As a sysadmin, the thought of a security hole being found in software and NOT getting full disclosure gives me shivers.
One of the first things I do every morning is check the security sites to see what bugs may have poped up. Then I check the versions against the versions we have installed. Then I take action, either to replace, patch, whatever it takes.
Yes script kiddies give me headaches, but I would rather put up with them than to have my systems cracked and not even know it, or be able to track the problem down.
We were hit a while back by the DNS DOS attack, somehow I missed that report. But I was very happy to find the fix for the problem when I finally traced down what the symtoms were. Without full disclosure, I would still be getting hit with it. Duh!
Full disclosure is a two edge sword, it can cut either way, but I would rather have it.
Well, in the US: The problem is that our privacy is eroded every day and our elected US representatives are more interested in sound bites and corporate financing than in accually protecting our rights. They are financed by the big corps, and until there is enough public outrage, that is who they legislate for. Take the DMCA, was that in the interest of the general public? No, it was all for corporate benefit.
As an admin for an ISP, I have been dealing with users getting every virus known, it gives me headaches, and wastes a lot of time.
Two things we are doing to fight this nonsense:
1. When our tech support talks to our users, we have been advising and walking them through uninstalling WSH and/or removing associations to vbs, hta, shs, etc.
2. We installed a procmail filter to "trap" all the vbs scripts and the known exe virii sent in the email that go through us. It also goes through and "Defang's" the html code in any html email.
Since we implemented this filter, we have trapped thousands of poisoned files, which means that our users did not get infected with them, or spread them.
The place to get your copy of the procmail filter? http://www.wolfenet.com/~jhardin/procmail-security .html
I agree Putty does rock. I work for a local isp, and there are times when i am onsite and i need to get into the server to ie... change a password, check how the clients connection looks from the server end, etc. Putty fits on a floppy, all I have to do is put it in the drive, do what I need, then I clean up the registry of anything putty puts in there when done (paranoid is better:).
Thats no good. His site will not let a message go through the cgi without having your address, phone number, everything but your blood type. I don't want his spam mail (email or snail), don't want him to call me, etc. I will voice my displeasure of him at the ballot box, in any and all future attempts at getting into any office.
I have emailed the article links to all my friends that have an email address.
Yes, but even then with two open compilers, there would have been competition between the two camps, fueling inovation, and a desire to be better. This would have been good, and the better ideas could be incorporated by both.
Forking happens all the time, but the source is available. The best code can always be built on and improved. Like in Zen, perfection is always strived for, but never achieved.It's a "Good Thing".:)
I think he was to the point. In my opinion forking the code works well with GPL, because those forks that are usefull to the community as a whole are incorporated into the main source. Yes, you may have specialized forks, but wasn't that the purpose of having the code be open, so that you could adapt it to your own needs. Having the source available allows you to experiment and try out new ideas built opon the old, the good code stays around or is incorporated into new projects, and the bad or stale is dropped by the wayside.
Slashdot Mirror
One of the first things I do every morning is check the security sites to see what bugs may have poped up. Then I check the versions against the versions we have installed. Then I take action, either to replace, patch, whatever it takes.
Yes script kiddies give me headaches, but I would rather put up with them than to have my systems cracked and not even know it, or be able to track the problem down.
We were hit a while back by the DNS DOS attack, somehow I missed that report. But I was very happy to find the fix for the problem when I finally traced down what the symtoms were. Without full disclosure, I would still be getting hit with it. Duh!
Full disclosure is a two edge sword, it can cut either way, but I would rather have it.
********
The problem is that our privacy is eroded every day and our elected US representatives are more interested in sound bites and corporate financing than in accually protecting our rights. They are financed by the big corps, and until there is enough public outrage, that is who they legislate for. Take the DMCA, was that in the interest of the general public? No, it was all for corporate benefit.
This sound cynical, but it is true.
********
Two things we are doing to fight this nonsense:
1. When our tech support talks to our users, we have been advising and walking them through uninstalling WSH and/or removing associations to vbs, hta, shs, etc.
2. We installed a procmail filter to "trap" all the vbs scripts and the known exe virii sent in the email that go through us. It also goes through and "Defang's" the html code in any html email.
Since we implemented this filter, we have trapped thousands of poisoned files, which means that our users did not get infected with them, or spread them.
The place to get your copy of the procmail filter? http://www.wolfenet.com/~jhardin/procmail-securit
Microsoft Security is the ultimate oxymoron.
My 1.5 cents
********
********
I have emailed the article links to all my friends that have an email address.
Freedom of speech is a very big deal!!
********
Forking happens all the time, but the source is available. The best code can always be built on and improved. Like in Zen, perfection is always strived for, but never achieved.It's a "Good Thing". :)
********
********