Everything is Broken

For discussions about security.
Message
Author

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#2 Post by James C »

Really good read.

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#3 Post by nubc »

This gal took the red pill, so what. She didn't bend my spoon.
Last edited by nubc on Fri 13 Jun 2014, 06:21, edited 1 time in total.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#4 Post by jamesbond »

Another typical "you are doomed!" type story with no substance, started by typical big words and big claims to attract attention, written by born-yesterday "tech" journalist, capitalising on her friendship with folks in "infosec" circles, trying to hit it big.

I read the article until I read "C is good for two things: being beautiful and creating catastrophic 0days in memory management". So what language did she recommend, then? Oh, right - none - she does not write computer programs. She's a journalist.

And this gem: "Written by people with either no time or no money, most software gets shipped the moment it works well enough to let someone go home and see their family. What we get is mostly terrible." Yes, perhaps, we all drop all these programming jobs and becomes journalists instead. Everyone knows that unlike in software world, journalists have no deadline pressure, don't have to eat, have no family to look forward to when they go home, and don't get pushed to write crappy or filler stories because they have to fill the empty space in the newspaper in time or update the blogs to attract viewers. Plus, you can still have good conscience: if a journalist writes awful pieces anyway, no one will get hurt. What, no developer means no more software for my iPad? Good - don't spend too much time on that iPad, use the time to think and come up with more stories instead! Wow, total productivity gain.

I gave up when she said "people, as well, are broken". So what, we should cease to be because we are all broken? :lol:

Her last words are: "So yes, the geeks and the executives and the agents and the military have fucked the world. But in the end, it’s the job of the people, working together, to unfuck it.". Translated: "I don't have a solution either, but it is *your* (=somebody else's) responsibility to fix it. Now go away while I'm having my cuppa and writing more stories.". Yeah, a good one.

PS: IgnorantGuru's articles, on the other hand, I respect a lot, not only because he has the credentials, but also because he gives sound reasoning for them, While I don't agree with all of his points, I (unfortunately have to) agree with most of them.

EDIT: Add more sarcasm.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#5 Post by 01micko »

Glad you enjoyed it! :P

It is just a rant which I found entertaining on some level; well it made me laugh. Just as IgnorantGuru's is, although on a different level with different motivation; and also made me laugh. It probably deserves it's own post here, but I'll leave that to you since you discovered it and posted on your blog (@jamesbond). @James C, you may have read that one already.
Puppy Linux Blog - contact me for access

gcmartin

Humorous look at people & computer security

#6 Post by gcmartin »

Article 2 - IgnorantGuru's
Great expression of how coding and security (maybe insecurity is a better wording) provides right of passage (exploitation) expressed in a personal journey to manifestion.

Article 1 - "Everything is Broken"
Any written article comes to us with a point of view. The point of view of this one, is a clever postulate. Accurate for most of us as she points to the structure of things.

Its a humorous expression on the base of the problems in interworking code all the way to those who understand and have the means to exploit it to their benefit.

Liked (and laughed) the way it was presented. :wink:

This would work as a great stand-up act at a security convention. Hmmm...
Last edited by gcmartin on Fri 13 Jun 2014, 14:24, edited 1 time in total.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#7 Post by bark_bark_bark »

I liked the article. It was very informative.
....

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#8 Post by tallboy »

I did the same discovery some time ago, but I didn't throw away the code! My version has the advantage of being totally undetectable, if you don't believe me, check your network connections! But I have decided to limit myself to be lord and master of only 29655 computers, it takes too much time to handle more than that.

Purely by coincidence, that is the number of registered users on this forum... 8)

tallboy (or is it?)
True freedom is a live Puppy on a multisession CD/DVD.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#9 Post by 01micko »

tallboy wrote:I did the same discovery some time ago, but I didn't throw away the code! My version has the advantage of being totally undetectable, if you don't believe me, check your network connections! But I have decided to limit myself to be lord and master of only 29655 computers, it takes too much time to handle more than that.

Purely by coincidence, that is the number of registered users on this forum... 8)

tallboy (or is it?)
:lol: DAMN! I bet you are really a Chinese hacker (no offence intended to anyone Chinese, just that my host got hacked early today and my site is down).
Puppy Linux Blog - contact me for access

User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#10 Post by russoodle »

tallboy wrote:I did the same discovery some time ago, but I didn't throw away the code! My version has the advantage of being totally undetectable, if you don't believe me, check your network connections! But I have decided to limit myself to be lord and master of only 29655 computers, it takes too much time to handle more than that.

Purely by coincidence, that is the number of registered users on this forum... 8)

tallboy (or is it?)
So....that explains the anomalies in the attached image, taken from my current desktop a couple of minutes ago..? :roll:

And did you also have a hand in the demise of the HDD in my mac a few days ago??

Or....the sound carking it in my HD Media Player/Recorder only a few days before that???

:shock: :shock:
Attachments
tallboy-hankypanky.jpg
hmmm...
(6.63 KiB) Downloaded 360 times
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

gcmartin

#11 Post by gcmartin »

01micko wrote:
tallboy wrote:I did ...
DAMN! ... my host got hacked early today and my site is down
Did anyone else notice, too, that "Smokey01's mainpage" is down? 3 persons, with current issues, are seemingly from the land down-under (always liked that song, though :arrow: Australia's Got Talent ).

Probably, all coincidental?
Edit: Forgot 2 questions marks. Now added properly.
Last edited by gcmartin on Sat 14 Jun 2014, 17:12, edited 1 time in total.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#12 Post by Sylvander »

gcmartin wrote:Probably, all coincidental
I don't believe in coincidences.

Like the deaths of....
JFK
Martin Luther King Junior
Robert Kennedy
JFK's son
John Lennon
Princess Dianna
And MANY more.

All coincidences, right? :roll:

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#13 Post by 01micko »

I don't think russoodle's site has any issues atm,

Don't know about Grant (smokey01). Haven't seen him in a while which is unusual. All my files on his site are ok.Besides, his server is in the US.
Puppy Linux Blog - contact me for access

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#14 Post by tallboy »

I'm sorry to disappoint you all, but I'm afraid my code didn't work very well after all, the only mishaps I manage turn out to be my own! :( For example losing 20 years of collected engine/car related data (I am a motor engineer), all my notes and tips on Puppy since v.2 something, and lots and lots of other vital stuff as I fried my 160Gig LaCie USB HDD while reading up on different backup strategies... :oops:

tallboy (the real one)
True freedom is a live Puppy on a multisession CD/DVD.

starhawk
Posts: 4906
Joined: Mon 22 Nov 2010, 06:04
Location: Everybody knows this is nowhere...

#15 Post by starhawk »

How exactly did the drive fry? There may be a way to get it back, depending...

User avatar
tallboy
Posts: 1760
Joined: Tue 21 Sep 2010, 21:56
Location: Drøbak, Norway

#16 Post by tallboy »

The drive had two USB ports, one for transmissions, and one for extra power from an adapter or a second USB port. It seems using it with only one USB1 port did not produce enough oompfh to make it run stable. It was the power module that collapsed, and the drive seems to have lost all indexing.
None of the partitions (3 ext3 and 1 NTFS) are detected, and I have tried most tools available.
Even if there were info from sites that do not exist anymore, and some personal letters and docs that cannot be replaced, it is more annoying than catastrophic. Shit happens!
I am very aware of backup now; rsync -a is a very useful command.
http://www.computerhope.com/unix/rsync.htm

tallboy
True freedom is a live Puppy on a multisession CD/DVD.

starhawk
Posts: 4906
Joined: Mon 22 Nov 2010, 06:04
Location: Everybody knows this is nowhere...

#17 Post by starhawk »

If you can at least see the partitions in Puppy's copy of gparted, somehow...

With the drive unmounted...

fsck /dev/sdx1 (where sdx1 is the first ext3 partition)
fsck -a /dev/sdx1

...repeat for the other two ext3 partitions.

Not sure what to recommend for the NTFS partition.

User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#18 Post by russoodle »

01micko wrote:I don't think russoodle's site has any issues atm,

Don't know about Grant (smokey01). Haven't seen him in a while which is unusual. All my files on his site are ok.Besides, his server is in the US.
So far, so good on meownplanet.net/puppylinuxstuff, thank dog! My server's in the US too.

What amazes me is the sheer number of hacking attempts on my site, +/- 100-200 on any given day (i receive notifications). A while back, i spent time blocking ranges of IP addresses to try to keep the buggers out, (they're like a plague of bl***y fieldmice!), but ended up blocking genuine users, so that wasn't a successful solution. Negative-thinking bunch of morons - pity they couldn't turn their skills to more positive activities :twisted:

I've emailed Grant. They're still trekking around Oz, probably Darwin or thereabouts at the moment but i'm sure he'll get on top of it as soon as he can.
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#19 Post by 01micko »

I mailed Grant myself. He's having a blast somewhere up the top end. Good on 'im :) . He'll sort it out when gets a chance.

I've been through the files on my site and it's untouched. No matter where I point 01micko.com I can't make a difference. Even tried fiddling with the A and the CNAME records but made no difference. The DNS server of the host is compromised so I'm probably not the only one screaming at them on twitter and G+. No response. That is very slack. I'm sure they could outsource AH support on a per incident basis to Inia or Indonesia or somewhere with lower labour rates. Of course I couldn't log in with ftp.01micko.com as DNS points to that Chinese phone sales site. Apparently they have a few disgruntled customers so I wouldn't be surprised if it was a revenge attack! Foolish all the same.

You only need to look at your router logs to see the amount of filth trying to crack you. I get around 200 a day here at home, more sometimes. I do have a small, not well publicised home server but those attempted attacks were going on well before I deployed that. I always keep the router firmware updated. And my server only has port 80 outbound and a secret ssh port opened. My other machines are more vulnerable with things like samba, cups, web browsing, chat and ftp transactions going on.
Puppy Linux Blog - contact me for access

User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#20 Post by Ted Dog »

Time to backup on BluRay, FatDog 64 fixed the limit to sessions after 8G and it would have only cost 5 USD for 7 Bluray discs to backup full drive. Harddrives have let me down once to many times.
If you really must save data MDisk media are made to last 1000 years and they now have BluRay media. price is high. No practical limit for one file size full 23.5G can be one file.
Also try to disk image full drive before more repairs.

Post Reply