Re:I was afraid for a sec... (Score:4, Funny) by bytesmythe (58644) <bytesmytheNO@SPAMlinuxbox.co.za> on 2003-01-07 8:52 (#5033237)

At first I thought this said something about "Linus Exposed"... Thank God I mis-read that... Then why in the world did you click on the article if that's what you thought it said? Perv... ;) -- bytesmythe My sig beat up your honor student.

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Re:I was afraid for a sec... (Score:2) by GuyMannDude (574364) on 2003-01-07 10:22 (#5034068)

Actually, I'm still kinda spooked visualizing nerds in trenchcoats down in their mother's basement busy hacking their kernel, unaware that their doodle is hanging out... GMD -- RIAA Headquarters: You will never find a more wretched hive of scum and villainy

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Yep, it's just cut/paste (Score:5, Funny) by Bri Hatch (523490) on 2003-01-07 9:46 (#5033785) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

Yes, HLEv2 is a complete rewrite of the original. Instead of adding new content and updating old things, we decided it'd be much faster for us to scrap everything we had. Instead we have code listings of the following, cut and paste from the original source: WU-FTPD versions. All of them. BIND. Only the ones that have had critical bugs. (About half.) A complete copy of /etc/services, uncommented, in case you don't have your Linux machine around at the time. A chapter on security problems when writing Pascal code, cribbed from something on USENET from 1983 A complete byte-by-byte deconstruction of an shttp session, explaining exactly how it works. (And yes, I mean shttp, not https) A copy of the Linux tulip ethernet driver code, for no aparent reason. We decided that this sort of content would provide the quickest time-to-market without any need to tech edit. By providing 0% useful information, it should be able to be read in whole as fast as you can turn the pages - no reading required. We found that people were not able to read the reviews on slashdot in their entirety, so why should we expect them to read ~700 pages about Linux Security? ;-)

[ Reply to This | Parent ]

Re:Yep, it's just cut/paste (Score:2) by Bri Hatch (523490) on 2003-01-07 12:27 (#5035144) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

I make it a rule never to make any public comments about books that could be considered 'competition'. If I were to say they're bad, you'd not know if I were being honest or devious. If I say they're good, then OMH can get on my case for "allowing my name to be associated with competing works, blahblahblah". Unfortunately, I bet even "complementary" books could be considered "competing" in the minds of lawyers, so I stay away from talking about books that could be considered competition, even if I don't agree. So that's why you won't see me commenting about RWLS, for example, though I will comment about non-RWLS topics in that thread. However, yes, when writing the joke above (it should be moderated "funny" not "informative, for goodness sake!) I did have a very specific book in mind after which I modeled my list, and of course I can't say what it was. And no one has guessed my /. password. I don't even know it. I use the terribly insecure 'bookmark this link' method. If anyone guesses it, I'm screwed. Call me lazy, but I prioritize what should be super secret and what's not worth the effort.

[ Reply to This | Parent ]

Re:Yep, it's just cut/paste (Score:2) by KalvinB (205500) on 2003-01-07 17:32 (#5036705) (http://www.icarusindie.com/)

"And no one has guessed my /. password. I don't even know it. I use the terribly insecure 'bookmark this link' method. If anyone guesses it, I'm screwed." Does your book cover how to exploit this insecurity? Or do I have to resort to the social engineering section? Innocent minds want to know. Ben

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.
• 4 replies beneath your current threshold.

Beating a dead horse. (Score:5, Informative) by Bri Hatch (523490) on 2003-01-07 9:25 (#5033623) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

Ok, I knew the hacking vs cracking thing would come up. Go read our response [hackinglinuxexposed.com] to this. For a quick bulleted list: I tried to get them to call it 'cracking linux exposed'. I lost. Much of the "cracking" process requires good "hacking" skills, so it's not actually a bad title anyway. Each and every time we use "hacking" in the book it's used as the purists would (and I'm one of the purists) When it's hacking with a malicious intent, we call it "cracking", "attacking", or "malicious hacking" as best fits the situation. The only exceptions to this rule are the front and back cover, on which we were either overruled, or gave up the good fight.

[ Reply to This | Parent ]

Re:Beating a dead horse. (Score:2) by alienmole (15522) <tontobius@hotmail.com> on 2003-01-07 10:29 (#5034126)

It's nice to hear that the authors weren't responsible for this travesty. I could care less about what the mass media calls a "hacker". But the problem I have with this book title is that it's horribly misleading. I first thought, based on the title, that it might be a book I would be interested in - a book about hacking Linux, sounds great. Then I found out it was all about security. It took a while for this to completely sink in to the point where I finally realized that I'm really not that interested in the subject matter. The title makes no sense whatsoever! Next time, explain to your editors/publishers that even if they don't understand the terminology, the target market just might! I realized, in trying to conclude my mild rant, that the real problem I have with this title is that no-one will be punished for it. I want justice! Revenge! Heads must roll! Stupidity must be stamped out! Death to idiots! Aaaaaaaahh... that's better.

[ Reply to This | Parent ]

Yes, I'm the author (Score:2, Interesting) by Bri Hatch (523490) on 2003-01-07 9:49 (#5033801) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

Ok, I don't use sigs or anything to plug my books. I like to be a normal /. person. But in case you're suspicious (you probably have a good future in computer security...) I'll post my /. id to our website [hackinglinuxexposed.com] so you know it's me.

[ Reply to This | Parent ]

just a thought (Score:2) by Ender Ryan (79406) on 2003-01-07 12:31 (#5035160)

Why not plug your books in your sig? Or indirectly, you could just link to this /. review. Lots of people do it, and I haven't noticed anyone who minds. FYI, I just purchased your book, thanks to this glowing /. review. And while I'm typing at you, I'm really glad that you're donating money to the EFF. There are just too many people who simply don't put their money where their mouths are. Cheers -- Sticking feathers up your butt does not make you a chicken - Tyler Durden

[ Reply to This | Parent ]

"Marketing" in sigs (Score:4, Insightful) by Bri Hatch (523490) on 2003-01-07 14:41 (#5035819) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

Why not plug your books in your sig? Or indirectly, you could just link to this /. review. Lots of people do it, and I haven't noticed anyone who minds. In my email program (mutt [mutt.org]), I have a perl script pick randomly from ~800 different signatures. (Most new additions seem to be from the "witty comments from my daughter" category.) The script must have some sort of AI in it, because it freqently picks things that are relevant to the text. Having just a static signature for /. seems less interesting. Manually changing it certainly more work than I'm up for. I don't want folks reading my /. posts and thinking I'm just writing them to have my sig get more notice. I don't want folks seeing my posts and assuming that they has more or less relevance because of the info in the sig. If folks want to see who I am, it's easy enough to click on my home page or /. area. And I am very very bad at self promotion. Anything I'd write for a sig would sound pompous. I'm really glad that you're donating money to the EFF. There are just too many people who simply don't put their money where their mouths are. I don't have the time, energy, or know-how to do what the EFF does. But they seem to fall on the same side of every issue that I do. So I do the best I can - send them cash. Now if only we could fund EFF as well as some corporations fund lackeys on capitol hill.

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.
• 1 reply beneath your current threshold.

Re:Except that it should be called... (Score:2) by Latent IT (121513) on 2003-01-07 9:09 (#5033478)

No, that's still cracking. Breaking security is cracking, period. Skilled coding, and especially using or improving things so that they can do more than before, is hacking. For example (and this is a paraphrased quote, since I can't remember who said it, and can't seem to manage to look it up) a good example of a hack is using that lamp on the wall over there to get me a beer. -- C'mon, New York. Let's show the world we still have some balls [wtc2002.com].

[ Reply to This | Parent ]

Re:Except that it should be called... (Score:2, Insightful) by stratjakt (596332) on 2003-01-07 9:19 (#5033573) (Last Journal: 2002-09-29 10:10)

But if I used the UT2k3 client to gain root access to your machine, did I not just use it to do something it couldnt do before? I may have cracked your machine, I'll cede that, but I *hacked* the software to do so. You say tomato, I say tomato.

[ Reply to This | Parent ]

• 2 replies beneath your current threshold.
• 1 reply beneath your current threshold.

Re:Nothing can match BIND for vulnerabilities. (Score:2) by ksw2 (520093) on 2003-01-07 9:27 (#5033655) (http://www.shaolinuxtemple.org/)

I dunno, ever use Outlook? The context was DNS daemons. Outlook is not a domain name server. (And this was modded Insightful. Look before you mod, forchrisake.) -- Shaolinux Temple [shaolinuxtemple.org]: "Kung Fu wants to be free."

[ Reply to This | Parent ]

Re:Nothing can match BIND for vulnerabilities. (Score:2) by wiredog (43288) on 2003-01-07 9:51 (#5033814) (Last Journal: 2001-10-01 15:53)

Yeah, I was expecting to be modded "minus infinity, was redundant last century." But I couldn't resist. "Insightful" Ye Gods. A further sign of the Decline and Fall of Slashdot. Hell, I wouldn't even hang out here, except kuro5hin is so damned slow you'd think it was at the end of a dial up line or somethin'. -- When the going gets weird, the weird turn pro. [aspectus.com]

[ Reply to This | Parent ]

Re:Nothing can match BIND for vulnerabilities. (Score:2) by shaldannon (752) on 2003-01-07 9:55 (#5033837) (http://free.house.cx/~william)

yeah...that's probably the DDoS from all the 5kr1pt |:P () -- What's your Slash Rating [mshiltonj.com]?

[ Reply to This | Parent ]

Re:Nothing can match BIND for vulnerabilities. (Score:2) by ksw2 (520093) on 2003-01-07 10:17 (#5034030) (http://www.shaolinuxtemple.org/)

Yeah, I was expecting to be modded "minus infinity, was redundant last century." But I couldn't resist. "Insightful" Ye Gods. A further sign of the Decline and Fall of Slashdot. Agreed. Slashdot is losing it, bigtime. -- Shaolinux Temple [shaolinuxtemple.org]: "Kung Fu wants to be free."

[ Reply to This | Parent ]

Re:Nothing can match BIND for vulnerabilities. (Score:2, Funny) by Machine9 (627913) on 2003-01-07 10:28 (#5034114)

I double dare you to make THAT work! now that's skillz...

[ Reply to This | Parent ]

• 2 replies beneath your current threshold.

Re:A Good Series (Score:2, Insightful) by blahlemon (638963) on 2003-01-07 10:58 (#5034346)

The only problem with these books is how quickly they do become dated. You won't get an amazing amount of use out of them in 5 years time except for as some sort of historical perspective. It doesn't matter how dated the book is, I've found the entire "exposed" series is great for getting you think in the right direction how to plug holes and where the next holes might be. Anyone who reads them strickly as an instruction manual will be easily comprimised. The person who reads them to understand the fundamentals will be much more secure.

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Re:I am so confused...Wrong book... (Score:2) by smartfart (215944) <looseduk@@@ductape...net> on 2003-01-07 8:46 (#5033200) (http://joeykelly.net/ | Last Journal: 2003-01-02 7:22)

He's not talking about the book he's reviewing, the bland book he refers to is Hacking Exposed, which only appears to be the pattern for Hacking Linux Exposed. -- Need a Linux consultant in New Orleans? [dhs.org]

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Yes, exploits of particular versions are outdated (Score:5, Insightful) by Bri Hatch (523490) on 2003-01-07 9:18 (#5033566) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

I disagree. If the book were filled with "Here's how to break into wu-ftpd version x.y.z, it would be pretty useless. I'd hope that by the time the book was in print, a new version of the software would have been written that fixed the problem. A book that simply lists one crack after another for their own sake is not helpful. However if you show different types of attacks as a teaching tool -- "Here's how an off-by-one error in OpenSSH caused it to be exploitable" for example -- then you can show different classes of attacks so the reader understands the actual problems that occur in many different software products. The goal was to show different kinds of vulnerabilities as explanation. Anyone who is still running older buggy software isn't maintaining their system properly. (And yes, we cover how to upgrade packages in great depth.) On the other hand, sometimes the problem is configuration: I can have a perfectly secure OpenSSH version, but if I ssh to an untrusted host with X11 forwarding on, the X11 server on my client is easily compromised. No new version of OpenSSH will fix this, it's an inherent problem with the all-or-nothing nature of X11. So configuration-based vulnerabilities do stand the test of time. I'd never just write a book with a list of BIND vulnerabilities that are based on bugs in the source code, but problems with the DNS protocol itself (it's easily spoofable, leading to MITM attacks) are fair game for in depth coverage. So, version-specific attacks are only covered if they help teach a concept. Configuration-specific attacks are covered if they are likely to stand the test of time. Protocol-related vulnerabilities (FTP bounce attacks/etc) are fair game until the protocol is destroyed with a big huge mallet.

[ Reply to This | Parent ]

Re:Yes, exploits of particular versions are outdat (Score:2) by josephgrossberg (67732) on 2003-01-07 10:42 (#5034225) (http://josephgrossberg.blogspot.com/ | Last Journal: 2002-10-21 6:22)

Wow, a response from an author! I'm very flattered. Can you provide some insight on why the price went up 25% in under two years? Hacking Linux Exposed, Second Edition by Bri Hatch, James Lee List Price: $49.99 Paperback - 720 pages (Dec, 2002) Hacking Linux Exposed: Network Security Secrets and Solutions by Bri Hatch, James Lee, George Kurtz List Price: $39.99 Paperback - 608 pages (Mar, 2001) Are the extra 112 pages that nice? Not to be cynical, but are you trying to be agressive about the people who already own version 1 (like me)? Joe P.S. Lest you get the impression otherwise, I liked the book. -- Joe http://josephgrossberg.blogspot.com [blogspot.com]

[ Reply to This | Parent ]

Price increase (Score:5, Informative) by Bri Hatch (523490) on 2003-01-07 10:58 (#5034347) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

I didn't even notice that the price increased until right now. I have nothing to do with the price of the book. I have no idea how they set it. Maybe the higher price means we will make minimum wage for our troubles this time... In actuality, there are about 200 new pages, since we cut out a lot of older stuff, condensed things that are not as relevant that still deserve a good nod, and put the original three case studies online instead. Chapter 10 grew to be three chapters all told. Chapter 11 needed to be split because it was too big for both Mail and FTP in one chapter. We covered many new attack methods and tools. Everything grew substantially, in spite of trimming out the old and tightening up what we had. And we fixed a bunch of errors and added completely new ones. Everything in HLEv1 is still valid. If you own the first, I'd suggest you compare the contents [hackinglinuxexposed.com] of the two books to decide if you want it or not. Or browse it at the store. Unfortunately, the sample chapter [hackinglinuxexposed.com] is again chapter 1, which is one of the least modified chapters, so it doesn't give you the best indication of what's new. This is my best stab at a response. I am so much not a marketing guy, I'm a geek.

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Re:exploits are *not* outdated (Score:3, Insightful) by Daytona955i (448665) <<Christopher.John ... <at> <drexel.edu>> on 2003-01-07 9:23 (#5033612) (http://www.pages.drexel.edu/~cjf24)

Most users who do not update their software probably also don't recompile their kernels and would instead get a new copy of red hat thus installing new updated versions of their software. I think most people who want to keep a stable kernel would take the time to update their system or keep track of vulnerabilities in the software they do run. The only people I know that don't update their software and OS are windows users. Though they tend to update to the latest major release. (except for some people I know who still run 98) -Chris

[ Reply to This | Parent ]

Re:A perfect 10? (Score:2, Informative) by ThinkingGuy (551764) <glane4@nOSPAM.mindspring.com> on 2003-01-07 9:46 (#5033782) (http://slashdot.org/)

I would recommend "Securing and Optimizing Redhat Linux," [tldp.org] which goes into great detail, down to recompiling packages for greater security, exactly what permissions to set on specific files, etc. Its only drawbacks are: it's specific to Redhat, and only covers versions up to 6.2. Still, there's some good general advice that is applicable to other distributions. -- "Nobody tosses a dwarf!"

[ Reply to This | Parent ]

LS: Supposing you had free time, what would you be doing with it?

Brian: I'd devote some time to helping out the Linux Security Module project. I hope to help port systrace to LSM next year. Currently it is a kernel patch, and I think the community would be served better in the long run by having it available as an LSM module, which would make it more accessible to those who fear kernel compilation.

And some day I hope to get around to turning some of the megs of perl code I've written over the years into well defined Perl modules for CPAN. Then I won't be the only one supporting this spaghetti code. ;-)

If I had infinite time, I'd learn to play the Hammered Dulcimer and French Horn. There's nothing in the world as musical as a well-played French Horn.

LS: In your opinion, what is the most interesting thing about Linux and Security?

Brian: The first thing is that, with Linux, security is a possibility. It is not an end point - you must constantly keep abreast of new attacks and revisit your security posture - but there is nothing that is unavailable to you if you want to look. Closed source systems can never offer this. By design, be it chosen for monetary reasons or to prevent competition, closed source products always hide details from the users and administrators that could be critical to understanding how thing function, and how they can be broken.

One of the beauties of Linux (and other open systems, such as *BSD) is that you can use them to boost the security of those closed source machines. By the liberal application of Linux machines throughout your infrastructure, you can keep those exploits-waiting-to-happen locked down where they can do less harm. For more of my ranting on this topic, see my article Linux is Securable -- I won't waste time rambling here.

What is most intriguing right now on the Linux horizon is the evolution of security controls. In the beginning, all you had to work with were file permissions. Root could do absolutely anything unchecked, and root access was required for some things such as binding low network ports or opening raw sockets, which meant use of set userid bits on programs, which frequently were broken to gain root access.

Next came capabilities, where each bit of root's power was defined in more specific terms. When determining if a process could bind port 80 originally you'd check to see if uid==0. Now you'd check if the process had the CAP_NET_BIND_SERVICE capability. In theory, you could now remove capabilities from the system - for example removing the ability to load kernel modules ever again, which is good for defending against malicious LKMs.

It goes on quite a bit - a good read.

The HLE authors have a Windows vs Linux Security Challenge [hackinglinuxexposed.com] where they want to have a Linux security team and a Windows security team install and secure a Linux and Windows machine at the same time, documenting what they do and how long their machines are vulnerable. I'd love to see this. It'd be a great way to see exactly how bad Windows machines for both generic installation (imagine counting the number of reboots for one vs the other as you update service pack after service pack, a reboot after installing IIS, another when you change your password ;-) and security (locking down the machine so that IIS doesn't have a billion holes from the default installation).

I'd pay good money to see this.

Re:Linux versus Windows Challenge (Score:3, Interesting) by ostiguy (63618) on 2003-01-07 10:14 (#5034014)

You ought to try windows more often, if you want to make comments like this. I slipstream service packs in all of my win2k distribution points, so my minimum is win2k+ sp3. You then can chain together hotfixes, and reboot once. ostiguy -- The MCSE with > 50 karma. Do *you* believe in miracles?

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Default install of *anything* is buggy (Score:5, Interesting) by Bri Hatch (523490) on 2003-01-07 10:22 (#5034073) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

Any well-featured Linux distro is not secure unless it ships with everything off, which is seldom the case. This is a big beef of mine, but it's getting better over time. It's an ease-of-use vs security situation. You install Apache, the distro assumes that you want to run it, so it sets up the links in /etc/rc?.d and /etc/init.d so it runs. So, there's no real difference between Linux (speaking generically of all distros) and Windows here. However the process of hardening them is very different. I bet I can install Debian with minimal packages and achieve all the functionality I claim within an hour or two, with one reboot just to make sure it would come up correctly if it's out in a remote datacenter somewhere. But that's really no the point - I'd like to see good explanations of what's needed to secure both. It's not just a competition to say Linux is easier /faster to secure (though I suspect that would be the consensus.) It's a way to create more documentation for everyone, Linux and Windows users. In that respect, it's more noble than just a pissing contest. If I ever got off my butt and tried to actually make the thing happen.

[ Reply to This | Parent ]

Re:Default install of *anything* is buggy (Score:2) by strobert (79836) on 2003-01-08 2:48 (#5038815) (http://www.strobe.net/)

hopefully I won't start a flamewar, but seeing you mention in an hour or two makes me wonder if you have ever tried kickstart under redhat (the main reason we haven't looked at debian seriously). Because of kickstart's automated abilities limited package secure installs in 5-10 minutes. Combine that with treating most machines as disposible. Makes recovery real easy. archive a copy of the server for analysis (optional) and re-install (since as most people know and apparently you point out in your book recovering from a break in without a reinstall is not exactly a trivial matter)

[ Reply to This | Parent ]

Context: Windows vs Linux Security standard inst. (Score:2) by Bri Hatch (523490) on 2003-01-08 8:25 (#5040305) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

The context of this thread is for my proposed Windows vs Linux Security Challenge [hackinglinuxexposed.com] which is meant to model what a normal user would need to go through to create a secure install from scratch. Sure, I can set up a very detailed list of packages and specific application configuration for a big web farm and install with kickstart. I could even set up a disk and clone it with 'dd' and a few shell scripts to change IP addresses. But that's not going to help teach new Linux users what the securing process looks like. So I do not dissagree with you -- your solution is definately optimal for creating lots of good machines -- but the goal was to show how to install and secure one machine in a standalone environment with a set suite of server software. As to the actual time I'd take to do the install and lockdown, I think 2 hours is plenty, given the proposed packages that must be installed and configured: Including the (secured) operating system itself, the final server configuration must support (as secure as possible) A Web Server, preferably with dynamic-content generating capabilities, such as ASP or mod_perl. No documents need be installed, however all default-install documents/programs must be deleted. In other words, every possible request should return a 404. Anonymous FTP Server (read-only) Mail Server (able to accept email for itself and send to other Internet machines) DNS Server (able to act as a primary for 'OS.example.com' and as a cache for the local network) Firewall rules that allow only the above protocols, and any other packets necessary for system administration and normal functionality. (Inbound SSH, DNS Replies, etc.) The software I'd probably choose would be Apache (mod_perl), DJB's publicfile for anon FTP access, Postfix for the mail server, and DJBDNS for the DNS server/caching server. Now that 2 hours includes keeping a log of what I'm doing, or at least explaining it to someone who can keep a good running log, includes download time of updates (like I said, this should be like an end user, so the packages should be out of date on the install CD) and time to go get and consume a grande non-fat extra carmel carmel macchiato from starbucks.

[ Reply to This | Parent ]

• 2 replies beneath your current threshold.
• 1 reply beneath your current threshold.

...yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security.

Re:Where's the 'hacking OpenBSD' chapter? (Score:2) by gmkeegan (160779) <gmkeegan@yaERDOShoo.com minus math_god> on 2003-01-07 10:45 (#5034246)

I believe the point that he was trying to make was that OpenBSD is not as hackable/crackable as Linux. That said, I wouldn't mind seeing Jeff Gordon, Emeril Lagasse, & Linus collaborate with Brian & James on the 3rd edition :) A mind is like a parachute; it needs to be tightly packed and ripped open, preferably with a reserve.

[ Reply to This | Parent ]

• 3 replies beneath your current threshold.

• 2 replies beneath your current threshold.

Especially IT books, get outdated very fast!

Books that cover 1. theory and 2. mature environments grow outdated much more slowly than (say) a book on Visual Studio .NET version 7.

• 1 reply beneath your current threshold.

For the last quarter I think we got $150 from Amazon and about $10 from B&N which we'll be sending to EFF. Not much, but it's a good way to funnel money their way. I particularly like the irony of having Amazon, creators of some pretty questionable patents, paying EFF.

An even better way to support the EFF is for you to find the cheepest copy of HLEv2 you can get at a local book store (save on shipping) and then donate the difference to EFF directly. Or don't get HLEv2 and send the whole schebang to EFF.

Become an EFF member or donate at www.eff.org [eff.org].

No, I'm not affiliated with them, other than being a paying member, but I endorse them. And some day I may need them to defend me, given that HLEv2 can be considered a tool that could be illegal under the DMCA.

Update: Donations to EFF from /. effect (Score:2) by Bri Hatch (523490) on 2003-01-09 11:37 (#5049202) (http://www.ifokr.org/bri/ | Last Journal: 2003-01-09 11:48)

For those keeping score, here's a quick update. Checking our Amazon affiliates account, it looks like about 70 products were ordered on the day this slashdot review was published. I can't see actual monetary amounts until the items are shipped, unfortunately. But based on last quarter's average of $2.78/item, that means we'll be sending about $200 to the EFF for that day alone. Also, I'd like to thank Alex Lewin who didn't buy through our links, but wrote: Your book sounds good, and relevant to what I do (Linux adminstration and development). I'm planning on buying it. Without looking too hard, I found it for $24.91 on Y! Shopping. I'll make a corresponding contribution to EFF. That's the spirit, guys!

[ Reply to This | Parent ]

In short, yes, the donation will apply to any books that get credited to our affiliate accounts. You can go through the book links on any of the following sites:

• Hacking Linux Exposed [hackinglinuxexposed.com]
  The book that caused yet another "Hacking" vs "Cracking" thread on Slashdot. I apologize.

• Building Linux VPNS [buildinglinuxvpns.net]
  A book by Oleg Kolesnikov and I, reviewed on slashdot last year, other reviews here [buildinglinuxvpns.net].

• Onsight.com [onsight.com]
  James and my company.

• Open Source Web Development with LAMP [opensourcewebbook.com]
  A top-notch web development book by James Lee (co-author of HLE and HLEv2) and Brent Ware. I tech edited this book, and also benefited from it in a user capacity, for example setting up the handler that controls access to the 'auto linux hacking' [hackinglinuxexposed.com] software.

Going through any of those links will work. If you prefer, you can just send money to the EFF directly and cut out the middle man.