Slashdot Mirror
Slashback: Vista Rewrite, Tuttle Travesty, Mac Botnets
Microsoft denies Vista rewrite. moochfish writes "Contrary to a heavily doubted feature earlier this week, Business 2.0 magazine reports that Microsoft will not be rewriting large portions of its operating system. From the article, 'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.'"
Tuttle Oklahoma city manager still doesn't get it. gEvil (beta) writes "The Register has posted a followup to this past week's wonderfully humorous story about Tuttle, Oklahoma's technically inept city manager, Jerry Taylor. It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.' He sent an email to the Register's marketing team asking that people stop emailing him and making fun of him."
MS Virtual Server Slips and VMWare fills in the gap. nizo writes "On the heels of the announcement that Microsoft Virtual Server is slipping to 2007, VMware has announced the beta release of the VMware Virtual Machine Importer, which has the capability to convert system images stored in 3rd party formats (including Microsoft Virtual Server images) to VMware virtual machines. The good news is VMware released the importer as a free download."
Samsung execs plead guilty to price fixing charges. bdotcdot writes "Electronics News is running a story on Samsung executives who have plead guilty to the price fixing of DRAM. From the story 'According to the one-count felony charge filed in federal court in San Francisco, at various times during the period from April 1, 1999, to June 15, 2002, these three Samsung employees conspired with unnamed employees from other memory makers to fix the prices of DRAM sold to certain computer and server manufacturers in the U.S., in violation of the Sherman Act. The conspiracy directly affected sales to U.S. computer makers Dell Inc., Hewlett-Packard Company, Compaq Computer Corp., International Business Machines Corp., Apple Computer Inc. and Gateway Inc., the charge said.'"
Tux in retail part 2. silentbob4 writes "Mad Penguin brings us the second and final installment in their 'Tux in Retail' series, in which they interview Linspire CEO Kevin Carmony; Xandros CEO Andreas Typaldos; Mepis Linux founder Warren Woodford; and Kevin Jones, Micro Center Vice President of Merchandising, to get their take Tux's jump into big box retail. The first installment was run as an earlier Slashdot article."
Renewed bid to register Linux trademark in Australia? daria42 writes "A renewed bid to register the word 'Linux' as an Australian trademark must meet an early April deadline or face defeat." From the article: "'The deadline to file a response to the Examiner's rejection has not yet passed, and LMI and its attorneys are still determining if they will respond,' a spokesperson for the body told ZDNet Australia in an emailed statement."
OpenSPARC.net, shades of the past. Andy Updegrove writes "In what must have seemed to many as a bold move, Sun Microsystems recently announced that it would release the source code for its UltraSparc T1 processor under the GPL, supported by a new organization that it calls OpenSPARC.net. But to those that have been around for a while, the announcement had an eerily familiar sound to it, and that sound was the echo of an organization called SPARC International. Formed 18 years ago to license the SPARC chip design to multiple vendors to ensure second sourcing for the hardware vendors that Sun hoped would adopt it, SPARC International seemed to be every bit as revolutionary for its time as Sun's new initiative does today. Motorola launched a somewhat similar group called 88open to support its own RISC chip design, and later IBM, Motorola and Apple launched the PowerOpen Association to promote the PowerPC. The Websites of the PowerOpen Association and 88open are long gone, and seem to have escaped even the WayBack Machine's reach. But SPARC International's site, looking very retro and neglected, can still be seen - at least for now."
Follow up on Mac botnets. An anonymous reader writes "Washingtonpost.com has an interesting follow up to skeptical claims as a result of a previous Slashdot story. Mac OS X systems have indeed been spotted in botnets, thanks largely to several worms going around that take advantage of Web-based applications running vulnerable PHP software. From the article: 'By leveraging this PHP flaw, the attackers were able to seed the Mac systems with several tools designed to turn them into drones for use in waging destructive distributed denial of service attacks.'
And they usually come from the same place, as the followup notes:
/tmp or /var/tmp. Perhaps they'll install a php shell too. Sometimes, they'll try to run a rootkit against the local machine.
A php-based web application (forum, blog, CMS, etc.) that has an exploit, usually php injection, whereby various script/botnet kiddie tools and irc-related items are installed, usually in
This is nothing new, and doesn't really have anything to do with "Macs". It has more to do with php and people not keeping their php-based web applications up to date than anything[1]. It is interesting, though, that since Mac OS X is essentially a UNIX, that it's certainly vulnerable to a whole slew of this family of exploits.
[1] Just as a Mac sitting on the internet with apache and ssh open doesn't really test anything beyond the security of the default configurations of apache and OpenSSH on that OS and architecture. And that's exactly the point.
It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.'
Yeah, the publicity isn't so great when it's not the local ABC affiliate oohing and aahing over your latest plan to put a new tree in the city park, is it?
More like VMWare rocks and MS Virtual Server remains irrelevant
Email him a tinyurl warning him that Tuttle's site has been coopted by an outside suspect, likely terrorist-affiliated organization.
I'm not saying there is any truth to the 60% rewrite figure, but if I wanted to verify it I woundn't ask an on-the-record PR guy. Blogger: So is Vista in the shitter? PR guy: Sure is Ken. (seemingly from nowhere a chair hits the PR guy)
by the way, php also runs on non-unix machines too... I think even windows is included in the supported platforms list.
Did anything at all come out of those two efforts? Even old designs might be useable for a starting point on FPGA projects ..
---- Booth was a patriot ----
I sent this to the city manager. I have not yet received a reply.
Sir,
I appreciate that you were frustrated that your city website was
non-functional, but it appears to me that the people to whom you
complained were not responsible, and that the tone of your messages tended
to be combative.
The folks from CentOS were being polite and helpful, based on my read of
the messages. I believe that you owe them an apology. they had
absolutely NOTHING to do with the problems you experienced, and tried to
assist you anyway. For you to respond with "I am sorry that we had to go
through the process and accusations to get the problem resolved" They did
nothing wrong. You accused them, and frankly it was uncharitable on your
part.
Please extend an official apology to those folks at www.centos.org. They
deserve it.
Please also note that I am not affiliated with CentOS in any way (except
that I use their Linux distribution quite happliy.) I read about this
spat on a technology-focused website known as slashdot
http://www.slashdot.org/
Respectfully,
But Herr Heisenberg, how does the electron know when I'm looking?
Is that this guy just still hasn't got a clue..
Now I am being flooded with emails from CentOS users that after knowing the answer say the problem was simple.
What I can't stand more than anything is someone that can't admit that they were wrong, even at this stage of the game.
Don't Tread on Me
Lets assume that Vista is as few as a 1000KLoc - (I'd bet another order of magnatude personally) That implies 600KLoc of new code written, tested debugged, etc. in 6 months. Uh - NO operating system development isn't that fast. I am not even sure I would buy the line that the current Vista codebase is 60% new/changed from XP (RTM - not SP2, patched to heck)
I have mod points and I am not afraid to use them
The URL for VMware Importer beta is wrong: It should be: http://www.vmware.com/products/beta/vmimporter/
Just as a Mac sitting on the internet with apache and ssh open doesn't really test anything beyond the security of the default configurations of apache and OpenSSH on that OS and architecture. And that's exactly the point.
Except when the OS in question is Windows. Then it is the personal shortcoming of William "Retardy Boy" Gates and Steve "Fucking Kill Them, I Swear I Will Fucking Bury Them, Eric Schmidt Is A Fucking Pussy" Ballmer.
But seriously: don't you think that we notice all the Apple-apologists around here? Of course we totally believe that you are absolutely not astroturfing for your master Steve "The Rim" Jobs and his iCockslaves.
If only VMWare saw their consumer product as more important than their server product. Virtualizing a 3d graphics card or two would be nice.
How we know is more important than what we know.
Mores the pity...
I was under the impression that opening up the design of the UltraSPARC T1 was partly just to bolster interest in it (and it really is an incredible design from a hardware perspective) and partly just to allow people like EE and computer architecture students, along with hobbyists and engineers, to understand how it actually works at its most basic level. Although I realize i'm in the vast minority, as someone that actually DOES do microprocessor design in their spare time (I just completed my first working CPU design!), this is a really cool thing for them to do. I'm still learning verilog, but I would definitely like to look over some of their design docs and source sometime! I hardly think their goal is to get other people to build their own T1 processors though.
I'm perfect in every way, except for my humility.
More like VMWare rocks and MS Virtual Server remains irrelevant
Oh because it's an MS product.
Why is everyone on slashdot so misinformed?
VS is the largest thing to come by virtualization in a long time and you'll poo-pooh it regardless.
When it ships, and when it rocks and everyone's using it, Slashdot will simply forget about it.
city manager at citymgr@cityoftuttle.org,
mayor at mayor@cityoftuttle.org.
Enjoy!
It's also worth noting that the exploits are against 'PHP applications' and not PHP itself.
I can't count the number of terrified middle managers who scream bloody murder to me about PHPNuke or PHPBB bugs, thinking that the flaws are in PHP itself.
Again, this boils down to keeping your software up to date. Careful pruning of your php.ini file also helps.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
MS don't have a serious competitor in Desktop OS. Right now they are competing with themselves. As long as they are able to sell more licenses of any of their brand of OS they don't care to innovate. I think when Apple and/or Linux Desktop becomes a serious competitor you see MS coming out with something. Firefox is the best example in this regard. IE7 is getting some make over on security front and also on UI front. Even though it is just an imitation of Firefox, it is a welcome change.
Sorry, but I don't agree on harassing someone over e-mail. His public shame is enough, don't you think? PLUS, by posting his e-mail on the web, you just made his e-mail vulnerable to spammers.
Worse, the e-mail address will be still available AFTER he resigns or his government period finishes. Will the next mayor have to cope with this?
anyone know if i can boot my existing windows 98 fat32 partition with the free wmware player under my linux environment (debian) ???
also, how do i do this if its possible ? i dont have enough space for a new vmware disk image file. is it possible to do this with another freeware emulator ?
Seems even the Tulsa NBC affiliate picked up the story. They've got a video online at http://www.kfor.com/global/category.asp?c=9667, it's the Tuesday 10pm news story. The CentOS bit starts at around 4 minutes 13 seconds, and is around 3 minutes long.
I'm not linking directly to it, because we've already crushed their bandwith enough for one week, but feel free to check it out.
It's not at all flattering to the City Manager...
I tried importing a Virtual Machine when VMWare Player first came out. I could never get it to work. I was trying to run FreeDOS, but it kept giving me an error. Turns out, it would only work with types of Windows NT. 2000, XP, and 2003, I believe. It didn't work with the XP Embedded (x86) image I tried. Now that I check the correct link that someone else posted, it says support for non-Windows guest OSes is "experimental". At least they actually mention which guest OSes work this time.
and its just plain hilarity to make fun of people in Tuttle. So, just by location he set himself up. Nevermind whatever nonsense someone from a one horse town like that did.
I mean, like somebody's gonna randomly tell this PR Geek about technical matters? The obvious person to (not) ask (depending on whether or not you want a meaningfull answer) would be an executive in Microsoft's OS development group.
eg: The fact that I've never personally seen George Bush snorting coke or had him tell me about it doesn't tell you much about whether he has or not (given that I've never met the man). Getting that denial from his best friend would mean a little bit more.
OS Software is like love: The best way to make it grow is to give it away.
They're working on it. Try the Workstation beta.
It has to come out first. Wonder if it shows up before or after Vista and Office 2007. While we're at it, I wonder if those actually show up in 2007 or end up getting pushed back again.
And with VMware, Xen, and UML among other products available now (and for quite some time), I wonder if virtual server products will even be worth talking about once Microsoft finally ships one.
What do you think?
well, one of the stories is about trademark, which is explicitly a rights-related issue (specifically, for instance, the right to property)
Why do my serious comments get modded "funny"?
This is the City of Tuttle, Oklahoma
'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.' ... because an executive from MS's PR firm is the *first* person I would go to for the "truth" ... : /
... that doesn't make them untrue.
They are likely not aware of a lot of things
we have been running Virtual Server 2005 for a while now and it runs great. I was actually surprised.
please... very true!
well, to make a broad generalization.....
businesses tend to _buy_ software, while consumers tend not to... duh...
I still can't believe this tool. He actually thinks the threat to the FBI is what prompted the CentOS developer (lead dev if I remember correctly). More likely the developer got tired of this fagtart harassing him. The city manager justified his actions by saying that anyone who is experienced on the internet knows better than to follow directions on a website. When the directions are to consult your site's administrator, I think those are pretty safe instructions.
And I can't believe this twiddle dick STILL hasn't apologized. He shoots back with "there should have been better directions". It is mind boggling that in 20 years of his supposed IT experience he's never run into a default webserver page. I really think this ass clown is deserving of any and all harassment he gets. In fact, he is deserving of a bill for CentOS's wasted time. If I had go-go gadget balls, I'd teabag that butthole surfer from 12 states away.
If an officer ever threatens to taze you, say you have a pacemaker.
Yeah, well Windoze earned its reputation as a buggy, inseure OS. Maybe every single accusation isn't quite fair, but the majority are, and until ms improves its products it will stay the same.
But I'll take whatever freebies they offer. VMware Player and Server are great products for testing websites and software
[Jerry Taylor] sent an email to the Register's marketing team asking that people stop emailing him and making fun of him.
If Taylor thinks the Register has any control over the internet's mail systems, there's yet another reason to make fun of him. Why doesn't he write the town newspaper to have people stop giving him dirty looks on the street after a disparaging article about him has been published.
I've done a lot of reading on this, and I'm curious since I haven't seen anything like what the parent mentioned.. How is VS supposed to be better than anything that VMWare *currently* offers, let alone what they are likely to release by the time the new VS is supposed to ship?
Dear Mr. Mayor,
I read this morning several articles concerning your City Manager's email exchange with one of the developers of CentOS, a free Linux operating system.
Mr. Taylor was quite abusive and rude. He was also completely incorrect in his assessment and assumptions.
Someone once complimented me by asking me if I was from the Midwest: good people, hard working, who are kind, caring, and decent. I *am* from the Midwest, so reading news of this incident is a bit of an embarrassment.
Mr. Taylor did not apologize for his error, or for the manner in which he conducted himself. I feel an apology is in order.
Sincerely,
s/
That mail exchange (especially the last part) made me wish deeply and fervently that the Tuttle webservers has been running on OpenBSD.
I imagine Theo's response would have been considerably less civil...
Parent's link is a tinyurl of goatse.
:p
Kinda figured it might be, personally, but I decided to click it anyway
"I only got help after threatening to contact the FBI."
a il/
/var/www/html/. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.
http://www.theregister.co.uk/2006/03/27/tuttle_em
Dear Mr. Mayor,
I wrote you earlier concerning your city manager, Jerry A. Taylor.
Mr. Taylor does not recognize that the kind and helpful man at CentOS didn't help him because he 'threatened to contact the FBI'. He received help because the man at CentOS chose to help him.
From an update I read this evening:
>Taylor - who once proclaimed to the CentOS staff, "I have no fear of the >media, in fact I welcome this publicity" - has asked us to put a halt to the >publicity.
Mr. Taylor did not know what he was talking about. Had he called the FBI, it might have led to amusement on their part, but a waste of their time as well. They have better things to do than teach "IT expert Taylor" about web pages and server administrators.
If Mr. Taylor manages by "threatening to contact the FBI" in a situation like this, I must wonder if his basic management style is to use threats, bullying, intimidation, and abusive language; these are not traits that develop overnight.
Mr. Taylor writes:
>I do not follow instructions that show up when a website that I am not >familiar with appears on my computer and I do not think anyone with experience >would do so either.
The instructions Mr. Taylor chose to ignore:
***begin quote***
If you are a member of the general public:
The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.
If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.
For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".
If you are the website administrator:
You may now add content to the directory
You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!
Note:
CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. If you have issues with the content of this site, contact the owner of the domain, not the CentOS project.
Unless this server is on the CentOS.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.
For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:
http://www.internic.net/whois.html
***end of quote***
By the way, had a "hacker" really gotten into Tuttle's computers, someone with Jerry A. Taylor's technical skills would not have known until his credit cards were maxed out, and the FBI arrived to shut down the kiddie-p0rn server running as a 'service' from his desktop PC. (Yes, it is very possible to do that to the technically inept or uninformed. Jerry A. Taylor is technically inept and uninformed.
If "hackers" had wanted to actually deface Tuttle's website, they would have done so in a quite "colorful" style. (They still may, actually.) It's unlikely they would have left a email contact address had they done so.
Mr. Taylor should apologize to the CentOS developer who helped him, then thank him for doing so, not continue to take apparent satisfaction in "having received help after threatening to contact the FBI".
Thank you,
s/
From the Tuttle web site: http://www.tuttle-ok.gov/vertical/Sites/{136BBA6C- 3318-4D9B-8370-02514EF0639E}/uploads/{E02F1A6C-28F D-4324-BA50-3D1ECC42E2FB}.JPG
Yeah, I've been running Virtual Server 2005 R2 for a few months. It's been working fine.
...and all of only about 12 or so miles from the offending town, I will have you know that very few people think in those terms. Most of them don't.
Nahh... This guy's just flipping clueless and doesn't understand that he just shoved a stick into the hornets' nest.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
THANK YOU!
:-)
To be sure, there's a raftload of idiots in the state that seem dead bent on perpetuating the stereotype of being bassackwards folks- but the people pointing them out keep forgetting that the only difference between Oklahoma and the rest of the neighboring states is the state lines...
Oh, and you forgot about Will Rogers...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
And they still don't "get" why this is a big issue- or why they should be abjectly ashamed of Jerry and possibly pressure the man to publicly apologize for his highly idiotic actions. Small town thinking, really- I should know, I lived in a similar small town.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Before you go on apologising that Apple just packaging eg PHP, should they not run it in an account that has no privileges and cannot be escalated?
PHP is not totally blameless in this. It is VERY easy to write PHP code that is subject to injection-style attacks, mostly because it's SO easy to insert one string into another string without doing the appropriate quoting and character escaping. Ie, PHP makes it easy to do the wrong thing.
:)
Whether or not this is PHP's fault, or the fault of a programming community that doesn't think enough about security, is left as an excercise for the reader
PHP is not actually CGI--it is run as an Apache module. And yes, Apache has its own account (www) on OS X (and even *nix system to the best of my belief). If you've got some magical way to prevent privilege escalation, though, I'm sure everyone would love to hear it.
OS X has certainly had its own security flaws: file forks accessible over Apache, auto-installing widgets, etc. But this isn't one of them.
English is easier said than done.
Your mom's a bot net
RTFA. It's not the php install that's the problem-- it's little different than most other *nix distributions that include it-- but the php application(s) that have the holes.
Next you'll be asking that MS should thoroughly audit and run IE in a special account that has no special priviledges... Um.. Bad example.
"PHP is not totally blameless in this....Ie, PHP makes it easy to do the wrong thing."
How the fuck do you get that? And so does C. In fact, when I had to deal with C and programming for the web, I was kicking my ass so hard trying to get it to work, I was actually making more mistakes.
Its not a programming languages fault because it doesn't hold your dick for you. Personally, most of these safety concerns that people have to worry about end up being MORE of a problem for me because I have to out think what the compiler / interpreter / library is doing so that I can get my own crap to work. Of course, if you are simply using a language where there are no real examples of complex interactions with something like a database because the programmers are too busy getting real to build something that requires more than a single join or two, this whole groping aspect might be a good thing (as I chant the mantra of the whole RoR following who all seem to think PHP is the worst language in the world because you have to know what you are doing both before and after you start to program...I'm not sure when actually knowing how to do simple scripting became such a chore for these people because back in the day, C or ASM required one to get off their ass and chart out an application before you just dove in).
But we get you...sorry that was an old guy rant, coming from someone that decided to take a few computer courses to pad his 20 year GPA so that he could get back into school and apply to graduate school...I couldn't believe how little the kids today knew...they all seem to know a lot about superficial design -- no actual understanding of why you want it to work that way or anything complex that might need to go past that level -- but practically nothing about programming. Its not just age and experience, I pulled out a senior level project from '87 designed for probably a 386 and realized that while I was absolutely the worst student in class back then, this application was far more complicated and actually had to use gasp sanity checking that I designed on my own and that while I barely passed that course with a C-, I really don't think any of my fellow students could come close to undertaking a project like this today.
Maybe you are right -- PHP sucks because we expect so little out of people. RoR all the way...LoL.
You may not have posted a direct link, but I'm happy to!
;)
I can see in the comments that I'm not the only one who was slowed from accessing this by fascist plugin detection
F0 07 C7 C8
I'd have told him to get the FBI involved... then he'd really have looked foolish...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Apple's not charging for PHP, specifically, nor are they charging for the GPL programs in their command line. They ARE charging for many graphical and under-the-hood systems.
Should he be a noun, as in "that move was a real Jerry Taylor"?
Or is a verb phrase more appropriate, such as "pull a Jerry Taylor", "Jerry Taylorize", or "go totally Jerry Taylor on $INNOCENT_TARGET"?
Or should the winning entry be an adjective, as in "that email was *so* Jerry Taylor"?
Here's the email I just sent:
To: citymgr@cityoftuttle.org
CC: mayor@cityoftuttle.org
Subject: Apologize to CentOS
Mr. Taylor,
I'm writing in response to your recent letter to The Register [1]. I am appalled to learn of your continued hostility to the Johnny Hughes, the CentOS Team, and the open source community as a whole. I am a member of this community.
You wrote that you "only got help after threatening to contact the FBI" [2]. That's a misleading statement without also mentioning that you threatened to contact the FBI prior to describing the problem or asking for help. I quote from your initial email: "Please remove your software immediately before I report it to government officials!!"
Most organizations would have immediately directed you to their legal department and cut off all other contact. CentOS stuck with you through your lengthy email exchange and resolved your problem despite your threats and ingratitude. That shows a level of dedication and professionalism that you could never achieve. Even more so when you consider that they are volunteers and that you are not a paying customer. They are not obligated to help under even the best of circumstances.
After CentOS provided you with the publicity you welcomed, you apparently discovered that the open source community has no respect for those who abuse our movers and shakers. Realize that an apology is a necessary first step to repair the damage you have done to your city's reputation.
Sincerely,
Scott Lamb
[1] - http://www.theregister.co.uk/2006/03/27/tuttle_ema il/ o ryid=127
[2] - http://www.centos.org/modules/news/article.php?st
hehe ;-)
doesn't really have anything to do with "Macs".
Don't be stupid. It has everything to do with "Macs" and any other unix-like operating system that runs perl & php.
Its worth knowing that that there is people attacking OS X in the wild and the vectors they are using.
Too many Mac users believe they're invlunerable & start to play around with internet facing services without adequately firewalling themselves.
Articles like this are a good reminder that any unix-like system can be made vulnerable, even if its its pretty well hardened by default.
My pics.
I have an answer to your exercise:
Both.
FP.
Also FatPhil on SoylentNews, id 863
It wont be long now until the next installment of microsoft's 'Get the facts' campaing includes the following headline :
City of Tuttle saves $ billions by migrating from Linux to Microsoft Windows.
After an extensive evaluation in which the City of Tuttle compared Windows® and Linux, the city selected Microsoft® Windows Server System(TM). Besides the obvious cost savings of moving to Windows, the city manager of Tuttle observed that security was of prime importance in the decision. "Ive worked with computers for 22 years, and Ive seen first hand how an interweb running on linux can easily be hijacked by hackers without MY permission."
A Google search for Jerry Taylor is somewhat useless as there are several web pages for several different Jerry Taylor's. Number 10 Jerry Taylor builds transmissions for racing cars, number 1 (and several other entries) is a senior fellow at the Cato Institute, number 8 is an assistant professor at a small christian college, number 9 is an Arkansas state senator, number 2 and 3 is a "Technology Integration Specialist" for the Greece, New York School District and provides computer training for Senior citizens in Hilton, NY; our Jerry Taylor is currently #6 on the list.
Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm
Would that firm be the Iraqi information ministry?
Not that it justifies his behavior in any way, but what if his previous experience was with embedded systems or other specialized devices that don't connect to networks? Didn't another comment mention that the "E-Systems" he worked with were part of the defense industry?
I've worked with salty old Pick programmers who have been doing it for as long as I've been alive. They could do amazing things deep in the bowels of these antiquated databases, but were clueless about how the Internet worked outside of clicking the blue 'e'. And why should they need to know if their jobs didn't require it?
It's quite possible that his 20 years experience didn't include dealing with a single web server. That doesn't mean it wasn't valuable experience, but it does make it largely irrelevant to the job he's doing.
A few out-of-town geeks complain, sure, nobody will care.
This story, however, has reached the mainstream media (Tulsa NBC affiliate), gone international (The Register, with a *personal response* from the guy), and generated more publicity than Tuttle, OK has ever known before. This will definitely make local folks take notice (especially when some of their out-of-town acquaintances start asking about this), and be some significant embarrassment to the city manager in question. It won't be a MAJOR issue, but it WILL make the local radar screen.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
It has nothing to do with OS X, perhaps. It is, however, very important for Mac users to be aware that OS X's inherent security does not protect them from security flaws in third-party software, if they expose that software to external connections.
There is a very real issue here. Mac advocates do often make the mistake of proclaiming that OS X is "invulnerable" to attack, when what they really mean is that it is secure by design and can only be made vulnerable by a user deliberately allowing potentially malicious connections from outside. Like everyone who loves the product they use, Mac users are very reluctant to say anything which might be mistaken for an admission of failure - particularly when advocates of other platforms are all too willing to bend the truth to take cheap shots.
So what we need is more honesty all round. Mac users must not get carried away with advocacy to the extent that they deny that a Mac can be made vulnerable by third-party software. Windows users must not pretend that this is in any way similar to the remote vulnerabilities which have on several occasions permitted vast numbers of Windows machines to be compromised simply by being visible to the Internet. And we must all acknowledge that ultimately, whatever software it runs, a server can never be more secure than its administrator is clueful.
Don't be stupid. It has everything to do with "Macs" and any other unix-like operating system that runs perl & php.
Here's what I find both interesting and confusing about this whole issue. These people reported that they were following a Mac OS X botnet. Actually they claim it is a Mac OS X and Linux botnet. These machines were running one of a handful of PHP based servers. How many people run a PHP server application on top of OS X and expose it to the internet (as opposed to an intranet)??? Pretty much everyone I know runs OS X as a workstation. The majority of the boxes are laptops. Most of those I do see being used as "servers" are being used as PVRs and multimedia machines in the living room. I'm sure there are a few OS X boxes out there someone has casually thrown up a quick server on, and a few hobbyists who just have the one g5 tower that is everything for them, including running their own little wiki. Are there really enough to make up a significant part of a botnet?
I'd really like to see some more information on this. How many OS X machines are they talking about here? I know a lot of people who run a small server on Linux and who might become part of a botnet. Small businesses and organizations set these up all the time. Most are administered indifferently with only small regard for security. I can't think of anyone doing so with an OS X box. So what was this 900 linux boxes and 15 OS X boxes? Or is my view of the ecosystem unusual?
In any case, I hope this is a wake up call to those casual web admins. Keeping security fixes up to date needs to be a priority on any server.
Well, if the design is actually made public, then it becomes entirely possible to program it into an fpga.
Grab a few more bts from the opencores website and Voila! Instant open computer,without annoying DRM chips or anything.
And, while it might not be as easy as going to RadioScrap, finding a place that will sell you an FPGA is not _that_ hard.
That is, providing that the chip design, etc, actually does become freely available. Otherwise, this whole thing is just a marketing ploy by sun.
Cheers!
John
How many people run a PHP server application on top of OS X and expose it to the internet (as opposed to an intranet)???
enough to have been found by scanners and exploited.
Pretty much everyone I know runs OS X as a workstation.
Everyone you know is not everyone.
I can't think of anyone doing so with an OS X box.
The people you can think of is a very small subset of computer users.
I personally have used an os x box as an FTP server, a file server, and a web server.
I know of several all mac businesses in the NY Metro area, with mac workstations and X-Serve servers.
I know lots of mac design geeks that have explored the various extensions to Apache - php, perl, etc, to 'jazz' up
the functionality of their sites. The PHP server application that you refer to is probably part of a web server setup,
so naturally it would HAVE to be "exposed to the internet".
and I know a crapload of people with mac laptops that just think a mac is for listening to music, emailing their friends,
looking at myspace or facebook half of the day, and working on their screenplay or great american novel.
music lover since 1969
The PHP server application that you refer to is probably part of a web server setup, so naturally it would HAVE to be "exposed to the internet".
Not really. Probably more than half of the web servers, wikis, etc., that I know about are confined to an internal network for use by employees only. The company I am working for right now has a public facing web server. We have a couple of mail servers and VPNs. We have some custom application servers and an RSS feed. That accounts for maybe 15 internet facing machines. We probably have a hundred servers internal to our network. More importantly, most of those servers are not hardened machines, maintained by professionals as the major part of their job. They are wikis and web servers and the like that someone threw together for a specific purpose and are tertiary to their job. A wiki maintained by a software developer to allow collaboration with his team is not as likely to be as meticulously updated. I can't imagine too many Macs are used as public facing, production servers, but I can believe a lot are casual servers. Most of these are probably not exposed to the internet.
The question I have is this...
When will we see the t-shirt?
Imagine - using the font "Comic Sans" in blue of course
I am please to serve...
with a hand drawn characature of one Mr. Taylor on it.....
On the back it would read
No Fear
(of the media)
Find out when the city/county fair is to occur, and go there to sell them.... Or, just put them on someplace like ThinkGeek....
Who is general failure, and why is he reading my hard drive?
While PHP does do an awful lot of making strings easy to mung, fold, spindle, and mutilate, I have to say that I personally think that adding a convenience to the language does not a security hole make.
I think that the real problem here lies in the fact that many PHP apps are coded incredibly sloppily... like most web content... ignoring even basic coding common sense.
How often would injection attacks take place if every coder obeyed one of the most basic tenants of web application development?
"THOU SHALT NOT EXECUTE USER INPUT"
How hard is that?
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Yeah, well Windoze earned its reputation as a buggy, inseure OS.
Working as a desktop support admin since 1999 supporting mac and windows boxes, I can say that the reputation is fully justified,
just as os9 and before's reputation as a crashy operating system was justified.
music lover since 1969
So in what way does harassing some clueless small town administrator advance the cause of FOSS. I am embarrased at my community (CentOS and slashdot etc.) and the immaturity (dude lets email this guy) of their reaction. You aren't helping my cause, which is selling small business, local and state government on the benefits of Linux and FOSS in Oklahoma. What the hell are you, secret agents for Microsoft? Please quit or at least go spoil your own fscking neighborhood.
How hard is that?
It's made somewhat harder by the fact that PHP doesn't have proper closures. Instead, it has create_function, which takes its code as a string. So if you want to do any sort of lambda type programming, you're stuck using the moral equivalent of eval, and if you want your function to use values from the containing scope, you have to munge strings to get them in there.
Yeah, but only lisp fiends and star trek fans use closures anyway.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
http://www.power.org/
It's much more about the users than the OS. This could just as easily have been about how setting you root password to "admin" with SSH-as-root enable can be a dumb thing. Or how, as in my case, a server can be hijacked (or at least attempted-hijacked) when your roomate with an SSH accounts has a password that is his own name (his account name also being his name).
Windows is often less secure by design, but PHP attacks could just as easily affect windows machines running PHP (their just less common). One should never assume invincibility with any OS, and the risk goes up with the greater number of applications you install.
Maybe some of the Enron executives had kids too. How about corrupt government officials. Hmmm
Maybe there's somebody else with kids to feed that can do a better job than Mr. City Manager. Certainly there are a whole lot of people that could at the very least be more professional about it...
Science? Religion? I'm listening to the guy with the lens in a tube rather than the guy with the corpse on a stick
Of course, everyone likes a clever smart remark, but of course you realize that martyrdom is not particularly compelling. The 'corpse on a stick' is the only one with the power to come back from death. The power of Christianity is not in a dead Christ, but in one who willingly paid the necessary penalty for my sin, (and yours) and had the power to overcome death.
FWIW - those of us who are serious followers of Christ are not opponents of good science. Many of us see little good science these days. Much of the good science from antiquity and from today happens to come from people whose worldview is based on an ordered creation from an intelligent designer rather than on matter, time and chance.
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
Look, I don't think that I'm likely to change your mind here, but I do want to take a minute to say that I'm sorry for the way that people have treated you in the name of Christ.
I agree with you on the issue of religious oppression of scienctific views. What the church did in the middle ages is frankly indefensible. My take on that is that the church felt that it's power structure was being threatened and took actions to protect its turf. It did so wrongly - because it loved the things of the world and will have to answer to God for that. "It is a fearful thing to fall into the hands of the living God."
In response to your question about "what if I'd never been exposed to religion" I think I'd have to say that as a worldview, rationalism doesn't work. It works well in certain areas - fact-based areas like science. It totally fails in the context of human relationships. Concepts like duty, honor, and self-sacrificial love are frankly completely irrational. The "just the facts" kind of world view has many many inadequacies. It only works in a narrow part of the human experience.
I appreciate that you were raised in the RC church. I have some serious issues with what is taught about Christ and our relationship with Him in that church. I think that the RC church gets it wrong in many areas, and many times many Christians teach wrong things about Christ.
Essentially the teachings of the Christian church follow this line of thinking:
1. A perfect and pure creator made the universe and created people
2. Those people were free to choose whether they would serve God, or choose to serve themselves
3. They chose poorly - deciding that impurity was better than intimate relationship with God.
4. Because of God's purity He could have rightly chosen to destroy mankind at that point. Because of His mercy He did not do that.
5. This impurity required cleansing in order to restore relationship with God.
6. The only way to cleanse the world from this sin was to have a perfectly pure sacrifice pay the price - the wages of sin is death.
7. God - in the form of Jesus Christ came to earth, lived a perfect holy and pure life, died to pay that price, and then rose from the dead - conquering sin and death
8. If we place our faith in the finished work of Christ, we too can have intimate relationship with God.
Do you see that there's nothing in those 8 things that has *anything* to do with your behavior? It's not about making you "do right." It's about intimate, personal relationship with a creator who desires to be your friend.
Do I have questions? You bet I do! The essential questions are answered for me, and it's the tangential ones that tend to be troubling. Here's the deal - the Christian worldview fits my life experience WELL. Because of the overall fit of that view, I can give God the "benefit of the doubt" in areas where it doesn't fit quite right.
Why do we care about "vice" laws? It's because we care about people. If something is dangerous, we generally believe as a culture that laws should exist to teach people not to do dangerous things. Seat belts are measurably beneficial for human safety. That's a reason that laws exist to compel people to wear them. The law is a teacher. I want laws to exist to protect my family and to help society at large "work."
Finally, on the science issue, it's the worldview of the scientist that determines where he will look and for what. His philosophy absolutely prejudices his preconceptions. His results may be untainted and verifiable, but his direction, focus, and line of questions are informed by his philosophy. Science is not pure and unbiased.
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
I don't need to be told it's wrong to harm another - I figured it out all on my own.
But.... Why is it wrong? With no absolute arbiter of right and wrong, doesn't it merely fall to one man's opinion?
On what do you base your fundamental belief that it's wrong? For that matter, what does wrong mean? How do you know?
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
Most people who do bad things think they already have god on their side anyway
Let me see: Stalin, Pol Pot, Mao, Nicolai Chauchescu, et al - big followers of organized religion?
There are those who do evil in the name of honoring God, but that is not the logical outworking of a faith in Christ. On the other hand, a belief that all truth is relative and there are no absolutes *does* provide fertile ground for doing evil. After all, what you call evil I might call good.
But Herr Heisenberg, how does the electron know when I'm looking?
I note you're omitting a lot of the points I'm making for some reason. :)
.... Religion influences my existence and restricts the choices I can make for no reason I am able to fathom. If you know why please explain it to me - I want my free will!
I'll give you five reasons. My wife, and each of my 4 sons.
All truth is relative
Is that statement absolutely true?
the idea of law if I might. I find a lot of it evil. Sure, there's stuff that most of us can agree with like assault, murder and (if you like to own things) damage to or theft of property. The rest of it smacks of either religiously inspired restriction of personal freedom or mindless beaurocracy that seems designed purely to make life difficult.
I'm sure that you would agree with me that we have a history of at least 5,000 years of organized society. Where can you point to an example of a successful society without the rule of law?
Does law deny free will?
Don't we all? Of course all of us want to do what we want. Ask a newborn baby about that! The fact is that we share this space and interact with each other mean that we do need "rules of the road" as you pointed out in a former posting.
Here's how I see it: Without the law as a teacher and a restraint, you would not have the opportunity to consider the things you think you want to do. If you look at countries where the rule of law is not present - like present-day Zimbabwe. Unemployment there hovers around 80%. Please keep in mind that in the great depression, unemployment in the US was around 25%.
You might not like the laws we've got, but your freedoms would be greatly reduced. You need the law. If there are laws you dislike, get them changed!
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
I get the feeling that you haven't exposed yourself to a lot of political thought alternative to the system you now live under. Your replies all smack of pamphlet rhetoric rather than having any semblance of reflection behind them. It's as if you've blindly accepted everything taught to you without an iota of analysis.
:)
Just because someone disagrees with you does not mean that they don't think. It's vain of you to believe that this is the case.
Frankly you know little of me, my life history or the path I've taken to arrive at this philosophical destination. I have looked into a number of other world views, I've traveled internationally and seen firsthand the outcomes of some of those world views. I've taken a long, thoughtful and winding path to get here.
Accept nothing at face value - there's usually something deeper going on.
Should I accept that prescription at face value?
Why were the following small list of fun activities outlawed in Ireland: Homosexuality, sodomy, contraception, divorce...?
I know that we'll hit a brick wall on this, but I'll try again anyway. The law is a teacher and a protector of society. Let me first address the areas other than contraception.
Speaking sociologically and physically these things are to the detriment of the individual and to the culture. Divorce is detrimental because thousands of studies have consistently shown that children have the best opportunity to grow up and be productive members of society when there is a mother and a father in the home. Financially, when the resources allocated for the family are split between two households, the standard of living declines for everyone. Stepfamilies are particularly unsafe places - the risk of physical and sexual abuse are much higher in those situations.
Homosexuality is unhealthy for people - males in particular. The GLMA lists the top 10 health risks for gays and lesbians. Are you aware that only 1 of the top 10 risks to gay men is the same as for heterosexual men? (Prostate cancer.) The large intestine and rectum were not designed for the trauma of sexual activity and the human immune system is threatened by that type of activity as well. This may offend, but the medical evidence stands against this activity.
So what if it hurts only you and the other person? Should it be legal then? I don't think so. You are a part of society and we all bear the cost of psychological and medical care for people who make bad choices. From the alcoholic with liver damage, to the drug addict who has no insurance and needs emergency care, to the increased health complications of *all* bad health choices. For what it's worth, I think that we should do something to address the financial implications of the obesity epidemic sweeping the US these days. I have not yet decided what I think should be done, but it's to the detriment of our culture that people have so little self-discipline that they are becoming obese in record numbers. Some may have legitimate medical roots of obesity, but the majority are simply undisciplined. This lack of personal discipline and accountability will eventually do great harm to our nation.
I've never made an argument in favor of outlawing contraception, but I can see that it's possible to argue for that. In the US, we have a problem. The number of Americans headed for retirement age is huge. The baby boomer generation is going to begin to collect social security, and the number of people paying into the social security system is dwindling. If we had not allowed 40 million legal abortions in the last 35 years, we'd have at least 30 million + more adults in the US who could have helped contribute to the economy and also pay taxes to help support the boomers.
Having more kids is *not* bad for society or the economy. There are consequenses of extramarital sex, even without pregnancy or STDs, there are emotional problems that come from that behavior. With no access to contraceptives, there would b
But Herr Heisenberg, how does the electron know when I'm looking?
I've enjoyed this interchange, but my famlilial responsibilities will call me away soon. Some final thoughts, if you'll indulge me.
it's the fact that people who don't share all those views are forced to live by them when they are written in law. Isn't that unfair?
It's called democracy. Change the hearts and minds of the masses and then you can have your way. Don't like that? I know of no other option than to suggest revolution or move to another place. Here's the challenge: What do you do when your value system and mine directly conflict? What if your value system called for you to consume large quantities of alcohol then barf on my lawn. What about what I want?
On the issue of divorce:
Couples give up FAR too easily. It's not a real choice to say "fight all the time or divorce" The big problem is a lack of relationship skills which leaves people feeling like separation is the only viable option. I'm not suggesting divorce be eliminated, but we as a culture should do more to shore up the family unit - perhaps making divorce more difficult by requiring some counseling and coaching before the court grants the divorce.
Lack of responsibility:
So, you suggest that the law is unfair or unjustly limiting your personal freedoms, and that you want to be freed to live out the values that you choose because you are a responsible person. Can you see that the culture around you has laws to restrain behavior, and even with that help, people seem largely unable or unwilling to take that responsibility? It seems to me that removal of law would worsen not help that problem.
Health issues of homosexuals:
Anecdotes do not a good study make. As I read on this issue (and I do read lay literature with some regularity - not the journals themselves) it seems to me that the studies indicate that the relative mental health you assess in your friends is not consistent with the homosexual population at large. The science appears pretty clear here. Can you point to scientific analysis on this issue that supports your experience?
Homophobia hurts more than anal sex. Will you please define homophobia? The reason I ask is that I want to make sure that we are talking about the same thing. If tolerance is a part of your response, would you kindly define that term for me? My belief is that the colloquial use of that word differs significantly from the denotative meaning, and I want to make sure that we mean the same thing when we use emotionally charged words.
STDs are an epidemic in the heterosexual community. Condom use is not the answer. There is no substitute for abstinence until a lifelong marriage to protect one from emotional and physical challenges. Heterosexual men and women need to quit having sex outside marriage, but the message of sex without consequenses is rampant, and when viewed through the lens of objective science, is demonstrably false.
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
Sorry to say that time does not permit me to make a full response to all of your points. I do have a little time, and have decided that an abbreviated response is preferable to no response.
I'd like to address a couple of points that you made. You may not consider them related, but I do for reasons I hope become obvious shortly.
I'd like to start by pointing out a fundamental fact that seems to be missing from your logic... Homosexuality is not a choice. For such a worldly traveller and intense thinker I'd have thought such a thing would be immediately obvious, but it seems the doctrine behind your faith has clouded your judgment. It's not a "lifestyle" or a "perversion", it's your sexuality. You're born with it. If this wasn't the case then why would you choose it? It merely invites trouble from those with a zeal for faith. It being a choice makes no sense - its like choosing the path of most resistance for the reward of eternal damnation. The idea of homosexuality being unnatural is just a symptom of the puritan hangover that afflicts our society..
I appreciate that it is your position that homosexual attraction is set at or before birth. There are many people who disagree with you, but I refuse to address that point with you. *For the purposes of this discussion,* let me allow that your view is the correct one. This is irrelevant to my response.
With all due respect - and I mean that not in a cliche' sort of way (I do respect you) I think that you may fundamentally misunderstand some of what I believe Christianity to teach. Specifically, the Bible says "the heart is deceitful and desperately wicked" and "all have sinned" It's worse than that. In fact, it says "there is none righteous, not even one." "There is none who seeks after God."
In case you are potentially getting defensive or feeling attacked, please remember that these ideas apply to EVERYONE - not just you. This absolutely includes me as well. How does this relate?
If you will indulge me a bit further, the Bible goes on to say "Do you not know that the wicked will not inherit the kingdom of God? Do not be deceived: Neither the sexually immoral nor idolaters nor adulterers....nor thieves nor the greedy nor drunkards nor slanderers nor swindlers will inherit the kingdom of God. "
That's a pretty long list of bad things, and it applies pretty much across the board to all people. You see, from a pure and holy (undefiled) God's perspective, even a single imperfection would prevent us from having relationship with Him. If He did, He would no longer be undefiled and pure.
You see, the natural state of mankind is that we are imperfect and unable to be in right relationship with God. Our natural bent is opposed to God - regardless with whom you have sex. (The passage above talks about homosexual behavior as well, but it was not relevant to my point here.)
What I asked for is an explanation for the lack of personal responsibility in most of the population. Have you got an explanation outside the greed encouraged by advertising and the education system?
The root cause of this is the same as *every* sin. The natural desire of man is selfishness and pride.
God made a way to overcome the sinful nature of man. He came to earth and lived a life of perfection. As a result, those who essentially say to God "don't look at me - talk to my attorney - Jesus Christ" have hope. Those who trust in Christ's righteousness have the following said about them as the passage above continues...
"And that is what some of you were. But you were washed, you were sanctified, you were justified in the name of the Lord Jesus Christ and by the Spirit of our God."
God's standard is perfect righteousness and holiness. The natural desire of man is to rebel against God - regardless of the gender of your sexual partners.
Am I screaming at the wall here trying to convey the idea that it's not all missionary position?
If it were any of your business what I do in my bedroo
But Herr Heisenberg, how does the electron know when I'm looking?