BSD has been around for a long time in the academic world, but it hasn't had the massive user-coder base that Linux developed fairily quickly (This is the true genious of Linus). So it has been maintained AFAIK by a small group of people. BSD isn't as userfriendly as Linux, because that small group of pelple is more interested in the development of BSD than in helping newbies. Some BSD distros are really tough to install -- things like making your own boot disks from scratch for certain systems etc specifically because they want to discourage lusers from bugging them about it. So in general BSD is smaller because it is smaller -- there is not as big a user/developer community as there is for Linux, hence less development and exposure... As the OSS model starts to take more and more market share, BSD will develop a a strong competitor for Linux, especially in professionally administrated systems. This is a good thing -- competition provides for improvement. For example if this occurs we may see companies providing BSD service contracts, and improved security for linux.
I suppose that creating a day-trading bot that gives the user massive advatages in terms of spotting good stock would be bad?
Think of it - all your adrenaline slurping marine buddies sitting at a bank of computers send rapid-fire orders for stock. Seizing companies left and right, leveraging your ammuntion supplies...
Now, is this cheating or good buiness (Assuming it works) -- I'm quite sure that if anyone ever gets any good at it there's some masssive repercussions to be had, either SEC sanctions or stock market crashes. Of coure if you had that sort of day-trading client would you use it over the normal one?
Of course there's more security on the server side for day-trading, but the same issues are relevant there. I suppose we ought to be thankful that Quake doesn't actually have massive effects on our economy, and that hakers are leery of dealing with money things because the penalties for getting caught are larger.
There have been several posts claiming that Open Source software has less necessity for security, or safety. That the GPL somehow exonerates OSS in some way that the MS EULA does not. All of this is bunk.
If OSS software is really a general purpose solution then it must meet as stringent a security requirement as any other such solution. For all of those Linux evangelists out there, we can't claim security as an advantage in on sentence, and then claim less resposibility for it in the next without sounding silly.
What Linux does have is a better testing system, a more heterogenious and reliable user base, and a significantly better bug response method.
The concerns about safety, be they virus propogation, data integrety problems, or uptime/essential systems issues. Are the responsibilty of the system's administrator. Any system can be made secure by a careful admin, and any system can be made unsafe by running unknown (read closed) software.
The reality is that computers are so complicated that Admin's (for that matter developers) cannot go through the code checking all cases in some perverse proof of correctness. Making software engineers sign off just means that someone who really isn't responsible for having a buggy or defective piece of softwar can be canned for the zealous marketing and management of his company.
If a company claims that a system is secure - e.g. NT according to MS or perhaps Open BSD then the company could be considered liable if: a) It fails to take reasonable measures to make sure that said product is secure. b) Refuses to respond to security issues as they arrive.
I was just reading through a comment above, and the following ocurred to me:
If both ends record events and send them as part of the protocol then it should be possible to have your client check that the behavior is consistent with the model. This could cost some significant bandwidth especially in large games.
Since AFAIK the bottleneck is actually network bendwidth, the compute time may not be an issue.
Now, if someone writes a client that produces keystrokes such that the enhanced activites are accounted for, then that client will effectively be a macro box.
This doesn't account for modified clients which allow you to see through walls or such, but it's a beginning. Although if you were concerned, you could watch the movie generated by the other guy's keystrokes and check if it mae sense/ was legal.
There's got to be some way to verify the Quake exe using hashes etc. Maybee not the whole program, but just a small "subprogram" that can be verified directly via the connection, then it verifies that the whole.exe is untampered (for modded games, just compare MD-5's with each other) so that you know when the other guy has tampered with things.
Now, I suppose that this is not really a whole lot better since the verification system can be bypassed, but at least it should provide for some control mechanism which can then be altered, or improved untill it works.
A freind of mine works at a sewage plant int he greater Los Angeles. He says that they had a Y2K test a few months ago that caused the gate to misbehave resulting in excess dumping of sewage into the lake/river than they were allowed to that month by a factor of two or three. This is the kind of Y2K hicup whose effects will only be seen 6 months to a few years down the line as massive sewage dumps seriously fuck up aquatic popultations. Of course if you ask me LA is realy a good place to do that sort of experiment....
Specifically that RIS I caused by people who use Keyboards and other systems with insufficient resistance. Notably RSI begins to show up at the same time journalists moved away from mechanical typwrites en masse. Something about he lack of resistance ecouraging/allowing bad hand posture? Any comments on this? It may also have to do with increased typing speed. However, there have been typing pools since before WWII and RSI seems to be a more modern phenomenon. I've had some problems with my hands while digging a long trench, but I think that was just old fashioned wear an tear, since they occured after only a few days of work digging.
There are some major differences between the local bullitain boards, and e-mail or web sites that are purely transferred. If you read the stadard legal disclaimers on the ISP stuff, most bullitain boards claim ownership of anything posted on them. This may mean that the message is the ISP's legal responisibility, however, it would be nigh impossible to demonstarte intent. In California Law, auto accidents are considered the fault of the last person who could have avoided them. Similarly, by reserving the right to edit content, even if they do not, the ISP is creating a last failure point for witch it is in some sense liable. Since the ISP is easier to target than some vauge net entity on the other side, and because it is guaranteed to have deeper pockets, the ISP will be sued for it's part of the liabilty before the actual culprint. I don't necessarily agree with the line of reasoning, but it could certainly be sold to a jury, and probably to some friendly judges as well. I suppose a similar case could be made with a normal bulletain board, and some offensive note posted on it. In that case, noone sane would think twice about holding the owner of the board responsible, but I wouldn't doubt that an institution could be sued for content of one of its bulletain boards if it was deemed obscene. I suppose a good way to describe it is that if all communication were strongly encrypted, then the last point of mutability, i.e. the last place where the text was unencryped, and hence editable could be considered a liable point, however, if the info is ecrypted, then obviously the carrier cannot excercise editorial content, and hence cannot be found liable for a lack of it. Now, if you examine the case of the e-mail the message could have passed from transmitter to reciever without ever being unencryped, but at the bullitain board it must have been plain, in order to be freely distibuted.
Well, the line hasn't been drawn yet.
on
Profiling A Nation
·
· Score: 1
Consider that the technology that's being developed will allow companies, governments, or anyone else who cares, to track your movement anywhere that there are cameras. Consider a store which keeps track of where all the customers spend their time (They already can keep track of who buys what with those sill cards) using face recognition software. Then the company that can easily track who spaens how much time in lunch rooms, the government agencies that keep passive records of who is where. In prisons retinal scan systems have already been implemented to prevent prisoners swapping postions, and there was talk of having ID chips implanted under someone's skin so that the ID can be made without persons subjecting themselves to an obvious scan. Forget having databases about your taste, but now everyone will be tracked automatically. The technology exists. The data storage and processing is well within corporate means. Remeber big brother, he is real.
Sorry to sound so paranoid, but I was thinking about setting up something like this somewhere, and studying the results as a sort of sociology project.
Potato - Patato Tomato Tomato
on
Geeks vs. Nerds
·
· Score: 3
Let's call the whole thing off.
Honestly, what's in a name. Weather a moniker intimates respect or contempt has little to do with the word, and more to do with the associated stereotype. For example if you called someone discriminating today, it would probably be a negative comment. Fifty years ago it would have been a compliment. The deal is that people who are part of that steroetype are suddenly suceeding in buisness, and clearly are controling the means of communication for the next years. Like in the whole Littletown media debacle, or many others, terms like Nerd, Geek, Hacker, Cracker, Phreaker, or Goth are used by people who don't have any idea of what they are describing. Perhaps the issue here is that noone can agree on what a nerd is or weather nerd or geek is preferable is up in the air. To put this in perspective, I'm a foreigner in the us, and in my few years here I've observed the transition from handicapped to disabled as a "euphemism" for people with physical difficulties. Now, I suppose they were originally referred to as Cripples which is now considerd a relatively ugly word, but cripple and cripple are still acceptable. What is true however, is that the term is considered a perjorative by those who are distant from the issues, the ones that don't know who or what is going on. I don't think that Nigger originally referred to black er african american persons, but something along the lines of greedy, selfish, lazy, self-serving persons. The terms nerd and geek are used by the same sort of people who associated the littletown incident with goths, but instead of people who wear black, they usually refer to people who are intelectually inclined, and may have poor grooming habits. A geek, at least last time I thought about these things is a freaky person, someone who might bite heads off chickens, someone who sticks out of social situations in a big way. The term geek has been applied to people who aren't interested in computers, or smart enought o piss a whole in the snow if someone else helps them aim. Nerds on the other hand are people who are poorly groomed, socially simpleminded, and academically inclined. I suppose that all has changed a whole lot in the last five years. Any sort of choice that you make isn;t going to affect the people around you a whole lot, since they have either made a distinction themselves already, or have no idea what the difference is.
Sony has the most popular set top box on the market today. Wait 'till every teenager with a playstation is also hooked up with AOL on the playstation. Honestly, why would anyone want a toaster with we access?
Should be a good topic for Slashdot poll. How about:
Internet polls are usefull because: a)They show that elections can be fixed b)Script kiddies don't know how to write ballot stuffers. c)HAnk the angry drunken dwarf. . . . .
What I'd be worried about isn't the government tracking people, but people tracking people, no more opportunities to "get away from it all" as it were. A friend of mine recieves 150 e-mails (Not spam, real e-mail) every day. Imagine getting that many phone calls over a twelve hour period. Thats one phone call every six minutes. I hope you have good time management skills. Furthermore, it seems like people in the US are wont to abuse their cell phones. Most people I know only use them for incoming emergency, and outgoing calls. I remember someone getting a 911 page because one of their friends wnated to go see a movie that evening. I think that the Finns are more willing to deal with connectivity because they have more tact. I don't have a cell phone, pager or answering machine. I don't really want any of them.
Regarding the activites of crackers and blackmailing backs. I'm sure most of the threats are just DOS attacks that may or may not actually involve compromising the security of the bank. Consider the scenario of a banks communication network breaking down. Here's how it might work: Lets say the main branch in London has a computer failure. Now, that's all ok for an hour or too, but if it lasts much longer, especially at some strategic time (like during backups) then the bank will start having problems. Now, instead of transferring monies out of an account the crook simply withdraws the money from several banks, one after the other. They won't notice untill after the link comes back up. Ok, so the banks that are offline can't deal with major withdrawals. So now, they really can't do anything, except dissalow withdrawals. Then, when the news hits, there may be a run on the bank... (This is really bad news.)
Now, the tricky part here is that the bank would rather pay someone to not attack than to loose it's buisness for a day, no big deal. As soon as the scenario becomes reasonably common, the bank may well move to more economical means of protection.
Also, it seems like this kind of scenario is likely to be an inside job. A banker should be well versed in how to perform massive money transfers discreetly, and have appropiate contacts to do so. The insider already has acess to the system, and can easily forge an e-mail by simply bypassing physical security. Furthermore, with inside information, the crook could verry well know what sums of money would be considered small enough to be acceptable payoffs.
Otherwise there are massive issues with this sort of caper. AFAIK most banks use proprietary systems. Most of these systems were written a long time ago by professional high-end programmers, not the indian sweatshop programs available from MS, so each system is unique, and may well require insider info. The actual transfer of money would also be very difficult to perform securely.
Slashdot Mirror
BSD has been around for a long time in the academic world, but it hasn't had the massive user-coder base that Linux developed fairily quickly (This is the true genious of Linus). So it has been maintained AFAIK by a small group of people. BSD isn't as userfriendly as Linux, because that small group of pelple is more interested in the development of BSD than in helping newbies.
Some BSD distros are really tough to install -- things like making your own boot disks from scratch for certain systems etc specifically because they want to discourage lusers from bugging them about it.
So in general BSD is smaller because it is smaller -- there is not as big a user/developer community as there is for Linux, hence less development and exposure...
As the OSS model starts to take more and more market share, BSD will develop a a strong competitor for Linux, especially in professionally administrated systems. This is a good thing -- competition provides for improvement. For example if this occurs we may see companies providing BSD service contracts, and improved security for linux.
What are the non-computer hobbies of the l0pht crew?
I suppose that this is a sort of "celebrety interview" question, but I'm curious.
I suppose that creating a day-trading bot that gives the user massive advatages in terms of spotting good stock would be bad?
Think of it - all your adrenaline slurping marine buddies sitting at a bank of computers send rapid-fire orders for stock. Seizing companies left and right, leveraging your ammuntion supplies...
Now, is this cheating or good buiness (Assuming it works) -- I'm quite sure that if anyone ever gets any good at it there's some masssive repercussions to be had, either SEC sanctions or stock market crashes. Of coure if you had that sort of day-trading client would you use it over the normal one?
Of course there's more security on the server side for day-trading, but the same issues are relevant there. I suppose we ought to be thankful that Quake doesn't actually have massive effects on our economy, and that hakers are leery of dealing with money things because the penalties for getting caught are larger.
There have been several posts claiming that Open Source software has less necessity for security, or safety. That the GPL somehow exonerates OSS in some way that the MS EULA does not. All of this is bunk.
If OSS software is really a general purpose solution then it must meet as stringent a security requirement as any other such solution. For all of those Linux evangelists out there, we can't claim security as an advantage in on sentence, and then claim less resposibility for it in the next without sounding silly.
What Linux does have is a better testing system, a more heterogenious and reliable user base, and a significantly better bug response method.
The concerns about safety, be they virus propogation, data integrety problems, or uptime/essential systems issues. Are the responsibilty of the system's administrator. Any system can be made secure by a careful admin, and any system can be made unsafe by running unknown (read closed) software.
The reality is that computers are so complicated that Admin's (for that matter developers) cannot go through the code checking all cases in some perverse proof of correctness. Making software engineers sign off just means that someone who really isn't responsible for having a buggy or defective piece of softwar can be canned for the zealous marketing and management of his company.
If a company claims that a system is secure - e.g. NT according to MS or perhaps Open BSD then the company could be considered liable if:
a) It fails to take reasonable measures to make sure that said product is secure.
b) Refuses to respond to security issues as they arrive.
The software you buy is always as is. Beware.
I was just reading through a comment above, and the following ocurred to me:
If both ends record events and send them as part of the protocol then it should be possible to have your client check that the behavior is consistent with the model. This could cost some significant bandwidth especially in large games.
Since AFAIK the bottleneck is actually network bendwidth, the compute time may not be an issue.
Now, if someone writes a client that produces keystrokes such that the enhanced activites are accounted for, then that client will effectively be a macro box.
This doesn't account for modified clients which allow you to see through walls or such, but it's a beginning. Although if you were concerned, you could watch the movie generated by the other guy's keystrokes and check if it mae sense/ was legal.
There's got to be some way to verify the Quake exe using hashes etc. Maybee not the whole program, but just a small "subprogram" that can be verified directly via the connection, then it verifies that the whole .exe is untampered (for modded games, just compare MD-5's with each other) so that you know when the other guy has tampered with things.
Now, I suppose that this is not really a whole lot better since the verification system can be bypassed, but at least it should provide for some control mechanism which can then be altered, or improved untill it works.
A freind of mine works at a sewage plant int he greater Los Angeles. He says that they had a Y2K test a few months ago that caused the gate to misbehave resulting in excess dumping of sewage into the lake/river than they were allowed to that month by a factor of two or three.
This is the kind of Y2K hicup whose effects will only be seen 6 months to a few years down the line as massive sewage dumps seriously fuck up aquatic popultations.
Of course if you ask me LA is realy a good place to do that sort of experiment....
Specifically that RIS I caused by people who use Keyboards and other systems with insufficient resistance. Notably RSI begins to show up at the same time journalists moved away from mechanical typwrites en masse. Something about he lack of resistance ecouraging/allowing bad hand posture?
Any comments on this? It may also have to do with increased typing speed. However, there have been typing pools since before WWII and RSI seems to be a more modern phenomenon.
I've had some problems with my hands while digging a long trench, but I think that was just old fashioned wear an tear, since they occured after only a few days of work digging.
There are some major differences between the local bullitain boards, and e-mail or web sites that are purely transferred.
If you read the stadard legal disclaimers on the ISP stuff, most bullitain boards claim ownership of anything posted on them.
This may mean that the message is the ISP's legal responisibility, however, it would be nigh impossible to demonstarte intent.
In California Law, auto accidents are considered the fault of the last person who could have avoided them. Similarly, by reserving the right to edit content, even if they do not, the ISP is creating a last failure point for witch it is in some sense liable. Since the ISP is easier to target than some vauge net entity on the other side, and because it is guaranteed to have deeper pockets, the ISP will be sued for it's part of the liabilty before the actual culprint.
I don't necessarily agree with the line of reasoning, but it could certainly be sold to a jury, and probably to some friendly judges as well.
I suppose a similar case could be made with a normal bulletain board, and some offensive note posted on it. In that case, noone sane would think twice about holding the owner of the board responsible, but I wouldn't doubt that an institution could be sued for content of one of its bulletain boards if it was deemed obscene.
I suppose a good way to describe it is that if all communication were strongly encrypted, then the last point of mutability, i.e. the last place where the text was unencryped, and hence editable could be considered a liable point, however, if the info is ecrypted, then obviously the carrier cannot excercise editorial content, and hence cannot be found liable for a lack of it.
Now, if you examine the case of the e-mail the message could have passed from transmitter to reciever without ever being unencryped, but at the bullitain board it must have been plain, in order to be freely distibuted.
Consider that the technology that's being developed will allow companies, governments, or anyone else who cares, to track your movement anywhere that there are cameras. Consider a store which keeps track of where all the customers spend their time (They already can keep track of who buys what with those sill cards) using face recognition software. Then the company that can easily track who spaens how much time in lunch rooms, the government agencies that keep passive records of who is where.
In prisons retinal scan systems have already been implemented to prevent prisoners swapping postions, and there was talk of having ID chips implanted under someone's skin so that the ID can be made without persons subjecting themselves to an obvious scan.
Forget having databases about your taste, but now everyone will be tracked automatically. The technology exists. The data storage and processing is well within corporate means. Remeber big brother, he is real.
Sorry to sound so paranoid, but I was thinking about setting up something like this somewhere, and studying the results as a sort of sociology project.
Let's call the whole thing off.
Honestly, what's in a name. Weather a moniker intimates respect or contempt has little to do with the word, and more to do with the associated stereotype. For example if you called someone discriminating today, it would probably be a negative comment. Fifty years ago it would have been a compliment. The deal is that people who are part of that steroetype are suddenly suceeding in buisness, and clearly are controling the means of communication for the next years.
Like in the whole Littletown media debacle, or many others, terms like Nerd, Geek, Hacker, Cracker, Phreaker, or Goth are used by people who don't have any idea of what they are describing. Perhaps the issue here is that noone can agree on what a nerd is or weather nerd or geek is preferable is up in the air.
To put this in perspective, I'm a foreigner in the us, and in my few years here I've observed the transition from handicapped to disabled as a "euphemism" for people with physical difficulties. Now, I suppose they were originally referred to as Cripples which is now considerd a relatively ugly word, but cripple and cripple are still acceptable.
What is true however, is that the term is considered a perjorative by those who are distant from the issues, the ones that don't know who or what is going on. I don't think that Nigger originally referred to black er african american persons, but something along the lines of greedy, selfish, lazy, self-serving persons.
The terms nerd and geek are used by the same sort of people who associated the littletown incident with goths, but instead of people who wear black, they usually refer to people who are intelectually inclined, and may have poor grooming habits.
A geek, at least last time I thought about these things is a freaky person, someone who might bite heads off chickens, someone who sticks out of social situations in a big way. The term geek has been applied to people who aren't interested in computers, or smart enought o piss a whole in the snow if someone else helps them aim. Nerds on the other hand are people who are poorly groomed, socially simpleminded, and academically inclined.
I suppose that all has changed a whole lot in the last five years. Any sort of choice that you make isn;t going to affect the people around you a whole lot, since they have either made a distinction themselves already, or have no idea what the difference is.
Sony has the most popular set top box on the market today. Wait 'till every teenager with a playstation is also hooked up with AOL on the playstation.
Honestly, why would anyone want a toaster with we access?
Should be a good topic for Slashdot poll. How about:
Internet polls are usefull because:
a)They show that elections can be fixed
b)Script kiddies don't know how to write ballot stuffers.
c)HAnk the angry drunken dwarf.
.
.
.
.
Old Hat, but there was an armed guard. Unfortuanlely he was massively outgunned (Pistols vs. Shotguns really does favor the shotgun)
What I'd be worried about isn't the government tracking people, but people tracking people, no more opportunities to "get away from it all" as it were.
A friend of mine recieves 150 e-mails (Not spam, real e-mail) every day. Imagine getting that many phone calls over a twelve hour period. Thats one phone call every six minutes. I hope you have good time management skills.
Furthermore, it seems like people in the US are wont to abuse their cell phones. Most people I know only use them for incoming emergency, and outgoing calls. I remember someone getting a 911 page because one of their friends wnated to go see a movie that evening. I think that the Finns are more willing to deal with connectivity because they have more tact.
I don't have a cell phone, pager or answering machine. I don't really want any of them.
Regarding the activites of crackers and blackmailing backs. I'm sure most of the threats are just DOS attacks that may or may not actually involve compromising the security of the bank.
Consider the scenario of a banks communication network breaking down.
Here's how it might work:
Lets say the main branch in London has a computer failure. Now, that's all ok for an hour or too, but if it lasts much longer, especially at some strategic time (like during backups) then the bank will start having problems.
Now, instead of transferring monies out of an account the crook simply withdraws the money from several banks, one after the other. They won't notice untill after the link comes back up.
Ok, so the banks that are offline can't deal with major withdrawals. So now, they really can't do anything, except dissalow withdrawals. Then, when the news hits, there may be a run on the bank... (This is really bad news.)
Now, the tricky part here is that the bank would rather pay someone to not attack than to loose it's buisness for a day, no big deal. As soon as the scenario becomes reasonably common, the bank may well move to more economical means of protection.
Also, it seems like this kind of scenario is likely to be an inside job. A banker should be well versed in how to perform massive money transfers discreetly, and have appropiate contacts to do so. The insider already has acess to the system, and can easily forge an e-mail by simply bypassing physical security.
Furthermore, with inside information, the crook could verry well know what sums of money would be considered small enough to be acceptable payoffs.
Otherwise there are massive issues with this sort of caper. AFAIK most banks use proprietary systems. Most of these systems were written a long time ago by professional high-end programmers, not the indian sweatshop programs available from MS, so each system is unique, and may well require insider info. The actual transfer of money would also be very difficult to perform securely.
NTG