And of course, there exist no cgi scripts which use shells to do something, right? And even if there are, we know how hard it is to find a flaw in 'em, right?
Remember that no exploit exists in a vacuum; it's going to be one of a series of vulnerabilities used to bring your box down/gain root/read data.
And, although you're right that someone could do something much nastier with shell access, if you just wanted to DOS a machine, this seems like a pretty damned simple way to do it.
"Why the additional "covenant" language in the Sun license?
The OpenSSL's standard BSD style license does not address patent issues explicitly. Sun added a "patent peace provision" language to clarify its patent grant."
This is why OpenBSD ships with an ECC-less OpenSSL.
http://research.sun.com/projects/crypto/Frequenl yA skedQuestions.html
So the BSA wants to say that open standards mean open source? Does this mean that they're afraid that they can't compete with F/OSS initiatives on an equal footing? That they need to leverage proprietary standards in order to keep market share?
As for the inclusion of patented IP in open standards, it's pretty much an oxymoron: if it's an open standard, there should be no strings attached (e.g., cisco's vrrp, Sun's elliptic curve cryptography in OpenSSL). Open should mean open, not we'll-let-you-play-with-this-until-we-decide-other wise.
This illustrates why state sales taxes need to go the way of the dodo; out-of-state purchases, now easy to do online, are going to skirt them.
Income and payroll taxes are much more easily tracked, are not regressive, and end up being much more effective.
Now, if only we could get state and local governments to stop paying companies in the US to place jobs at astronomical cost (e.g., oftentimes tax and monetary incentives that add up to the state being able to employ the workers outright for several years).
N-Gage didn't take off because of idiotic initial design (take the batteries out to change a game? whoever let that slip through the engineering process should be stripped of their license). Nintendo has two big things going for it:
Name recognition, and a known software library. If anybody's going to make the first successful initial game/phone/pda, I think Nintendo has a better-than-fair shot at it.
Slashdot Mirror
Forget about the trees, and see the forest:
The original post was about how "hard" it was to get access to a shell. I pointed out that it wasn't quite so simple.
But what if I didn't want to control it, just bring it down? This is one more vector.
Cracking systems doesn't necessarily mean affecting control.
And of course, there exist no cgi scripts which use shells to do something, right? And even if there are, we know how hard it is to find a flaw in 'em, right?
Remember that no exploit exists in a vacuum; it's going to be one of a series of vulnerabilities used to bring your box down/gain root/read data.
And, although you're right that someone could do something much nastier with shell access, if you just wanted to DOS a machine, this seems like a pretty damned simple way to do it.
The ECC in OpenSSL is a 'patent grant' from Sun.
l yA skedQuestions.html
From research.sun.com:
"Why the additional "covenant" language in the Sun license?
The OpenSSL's standard BSD style license does not address patent issues explicitly. Sun added a "patent peace provision" language to clarify its patent grant."
This is why OpenBSD ships with an ECC-less OpenSSL.
http://research.sun.com/projects/crypto/Frequen
So the BSA wants to say that open standards mean open source? Does this mean that they're afraid that they can't compete with F/OSS initiatives on an equal footing? That they need to leverage proprietary standards in order to keep market share?
r wise.
As for the inclusion of patented IP in open standards, it's pretty much an oxymoron: if it's an open standard, there should be no strings attached (e.g., cisco's vrrp, Sun's elliptic curve cryptography in OpenSSL). Open should mean open, not we'll-let-you-play-with-this-until-we-decide-othe
This illustrates why state sales taxes need to go the way of the dodo; out-of-state purchases, now easy to do online, are going to skirt them.
Income and payroll taxes are much more easily tracked, are not regressive, and end up being much more effective.
Now, if only we could get state and local governments to stop paying companies in the US to place jobs at astronomical cost (e.g., oftentimes tax and monetary incentives that add up to the state being able to employ the workers outright for several years).
A low-power firewall acting as a VPN concentrator could certainly take advantage of crypto hardware.
Or, for the pathologically paranoid (join with me, my Pathanoid kin!), quick swap encryption sounds pretty tasty.
N-Gage didn't take off because of idiotic initial design (take the batteries out to change a game? whoever let that slip through the engineering process should be stripped of their license). Nintendo has two big things going for it:
Name recognition, and a known software library. If anybody's going to make the first successful initial game/phone/pda, I think Nintendo has a better-than-fair shot at it.