Re:Don't get me wrong
on
Free Geek Robbed
·
· Score: 5, Insightful
But don't you think the folks at FreeGeek doing sort of a disservice to those they give computers to? Linux is not the easiest to learn, and once it is learned the skills are only applicable to less than 5 percent of all computers.
Firstly, they seem to mostly give machines to non-profits and their volunteers. Secondly, they train their volunteers in using the software as well as how to build a machine from parts. Also, those skills will be useful on a computer the volunteer now owns which could not happen without this program (or something like it). The more people who are turned on to Free software, the more people will know how to use it and the more useful the skills become.
Your post reminds me of teachers I had in high school who had the mentality that we were "just kids" who couldn't be expected to learn without being forcefed. Poor does not equal stupid; give people the opportunity to learn and they will surprise you.
...people who still think Internet Explorer is the best thing since sliced bread.
I don't know anybody who thinks IE is the best. The people I know who use it are those that are required to (company IT policies) and those who think the big blue "e" on their desktop actually is The Internet.
it is going to go off the track and run into a wall of air at very high speed.
The speed has nothing to do with it. Gravities are a unit of acceleration. They could probably accelerate a person in the same way with similar apparatus at a reasonable 2-3 gees, but it would take much longer before they had enough velocity to get out of the atmosphere.
In all fairness, sometimes a video clip is an appropriate addition to a presentation. Using PDF means you have to change to another program to show it, while using Powerpoint means you could put it inline, which is slightly slicker when it works.
I agree; sometimes video is useful. But you made a strong point against it yourself: "when it works." How many times have you seen it work? In presentations I've seen using video in a Powerpoint, I would venture a guess at about 25%. The other three-fourths of the time, the presenter makes a fool of him/herself and either goes to an external viewer or gives up on the video entirely.
Cross site scripting is really great for simple session hijacking. Php stores a cookie called PHPSESSID by default with your unique session identifier. All of the important bits of your session (username, password, whatever else they're storing) are stored on the server. If someone can guess (very difficult) or steal (with xss very easy) that identifier, they can impersonate you and have access to whatever information that entails on the vulnerable website. If it's phpBB, they can elevate privileges to become a moderator/admin. If it's Amazon they can see your credit card number. So yes, it's great for phishers.
Also, an interesting note about xss: it's a shotgun approach. When an attacker exploits an xss vulnerability, they will steal the cookies of everybody who views that page, not just you.
Yes, women should have control of their reproduction. That's why they make condoms and birth control pills and depo and morning after pills and blow jobs. Abortion should not be used as a means of birth control.
That you know of. Do you monitor all of your outbound connections 100% of the time? Do you have some way of determining that every packet of normal-looking web traffic is in fact normal? What about DNS? SNMP, SMTP, ICMP, UDP? Lots of malware simply sits in memory waiting. It can hijack processes so that http traffic looks like it's coming from your normal webbrowser. It can wait until the system has been idle for an hour before attempting any connections.
If something evil gets into your box, your box can never again be trusted to tell you the truth about anything until you've reinstalled the operating system or restored from backup (which isn't always as clean as you think).
They should change the SSID anyway. Say you're in a cafe that has a sign on the door that says, "Free Wireless Internet!" You start up kismet and see 4 ACTIONTEC 2 linksys and 3 default, all unencrypted, which one can you connect to legally?
In fact, Google could arbitrarily decide that some company was "bad" and simply remove them from their database.
In fact, Google does do this with their ads. If they decide your website is "bad" they will not let you host adsense ads (and therefore not give you any money). For example, hackthissite.org and remote-exploit.org both used to have google ads. After having them for some time, google decided that they were hacking sites and refused to pay them. Google also told them they could no longer have ads.
Like any other argument of what is best, one must consider the situation. Gentoo may not be suitable for a production environment; in fact, I agree that it isn't for most companies and most IT departments. But for a penetration tester, Gentoo is just about ideal.
a) Packages are updated more regularly and are far more up-to-date. For example, when nmap 4 came out last month with what I now consider to be essential features, Gentoo stable had an ebuild for it the same day. Debian stable is still showing 3.81, which is no less than 6 months old and a half dozen versions behind. b) Performance can be significantly greater. A friend and I have identical laptops, his had Gentoo, mine had Debian, both essentially base installs. His booted ~20% faster. Mine now has Gentoo. c) A Gentoo system is _exactly_ what you want it to be. Want security? I run GRsec on a hardened kernel and every binary on my laptop was compiled with a hardened toolchain including the toolchain itself. Try that with any other distribution.
The need for official support is obvious, even if in reality it ends up being provided by the on site local admins. No need to write it down in quotes and roll our eyes. Official agencies have to have somebody accountable, it's part of justifying the spending of the public dollar.
When all of your users have been using Linux as their primary operating system for 5+ years, some for much longer, I don't believe you can justify spending public dollars on support. Additionally, I don't believe you should force those users to work on a particular distro.
no need for a compiler to be even present.
Compilation is essential to the security professional. So are disassembly and debugging. Not to mention the kind of packet crafting that requires dozens of tools. I agree with you that these tasks are not what normally occur on a server, but Linux is not only useful on a server.
In short, use the right tool for the job. For many, including myself, the right tool is Gentoo.
Speaking as a student about to graduate and go into Federal Civil Service as a penetration tester, I can tell you that all of the agencies with which I have interviewed use mostly Linux. Well, all of the agencies that are actually good at what I want to do.
So far it's been mostly gentoo from what i've seen, but there are some places that have to use RedHat because their management said it has to have 'support.'
Bear in mind, however, that the places i'm interviewing are hardcore hacker groups, so this may be (and probably is) completely off the norm.
Invading Iraq had absolutely nothing to do with the events of September 11, 2001.
It had everything to do with a political blunder made by Bush the First. He made the mistake of comparing Saddam Hussein to Hitler. After that point, Saddam was serious political liability for Mr. Bush's administration. A man so evil, a man who is just like Hitler must be disposed of; you can't make a deal with that kind of man. Other politicians got behind this. Then when Clinton became president, he couldn't deal with Saddam either, because after all, Saddam is Hitler. Dealing with him would be political suicide.
You should read some interviews with Scott Ritter. The man is an ex-marine and one of the head UN arms inspectors who was looking for WMDs in Iraq. Guess what? The ones they found had been destroyed. The ones they know existed, but were never found, have a specific shelf life that ran out before the millenium. Saddam's government was being pretty cooperative. Iraq had no WMDs when the US invaded.
Invading Iraq was never about Weapons of Mass Destruction. It was never about Al Qaida. The domestic propaganda machine has been working non-stop to have you believe it was. Invading Iraq was about political problems for US politicians.
How can they claim it has been "mathematically proven to be impossible to reverse-engineer" without having first submitted the code to peer review? My house can be mathematically proven to be impossible to break into. But tell that the the guy with the ski mask and the crow bar.
Slashdot Mirror
Your post reminds me of teachers I had in high school who had the mentality that we were "just kids" who couldn't be expected to learn without being forcefed. Poor does not equal stupid; give people the opportunity to learn and they will surprise you.
You want a document that gives rights to individuals? I have such a document. My birth certificate.
The only way for that to work would be if IE sends the url of every single page you visit back to the mother ship.
Does any one else see a problem with this?
...people who still think Internet Explorer is the best thing since sliced bread.
I don't know anybody who thinks IE is the best. The people I know who use it are those that are required to (company IT policies) and those who think the big blue "e" on their desktop actually is The Internet.
it is going to go off the track and run into a wall of air at very high speed.
The speed has nothing to do with it. Gravities are a unit of acceleration. They could probably accelerate a person in the same way with similar apparatus at a reasonable 2-3 gees, but it would take much longer before they had enough velocity to get out of the atmosphere.
In all fairness, sometimes a video clip is an appropriate addition to a presentation. Using PDF means you have to change to another program to show it, while using Powerpoint means you could put it inline, which is slightly slicker when it works.
I agree; sometimes video is useful. But you made a strong point against it yourself: "when it works." How many times have you seen it work? In presentations I've seen using video in a Powerpoint, I would venture a guess at about 25%. The other three-fourths of the time, the presenter makes a fool of him/herself and either goes to an external viewer or gives up on the video entirely.
it forces you to reinstall your OS every 6 months or so, which isn't such a bad idea anyway.
It's only not a bad idea if you're running windows. Other operating systems don't need to be reinstalled frequently or even at all.
I swear I hit the preview button...
there will always ALWAYS be a place for the determined to find software for free.
Yup. There always will be.
there will always ALWAYS be a place for the determined to find software for free.
Yup. There always will be.
It also logs the page you requested, when you requested it, and your browser.
User-agent: Mozilla/5.0 (compatible; Don't trust me I'm evil; en-US; ) Gecko/19291029 Evil/1.5.0.5
would you happen to know of any other types of attack that XSS might enable?
Howabout the myspace worm?
Cross site scripting is really great for simple session hijacking. Php stores a cookie called PHPSESSID by default with your unique session identifier. All of the important bits of your session (username, password, whatever else they're storing) are stored on the server. If someone can guess (very difficult) or steal (with xss very easy) that identifier, they can impersonate you and have access to whatever information that entails on the vulnerable website. If it's phpBB, they can elevate privileges to become a moderator/admin. If it's Amazon they can see your credit card number. So yes, it's great for phishers.
Also, an interesting note about xss: it's a shotgun approach. When an attacker exploits an xss vulnerability, they will steal the cookies of everybody who views that page, not just you.
(Isn't it cool how you can turn anything into a discussion of Bush's War on Terror?)
That's a corallary to Godwin's Law.
Yes, women should have control of their reproduction. That's why they make condoms and birth control pills and depo and morning after pills and blow jobs. Abortion should not be used as a means of birth control.
That you know of. Do you monitor all of your outbound connections 100% of the time? Do you have some way of determining that every packet of normal-looking web traffic is in fact normal? What about DNS? SNMP, SMTP, ICMP, UDP? Lots of malware simply sits in memory waiting. It can hijack processes so that http traffic looks like it's coming from your normal webbrowser. It can wait until the system has been idle for an hour before attempting any connections.
If something evil gets into your box, your box can never again be trusted to tell you the truth about anything until you've reinstalled the operating system or restored from backup (which isn't always as clean as you think).
I guess they can just change the SSID to comply
They should change the SSID anyway. Say you're in a cafe that has a sign on the door that says, "Free Wireless Internet!" You start up kismet and see 4 ACTIONTEC 2 linksys and 3 default, all unencrypted, which one can you connect to legally?
In fact, Google could arbitrarily decide that some company was "bad" and simply remove them from their database.
In fact, Google does do this with their ads. If they decide your website is "bad" they will not let you host adsense ads (and therefore not give you any money). For example, hackthissite.org and remote-exploit.org both used to have google ads. After having them for some time, google decided that they were hacking sites and refused to pay them. Google also told them they could no longer have ads.
Like any other argument of what is best, one must consider the situation. Gentoo may not be suitable for a production environment; in fact, I agree that it isn't for most companies and most IT departments. But for a penetration tester, Gentoo is just about ideal.
a) Packages are updated more regularly and are far more up-to-date. For example, when nmap 4 came out last month with what I now consider to be essential features, Gentoo stable had an ebuild for it the same day. Debian stable is still showing 3.81, which is no less than 6 months old and a half dozen versions behind.
b) Performance can be significantly greater. A friend and I have identical laptops, his had Gentoo, mine had Debian, both essentially base installs. His booted ~20% faster. Mine now has Gentoo.
c) A Gentoo system is _exactly_ what you want it to be. Want security? I run GRsec on a hardened kernel and every binary on my laptop was compiled with a hardened toolchain including the toolchain itself. Try that with any other distribution.
The need for official support is obvious, even if in reality it ends up being provided by the on site local admins. No need to write it down in quotes and roll our eyes. Official agencies have to have somebody accountable, it's part of justifying the spending of the public dollar.
When all of your users have been using Linux as their primary operating system for 5+ years, some for much longer, I don't believe you can justify spending public dollars on support. Additionally, I don't believe you should force those users to work on a particular distro.
no need for a compiler to be even present.
Compilation is essential to the security professional. So are disassembly and debugging. Not to mention the kind of packet crafting that requires dozens of tools. I agree with you that these tasks are not what normally occur on a server, but Linux is not only useful on a server.
In short, use the right tool for the job. For many, including myself, the right tool is Gentoo.
Speaking as a student about to graduate and go into Federal Civil Service as a penetration tester, I can tell you that all of the agencies with which I have interviewed use mostly Linux. Well, all of the agencies that are actually good at what I want to do.
So far it's been mostly gentoo from what i've seen, but there are some places that have to use RedHat because their management said it has to have 'support.'
Bear in mind, however, that the places i'm interviewing are hardcore hacker groups, so this may be (and probably is) completely off the norm.
Invading Iraq had absolutely nothing to do with the events of September 11, 2001.
It had everything to do with a political blunder made by Bush the First. He made the mistake of comparing Saddam Hussein to Hitler. After that point, Saddam was serious political liability for Mr. Bush's administration. A man so evil, a man who is just like Hitler must be disposed of; you can't make a deal with that kind of man. Other politicians got behind this. Then when Clinton became president, he couldn't deal with Saddam either, because after all, Saddam is Hitler. Dealing with him would be political suicide.
You should read some interviews with Scott Ritter. The man is an ex-marine and one of the head UN arms inspectors who was looking for WMDs in Iraq. Guess what? The ones they found had been destroyed. The ones they know existed, but were never found, have a specific shelf life that ran out before the millenium. Saddam's government was being pretty cooperative. Iraq had no WMDs when the US invaded.
Invading Iraq was never about Weapons of Mass Destruction. It was never about Al Qaida. The domestic propaganda machine has been working non-stop to have you believe it was. Invading Iraq was about political problems for US politicians.
How can they claim it has been "mathematically proven to be impossible to reverse-engineer" without having first submitted the code to peer review? My house can be mathematically proven to be impossible to break into. But tell that the the guy with the ski mask and the crow bar.
Mod parent "-1: I can't format a pre-formatted page"
13.6 Gigabytes!
Amateur.
s/Josh/Joss/g;