Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Slashback

Slashback: Cables, Kernels, Crackers 38

Information (yes, in English;)) below about superconducting cables in Denmark, more information on how not to get your server broken into (process, not product, naturally), and another update for the Linux Kernel Summit.

Under the sea, a strange force was brewing ... Dag Willén, Group Leader, Superconducting Technologies at Denmark's NKT Research, wrote in regards to the recent story about superconducting cables in Denmark, saying "Info in english about this project can be found at www.supercables.com. (sorry for our "one-size" web design for 600x800 px, it was limited budget and talent.)"

Thanks, Dag.

Moving pictures of moving words Recently, a kernel summit took place, and many of the top kernel developers gathered in San Jose to wear funny hats, drink, and decide (or at least debate) on further directions for development of the Linux kernel. Chris DiBona pointed out there are now videos and sound recordings available for download, and you no longer need Real (as originally announced) to enjoy seeing and hearing all these smart people at work. Hopefully, these will one day be joined by Ogg versions as well;)

Don't trust malicious scumbags is part of "trust." AltGrendel writes "SecurityPortal has an article on how Apache.com was compromised. As the Billy Joel song says 'It's a matter of trust'." As always, Kurt Seifried is lucid and informative -- and brings up good points on protecting sites no matter how careful the admins are.

This discussion has been archived. No new comments can be posted.

Slashback

Comments Filter:
  • What the hell? Kurt is someone who appeared one day with security credentials he wrote himself. Whether he's spouting garbage without bothering to research (debian version numbers), writing painfully bad fiction (that "Story of Jeff" horror), or just sitting at home gaining even more wait as he sits on his lazy ass all day, he's anything but lucid or informative.

    He is the epitomy of what is wrong with the open source movement.
  • Recently, a kernel summit took place, and many of the top kernel developers gathered in San Jose to wear funny hats, drink, and decide (or at least debate) on further directions for development of the Linux kernel.

    OK, the subject of the hats has come up before on Slashdot. Would anyone care to shed a little light on the subject for those of us who have no clue what you're talking about?

    Thanks in advance
  • by Anonymous Coward
    Do the people at that cable site not realize that most browsers provide some very functional scrollbars and they don't need to reimplement them?
  • Good point, in two directions:

    a) I would gladly have linked to text :) Agreed re. the info density of text.

    b) transcription is a real ... pain. :( I've done enough hours of transcription to loathe it. I'm neither great nor terrible as a transcriptionist, but even with a pristine recording of clear speakers it's a nearly thankless task.

    While the folks from the FSF were kind enough to transcribe RMS's recent talk at NYU and some others, the question of who would transcribe it is huge. Speech recognition tech may actually be *helpful* at this point, but not enough to just, say, feed this to ViaVoice and have it spit out text.

    c) (OK an aside, but hey) when it comes to multi-speaker parts, where people are arguing or asking questions, sometimes there is a *lot* of info value in the tone, how the exchange goes, etc. The actual sound of the speech provides a lot of context sometimes ...

    timothy

    (you can believe that it is me, or think that it is someone pretending to be me, but I already wrote this, so I'm not logging in right now;))

  • by Anonymous Coward
    What you need, my Anonymous friend, is one-time passwords. It's amazing how often this is overlooked. Using a Palm or other light pocket computer, store a list of 'disposable' passwords on it. This list should also be on the machine you wish to ssh into. Sometimes the passwords are generated dynamically using a shared secret algorithm, but randomly generated passwords are better, a bit like Xor encryption is still an order of magnitude more secure and effficient than PKI. So anyway, once you use one password, it is made void, so you have to use the next password on the list. Search freshmeat.net with "one time password" to find out more. Disabling sshd if too many incorrect passwords is a bad idea and could easily be used to DoS you. Also, this method is not invulnerable to MitM attacks, unless you use a single password for every character / line entered which will rapidly piss you off.
  • by Anonymous Coward on Thursday June 07, 2001 @10:26PM (#167343)
    I allow ssh connections on the telnet port from 2 hosts at university to my box at home (outgoing ssh connections are blocked at the uni). My iptables/NAT router forwards that connection to "my" machine. If I type the wrong password twice, incoming ssh connections are blocked for 24 hours. While I'm reasonably certain that no-one is logging the keyboard, not a lot springs to mind about what I can do about that. root logins over ssh is disabled, and any connection to every other port is rejected. My point being, you don't have to "trust" every host on the internet. Maybe just a few.
  • Note the _zipped_ mp3s I think that says it all, don't you?

    Actually, ZIPping an MP3 is a very good idea, when you consider that most corporate firewalls routinely block files with MP3 (and MPG, MOV, AVI) extensions.

    And of course, even a 1% file size reduction will save precious bandwidth...
  • Also, there's no need to apologize for one-size design. Against good reasoning, web design wonks have come to a consensus that controlled page widths are bad, but my opinion (against what is also only an opinion) is that a finite, specific page width allows for more rapid reading: items and columns will always be in the same place with the same width.

    Width=100% tags in tables are, in my opinion, bad design as they inevitably lead to wide columns and paragraphs and thus to the visitor having to move her head from side to side to read each line of text, rather than just moving the eyes. In short, bad user interaction. Nothing quite as awful as a single column of text spread 800 pixels across the browser page.

    Also, small columns are better, but they're difficult to regulate with a variable page size. Column widths should not be variable, even if your page widths are. Make your non-text items variable if you have to do it: space, padding, margins, etc.

    This is all besides the fact that every frigging time you re-size a window in Netscape, the frigging thing reloads the page.

  • by mikecheng ( 3359 ) on Thursday June 07, 2001 @03:46PM (#167346) Homepage Journal
    Don't go charging into compressedaudio like a bull at a gate. Give us some text.

    What about giving the option for text versions of presentations/speeches? Information density of compressed audio is woeful for speech :)

    (Don't ask me who's going to transcribe it though.)

  • You really do like being DoSed, right?
  • The guy who rooted sourceforge and apache trojans the sshd binary to capture passwords. Based on what accounts he captures he targets those hosts.
    So disable password authentication for starters and use keys. Or OTP technology.
  • Have you ever heard of distributions? Redhat, turbolinux, mandrake, debian. I belive that all of those dist are all very easy to install. requiring just about what you mentioned.

    What the author was talking about is the kernel compilation, witch is something that Joe AOL does not need to do, and quiute frankly he should not do. Kernel compilation is for high end users. It is done to fine tune the system to your needs throwing every thing you don't need out.


    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabbit hole goes"

  • It's completely bloody useless in Lynx. Frames everywhere, javascript navigation.
    If they had limited time and budget, why didn't they design a nice simple page? Why go to all the time and trouble of reinventing the wheel (or the scrollbar) when you can make a simple design which works on all browsers?
    At least they didn't use Frontpage.
    dave
  • by jfunk ( 33224 ) <jfunk@roadrunner.nf.net> on Thursday June 07, 2001 @04:33PM (#167351) Homepage
    Aha. So the solution is simple. Add an entry in the "User Agent" section of your Konq config for supercables.com.

    On that note, a site just went up for info on sites that don't work in Linux browsers. Check it out at http://penguinfriendly.org/ [penguinfriendly.org]. It's pretty light right now because it only just went up.
  • There's this assumption that as an informed security concious user you know something about your own machine. If you dont then you might as well just telnet to the machine because you're beyond help.
  • everyone who knew that you should never ssh from any box that is not your desktop (and then only if it is known secure). Now hands down everyone who learnt this by reading the fucking manual. That's what I thought. Pitiful.
  • Thank you very much for your piss poor attempt at pretending you know someone about anything. "Trojaning the sshd binary" might be useful if you are trying to backdoor a system but has about zero effectiveness for sniffing ssh passwords. What the "guy" in this case did was backdoor the ssh binary (that's the client son) on a number of boxen that he witnessed people using to connect to various high profile sites. Why anyone would use ssh on a remote machine to connect to another remote machine is beyond the comprehension of any person with even the beginnings of a clue, (which you obviously do not). Go ahead and use your silly one time passwords or various length authorization keys. If you're clueless enough to use ssh on a box that you dont control (which essentially means any box you dont have physical access to and has less of a configuration than a firewall and you dont just run any random shit on -- ie no box that you own) then it is only a matter of time before you are owned, along with every other poor sucker who happens to use the same box as you (well, I suppose it is conceivable that the box you are connecting to could actually be *gasp* secure but I doubt it). Just give in, you're owned before you even opened Introduction to Network Security 101.
  • What was that about hats again?

    HARRY
    Er... people aren't wearing enough.

    CHAIRMAN
    Is this true?

    EDMUND
    Certainly. Hat sales have increased, but not *pari passu... as our research -

    BERT
    When you say 'enough', enough for what purpose...?

    GUNTHER
    Can I ask with reference to your second point, when you say souls don't develop because people become distracted... has anyone noticed that building there before?


    so as you can see, hats are very important here..... or something....

  • I'd say that the supercables site has bigger problems than its "one-size" design. It continuously reloads for me with konqueror and mozilla.
  • Dudes been dead for years.
    Heard his face exploded, or something.
  • Superconduction of any currently used interconnect material currently in use is way too cold for silicon to be usable. Gain of all transistor types is basically a function of temperature, and only special supercondicting structures (squids, josephson junctions, etc.) work at these temperatures.
    Silicon becomes unusable as a semiconductor much hotter than copper or aluminum superconduct.
    But, What about a superconductor as a substrate?
    In all the Niven stuff a current superconductor is a heat superconductor; Wouldn't that make overclocking easy!
    A room temperature superconductor doesn't exist, but when it does, you could have a heat sink with a zero temperature coefficient. All heat would get dumped to the cooling source with no losses.

  • Some hats are made out of meat [designboom.com]!

    NOTE: That's a rip-off site. The original site (www.hatsofmeat.com) seems to have died... Bummer

  • True, but at that point you're talking about a physical object someone has to get access too. Your palm is now a "key", and have to keep track of it like you would your car keys.

    For the truly paranoid, I suppose you could write a Palm app that did both. That is, it generated a pseudo-random password ORed with some encryped code derived from a password you had to enter every time. Thieves who stole your Palm wouldn't be able to access your server without the password. (They'd just have your $300 Palm)

  • "...never ssh from any box that is not your desktop..."

    I'm intrigued... you can't trust boxes you know nothing about... what's the alternative then?

  • liquid nitrogen at 75-80K (-198 to 193oC) I want to see liquid nitrogen at 193C :) They must have incredible pressure in thier cables.
  • by bellings ( 137948 ) on Thursday June 07, 2001 @03:46PM (#167363)
    What the bleeping heck... the javascript on supercables.com [supercables.com] checks to see if you're running Netscape version 4.x, and if not basically does the equivilant of <FRAMESET onLoad="document.location.href = document.location.href">

    I'm not sure why you would want to send every browser except netscape 4.x into an in infinite redirect loop, and I'm not sure why IE doesn't fall for it, but it sure is some strange programming.
  • agreed

    appears to be a case of implementing something for its own sake, not because it is needed, apropriate or even moderately useful.

    now, if I could just figure out how it works... boy would that wow them at the office tomorrow! ;-p

    ---

  • as much as I hate to reply to my own messages, I did manage to find a site that talks about this "miniscroll" script library, and has a (dead) link to the source:

    The Dynamic Duo [dansteinman.com]

    one example they show would/might be actually practical. There they have a much smaller layer region that is scrollable. I might actually want to use something like this on a project I'm doing at work.

    Implementing this as they do on the supercables site is pretty useless (scrolling a long pane of images and text from top to bottom of the page), but I can see where this might come in useful if you wanted to display a long-ish list of info in a small region on a page and not try to deal with frames to do it.

    ---

  • lol at ESR on the kernel configuration method, CML1:
    I've been examining the existing kernel configuration system, and I have about concluded that the best favor we could do everybody involved with it is to take it out behind the barn and shoot it through the head.

    Good to see someone's really doing something about making Linux easier to get going. Until the setup process involves sticking a CD in the machine and answering a few easy questions, getting Linux on the desktop will be too difficult for Joe Aol. So it's either a nice install process, or have it bundled with the machine.

    Which is easier to achieve?
    StuP

  • ... how Apache.
    com was compromised

    What? Noone else noticed? It's Apache.org, that had troubles. Apache.com is a site building custom computers...

  • by dropdead ( 201019 ) on Friday June 08, 2001 @02:28AM (#167368)
    At least with the Apche.org hack it took the work of somebody who was past the point of script kiddie. And it says nothing bad about the product Apache it self. Only that with large numbers of people and a little trust something bad will happen once and a while.
    That's true anywhere in life.

  • This is a brain exercise. but would it help to have a CPU with superconducting traces?
    That way, you would have no slow down or loss of energy.
    But it would require Liquic N2 to keep it cool, but you could do that with pressure.
    That would be cool, a pressurized Mobo
  • Although I haven't tried the site myself, I would suspect that IE doesn't fall for it because if you look at it's browser ID string, it actually represents itself as Mozilla 4.0 (IE Compatible) or something like that. -- Joe
  • Hmm - IIRC the 'permanent gases', nitrogen, oxygen, helium,neon, etc are so called because they can't be liquified by pressure at room temperature. And, even if they could, they wouldn't be much use for _cooling_ at room temperature. The Danish site makes it fairly clear that the liquid nitrogen is used as a heat transfer medium rather than being allowed to boil off and provide cooling that way. On the subject of running CPUs around 77K, I would expect silicon to act as a pretty good insulator around those temperatures. Just my friday morning thoughts, Keith.
  • Of course your Palm itself isn't secure, even if you lock it, since you can put it into a debugging state right from the password prompt...

  • by Canonymous Howard ( 325660 ) on Thursday June 07, 2001 @03:21PM (#167374)
    Disable javascript before going to the site. They appear to have a bug which causes continual refreshes in Konq.

    Not sure about other browsers.
  • OK, the subject of the hats has come up before on Slashdot. Would anyone care to shed a little light on the subject for those of us who have no clue what you're talking about?

    Hats are a sort of head covering, often made of felt, cloth, or straw (though other materials are not unheard of). While they have some use as protection from rain or sun, they are more generally a social symbol. Many cultures place significance on their shape or ornamentation.

    Sorry, I couldn't resist
    --MarkusQ

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN

Working...