Slashback: OSX Security, DoD Filtering, Anonymous Posting 211
University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."
Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."
More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.
AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.
More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"
Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."
Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."
Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"
A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."
OSX security (Score:2, Interesting)
OS X security competition "ends" (Score:5, Interesting)
Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight.
Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community.
Still, shut down or 'ended,' not being hacked is a good show. Congrats to OS X.
I think Apple would be well-served by having a continously running OS X security challenge, for both OS X and OS X Server. Offer a reward every time you demonstrate a hole, and fix them fast.
Are Slashdot Editors embarrassed yet? (Score:0, Interesting)
Yesterday, you had a flimsy story about supposed biased filtering by the Marine Corps in Iraq where two seconds of thinking and work would prove that it wasn't some vast right wing conspiracy.
Now today, you have a book review about Markos "Screw Them" Zuniga and his ineffective and ultimately inconsequential site and followers.
Where does it go from here? It seems the editors just want to bash us over the head with their left-wing tripe, without giving any balance.
I remember once CmdrTaco said politics don't belong here. Digg.com is eating slashdot alive right now. Better stories, better tech, better forum. It's only a matter of time slashdot becomes irrelevant unless they can turn it around.
chinese tld's (Score:2, Interesting)
Does it matter what they say? Any Chinese portal with enough heft can just start handing out Chinese TLDs whenever they like. (For that matter, so could I, but noone would know). Does anyone know the current state of international tld support in browsers? And what encoding is/would it support?
For that matter, if China (mainland) blazes the path for Chinese TLDs, would they go with gb2312 and thus sort of make China (mainland)'s TLD scheme the default for the world as opposed to Taiwan's Big5?
Myself, I'd be happy to see utf-8 tlds, but that's small potatoes compared to my fervent whish for a utf-8 clean php release. Does slashdot support
Re:OS X security competition "ends" (Score:5, Interesting)
Would be nice to see something like this for all platforms. The only question is how valid is the test, since the security of computer depends as much on the network security around it, as the machine itself. Firewalls can help filter out much of the bad traffic, reducing the final impact on the host. I would not like to say that any system is invunerable, since vunerability also depends on the configuration of the machine and the people managing the installation. A well patched windows installation might be as good as a well patched OS X installation.
Re:Oops! (Score:5, Interesting)
I am very bothered... (Score:5, Interesting)
Software researchers are the most impacted by this, as it's hard for a PhD to claim natural stupidity as a defense. It's expected of most end-users (even when that is unfair) so they can get away with it.
Re: Mac Challenge (Score:5, Interesting)
Looks like every hacker and their uncle had a go at this one. I wonder how many unique IP addresses were used to access the challenge.
Re:I am very bothered... (Score:3, Interesting)
After you've embarrased them (and gotten it into the public record) you can counter-sue them for wasting your time and money. If you're lucky, you can get some punative damages too.
Unless France is like England, where truth is not a defense against defamation (of which libel & slander are subsets). Other than that, it seems like not including the proof is more prudent than getting bankrupted by copyright claims.
Re:Windows no longer uses BSD network stack (Score:2, Interesting)
$cat ftp.exe|grep california
You should get the "Copyright blah-blah regents of the universty of california, berkley" or something similar, I can't quite remember
Parent is right. (Score:4, Interesting)
I completely agree with you. a 4,5% share seems low but many hackers would get a terrific ego boost by being able to shut up once for all the mac fanboys. Also some attacks on windows rely on unpatched machines with this and that service running and reachable through firewalls, which could well mean an attack on the 10% or less of the total of windows machines which in turns makes like an 8-6% or even less share. Crackers still take time to engineer them, though.
Mod parent up, please.
Re:Are Slashdot Editors embarrassed yet? (Score:1, Interesting)
As opposed to slashdot: clunky website that's incredibly bloated with no real content and a horribly dumb community. Digg doesn't put up with shit from Zonk, **BeatlesBeatles or Roland Piqueeiellee; that says a lot. If it weren't for the trolls, I wouldn't read slashdot.
Shhhh! (Score:2, Interesting)
"Why Windows Vista won't be known to suck."
Re:Are Slashdot Editors embarrassed yet? (Score:5, Interesting)
It's not about left-wing or right-wing or centrist or any of that. It's about money and power just as it has always been. Play the follow-the-money game (and hone some research skills too, woohoo!) more often and you will come to see this.
Left, right today. God, Satan yesterday. You notice it's always two, and only two, diametrically opposed ideas that can be compromised but cannot be reconciled (with other ideas existing only in an extremely marginalized form that is unlikely to be implemented, such as libertarianism). Your basic divide-and-conquer strategy. The left-wing vs. right-wing is an idealistic clash that does a great job of distracting people from basic critical thinking skills and a willingness to stick to the facts as determined by evidence when making decisions. It's a distraction, and it's a deliberate and effective one.
I'll give an example. Generally a left-winger is for greater personal freedom and more economic restrictions (particularly income redistribution, but there are others). Generally a right-winger is for greater economic freedom (tax cuts and the like) but more restrictions on personal freedom. Well, guess what? Both require a rather large government to properly realize their stated goals. So you have everyone squabbling over which set of restrictions they prefer, meanwhile, the elected officials continue to enjoy an ever-increasing national budget and more and more laws to appease their campaign contributors (recent changes to copyright law, anyone?). No matter how you carry out the left vs. right debate, a minimal government will never be the result. As stated above, a very effective distraction. For the people who stand to gain from less real freedom, and this subset of the population includes the major media outlets, it has served its purpose well. You don't need a conspiracy of any sort either; all that is required is that those who desire power act in their own interests while no one does anything to check them because they're too concerned about who will win the next American Idol.
It has always amazed me how so many people would agree that throughout history, religion has been used to control people by keeping them ignorant and willing to obey, but the same folks who will agree with that find it absurd that media and propaganda and creature comforts and an overemphasis on work/business can be used the same way.
There is no AT&T (Score:4, Interesting)
The "real" AT&T, pathetic as it was in the last couple of decades of its existence, had a long and interesting history, dating to the 1870s. There's something profoundly phony about a company like SBC claiming to be a continuation of that.
Re:Windows no longer uses BSD network stack (Score:1, Interesting)
cmd> ver
Microsoft Windows [Version 5.2.3790]
cmd> strings c:\WINDOWS\system32\drivers\tcpip.sys | egrep -i california
cmd>
Re:Oops! (Score:5, Interesting)
I think you missed the point. (Score:2, Interesting)
Let me get his point across for you:
I really don't see a thing, not one single thing, that will make the still undelivered Vista significantly better than the Linux or the Mac OS X desktops I have in front of me today.
You know they want to give him the best they have, but it did not live up to the competition, much less they hype. If you own a computer go get things done, you can get those things done with far less money. You can even do it with "beta" versions of free software, like Debian Etch or Sid, which do not hog up 6 GHz of processor or 850 MB of RAM on idle, but do offer every feature a user could want.
Five years ago, XP offered the world a pretty good reason to leave the Microsoft world. Indeed, until a year or two ago, the majority of people on Microsoft had not yet moved to XP, despite it being the default install on every Major brand of computer sold. Sales of Vista are going to be much worse because the hardware suck is so much greater.
Re:What kind of sentence (Score:2, Interesting)
I could go on at great length about the iniquity of PowerPointisation of the English language, but I won't. Suffice to say that we should not have to assume that our audience has the attention span of a flea.
Re:UTF (Score:3, Interesting)
Based on the current definitions, we should be looking at UTF-32...
The Unicode FAQ talks a lot about how nobody needs more character sets than UTF-16 can support, but (a) they don't represent all languages, or even a reasonable set, because UTF-16 can't handle that many...
With due respect, you clearly don't know what you're talking about.
UTF-8, UTF-16, and UTF-32 encode exactly the same characters. There is no character that can be encoded in UTF-32 that cannot be represented in UTF-16 or UTF-8. And there is no character that is needed to write any text in the world that would not fit into the range of characters that Unicode allows for. Period.
Moreover, the efficiency implications of decoding UTF-16 surrogate pairs or long UTF-8 sequences are hugely overblown. Yes, UTF-8 and UTF-16 are variable-length encodings, but in practice that is totally irrelevant. Even UTF-32 represents many logical characters as multi-codepoint sequences, with things like combining diacritics. The complexity of processing things like Arabic text, which is full of ligatures and positional glyph variants, dwarfs the perceived complexity of performing a few bit shifts to convert three or four UTF-8 bytes into a Unicode codepoint.
In the nicest possible way, please go and learn about how these things really work before you come back and mouth off about things you don't fully understand.