As opposed to Linux/Solaris/etc where you have to be root to run your webserver, since only root can open port 80?
It is my understanding that programs operate like this...
1. Start up as root.
2. Open low numbered port (port 80) -- but not accepting connections.
3. Drop root privilege, and/or fork to subprocess.
4. Non-root privileged (sub)process then listens for connections on low numbered port.
Once you've dropped root privilege (and some capability bits) you can't get them back. They're gone.
Advanced topic books really are hard to find in a sea of "me too" books aimed at novices. One book I remember well was titled Garbage Collection. (Don't have it handy, and don't remember author.) It is a big, expensive hard cover. Very through treatment of the subject. Another excellent book I remember was Peter Norvig's book on AI and Lisp in about '91 or thereabouts (sorry, don't remember exact title).
I wonder how many people will see this book on HTTP and get excited thinking it is another book that will allow them to create web pages without having to understand anything technical?
Web-development does not require a knowledge of HTTP, and this is the way it should be.
Just as modern application development, apparently, requires no knowledge of programming or computer science.
People who have a deep mental model of the layers below the layer they work in tend to be much better developers. Why is it that these prople are always the problem solvers that everyone else goes to in any shop?
Before all the Microsoft apologists jump in and point out that any system can have vulnerabilities, and Linux users should not bash Microsoft.
It is true that any system can have unintentional bugs that lead to security vulnerabilities. This is true of any system and not just Microsoft. Therefore, Microsoft should not be unfairly bashed due to these kinds of bugs, any more than any other system.
But there is another kind of security problem for which Microsoft is deservedly bashed. The problem Microsoft is bashed for having poor security is when their system is insecure in its design. (It may not have been a design goal.)
Examples would include, running a webserver under the System or Administrator account so that once it is compromised, the system is rooted. Installing and activating services by default. These problems are all caused by security having a low priority in the past, and Microsoft is deservedly bashed for these. Nimbda or Slammer may be buffer overflows which could happen to anyone, but there is some deserved criticism as to why it was such a huge problem.
No doubt, sendmail also deserves some criticism.
I wonder how many Linux/Apache systems get web pages defaced via. SQL injection or other PHP related attacks, but do not lead to the box being rooted? Any numbers?
I believe that the correct word which applies to the Recording Industry Ass. of America is "cartel". A group which cooperates closely to maintain an effective monopoly.
At first I was lauding SBC.... until I read the part of their advertisement on Downloading songs. SBC realizes that if a case can be brought against many of their subscribers for downloading mp3's - then by extension they were facilitating theft knowingly by advertising how to do it
Who says that SBC was suggesting that people do anything illegal? Since when is downloading MP3's illegal?
I can go to mp3.com and legally download more mp3's than my hard drive can hold. If I had Windows, I could get on Kazaa and also (legally) download lots of mp3's.
Of course, I suppose I should mention that there are mp3's out there which are copyright violations, and you should be careful of those. Especially if what you listen to is pop music crap.
First, there is the unintentional security bug. People who post to Slashdot in defense of poor Microsoft, getting an undeserved bad reputation for security, usually incorrectly attribute MS's security problems to this type of bug.
This type of security problem, the untentional bug that results in a security problem, can happen to any system. So in this case, MS should not be screamed at any more than you would want to be screamed at for a similar problem.
But there is a second type of security problem. That is when a system is insecure by design. It may not have been a design goal, but the design is still insecure. MS deserves the reputation that they get for this. This happens when security is a low priority compared to other concerns.
Can you say IIS, running under the SYSTEM account, installed and activated by default, with lots of related services also running by default. (Can you say Code Red, Nimbda.) At least Apache runs as "wwwrun" or "nobody", an unprivileged account, even on a distribution where Apache might be installed and run by default.
Obviously the *NIX side of the world isn't bulletproof either. Now perhaps we might be spared (at least for a day or two) about the anti-M$ rants about insecure M$ code. It can happen, and it can happen regardless of OS platform.
The MS rants are well deserved.
While your statement about security bugs can happen on any platform is technically correct, unintended bugs are not the only thing that causes security problems. Both MS and *NIX can have unintentional bugs, which lead to security problems. In this case, MS should not be blamed for "insecure" code.
Where the MS rants are well deserved is when a system is insecure by design. It may not have been a design goal, but the design can still be insecure. Just one past example: IIS runs under the SYSTEM account. It is installed by default and turned on by default. These kinds of problems deserve to be ranted about, and MS deserves the resulting reputation. Apache may or may not be installed and/or turned on by default, depending on distribution, but even if it could be compromised, it runs as "nobody" or "wwwrun" or some other unprivileged account.
Re:SCO is just doing what they need to do
on
SCO Volleys to Red Hat
·
· Score: 5, Insightful
They believe they had code stolen from them.
If SCO really believed this, then they would be trying to get the infringement stopped ASAP.
Instead, SCO's very actions are to make sure that the infringement continues forever without any way for anyone to stop it, so that they can extort money.
If SCO were to win over IBM, then IBM would pay their $3 Billion and that would be the end of the matter. The $1 Billion in damages is to fully, totally, and completely compensate SCO for their damages. End of story. Trippling the damages to $3 Billion is to punish IBM for their alleged misdeeds. In no event do end users pay anything, any more than if you have a book that ends up being shown to have plagarized someone's copyright work.
The fact that SCO goes around making threats that everyone needs to pay for a license demonstrated what it is that they actually believe. That they can make money from someone else's IP because they blame Linux for killing their failed business model.
Re:SCO is not targetting Linux with a lawsuit
on
SCO Volleys to Red Hat
·
· Score: 2, Insightful
>> If they win that suit [against IBM], there are no consequences for anybody but IBM.
>And how do you explain the need to license your kernel ?
If you have a Linux kernel, then you already have received it under a license from the copyright owners.
If SCO wins, then IBM will pay their $3 Billion, and that will be the end of the matter. The purpose of the $1 Billion damages is to fully, totally and completely compensate SCO for what IBM allegedly did. The purpose of tripple damages ($3 Billion) is to punish IBM.
If the MPAA were serious about stopping these internal leaks, there is a very simple and inexpensive way that they could stop this which would be 100% effective.:-)
Simply make all of their employees watch a stupid preachy commercial exhorting them to respect copyrights. (And stop making us watch it. It was funny the first few times, but the joke is old now.)
Re:Can we use the law against them and sue them?
on
RIAA Bits
·
· Score: 1
In order to bring a lawsuit, one of the requirements you must meet is to have what is called "legal standing".
For instance, I do not have legal standing to sue Joe for stealing gas from your car to put into his SUV.
Re: It IS a double standard
on
RIAA Bits
·
· Score: 2, Interesting
No double standard, it's called "covering A$$es". These are what you call "contingency plans." Sony is trying to do everything they can to be in a good position, no matter how the matter with the RIAA turns out.
Talk about doublespeak! I found this post just downright amazing. I was flabbergasted!
It is a double standard. What you describe is exactly a double standard. When someone is supposedly so against something, at least in front of their peers, but then they support those who do it, or at least condone it, this is the very definition of a double standard.
I think Longhorn will be the first Windows with a database filesystem. It will probably be based on SQL Server
First, about being first. Microsoft will have the First GUI. Microsoft will have the First internet web browser. Microsoft will have the first 32-bit clean API. Back in 1982, some big fat PC magazine (not Byte, but one with PC in the name) said that MS-DOS 2.0 would be the First OS to have a herarchical filesystem! I think I could go on and on, but I trust my point is clear regarding Microsoft having the first database filesystem which they most certianly do not. (Can you say BeOS.)
I think Longhorn will be the first Windows with a database filesystem. It will probably be based on SQL Server
Second, Microsoft wants their database based fileserver to be reliable. So maybe it will be secretly based on MySQL.:-) Ooops, wrong license. I meant PostgreSQL.
Anything that helps to stop piracy is good for open source. I'm not saying that piracy gets my feathers ruffled. Stopping piracy means that you have to legitimately pay for the software you're using. Just as I've paid for my Linux.:-) It simply makes people calculate the true cost of the closed source software they are running.
I also find it quite amusing that the biggest software pirates I know are not merely Windows users, but anti-open source, Windows advocates.
Whoh! 24 hours without an SCO story!
I wasn't sure if I would make it!
I don't believe this is Slashdot's choosing.
SCO actually has to say something funny in order to get a story posted on/. This stuff is really funny. I mean belly-laughing funny. I always look forward from the latest ravings from SCO being announced on/.
Microsoft needs to do this to hurry up and inject cash into SCO.
Very soon, SCO may be required to stop this licensing charade.
Also very soon, IBM's four patent claims, which I believe cover every single SCO product, may get a preliminary injunction which will cut off all SCO revenue.
In short: SCO will have no money comming in whatsoever.
Patent lawsuits are expensive to defend. You must (1) proove you don't infringe, or (2) proove the patent invalie. Either one requires lots of expensive patent research.
Microsoft probably recognizes that they need to pump some cash into SCO if they are to stick around well past April 2005. If SCO goes away, then the FUD would stop. Even if SCO is required to stop the FUD, it leaves a big question mark hanging around for almost two years that Microsoft can exploit.
Slashdot Mirror
As opposed to Linux/Solaris/etc where you have to be root to run your webserver, since only root can open port 80?
It is my understanding that programs operate like this...
1. Start up as root.
2. Open low numbered port (port 80) -- but not accepting connections.
3. Drop root privilege, and/or fork to subprocess.
4. Non-root privileged (sub)process then listens for connections on low numbered port.
Once you've dropped root privilege (and some capability bits) you can't get them back. They're gone.
Advanced topic books really are hard to find in a sea of "me too" books aimed at novices. One book I remember well was titled Garbage Collection. (Don't have it handy, and don't remember author.) It is a big, expensive hard cover. Very through treatment of the subject. Another excellent book I remember was Peter Norvig's book on AI and Lisp in about '91 or thereabouts (sorry, don't remember exact title).
I wonder how many people will see this book on HTTP and get excited thinking it is another book that will allow them to create web pages without having to understand anything technical?
Web-development does not require a knowledge of HTTP, and this is the way it should be.
Just as modern application development, apparently, requires no knowledge of programming or computer science.
People who have a deep mental model of the layers below the layer they work in tend to be much better developers. Why is it that these prople are always the problem solvers that everyone else goes to in any shop?
Before all the Microsoft apologists jump in and point out that any system can have vulnerabilities, and Linux users should not bash Microsoft.
It is true that any system can have unintentional bugs that lead to security vulnerabilities. This is true of any system and not just Microsoft. Therefore, Microsoft should not be unfairly bashed due to these kinds of bugs, any more than any other system.
But there is another kind of security problem for which Microsoft is deservedly bashed. The problem Microsoft is bashed for having poor security is when their system is insecure in its design. (It may not have been a design goal.)
Examples would include, running a webserver under the System or Administrator account so that once it is compromised, the system is rooted. Installing and activating services by default. These problems are all caused by security having a low priority in the past, and Microsoft is deservedly bashed for these. Nimbda or Slammer may be buffer overflows which could happen to anyone, but there is some deserved criticism as to why it was such a huge problem.
No doubt, sendmail also deserves some criticism.
I wonder how many Linux/Apache systems get web pages defaced via. SQL injection or other PHP related attacks, but do not lead to the box being rooted? Any numbers?
Please don't mis-use the word "monopoly".
I believe that the correct word which applies to the Recording Industry Ass. of America is "cartel". A group which cooperates closely to maintain an effective monopoly.
At first I was lauding SBC.... until I read the part of their advertisement on Downloading songs. SBC realizes that if a case can be brought against many of their subscribers for downloading mp3's - then by extension they were facilitating theft knowingly by advertising how to do it
Who says that SBC was suggesting that people do anything illegal? Since when is downloading MP3's illegal?
I can go to mp3.com and legally download more mp3's than my hard drive can hold. If I had Windows, I could get on Kazaa and also (legally) download lots of mp3's.
Of course, I suppose I should mention that there are mp3's out there which are copyright violations, and you should be careful of those. Especially if what you listen to is pop music crap.
These PCs... are they distributed under the GPL, or aren't they truly free?
Good question. Would I get into trouble by making copies of these PC's and then giving away or selling the copies?
Isn't this kind of a form of scare tactics? "Get it now, from us, or you may never be able to get it"
Yes, it is. Did you have a point to make?
Don't throw too many stones linux users.
Go ahead and throw stoned when they are deserved.
Security problems come in at least two forms.
First, there is the unintentional security bug. People who post to Slashdot in defense of poor Microsoft, getting an undeserved bad reputation for security, usually incorrectly attribute MS's security problems to this type of bug.
This type of security problem, the untentional bug that results in a security problem, can happen to any system. So in this case, MS should not be screamed at any more than you would want to be screamed at for a similar problem.
But there is a second type of security problem. That is when a system is insecure by design. It may not have been a design goal, but the design is still insecure. MS deserves the reputation that they get for this. This happens when security is a low priority compared to other concerns.
Can you say IIS, running under the SYSTEM account, installed and activated by default, with lots of related services also running by default. (Can you say Code Red, Nimbda.) At least Apache runs as "wwwrun" or "nobody", an unprivileged account, even on a distribution where Apache might be installed and run by default.
Obviously the *NIX side of the world isn't bulletproof either. Now perhaps we might be spared (at least for a day or two) about the anti-M$ rants about insecure M$ code. It can happen, and it can happen regardless of OS platform.
The MS rants are well deserved.
While your statement about security bugs can happen on any platform is technically correct, unintended bugs are not the only thing that causes security problems. Both MS and *NIX can have unintentional bugs, which lead to security problems. In this case, MS should not be blamed for "insecure" code.
Where the MS rants are well deserved is when a system is insecure by design. It may not have been a design goal, but the design can still be insecure. Just one past example: IIS runs under the SYSTEM account. It is installed by default and turned on by default. These kinds of problems deserve to be ranted about, and MS deserves the resulting reputation. Apache may or may not be installed and/or turned on by default, depending on distribution, but even if it could be compromised, it runs as "nobody" or "wwwrun" or some other unprivileged account.
They believe they had code stolen from them.
If SCO really believed this, then they would be trying to get the infringement stopped ASAP.
Instead, SCO's very actions are to make sure that the infringement continues forever without any way for anyone to stop it, so that they can extort money.
If SCO were to win over IBM, then IBM would pay their $3 Billion and that would be the end of the matter. The $1 Billion in damages is to fully, totally, and completely compensate SCO for their damages. End of story. Trippling the damages to $3 Billion is to punish IBM for their alleged misdeeds. In no event do end users pay anything, any more than if you have a book that ends up being shown to have plagarized someone's copyright work.
The fact that SCO goes around making threats that everyone needs to pay for a license demonstrated what it is that they actually believe. That they can make money from someone else's IP because they blame Linux for killing their failed business model.
>> If they win that suit [against IBM], there are no consequences for anybody but IBM.
>And how do you explain the need to license your kernel ?
If you have a Linux kernel, then you already have received it under a license from the copyright owners.
If SCO wins, then IBM will pay their $3 Billion, and that will be the end of the matter. The purpose of the $1 Billion damages is to fully, totally and completely compensate SCO for what IBM allegedly did. The purpose of tripple damages ($3 Billion) is to punish IBM.
You're rightX of courseX.
The marketingX execsX needX to fixX thisX.
If the MPAA were serious about stopping these internal leaks, there is a very simple and inexpensive way that they could stop this which would be 100% effective. :-)
Simply make all of their employees watch a stupid preachy commercial exhorting them to respect copyrights. (And stop making us watch it. It was funny the first few times, but the joke is old now.)
In order to bring a lawsuit, one of the requirements you must meet is to have what is called "legal standing".
For instance, I do not have legal standing to sue Joe for stealing gas from your car to put into his SUV.
No double standard, it's called "covering A$$es". These are what you call "contingency plans." Sony is trying to do everything they can to be in a good position, no matter how the matter with the RIAA turns out.
Talk about doublespeak! I found this post just downright amazing. I was flabbergasted!
It is a double standard. What you describe is exactly a double standard. When someone is supposedly so against something, at least in front of their peers, but then they support those who do it, or at least condone it, this is the very definition of a double standard.
I think Longhorn will be the first Windows with a database filesystem. It will probably be based on SQL Server
:-) Ooops, wrong license. I meant PostgreSQL.
First, about being first. Microsoft will have the First GUI. Microsoft will have the First internet web browser. Microsoft will have the first 32-bit clean API. Back in 1982, some big fat PC magazine (not Byte, but one with PC in the name) said that MS-DOS 2.0 would be the First OS to have a herarchical filesystem! I think I could go on and on, but I trust my point is clear regarding Microsoft having the first database filesystem which they most certianly do not. (Can you say BeOS.)
I think Longhorn will be the first Windows with a database filesystem. It will probably be based on SQL Server
Second, Microsoft wants their database based fileserver to be reliable. So maybe it will be secretly based on MySQL.
A lot of people in my school were not pleased at the start of this term to come back to a linux ltsp setup....
What did they not like? That it did not do the required things for the school to accomplish its mission?
Did they not like that it is Windows? (Oh, darn, I can't bring games and other unauthorized programs from home and install them.)
Did they not like that it is unfamiliar? (Oh, darn, all my favorite hacking and prankster techniques don't work.)
Slashdot - The one stop shop for procrastination
Reminder: March is national procrastination week.
...for open source.
:-) It simply makes people calculate the true cost of the closed source software they are running.
Anything that helps to stop piracy is good for open source. I'm not saying that piracy gets my feathers ruffled. Stopping piracy means that you have to legitimately pay for the software you're using. Just as I've paid for my Linux.
I also find it quite amusing that the biggest software pirates I know are not merely Windows users, but anti-open source, Windows advocates.
IANAL, but would burning it be a violation of the DMCA?
Comming soon to the Microsoft site:
What is depressing about this?
The RIAA will have to pay double fines for their past abuse. This is good news.
The RIAA will raise dues to member companies. Good. Make those suckers pay.
The member companies will in turn raise CD prices to pay those fines.
The net effect: you will pay more on CD's in order to correct for having paid too much on CD's in the past. It's good news for everyone.
Whoh! 24 hours without an SCO story! I wasn't sure if I would make it!
/. This stuff is really funny. I mean belly-laughing funny. I always look forward from the latest ravings from SCO being announced on /.
I don't believe this is Slashdot's choosing.
SCO actually has to say something funny in order to get a story posted on
Microsoft needs to do this to hurry up and inject cash into SCO.
Very soon, SCO may be required to stop this licensing charade.
Also very soon, IBM's four patent claims, which I believe cover every single SCO product, may get a preliminary injunction which will cut off all SCO revenue.
In short: SCO will have no money comming in whatsoever.
Patent lawsuits are expensive to defend. You must (1) proove you don't infringe, or (2) proove the patent invalie. Either one requires lots of expensive patent research.
Microsoft probably recognizes that they need to pump some cash into SCO if they are to stick around well past April 2005. If SCO goes away, then the FUD would stop. Even if SCO is required to stop the FUD, it leaves a big question mark hanging around for almost two years that Microsoft can exploit.