OS WARS MEGA THREAD (Now debating proprietary vs. open-source!)
- Thread starter Usquanigo
- Start date
fireballs619
Occam's Taser
- Joined
- Nov 4, 2009
- Messages
- 788
- Reaction score
- 4
- Points
- 33
Words alone cannot explain my confusion...
Last edited:
jimblah
New member
Linux is not immune to hacking.
If someone knows what their doing they can start with user priviledges and elevate them to root. I know exactly what happened and its my own fault. I'll begin with password strength. My son's password was extremely weak as was my own for convenience sake. And we both had administrative privileges. That only took seconds to rectify. I've revoked his and now he must log out use my account and password if he wants to make a change. In addition I have the system set up so he can use NoMachine's FreeNX to log on and use his desktop from his laptop that runs Windows 7 at school or from wherever. That is relatively secure as it uses ssh. Then I have ftp set up so he doesn't have to carry around all his music. Then there are the ports that I've opened up for various things like OMP, Vuze, etc. Any one of which could be exploited by someone with enough sophistication. I remember when OSX came out and they were so sure it was the most secure os. They put it on the web and invited hackers to try to compromise it. In less than two minutes someone had administrative privileges and shut it down anonymously. Linux is no different. No system is secure unless its off the web, with restricted physical access. Hackers need a motive, and the sophistication. Motive for hacking jimblah: When I first discovered Orbiter I fell in love with it immediately. I've been using Celestia for years. My favorite addon is Ringworld Star System based on Larry Niven's sci fi classic. For all those years I've wished I could fly the vessels instead of just look at them.
I don't blame gheghe one bit. From his/her perspective I'm an outsider still. This is like only my 40th post and I must admit that I come off the wrong way, especially in a chatroom or in a post where you don't have body language and such to determine where someone's coming from. Gheghe didn't hurt anything. GheGhe took control of root and created a user account named "GheGhe":tiphat: No harm done.
If someone knows what their doing they can start with user priviledges and elevate them to root. I know exactly what happened and its my own fault. I'll begin with password strength. My son's password was extremely weak as was my own for convenience sake. And we both had administrative privileges. That only took seconds to rectify. I've revoked his and now he must log out use my account and password if he wants to make a change. In addition I have the system set up so he can use NoMachine's FreeNX to log on and use his desktop from his laptop that runs Windows 7 at school or from wherever. That is relatively secure as it uses ssh. Then I have ftp set up so he doesn't have to carry around all his music. Then there are the ports that I've opened up for various things like OMP, Vuze, etc. Any one of which could be exploited by someone with enough sophistication. I remember when OSX came out and they were so sure it was the most secure os. They put it on the web and invited hackers to try to compromise it. In less than two minutes someone had administrative privileges and shut it down anonymously. Linux is no different. No system is secure unless its off the web, with restricted physical access. Hackers need a motive, and the sophistication. Motive for hacking jimblah: When I first discovered Orbiter I fell in love with it immediately. I've been using Celestia for years. My favorite addon is Ringworld Star System based on Larry Niven's sci fi classic. For all those years I've wished I could fly the vessels instead of just look at them.
Orbiter blows Celestia out of the water but there's no *nix port, and as it stands limited wine and virtualization support (except for me, I've been going to town with wine and my Orbiter install is phenominal.) I see no reason why Orbiter can't hit Platinum status at Wine's App database in a year. But then you go to the Orbiter Hangar and type Celestia in the search box and three pages of addons pop up that rip Celestia addons. I found Orbiter looking for sources or howto's to make compiz cube models. I wonder how addon developers would feel if I just started posting theses cubemodels elsewhere and just casually referenced orbiter? I went to the Orbiter irc channel and announced I was planning on "cloning" orbiter for linux and mac and that I would call it Orbitux, among other things. Its funny that I got laughed at, but since I've been studying wine that's a great place to start. As a last resort they discuss how to examine executables and dlls when source code is not available to improve the way a program runs on wine. As for the cubemodels they can wait. I want to get Orbiter working in wine the way it should.
I don't blame gheghe one bit. From his/her perspective I'm an outsider still. This is like only my 40th post and I must admit that I come off the wrong way, especially in a chatroom or in a post where you don't have body language and such to determine where someone's coming from. Gheghe didn't hurt anything. GheGhe took control of root and created a user account named "GheGhe":tiphat: No harm done.
Last edited:
Rtyh-12
Member
Excuse my ignorance but... who is GheGhe??
jimblah
New member
GheGhe will be on this list if he's not careful:
[ame="http://en.wikipedia.org/wiki/List_of_convicted_computer_criminals"]List of convicted computer criminals - Wikipedia, the free encyclopedia[/ame] :lol:
Look at the penalties. Hacking my little box isn't worth it. Especially if there's even the slightest chance you can get caught. This is why I haven't got into "blackhat" hacking. Security auditing is cool, learn how to use nmap and the other tools so you know what to look for and test your systems for vulnerabilities, but not outright DOS attacks and such activities against others.
The thing that would kill me the most is law enforcement getting their grubby little hands on my hardware.
[ame="http://en.wikipedia.org/wiki/List_of_convicted_computer_criminals"]List of convicted computer criminals - Wikipedia, the free encyclopedia[/ame] :lol:
Look at the penalties. Hacking my little box isn't worth it. Especially if there's even the slightest chance you can get caught. This is why I haven't got into "blackhat" hacking. Security auditing is cool, learn how to use nmap and the other tools so you know what to look for and test your systems for vulnerabilities, but not outright DOS attacks and such activities against others.
The thing that would kill me the most is law enforcement getting their grubby little hands on my hardware.
Last edited:
Sounds rather inefficient. Windows allows you to input an administrator password in order to make changes without needing to entirely switch accounts.
Or he could just use the laptop by itself, which is a whole lot more secure since it's not throwing all of his information across the web.
Given the wide availability of MP3 players in many sizes, I don't think it would be all that big of a deal to "carry around all his music" and it would certainly be more secure (and more portable!) than ftp.
I think that about sums up the OS-relevant parts of your post. The rest of your post discusses breaking the Orbiter copyright, so I'm neither going to quote nor respond to it.
---------- Post added at 00:02 ---------- Previous post was at 00:01 ----------
fftopic:Also, you didn't answer the question.
Last edited:
Linguofreak
Well-known member
If his son knows his password (which he apparently does) he still should be able to use su to get a shell in the admin account (or any other account he knows the password to).
---------- Post added at 02:22 ---------- Previous post was at 02:20 ----------
It would seem to be the screen name of the guy that cracked his box.
jimblah
New member
To catch a rat, you need a glue trap. Dispose of accordingly.
I PM'd Rtyh-12 an explanation before your post Helior. That did answer his question. As for Orbiter's copyright, I have ethics. I will walk from Orbiter before I stoop that low. I thought I made myself clear that the reason I've made comments like that is the number of addons at the hangar that rip celestia, while at the same time there's limited support for *nix. Virtual Sailor is pretty cool and I have the cubemodels that I want and I know how to make new ones. I'm trying to give something back by helping Orbiter run better on wine for mac and linux users alike. Things that should have been done "years" ago. World of Warcraft has five supermaintainers at WineAppd and a patch. But if that's not appreciated there's a million other things I could devote my time to. For instance I've got a Marshall stack, a GNX4 digital effects workstation, and a Jackson with fat frets staring at me from across the room that I haven't touched in weeks. I've removed Ubuntu Studio to get rid of bloat but I could just as easily reinstall it. I'd like to resolve this once and for all. I'm on board with Orbiter. If the consensus is that I shouldn't be here (take a poll) I'll go and never look back. But don't risk your freedom by hacking my box. I now have security well under control now that I know what I'm up against. As far as I'm concerned this is a dead issue until it happens again.
I PM'd Rtyh-12 an explanation before your post Helior. That did answer his question. As for Orbiter's copyright, I have ethics. I will walk from Orbiter before I stoop that low. I thought I made myself clear that the reason I've made comments like that is the number of addons at the hangar that rip celestia, while at the same time there's limited support for *nix. Virtual Sailor is pretty cool and I have the cubemodels that I want and I know how to make new ones. I'm trying to give something back by helping Orbiter run better on wine for mac and linux users alike. Things that should have been done "years" ago. World of Warcraft has five supermaintainers at WineAppd and a patch. But if that's not appreciated there's a million other things I could devote my time to. For instance I've got a Marshall stack, a GNX4 digital effects workstation, and a Jackson with fat frets staring at me from across the room that I haven't touched in weeks. I've removed Ubuntu Studio to get rid of bloat but I could just as easily reinstall it. I'd like to resolve this once and for all. I'm on board with Orbiter. If the consensus is that I shouldn't be here (take a poll) I'll go and never look back. But don't risk your freedom by hacking my box. I now have security well under control now that I know what I'm up against. As far as I'm concerned this is a dead issue until it happens again.
Urwumpe
Not funny anymore
- Joined
- Feb 6, 2008
- Messages
- 38,965
- Reaction score
- 3,937
- Points
- 203
- Location
- Wolfsburg
- Preferred Pronouns
- Sire
Are you somehow related to Gaddafi? Not meant as insult or kin liability...but your post gives me exactly the same feeling I got yesterday watching his speech.
Please...try it with structure. For example starting at the beginning. Following a clear red plot line. And not leave us guessing how somebody managed to create a user account on your Linux machine (likely because you had one port open too much or forgot a manual fix for a 5 year old security hole)
Please...try it with structure. For example starting at the beginning. Following a clear red plot line. And not leave us guessing how somebody managed to create a user account on your Linux machine (likely because you had one port open too much or forgot a manual fix for a 5 year old security hole)
Bonanza123d
Time Lord from Gallifrey
- Joined
- Jun 18, 2010
- Messages
- 269
- Reaction score
- 0
- Points
- 0
how about the root admin in windows. Boot in safe mode, run the CMD and then type in netuser [USERNAME] *. There you go passwords now at your disposal.
jimblah
New member
One last thing about Celestia
Helior: To rip a truly opensource multiplatform project like Celestia and then restrict it to the windows platform probably violates some copyright or license somewhere. I'm no lawyer but since you seem to be such an expert on such matters why don't you look it up and enlighten us.:lol:
Helior: To rip a truly opensource multiplatform project like Celestia and then restrict it to the windows platform probably violates some copyright or license somewhere. I'm no lawyer but since you seem to be such an expert on such matters why don't you look it up and enlighten us.:lol:
Urwumpe
Not funny anymore
- Joined
- Feb 6, 2008
- Messages
- 38,965
- Reaction score
- 3,937
- Points
- 203
- Location
- Wolfsburg
- Preferred Pronouns
- Sire
Orbiter is NOT Open-source. There is the big difference.
Also restricting Celestia to a platform isn't ripping or copyright violation, but simply development reality. Even if you have the blueprints of a Aston Martin, it does not make it fly in space.
Rtyh-12
Member
Ghostrider
Donator
- Joined
- Feb 16, 2008
- Messages
- 3,606
- Reaction score
- 2
- Points
- 78
- Location
- Right behind you - don't look!
Well, if I have them of course not. Major Boothroyd is another matter entirely...
jimblah
New member
Rtyh-12 there's nothing to be confused about.
I pissed somebody off to the point that they did something stupid. This is not a big deal really. I sincerely doubt that the guy on facebook is responsible. This sort of stuff happens all the time. It's just that most people aren't aware or don't report it because they're embarrassed. Most people would just reformat or something and move on. I myself really don't care, so you shouldn't. As I've said before I used to invite this sort of thing for a learning experience. I haven't been hacked in, eight years or so. I think this sort of thing is cute because I don't have anything to lose and the worst thing that could happen is I'd have to restore my partitions from backup. This is more for GheGhe's benefit really. He or she is probably a cool person that I could sit down and have a beer with under different circumstances. Their obviously pretty good with linux and that would be a great starting point for a long lasting friendship. I'm not trippin', neither should you.
I pissed somebody off to the point that they did something stupid. This is not a big deal really. I sincerely doubt that the guy on facebook is responsible. This sort of stuff happens all the time. It's just that most people aren't aware or don't report it because they're embarrassed. Most people would just reformat or something and move on. I myself really don't care, so you shouldn't. As I've said before I used to invite this sort of thing for a learning experience. I haven't been hacked in, eight years or so. I think this sort of thing is cute because I don't have anything to lose and the worst thing that could happen is I'd have to restore my partitions from backup. This is more for GheGhe's benefit really. He or she is probably a cool person that I could sit down and have a beer with under different circumstances. Their obviously pretty good with linux and that would be a great starting point for a long lasting friendship. I'm not trippin', neither should you.
Urwumpe
Not funny anymore
- Joined
- Feb 6, 2008
- Messages
- 38,965
- Reaction score
- 3,937
- Points
- 203
- Location
- Wolfsburg
- Preferred Pronouns
- Sire
I think you lost me completely.
Did you push somebody into doing this? Like actively provoking somebody unknown into hacking your computer?
Look, maybe you see things in different relations: If somebody can hack a properly protected system, he is usually too good to just destroy your data. He can do much better stuff without you noticing it, like installing secretly more backdoors as you can imagine and use your PC as zombie when you idle.
If he has nothing better to do than destroying your FS, he is pretty stupid. And if he is really stupid, your system must have had vulnerabilities, that a script kiddie can exploit - forgetting patches, using insecure configurations, being stupid enough to forget virtualization (A virtual box can be restored in seconds) if you expect your system to be in the line of fire. If you have not 100% trust in your box to absorb damage, the only IP you can taunt scriptkiddies with is 127.23.19.17
PS: My English is sure better than your German. I wouldn't go so far to also claim that my English is better than your English, we both won't win a Pulitzer prize, but still, you might consider that the problem is not the language, but the way you have chosen to express your story. It is too confuse, too many jumps in topic, time and context. Like good Spagetti code, which is also not meant to be read by a programmer again.
It's a fairly common rule of thumb in computers that if you have physical access to a machine (needed in order to boot to safe mode) then you can do whatever you want with it.
I'm not really sure what you're accusing me of doing or saying, or really what you're accussing anyone of doing or saying. I've never used Celestia, much less looked at the source, and Orbiter is not a "rip" of Celestia. In fact, the first release of Orbiter predates the first release of Celestia by at least two months (no exact date for the first Celestia release is given on Wikipedia).
The fact that some "addon developers" in the community choose to take the work of others and give very little credit is something you should be talking to them about, not me. You paint the Orbiter community with a very broad and inaccurate brush by accusing us all of the activities of a few. For my own part, of the four things I've uploaded to O-H, none are based on code that's been published before (the Wings3D plugin was originally authored by my roommate, and he gave me explicit permission to modify and distribute it) and three of them include the source.
Moreover, I'm fairly certain that the standard open-source licenses say nothing about being platform agnostic. If someone wants to take an open-source application and add platform-specific features to it, the license doesn't prevent them from doing so as long as they continue to follow the stipulations presented by the license.
Linguofreak
Well-known member
As long as the Orbiter addons in question comply with the licensing terms on the Celestia addons in question, there's no problem with that. If the Celestia addons in question are released under the GPL, then the authors have *specifically allowed* that sort of thing, as long as the derived work is licensed under the GPL or a compatible license.
Not really. Sure, it's *nice* to have support for every program on every system, but it's not the end of the world if we don't.
It's appreciated, although I will say that I find Orbiter runs quite well enough on Linux for me. I had a few problems with the upgrade to 2010 P1 and the latest OGLAClient, but after a bit more investigation, those have generally turned out to be false alarms (specifically an addon compiled against the wrong version of the API), or else to have disappeared when I did a clean install.
---------- Post added at 14:14 ---------- Previous post was at 14:08 ----------
I think he *believes* that something or other he did provoked somebody into hacking his computer. More likely he just got drive-by'ed (so to speak).
Similar threads
