[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

ChangingLINKS.com groups at ChangingLINKS.com
Wed May 18 14:55:52 EDT 2005 

> On Wed, May 18, 2005 at 12:58:37PM -0400, Jim Popovitch wrote:
> > If that is true, than you (and everyone else involved in this thread) is
> > a troll for not assuming he was talking (if he even is) about a cdrom
> > based distro.  Clearly the onus is on you to ask questions if you don't
> > know the answer.  You can't go around all the time assuming you know
> > everything about everyone else.  Basic assumtions, yes.  Gross oversight
> > and/or wanton ignorance of what is being discussed is no excuse.

On Wednesday May 18 2005 12:14, George Carless wrote:
> Ah, what a crock.  When people make extraordinary claims, the onus is upon
> them to support those claims.

THAT is why I set up the challenge. 
I like contests rather than to bicker back and forth. No matter what I say, 
you will discredit it and call me a troll. But, with a contest - whereby you 
prove your point for FAIL - it is much more black and white. Actions.

> Or shall I claim that I can walk on water, and when you complain neglect to
> tell you that I am referring to ice? You may find this kind of thing 
> humourous; I consider it trolling.
> --George

You are backpeddling already. You are now assuming I am running a liveCD.
That is what Jim P. IS pointing out and you refuse to acknowledge.

I SHOULD NOT HAVE TO TELL YOU WHAT I AM RUNNING.
I SHOULD NOT HAVE TO GIVE YOU ROOT PASSWORD.
I SHOULD NOT HAVE TO TELL YOU MY IP.

Even given the fact that I am WILLING to give you that information, you are 
still saying that is not enough! I have redundant security features (one 
trick I even came up with myself - it's a neat idea really). I should NOT 
have to outline them all.

In the REAL WORLD (outside of this challenge) a hacker must crack into the 
system somehow, analyze it, and THEN do some type of "damage." In the real 
world I don't have to do any hand holding. In the real world, I don't post 
every security feature that I employ online. Again, I bring up the fact that 
your camp would start asking me to do things that YOU don't do with YOUR 
systems. 


Want to know what I have installed?
Want to know how my system is designed?
Want to know how I can restore my system so quickly?
Want to know what the version of each piece of software is?
Want to know what method I use to restore, and protect data?
Want to know how I audit the software that I install in my system?
Want to know how I verify whether or not viruses are on my system?
Want to know . . . geez, what more do you NEED?

You all didn't need any of that information before assuming that my system was 
designed like yours. You didn't need that information before trolling the 
run-as-root argument and then complaining when I said I didn't want to 
participate). You didn't need that information before my challenge was 
accepted. You didn't need all of that information before making YOUR claims.
My goal is to pit claim against claim - and hand you your ass. My ultimate 
goal is to design and operate a system that is easy to use and secure.


Now you will backpeddle, call it a waste of time, and make other excuses. 
There is NO excuse.


Moreover, I set up this challenge, to win a fixed computer (my original intent 
and focus) as well as share the information as to how I run my system (in 
general). You want more information BEFORE the challenge so that you can use 
it DURING the challenge. I set up the challenge with the sincere belief that 
I would win - the challenge was accepted on the belief that I could not win. 

I was safe in assuming that someone like Jerry Yu would connect, type rm -rf / 
and giggle. He even posted it. Of course, that will interfere with what the 
next guy is trying to do - like corrupting the BIOS or installing a stealthy 
virus. I was safe to assume that 30 minutes is not really a whole bunch of 
time to fully analyze the system and decide what would be the best tactic to 
down it. 30 minutes goes by fast (especially in light of the fact that some 
of that time would be spent on connection verification).

There are security features that I NORMALLY run that would not allow control 
of the box to be handed over so easily: 
The way I designed my ENTIRE LAN was so that someone could STEAL THE ENTIRE 
LAN - and I could replace the hardware and be back up and running on a Sunday 
afternoon. That goes beyond running as root, picking a distro, hardware 
compatibility, virus protection, data security, backup methodology, 
installation and configuration, and software auditing. 
However, it does not go beyond your camp's ability to assume.

You assumed that I did not have such a design. Don't backpeddle. Live with it. 
-- 
Wishing you Happiness, Joy, and Laughter,
Drew Brown
http://www.ChangingLINKS.com

More information about the Ale mailing list