OK, yes you can't load your own kernel modules, but it's a heck of a lot closer to your own personal box than a shared host separated only by individual shell accounts though... and the screen security hole described by the grandparent post would be ineffective
"cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code."
Wow.... ouch. Especially on a shared host with random other people you don't know...
OpenVZ VPS's for the win! It's your own personal "box" effectively
Huh? So you're saying somehow screen keeps listening on a port and lets evil hackers connect to it, exploit it, and continue using your screen session?
Can you really be sure it's not just some other vulnerability that is letting someone in?
Just use the program, "screen", if you want to resume your sessions.
That's not what he's asking though... "Is it more secure to re-establish the connection over an insecure link (big bad internet) where people can sniff that handshaking, or is it more secure to just remain connected?"
With a tinfoil hat on, he's asking if it's OK for the OpenSSH handshake to be happening 1-4 times per day across the big bad interwebs (traffic that could potentially be sniffed). He's not asking how to maintain sessions even if ssh itself is disconnected (which is what screen gives you)
Over coffee at work a few of us were discussing the same thing, and came to the same conclusion you did. One of the developers pointed out also that there's something to be said about having a "study" with a "library" of your own... you don't get that same effect with an ebook.
I'm having a hard time figuring out what the grandparent poster's point in pointing out the Prof. Ross case as well... the man deliberately gave away military secrets.
Unless he has a legitimate defense that involves arguing he's senile or he's suffering from dementia, he did the crime so he's doing the time....
I agree... the quote that goes something like 'never attribute to malice that which can be explained by incompetence' sounds like it kinda fits here. Friends of mine have had their PayPal accounts locked for similar, kneejerk reasons
That's an extremely pessimistic view though... if in the future they use this technique to reduce/remove the amount of snow, it could cost half as much year over year. Anyone can see how that could ROI pretty quickly...
Actually I thought the same thing myself when I heard about the "Cathedral and the Bazaar," but in reality it specifically compares two different free software development models. Emacs is held up as being "Cathedral"
* The Cathedral model, in which source code is available with each software release, but code developed between releases is restricted to an exclusive group of software developers. GNU Emacs and GCC are presented as examples.
* The Bazaar model, in which the code is developed over the Internet in view of the public. Raymond credits Linus Torvalds, leader of the Linux kernel project, as the inventor of this process. Raymond also provides anecdotal accounts of his own implementation of this model for the Fetchmail project.
(I know, bad flydnkrtn, don't cite Wikipedia... it looks accurate though)
Only problem I see with that is that if he swapped the BIOS I'm pretty sure that any hardware warranty support would basically go away... I'm assuming he bought "supported hardware" through a vendor though (such as Dell or HP).... if the servers are "off brand" this might work
Any company of a decent size who doesn't want to go through the hassle of supporting their hardware end-to-end will usually go with a vendor though (Google's an exception... they have the resources to support the servers they hack together)
This is quite true... more insightful than my post (which was a blatant ripoff of the first post in the thread, I just took the HTML source directly from the "real" about:mozilla in Firefox).
Forced competition breeds better quality, which leads to the "users" winning
Mammon slept. And the beast reborn spread over the earth and its numbers
grew legion. And they proclaimed the times and sacrificed crops unto the
fire, with the cunning of foxes. And they built a new world in their own
image as promised by the
sacred words, and spoke
of the beast with their children. Mammon awoke, and lo! it was
naught but a follower.
Slashdot Mirror
did I just get rickrolled via ASCII? wow...
As I typed "outlook not so good" I figured someone would call me out on the pun :)
What does Matt Asay joining Canonical (makers of Ubuntu) have to do with Zimbra (which is now made by VMware)?
I'm trying to see the connection here... but "outlook does not look so good"
OK, yes you can't load your own kernel modules, but it's a heck of a lot closer to your own personal box than a shared host separated only by individual shell accounts though... and the screen security hole described by the grandparent post would be ineffective
"cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code."
Wow.... ouch. Especially on a shared host with random other people you don't know...
OpenVZ VPS's for the win! It's your own personal "box" effectively
Huh? So you're saying somehow screen keeps listening on a port and lets evil hackers connect to it, exploit it, and continue using your screen session?
Can you really be sure it's not just some other vulnerability that is letting someone in?
Just use the program, "screen", if you want to resume your sessions.
That's not what he's asking though... "Is it more secure to re-establish the connection over an insecure link (big bad internet) where people can sniff that handshaking, or is it more secure to just remain connected?"
With a tinfoil hat on, he's asking if it's OK for the OpenSSH handshake to be happening 1-4 times per day across the big bad interwebs (traffic that could potentially be sniffed). He's not asking how to maintain sessions even if ssh itself is disconnected (which is what screen gives you)
... is this a troll?
The iPhone OS is basically "Max OS X embedded" (it's based on the Darwin core of OS X)...
So basically you want just a dashboard with apps to run and no freedom to run what you want? I think the iPad will follow that model...
Yea the Taco really put his foot in his mouth on that one :)
( http://apple.slashdot.org/article.pl?sid=01/10/23/1816257 is the article in question for those wondering what the frack we're talking about)
.....just sayin'
Over coffee at work a few of us were discussing the same thing, and came to the same conclusion you did. One of the developers pointed out also that there's something to be said about having a "study" with a "library" of your own... you don't get that same effect with an ebook.
I'm having a hard time figuring out what the grandparent poster's point in pointing out the Prof. Ross case as well... the man deliberately gave away military secrets.
Unless he has a legitimate defense that involves arguing he's senile or he's suffering from dementia, he did the crime so he's doing the time....
Hey there's always Google's 8.8.8.8 if 4.2.2.2 goes away.... that's become my second "Is the net up?" test after 4.2.2.2
Ironically enough his username is 'chill'.....
I agree... the quote that goes something like 'never attribute to malice that which can be explained by incompetence' sounds like it kinda fits here. Friends of mine have had their PayPal accounts locked for similar, kneejerk reasons
I know it's trollish, but the real question is: can kdawson be blocked?
(yes I know you can block authors in your user prefs... I mean from Slashdot entirely.... save us the pain, please, for the love of god)
A car analogy! Sweet now I get it
That's an extremely pessimistic view though... if in the future they use this technique to reduce/remove the amount of snow, it could cost half as much year over year. Anyone can see how that could ROI pretty quickly...
Actually I thought the same thing myself when I heard about the "Cathedral and the Bazaar," but in reality it specifically compares two different free software development models. Emacs is held up as being "Cathedral"
From the Wikipedia article:
* The Cathedral model, in which source code is available with each software release, but code developed between releases is restricted to an exclusive group of software developers. GNU Emacs and GCC are presented as examples.
* The Bazaar model, in which the code is developed over the Internet in view of the public. Raymond credits Linus Torvalds, leader of the Linux kernel project, as the inventor of this process. Raymond also provides anecdotal accounts of his own implementation of this model for the Fetchmail project.
(I know, bad flydnkrtn, don't cite Wikipedia... it looks accurate though)
Only problem I see with that is that if he swapped the BIOS I'm pretty sure that any hardware warranty support would basically go away... I'm assuming he bought "supported hardware" through a vendor though (such as Dell or HP).... if the servers are "off brand" this might work
Any company of a decent size who doesn't want to go through the hassle of supporting their hardware end-to-end will usually go with a vendor though (Google's an exception... they have the resources to support the servers they hack together)
This is quite true... more insightful than my post (which was a blatant ripoff of the first post in the thread, I just took the HTML source directly from the "real" about:mozilla in Firefox).
Forced competition breeds better quality, which leads to the "users" winning
That's the kind of spirit that's made open source what it is today!
For your next trick, I'll bet you'll tell us that emacs > vi
Mammon slept. And the beast reborn spread over the earth and its numbers grew legion. And they proclaimed the times and sacrificed crops unto the fire, with the cunning of foxes. And they built a new world in their own image as promised by the sacred words , and spoke of the beast with their children. Mammon awoke, and lo! it was naught but a follower.
from The Book of Mozilla, 11:9
(10th Edition)
Do not fear me gypsy.... I only come for your tears...
Oh god my brain hurts after this one... can we just stick to car analogies BadAnalogyGuy?
;-)