Slashdot Mirror
Slashback: Snapshots, Amends, Bazaarity
Microsoft is just as secure as the competition, says Microsoft. Jon_E writes: "According to this article Microsoft is responding to the Gartner Report which recommends that enterprises drop IIS by claiming unfair targeting due to their popularity."
Whether because of better-trained or more vigilant administrators, or some other factors, the Apache servers running many web sites certainly haven't seen the devastating outages in the past month (Code Red, Nimda) as certain large IIS installations have.
If animated, this might make a really good Saturday cartoon. cconnell writes "Last September, slashdot published my critique of Eric Raymond's essay The Cathedral and the Bazaar. There was a lively (and sometimes scorching) discussion that followed. Here is Eric's reply to my critique, which Slashdot readers might enjoy. And here is my reply to Eric."
This was not faked in the same studio as the "lunar landings." mrsmalkav writes "Deep Space 1 has passed by Comet Borrelly within 1400 miles and took some very pretty pictures of the comet's core, all while collecting lots of data about said comet. NASA's press release discusses some of the details and findings of the flyby.
This is actually really impressive given that there was very little hope for this mission. From the Mission Logs on DS1's site, '[T]o be honest, DS1's visit with the comet simply is unlikely to work as well as we hope. Many mission logs have described the difficulty of keeping this aged and wounded bird aloft, and the encounter with Borrelly will present Deep Space 1 with the greatest challenge yet in its historic trek through the solar system.'"
Saint Aardvark writes "Space.com has an article about the images taken by DS-1, and they're stunning." And eldurbarn points to the NASA Images of comet Borrelly online at JPL.
How to satisfy customers with license objections, Part II brtb writes: "Soon after Slashdot posted my DiscZerver-GPL writeup last week, xStore added a link in their Download section for information about the use of GPL software in their products. Below is the e-mail I received in response (address changed to protect the spamless). Congratulations to xStore for supporting Free Software and bringing the DiscZervers into compliance with the GPL.
From: "Support" [support@xstoreonline.com]
To: "brtb" [slashdot@brtb.org]
Subject: "RE: GPL SOURCE CODE"xStore is committed to complying to the full letter and spirit of the GPL. We are currently investigating the allegations of non-GPL compliance and communicating with the GNU.ORG and Free Software Foundation on this issue. We will produce a response to your request that is mutually acceptable to the copyright holders of the programs we have used that fall under the GPL and xStore itself. Due to the recent acquisition of this product, we are still in the process of preparing the required source code for distribution. xStore is commited to bring the DiscZerver product into GPL compliance, if it is indeed found to be not in compliance.
In the meantime, please provide xStore with information so that we can send you, the user of this product, the package that you are entitled to. Please provide the serial number of your DiscZerver product and the 'system page' with your response. The 'system page' is located at [http://your_Zerver_name_or_IP_address/admin-cgi/s ystem]. In addition, please send us a self addressed stamped envelope suitable for mailing a CD-ROM along with $14.95 to:
xStore, Inc.
Federal Highway Center
1200 North Federal Highway
Suite 200
Boca Raton, FL 33432After we receive your written request along with the above items, we will process it and promptly send you the disc when it becomes available.
This thanks to the mostly behind-the-scenes work of people at the FSF. Congratulations to xStore for respecting the intent of the programmers whose work they're consolidating and packaging.
Just out of curiousity...how does this engine work...what principles of physics does this satellite use and what would it's benefits be?..first time I heard of one is when I found that's what powers TIE fighters
: ) - It's true...TIE = Twin Ion Engine
----------
ah honey, we're all resplendent - Bill Mallonee
This is simple physics, boys and girls.
First things first, you need a spacecraft as light as possible. Anything not needed goes away. Basically, you're left with the instrumentation, the navigation, the cameras, solar panels, batteries, and a couple of sizeable tanks of xenon.
Yes. Xenon. The heaviest non-radioactive noble gas.
Now, xenon is normally inert like other noble gases. I mean, there are no natural compounds containing any noble gas because they have no natural need to enhance their electron shell configuration.
However, xenon is pretty large (as atoms go) and, given enough juice (courtesy our light and ability to live, the sun, hence the solar panels), you can ionize xenon. You can strip off an electron or two and it's useful (For example, the compound XeF6, xenon hexafloride. What it's good for? Dunno. Still doesn't change the fact it exists.) More importantly, it's charged and can be directed.
Then, it's a simple matter of a small aperture (which can be directed), a positively-charged grid, and the xenon leaves in the direction opposite the spacecraft goes.
Don't expect this to power any spacefighters, however. At full power, the force this produces will barely move a piece of paper in front of it. The beauty of ion engine, though, is that because in space, inertia isn't hampered except by collision or a gravity field, this little bit gets larger as time increases. It's not much force, but given time it gets zooming.
I used to be someone else. Now I'm someone better.
Real life is underrated.
According to The Register, their reaction also includes the following:
Timeo idiotikOS et dona ferentes
Could we, in fact, turn a Disney DVD into a terrorist tool? Has it already been done? Should we be encouraging Congress to ban the CSS encryption scheme because it could have been used in such a way? Interesting questions, no?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Actually, the they switched everything over to .99 and .95 with the invention of the cash register, the idea being to force the cashier to open up the cash box to retrieve change, which makes it much harder for them to pocket the cash for themselves without anyone noticing.
"Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
This is taken out of context - the quote refers specifically to the Hotmail hole that allowed the reading of a specific user's mail. The quote has nothing to do with IIS as the hole is due to the poor design of the CGI backend. In other words, the Hotmail hole would have existed irrespective of the underlying web server.
Accept Eris as your Fnord and personally sate her
Okay, it's time to debunk the M$ admins are lazy myth a bit..
:-P Perhaps if I had a nice farm of 600 identical boxes, I'd be a perfect admin. This is life, folks. Get on with it without making the comments -- without understanding the other side of the fence.
Here's my work environment -- the products that I'm supposed to install, after I've chosen the hardware for 700+ desktops, and maintain, after writing policies and ops documentation.
Exchange (10) Servers, IIS (7) Servers, MS-SQL 6.5 and 7 (5) servers, Metaframe/NFuse (4) servers, RAS, VPN, 45 NT servers for general ops of all this stuff, a couple of Debian boxes for internal DNS, FreeBSD running MRTG, Nessus, etc, perform 2nd level support for 8 clueless admins and 6 semi-knowledgable ones. Additionally, let's not forget the "uhh, how do I do a word merge", boss ranting about multicasting (for which I am going to modify configs on 12 cisco Routers and godonlyknows how many switches), write policy and operational documentation for all of this. Manage the "network consultants" than run DNS, e-Trust and FW-1, provide support and knowledgable comment towards a $2mil software app development process in terms of "net and O/S", deploy 2000 server *sigh* next month and ensure that everyone makes a backup occasionally. (play nice with audit, 20 mangers and two other organizations [1 that owns us, 1 that we own]).
If *ANY* of you suckers handle all that daily, and still have time to mess with patches on a regular basis, I'd love to see you in action. This seems to be quite a common scenario for a lot of mid/small size companies, in my experience.
I'd love to live in your dream world. People wonder why I'm an alcoholic.
I did realize about three months before codered that we were a screaming hole for IIS exploits. Do I have time to cull through 30+ patches and tinker with which are appropriate to apply? Nope. Result: Nimda runs rampant still this week because I've been stuck in innane meetings all day.
Now: Suppose your boss is used to having a mini-vax, and asked for CPU usage reports by dep't and individual last week. Do you see the uphill battle? We're young. Management in a small/midsize company isn't likely to even understand what they have running, less what should be paid attention to technically. Politics, Politics, Politics all day long. Yay! Well, I guess of the rest of the world got messed, it's okay that we did too.
Have fun admin'n your two Apache boxes. Good Night.
No troll indended, it's just a rant.
S.
I have been thinking about this as well as one of the places I do contract work for is getting pounded daily with Nimda and Code Red I/II attacks as well. Since the box is running Linux, the attacks don't matter but I have been wondering if there is some way that a sysadmin could take advantage of these requests to stop the attacking system.
Various people have mentioned writing a white hat virus that would shut down the attacker and all that - but in reality that just puts you in the same boat as someone attacking their system - and its therefore illegal.But if someone's computer makes an http request for a file from my server, am I responsible if what they get is not what they might expect to get?
What if I was to create a file consisting of nothing but the letter X that was, say, 1Gb in size, and leave it on my linux webserver with a name like "root.exe"? It wouldn't take all that many requests for the attacking system to run out of HD space. Granted service on my server might suck for a bit, but eventually if enough linux admins did this the target systems would simply shutdown for lack of swap space or HD space or whathaveyou.
Or perhaps I tell Apache to treat .exe files as PHP files and process them accordingly. Then I create a PHP script that sends prints nothing but Xs or random numbers in a long string back to the requesting server (with the execution time limit for PHP turned off). It would be like 5 lines of code total.
After all, its my server, so presumeably I put the file there for my own purposes, indicated in robots.txt that I dont want it indexed etc. If some other system makes a request for that file which I have in no way indicated is present on my system, isn't there fault/problem if the file is too big, or causes problems at their end?
I am sure the clever folks at /. could think of other things that could be done in this manner.
Just food for thought, and I would love to see some suggestions...
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid