Oracle Breakable After All 878
Billy writes "Unless you've been living in a cave, you've seen Oracle's Unbreakable campaign (Can't break it. Can't break in.), which was kicked-off by Larry Ellison personally at Comdex last November. Now U.K. security researcher David Litchfield says you can break in, thanks to at least seven different security holes in Oracle 9i, according to this SecurityFocus story. Oracle's top security manager is quoted as saying that "unbreakable" doesn't really mean unbreakable, or something."
This Is Why People Wait (Score:1, Interesting)
We're waiting on moving to 9i. No, wait, we're not even waiting. We just moved to 8i last year and there's no reason to move to 9i for us now, no matter how "unbreakable" or not 9i is.
Happily, though, these holes will get plugged and when we *do* move to 9i, it might be closer to being *giggle* unbreakable.
Re:The first Slashdot troll post investigation (Score:0, Interesting)
MS is evil!! -- my cheap shot at karmafying myself...
Wasn't Breaking in the whole point ? (Score:3, Interesting)
Now i wonder, it worked they all readdy found 7!
Quazion.
A method to the madness, maybe? (Score:2, Interesting)
Re:The first Slashdot troll post investigation (Score:0, Interesting)
There is a sucker born every minute... (Score:2, Interesting)
Re:There is a sucker born every minute... (Score:2, Interesting)
I tend to think Larry put this challenge out to get free security testing from the community. The engineers knew his announcement would be heard as "I fart in your general direction" and geared up the patch writers accordingly.
Yes, some sorry PHB will only remember the campaign, not the bugs. Yes, sales will increase. Perhaps that was the goal, not the free bug testing... but you can't ignore either benefit for Oracle.
Re:Unbreakable in a legal sense... (Score:2, Interesting)
The reasoning is that
- Oracle has several "access control" features
- Customers use those "access control" features to control copyrighted material
- An Oracle exploit would then end up being a copyright control circumvention of some customer or the other
Re:Nobody bothered to read the challenge... (Score:2, Interesting)
As opposed to most of MS's exploits, which had patches out like 3 months before the exploit became widespread.
Right, it says more about the certification (Score:3, Interesting)
If it's "let's attack the binary and see if we can break it", that's potentially harder to catch something like this, but then again, how hard can it be to see if the binary links against the system C library at the known offsets of gets, fgets, sprintf, etc.
What would be lamest of all is if the certification process goes something like, "What's your security engineering process? Oh, sounds secure to us."
Re:The first Slashdot troll post investigation (Score:0, Interesting)
I have written both normal and troll posts, 1st posts, etc., both logged in and anonymously, and I have found these rather shocking results:
Statistics based only on your posts are definitely not enough. For starters, maybe you experienced more modding down because you don't post anything interesting, even when you mean to. Your assumption that there are concrete objective categories for modding is without merit. The distinction between troll and normal posts is a judgment call, if it were not the moderation system would not be needed.
even when it's not a particularly interesting or clever post [slashdot.org]. There are a LOT more +5 posts than +3 or +4.
Again, this is a judgement call, apparently it was interesting to enough people to get it modded up.
Digging deep into the history of slashdot, I found this poll [slashdot.org], which clearly indicates the vast majority does NOT want the moderation we have here today. 'nuff said.
I didn't even bother to check the results of this poll, anyone who points to a web poll as statistical evidence should have all of his conclusions immediately called into question, even if they appear to be solid, which your do not. Trying to prove anything by an easily stuffable poll is ridiculous. But for arguments sake let's say that each vote represents the opinion of one and only one person. Still the poll's accuracy is highly questionable. In fact if I were to predict the outcome of such a poll ahead of time I would have guessed that the greatest number would vote against the moderation system. Why? Because those that post anonymously or having nothing to say would have more reason to vote (negatively) since they are the ones constantly being modded down.
Of course as off topic as your post and my resultant response (damn I'll take two karma hits in one day) were I do commend you for trying.
As one final thought let me leave you with this, I disagree with the action of modding (not the fact that it exists) for the most part. But you need to remember that most likely the majority of the readers of slashdot are the young and the internet, that's a natural result of popularity and a sure reason to expect the lowest common denominator.
Re:Wow, someone actually agrees... (Score:0, Interesting)
Re:The first Slashdot troll post investigation (Score:0, Interesting)
It would have been good to provide some specifics (how many posts, of which type, etc.)
That's because it's a lot easier and quicker to spot trolls, firsts posts, links to goatse and assorted other crap, so more of them will get moderated. No big surprise there. Time may be a factor (see below)
That's an interesting one, probably a case of (unconscious?) karma whoring on the part of moderators. This may be an area where tweaking with the point system may prevent this herd mentality, so I hope Taco or whomever is reading this thread.
I don't think there's any conspiracy against ACs or individual posters. This probably happens because moderators often may browse at 1 instead of -1, instructions to the contrary notwithstanding. That means you won't see the ACs at all; no conspiracy theory necessary to explain this, just that the moderator can't or won't browse at 0 or -1.
For some reason my turn to moderate has come up an unusually large number of times in the past two months or so. I tend to do moderation at work but not during work hours (first thing in the morning, or in the late afternoon). If I happen to be having a busy day at work (which is most of the time) I may decide to browse at a higher level to be done more quickly, on the theory that it's better to do some moderation than none at all.
For the same reason (lack of time, the mod points about to expire, etc.) it takes a lot less time to moderate down a first post, troll, etc. than to wade through 300+ messages looking for some good ones. So if you're busy (or tired of reading junk) it's the most expedient thing to do.
See above.
Meta-moderation is supposed to help on this, but the feedback loop probably takes too long and furthermore you are right that overall there tend to be clear biases in the Slashdot population.
That's not an argument for not having a moderation system, though.
Rather, I think that the moderation system should perhaps distinguish moderations done to opposing or unpopular viewpoints (the odd pro-MS or anti-Linux post that's not a flamebait), and up the rewards for the moderators who do them.
So, of the two things I agree with you, they could be translated into proposals such as:
One interesting (encouragning?) thing is that your message got modded up. Good thing, IMHO.
Re:The first Slashdot troll post investigation (Score:0, Interesting)
Whenever a new version of Slashcode is made available, there are lots of suggestions for ways to improve moderation options, but I don't recall ever seeing any substantive discussion of the topic with participation of the real powers behind /.
In short, the poll does not have to be accurate to be significant. What it signifies is subject to interpretation.
As JoelOnSoftware said just a couple weeks ago: (Score:3, Interesting)
from http://www.joelonsoftware.com/news/fog0000000337.
Re:slogans slogans slogans (Score:3, Interesting)
You're too young, no doubt, to remember the Slogan Wars between Avis and Hertz of the early 60's.
In those days, it was considered taboo for an advertiser to directly mention the competitor's product when making comparisons. In fact, it was quite a shock when, in the mid 1970's we started seeing TV commercials where one brand explicitly stated that their product was better than a specific competitor's product. It's pretty common now, but you never saw it back in the day.
Anyway, some consumer survey gave Hertz marketroids the idea that they were the #1 car rental company (in an unbound domain, with unspecified terms, naturally). Hertz went to town
with this "fact." Worthy of note, the Hertz sign atop the infamous Texas School Book Depository building.
Avis countered Hertz with their own ingenious slogan: various flavors "We're #2, but we try harder."
At the same time, they made yet another marketing innovation -- they designed all their ads so that they could be distinguished at a distance of 40 feet. Thank Helmut Krone for that.
Re:The first Slashdot troll post investigation (Score:0, Interesting)
You know what I learned? I learned that most of the "Famous" and "Big Names" in the linux scene are attention starved name dropping weenies.
It after my assigment at Andover.net ended that I realized the whole Open Source movement is over. Done with. There are way to many people with way to much ego. All of the linux people in charge of the project were too busy stroking their ego's and counting their stock options.
I thank CmdrTaco and all the rest for a good 2 or 3 years of entertaining reading, but times have changed, there is no energy left here. Time to move on, Open source has been assimilated by Corporate Practices. I sincerely feel that all that was good about Slashdot, and to an extent the Linux fenomenon is over. This Thread just ended any hope I had left. Time to bring on the next fad.
Re:The first Slashdot troll post investigation (Score:0, Interesting)
Go fuck yourself, micheal!
Re:Editor: I'll take a 3-point karma hit too (Score:0, Interesting)
Anyway, much to my surprise, the moderation is not robomoderation. Some human being is, almost unbelievably, doing these by hand. What a sad person - hi there Mr Sad! (waves).
The question that we should be asking is "Who is Mr Sad?".
For the first time in my life I understand the trolls.
Re:Editor: I'll take a 3-point karma hit too (Score:0, Interesting)
Mr. Sad's name is Jamie McCarthy, and he calls modslapping threads "grunt work" in this post:
http://slashdot.org/comments.pl?sid=24252&cid=264
For the first time in my life I understand the trolls.
Welcome to our frustrated, pissed off, disenfranchised little world [n3.net]. We can teach you more about Slashcode and how the system really works than anyone else; but at a price. Prepare to be bitchslapped, modslapped, IP banned, $rtbl'd, and lose all your moderation priveleges. We offer knowledge at a cost.
Blue or red?
Re:The first Slashdot troll post investigation (Score:0, Interesting)
Just because my name is canadian troll, doesn't mean that everything i say is a troll.
Oracle's software (Score:0, Interesting)
Black & White colours...like these times... (Score:0, Interesting)
Emperor Marcus Aurelius once said: "If you can't change people, you must endure them..." It is very easy to destroy what others build without the compromise of proposing something new in exchange. Less ideals and more actions! (if I break something it is fair to break something inside myself at the same time) Things must be hard for everyone during these days, aren't them?
Re:The first Slashdot troll post investigation (Score:0, Interesting)
Emagin lots and lots of users with the ability to kill someones chances of moderating with a fair/unfair rulling. I would not be suprised to see that meta-moderation was suspended till this thread is arcived.
Re:The first Slashdot troll post investigation (Score:-1, Interesting)
But seriously, there are *many* stories where it seems 50% of the comments are funny comments of this variety [slashdot.org] - not to pick on this particular poster, but it was immediately accessable and very indicative of the typical "funny" comment - ones that require the poster to be seeped in at least 3 hours of sitcom humor a day. It is very typical of the sitcom humor breed and detracts from the overall interest of
Re:The first Slashdot troll post investigation (Score:0, Interesting)
Sorry if it seems like I'm spamming this, but it needs to be done if the editors are going to wake up and conclude that what they did to this thread was wrong.