 500 feet above ground
First Flight!
I stay in daily contact with my work pals through internal IRC. Not to mention the occasional cracks into each others' home computers
Yes it is important to go out with the people, it's just a bit tough to organize something that would be fun for everybody.
I've been sitting here behind a 700kbps line for two years now. I love it and I hate it. Half of the company I work in does this, but I'm one of the most home-staying ones. Recently they bought me a laptop to use on way to work, to see me more often, but it doesn't have wireless net yet, so here I sit in my pile^H^H^H^Hpit.
Expect your phase to get even worse messed up. Expect a new kind of freedom (no clothes at work!) and a new kind of slavery - at home.
Request a perfect line. "512kbps should be enough."
If you're outgoing, social, don't do it. Unless people like you so much they come over, giving you natural breaks.
It's a stretch of sanity, both physical and mental
Maybe I should come back when I've thought a bit better what to say. Nevertheless, I take my situation as an interesting experiment. It is not actually a well-established way of working, so... You'll be on your own, after all, finding out your own way of doing it, I guess.
Homp: to honk in a symphatetic way, as in shortly honking the horn of your car to greet neighbors 8 AM.
Hompage: a rapid series of homps. Also, equivalent effect in other methods of communication, such as written WWW pages.
aaagh, They made me do it...
so as a normal user I dont have the right to run a program[?]
:) These are ways to enhance security, cutting virii spreadage, not any final salvation :)
Wrong. Only suid-exec would be restricted to read-only, single-mode -modifiable partitions.
1. You don't need root for a virus to spread
True indeed. However, you can limit the ports, devices and other resources that user-space programs can control, thus limiting the effectiveness (autospreadability) of programs such as the DDoS servers.
If your distributor gets a virus and compiles a binary release, you have a virus on lots of machines.
True. This is the original C-compiler trust problem, to which there is no cure. Total security is impossible, but assumed a distribution is secure, better security is much more achievable than is the case now with most distros.
It is an arms race.
You are right - and text above is my contribution to it
On the "research or not-research" part you contradict yourself, but I agree with what I read as your general idea. Security development must be open.
Base level security is a must, but not at the expense of usage.
Yes. A power user would most likely explicitly disable the security restrictions that bother him/her. My point is about distributions getting made secure by default because users are too lazy/dummy to handle it, so we'd be able to route around the weakest link in security - the uncaring user.
What the heck, my boxes are full of holes. Kind of proves the point. If the installed distributions were secure, the holes would be far and few.
I do sound like a Nazi here, but we might really avoid DDoS and disk-wipage if world ever were made like this.
In short: Desktop-style virus inspection is inferior to a system built to be secure. System administrators/developers must be wise. No standard software can patch sloppy systems.
Above all: Distribution builders must take the responsibility of security of the systems installed from a distribution. End-users can not be trusted. They should work their way around security restriction if they need; not vice versa.
Share? Hate? Especially distribution builders, please respond!
"look you bastards, I got a degree in physics, I'm not an idiot and I know how to RTFM!"
You wouldn't be that badly off with that, I guess - you'd end up with an employer with a wider view.
Even seriously, I'd hire an RTFM person over any MSCE or RHSE. It's a different level of capability to be able to say "I'll read the man page and do it" than "sorry, I can't do it because I haven't done it before".
I myself can't even claim having any official degree, yet people keep asking me over. But that's just the current market.
make deals with at least two equal partners
+ as widely distributed as possible, both geologically and governmentally
Almost missed half of my point.
Obviously this kind of activity (remember Norway) can take place anywhere on the globe, pressed by interested parties big enough. So if you run any kind of a minuscular server (web/mail/etc) anywhere, in order to secure your information against theft by bigger players, make deals with at least two equal partners to replicate all your information and services to prevent total DoS by natural disasters or governmental intervention.
Just 2% of my administrative paranoia.
C'mon, it's just a month, and you're travelling through half the world or whatever. Use your time in the meatspace for a change.
Then again, who am I to blame; a month in Istanbul with maybe three computerless days all in all. I happened to stay above a nice cybercafe
Seriously, I'd count on the cafe's for web access and leave everything else. Maybe meet some geeks along the way, now that your question made it to slashdot
'Nuff said.
It would seem to me to take some work on top of what was released to be able to attack the server CPU market.
...
I"d love to see these happen in next five years:
- Code Morpher for Alpha, PPC,
- Code Morpher to recognize the instruction set of a binary
- "optimization practically finalized for this piece of code" bit
- a TM CPU bus for several chips to share the same translation cache
(how necessary is this actually?)
- communication interface for operating systems
- ability to save final VLIW version of code beside the original binaries
Those would in essence offer the ability to turn a system eventually to VLIW binaries without actually putting any effort to it.
Once TM has covered its development investment:
- Open Source the Code Morpher
-> worldwide development of support for
- any chips
- integration with high-level compilers.
"No stop signs! No speed limits!" - AC/DC: Hghway to Hell
Social Democracy is a middle path that tries to ensure both capitalistic freedom and social security for individuals. Those being, freedom to the limit of hurting other participants/outsiders - so the state/people (in democracy, largely associated) wields power over any participant, including corporations, security as not being cast out of society to the level of starvage or homelessness. You are encouraged to work/form your own life, but not left alone in despair in case it some time just won't work out.
Mentioned countries really do function with such a system and are wealthy. Not to talk about the level of education among the citizen, boosting in turn such successes as Linus' work and Nokia.
Thanks for pointing out the major point anyway.
I thought there was something humane in your
Psychology - now how do you prove anything there without showing how it can be done with a limited set of brain cells?^P
Not really
It'll render all current crypto-systems (save for know-if-they're-eavesdropping systems like Quantum Crypto, which isn't really encryption, exactly) obsolete.
I just don't get how it could render one-time pads obsolete. Not that they'd be really useful, but the outcome is essentially 'real random noise'. You'd have to test against guesses based on the nature of the pad generator used.
if(
say("Your really should redownload that festival");
say("Remember, when the pipe from irc to the speech synthesizer brought all those voices to your room?");
say("It sure was scary, but you were relieved in the long run, ");
say("weren't you?");
}
Any natural disaster big enough, like the current series of earthqueakes in Turkiye, can make your whole physical location just disappear in a cloud of dust.
With either good friends or severe costs, you'll be able to replicate the whole service on a server on another continent, ready to jump into action in the worst case. The DNS will take a while to update
Different realistic solutions have seemingly been covered enough so far, so I'll stretch a bit further for some food for thought. Please, forget for a moment that limits exist for implementability ;/
;)
Ultimately an individual human should be identifiable as is, without a key list printed on paper/plastic card, but not just a single password either. Also, the flesh-carried challenges should be one-use and of unlimited supply.
We do carry an extreme neural computing device on each of our shoulders, expandable to a few "animal" species (gorillas come to mind). If such an analog "computer"s likely responses to a set of questionnaire could be simulated by digital machinery, and if that set of challenge key-value (question-answer) results could be trusted upon to be static.yet of near-infinite [sic] supply, an unique challenge could be presented to a human as a simple question, to which it could answer with an appropriate key. You'd probably have to allow a few failures each time though
The keys could be logical questions about changing subjects, that touch areas of the individual's thinking known and trusted (unconscious?) to the challenger. No birth dates or such crap; rather "Does a mother have the right to shout at your little sister of age 9, if the latter behaves maliciously?". Answers could be of forms like "depends on what the shouting is for." Areas of thought where the answer is formed should be just that: based on little changing patterns related to clear concepts (family, rights, simple behavior) that can be mapped by a series of questions, yet which are individual enough to personalize us... uuh, serious oversimplifying. Well, think about it if you will. What makes one individe?
Well, they don't just "sell ssh", they sell security, including something called IPsec.
Quite a bunch of my friends just turned a lot "richer" today; assumably as company workers they got their shares from top of stack. Free beer?-)