Slashback: Disclosure, Maricopa, Telecoms 376
Quick work by smart people. ciaweb writes "The OpenSSH group has revised its security advisory about the recent OpenSSH vulnerabilities. In it, they describe their decision-making process for releasing the bug information. It is interesting to contrast their procedure, which appears designed to maximize user protection, against Microsoft's, which appears to maximize Microsoft's protection."
Pardon me, sir, would you mind if I SLAMMED THIS HAMMER ON YOUR FINGERS?! D0wnsp0ut writes "I thumbed through my mail today and found what appeared to be a renewal notice for my domain. This one came from "Domain Registry of America." Verisign attempted something similar back in March and Bulkregister.com fought back and won an injunction, against the mailings. So watch out if your domain is getting close to expiring. I talked to my registrar (Register.com) and they're aware of it.
I'll scan the letter but have no place to post the pictures. Can anyone lend some bandwidth?"
Half the world has never eaten a Krispy Kreme donut, either. cshirky writes "I've just written an essay on the phrase ' Half the world has never made a phone call'. It's more 'voice telephony-y' than the usual telecom stories here, but after seeing the interest in media and the market that surfaced during my /. interview, I thought it might be of some interest."
Please stop sending my money to Redmond, OK? TrumpetPower! writes "All that brouhaha over Maricopa County's policy prohibiting companies or persons convicted of antitrust violations has had an effect. I just received the following note announcing a public forum scheduled for this coming Monday.
You recently inquired about the County's use of Microsoft products and the manner in which we license their software. We appreciate your interest in the County's technology plans. To provide a forum in which to discuss our technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at 8:30 am on Monday July 8th. The meeting location will be the County Administration Building at 301 W. Jefferson in Suite 420. Please RSVP your attendance so we can ensure that adequate facilities are available for the meeting.Thank you for your inquiry,
Paul Allsing
Deputy CIO
Maricopa County
301 W Jefferson, Suite 420
Phoenix, AZ 85003"
Ah, but what about the first annoying family photographer? 7h3_B055 writes: "Contrary to this article on Slashdot claiming the first photograph was created in 1826, much evidence is pointing to the fact that the Shroud of Turin may have been an earlier example (substantially earlier) of photography using ingredients as basic as egg-white for treating cloth (the photopaper) and urine for developing it. The camera itself could have been a simple box with a hole in it and the exposure time would have been lengthy."
Of course, there are a lot of theories about the Shroud of Turin, and a google search is likely to intrigue you for days.
if i were a county office, (Score:5, Funny)
or maybe i would.
Re:if i were a county office, (Score:2)
If I offended any other Pro-Pot politicians, I'm sorry.
If I offended any Amish people, what the heck are you doing reading this? Shame on you, Brother Jebbediah!
Re:if i were a county office, (Score:4, Interesting)
Are you out of your fucking mind? (Score:3, Insightful)
When will people realise that the way to help your child grow up safely is not to forbid things Gee, maybe the same time they realise that if a pair of minors wants to have unprotected sex, then that's their business. I.e., NEVER, HOPEFULLY, BECAUSE YOU'RE TALKING FUCKING STUPID.
Hey Genius, we're talking about minors here, doing illegal things. It's one thing if you want to try and make a point about the futility of the war on drugs among adults, and the government's assault on civil liberties by trying to regulate activites exclusive to one or more consenting grown ups, but geez, kid, get your head out of your ass and use some common sense. We're talking about kids here. I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe, so this may surprise you: kids DON'T know it all. Kids need guidance. They need discipline. And, to borrow a phrase from my father, as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES
Good Lord man, you take this all kids are good and can be trusted thing too far.
Re:Are you out of your fucking mind? (Score:2)
Word up, brother. In fact, I just ranted about this myself. If I may quote myself, "Where does this bullshit come from that 'they're just going to do what they're going to do anyway, and there's no way to stop them, so you might as well let them do whatever they want'?".
Re:Are you out of your fucking mind? (Score:2, Insightful)
I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe
What the fuck are you talking about? Who said anything about patches, or little kid geniouses or anything like that?
Were you even reading my post? The fact is You cannot stop your children from doing things they want to do. You know this. your parents tried it, and you did them anyway. So did your friends. All I said was that reaing your childrens' diary (a lot of my female friends had parents who liked to do this), reading his email, listening in on his phone calls, and stealing his pager and deciphering his "code talk" are not the way to go about things.
Policing children is not what parenting is about. Parenting is about _RAISING_ children, and teaching them: teach them how to make their own decisions about what's right and what's wrong, because by the time their desicions are life-threatening (unprotected sex, dui, drugs) they're going to make their own decisions wether you like it or not. Telling them what to do and what not to do is of course good - expecting them to do it "because i said so" is a fruitless and potentially damaging way of things.
Kids need guidance. They need discipline
I never said otherwise. And I never said kids can be trusted to do the right thing. But that doesn't make it right to go through their personal things looking for evidence just in case.
Re:Are you out of your fucking mind? (Score:2)
Re:Are you out of your fucking mind? (Score:2, Insightful)
Hey Genius, we're talking about minors here, doing illegal things. It's one thing if you want to try and make a point about the futility of the war on drugs among adults, and the government's assault on civil liberties by trying to regulate activites exclusive to one or more consenting grown ups, but geez, kid, get your head out of your ass and use some common sense. We're talking about kids here. I know in your little fantasy world it's the 10-year-olds who are hacking out the planet-saving patches keeping this fragile society together, while the Ph.d educated engineers at Microsoft scratch their heads in awe
I think the original posters' point is that children should be allowed to mistakes. Even dangerous ones, on occasion. A sterile, overprotective environment is anathema to a child's intellectual development. Indeed, this is observed in all primates, not just humans. The idea, I think, is to equip the child as best you can; to instill judgement and sense into their inchoate minds. Yes, punish them when they screw up. Yes, instill a healthy (not iron-fisted) discipline so they can grow up respecting themselves, and make intelligent choices. And, yes, sadly, you have to let them fall down once in a while. The risk you take in doing so is an investment in the child's psyche. Growing up is dangerous---it has to be, I think.
But where did you pull that 10-year-old hacker thing from, anyway? That was quite the non sequitur...
And, to borrow a phrase from my father, as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES
Well, that's fine. However, if you've done a proper job, one day your child will ask you where those rules come from, and their justification. You owe it to them to have a thought-out answer.
Cheers,
Michael
Re:Are you out of your fucking mind? (Score:3, Informative)
Telling a teen that something is dangerous is tantamount to challenging them to do it. Not productive.
Punishing a teen for doing something dangerous because "they could have been hurt" (even though they didn't get hurt) just encourages them to do it again to prove you wrong. Not productive.
"kids DON'T know it all" Completly stupid thing to say. Either your kid already knows he doesn't know it all (because you've done a good job of parenting), or he thinks he does, in which case he isn't going to listen. Not productive.
"as long as you're living under my roof, eating my food, and using my phone, you're going to follow MY RULES" You have to be joking. Which planet, exactly, do you come from? Because here on earth, this isn't going to work. Unless you WANT your kid to draw up a big list of your rules, and work their way down it methodically?
Every one of my friends I know who had strict parents promptly rebelled at the earliest opportunity. In general, the worse the punishment assigned to an activity, the greater enthusiasm they persued it with. And no, "discipline" isn't going to do a damn thing. You can't control every aspect of your kids life.
The most religious guy I knew in high school was a real model student. He studied hard, didn't drink, smoke, talk to girls, or party. He went to univeristy, and promtly went to a few parties, got drunk a lot, loosened up enough to meet some girls (with the aid of some pretty colored pills), moved in with one, and dropped out of uni.
His parents obviously did a piss-poor job of parenting, but they enforced their rules perfectly. He was the absolute epitome of the "perfect kid", except, of course, that he WASN'T. His parents hadn't tought him right from wrong, they had simple made him do what they thought was right, never realizing that HE didn't agree with them.
On the other hand, some of my other friends parents did things differently. One guy turned down a joint that was being passed around. His parents (refugees from the 60's) had told him that pot wasn't evil, but it was best to try it the first time in safe surroundings, so if he wanted to try pot, to tell THEM and they'd find some. Years later, and AFAIK he still hasn't bothered to try something so boring his parents wearn't fussed about it.
His parents had done an excellent job. They didn't enforce anything (as if that's even possible). But they had tought some ethics (by example, more than anything else, according to my friend).
If you really are a parent (and if so, I'm very happy I'm not your kid), you better either lighten up, or you'll get a very unpleasent surprise one day. No matter how cool you think it would be if you could control your kid, you can't. For most of their life, you will be unable to control them, and the greater the pressure you've put on them, the greater the urge to rebel when and where possible. It's not productive.
Slashdot: intergenerational facilitator (Score:3, Interesting)
Re:Are you out of your fucking mind? (Score:2)
--A muslim dating a jewish girl
Re:Are you out of your fucking mind? (Score:2)
Re:Are you out of your fucking mind? (Score:2)
If the poster's claim is not true, perhaps you could explain exactly who is sending the children to blow themselves up.
Re:Are you out of your fucking mind? (Score:2)
It's Iraq, not the Palestinian authority, that's helping families financially when someone has committed their own body ...
I'm sure some of it comes from Iraq, but you deny that a lot of it comes from Hamas elements in Palestine?
and that it's the Israeli that are occupying another countries land
Would that be the 1967 land that Israel won in the war when they were attacked by the palestinians, or the recent occupation as a result of the suicide attacks?
I'm not saying that Israel is totally blameless in anything, but the Palestinian are by far their own worst enemies [bbc.co.uk].
I MIGHT have some sympathy for the Palestinians when I see outrage in the streets over sending innocent children as suicide bombers. I don't see the Israelis doing that, which makes them morally superior no matter what else they might do, INCLUDING occupying every square inch of Palestine territory.
I'm not saying I'm an expert on that region, and know all the answers, but maybe YOU need to open your eyes, and realize that the tactics being used against Israel are not justified by any stretch of the imagination. But I guess it's easier to accuse others of having their eyes closed rather than look in the mirror.
Re:Are you out of your fucking mind? (Score:2)
Dude, you are seriously deluding yourself if you think any significant number of people are going to support giving heavy weaponry to a corrupt dictatorship with a proven track record of murdering innocent children, both Palestinian and Israeli.
How about this, when the Palestinians stop oppressing themselves, then I might start being interested about who else might be oppressing them.
Re:Are you out of your fucking mind? (Score:2)
When talking to Western media, the Arabs pretend they have moved these positions. When talking to their own people, nothing has changed.
-jon
Re:Are you out of your fucking mind? (Score:2)
What your claim boils down to is that the Palestinians don't know right from wrong and are just damn fools who are taking money from Iraq, not realizing they are sending their kids off as human bombs. This is crap.
I hope someone sends a suicide bomber to kill you some day. When they do, I'll just shrug and say, "they bomber's not at fault; it's those damn Iraqis".
-jon
Re:Are you out of your fucking mind? (Score:2)
The massacres in refugee camps (not concentration or death camps) in Lebanon were performed by Lebanese Christians. Sharon's "crime" was that he should have known that the Lebanese would murder women and children. Whether or not he should have known, it's interesting that no one mentions any culpability on the part of the Lebanese Christians. It's always the Jews, even though no Jews actually took part in killing.
What's funny about your poll claim is that right after 9/11, Joseph Farah, an Arab-American, personally called on Arab-Americans to put themselves in camps. You can read about it in his archived columns on wordnetdaily.com. So, what, is he anti-Arab, too?
-jon
Re:Are you out of your fucking mind? (Score:2)
As Farah pointed out in one of his articles (and I screwed up the URL, it's www.worldnetdaily.com), say that 99.9% of all Arabs in America were pro-American, against bin Laden, yadda yadda yadda. That would leave 7,000 Arabs in the US, dedicated to its destruction. And then idjits like you wonder why people support racial profiling.
You don't understand: I agree with neocon. I think it's absurd that Sharon is held responsible for actions taken by LEBANESE CHRISTIANS. What makes it doubly absurd is that no one is even remotely interested in charging a Lebanese Christian with this crime; it's only the Jews they are after, even though they had nothing to do with it.
As for why Sharon was found "indirectly responsible" for the massacre, after the Holocaust, Jews consider it the highest of crimes to turn your back when you even suspect that a massacre might occur. Note that if the UN was held to these standards, Kofi Anan would up on war crimes charges for turning his back on Rwanda. He was in charge of peace keeping missions when genocide in Rwanda and Bosnia occured, and shrugged his shoulders when it was clear what was about to happen in both places. Now he stands in moral judgement of Israel. What a fucker. I hope he's the first son of a bitch tried by the International Criminal Court, but it won't happen, because the ICC's job is to convict Jews.
And I wouldn't trust a European court for anything involving Jews. Europeans spend the better part of the last 1,000 years trying to kill every Jew they can find, and now Jews are supposed to take anything they have to say seriously? You've got to be kidding. I'm stunned that any Jews are still there. What, the Holocaust wasn't enough of a hint? You'd think that now that the Europeans are openly contracting the exterminate-the-Jews gig out to their recent Muslim immigrants, the remaining European Jews would get the picture and move back to their ancestral home in Israel.
-jon
Re:Are you out of your fucking mind? (Score:2)
However if you can show a comparative statistic of the usage of 'cite' for 'citation' across the English Internet as a whole, be my guest.
It's also not common at all in the University setting, something I'd know, being a Professor for 15 years.
Professor Mona Baker, I presume?
-jon
Re:Are you out of your fucking mind? (Score:2)
This is how Occam's razor works: you pick the simplest explanation for an event. Either a few overseas newspapers were hoaxed (such as the Chinese newspaper that printed a story from The Onion as truth), or Jews at CNN have decided to take down a single poll that everyone else on the planet has forgotten.
I think your tin foil hat needs adjusting.
-jon
Re:Are you out of your fucking mind? (Score:2)
http://www.cnn.com/TRANSCRIPTS/wbr.html
The story in the MIM was dated Sept 29th.
http://www.etext.org/Politics/MIM/mn/sept112001/te xt.php?mimfile=nofreedom.TXT
"Wolf Blitzer Reports" runs every weekday, Monday-Friday. You need to find a report that was squashed between 9/11 and 9/29. Now, there is a hole in the archives between 9/10 and 9/16. I think it's because CNN dumped all of its regular coverage. You need to prove otherwise.
Good luck.
-jon
Re:Are you out of your fucking mind? (Score:2)
Short answer is that everyone has some detail wrong.
The original article is from Time, not CNN. It hasn't been hidden by a cabal of evil Jews. It wasn't by Wolf Blitzer (although he might have quoted it in some article that is no longer available). It can be found at: http://www.time.com/time/nation/article/0,8599,176 815,00.html
The relevant portion is the end:
"On the homefront, Americans strong favor increased vigilance. A full 68 percent favor increased governmental wire-tapping authority, 55 percent favor email monitoring. Sixty-one percent would allow the federal government to jail any non-citizen terrorist suspect without a hearing; 59 percent favor holding suspects without bail for unlimited amounts of time. And 31 percent would allow the internment in camps of Arabs who are U.S. citizens. "
The way the question is worded doesn't sound like the question was "round up all Arabs." It sounds like "Arabs who are suspected of terrorist links" rather than locking up Jaimey Farr and Tony Shalub. But since I didn't see the original questions (and since the quote from above doesn't say "ARE YOU IN FAVOR OF LOCKING UP ALL ARAB-AMERICANS IN CONCENTRATION CAMPS?"), I can't tell for sure.
So, the Maoists blew a tiny poll out of proportion. What a shock.
-jon
Re:Are you out of your fucking mind? (Score:2)
-jon
Re:Are you out of your fucking mind? (Score:2)
Secondly, you proudly proclaim your support for a people who, according to consistent polls, are not only in favor (by majorities, not minorities) of crimes against humanity (as Amnesty International has labeled Islamikazis), but actual genocide against Jews. This compares to a minority (less than 1/3) of Americans who may have been in favor of internment (not death or concentration) camps for Arabs in America, right after a cowardly sneak attack on Americans that killed 3,000 people (at the time of this poll, the death toll was projected to be over 5,000). Meanwhile, Palestinians resorted to murdering innocents (celebrating it in the streets and holy places, teaching it to their children) after rejecting several peace plans without putting forward an alternate proposal. What a deserving people.
Your claim to moral superiority is spurious at best, evil at worst. Which is it?
-jon
Re:if i were a county office, (Score:3, Insightful)
lol, pure fant-tidily-antasy.
Having safe negotiated boundaries is the recipie for success. No boundaries is as bad as no freedom.
They're probably going to go out and smoke pot a few times no matter what you do
He'd better do more than that or they'll be hell to pay.
Maricopa County (Score:2, Funny)
Then questions will be directed to their managers, who will respond with, "No, we don't know what *nix systems are. Hell we don't even know what MSCE means, but everyone else was hiring them so we thought we should too.", "No, my machine is never stable for more than 24 hrs, and I don't know the difference between 95, 98, ME, XP, 2000, but they all have a pretty blue screen sometimes, right before I hit the reset button, so they must all be the same, right?"
--Huck
Re:Maricopa County (Score:5, Interesting)
I'll be providing a full report afterwards.
This could be interesting, to say the least.
Re:Maricopa County (Score:2)
Re:Maricopa County (Score:2)
good dog, you get a cookie. bring 20 of your closest geek friends, and have them sit in pairs around the audience(if it's big enough.)
write out a list of questions beforehand.
ask a question, and when they reply with a non-answer, have everyone do the whispering "we don't like what he just said" thing.
Make sure When you are called on, state your name and your job(only if it's tech related, compUSA don't count). Say that' you've been following the issues on technical sites(don't mention slashdot by name). Don't state your linux enthusiasm. when talking about "other" choices mention QNX, BSD, Macintosh, and (THEN) linux.
Bring a printout of information to read off. Bring flyers to distribute. be Informed. Don't do the "micro$oft Sux0rs!". This is about choosing the best OS, not about screwing microsoft(well...).Try to be clear and consise. get EVERYone you know to go, not just Geeks. The more the merrier. Bribe them to go if you must. Get your local CS and law professors, computer teachers, etc to offer extra credit to any summer class students they have. Local Youth Groups. Bo/girlscouts. Clerk from the local store. Get local gamers to go. get your Parents. Convince the local lawyers They'll be able to make a killing on the resulting lawsuits. Don't outright lie, just let people know that this *IS* important. Ask local stores if you can post a flyers. Get premissions from the cops if you have to and chalk the sidewalks(legal in some areas, not in others). Call up local businesses and talk to their system admins. get them to go.
Invite MCSE's. If they show up, one of 3 things will happen
1). they'll realize it time to learn something new.
2). They'll try to put forth an argument how they'll have to learn new job skills and it would be bad. If that's the case pull a "I know COBOL- should we force everyone to go back to that?"
3).They'll actually give some insight to the benefits of microsoft.(this one is largly theoretical)
If they don't want to go, Give them 3 examples of how microsoft has SHAFTED consumers(I can't think of any besides the bsa/school system fiasco). It's best to tell them with flyer in hand. let them know that Apathy is gonna let microsoft get away with worse, and it's already evident in the court case. this is their chance to stand up and make a difference. Once their there, make sure you don't lose them. Use small words, and east definitions. Get them involved. Use the Jargon file definitions. Include URL's of all references. Point them to the EFF if it's needed.
Perhaps offer to help the county set up a webpage for the people who are there to find out more. Offer your services. Try to come off as "this is a serious situation and it warrants everyones attention. Thank you for listening."
This literally has the chance to change the world...
And FINALLY....Don't use The Register as a source:)
Re:Maricopa County (Score:2)
Linden Thatcher, the CIO for Maricopa County, struck me as quite literate in the issues that were raised.
About 5% of the County IT/IS budget goes to Microsoft products, a vast majority of those being the 12,000 desktops they support. According to the statements Mr. Thatcher made, most of their "server-side" applications run on a mix of HP-UX and System V, with some apps running on Websphere.
There are currently a couple of internal projects running Linux/Apache to provide document publishing.
Mr. Thatcher has read "Ender's Game," and met Orson Scott Card (thank goodness we've got SOMEONE in the hierarchy who is not only literate, but READS!)
The Phoenix Linux Users Group people who showed up were very polite, and there was only one person in the crowd who seemed to be almost violently "anti-Microsoft."
Good meeting.
I'm posting here because the news submission got rejected...
Actually the real problems are (Score:3, Insightful)
Now some of you might say that you should just replace the users. Well, this just isn't really possable. With the IT staff, you can do this. YOu can tell them "It's your job to do the ocmputers, we want you to do UNIX computers. Learn how or we replace you". IF they fail to learn, you will actually be able to find replacements for them that can handle UNIX. However this is usually not the case with other employees. If you go and find a bunch of good lawyers, they are proabably all set on the software they use and not felxable about changing (they ones I've know are this way). Well, you won't get much of anywhere trying to force them to use something they don't know/like. And replacing them won't do any good since the replacements are likely to be the same way.
Now even if you can get all your users to go along with this changeover, you then have the expense of retraining. We can argue till the cows come home about total cost of ownership and such and how much UNIX would save, fact is retraining the staff will be EXPENSIVE and there will be a large loss of productivity during the transition. This will be hard to justify to no technical beancounters who see it is a totally unnecessary expense.
Then there is the problem of custom apps. Many bussinesses and government entites have custom software they need to use. This is often not cross platform. Well this then means that this software has to be rewritten and broght ot a new platform. Again, expensive and time consuming.
So the problem is that you are trying to do something not only that a flunkie IT staff may not be prepared to handle but that is going to be very unpopular, very time consuming and masively expensive as well as a productivity hit. Well, this is hard as hell to justify and to push through. Espcially the expense part. Managers shy away form large, upfront costs even if it means saving over the long run. You have to work hard to convince them it really will be a money saver, because if they are wrong about it, it's their ass.
Also there are some hidden costs with things like this. PEople are quick to point out that Linux is free and doesn't crash as much as Windows. However the problem is, as you mentioned, you need better tech staff to make it work. MCSE flunkies will not cut it. Well better people cost more money. In an orginazaition with a few UNIX and WIndows servers and lots of Windows desktops you can get away with a couple knowledgable staff and then a bunch of people with a minimal (But still mroe than the users) tehcnica knowledge to deal with little problems. Well if you tried to go all Linux you'd need to dump all those people and get a bunch of savvy admins. This costs more money.
At any rate, a total Linux/UNIX conversion of a lrage instution or bussiness is possable, but can be very, very difficult.
Re:Actually the real problems are (Score:2)
That's up to the particular departments in question. I work for a different group (we use Outlook, OE or pine pretty much exclusively).
At any rate I don't think registering would do any good, what happens is for some reason it can't seem to talk to the SMTP server. IT recieves mail fine, but won't send. OH and only some Eudora clients do this, others don't. OH, and it just started like a week ago. My bet is it's a peice of software, maybe virus, that some people grabbed.
At any rate the point is most users are VERY resistant to change. Here we are asking them to change the tinest thing, their mail client. The new one will work just like the old one (and it doesn't have to be OE, Netscape Mail/Mozilla Mail work just fine too) the only difference is it looks a little different. Nope, they'll have none of it. Can you imagine the whining and bitching if we tried to force a new OS on them? Espically if, god forbid, it didn't have Esheep.
Re:Maricopa County (Score:3, Funny)
Sorry, terrible pun. Couldn't resist. Preparing for downward mod spiral...
OpenSSH Vulnerabilities (Score:2, Interesting)
Re:OpenSSH Vulnerabilities (Score:3, Informative)
For the services they do install by default, they mostly use older versions instead of the latest-up-to-date version. This gives the software a chance to mature, weed itself of security holes, and gives oppurtunity for OBSD developers to audit the code themselves before placing it into the default install.
Now as for OpenSSH, I dont know if it was an older version, as OpenSSH is written by the OBSD team. I would suspect that OSSH has had the flaw for some time (like the vast majority of flaws do), just not found until the past few weeks.
Re:OpenSSH Vulnerabilities (Score:3, Informative)
OpenBSD has changed it's tagline to "One remote hole in the default install, in nearly 6 years".
The two security holes were introduced somewhat recently (OpenSSH version 2.3.1 for the PAMAuthenticationViaKbdInt bug, and version 2.9.9 for the challenge-response bug).
How hard is it to go to http://openbsd.org to check for yourself?
Re:OpenSSH Vulnerabilities (Score:4, Insightful)
Also, 2.3.1 (the earliest version vulnerable to the recently found problems) was released in 1998. 1998 is not 2002. So my suspicion that the bug was actually in the software for several years was correct. It wasn't until the past few weeks that it was found and patched. It was also yesterday that GOBBLES posted an exploit in an attachment called sshutup-theo.tar.gz. Yes, there was that extra s there.
FWIW, there is a often-referred to BugTraq posting with a subject along the following lines: "Wu-FTP, providing remote root since 1994." The post was made during the year 2000.
Hence, I wouldnt call my post "drivel"
Re:OpenSSH Vulnerabilities (Score:2)
The two security holes were introduced somewhat recently (OpenSSH version 2.3.1 for the PAMAuthenticationViaKbdInt bug, and version 2.9.9 for the challenge-response bug).
Shouldn't that say TWO remote holes in the default install, then? Just because they were fixed at once doesn't mean that they're one hole.
That's how it should be (Score:5, Insightful)
Domain Registery of America Letter (Score:5, Informative)
Re:Domain Registery of America Letter (Score:3, Informative)
Actually, I think they very well may be. Where did they get the address to send the advertisement to? I'm assuming the same place they got the expiration information - whois.
Most whois servers have a notice like the following, I've noticed:
My registrar's whois database has this notice. I got one of verisign's sleazy notes as well (though I knew what it was, at least.) If I get one from DRA, I'll be complaining...
Re:Domain Registery of America Letter (Score:2)
"ICANN contracts mandate each Registrar to sell bulk whois data to anyone."
Most registrar don't tell you this because if they did, hey, they'd lose money right? But if you use a decent registrar or read the ICANN agreement you'd know it. You can also opt out of it. Most sleazy registrar require you to write in or otherwise take a stupid amount of time todo it. Thats why I like gandi.net they're run out of france and have a big paragraph explaining it and radio buttons where the default is opt-out
Re:Domain Registery of America Letter (Score:2)
'Half the world': Quantity _does_ matter (Score:2, Insightful)
Wrong: it doesn't imply hopelessness, but rather encourages us to take action to change. Do you think that Kofi Annan wants us to throw up our hands and not care about the rate of improvement? No! By recognizing the magnitude of the problem, we can realize how important <i>more</i> improvement is. Just because things are improving doesn't mean we shouldn't be concerned about the huge inequalities that exist.
Shroud evidence: Jesus underwent nuclear fission (Score:5, Informative)
One theory is that Jesus became pure energy and the radiation burned the image into the cloth. This isn't a far fetched theory really. We don't know how He resurrected. As the theory suggests, He could have transformed into a form of energy. Einstein's famous equation E=mc2 tells that matter can become pure energy. In fact this is the same concept of an atom bomb - matter becoming pure energy using radioactive material as a catalyst.
This is evidence???????
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:5, Informative)
-J
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2, Funny)
Jesus is a vampire? Does that mean if you take communion, you become a vampire? I can't believe the church doesn't advertise this. I'm on my way to mass.
not to mention the AMOUNT of energy... (Score:2)
if a pure matter to energy conversion took place...
Energy = Mass(Speed of light)^2
Assume a 90kg person, and C= 2997992458 m/s
Energy = 90kg(299792458m/s)^2
Energy = 90(8.9876e16)
Energy =5.3925e18 kg-m/s or 163,410,032,498,000,000 kilowatts
SO in short, that shroud wouldn't have an image burned in, the shroud (along with a good deal of the surrounding tomb and Pilate's Guards would have been vaporised.
Re:not to mention the AMOUNT of energy... (Score:2)
(Assuming 50 Kg converted to energy)
Conversion factors & Constants
1 joule = 10000000 erg
C = 3 x 10^10 cm/sec
1 megaton-tnt = 4.18 x 10^15 joules
E = mc^2
E = 5x10^4 g * (3 x 10^10 cm/sec)^2
E = 5x10^4 * 9 * 10^20 ergs
E = 4.5 * 10^25 ergs
E = 4.5 * 10^18 joules
E = 1077 megatons-tnt !!!
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
No, but he could have left burn marks...
Granted this makes their explanation of shadows and Hiroshima completely unfounded, but it still doesnt' eliminate the possibility. Personaly the image looks rather unasthetic to me.. is it proportional? Has this been measured?
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:5, Funny)
"Yea. I knew Jesus. Nice guy. Real concern for his fellow man. Kinda quiet. But boy... once you set him off... what a temper!"
as a physicist and a geek.. (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:3, Funny)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:4, Funny)
-Peabody
Newsflash: (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Besides, everyone knows we only discovered nuclear fusion in the 1940s. Sillies.
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Re:Shroud evidence: Jesus underwent nuclear fissio (Score:2)
Yep... that Mediterranean Sea's looking a lot more suspicious now...
Actual crucified foot, my ass (Score:2)
One obviously questionable assertion that they try to pass off in the details makes for a whole site of suspicion.
So which is it? (Score:2)
In "Carrying the cross" --
Christ's broken nose is attributed to the impact of his face hitting the ground as he fell while carrying the cross.
In "Death" --
The Gospel of John concludes that paragraph saying, "this was done so that scripture would be fulfilled that not one bone of His body be broken." And indeed, throughout the entire passion of Jesus, despite the extraordinary atrocities done to him, not one of his bones were broken.
I's like to touch on a point not raised by the Shroud site. It stands to reason that Jesus was circumcised, being Jewish. so, when he rose to heaven, did he leave his foreskin behind?
Re:So which is it? (Score:2)
http://atheism.about.com/library/weekly/aa05100
nose bone? (Score:2, Interesting)
Seems like a technicality either way, but still
My mom's nose was once broken by (someone else's) ski pole. They didn't even stop to apologize, which did not please her.
Best book I've read on the SoT is the one by (iirc) John Heller, quoted on some of the sites I've seen today
timothy
Re:So which is it? (Score:2)
Sure. Along with baby teeth and pounds of dead skin, shed hair, and toenail clippings.
Not to mention countless gallons of solid and liquid waste.
I am *truly* sorry about that... (Score:5, Funny)
I'd like to formally apologize to Sears Photo Studio [searsportrait.com] for ever having complained while sitting through those family portraits back in the '70s. In retrospect, you were surprisingly gentle with me.
Vermeer: First Photographer (Score:3, Interesting)
I recently saw a TV segment about research showing that he quite likely projected an image onto canvas using a lens, then painted or sketched the projected image.
He probably wasn't the inventor of the technique. I believe it was called a 'camera obscura'.
Just found a link, thanks to Google:
Vermeer's Camera [vermeerscamera.co.uk]
Re:Vermeer: First Photographer (Score:2)
Detailed analysis of the exploit? (Score:3, Interesting)
With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.
Hints, pointers, source snippets? All are appreciated.
Re:Detailed analysis of the exploit? (Score:2, Insightful)
sshutup-theo.tar.gz [securityfocus.com]
See here [securityfocus.com] for the corresponding message.
Re:Detailed analysis of the exploit? (Score:5, Informative)
The problem lies with the xmalloc line in:
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char*));
for (i=0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
Basically, the sizeof(char*) will return 4 on a normal x86 machine... which means that if nresp is greater than one-fourth of 0xffffffff (UINT_MAX), i.e. over 0x4000000, then you overflow xmalloc(), which is just a wrapper function for standard malloc().
I know I can't be the only who thought of it (Score:4, Funny)
Re:I know I can't be the only who thought of it (Score:2)
SuSE on the OpenSSH Vulnerability. (Score:5, Informative)
SuSE's "SuSE-Security-Announce" mailing list released this [suse.com] post today regarding their response to the OpenSSH vulnerability. It contains a ton of information, and FTP links to update your OpenSSH packages for the aforementioned versions of SuSE's distribution.
snatching domain snatching (Score:2, Interesting)
I talked to my registrar (Register.com) and they're aware of it.
That's interesting, I have a letter from Register.com asking me if I want to extend my domain name term. But my registrar is easyDNS.com.
I'm not kidding, I have it right here.
Re:snatching domain snatching (Score:2)
Shroud!! (Score:2)
The only reason someone would claim the shroud was a photograph is because it is a negative image like negatives are. In no way shape or form was a picture taken involving pinhole cameras and the like. I mean good photosensitive materials were a long way in coming still.
Maricopa going open source (or whatever) (Score:4, Informative)
As someone who regularly consults at the county , city and AZ state agency level, I hate to inform ya'll that this is very much a Microsoft kinda town. Yep, you heard it here first.
Further, Maricopa county is small potatoes when compared to the state and city agencies/IT budgets. Scottsdale's (one of the valley's cities) CIO probably has four times the dough than the dude that runs the county's boxen. Not to mention Phoenix city proper. And Tempe, Chandler, Mesa, etc. etc. Oh, and the state government.
And of course, government agencies are the least prepared to transition an existing employee base to a brand new technology paradigm, regardless of the cost benefits this might theoretically bring (or how supposedly easy it is to switch to Linux/KDE/OSS Office suite).
Sorry, I had to break the news.
Re:Maricopa going open source (or whatever) (Score:2)
Considering how far the UI has come, its only got to be easier to migrate.
As soon as someone with political power ralizes its there ass if MS screws up, the tend to rethink things.
What do you think would happen if the BSA showed up at the mayor's office to check there lisences?
Phoenix residents-- this is your chance... (Score:3, Insightful)
If you seem too fanatical or "out there", you may scare them off-- it's easy to dismiss a lunatic, even when they're right. So please don't dress like Obiwan
Good luck everyone! Let us know how it works out Monday! Someone call the Arizona Republic [arizonarepublic.com] and New Times [phoenixnewtimes.com]. (And be on the lookout for a counter-offensive from Microsoft).
W
Early photography (Score:4, Funny)
Now while I'm wondering how someone decided that oysters were edible, I can wonder how someone figured out 2000 years ago that urinating on an egg-white soaked cloth would produce an recognizable image. I know that things like gun cotton and Bakelite were discovered by accident but this egg-white thing I'm finding a bit hard to believe. But I would sure like to see a Mel Brooks bit on that historic moment.
Krispy Kreme (Score:2, Funny)
Is that by weight?
the word "may" (Score:2)
I don't read the statute as a binding mandate on the county to stop doing business with a contractor, but rather, as an escape valve that they may exercise if they so choose.
I suspect that everybody who shows up Monday will be told as much, if the matter is even addressed. I'll try to be there...
Maricopa Meeting Help (Score:2, Interesting)
Re:Maricopa Meeting Help (Score:2)
Krispy Kreme donuts (Score:2)
And now, back to your regularly scheduled surfing...
-l
Maricopa letter translated (Score:2)
You got my ass raked over the coals by the Board of Supervisors. Goddamned Linonuts.
We appreciate your interest in the County's technology plans.
I'm damned tired of you taxpayers poking your nose into how I waste, errr I mean spend, your money. If you'd all just die now, it would make my career that much easier.
To provide a forum in which to discuss our technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at 8:30 am on Monday July 8th.
I'm gonna have enough MCSEs at that meeting to outnumber you commie hippy Linonuts two-to-one. And Microsoft plans on having every OEM and VAR in the valley there too.
Please RSVP your attendance so we can ensure that adequate facilities are available for the meeting.
I'm making sure that most of the audience will be Microsoft shills, and the place will be so crowded by sunrise you won't even get inside. There'll be enough of us make you look pretty stupid if this gets on TV. But it probably won't.
Re:Great news for Linux! (Score:2, Insightful)
-J
Re:Great news for Linux! (Score:2, Informative)
-J
Exactly! (Score:3, Funny)
It'll also be pretty sweet when all that GPL'd, SouthWest-oriented county management software can finally get used. It's been ramping up in usability on SourceForge [sourceforge.net] for literally months and it's time to give that stuff a spin around the block!
It's a great time to be a Linux fanatic!
Re:Great news for Linux! (Score:3, Interesting)
MS likes to think its EULAs are binding contracts. Therefore, if the EULAs are valid, then there is a contract between the county and MS. Conclusion: Whenever someone in the county installs any MS product, MS is de facto a contractor.
Alternate conclusion: MS wants its products used, and has to admit the EULAs aren't binding contracts in order to not be considered a contractor. All EULAs are then admitted by Microsoft to be invalid.
Re:Great news for Linux! (Score:2)
Re:Great news for Linux! (Score:2)
This actually falls within one of the parts of TCO that I've heard mention here. A careful company would have the lawyers review every EULA very carefully for every piece of software installed by every employee. The reason being that an employee would be entering the company into a legal contract (click-wrap) without prior legal review.
Not all (Score:3, Interesting)
Re:Not all (Score:2)
register.com guilty too (Score:2)
Re:It's JEBUS (Score:2)
Truly miraculous
Re:Maricopa's Policies (Score:2)
Chapter 11.28 [pima.az.us]
Suspension And Debarment Of Contractors