A couple of weeks ago I read somewhere that new Tiger retail boxes were going to contain 10.4.2 after it was released. However, I don't seem to find anything back on that. Was it just a rumour, or can I finally pick up Tiger, slot load the DVD and install 10.4.2 immediately within a couple of weeks....
He is using another security model. At least if you can call it that. They realize security through obscurity. GNU realizes security through openness. The availability of the source code allows people to look for vulnerabilities, which will in the long term result in a better product. The flipside is that there are more security fixes. If you hide your source code, less security holes will be revealed, hence less fixes are required. But anyway... I guess every sane thinking person realized this already...;)
Personally I feel more comfortable with the free/open source approach. Much more people identifying and fixing security issues, and security issues are immediately out in the public, which is pretty much a better incentive of actually solving the problem.
I've been using IBM's JVM for linux for a while now, and I must admit that it's pretty fast. The blackdown ports definitely can't beat it.
What bothers me though is the graphical implementations of most VM's: awt and swing. I've been running a development tool which is implemented in Java mainly using Swing. The main problem is that it runs perfectly with SUN's VM in Windows NT 4.0. I've tried to run it in Linux using IBM's VM, but that was a disaster: the user interface was slow, stops responding at strange times, and eventually the entire application crashes (don't ask me if the application crashed or the VM crashed, I am not sure anymore). If I don't run graphical applications (usually the ones I write myself:))
I don't have any problems. In fact I was very pleased with the performance of that IBM's VM.
To me, a VM implementation for linux will only deserve the adverb 'rocking' if it has IBM's speed and Sun's stability (when it comes to graphics)
You don't really lose anonymity. If you use the internet in a normal way, everybody can trace the traffic you generate back to you because the source ip is in the packets you send. You're never anonymous, whether you like it or not.
If you're doing a DOS attack however, you just replace your ip with a bogus one, and send tons of those packets to the poor target. Since the source ip isn't yours, you're not really traceable ICMP traceback will get you anyway since they they'll find the machine the packet originated from, whether the source IP matches the machine's or not.
The largest problem however is still catching the attacker. Catching a simple cable user will be easy because there is only one person involved. If it involves a machine which is used by multiple users, there is no way to say what user did the attack. The article also states this point. And hacking routers to fake logs? They can do it right now by hacking into your ISP's server machines and change log entries that involve you.
I wouldn't worry too much about your anonymity. Your situation won't get worse, unless you're into DOS attacks, and then still... they found the machine you used, which you might have cracked too...
Slashdot Mirror
A couple of weeks ago I read somewhere that new Tiger retail boxes were going to contain 10.4.2 after it was released. However, I don't seem to find anything back on that. Was it just a rumour, or can I finally pick up Tiger, slot load the DVD and install 10.4.2 immediately within a couple of weeks....
Hey, you don't have to cope with a period every 28 days... cut her some slack will ya.
He is using another security model. At least if you can call it that. They realize security through obscurity. GNU realizes security through openness. The availability of the source code allows people to look for vulnerabilities, which will in the long term result in a better product. The flipside is that there are more security fixes. If you hide your source code, less security holes will be revealed, hence less fixes are required. But anyway... I guess every sane thinking person realized this already... ;)
Personally I feel more comfortable with the free/open source approach. Much more people identifying and fixing security issues, and security issues are immediately out in the public, which is pretty much a better incentive of actually solving the problem.
I've been using IBM's JVM for linux for a while now, and I must admit that it's pretty fast. The blackdown ports definitely can't beat it. What bothers me though is the graphical implementations of most VM's: awt and swing. I've been running a development tool which is implemented in Java mainly using Swing. The main problem is that it runs perfectly with SUN's VM in Windows NT 4.0. I've tried to run it in Linux using IBM's VM, but that was a disaster: the user interface was slow, stops responding at strange times, and eventually the entire application crashes (don't ask me if the application crashed or the VM crashed, I am not sure anymore). If I don't run graphical applications (usually the ones I write myself :))
I don't have any problems. In fact I was very pleased with the performance of that IBM's VM.
To me, a VM implementation for linux will only deserve the adverb 'rocking' if it has IBM's speed and Sun's stability (when it comes to graphics)
You don't really lose anonymity. If you use the internet in a normal way, everybody can trace the traffic you generate back to you because the source ip is in the packets you send. You're never anonymous, whether you like it or not.
If you're doing a DOS attack however, you just replace your ip with a bogus one, and send tons of those packets to the poor target. Since the source ip isn't yours, you're not really traceable ICMP traceback will get you anyway since they they'll find the machine the packet originated from, whether the source IP matches the machine's or not.
The largest problem however is still catching the attacker. Catching a simple cable user will be easy because there is only one person involved. If it involves a machine which is used by multiple users, there is no way to say what user did the attack. The article also states this point. And hacking routers to fake logs? They can do it right now by hacking into your ISP's server machines and change log entries that involve you.
I wouldn't worry too much about your anonymity. Your situation won't get worse, unless you're into DOS attacks, and then still... they found the machine you used, which you might have cracked too...