Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Slashback: OSX Security, DoD Filtering, Anonymous Posting

ScuttleMonkey posted more than 8 years ago | from the dusting-off-the-old-tin-foil-hat dept.

211

Slashdot tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including some favorable results from the University of Wisconsin's Mac OS X Challenge, skeptics investigate cold fusion claims, more on DoD web filtering, AT&T cuts 10,000 jobs after BellSouth merger, more child-proofing efforts for MySpace, Why Windows Vista Will Suck: a rebuttal, Harvard Professor punished for reporting bugs, Assemblyman Biondi backpedals on NJ anonymous posting bill, and a followup on Chinese TLDs -- Read on for details.

University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."

Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."

More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.

AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.

More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"

Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."

Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."

Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"

A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."

cancel ×

211 comments

Sorry! There are no comments related to the filter you selected.

First Post. (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879616)

I'll have the salmon.

Second Post (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879634)

Would you like fries with that?

--AT&T worker

Re:Second Post (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879739)

Very nice!

Re:Second Post (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879748)

Would you like to super-size that?

Wise. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14879629)

It looks like What's-His-Name made the right decision.

Re:Wise. (0)

Anonymous Coward | more than 8 years ago | (#14879836)

On the other hand, skimming through the Vista article makes it clear that Ziff Davis is a fucking moron.

Re:Wise. (1)

Comen (321331) | more than 8 years ago | (#14879937)

I'll secound that! Thats a pretty weak article.

Re:Wise. (0)

Anonymous Coward | more than 8 years ago | (#14880025)

skimming through the Vista article makes it clear that Ziff Davis is a fucking moron.

Yes, and his brother Elroy isn't too bright either, I hear. I wonder how he got the name Ziff, anyway. Nice reading skills there, Chief.

OSX security (2, Interesting)

saberworks (267163) | more than 8 years ago | (#14879630)

The original article said it would be up through Friday, why the early shutdown? Maybe it stayed up for 38 hours or whatever and then someone got in, so they post-pre-maturely ended the contest the minute before the crack?

Re:OSX security (0)

Anonymous Coward | more than 8 years ago | (#14879651)

Maybe it stayed up for 38 hours or whatever and then someone got in, so they post-pre-maturely ended the contest the minute before the crack?

And if you believe that then I've got a worldwide zionist conspiracy to tell you about.

Re:OSX security (3, Insightful)

Anonymous Coward | more than 8 years ago | (#14879704)

Pretty sure it was because the university did not like the increased server load it was getting, and it wasn't something that the university approved to begin with.

Re:OSX security (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879803)

I'm listening ;)

Re:OSX security (4, Insightful)

HTTP Error 403 403.9 (628865) | more than 8 years ago | (#14879894)

The original article said it would be up through Friday, why the early shutdown? Maybe it stayed up for 38 hours or whatever and then someone got in, so they post-pre-maturely ended the contest the minute before the crack?

More like the campus IT head went ape shit regarding the amount of bandwidth eaten up by this contest.

Re:OSX security (4, Insightful)

wealthychef (584778) | more than 8 years ago | (#14880168)

Not just bandwidth, but if you were the head admin of their network, how thrilled would you be that somebody hung a big sign on your campus saying "please attack us"?

Re:OSX security (0)

Anonymous Coward | more than 8 years ago | (#14880100)

Because I e-mailed the CIO of DoIT (the IT department of the University of Wisconsin-Madison) and told her that a) it implicitly sponsors illegal activity, and b) it is a misuse of state resources.

Oops! (5, Informative)

TubeSteak (669689) | more than 8 years ago | (#14879638)

http://test.doit.wisc.edu/ [wisc.edu]
Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight. Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community.
I guess Dave Schroeder had it authorized, [slashdot.org] just not authorized by the right person?

CIO = Chief Information Officer

Re:Oops! (4, Insightful)

d34thm0nk3y (653414) | more than 8 years ago | (#14879673)

University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.

I think it is woefully misleading to not mention that the challenge was ended early!

It was, but... (2, Funny)

jd (1658) | more than 8 years ago | (#14879710)

...nobody broke into the box to read the statement.

Re:Oops! (2, Informative)

TubeSteak (669689) | more than 8 years ago | (#14879745)

I agree with you 100%

And how come we don't have a link to the information contained in the Slashback? I'm not questioning the veracity of the information, cause Schroeder is on the up and up, but where'd HABITcky read about it?

P.S. Google cache of the site before the contest was ended.
http://64.233.179.104/search?q=cache:test.doit.wis c.edu/ [64.233.179.104]

Re:Oops! (4, Interesting)

rayde (738949) | more than 8 years ago | (#14879750)

i had asked this question [slashdot.org] initially and Dave had thought the was given permission. But I suspected that the proximity of his response challenge to the failure of the original mac mini challenge meant it was done with slightly less than comprehensive permission. woops.

Re:Oops! (3, Funny)

Biff Stu (654099) | more than 8 years ago | (#14880204)

In that case, it's a damn shame it wasn't hacked. It seems that he would have welcomed an escallation of permissions.

Re:Oops! (1)

jaypeg (711764) | more than 8 years ago | (#14880107)

An engineer in search of the truth, what's he doing at a University?

OS X security competition "ends" (5, Interesting)

Tumbleweed (3706) | more than 8 years ago | (#14879641)

More like - was done without authorization, and was shut down. From the site linked:

Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight.

Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community.


Still, shut down or 'ended,' not being hacked is a good show. Congrats to OS X.

I think Apple would be well-served by having a continously running OS X security challenge, for both OS X and OS X Server. Offer a reward every time you demonstrate a hole, and fix them fast.

Re:OS X security competition "ends" (4, Interesting)

Midnight Thunder (17205) | more than 8 years ago | (#14879694)

I think Apple would be well-served by having a continously running OS X security challenge, for both OS X and OS X Server. Offer a reward every time you demonstrate a hole, and fix them fast.

Would be nice to see something like this for all platforms. The only question is how valid is the test, since the security of computer depends as much on the network security around it, as the machine itself. Firewalls can help filter out much of the bad traffic, reducing the final impact on the host. I would not like to say that any system is invunerable, since vunerability also depends on the configuration of the machine and the people managing the installation. A well patched windows installation might be as good as a well patched OS X installation.

Re:OS X security competition "ends" (3, Insightful)

Tumbleweed (3706) | more than 8 years ago | (#14879733)

Would be nice to see something like this for all platforms. The only question is how valid is the test, since the security of computer depends as much on the network security around it, as the machine itself.

Well, if it's ever done by Apple, it would best be done as a tool to actually help find security vulnerabilities, rather than as a marketing effort. To that end, I'd suggest whatever configuration would best expose those vulnerabilities.

A similar test for local vulnerabilites would also, obviously, be quite valuable (as the ZDNet test showed).

Re:OS X security competition "ends" (-1)

Anonymous Coward | more than 8 years ago | (#14879813)

Would be nice to see something like this for all platforms.


I've got a Windows 2003 system setup in the same configuration as the UoW contest: 71.56.240.67. Unfortunately I don't have the bandwidth of UoW.

Re:OS X security competition "ends" (0)

Anonymous Coward | more than 8 years ago | (#14879963)

What did the owner of that IP do to piss you off? Sleep with your girlfriend? Oh, wait, this is Slashdot. We don't HAVE girl friends.

Re:OS X security competition "ends" (0)

Anonymous Coward | more than 8 years ago | (#14880028)

What did the owner of that IP do to piss you off?


If you go to that IP with a browser you'll see that there is a challenge.


Sleep with your girlfriend? Oh, wait, this is Slashdot. We don't HAVE girl friends.

lol

Microsoft has one! (0)

Anonymous Coward | more than 8 years ago | (#14880070)

How could you miss it? A perpetual ongoing "security test", one at which they fail quite often. It is called "the internet".

Re:OS X security competition "ends" (4, Informative)

Coryoth (254751) | more than 8 years ago | (#14880086)

Would be nice to see something like this for all platforms.

Well it's not exactly identical, but one of the people who works on SELinux has been running a test machine on and off since Fedora Core 2. Details are here [coker.com.au] . Similar to the OS X box that was hacked in 30 minutes he does have SSH open and provides you with local account access, the local account being root. I wouls suggest that that shows a certain amount of confidence in its security. Also note that SELinux is coming to Ubuntu soon [ubuntu.com] .

Jedidiah.

Re:OS X security competition "ends" (0)

Anonymous Coward | more than 8 years ago | (#14880221)

I think Apple would be well-served by having a continously running OS X security challenge, for both OS X and OS X Server. Offer a reward every time you demonstrate a hole, and fix them fast.

To the best of my (limited) knowledge, there own public websites and servers largely run on OS X servers. Some material is provided via akamai, but most all else is running on OS X. I think the idea is that they eat their own cat food (thinking different...)

Are Slashdot Editors embarrassed yet? (0, Interesting)

Anonymous Coward | more than 8 years ago | (#14879648)

The devolving of this site from "news for nerds" to "left-wing political rants for editors and those who agree with our worldview" continues.

Yesterday, you had a flimsy story about supposed biased filtering by the Marine Corps in Iraq where two seconds of thinking and work would prove that it wasn't some vast right wing conspiracy.

Now today, you have a book review about Markos "Screw Them" Zuniga and his ineffective and ultimately inconsequential site and followers.

Where does it go from here? It seems the editors just want to bash us over the head with their left-wing tripe, without giving any balance.

I remember once CmdrTaco said politics don't belong here. Digg.com is eating slashdot alive right now. Better stories, better tech, better forum. It's only a matter of time slashdot becomes irrelevant unless they can turn it around.

If it's not a conspiracy... (0)

Anonymous Coward | more than 8 years ago | (#14879653)

Yesterday, you had a flimsy story about supposed biased filtering by the Marine Corps in Iraq where two seconds of thinking and work would prove that it wasn't some vast right wing conspiracy. ... then why are only so-called "right-wing" sites permitted?

Re:If it's not a conspiracy... (3, Insightful)

thryllkill (52874) | more than 8 years ago | (#14879752)

I'm not a marine, but I do work for the DOD, and I can tell you that most political websites, right or left, are blocked. Again, not a conspiracy, just simple work place web surfing management. When you're on a network that doesn't belong to you, or that you don't pay to have access to, you shouldn't complain about the policies in place. I don't bitch at my friends for not letting me fuck their wives when I come to visit their houses.

Re:If it's not a conspiracy... (0)

Anonymous Coward | more than 8 years ago | (#14879859)

How true. Whenever I visit gop.com, I always feel like I'm fucking Laura Bush.

Re:If it's not a conspiracy... (0)

Anonymous Coward | more than 8 years ago | (#14879883)

I'm not a marine, but I do work for the DOD, and I can tell you that most political websites, right or left, are blocked.

What you are saying is in direct conflict with numerous recent reports. Here's one of them [boingboing.net] , which, come to think of it, you probably won't be able to read.

That would bug me. Maybe not you, but definitely me.

Re:If it's not a conspiracy... (4, Informative)

TubeSteak (669689) | more than 8 years ago | (#14879895)

I can tell you that most political websites, right or left, are blocked
I won't dispute your word, but I recall that Rush Limbaugh gets syndicated to the U.S. military's American Forces Radio and Television Service.

AFAIK, there are no voices giving out any other viewpoint(s).

You can read an in-depth review of the matter here:
http://www.petitiononline.com/mmfa2/petition.html [petitiononline.com]
The petition was created by the people at Media Matters

Re:If it's not a conspiracy... (3, Informative)

DAldredge (2353) | more than 8 years ago | (#14880058)

1700 PACIFIC U.S. MON - FRI TOP
00:00 AP Newscast
03:00 Sporting News Radio Sports
06:00 The Al Franken Show

Re:If it's not a conspiracy... (0)

Anonymous Coward | more than 8 years ago | (#14879899)

+10 points to you, and plus +100 points to any of your neighbors who would let you boink their wives.

Re:If it's not a conspiracy... (1)

this great guy (922511) | more than 8 years ago | (#14880051)

I don't bitch at my friends for not letting me fuck their wives when I come to visit their houses.

Don't ask. Just do it :)

Re:If it's not a conspiracy... (1)

R3d M3rcury (871886) | more than 8 years ago | (#14880087)

Gives a new meaning to "Don't ask, don't tell."

Re:Are Slashdot Editors embarrassed yet? (0, Troll)

blhack (921171) | more than 8 years ago | (#14879697)

Digg.com has bettery forums? This is news to me, and i spend more time on digg that anyone that i know of. The discussions on digg are either non-existant, or horrible. The majority of topics turn into apple worship. Every time a new piece of technology comes out the 14 years olds report for duty and proclaim that it will be "hacked" in a day or so...not really knowing what exactly will be hacked, or how it will be done. The differance between a slashdot discussion and a digg.com discussion is that on slashdot you have people who have been in the industry, doing whatever the topic is since it got started. Digg.com is a bunch of 14-18 yr olds that MIGHT have read a doc or two about the subject. The new threaded comment system that was opened up a few days ago is HORRID!!! the first 10 or so comments will have between +40 and -40 diggs, and from the on its pretty much nothing. Aside from that, people undigg comments not because they are bad, but because they dont' agree with them. This makes discussions difficult or impossible.


digg.com = Aol chatroom

Re:Are Slashdot Editors embarrassed yet? (1)

blhack (921171) | more than 8 years ago | (#14880091)

and i get modded troll? Mods, how is this a troll? i was responding to his statement that digg is about to take over slashdot? NOt really trolling.

Re:Are Slashdot Editors embarrassed yet? (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14879911)

"Digg.com is eating slashdot alive right now. Better stories, better tech, better forum. It's only a matter of time slashdot becomes irrelevant unless they can turn it around."

I really hope a lot of people leave Slashdot for Digg because the only people that read Digg are complete and utter morons. The intelligent people have already realized that Digg is complete garbage and the idiots that are to stupid to understand that can flock to the idiocy that is Digg. It only makes the community here better by filtering out some of the morons. Digg reminds me of an AOL chat room that is filled with nothing but below average script kiddies...

Digg is the perfect example of what's wrong with all this "Web 2.0" garbage. Flashy website that's incredibly bloated with no real content and a horribly dumb community.

Re:Are Slashdot Editors embarrassed yet? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14879978)

Digg is the perfect example of what's wrong with all this "Web 2.0" garbage. Flashy website that's incredibly bloated with no real content and a horribly dumb community.

As opposed to slashdot: clunky website that's incredibly bloated with no real content and a horribly dumb community. Digg doesn't put up with shit from Zonk, **BeatlesBeatles or Roland Piqueeiellee; that says a lot. If it weren't for the trolls, I wouldn't read slashdot.

Re:Are Slashdot Editors embarrassed yet? (1, Informative)

Mistshadow2k4 (748958) | more than 8 years ago | (#14880179)

The fact that this piece of flamebait trolling got modded up shows exactly the one way Digg is superior to /. - no idiot mods. On Digg, the moderation now works by voting so the registered readers as a whole mod, not just a select few.

Don't think I'm bitching because I don't have mod points; I used my last earlier today and I've lost count of how many times I've received mod points. I meta-mod almost every day too. Yes, someone who mods is saying how much the mod system sucks! But I see this kind of crap here all the time and it's getting to where it just makes me sick. Trolls get modded up by those who agree with them and good posts modded down because the mod disagrees with the poster or was too dumb to understand the joke (or perhaps was simply a humorless jerk). THIS is what /. has to be embarassed aobut, more than anything else. How do you think a newcomer reacts when he sees some bigoted troll flaming a certain group of people modded up to +2 or even higher while insightful and genuinely funny posts are modded down?

Oh, by the way, you're an arrogant asshole. There, maybe now that I've flamed someone this post will get modded up too.

Re:Are Slashdot Editors embarrassed yet? (-1, Troll)

Overly Critical Guy (663429) | more than 8 years ago | (#14879952)

The sad fact is that there is a vast left-wing conspiracy in the media to bury stories that are unfavorable to their political viewpoint. Liberals don't want to hear truth. Stories from soldiers in Iraq are positive, but lefties watching CNN all day only want to hear bad news so they can feel good about hating Bush some more.

For those who don't know, Mark "Screw Them" Zuniga embodies today's liberal--a person not full of ideas, but full of actual hatred. Pure hatred for people. People call him by his nickname because when some troops died in Iraq during 2004's election year, Zuniga said "Screw them" to the dead troops.

He's the reason the lefties are far, far on the fringe these days, and conservatives and moderates have taken over.

Re:Are Slashdot Editors embarrassed yet? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14880018)

The sad fact is that there is a vast left-wing conspiracy in the media to bury stories that are unfavorable to their political viewpoint.

Yeah, the same media that has been George W. Bush's number one fan boy and cheerleader? Boy, are you deluded. Are you even capable of critical thought? Or does the RNC beam your thoughts directly to brain?

Idiot.

Re:Are Slashdot Editors embarrassed yet? (5, Interesting)

causality (777677) | more than 8 years ago | (#14880095)

The sad fact is that there is a vast left-wing conspiracy in the media to bury stories that are unfavorable to their political viewpoint. Liberals don't want to hear truth. Stories from soldiers in Iraq are positive, but lefties watching CNN all day only want to hear bad news so they can feel good about hating Bush some more.

It's not about left-wing or right-wing or centrist or any of that. It's about money and power just as it has always been. Play the follow-the-money game (and hone some research skills too, woohoo!) more often and you will come to see this.
Left, right today. God, Satan yesterday. You notice it's always two, and only two, diametrically opposed ideas that can be compromised but cannot be reconciled (with other ideas existing only in an extremely marginalized form that is unlikely to be implemented, such as libertarianism). Your basic divide-and-conquer strategy. The left-wing vs. right-wing is an idealistic clash that does a great job of distracting people from basic critical thinking skills and a willingness to stick to the facts as determined by evidence when making decisions. It's a distraction, and it's a deliberate and effective one.

I'll give an example. Generally a left-winger is for greater personal freedom and more economic restrictions (particularly income redistribution, but there are others). Generally a right-winger is for greater economic freedom (tax cuts and the like) but more restrictions on personal freedom. Well, guess what? Both require a rather large government to properly realize their stated goals. So you have everyone squabbling over which set of restrictions they prefer, meanwhile, the elected officials continue to enjoy an ever-increasing national budget and more and more laws to appease their campaign contributors (recent changes to copyright law, anyone?). No matter how you carry out the left vs. right debate, a minimal government will never be the result. As stated above, a very effective distraction. For the people who stand to gain from less real freedom, and this subset of the population includes the major media outlets, it has served its purpose well. You don't need a conspiracy of any sort either; all that is required is that those who desire power act in their own interests while no one does anything to check them because they're too concerned about who will win the next American Idol.

It has always amazed me how so many people would agree that throughout history, religion has been used to control people by keeping them ignorant and willing to obey, but the same folks who will agree with that find it absurd that media and propaganda and creature comforts and an overemphasis on work/business can be used the same way.

OSX Challenge Is Dead (-1, Redundant)

LISNews (150412) | more than 8 years ago | (#14879650)

From the site: "Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight. Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community."

Re: Mac Challenge (5, Insightful)

Chas (5144) | more than 8 years ago | (#14879667)

I dunno. I would think a massive, pipe-clogging bandwidth spike, which resulted in the removal of said site, would qualify as a successful attack.

I guess it all just depends on exactly what you want to do.

Re: Mac Challenge (5, Interesting)

alien-alien (471416) | more than 8 years ago | (#14879834)

I would like to point out that those people who state that MacOS X hacking is of little interest to the hacking community because the Mac has little market presence should pay attention to the draw this challenge precipitated.

Looks like every hacker and their uncle had a go at this one. I wonder how many unique IP addresses were used to access the challenge.

Parent is right. (3, Interesting)

marcello_dl (667940) | more than 8 years ago | (#14879919)

those people who state that MacOS X hacking is of little interest to the hacking community because the Mac has little market presence should pay attention to the draw this challenge precipitated.

I completely agree with you. a 4,5% share seems low but many hackers would get a terrific ego boost by being able to shut up once for all the mac fanboys. Also some attacks on windows rely on unpatched machines with this and that service running and reachable through firewalls, which could well mean an attack on the 10% or less of the total of windows machines which in turns makes like an 8-6% or even less share. Crackers still take time to engineer them, though.

Mod parent up, please.

Re: Mac Challenge (0)

Anonymous Coward | more than 8 years ago | (#14880034)

Looks like every hacker and their uncle had a go at this one. I wonder how many unique IP addresses were used to access the challenge.

why? apparently there were only 4k ssh attacks (and how many of those from automated bots that found port 22 open?) - and there really isn't much to hack at apache serving a static page (especially if no interesting modules are enabled) It looks more like someone with a botnet had a go at DOS-ing the 'challenge.' Which proved effective at one thing - showing that this was not 'the UoW challenge' but just a guy there acting on his own agenda.

It will be interesting to see whether he will have to answer why he didn't at least make it explicit that the project was not University-endorsed or even properly approved (looks like all he got approval for was a new dns record) In fact, in many places what he did would count as a severe abuse of resources leading to a pink slip.

Don't get me wrong, the idea of a security challenge is interesting - and worth a real-world type of test. But this was not it.

Interest to the hacking community (0, Flamebait)

djdavetrouble (442175) | more than 8 years ago | (#14880042)

Listen, any box on a well connected pipe with some free disk space is of great interest to the hacking community.
It also happens that cracking a *nix box garners far more cred than cracking a windows box.

Re: Mac Challenge (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14880171)

I would like to point out that those people who state that MacOS X hacking is of little interest to the hacking community because the Mac has little market presence should pay attention to the draw this challenge precipitated.


You act as if the UoW was the only Mac system in existence.


Still waiting for someone to crack my Windows 2003 Server: 71.56.240.67

chinese tld's (2, Interesting)

noopy (959768) | more than 8 years ago | (#14879674)

China Internet Network Information Center (CNNIC) both dispute a previous story

Does it matter what they say? Any Chinese portal with enough heft can just start handing out Chinese TLDs whenever they like. (For that matter, so could I, but noone would know). Does anyone know the current state of international tld support in browsers? And what encoding is/would it support?

For that matter, if China (mainland) blazes the path for Chinese TLDs, would they go with gb2312 and thus sort of make China (mainland)'s TLD scheme the default for the world as opposed to Taiwan's Big5?

Myself, I'd be happy to see utf-8 tlds, but that's small potatoes compared to my fervent whish for a utf-8 clean php release. Does slashdot support

UTF (1)

jd (1658) | more than 8 years ago | (#14879988)

I dislike UTF with a passion - it wasn't designed correctly in the first place and all subsequent versions (we're up to Unicode 5.0.0 beta2) are hacks to supplement deficiencies that should never have been allowed in in the first place.


Having said that, if we're going to use UTF, we might as well use it right. Otherwise, it is going to be an agonizing pain every time we have to step up a version. DNS issues, alone, will preclude frequent updates from a half-hearted update. For this reason, it would seem stupid to use UTF-8 or UTF-16. Those don't encode everything that need to be encoded, if we're to have a truly international system.


Based on the current definitions, we should be looking at UTF-32, BOM and version 5 of the Unicode specification. The Unicode FAQ talks a lot about how nobody needs more character sets than UTF-16 can support, but (a) they don't represent all languages, or even a reasonable set, because UTF-16 can't handle that many, (b) only the criminally insane don't provide room for inevitable expansion, and (c) DNS is far more constrained by efficient processing and reliability than by bandwidth, and UTF-32 is described by Unicode themselves as faster and simpler.


The problem with Unicode internationalization is that there are multiple ways of defining what is effectively the same character, which means that users will not be able to differentiate between strings the computer regards as different. This is important, when dealing with copyright, phishing, cybersquatting, etc.


(Unicode is also very poor at handling character sets that can't fit into a single block, is very inefficient - only the first 21 bits of a 32-bit UTF are meaningful according to Unicode, and is an encoding for a whole glyph - which means that it will make meaningless distinctions and won't make sensible relationships.)


The first step to true Internationalization is to burn the Unicode specification and replace it with something cohesive, extensible and logical. The second step is to have standard hardware work on the unit size directly, so that anything that logically worked fine with bytes on byte-based hardware will logically work fine UNMODIFIED on the new units, totally transparently. The encumbrance of UTF decoding doesn't make it any easier to use. Transparency is the key to universality.


(If I can't use the new encoding on an early copy of Mosaic, if I can't load the text file into a standard text editor and edit it directly, if I need vast numbers of supplementary libraries and conversion charts to get it to work, then it's not transparent and adoption is going to be a real pain. Updates are a headache for programmer and user alike.)

Re:chinese tld's (1)

metternich (888601) | more than 8 years ago | (#14880037)

Slashdot doesn't currently support any posting in Chinese as far as I can tell. I tried posting an example of how a Mandrain Speaker might get around a filter on the word Democracy (hint: 1337 doesn't work in a character based system). I tried twice but neither time did the characters show up at all, not even in some sort of garbbled equivelent.

What kind of sentence (0, Offtopic)

Anonymous Coward | more than 8 years ago | (#14879679)

I don't usually complain about this but, what kind of run on sentence is this?

Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings.

Re:What kind of sentence (2, Informative)

brsmith4 (567390) | more than 8 years ago | (#14879882)

It's not.

Part 1: Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results

, (comma)

Part 2: claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data

and (Proper use of a conjunction in a sentence containing a list of verb phrases)

Part 3: opposed the publication of results which contradicted his findings.

Each part of this sentence is not a sentence in and of itself (with the exception of part one, which is completely acceptable), which would constitute a run-on sentence. It is grammatically correct even though it is quite surprising and irregular, being the work of a Slashdot editor. This sentence is logically equivalent to:

Joe, who used to manage Cisco-based networks at Sandia National Labs, has, since completing his dissertation, published papers on network topologies, lectured at various institutions and released software to aid in the management of large-scale networks.

Sure, its clumsy and difficult to read, but still valid.

Re:What kind of sentence (1)

smooth wombat (796938) | more than 8 years ago | (#14880160)

Thank you for parsing the sentence that I wrote. I wasn't sure if I should have divided what I wanted to say into two different sentences or go for the gusto. Obviously I went for the latter. I've been working hard of late to correctly use commas to add pauses to long-winded sentences such as the one in question.

In this case it was me and not ScuttleMonkey who wrote the sentence. For once the editors are not to blame.

Re:What kind of sentence (0)

Anonymous Coward | more than 8 years ago | (#14880198)

Yes, I admit that I should not have called it a run on sentence. I read it quickly and it took several re-reads to get it right. It's overly complex. Using punctuation for punctuation's sake, no matter how well formed, does not make it a good read. Two sentences would have provided better clarity.

pUrdue (0)

Anonymous Coward | more than 8 years ago | (#14879690)

yeesh, spelled it once right, and once wrong. Perdue = the chickens you get at the store. //A Purdue Alumni, who just happens to work on the main campus

Windows no longer uses BSD network stack (4, Informative)

cant_get_a_good_nick (172131) | more than 8 years ago | (#14879691)

It did, in the old days. They rewrote it a long time ago, I think in the jump to Nt 4.0. The userspace command line tools are still BSD based in XP though.

Re:Windows no longer uses BSD network stack (2, Interesting)

1053r (903458) | more than 8 years ago | (#14879910)

For all of you dual booting people, try this:

$cat ftp.exe|grep california

You should get the "Copyright blah-blah regents of the universty of california, berkley" or something similar, I can't quite remember

Re:Windows no longer uses BSD network stack (3, Informative)

NetNifty (796376) | more than 8 years ago | (#14880192)

netnifty@netnifty_linux ~ $ strings ftp.exe | grep -i Cali
@(#) Copyright (c) 1983 The Regents of the University of California.

That's from the Windows XP 64-bit Edition ftp.exe, but keep in mind that this is just the text based ftp client, and not the TCP/IP stack we're looking at here. Anyone know which file(s) contains the Windows TCP/IP stack?

Re:Windows no longer uses BSD network stack (2, Informative)

Keeper (56691) | more than 8 years ago | (#14880213)

If you're really curious, just run the same command on every binary under the windows folder; if you only see command line tools spit out, the TCP/IP stack obviously won't have that string in it ..

DesktopLinux? (0, Flamebait)

dedazo (737510) | more than 8 years ago | (#14879725)

Good lord, that article is so full of bullshit, hyperbolic FUD and half truths it's not even funny. "LOLOLOL!! VISTA will use a USB stick to RUN LOLOLOLO!!"

If this was anyone making the same FUD uninformed posts about Linux or OS X "LOLOLO! OS X cracked in 29 Minutes!! LOLOLOL!" it would be dismissed as always "oh we know this guy, he's an astroturfer and a known shill, yawn" in less time it takes to say "kernel", but I'm sure a lot of people will take this dumbass' word at face value and parrot the same bullshit on IRC, Slashdot and other fine forums. I fully expect to see the "oh, well you know Vista will swap ram to a USB device, so it will be 1,000,000,000 times slower than Linux" argument in the next Windows.vs.Linux flamewar.

It seems it's getting more and more difficult for FOSS to wring their hands and yell "OMFG we're under FUD attack from teh evil empire" given these types of things, not to mention Novell, IBM et.al getting into the game to fight it out with Microsoft.

What a waste of bandwidth. It used to be that the community could craft measured, valid responses to bullshit, but I see that art is being lost.

Re:DesktopLinux? (1)

yurnotsoeviltwin (891389) | more than 8 years ago | (#14879790)

Essentially all that article did was admit that Vista had caught up (or at least come close) to Linux in the security and stability departments. Of course, the emphasis there was that Linux did it first, but he neglects to mention that Windows, despite its shortcomings, has always had the clear advantage in the fields of usability and consumer appeal, so essentially all that article did was show that 1) Windows was weaker than Linux in some areas and 2) it isn't anymore. Congratulations Mr. Vaughan-Nichols, you've shown that Vista will be as good as or better than Linux in all respects!

NOTE: IMHO, it won't be.

Re:DesktopLinux? (0)

Anonymous Coward | more than 8 years ago | (#14879801)

The most vocal people are not always those with the most insightful things to say... they are just... the most vocal.

The "Vista will suck" article does not make a good case. Some points are valid, some are not... but the overall tone of the piece is very immature. It is merely ranting and raving and not providing a balanced view.

However, you would be mistaken to assume that the majority of pro-Linux people can't see through that kind of blatant misrepresentation. There are "pro-MS FUD-masters" who spin blatant lies to make their point. But, yes, there are unfortunately "pro-Linux zealots" who don't provide a very reasonable analysis. In both cases the extreme opinions are not worth much. But again, if you go and assume that the community at large is degenerating into FUD-mongers, then you're no better than them! You're just spreading exagerration and lies.

What a waste of bandwidth. It used to be that the community could craft measured, valid responses to bullshit, but I see that art is being lost.

No. Nothing is changing. There have always been, and there will always be extremists. Usually these people are the most vocal. However to take their opinions as somehow being representative of the group is illogical and frankly insulting. I'm very much pro-Linux. I use it, I evangalize it, and I hope it becomes more recognized. However I'm not a fan of Linux zealotry anymore than I am of MS-FUD. I recognize them for what they are. I'd go so far as to say that the majority of pro-Linux people have measured, reasonable arguments for why they think Linux is better. This crowd is simply not as vocal as the ones you seem to be focussing on.

Vista will be expensive...? (1)

DogDude (805747) | more than 8 years ago | (#14879874)

Also from that sucky article...

OK, so the first reason that Vista sucks is that, no matter what version you get, it's likely to be expensive.

I'm wondering if this guy has ever bought a copy of Windows. They're generally $200. I don't remember any of Widnows desktop OS's *ever* costing much more than $200, actually. Did this guy just pull this out of his ass, or something?

Re:Vista will be expensive...? YES (0)

Anonymous Coward | more than 8 years ago | (#14879893)

Hi, log on to newegg.com and look at the price for retail Windows XP (not oem). Last week when I looked it was $245.

a *real* version of Windows has always been expensive.

Re:Vista will be expensive...? YES (1)

NetNifty (796376) | more than 8 years ago | (#14880032)

Staples in the UK sell XP Pro for £209.99 [staples.co.uk] , which is ~$360. Ok it's not the cheapest your going to find, and OEM versions are about half that price, but it's still a significant amount for an operating system, especially when compared to the Free alternatives.

Re:Vista will be expensive...? (2, Insightful)

sqlrob (173498) | more than 8 years ago | (#14879926)

And a new computer to support it, at least according to him.

Re:DesktopLinux? (0)

Anonymous Coward | more than 8 years ago | (#14879920)

What a waste of bandwidth. It used to be that the community could craft measured, valid responses to bullshit, but I see that art is being lost.

Popularity is a bitch, isn't it?

Re:DesktopLinux? (1)

Krach42 (227798) | more than 8 years ago | (#14879928)

I don't need some reviewer to tell me why I won't like Vista. I can get my hands on it, but I still don't use it at home. Why? Because no matter how much they change, it's still Windows, and I'm a *nix man.

Plus, Windows XP is already painfully slow to interact with already, I don't need it to be any worse.

Oh, also those nice lovely aero glass windows? It makes it REALLY hard to just at a glance spot which window is active, and which is not.

So, I don't care about reviews. At some point, I'll have to use Vista at work, but I'll never be using it at home.

DoD filtering (4, Funny)

hotspotbloc (767418) | more than 8 years ago | (#14879757)

no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs

And that's why when it says on your military ID "Property of the U.S. Government" they're not just talking about the ID card ... =)

Re:DoD filtering (0)

Anonymous Coward | more than 8 years ago | (#14879793)

Could be worse: your MOS could be IED.

Re:DoD filtering (1)

1337p1rt3 (959580) | more than 8 years ago | (#14879915)

Or EOD (Explosive Ordinance Disposal)..but what ever!!

(On Vulnerabilities) Idiots. (1)

Spy der Mann (805235) | more than 8 years ago | (#14879791)

Now the ONLY ONES who will publish exploits are the anonymous hackers who are ALREADY doing illegal stuff.

Nice move, smartasses.

I don't care who does what with who. (0)

Anonymous Coward | more than 8 years ago | (#14879795)

As long as they make a backup copy, I'm fine with it.

I am very bothered... (5, Interesting)

jd (1658) | more than 8 years ago | (#14879799)

...by the effective ban on software research. If you publish a flaw and don't include data backing it, you'll likely be sued for defamation. If you DO include the data (however insignificant) you'll be sued for copyright infringement. The 9/11 case in the US shows that is you do know of a problem, but don't tell anyone, you'll be got that way, too. However, being willfully ignorant of a fault can also land you in court, if it causes harm.


Software researchers are the most impacted by this, as it's hard for a PhD to claim natural stupidity as a defense. It's expected of most end-users (even when that is unfair) so they can get away with it.

Re:I am very bothered... (2, Interesting)

TubeSteak (669689) | more than 8 years ago | (#14879869)

If you publish a flaw and don't include data backing it, you'll likely be sued for defamation.
Actually.... If you publish a flaw and don't back it up and then get sued, you can have the pleasure of proving (in a court of law) that their software is teh sux.

After you've embarrased them (and gotten it into the public record) you can counter-sue them for wasting your time and money. If you're lucky, you can get some punative damages too.

Unless France is like England, where truth is not a defense against defamation (of which libel & slander are subsets). Other than that, it seems like not including the proof is more prudent than getting bankrupted by copyright claims.

Re:I am very bothered... (1)

phantomfive (622387) | more than 8 years ago | (#14880062)

This is (fortunately for the rest of us) only in France. And he only lost the case because he published some code. So it was a copyright violation. France must have the weirdest copyright laws in the world, because even in the United States the small amount that he published would be protected under fair use.

Luckily for him, people have been donating [zdnet.com.au] to help him pay for his fine.

Solution to security research problem (4, Funny)

jmorris42 (1458) | more than 8 years ago | (#14879825)

There is a fairly simple solution to the problem of vendors forbidding security reaseachers from examining their products. At the next big security confab float and get a lot of signatures on a resolution something like this:

"Some companies object to our legitimate research, even though we report our findings responsibly. So be it. We resolve to continue to locate defects in these irresponsible vendor's products. However since they now make it a crime to do the right thing, we resolve to anonymously publish our results for these products to the most vile and wicked cracking gangs we can contact as ready to use fully weaponized exploits. We further assert that we do not fear any legal reprecussions on the grounds that if any Fed can tag us we aren't worthy to continue in this line of research."

Let the business press cogitate on that announcement a day or two and see how fast vendors start backpeddling.

Re:Solution to security research problem (3, Insightful)

causality (777677) | more than 8 years ago | (#14880017)

It sure would be great if every time a company did something that most people, upon a little thought, would find really objectionable, it could be directly correlated with a huge decrease in sales (your basic old fashioned boycott). It would be great if people knew when they were clutching sand and understood that the harder you try to squeeze, the more you are going to lose.

But as much as I love your idea, it will not happen due to the Sheeple, who are either too clueless, too apathetic, or both, to make this workable. The backbone is becoming extinct and is being replaced by implicit trust, deference to authority, and pressure to conform.

Since we as a species fail to discourage these elements (and instead work very hard to prop them up, since they would not survive on their own) because the powerful find them desirable to inculcate in a population*, I do not see any easy way to reverse this either.


* If you're in charge, wouldn't you rather be in charge of a docile apathetic population as opposed to a more difficult to subjugate sort? If you quickly disagree and say you'd never want that, imagine for a moment that you love power (and are therefore not qualified to wield it, but then power and who has it was never a meritocracy). Does it make sense now? We keep focusing on this bad law and this rogue company and that legislator who doesn't get it, but all of these are merely opportunists and with such a narrow focus we are merely playing a whack-a-mole game. None of these would ever be possible without the masses being so willing to bend over and take it, and the blame lies with them and not with the inevitability that someone WILL take advantage of this.

Re:Solution to security research problem (1)

iminplaya (723125) | more than 8 years ago | (#14880134)

However since they now make it a crime to do the right thing, we resolve to anonymously publish our results for these products to the most vile and wicked cracking gangs we can contact as ready to use fully weaponized exploits. (Emphasis mine)

Ever the fine line between funny and insightful. I'd call this one the latter. This is precisely(ok I can forget about helping the "vile and wicked cracking gangs") what needs to be done. How many more cases like these do we need before this becomes general practice?? The same applies to those who develope "questionable" programs like P2P, etc. Do it anonymously and stay out of jail. Let's forget about attribution and just get the goods out there. And of course, this proves once AGAIN that IP law is just as effective at censorship as a Chinese rifle.

Re:Solution to security research problem (4, Insightful)

Audacious (611811) | more than 8 years ago | (#14880184)

They probably won't. They'll just call you terrorists and prosecute you for what you've said. Even though you haven't done anything.

No - the best thing to do IMHO is to just say that you have found a problem with their product but that due to the litigious nature of the company(ies) you can not explain how the problem comes about nor will you provide any details because you have destroyed all evidence in accordance with the company's wishes that all problems remain just that - unresolved problems. Further, since you have found these problems and could verify that they existed if the company would allow you to do so; you must - in the future - deny any request from the company for information (since you had to destroy it and it is illegal to have such information in your possession) and - you must also, from that day forwards, recommend that this company's products be barred from consideration in future purchases for the university and/or any companies with which you are going to be working with until the problem has been fixed.

Remember - hit them in their pocketbook. If everyone gangs up against the company and refuses to buy their products and boycotts them, they will go out of business and you won't have to deal with them anymore - or - they will stop trying to enforce rules and regulations which are detrimental to the overall health of the (and their) economy.

The alternative is for the person to send the information out to every other university in the United States and all of them declare the same findings at the same time so there isn't just one person the company can sue. They would have to sue everyone which makes them a persona non grata in the academic world. The great thing about this idea is that it would definitely draw the attention of the press if such a thing occurred. Which, I believe, is not something any company wants to do. (Be on TV across the nation in a bad light.)

Just my $0.02 worth. :-)

PS: Remember - they can't make you perjure yourself in court. So when they ask what you did you just say "I can not answer that under the rules and regulations of the 5th admendment." And if asked to explain you just look at the judge and say it is a catch-22 situation. You are damned if you answer and damned if you do not. Sort of like the Spanish Inquisition where they'd ask questions like "Did you enjoy consorting with the devil the last time you did it?" and then only allow you to answer yes or no. Either answer makes it look as if you enjoyed consorting with the devil at some point.

Why Windows Vista Will Suck (5, Funny)

heatdeath (217147) | more than 8 years ago | (#14879826)

For those who don't want to read the entire article, here is the cliffsnote version.

I understand operating systems and am very smart and I have 20 computers and a dog named spot.

linux power.

Vista will suck because it won't be free.

linux power.

The graphics will suck because it takes an expensive computer to run Aeroglass.

linux power.

Memory management will suck because linux has had good memory management for years.

linux power.

Superfetch will suck because GCC has had it for years, and your dog can run off with your USB card. (Never mind that it's just a *cache*, and it won't do anything but slow your computer down again after your dog starts chewing on it)

linux power.

TCP/IP improvements will suck because it's been in other OS's for years.

linux power.

Security will be bad because they found a bug in vista.

linux power.

Re:Why Windows Vista Will Suck (4, Insightful)

paulius_g (808556) | more than 8 years ago | (#14879879)

Speaking of "superfetch", arn't most USB storage devices running on flash memory? Flashable memory does tend to stop working after a certain number of flashes. Moving in and out huge ammount of data will seriously shorten the life of these devices.

Seriously though, I would like Microsoft to improve their caching abbilities using the system's RAM. For now, Windows only has two setting. To cache minimally, or maximally. So what do I do when I got 2GB of RAM, want a run a 300mb application and cache the rest? According to Microsoft, they recommend not to cache because Windows will store that application in the paging file. Talk about stupidity.

Seriously, if mainstream applications would be ported to Linux, more people would switch.

Re:Why Windows Vista Will Suck (2, Insightful)

Comen (321331) | more than 8 years ago | (#14879993)

The original article does not mention anything about a USB drive for Superfetch that I remember.
Everyone sure that guy didnt just make that up.
I mean if the system lets you point Superfetch to any drive on the system and you happen to point it to a USB drive then fine, but does it have to be on the USB drive?
using a USB drive for that seems like a bad really bad idea agreed. But i havent read anything saying that but this guys article, and maybe he set his system up for that or something? but no body told him to or made him do this?

Curious.

Re:Why Windows Vista Will Suck (1)

compm375 (847701) | more than 8 years ago | (#14880193)

Did you even RTFA??
You see, with SuperFetch you can a USB 2.0-based flash drive as a fetch buffer between your RAM and your hard disk. Let me spell that out for you. Vista will put part of your running application on a device that can be kicked off, knocked out, or that your dog can carry away as a chew toy. Do you see the problem here? Me too!

I don't know how you got modded insightful. I personally agree with the grandparent, but it really doesn't matter, because Vista is not out to the public yet and it could really be anything.

What a @$#%#$ idiot... (3, Insightful)

stubear (130454) | more than 8 years ago | (#14879842)

I read that pile of crap that somone claims to be an article about Why Vista Will Suck and all I got out of it is this guy is a $%@^$@# idiot. Great, he's got a copy of Vista and a fast machine. Most of his complaints can either be dismissed because Vusta is still a BETA or not attributed to Microsoft at all. Is it really Microsoft's fault if you're not careful around your USB drive? And who cares if Linux and Mac OS X have had feature X for years? Isn't Vista going to benefit from using feature X if everyone else has? How can this be a reason why Vista will suck? Isn't this more of a reason why Microsoft's marketing managers suck? What about his anecdotal argument concering security? There was a patch for the WMF swcurity hole. Let's analyze the argument. First of all, the patch was released in January. The CTP was released in February. You do the math. Not to mention that perhaps there was an old portion of XP in the January release of Vista that's since been removed from the February CTP. Did Stephen check? Probably not. If security patches being released for an OS are all the proof he needs that it's insecure than he'd better add OS X and Linux to the list. All in all, this was a poorly written and researched article with little evidence to back up his claims.

DoD policy=depends on who ya ask! (4, Informative)

1337p1rt3 (959580) | more than 8 years ago | (#14879908)

"I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access.

There are several levels of DoD blocking. First, the DoD policy on web access, policy, and security in general, very broad, next is the Departments level, i.e. Army, Navy, etc, then there is the base policy and then the command policy and unit policy all the way down to the company. The "general rule" is that no one can have policy rules lower then that of above. This means a platoons policy can not be more lax then the base policy. This sort of transitive policy based appliance leaves much room for interpretation at all levels of policy implementation. Every service is different, every level is different and every network right down to the hardware is different. So, when you talk about blocking you have to be very specific as it is nearly impossible to just nail down an exact, cut and dry policy. Web content filtering, ACL's and the likes are different from service to service and mission to mission.

First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk.

This is too far from the truth depending on the environment. The Ku band in Iraq is quite substantial in fact the smallest direct BGP Sat link might be a T-1 up to 8 and 32Meg or so via a Sat package called the DKET. This is speaking for the Marine side by the way. Also lateral links are about 3Meg at the smallest level via another Ku Sat package. This of course has its caveats. At this level we are talking about a non-mobile infrastructure were as a mobile infrastructure would be a Microware shot thru a TSR or MUX link at anywhere from 96k to 512k or more depending on voice needs and breakdown of classified to unclassified network needs. (Data bandwidth is shared between the two types of DoD networks when multiplexed, voice generally rides its own trunk card thru the multiplexer, typically a Promina node does this multiplexing or at lower levels in the unit they have what is called an FCC multiplexer)

So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD)

This is somewhat accurate. From the Corps standpoint, when I first went to Iraq this was not the case. We could chat all day long until it was "locked down". This is done at the BGP point via the highest headquarters out there, CentCom etc. Even then it isn't full proof, I found ways around it, i.e. bypass or just good ole bribing the E-3 at the terminal.

This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check."

Once again, take this with a grain of salt. Though this seems like it applies to all agencies and to all services at all times it really doesn't. The mobile and deployed units are in constant flex so nothing is really ever solidified when it comes to policy. The ONLY real way to know for sure is to go out there and site down behind their network and try it yourself, or ask someone you know out there to do it. I have a couple dozen friends out there right now on the Net Admin side so if you have a specific inquiry post it and I will see what I can come up with.

myspace (4, Insightful)

phantomfive (622387) | more than 8 years ago | (#14879971)

We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels.

Not sure what the point of this article is, he doesn't even say what his "specific measures" are. Probably just some political move.

I don't know what the big deal is about myspace, just politician noise, I guess. What kind of 14 year old girl is going to go out with a 30 year old man? If they do, there is probably some other problem (like they are starved for affection). I remember here on slashdot a few years ago there was a story about a girl who got seduced by a predator, but her mother was encouraging it!

So yeah, there is a problem here, but making laws about myspace isn't going to help anything.

Re:myspace (1)

BoneFlower (107640) | more than 8 years ago | (#14880194)

"politician noise"

You've about summed up Richard Blumenthal.

I'm not entirely sure what his game is. He doesn't do a horrible job as AG, but his statements to the media sound like total BS gloryhounding, saying it to make people love him rather than that he actually intends to do something about it.

I'm pretty sure he's targeting a run for some office in the near future. Exactly what I'm not sure. Probably either Congress or the Governors office. He'll have a fight on his hands if he takes on Mama Rell though, for Rell to have come out from under Rowland without anything sticking to her, she's a formidable politician even if she really was totally unawares.

Shhhh! (2, Interesting)

SEWilco (27983) | more than 8 years ago | (#14879998)

The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software.

"Why Windows Vista won't be known to suck."

There is no AT&T (3, Interesting)

fm6 (162816) | more than 8 years ago | (#14880104)

Nowadays, I have a moment of weirdness whenever I see a headline about what AT&T is up to. I still think of it as SBC, which was once part of the original AT&T, but has now morphed into something completely different.

The "real" AT&T, pathetic as it was in the last couple of decades of its existence, had a long and interesting history, dating to the 1870s. There's something profoundly phony about a company like SBC claiming to be a continuation of that.

fucking hell (1)

BoneFlower (107640) | more than 8 years ago | (#14880163)

Blumenthal mentioned on Slashdot.

Well, to anyone reading this not familiar with the state AG, he's basically glory hound. I am pretty skeptical of anything he says... things just look like he wants his name mentioned everywhere.

Granted, he does an ok job as AG, but that often seems to be secondary to the blatant glory hounding that infects everything he says to the media.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?