"User friendly" isn't the problem. Clicking on an icon is the same. There's just a bit of training so people will know which icon to click on and where it is.
The big problem is that there are lots of little apps that need to be ported. This is the same in any migration. Someone, somewhere throws together a database for some reason and it becomes "mission critical" to that department.
So, you have apps that you knew nothing about....
That need to be ported....
With 100% functionality....
Prior to your roll-out....
And it is probably badly written with no thought to managability or portability or even data integrity....
And THAT is what eats up your budget.
Wouldn't you take the car to a mechanic?
on
Debugging
·
· Score: 1
You: (insert long story about ice cream and driving)
Mechanic: (translation mode ON) So, you drive to the store and when you get back in your car, sometimes it won't start?
You: Yes (insert long story about ice cream)
Mechanic: (translation mode ON) Sounds like vapor lock. Let me take a look at the carb.
Moral of this story: Good techs can extract the relevant facts from the fluff and quickly diagnose the real problem.
"_Your_ code will always remain free, what do you care if someone else adds to it?"
Because some people DO care. If they want to share their code but only with people who will share their modifications (non-internal use only), that is their right.
The different licenses support different developmental methodologies and agendas.
S/He who writes the code chooses the license and if you don't like that, then write your own code.
Sure, you'll never convince Osama that he's wrong. So what? He's one person and he will eventually get old and die.
But you CAN work to establish and support governments that are NOT based upon religious teachings and that DO have rights for women. If you do that, al Queda and other organizations like them will die within a few generations because no one will WANT to be a part of them.
The problem is that it will take a few generations and none of the politicals in the US are willing to put effort into a program that will solve the problem for their grand-children. It's MUCH easier to take a "tough on xxxxxx" stand and advocate violence.
Most people don't remember enough of their history to know that even the "greatest Democracy in the world" (the US) started out without rights for women or blacks and so on. It took us many generations to get to the point we're at now. Don't expect instant solutions to complex problems.
So you're correct in "good luck talking al Qaeda over - I'm sure you'll be able to convince them, through logic and reason, that Sharia isn't really a good system of government, and that women should have full rights as citizens."
But that is just one facet of the whole problem. And it is NOT a major facet. Estimates of al Queda membership before our invasions was about 1,000 individuals. Many of you had graduating classes that were larger than that.
Rather than seeing all those wonderful humanitarians in the Pentagon, I see a bunch of people who's wealth and careers DEPEND upon "defending" us from "enemies".
And when you look at it like that, it's very easy to understand why we have so many "enemies" out there.
The Soviets are now our friends, but we need a BIGGER military budget to deal with the "threats". How does THAT make sense?
Newsflash: What is good for the retirement plan of some General at the Pentagon is NOT necessarily good for the average US citizen.
"That's exactly the kind of information that I don't think matters. What matters to me is that Linux is better today than it was yesterday, and then better tomorrow than it is today. Who cares about Windows?"
Because in the article it was said that Linux is cracked much more often than Windows is. If you aren't going to discuss the article then you're offtopic.
"Indeed. Doesn't it make you wonder? Doesn't it bother you that you don't know for sure that nothing that can be done?"
No. Because I look at that article and I see a company trying to drum up business for itself. That's why there isn't any information given. Now, someone like you doesn't see it that way. But then, I understand security a bit better than you do.
"How about actively working with the ones who reported the problem to see what can be done about it, rather than doing nothing?"
And who would those "ones" be? Again, NO INFORMATION is provided. Go ahead, tell me ONE company that was cracked and who I should talk to.
"Nobody owes us precise and free information on how Linux or anything other free software project can be improved."
I never said anyone owed anyone that. But if you do NOT provide it, then there MUST be a REASON why you are REFUSING to do so.
"I'm not talking about the settings on a particular machine. I'm talking about the choice of a distro to leave a service enabled or disabled by default."
That rule applies to single machines, networks, distributions, EVERYTHING. If you don't absolutely need it TURN IT OFF.
"Instead of "deny everything" try to explain why these numbers are wrong for Linux and not for the other OSes."
I did not say they were true for other OS's. From what is presented in the article, you cannot determine ANYTHING about ANY OS.
"Though this will propably be moderated as flamebait I must say that if you take the same care to secure your windowsboxes as you do with your UNIXboxes you will be rewarded with, surprise, secure boxes all over. Windows isn't inherently insecure as well as UNIX secure."
Actually, I can say that about Windows. Here's the evidence.
Look how long KNOWN vulnerabilities have NOT been patched by Microsoft.
With Linux, they are usually patched within 72 hours.
"Every time some evidence of any UNIX, and especially Linux, being unsecure comes up there are people declaring that the evidence is faulty because UNIX is secure..."
Try sticking to the article in question. There is no "evidence" presented. Just numbers presented without any information. If you believe otherwise, then tell me HOW those 17K Linux boxes were cracked. Go ahead.
"If anything will destroy Linux, it's fanboy groupthink that the OS is invulnerable."
No one thinks Linux is invulnerable. Linux is just MUCH BETTER than Windows. Check out SELinux for information about making Linux even MORE secure.
"When there are numbers like these presented, it's exactly the time to review such choices to see if they are the right choices to make for your users."
The numbers are meaningless without the background. Even assuming that those numbers are CORRECT, what does that tell you about Linux?
Were those attacks successful because of a bad choice of passwords?...or because of permissions set wrong on a script?...or because of a hole in sendmail?...or because of a buffer overflow?...or because of........?
There is no information presented in that "article" beyond some numbers given out of context. Because there is no information given, no actions are required.
"Deciding to leave a service off by default probably makes it more secure, though less convenient."
No "probably" about it. One of the rules of security is TURN OFF ANYTHING YOU DO NOT ABSOLUTELY NEED.
I wouldn't say "flamebait". But your post does betray a lack of knowledge about security.
If we do it, we're proactively protecting our people and making the world safer by fighting terrorism.
If China does it, they're warmongering aggressionists bent on world domination.
Anything we do is right and good because we are the ones doing it.
The real question is, do we want China and Russia and Pakistan to have this capability? If we do not want them to have it, then what is the justification for our having it?
No matter WHAT they do. What laws they break. Most people think they are "good" and the "circumstances" or other people are "bad".
In this case, he thinks he is "good" for breaking "bad" laws written by the government ("bad" government?).
Now, expand the viewpoint. Look how the drugs are produced, distributed, etc. Look for the violence associated with each step. The issue is a lot more complicated.
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who.....).
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......
Canada and Japan have violent media, but fewer instances of actual violence (even adjusted for population).
Given that IQ would be consistent across all nations, then IQ might be a component, but not a big one. It would be nice to see someone run an IQ test of people convicted of violent crimes.
I think the issue is a LOT more complex. It involves (in my opinion): #1. Biology (as mentioned in the article) #2. Early social development (it's amazing how many violent people had violent parents) #3. IQ (the dumber you are the more problems you'll have in a tech world) #4. The predominant culture's attitude towards violence in real life (which can be very different than its attitude towards violent entertainment). #5. Drug/alcohol consumption. And others, but those are the main factors.
You might be a violent person because of biology, but your intellect and socialization can give you socially acceptable means of channeling that agression.
Once it destroyed the hard drive, it wouldn't be able to replicate itself any more.
What a REALLY malicious virus/worm would do would be to change a few random numbers in any.xls files it found and keep mailing itself to other machines.
I send you email. I have to put money in an account.
You receive my email, but you've set a monetary level to be checked before it is delivered to you. If I didn't put enough money in my account to meet your level, it doesn't get delivered.
Now, you read my email and don't like it. You get to collect the money I have in my account at the level you set.
If you do like my email, I go on a whitelist.
Example #1: I put $1 in my account, you set your level at $5. None of my email will ever be seen by you.
Example #2: I put $5 in my account, you set your level at $1, you get my email. You don't like my email, you collect $1 from me.
Example #3: I put $5 in my account, you set your level at $1, you get my email. You like my email, so I go on your whitelist.
You're saying that someone could try to re-write this and that person could introduce errors in their implementation of it?
Well DUH!!!
"So the daemon, reading the logs, presumably in real-time, is somehow infallible merely because it doesn't have listening sockets?"
No, that means that it is not vulnerable to attacks against sockets. It is not vulnerable to those attacks because it does not listen on sockets.
"It would protect from new vulnerabilities discovered in those services, but it isn't infallible to it's own newly discovered vulnerabilities (the author in his response to security-through-obscurity critics didn't mention this)."
If it has a "newly discovered vulnerability", what would that be? Because it just reads the logs, it wouldn't be a buffer overflow. Because it doesn't listen on ports, it wouldn't be a port attack. So, now that the most common attacks are out of the picture, how can you say that it is not more secure?
Of course he didn't mention it in his "security through obscurity" bit. Because, as I've already stated, it is NOT "security through obscurity". DUH!!!
"Security through obscurity" means just what he said it meant. Therefore, it does NOT apply here because there is no obscurity.
"Any code that gets data from the public internet - despite any through-the-firewall-logs indirection - is potentially vulnerable to attack."
So people keep claiming. It is easy to make that claim. But none of you have managed to give a scenario where such an attack might happen (other than your "someone might re-write this and have an error in their code").
"It may be simple to implement, but don't pretend that it is inherently infallible."
If someone from the outside cannot access it, it is secure.
If someone from the outside cannot send it uncontrolled information, it is secure.
The ONLY vulnerability in this scheme is whether your firewall can be compromised or sniffed.
"User friendly" isn't the problem. Clicking on an icon is the same. There's just a bit of training so people will know which icon to click on and where it is.
The big problem is that there are lots of little apps that need to be ported. This is the same in any migration. Someone, somewhere throws together a database for some reason and it becomes "mission critical" to that department.
So, you have apps that you knew nothing about....
That need to be ported....
With 100% functionality....
Prior to your roll-out....
And it is probably badly written with no thought to managability or portability or even data integrity....
And THAT is what eats up your budget.
You: (insert long story about ice cream and driving)
Mechanic: (translation mode ON) So, you drive to the store and when you get back in your car, sometimes it won't start?
You: Yes (insert long story about ice cream)
Mechanic: (translation mode ON) Sounds like vapor lock. Let me take a look at the carb.
Moral of this story: Good techs can extract the relevant facts from the fluff and quickly diagnose the real problem.
"_Your_ code will always remain free, what do you care if someone else adds to it?"
Because some people DO care. If they want to share their code but only with people who will share their modifications (non-internal use only), that is their right.
The different licenses support different developmental methodologies and agendas.
S/He who writes the code chooses the license and if you don't like that, then write your own code.
Sure, you'll never convince Osama that he's wrong. So what? He's one person and he will eventually get old and die.
But you CAN work to establish and support governments that are NOT based upon religious teachings and that DO have rights for women. If you do that, al Queda and other organizations like them will die within a few generations because no one will WANT to be a part of them.
The problem is that it will take a few generations and none of the politicals in the US are willing to put effort into a program that will solve the problem for their grand-children. It's MUCH easier to take a "tough on xxxxxx" stand and advocate violence.
Most people don't remember enough of their history to know that even the "greatest Democracy in the world" (the US) started out without rights for women or blacks and so on. It took us many generations to get to the point we're at now. Don't expect instant solutions to complex problems.
So you're correct in "good luck talking al Qaeda over - I'm sure you'll be able to convince them, through logic and reason, that Sharia isn't really a good system of government, and that women should have full rights as citizens."
But that is just one facet of the whole problem. And it is NOT a major facet. Estimates of al Queda membership before our invasions was about 1,000 individuals. Many of you had graduating classes that were larger than that.
Rather than seeing all those wonderful humanitarians in the Pentagon, I see a bunch of people who's wealth and careers DEPEND upon "defending" us from "enemies".
And when you look at it like that, it's very easy to understand why we have so many "enemies" out there.
The Soviets are now our friends, but we need a BIGGER military budget to deal with the "threats". How does THAT make sense?
Newsflash: What is good for the retirement plan of some General at the Pentagon is NOT necessarily good for the average US citizen.
"By your logic, there would be peace in the middle east by now."
I can't think of any better example of the flaw in that "logic". Congratulations.
"That's exactly the kind of information that I don't think matters. What matters to me is that Linux is better today than it was yesterday, and then better tomorrow than it is today. Who cares about Windows?"
Because in the article it was said that Linux is cracked much more often than Windows is. If you aren't going to discuss the article then you're offtopic.
"Indeed. Doesn't it make you wonder? Doesn't it bother you that you don't know for sure that nothing that can be done?"
No. Because I look at that article and I see a company trying to drum up business for itself. That's why there isn't any information given. Now, someone like you doesn't see it that way. But then, I understand security a bit better than you do.
"How about actively working with the ones who reported the problem to see what can be done about it, rather than doing nothing?"
And who would those "ones" be? Again, NO INFORMATION is provided. Go ahead, tell me ONE company that was cracked and who I should talk to.
"Nobody owes us precise and free information on how Linux or anything other free software project can be improved."
I never said anyone owed anyone that. But if you do NOT provide it, then there MUST be a REASON why you are REFUSING to do so.
"I'm not talking about the settings on a particular machine. I'm talking about the choice of a distro to leave a service enabled or disabled by default."
That rule applies to single machines, networks, distributions, EVERYTHING. If you don't absolutely need it TURN IT OFF.
"Instead of "deny everything" try to explain why these numbers are wrong for Linux and not for the other OSes."
x .h tml
I did not say they were true for other OS's. From what is presented in the article, you cannot determine ANYTHING about ANY OS.
"Though this will propably be moderated as flamebait I must say that if you take the same care to secure your windowsboxes as you do with your UNIXboxes you will be rewarded with, surprise, secure boxes all over. Windows isn't inherently insecure as well as UNIX secure."
Actually, I can say that about Windows. Here's the evidence.
http://www.eeye.com/html/Research/Upcoming/inde
Look how long KNOWN vulnerabilities have NOT been patched by Microsoft.
With Linux, they are usually patched within 72 hours.
"Every time some evidence of any UNIX, and especially Linux, being unsecure comes up there are people declaring that the evidence is faulty because UNIX is secure..."
Try sticking to the article in question. There is no "evidence" presented. Just numbers presented without any information. If you believe otherwise, then tell me HOW those 17K Linux boxes were cracked. Go ahead.
"If anything will destroy Linux, it's fanboy groupthink that the OS is invulnerable."
...or because of permissions set wrong on a script? ...or because of a hole in sendmail? ...or because of a buffer overflow? ...or because of ........?
No one thinks Linux is invulnerable. Linux is just MUCH BETTER than Windows. Check out SELinux for information about making Linux even MORE secure.
"When there are numbers like these presented, it's exactly the time to review such choices to see if they are the right choices to make for your users."
The numbers are meaningless without the background. Even assuming that those numbers are CORRECT, what does that tell you about Linux?
Were those attacks successful because of a bad choice of passwords?
There is no information presented in that "article" beyond some numbers given out of context. Because there is no information given, no actions are required.
"Deciding to leave a service off by default probably makes it more secure, though less convenient."
No "probably" about it. One of the rules of security is TURN OFF ANYTHING YOU DO NOT ABSOLUTELY NEED.
I wouldn't say "flamebait". But your post does betray a lack of knowledge about security.
If we do it, we're proactively protecting our people and making the world safer by fighting terrorism.
If China does it, they're warmongering aggressionists bent on world domination.
Anything we do is right and good because we are the ones doing it.
The real question is, do we want China and Russia and Pakistan to have this capability? If we do not want them to have it, then what is the justification for our having it?
Being able to drop MORE weapons on other nations does not do ANYTHING to "protect" the US citizens.
We already spend more money on our military than anyone else in the world.
What possible threat will this "protect" us from?
Back in the "Cold War" era, this might have been useful. Now it is just a waste.
No matter WHAT they do. What laws they break. Most people think they are "good" and the "circumstances" or other people are "bad".
In this case, he thinks he is "good" for breaking "bad" laws written by the government ("bad" government?).
Now, expand the viewpoint. Look how the drugs are produced, distributed, etc. Look for the violence associated with each step. The issue is a lot more complicated.
I can't find the story right now, but someone set up a bogus email account and replied to spam about a home loan.
.....).
He was contacted by big companies that had bought the "lead" from contractors (who bought it from sub-contractors who bought it from sub-sub-contractors who
The big companies say that they frequently purchase such leads from other companies and that if they receive complaints about those companies, then they drop them.
Of course, the spammer just opens a "new" "company" under a different name and starts selling to the big companies again.
Since the big companies don't "know" that they're dealing with a spammer.......
With Knoppix, as long as you can boot the CD, you have all the applications you need, pre-installed, pre-configured, pre-tested, pre-EVERYTHING.
It's all about the apps.
(and a rock solid OS to run the apps on)
http://www.knoppix.net/docs/index.php/KnoppixRemas teringHowto
Build it the way you want and burn it!
Don't forget to grab an inexpensive USB memory toy and you have it all!
When I saw his post, it was +5 Insightful.
We'll see what happens to it over time.
But I don't recall Wilber and Orville having a governement contract to build their plane.
Privatizing something does NOT mean that it will perform better and/or cost less than a governmental program.
Canada and Japan have violent media, but fewer instances of actual violence (even adjusted for population).
Given that IQ would be consistent across all nations, then IQ might be a component, but not a big one. It would be nice to see someone run an IQ test of people convicted of violent crimes.
I think the issue is a LOT more complex. It involves (in my opinion):
#1. Biology (as mentioned in the article)
#2. Early social development (it's amazing how many violent people had violent parents)
#3. IQ (the dumber you are the more problems you'll have in a tech world)
#4. The predominant culture's attitude towards violence in real life (which can be very different than its attitude towards violent entertainment).
#5. Drug/alcohol consumption.
And others, but those are the main factors.
You might be a violent person because of biology, but your intellect and socialization can give you socially acceptable means of channeling that agression.
First off, guns do have legal uses.
Second, no one would arrest you for writing all the viruses you could, in you home, if you didn't release them or enable others to release viruses.
If I buy a gun and then leave it on my lawn with a big sign saying "unattended gun here", the authorities would be interested in me.
If I have a gun, in my house, and I never use it except at shooting ranges and so on, then the authorities would NOT be interested in me.
Once it destroyed the hard drive, it wouldn't be able to replicate itself any more.
.xls files it found and keep mailing itself to other machines.
What a REALLY malicious virus/worm would do would be to change a few random numbers in any
I send you email. I have to put money in an account.
You receive my email, but you've set a monetary level to be checked before it is delivered to you. If I didn't put enough money in my account to meet your level, it doesn't get delivered.
Now, you read my email and don't like it. You get to collect the money I have in my account at the level you set.
If you do like my email, I go on a whitelist.
Example #1: I put $1 in my account, you set your level at $5. None of my email will ever be seen by you.
Example #2: I put $5 in my account, you set your level at $1, you get my email. You don't like my email, you collect $1 from me.
Example #3: I put $5 in my account, you set your level at $1, you get my email. You like my email, so I go on your whitelist.
Simple, really. In theory.
In practice, almost impossible to work.
They spend way too much of their paper on analysis of why this would work, but nothing on how to implement it securely.
And because you ARE talking about money, it would have to be secure.
"I can think of cooler hacks working along similar lines to accomplish the same ends more securely."
The phrase is "put up or shut up".
Or, to quote Linus, "show me the code".
Other than that, you ain't nuthin' more then some wannabe kiddie with diarrhea of the mouth.
Your example would require an OPEN PORT. DUH!!! It's is EASY to send data across an OPEN PORT. It is also EASY to SCAN for OPEN PORTS.
Not try doing it with CLOSED PORTS.
Nuthin' but a wannabe kiddie.
You're saying that someone could try to re-write this and that person could introduce errors in their implementation of it?
Well DUH!!!
"So the daemon, reading the logs, presumably in real-time, is somehow infallible merely because it doesn't have listening sockets?"
No, that means that it is not vulnerable to attacks against sockets. It is not vulnerable to those attacks because it does not listen on sockets.
"It would protect from new vulnerabilities discovered in those services, but it isn't infallible to it's own newly discovered vulnerabilities (the author in his response to security-through-obscurity critics didn't mention this)."
If it has a "newly discovered vulnerability", what would that be? Because it just reads the logs, it wouldn't be a buffer overflow. Because it doesn't listen on ports, it wouldn't be a port attack. So, now that the most common attacks are out of the picture, how can you say that it is not more secure?
Of course he didn't mention it in his "security through obscurity" bit. Because, as I've already stated, it is NOT "security through obscurity". DUH!!!
"Security through obscurity" means just what he said it meant. Therefore, it does NOT apply here because there is no obscurity.
"Any code that gets data from the public internet - despite any through-the-firewall-logs indirection - is potentially vulnerable to attack."
So people keep claiming. It is easy to make that claim. But none of you have managed to give a scenario where such an attack might happen (other than your "someone might re-write this and have an error in their code").
"It may be simple to implement, but don't pretend that it is inherently infallible."
If someone from the outside cannot access it, it is secure.
If someone from the outside cannot send it uncontrolled information, it is secure.
The ONLY vulnerability in this scheme is whether your firewall can be compromised or sniffed.
Therefore, it IS more secure.
Deal with it.
It isn't processing "untrusted information".
It is processing the firewall logs.
Those logs only output what they're told to output.
If your firewall is cracked, you have bigger problems.