I would guess that it is easier/cheaper for them to use 3rd party software on client machines than to spend quite a bit of money on network hardware that can filter/cateogrize/inspect every packet that flows through their infrastructure. Having a bit of software on tens of thousands of machines report condensed data back is likely to be much, much cheaper to do.
Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the application (5/7) layer.
Can't say I am, but there are friends of friends of friends of friends of my friends at other schools who think it is fun to friend everyone they can find.
I deactivated my account a few years ago, once Facebook opened to high schools and (more recently) the general public. I never used it anyway, and it was turning into an annoyance.
After deactivating the account, I saw that a lot of my information is still retained, and I'm CONSTANTLY getting e-mails from facebook saying "so and so wants to be your friend! reactivate your account!" and also messages from "Facebook" on AIM saying essentially the same.
I really wish that they took the hint "If someone deactivates their account, odds are they want to stop being involved in the site"
If you read my follow-up to my own post, you would have seen that I corrected myself to say that it didn't work on my Ubuntu machines that I tested (I was using Ubuntu-packaged kernels, but running the exploit code showed that vmsplice was disabled), though it apparently does work on Ubuntu.
The workaround posted in a follow-up in that thread works. I had a few vulnerable (tested) machines that I cannot reboot even if a patched kernel is released in the near future. I tried that fix, then tried the exploit again. The exploit no longer worked after using the fix (workaround).
Those machines were debian x64.
Ubuntu kernels do not appear to have vmsplice enabled by default.
Nice to see that we can have a nice well-rounded discussion here.
Suffice to say, Ron Paul is my candidate of choice. I never thought I'd want to vote Republican after seeing this mess that was the Bush Administration, but now I want to see nobody in the White House other than Ron Paul. The other Republican candidates are either ridiculously dumb, scare or religious... or a combination of those. The Democratic candidates are better, but still nowhere near as balanced as Paul.
All of my favorite motherboards have been Tyans, lately the Tyan Tiger S5197G2NR. I now own ~10 Tyan-based machines, including some rackmount machines based on their 2U TA-26 barebones systems. I really can't think of any other brand I can recommend, but they've certainly got something to satisfy what you're looking for.
I tried to sign up so that I could run my free XP in a virtual machine with this spy software of theirs and see exactly what kind of stuff it reports. I didn't realize they were out of "gifts" and completed their survey before realizing this. I went through the survey and answered their questions honestly, saying that I use Linux and never use Windows anymore. 5 minutes later, I wanted to remove myself from their database for this so that I don't get e-mails in the future related to it when I have no involvement with it whatsoever... being that they had no more software to give out and all.
I looked on their FAQ page and found conflicting information. Two separate sections saying to send a blank e-mail to two different e-mail addresses with 'remove' in the subject. I e-mailed both, and what did I get in return?
I did that. What did I get back? Two NDRs for separate reasons:
: host maila.microsoft.com[131.107.115.212] said: 550
5.7.1 (in reply to end of DATA command)
-- and --
: host maila.microsoft.com[131.107.115.212] said: 550
5.1.1 User unknown (in reply to RCPT TO command)
>>MIT's RC plane's can take off and land from vertical perches (video), while the Georgia Tech helicopter can land on slopes of up to sixty degrees, by flipping backwards into freefall as it lands (video).
What keeps anyone from creating a site (and/or spamming for it), saying it uses Windows Live authentication, then just farming a giant pile of logins they can sell or use for evil things?
Steam now has a reason to be ported to Linux. A lot of the new id games added to Steam play natively on Linux, there are others that use DOSbox, which conveniently works on Linux as well. If Valve ports Steam to Linux... it'd open the door for Linux users to easily buy and play these games, and I'm sure enough people would such that it makes business sense for them to do it.
Maybe my entire view of things is wrong, but isn't strict layering responsible for most of the things that set Linux apart from less-efficient and less-secure operating systems? Isn't layering what allows the same exact operating system be a high-performance server or a normal work station? I point out the latter because without layering, things like Windows can "disable" a lot of things that are all tied together, but never really remove many things completely since... whatever.
I guess what I'm saying/asking can be summarized: isn't layering one of those really-important things to Linux that shouldn't be violated? Reading the summary sounds like "In order to make Linux more Windows-like, we need to violate the things that makes Linux much more of a proper layered OS than Windows is."
Slashdot Mirror
I would guess that it is easier/cheaper for them to use 3rd party software on client machines than to spend quite a bit of money on network hardware that can filter/cateogrize/inspect every packet that flows through their infrastructure. Having a bit of software on tens of thousands of machines report condensed data back is likely to be much, much cheaper to do.
Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the application (5/7) layer.
Can't say I am, but there are friends of friends of friends of friends of my friends at other schools who think it is fun to friend everyone they can find.
I deactivated my account a few years ago, once Facebook opened to high schools and (more recently) the general public. I never used it anyway, and it was turning into an annoyance.
After deactivating the account, I saw that a lot of my information is still retained, and I'm CONSTANTLY getting e-mails from facebook saying "so and so wants to be your friend! reactivate your account!" and also messages from "Facebook" on AIM saying essentially the same.
I really wish that they took the hint "If someone deactivates their account, odds are they want to stop being involved in the site"
No, the machine is 1000 miles away and I don't feel like dealing with it if it doesn't come back up.
It essentially already is. The link to the Debian bugtracker has a link to the "reverse exploit" code.
What are the downsides/risks of using that fix/workaround? What functionality does it break or restrict?
The machines that I tested were running the 7.04 kernel:
ryan@scarecrow:~$ uname -a
Linux scarecrow 2.6.20-16-generic #2 SMP Sun Sep 23 19:50:39 UTC 2007 i686 GNU/Linux
If you read my follow-up to my own post, you would have seen that I corrected myself to say that it didn't work on my Ubuntu machines that I tested (I was using Ubuntu-packaged kernels, but running the exploit code showed that vmsplice was disabled), though it apparently does work on Ubuntu.
I should say.. the ubuntu machines I tested it on do not appear to have vmsplice enabled. YMMV.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953
The workaround posted in a follow-up in that thread works. I had a few vulnerable (tested) machines that I cannot reboot even if a patched kernel is released in the near future. I tried that fix, then tried the exploit again. The exploit no longer worked after using the fix (workaround).
Those machines were debian x64.
Ubuntu kernels do not appear to have vmsplice enabled by default.
Nice to see that we can have a nice well-rounded discussion here.
Suffice to say, Ron Paul is my candidate of choice. I never thought I'd want to vote Republican after seeing this mess that was the Bush Administration, but now I want to see nobody in the White House other than Ron Paul. The other Republican candidates are either ridiculously dumb, scare or religious... or a combination of those. The Democratic candidates are better, but still nowhere near as balanced as Paul.
Nice one there, CmdrTaco
Did you miss the DIP switches he added in so that he can turn them on/off as he wishes (one switch per device)?
All of my favorite motherboards have been Tyans, lately the Tyan Tiger S5197G2NR. I now own ~10 Tyan-based machines, including some rackmount machines based on their 2U TA-26 barebones systems. I really can't think of any other brand I can recommend, but they've certainly got something to satisfy what you're looking for.
Ok, even though I submit this as plaintext it parses things between brackets as html tags. For the bounces, see http://scarecrow.puttynuts.com/~ryan/ms-what-a-surprise.txt
Er, that second one should be
: host mailc.microsoft.com[205.248.106.32] said: 550
5.7.1 (in reply to end of DATA command)
I tried to sign up so that I could run my free XP in a virtual machine with this spy software of theirs and see exactly what kind of stuff it reports. I didn't realize they were out of "gifts" and completed their survey before realizing this. I went through the survey and answered their questions honestly, saying that I use Linux and never use Windows anymore. 5 minutes later, I wanted to remove myself from their database for this so that I don't get e-mails in the future related to it when I have no involvement with it whatsoever... being that they had no more software to give out and all.
I looked on their FAQ page and found conflicting information. Two separate sections saying to send a blank e-mail to two different e-mail addresses with 'remove' in the subject. I e-mailed both, and what did I get in return?
I did that. What did I get back? Two NDRs for separate reasons:
: host maila.microsoft.com[131.107.115.212] said: 550
5.7.1 (in reply to end of DATA command)
-- and --
: host maila.microsoft.com[131.107.115.212] said: 550
5.1.1 User unknown (in reply to RCPT TO command)
Good one MS, you never cease to amaze me!
>>MIT's RC plane's can take off and land from vertical perches (video), while the Georgia Tech helicopter can land on slopes of up to sixty degrees, by flipping backwards into freefall as it lands (video).
Maybe it is time for TPB to get RAIDed again?
Yeah but then you'll only get morons. Now people have a reason to believe that it is real
What keeps anyone from creating a site (and/or spamming for it), saying it uses Windows Live authentication, then just farming a giant pile of logins they can sell or use for evil things?
Steam now has a reason to be ported to Linux. A lot of the new id games added to Steam play natively on Linux, there are others that use DOSbox, which conveniently works on Linux as well. If Valve ports Steam to Linux... it'd open the door for Linux users to easily buy and play these games, and I'm sure enough people would such that it makes business sense for them to do it.
Heh, this is what I get for posting while in a zombie-like state right before taking a nap.
;)
Well deserved, thanks
We get our precious hydrogen gas... and then we're left with Aluminum Oxide and Gallium. What do we do then?
Maybe my entire view of things is wrong, but isn't strict layering responsible for most of the things that set Linux apart from less-efficient and less-secure operating systems? Isn't layering what allows the same exact operating system be a high-performance server or a normal work station? I point out the latter because without layering, things like Windows can "disable" a lot of things that are all tied together, but never really remove many things completely since ... whatever.
I guess what I'm saying/asking can be summarized: isn't layering one of those really-important things to Linux that shouldn't be violated? Reading the summary sounds like "In order to make Linux more Windows-like, we need to violate the things that makes Linux much more of a proper layered OS than Windows is."
If you're donwnloading the video, do their servers a favor and use the torrent. HTTP downloads are incredibly slow off of their server right now ....
So they can't use it in Parallels or whatever the vmware-equivalent is... neither can anyone else who wants to do it in vmware or VirtualBox
Bootcamp isn't emulated hardware last time I checked, it is just running Windows on the intel hardware