Several components of the application stack used by this system have had known serious security vulnerabilities in the past.
Could you elaborate, please?
The stack I see Apache/NginX/IIS + ModSecurity + Libinjection + Core Rule Set. What am I missing? Apache has certainly had it's share of weaknesses, but with ModSec the track records seems quite clean; as is the case of Libinjection and the CRS.
The ModSec Core Rule Set 3.0 (CRS3) comes with a reduction of at least 90% of false positives (more like 99% on my servers). The base setups of Wordpress and Drupal can be run without any FPs.
If you see FPs with a default install of the Core Rules, please report. The idea is to have next to no FPs in the standard deployment mode.
The ModSec Core Rule Set 3.0 (CRS3) comes with a reduction of at least 90% of false positives (more like 99% on my servers). Time to give it another go.
Legally you are completely right: > Solaris tools don't break your scripts, Linux tools prevent your scripts from being portable.
But I do not care about that. "tar xvzf" is a useful extension, "sed -i" too, as is "grep -r". It helps me get my work done in shorter time. I am paid by the hour. My customer appreciates speed.
I could write portable scripts, but this is not one of the goals of the projects I work in. gnu/linux is the de facto standard these days. Not legally, but this is what most people learn and use. There are dinosaurs around and they will live on for many years to come. But
for F in `find . type d`; do echo $F; grep xxx $F; done
will look odder every day. (Maybe it is already very odd today, I am not very used to work without "grep -r";-)
It has been said before, so this is kind of a me2 message.
I have seen solaris boxes being responsive to ssh login with an load of #proc * 20 in top. This is worth every penny, especially if it is a productive webserver. Using a different OS in your access layer as reverse proxy is great and makes you sleep a bit better at night.
Not to speak of dtrace, zfs and the other nifty stuff, which I personally do not use, but I know it's there in case I need to fly in an engineer to help me out.
But userland solaris is really annoying. I want to to feel like a standard unix box and a standard unix box these days is a gnu/linux box and "gtar" and "ggrep" do not feel standard. Solaris tools break my scripts and make me cry out loud for decent debian box.
Solaris kernel rocks, solaris environment is poor.
As a software engineer you should be able to think of a productivity increase. Otherwise you lack imagination.
Go and read Paul Graham's essay on Great Hackers as an inspiration and then revise your statement.
Amazing Grace invented the compiler because she saw a limit of productivity imposed by machine language programming. Ever since, programming languages and new programming doctrines have extended productivity probably hundreds of times and you say you can not think how to go on?
A recent example: some say Ruby on Rails cuts development times in Java by 90%.
I can not tell, wether this is true or not. But it makes clear, that in principle it could be true. Tenfold productivity may be just around the corner.
Ubuntu is not debian stable. If you want your system to be stable and your updates to be smooth, then go for debian stable or stop complaining. If you prefer top notch applications (Firefox 2.0) over their stable debian version (1.0.4), then go with ubuntu and live with it. But don't whine about stability issues.
If you are in need of a strong password, use the following recipe:
Think of a sentence with 6-10 words with a number in it. - The number can be inside one of the words. - If you manage to have multiple Capital words in the sentence, your password gets stronger.
Then take the first letter and write the numbers as digit, include the point, question mark, exclamation point at the end and you got a strong password.
Today i ate two buns for breakfast! -> Tia2bfb! I have seen six dups on Slashdot this week. -> Ihs6doStw. Can you memorize all four new passwords? -> Cyma4np? And today: A new password for my debian account! -> At:1npfmda!
We would not be where we are today without RMS and the FSF as a whole would not be radical. You can argue they are fanatical about it, but you can not deny the fact, that their ideology has brought us GNU in the first place and Linux on top of it.
If Nvidia says there is not demand for open drivers, then close it down and see the customers state their demand very clearly.
Either Nvidia will listen to the demands, or reverse engineered open source drivers will improve as there will be a bigger demand for them.
Losing closed source nvidia drivers hurts and costs a bit of drive for Linux. But i think RMS and the FSF have made it clear, that it pays to give up on something and get free software in return.
30'000 zombies makes a scary graveyard per day. On the other hand, this makes up roughly 10 Mio zombies per year. This compared to an install base of several hundred millions of PCs running microsoft software, the round trip is still quite low (or high if you look at it the other way around)
This might due to the small number of broadband subscribers (or the good job of aunt sue installing the latest security patches in time).
Re:Is Lego back on firm financial ground?
on
.Net On Lego Mindstorm
·
· Score: 3, Interesting
After the financial flop of mindstorms and other stuff, that techies love and grandparents do not understand, they pulled the lever and are heading in a different direction now.
The cash flow dropped by 25% in 2003 alone. So they want to cuts 500 jobs by 2006.
You can read more at http://www.wdr.de/themen/kultur/stichtag/2004/ 05/0 1.jhtml (German only).
I'm working for a European enterprise with some 30'000 desktops and several thousand servers.
My small team got the opportunity to proof a linux desktop system could actually be useful for the enterprise. The parameters were absolutely ideal:
* Several hundred desktops should be migrated from some kind of arcane unix
to a linux desktop (-> Users who know there is a world beyond Windows) * All they need is a huge inhouse X-application, that would cost millions to
port to Windows, but is simple to recompile on Linux.
Obviously this situation is a winner to attempt to bring linux to the desktop.
It seems management had heard names like RedHat or SuSE before, but the they did not have a straight preference. Therefore we managed to the task without the suits trying to sell their distro, so we (the techs) could work with our back free.
Now our big enterprise has a deep integration of windows machines in its custom environment. We felt the possibility to adopt Debian and integrate it just as deep into this environment. What does this mean?
* There is a configuration management database with html-interface. We use it to
feed parameters in the debian package management and to configure our systems. * There is an optimized process to install a custom windows desktops. We took the
process and made it the base for our debian install using FAI and Knoppix
hardware detection. (And yes, we install a system in 15minutes automatically,
while the windows desktops need user interaction and takes
two hours in a lab) * Our users reside in the Microsoft ActiveDirectory. We used the vintela software
to hook up on the AD as well. This was a decision in order to save some time.
You can do it with non-commercial software as well, but vintela is ready-made
and easy to alienate into a debian package. * Our enterprise is of course very conservative when adopting new software. So
we took the idea of unstable, testing and stable debian distributions and
extended it by a distro called pilot. This one is very close to the stable one
and basically the end-users getting the software a few days ahead, giving
us another layer of confidence in the stability. * Our management is very fond of packages. We took this to the extreme as we
saw it suiteable for desktops: Everything is a package now. The root-password
is in a package, the desktop menu is in a package, the special fonts are
in a package and the sources list is in a package. Some of the packages ask
the config database mentioned above for parameters.
All the config packages use cfengine to manipulate the system, if problems
arise we have port 22 open and a service user (distributed as package) who
can be used to install/deinstall packages or to gain root access. * We did it all within something around 40 man-days. This sounds very
convincing to the management, as they know how many years they paid to
squeeze the same functionality out of Windows.
During our proof of concept we saw it is very simple to integrate all these great components into our corporate environment. If RedHat would have sold us their commercial configuration and provisioning module, it would have been their process and no longer our own well-tested installation and configuration process.
We have a good command-line interface to our package management and no silly "advanced web interface" to our package server. It is all scriptable and we know the scripts as we have written them.
So under the line debian proofs to be successful here, because it is so flexible and because we do not need no certified OS to run commercial software. There is none.
What's missing? You may have guessed: Management is willing to follow our proposal but they want a support contract with a serious company with few letters in the name.
In my eyes, it is not the mind of the law to criminalize masses of people. If so many of us adopt to illegal behavior we are likely to see a change in the interpretation of copyright law sooner or later.
Slashdot Mirror
Several components of the application stack used by this system have had known serious security vulnerabilities in the past.
Could you elaborate, please?
The stack I see Apache/NginX/IIS + ModSecurity + Libinjection + Core Rule Set. What am I missing? Apache has certainly had it's share of weaknesses, but with ModSec the track records seems quite clean; as is the case of Libinjection and the CRS.
[project committer here]
The ModSec Core Rule Set 3.0 (CRS3) comes with a reduction of at least 90% of false positives (more like 99% on my servers). The base setups of Wordpress and Drupal can be run without any FPs.
If you see FPs with a default install of the Core Rules, please report. The idea is to have next to no FPs in the standard deployment mode.
There is a series of tutorials, which explains the installation of ModSec, the inclusion of the Core Rule Set and the handling of False Positives (still important at higher Paranoia Levels).
The ModSec Core Rule Set 3.0 (CRS3) comes with a reduction of at least 90% of false positives (more like 99% on my servers). Time to give it another go.
Legally you are completely right:
;-)
> Solaris tools don't break your scripts, Linux tools prevent your scripts from being portable.
But I do not care about that. "tar xvzf" is a useful extension, "sed -i" too, as is "grep -r".
It helps me get my work done in shorter time. I am paid by the hour. My customer appreciates
speed.
I could write portable scripts, but this is not one of the goals of the projects I work in.
gnu/linux is the de facto standard these days. Not legally, but this is what most people
learn and use. There are dinosaurs around and they will live on for many years to come.
But
for F in `find . type d`; do echo $F; grep xxx $F; done
will look odder every day. (Maybe it is already very odd today, I am not very used to work
without "grep -r"
It has been said before, so this is kind of a me2 message.
I have seen solaris boxes being responsive to ssh login with an load of #proc * 20 in top.
This is worth every penny, especially if it is a productive webserver.
Using a different OS in your access layer as reverse proxy is great and makes you sleep
a bit better at night.
Not to speak of dtrace, zfs and the other nifty stuff, which I personally do not use, but
I know it's there in case I need to fly in an engineer to help me out.
But userland solaris is really annoying. I want to to feel like a standard unix
box and a standard unix box these days is a gnu/linux box and "gtar" and "ggrep" do
not feel standard. Solaris tools break my scripts and make me cry out loud for
decent debian box.
Solaris kernel rocks, solaris environment is poor.
It's obviously a demo version of the US Army.
Not every bug - errhh undocumented feature - is present in a demo version.
As a software engineer you should be able to think of a productivity increase. Otherwise you lack imagination.
Go and read Paul Graham's essay on Great Hackers as an inspiration
and then revise your statement.
Amazing Grace invented the compiler because she saw a limit of productivity imposed by machine language programming. Ever since, programming
languages and new programming doctrines have extended productivity probably hundreds of times and you say you can not think how to go on?
A recent example: some say Ruby on Rails cuts development times in Java by 90%.
I can not tell, wether this is true or not. But it makes clear, that in principle it could be true. Tenfold productivity may be just around the
corner.
Ubuntu is not debian stable. If you want your system to be stable and your updates to be smooth, then go for debian stable or stop complaining.
If you prefer top notch applications (Firefox 2.0) over their stable debian version (1.0.4), then go with ubuntu and live with it.
But don't whine about stability issues.
If you are in need of a strong password, use the following recipe:
Think of a sentence with 6-10 words with a number in it.
- The number can be inside one of the words.
- If you manage to have multiple Capital words in the sentence, your password gets stronger.
Then take the first letter and write the numbers as digit, include the point,
question mark, exclamation point at the end and you got a strong password.
Today i ate two buns for breakfast! -> Tia2bfb!
I have seen six dups on Slashdot this week. -> Ihs6doStw.
Can you memorize all four new passwords? -> Cyma4np?
And today: A new password for my debian account! -> At:1npfmda!
Works fine for me and is fairly easy to memorize.
We would not be where we are today without RMS and the FSF as a whole would not be radical. You can argue they are fanatical about it, but you can not deny the fact, that their ideology has brought us GNU in the first place and Linux on top of it.
If Nvidia says there is not demand for open drivers, then close it down and see the customers state their demand very clearly.
Either Nvidia will listen to the demands, or reverse engineered open source drivers will improve as there will be a bigger demand for them.
Losing closed source nvidia drivers hurts and costs a bit of drive for Linux. But i think RMS and the FSF have made it clear, that it pays to give up on something and get free software in return.
90% of the things you do in life just flop or simply do not bring the success you expected. That's no problem as long as you keep trying.
Also, you can not really tell, until you have tried an idea.
Bruce has been doing great things and maybe this is another big story. Maybe not. At least he tries.
UK UK [wikipedia.org] is generally considered part of Europe.
The resolution depends on the ability to steer the mirror in a very exact manner.
Mounting it on glasses makes it a nontrivial task.
30'000 zombies makes a scary graveyard per day. On the other hand, this makes up roughly 10 Mio zombies per year. This compared to an install base of several hundred millions of PCs running microsoft software, the round trip is still quite low (or high if you look at it the other way around)
This might due to the small number of broadband subscribers (or the good job of aunt sue installing the latest security patches in time).
After the financial flop of mindstorms and other stuff, that techies love and grandparents do not understand, they pulled the lever and are heading in a different direction now.
/ 05/0 1.jhtml
The cash flow dropped by 25% in 2003 alone. So they want to cuts 500 jobs by 2006.
You can read more at
http://www.wdr.de/themen/kultur/stichtag/2004
(German only).
What does freedom of speech have to do with child porn apart from technical implementation of filtering?
And how come judges start to think about technical implementations?
thousand servers.
My small team got the opportunity to proof a linux desktop system could actually
be useful for the enterprise. The parameters were absolutely ideal:
* Several hundred desktops should be migrated from some kind of arcane unix
to a linux desktop (-> Users who know there is a world beyond Windows)
* All they need is a huge inhouse X-application, that would cost millions to
port to Windows, but is simple to recompile on Linux.
Obviously this situation is a winner to attempt to bring linux to the desktop.
It seems management had heard names like RedHat or SuSE before, but the
they did not have a straight preference. Therefore we managed
to the task without the suits trying to sell their
distro, so we (the techs)
could work with our back free.
Now our big enterprise has a deep integration of windows machines in
its custom environment. We felt the possibility to adopt Debian and integrate
it just as deep into this environment. What does this mean?
* There is a configuration management database with html-interface. We use it to
feed parameters in the debian package management and to configure our systems.
* There is an optimized process to install a custom windows desktops. We took the
process and made it the base for our debian install using FAI and Knoppix
hardware detection. (And yes, we install a system in 15minutes automatically,
while the windows desktops need user interaction and takes
two hours in a lab)
* Our users reside in the Microsoft ActiveDirectory. We used the vintela software
to hook up on the AD as well. This was a decision in order to save some time.
You can do it with non-commercial software as well, but vintela is ready-made
and easy to alienate into a debian package.
* Our enterprise is of course very conservative when adopting new software. So
we took the idea of unstable, testing and stable debian distributions and
extended it by a distro called pilot. This one is very close to the stable one
and basically the end-users getting the software a few days ahead, giving
us another layer of confidence in the stability.
* Our management is very fond of packages. We took this to the extreme as we
saw it suiteable for desktops: Everything is a package now. The root-password
is in a package, the desktop menu is in a package, the special fonts are
in a package and the sources list is in a package. Some of the packages ask
the config database mentioned above for parameters.
All the config packages use cfengine to manipulate the system, if problems
arise we have port 22 open and a service user (distributed as package) who
can be used to install/deinstall packages or to gain root access.
* We did it all within something around 40 man-days. This sounds very
convincing to the management, as they know how many years they paid to
squeeze the same functionality out of Windows.
During our proof of concept we saw it is very simple to integrate all these great
components into our corporate environment. If RedHat would have sold us
their commercial configuration and provisioning module, it would have been their
process and no longer our own well-tested installation and configuration process.
We have a good command-line interface to our
package management and no silly "advanced web
interface" to our package server. It is all
scriptable and we know the scripts as we have
written them.
So under the line debian proofs to be successful here, because it is so flexible
and because we do not need no certified OS to run commercial software. There is none.
What's missing?
You may have guessed: Management is willing to follow our
proposal but they want a support contract with a serious company with few letters in
the name.
We think this is no
Indeed a nice idea, and they go for the right
books.
I wonder what might be next: 1984 has scared me
and many others for years, but i am surprised
how fast public video control takes over.
Then came 'Truman show' and today, whole
Germany seems addicted to a show called
'Big Brother' with an obvious concept.
Is this just me or a trend towards 1984?
-- dune73
In my eyes, it is not the mind of the law to criminalize masses of people. If so many of us adopt to illegal behavior we are likely to see a change in the interpretation of copyright law sooner or later.
-- dune73