Slashdot Mirror

somewhere I heard the Japan pirates like 42% (rough guess) of all the worlds pirated software. Now they can just go to Freshmeat and download anything GPLed.


In all acutality I have never seen a Linux warez site... I guess people have too much respect for the software developers. Lets hope Japan doesn't start a movement.


Where are my damn moderator points when I need them?

Trust me, there are plenty of very very smart people working on things other than the internet. Let's think of most of the really breakthrough internet-related development. The net allows people to buy stuff from vendors -- anybody from a major company (amazon, dell to some guy sitting in his basement. Also there is very available information, as well as slashdot. If somebody is in some country that's getting bombed to hell by the US, they can set up a web server and give accurate(hopefully) accounts of what's really going on that doesn't get filtered through TV. There are various projects for the distribution of software, as well as thigns like distributed.net/seti@home.
I may have missed some things, but most other sites seem to be clones of the above -- ie ppl selling stuff, distributing news, distributing programs. It doesn't take much wit to clone a website.
The development of software (ie the linux distos, BSD's, m$) also takes effort. However it seems to me that for every software engineer there is prolly a hardware engineer working on something else (intel Leadmine, the G4, whatever).
I think that there is also a very large number of people working in science. Every major university has some large portion of it devoted purely to medical research, I think, and those areas are full with very very smart individuals doing their best to cure cancer (I work in such a lab myself) or other diseases.

You can't rechannel energy from one industry to another. I can tell you that because people have different interests, they would be much less productive in a field they are not interested in. So for example if I get my thrills by making programs, I'd be quite less interested in working on a farm trying to grow a giant tomato (no offense to Lisa Simpson) or develop better diesel engines.

The point is that I believe it is a miracle that we have gotten this far already, and besides, would colonies on the moon be really worth it if you couldn't listen to mp3's (or watch DVD in linux) once you got there?

Since this discussion seems to have a lot to say about VB, I figured I might bring this up:

There is a VB to C/GTK converter that will handle most of the VB stuff. It's command line and therefore basically useless for development without VB for Windows. Search Freshmeat for this -- it's called vb2c. The guy doing it just made it for fun, but now, considering that we have "proof" that VB is the most popular language, it's useful.

I want to work on a VB GUI for Linux to complement this program; would anyone want to help me (or has this already been done)?

Kenneth Arnold

PS - I got interrupted while writing this so maybe someone has already posted something about vb2c. If so, just ignore this.

This is basically comercialisation of the Linux Virtual Server Project... it's a load balancer - much like Cisco's LocalDirector...

Now if you want real clustering, help with the Linux High-Availability Howto or go look at HP/UX's MC/ServiceGuard - or if you are forced to play with toys, MS makes NT Enterprise...

GEEK!

Sections

10/25

apache

10/26 (2)

askslashdot

10/26

books

10/26 (4)

bsd

10/25

features

10/25

interviews

10/20

radio

10/26 (2)

yro

Andover.Net

AndoverNews
Ask Reggie
DaveCentral
Freshmeat
MediaBuilder

"Microsoft Cracked" |
monstar (62285) |

Preferences | Top
| 254 comments | 63 siblings | Starting at #50





Threshold: -1: 254 comments
0: 244 comments
1: 179 comments
2: 51 comments
3: 15 comments
4: 6 comments
5: 1 comments


Flat
Nested
No Comments
Threaded



Highest Scores First
Newest First
Newest First (Ignore Threads)
Oldest First
Oldest First (Ignore Threads)

Save:


The Fine Print:
The following comments are owned by whoever posted them.
Slashdot is not responsible for what they say.

( Beta is only a state of mind )

1
| (2
) (Slashdot Overload: CommentLimit 50)
Impressive (Score:1)

by MtnMan1021
(jbr [at] nassau [dot] cv [dot] net) on 08:19 PM October 26th, 1999 GMT
(#16)

(User
Info) http://www.petitioneer.com/

Looks like "flipz" is more than just a script kiddie: attrition lists her as having cracked jpl, duracell, people's bank, a bunch of .mils, department of veteran affairs and some other stuff. http://www.attrition.org/mirror/attrition/flipz.ht ml

she doesn't seem to be very creative in her replacements/alterations, though.
[ Reply to This
| Parent
]

• 
  
  Re:Impressive (Score:1)
  
  by whocares
  (grey@enigma.mips4.com) on 09:42 PM October 26th, 1999 GMT
  (#118)
  
  (User
  Info)
  Well shit, I've written my name in marker on federal buildings, phone booths, mailboxes... I'm certainly more than your average defacer of random crap. :)
  
  
  
  Seriously. When someone releases information that's of use to someone as result of their cracking, or actually *accomplishes* something aside from defacement... maybe *then* I'll be impressed. Until then - whatever.
  [ Reply to This
  | Parent
  ]
  
  Not Really (Score:2)
  
  by Gleef
  (gleef@capital.net) on 08:38 PM October 26th, 1999 GMT
  (#42)
  
  (User
  Info) about:mozilla
  
  The sites weren't all that high security. Oooh, the "US Army Dental Care System" computer was compromized, while it is in the .mil hierarchy, I doubt that much effort went into securing it.
  
  
  
  I'd say flipz is probably a very busy script kiddie. The cracked sites certainly don't show much imagination.
  [ Reply to This
  | Parent
  ]
  
  
  • 
    
    Re:Not Really (Score:1)
    
    by TeddyR
    (syousif@iname.com) on 09:07 PM October 26th, 1999 GMT
    (#87)
    
    (User
    Info) https://www.mav.net/teddyr/syousif/
    
    The problem is that if a single .mil/.gov/etc site is compromised, there is the distinct possibility that other sites can be compromised. Simple example: many .mil sites only allow access to "public" web pages from other .mil sites. The same goes for .edu and .gov sites... The path to a final destination is much shorter than from "the big bad internet"... Another simple scenario would be if although THAT machine was not "secured" since it has nothing of importance on it, there is a slight posssibility that the machine is on a network segment that in turn has access to another segment that DOES have material that may be valuable to someone else...
    
    
    
    BTW: The above scenario is exactly why many "high security" sites do not allow employees to have "important" material even on their normal day-to-day office machines..
    
    
    
    
    [ Reply to This
    | Parent
    ]
    
  
  

Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known.

Whatever it was, that name doesn't seem to resolve anymore. I guess they must be covering their tracks for now, because fear.microsoft.com and doubt.microsoft.com also don't resolve. :-)
[ Reply to This
| Parent
]

• 
  
  Re:uncertainty.microsoft.com (Score:0)
  
  by Anonymous Coward on 04:02 AM October 27th, 1999 GMT
  (#247)
  
  
  Score: 0?
  Redundant?
  
  Don't listen to that silly moderator, I
  thought your post was hilarious. :)
  
  [ Reply to This
  | Parent
  ]
  

• 
  
  Re:cracked? (Score:1)
  
  by kijiki on 05:13 AM October 27th, 1999 GMT
  (#250)
  
  (User
  Info)
  Personally, I don't see much difference between the "new" (web page) crackers and the "old" (copy protection) crackers. Both require basic assembly knowledge, and the ability to use a debugger. And lots and lots and lots and lots of time on your hands. Obviously I am ignoring those amazing buffer overruns exploits where people manage to get code in through a function that strips out all characters but '9' 'a' and 'q', but your average exploit is not that impressive an achievement. Nor is your average software crack. I fully expect to be flamed by the script kiddies and the h4x0r groupies. Please at least attempt to keep it coherent.
  [ Reply to This
  | Parent
  ]
  
  Re:cracked? (Score:0)
  
  by Anonymous Coward on 10:51 PM October 26th, 1999 GMT

1. AdBuster [Win32/Linux I think] Filters Ads
2. Intermute [Java for Win32] Filters Ads, Sites, Cookies, Javascript
3. JunkBuster [Win32/Unices] Filters Ads, etc

Not listed on Mattshouse, but nearly what the guy is looking for is KMySQL.
Despite its name, the recent versions of KMySQL have a plugin architecture with support for PostgreSQL and mysql.
It would be worthwhile to add ORACLE support by writing a plugin

Have you tried MySQL ? or Postgresql ? They both match the criteria of mid-sized SQL database backend.

You should also have a look at Apache/PHP.

I also regurarly see postings on Freshmeat of a tool to translate ASP scripts to PHP. The tool is called ASP2PHP

The uptime of apache and apache/php can be considered a non-issue. They are at least as stable as IIS/ASP and probably even more stable and faster.

Mal, your sig belies your leanings.

Do unto others what has been done to you

Which quickly leads to death and ,,umm,,,malcontent.

Do under others as you would have them do you.a.k.a. the "Golden Rule"

I like cybersquatting, but I think that sometimes it crosses the line. Most of the cases I've seen so far have been pretty fair, IMHO. It's easy to raise a ruckus nowaways. Most of the good ones are taken. Of course the new addition of .rec .comp .biz, whatever will make this issue even more important.
try freshmeat.net .org .com

Should be interesting...

Thanks! The program is jslaunch.

THE GOOD

• LinuxCare's little bootable Linux recovery CD kicks ass. No bigger than a business card, it fits in the 3" diameter groove in CD-ROM/DVD-ROM drive trays and has the potential to save your butt when lilo eats itself. They also had some Linux stickers that now adorn the case of my 386... (Yes, it runs Linux.)
• IBM had a presence. Although certainly not the largest or flashiest booth in the show, Quake 3 on a rather large plasma display attracted lots of attention. Dual PII-400 Intellistation + Voodoo 3 3000 + large plasma display. Mmmmmm. Thanks to the guys there for letting me get some game time on that mammoth thang...
• O'Reilly also had a presence, and their trade show pricing kicks much booty. Picked up a few books for 20% off list and got a shirt to boot...
• Mad props to VA Linux Systems for not only having a cool booth and giving away lots of stuff but for supplying the machines used for public Internet access. Their Debian boxed set is pretty cool and sports Learning Debian GNU/Linux from O'Reilly. (Yes, I was one of the people who stood around in line for ten or fifteen minutes to win this...)
• Thanks to the Sun and Rave Systems folks for all the free stuff. Learn to play Quake 2 without cheating before next year's show... :-) (Now where's my complimentary Sparc 5?)

THE BAD

• None of the shirts I got fit. None. Zero. Zip. Zilch. I'm 6-foot-3-inches tall and weigh 295 pounds. Show me the big-assed shirts!
• The IBM guys told me that the Showcase had a T-1 connection to the 'Net. I couldn't verify -- the packet loss and latency was horrible on the connection. I'm hoping this is only because lots of geeks were pounding on the connection like a pack of wild monkeys...
• Food choices were few, and lines were long. Within the Galleria, your choices were Subway, some cafe whose name I don't remember, Ruby Tuesday's, and Chick-Fil-A. If you were bold, you could go to the movie theater downstairs and buy a big tub of popcorn. The group I was with walked across the street to another mall and ate at Arby's. Yum... I think.

THE UGLY

• Where the hell were the Slackware people? I wanted Slackware apparel... Hmmph.
• Linux merchandise places came out of the woodworks to hock their goods. Yay capitalism...
• Don't eat at Shoney's. Our group waited over an hour for food before giving up and leaving.

THE REST

• The andover.net/freshmeat.net/slashdot.org booth was smack dab next to the linux.com booth. Taken together, it looked like one big congregation of slackers with laptops. All things considered, however, I wouldn't have minded flopping down on the couch for a rest after walking around for a few hours...
• I will seek revenge against the guy in the Debian shirt who shot me in the arm with a Nerf dart... muahahahaha
• The Debian folks had a Sun Ultra 5 running XaoS, Netscape, and some Tetris clone in separate windows. Just for kicks, I maximized the XaoS window. Can we say slideshow?
• I had nothing interesting enough to trade with the lady at the VA Linux booth, so I didn't get one of those nifty enlightenment shirts. Dammit.
• NetBSD was there. Go figure.

Overall, it was a pretty cool show, but I wish I didn't have the 2-1/2 hour drive. It was put on very professionally and appeared to be very well organized. I was only slightly disappointed that the show wasn't any bigger... The nifty canvas bag attendees got and the included CD made up for that, though.

This is an email client I discovered awhile back when looking for a decent GUI email program.

I have not yet tried Mahogany myself, but it appears to be exactly what you're looking for from the freshmeat description. It has the consistent GUI across platforms, although I would still recommend using IMAP if you can for a more seamless experience.

I bothered to look it up: http://freshmeat.net/appind ex/1998/08/18/903433003.html

Hope this helps.

There are a number of GPL products which use Perl + DBI. One of the best, IMHO, is Orac which also uses Perl/Tk and so provides GUI access from multiple platforms (Solaris, Linux, NT). Orac offers loads of SQL scripts to help with tuning, or just seeing the layout, of databases. It also provides realtime database monitoring, which is the current thrust for improvement of the tool. You can find it on CPAN, e.g. here .

Another monitoring tool, which is capable of emailing you when it's unhappy as well as putting up current status on a web page is Karma. This is still developing rapidly and is intended for Oracle on Linux. This can be found here on freshmeat.

Hope this is of some use.

Those three programs are some of the best known projects in the Open Source community. If you're looking to find out when other projects are updated, I suggest you check out freshmeat. It's a great page that tracks just about every Open Source project out there. If /. started covering all of them, there'd be no space on the page for anything else.

There's a notetab-esque clone you can check out on freshmeat: gnotepad.
Works wicked nicely for me, and i've had pleasantly few problems with it:)

-blarg

IglooFTP is a pretty snazzy program which does queue transfers resumes etc. gftp is pretty cool as well and is GNU I believe. lftp is good, apparently does background transfers, but is a console-based program. Check http://www.freshmeat.net for the above programs.

I agree, wget is a great program, and it has /tons/ of options, and supports resuming. Its also nice because I can put it in a cron job. Go here

• icecast - streaming 'shoutcast' clone for linux.
• Large mp3 collection. (BYOA - bring your own archive. *g*)
• If you think you won't have more than 50 simultanious listeners on this box, a K6-350 or a P266 ought to be sufficient. Due to the nature of icecast, it only needs to encode the stream *once* and stream it out - so it's largely a bandwidth issue. If you're going to have more than 50, and will be serving dyn-html off the same site (generating playlists and whatnot), you might want something abit more beefy. Either way, consider 256mb of RAM your minimum.
• As for HDD, here again - it just 'depends'. A good strategy might be two drives - one for your mp3 archive / wav files, the other for your web pages & stuff. Regular old IDE drives will do well under this setup and you don't have to worry much about blips in the audio if you have the streams on a seperate (dedicated) drive
• Apache web server with perl_mod and/or php3_mod. But this is more for quick development of webpages and access to databases than anything else.
• I don't know if it'll be much use to you, but I couldn't resist plugging my mp3db program to help organize your collection. :)
• I would seriously recommend ripping / encoding on a seperate box to keep the load down. I'm sure there won't be a problem finding volunteers to send you pre-encoded mp3s on campus. :^) If you want a free software encoder, check out LAME (no url, sorry!) - it works very well as long as you give it somewhat high bitrates. Otherwise freshmeat has a variety of mp3 utilities in the app index under console/mp3

• Hope this helps!
  
  --

• icecast - streaming 'shoutcast' clone for linux.
• Large mp3 collection. (BYOA - bring your own archive. *g*)
• If you think you won't have more than 50 simultanious listeners on this box, a K6-350 or a P266 ought to be sufficient. Due to the nature of icecast, it only needs to encode the stream *once* and stream it out - so it's largely a bandwidth issue. If you're going to have more than 50, and will be serving dyn-html off the same site (generating playlists and whatnot), you might want something abit more beefy. Either way, consider 256mb of RAM your minimum.
• As for HDD, here again - it just 'depends'. A good strategy might be two drives - one for your mp3 archive / wav files, the other for your web pages & stuff. Regular old IDE drives will do well under this setup and you don't have to worry much about blips in the audio if you have the streams on a seperate (dedicated) drive
• Apache web server with perl_mod and/or php3_mod. But this is more for quick development of webpages and access to databases than anything else.
• I don't know if it'll be much use to you, but I couldn't resist plugging my mp3db program to help organize your collection. :)
• I would seriously recommend ripping / encoding on a seperate box to keep the load down. I'm sure there won't be a problem finding volunteers to send you pre-encoded mp3s on campus. :^) If you want a free software encoder, check out LAME (no url, sorry!) - it works very well as long as you give it somewhat high bitrates. Otherwise freshmeat has a variety of mp3 utilities in the app index under console/mp3

• Hope this helps!
  
  --

A while ago, I had a sudden urge to change something hardware on my comp, and, since I didn't exactly have to money to buy a new K7, I decided to try a dvorak keyboard. After a half-hearted attempt to find one in local stores, I found out I could remove the keys on my keyboard. So, as a weekend-adventure, I laboriously plucked each key from my keyboard (with the help of a screw-driver), and put them back in according to a picture of a dvorak keyboard I had found. I then did a "loadkeys dvorak.kmap" and started out a tutorial I found on freshmeat. It works great. The only real side-effect: a somewhat "hilly" keyboard. At least on my (cheap) keyboard, the keys in each successive row are tilted a little bit more. It looks a tad odd when rearranged, though I, truthfully, can't tell the difference while typing. Also, the transition isn't all that hard if you can touch-type, as long as you never have to look at your keys. I can't really comment on increased speed, as I have not even finished the tutorial yet. Still, it's quite fun to see the expression on your friends' faces when they try to use your comp. ;)

Auknight Colather
-----------------
"Go placidly amid the noise and haste, and remember what peace there may be in silence. As far as possible without surrender be on good terms with all persons. Speak your truth quietly and clearly; and listen to others, even the dull and ignorant; they too have their story." --quote from Desiderata

A while ago, I had a sudden urge to change something hardware on my comp, and, since I didn't exactly have to money to buy a new K7, I decided to try a dvorak keyboard. After a half-hearted attempt to find one in local stores, I found out I could remove the keys on my keyboard. So, as a weekend-adventure, I laboriously plucked each key from my keyboard (with the help of a screw-driver), and put them back in according to a picture of a dvorak keyboard I had found. I then did a "loadkeys dvorak.kmap" and started out a tutorial I found on freshmeat. It works great. The only real side-effect: a somewhat "hilly" keyboard. At least on my (cheap) keyboard, the keys in each successive row are tilted a little bit more. It looks a tad odd when rearranged, though I, truthfully, can't tell the difference while typing. Also, the transition isn't all that hard if you can touch-type, as long as you never have to look at your keys. I can't really comment on increased speed, as I have not even finished the tutorial yet. Still, it's quite fun to see the expression on your friends' faces when they try to use your comp. ;)

Auknight Colather
-----------------
"Go placidly amid the noise and haste, and remember what peace there may be in silence. As far as possible without surrender be on good terms with all persons. Speak your truth quietly and clearly; and listen to others, even the dull and ignorant; they too have their story." --quote from Desiderata

Another good resource for new users is http://www.linuxnewbie.org/ which is home the NHF (newbieized help file) and has web-based dicussion forums.

Other good resources for hard-to-find info are http://www.deja.com/ (a usenet search engine), http://www.google.com/ (THE search engine), and http://www.freshmeat.net/ (the canonical software search engine) .. Freshmeat itself doesn't necessarily have the info, but the software packages for any given type of application tend to have useful links. For instance, the xawtv site that I found by searching freshmeat had the drivers necessary for the WinTV 401 card I recently configured, and the cdrecord site, as found on freshmeat, has a ton of useful cd burning resources.

Question: Using CT, how easy or otherwise is it to bring down or attack vital systems?
Answer: it depends on the skill of the cracker and how well setup the systems are. 2 things to keep in mind:
1) a lot of near-essential systems will have few cyber-defenses, and could be easily brought down. Though this might not result in the loss of life that is commonly desired by a terrorist group, it will serve to decrease moral in the populace, something any terrorist group should want.
2) any networked system is potentially vulnerable. no matter what. It might be really, really tough, but some random person in a random part of the world can take it down.

Question: What sort of skills would be needed to do so, and are they common/teachable?
Answer: You need to know about the OS of the system you wish to attack. you also need to know about networking. go to the bookstore and buy the appropriate books, go to your local community college, or read the appropriate docs online to learn this.
You need to know common exploits for systems. There are maillists and websites full of info on how to bring down NT and Unix machines. read bugtraq.
You need to know how to develop your own buffer overflows trojans, virii, etc. This requires a level of programming knowledge and intricate OS details. Again, buy books or refer to docs online.
If you have a really smart terrorist, s/he could learn all this in a few really intensive months by only reading docs found online.

Question: Commercial-off-the-shelf software: can it really do CT?
Answer: There's no need to buy commercial software, though yes, it can do CT. Use Linux or a BSD variant. other OS's are easily gotten from WAREZ sites. all the software you need is open source, see http://www.freshmeat.net also see the warez sites if you really need MS Word for some reason.
The utilities you'll need are packet sniffers, telnet clients, some compilers (C, Perl, Cobol, others?), text editor, oh, i guess an OS would be good (use OpenBSD !) all these are free.

Question: Which systems are actually attackable?
Answer:heck if i know, that ain't my bag. but if i did know, i probly wouldnt say. that would just be plain wrong.

Question: Can a recovery be made from such attacks?
Answer: If the system is setup correctly, yes. Generally, consider your disaster preparedness. a Serious terrorist cyberattack will be no worse than a major earthquake. If all your computer systems are destroyed, how readily can you recover?

Question: Is it likely to improve/get worse?
Answer: The faster we move to computerize/internet everything, the worse it will get. Once the average intelligence of sysadmins/programmers has a chance to catch up, it will get better.

Question: What sort of preventitive work would you recommend them to carry out?
Answer: Read the various docs on security for the systems you are running.
Don't allow internet access to your most important systems. not through a firewall, not through triple encrypted vpn's, not through special dialups, networking procedures, or anything at all.
use ultra paranoid techniques, like surrounding your most valuable systems with copper/lead rooms (keep in mind TEMPEST and EMP's) and not trusting any one person with full access to anything. Keep up to date on all new technologies and emergent ones, as well as new exploits - read bugtraq.
Keep backups, and keep some in secure locations off-site.
Perform security reviews on a regular (monthly or more) basis.
and, of course, BE PARANOID

Finally, keep the Simple techniques in mind:
one person with a backhoe can fuck shit up bigtime. Three coordinated people in different parts of the country can do worse.
Cost of attack:
Rent 3 backhoes for a few hours: $900
Determine where to hoe: 10 hours research time
and it would be easy to get away with as well.
This is based on a real incident where some workers accidentally tore up a fibre optic cable and put a bunch of ppl/companies off the net.

-f
frisco@peruano.org
http://www.perauno.org/

Anaconda kicks much tail.

Does anyone else notice a pattern here?

• Anaconda
• Asp and Asp 2
• Boa
• Bushmaster
• Caiman
• Cobra (Mk I and Mk III)
• Copperhead
• Coriolis
• Gecko
• Krait
• Mamba
• Python
• Sidewinder
• Viper 1 and 2
• Worm 1 and 2

Nominating companies or applications to match Hognose, Dodo, and Thargoid is left as an exercise to the reader.

Anaconda kicks much tail.

Does anyone else notice a pattern here?

• Anaconda
• Asp and Asp 2
• Boa
• Bushmaster
• Caiman
• Cobra (Mk I and Mk III)
• Copperhead
• Coriolis
• Gecko
• Krait
• Mamba
• Python
• Sidewinder
• Viper 1 and 2
• Worm 1 and 2

Nominating companies or applications to match Hognose, Dodo, and Thargoid is left as an exercise to the reader.

Okay, immediately after reading this, I surely thought this was some sort of pop-up window as a joke. Wow, Sun must be psychic.

-Dave

At least with PacBell DSL is extremely Linux friendly and highly supported. I saw this on freshmeat yesterday if it's of use to anyone.
AOL IP Tunnel client for Unix 0.5
AOL now owns netscape, ICQ and Winamp... so far there hasn't been any "major" consequences. AIM coming with Netscape? Kind of a bummer, but easily avoidable.

There were so many - "An admin can not be expected to read mailing lists for 2 hours or more a day to keep up with security issues with his/her out of the box linux distributions" threads I got sick of it and desided not to respond directly

First off - if your handed even a SINGLE let along HUNDREDS of computers to admin that have a network connection - and your not at least subscribed to the announce mailing list from your respective vendor -- then you deserve to be hacked and then fired to return to your much more realistic job fliping burgers down and your locak fry shack

Secondly - redhat -- or any other rpm based system -- is NOT hard to keep updated to the latest security fixed packages. The first thing you need to do when you install any system is unplug the network cable. You don't need to have it pluged in to set up the network, unless your doing a network install - and you just unplug it once you get finished and have a login prompt. You can then either go download via another system the entire updates dir for your vendor and then use something like a jazz disk or zip drive if your uber paranoid.

Personaly I do almost all my redhat installs via a T1 and the ftp install option, then install autorpm from disk - or if I'm feeling lucky I leave the network cable pluged in and download it from the net. Then I set it to install automaticaly each night any new rpms from the updates dir for my version, save things like the kernel and libc, and you can even set it to check the package sigs.

So by the time I come in and read a bugtrack post - in this case the cron exploit - it's already been patched.

Now the paranoid among you will say that this then could leave you open to spoofing or somone hacking redhat or another vendor and trojoning everyone.

A] That's just as likely as to happen to MS with it's NT service packs. And it's happend before with a few open source packages. But due to the checksums and the sigs on the packages being off - it was discovered after only a few people had downloaded them.

B] You can set it to download, but not install - and it e-mails you a nice little note to read in the morning when you come in that there are updated filesm, and you can then search the bugtrack list for what was wrong with the old version - or hopefuly you already have mail waiting from the announcement e-mail list giving you the details.

This is exactly what happend with all my redhat boxen when this exploit came out, they automagickaly upgraded and e-mailed me about it, read the security e-mail from redhat and finished my coffee and went back to work.
--
James Michael Keller

Not to be redundant, but there are a couple of solutions that are out now, and are working. YAMS is currently available (under the GPL), is in use at the ScreamDesign store, and is being actively developed. Minivend, opencart, MySQLShopper, Webshop and a grundle of others show up in a search of freshmeat.

When OpenSales becomes an opensource package, it will be interesting to see how much cross pollination occurs -- and which packages shake out at the top of the pile.

Here's a *gasp* GPL'ed decompiler for Java, of all things: Homebrew Decompiler. I came across it while searching for GPL'ed software on Freshmeat. The annoying thing comes in when you decompile something, you just get the straight source.. no comments. Because comments and what have you are stripped out during compile time, for hopefully obvious reasons.

Of course, if you're bothering to decompile something, chances are likely that you're doing so because you know code inside and out. If not, the added benefits comments give to code readability are /really/ going to hit home.. and how.

Don't know. I've never used them for writing XML.

Do a search for XML at FreshMeat and test some of the implementations out. If they don't have support for the reliability mechanisms you state, request or add them yourself.

I believe most of these libraries just generate the XML text and more or less rely on the application to write it out to file, so you pretty much have as much control to be as reliable as you want.

A libxml already exists. In fact, most languages already have some sort of library support for XML.

The support is there, the libraries are there. It's just that there's no "config file standard" yet and developers haven't really looked into it.

A libxml already exists. In fact, most languages already have some sort of library support for XML.

The support is there, the libraries are there. It's just that there's no "config file standard" yet and developers haven't really looked into it.

In haste to make my comment I didn't think about the programmers releasing thier code under the GPL and then having some commercial company take it and close the source. In actuality though if it is released under the GPL you can find the source either on Freshmeat or by your own means. Whatever...

There's Qui-ne-faut. I haven't studied it in detail, but on a trial run it was at least isolating character shapes well (though the actual identification of characters from them left much to be desired - probably there's some training needed).

With credit card processing there is a bank network that you need to connect to somehow. The most traditional method is a modem built into a credit card terminal (what you see next to the cash register in brick-and-mortar stores).

Obviously, actually typing in credit card numbers manually is way too much work for an online store, but you still have to connect to that network somehow to do the processing.

Method #1: A modem hooked up to the computer. This is that CCVS and OpenCCVS like to do. (You could also do this with a leased line, but you'd need to be processing a *lot* of transactions to justify a leased line.)

Method #2: Connect over the internet to somebody else that does the connection to the "clearing house" for you. This is what CyberCash does. (CyberCash also has their own "cash" that customers can use, which is much better for small amounts of cash per purchase.)

I've dealt with CyberCash to some degree or another at two different jobs. Once you've got it set up, it's okay, as long as you don't have large volumes to work with. Cybercash has two basic problems. First off, it does everything over the internet, so it is at most as reliable as the internet. Secondly, it uses HTTP over TCP to perform the transactions. What this all means is that any kind of problems that occur will tend to leave you unsure whether or not the transaction has actually gone through or not. With older versions there was a database on your end that kept track of transactions that could get out of sync (with the fixes involving direct modification of the database) with their version of things. Newer versions of their protocol have "fixed" this problem by moving the database to their end. So if you deal with maybe one charge an hour (or 10 an hour, whatever), CyberCash will generally seem okay. When you have to deal with batches of about a thousand charges once a month, the problems start to become intolerable.

My suggestion: investigate the various options that involve your computer dialing the clearing house itself. Make *certain* that the software is capable of using a queue in an intelligent fashion (ie, if it has two charges waiting, dialing once to clear both), make sure the software has *some* way to handle more than one modem (if it comes to that) and try hard to find a bank that you can use ISDN with. (Since ISDN connects almost instantly)

(Note: I think Cybercash does have one competitor, but I don't think they support Linux yet and I suspect they'll have the same basic unreliability of the internet problems that Cybercash does)

They're package management system has lagged behind Red Hat's due to lack of developers for a while.

Has it? Is there a feature in RedHat's system allowing you to automatically update from a server? (I honestly want to know, I'm not trying to start a flameware here). That feature is one of the major reasons I use Debian.

I don't belive there is a need for this feahttpture to be rolled into the rpm codebase. autorpm is quite good at pulling updates from a distribution company web site automaticaly. It's quite good at keeping an rpm based system up to date from any number of mirrors ( handles mirror rotations and such).

With other utilities such as rpmfind and the very useful rpm database at rpmfind.net, an admin of an rpm based system has all the tools they need to manage the system.

OMNSHO, a system to act as a front end to all three would be an even better boon to the community.
--
James Michael Keller

They're package management system has lagged behind Red Hat's due to lack of developers for a while.

Has it? Is there a feature in RedHat's system allowing you to automatically update from a server? (I honestly want to know, I'm not trying to start a flameware here). That feature is one of the major reasons I use Debian.

I don't belive there is a need for this feahttpture to be rolled into the rpm codebase. autorpm is quite good at pulling updates from a distribution company web site automaticaly. It's quite good at keeping an rpm based system up to date from any number of mirrors ( handles mirror rotations and such).

With other utilities such as rpmfind and the very useful rpm database at rpmfind.net, an admin of an rpm based system has all the tools they need to manage the system.

OMNSHO, a system to act as a front end to all three would be an even better boon to the community.
--
James Michael Keller

That is not entirly accurate I get lots of traffic on my site http://www.dtheatre.com and I have no problem I have been featured on Freshmeat and other high traffic places and all I was running was a 233Mhz system and I withstood all the hits and passed with flying colors I also had http://blairewitch.com hosted on the same box which was getting 6000+ hit's a day while I was getting freshmeated. I also used to have a dual Xeon system up there and the only differnce is in the database retreival with mySQL. But the RAM will make a noticable difference as well as the connection (I have DS3).
-------------------------------------------

I really like slashdot. It's a great site for reading news about stuff that I'm interested in. Every now and then, though, I run across a meaningless story like this one. These stories belong on freshmeat. Slashdot is "News for Nerds," not new applications for nerds. Guys, stick to what you're good at, and let scoop do what he's good at.
--

SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist.

Other good points about SSH: it's from Finland, and the source should compile on all of the systems you've mentioned. SSH is at ssh.fi. Or, you could skip their icky web site, and just search at Freshmeat.

Hey, hold on a second. I don't want all my protocols stuck behind one interface! Is that what the browser is supposed to do? I don't even like the fact that browsers handle FTP and E-Mail links unless you go through an obscure procedure to direct them to other clients.

I sugggest that it is time for universal Internet applications messaging standards (between a user's set of apps, not between computers). It should be simpler than browser Plug-In's. It should be universal unlike ActiveX, OLE, and even COBRA. I don't want to hear it about how you can compile COBRA components on any platform. My wristwatch just won't do COBRA any time soon. It should probably be TCP/IP only so that you can do distributed applications and cool stuff like that.

Here's an idea. Let's see a core component that processes URI's and coordinates Internet information between clients that know how to handle HTTP, FTP, SMTP, IRC, Real Time Messaging, Telnet, SSH, ad infinitum.

The URI is the most powerful identifier, and I am very dissapointed that more applications do not use it. I.e. the notion of

protocol://user:password@host:port/identifier?para m=value

is the most powerful tool anybody has to locate information or services. It works for every applicaiton and every protocol. Imagine if the following links all worked:

http://www.slashdot.org/index.pl
ftp://ftp.freshmeat.net/pub/
irc://JoeSchmoe@irc.slashnet.org/#blah
pop3://JoeSchmoe@mail.myhost.com/Inbox /20323
You get the idea....

Maybe it's just me, but I don't think that Mozilla will ever become my IRC or messaging client of choice. Not that I have anything against these projects. I like to see them. I just think it would be more useful if someone did something like I have just described. If I could code, I would do it.

~GoRK

The things you're talking about (new releases of distros, etc.) are better served at freshmeat.net.

The LZW patent covers compression and perhaps decompression of data with Welch's algorithm. If your code decompresses and recompresses the data, it is arguably covered by that patent (aside from whether the algorithm can be patented at all).

If you are doing an image counter, for example, then extract the LZW part (GIF image block) from legally created digit files (one digit per image block) and construct the whole GIF for a counter using multiple image blocks in the one GIF file, with horizontal position offsets. There, you didn't do any decompression or compression.

If you can get image in a raw format, then generate LZW-free GIF, or just start using JPEG or PNG. If you need animation with that GIF, I wrote angif which you might want to use.

Whatever you do, just avoid doing any LZW compression or decompression.

foo!
I just released a C library that generates animated (or if you want, 24-bit true-color that really works on browsers) GIFs that are LZW-free.

I wrote this email to the contact listed on the press release. Hopefully someone important will read it, but probably not.

Hi, I am writing to you in response to a press release from David Bowie's official website at this address on August 30th. The Outside Org website is listed to obtain more information at the end of the release and on David Bowie's page on Outside Org, this email address is listed as the contact. Forgive me if I am directing this to the wrong place and I would appreciate it if you could forward to the right person.

While I certainly believe that digitally downloaded music is the far, if not near, future of music, I am disappointed with David Bowie's (and/or his record label's) decision to release his album in only Liquid Audio and MS Audio, encoded with SDMI. I, along with many other consumers, would have preferred the open and flexible MP3 standard, which started this digital music revolution. Because anyone is free to write an MP3 player and anyone is free to write an MP3 encoder (as long as they do not use a patented algorithm) without paying licensing fees, there is a much wider selection of MP3 players for a wide variety of computer systems. Personally, I use the open source Linux operating system, for which I believe there is no Liquid Audio or MS Audio player. A quick search on the de facto website to get Linux software (Freshmeat), reveals no matches for "SDMI" or "Liquid Audio" (I also looked at Liquid Audio's official site which only has players for Windows and Macintosh), while almost 100 matches for "MP3". This includes MP3 players, encoders, and graphical frontends which make it simple for people to create MP3's from their own purchased CDs. Without a doubt, an MP3 release would enable many more people on different hardware to have access to David Bowie's music. Not only is it wrong to force people to deal with one or two companies (in this case Microsoft and Liquid Audio) as the sole source for a certain format, it is also bad business. While the technically superior Betamax was held tight by Sony, the open VHS standard won the consumer war. I expect that formats such as Liquid Audio and MS Audio (and maybe even SDMI, though it is open) will fail in the same way.

There is a concern growing in the traditional record industry that downloadable music is more subject to piracy than normal purchased CD's and that a secure, encrypted standard that only allows play only on one device is necessary for commercially released music. This is wrong for, at least, two reasons. First, most of the music available illegally in MP3 format was not originally downloaded from a website. It was originally purchased on a CD and then encrypted to MP3 and put on the internet. There is no way to stop this from happening. If you release your album on a CD and it is popular, it is subject to being encrypted into MP3 and put onto the internet. In fact, if you ever intend for music to be listened to, then it will always be technically possible to copy it. Secondly, as fast as new "secure" formats are being created, they are being unsecured. Read this article about Microsoft's WMA format being cracked for evidence of this.

While there will always be some people who insist on pirating music, the majority of consumers simply don't have the time for it. It usually takes more than $15 worth of effort to find a CD that you would pay $15 for in MP3 format illegally on the web, especially if you want a certain CD in particular. When given the choice between affordable, easy-to-use, downloadable music in a popular format from reputable companies and illegal, hard-to-find from who-knows-where, _most_ consumers will pick the former. By using non-open standards to release digital music, such as Liquid Audio and MS Audio, and using encryption such as SDMI, you are simply making it harder for consumers to get and enjoy legal music.

There are also some interesting "facts" about David Bowie's involvement with digital music and how he is the "first" to do this and the "first" to do that. He is most certainly _not_ the first major recording artist to release an entire album online (some have even made some albums available _only_ online). Check out Emusic for this. Some of the more notable artists are Frank Black (former lead singer of the Pixies and a guest at Bowie's 50th birthday bash, where he performed with Bowie on stage at Madison Square Garden) and They Might Be Giants. But press hype is what it is. I suppose I should expect it.

Despite of this, I am a very big fan of David Bowie. I will buy his new album, though not online, because I couldn't listen to it even if I did. I will wait for the CD and encode it myself into MP3 format so that I can listen to it through my computer and on a portable MP3 player. I hope that in the future he will realize the demands of market and use an open standard that is available to everyone.

I agree that EROS has a very interesting design. There are a number of things that I would look at tweaking, but the core concepts are elegant enough that I think it should be given a hard look by OS architects.

Another interesting, although still experimental, approach for making Linux more secure is the LOMAC project.

Better yet use downtime and figure it in percentages rather than time since last reboot. It'll keep you honest and not desperately grasping for 100, 1000 or 10000 days ;-> uptime.

Info is hardly userfriendly, but fortunately somebody (Przemek Borys from Poland) made a more usable browser for it: pinfo. It feels more or less like lynx.

I think this is true. The sites I usually frequent on a daily basis are:

Slashdot has the Nerd news, of course...
Linux.com has great Linux news, tuning tips, articles and other stuff...
Themes.org has great themes for all the Window Managers, gtk etc...
Freshmeat just rocks when it comes to the latest in applications.

If I go to any other site, it's usually linked off of one of those. *grin*