This all comes down to default settings in a distro; what will be the least burdensome setting without compromising too much security. With Gentoo things are made a bit more secure. As an example users aren't automatically added to the wheel group, so I think this issue is in line with that. Additionally, I'm running gentoo-2.4.28-hardened-r4 kernel, is there a setting within the kernel that would prevent this? I see CONFIG_BSD_PROCESS_ACCT which I do not have set, but is that all that would be needed, or is/etc/security/limits.conf the proper place to set this? (just trying to figure out if my server is vuln w/o trying it and crashing my server first).
I for one am glad this is out now, instead of after an exploit is out using it! I'm checking my Linux and FreeBSD servers at home tonight.
I think you're confusing me with someone else, my accout was once hacked and someone changed my sig, but I've fixed it before. I dont' see it, what link do they have it pointing to?
I'll go change my password again, Is there another way they could be 'hacking' into my account?
Uh, I actually have a law degree, and am studying the effects of the release of the DSS code on more 'closed' format restrictions such as Apple's much aligned ACC format. While it's lossy, it's far from 'free *AND* open'.
I still wish OGG would have become the next MP3, but without hardware support it seems to be withering on the vine much as I hope WMA will...ah, but I digress.
Really, how is this not dealing with the root issue? They take one step forward, then the opposition finds a way around it, and then end up two steps back. More open standards and how they relate to the DSS need to be considered, else the AACS will be the next DCMA.
I know the link you're talking about, but it's not in my sig anymore. And yeah, it was only there to show that Firefox's popup blocker needs more work to be "1.0". Is there a bug on this in bugzilla?
It got me too, that's why I had to add it to my sig.
Really, why doesn't Firefox block the popups/tab opening? I was surprised it got around all of that. Perhaps Google toolbar would help? I'm in Linux, so I can't test the theory, but yeah, I feel your pain.
Just wait till you click that link on your future Samsung phone!
It's very true, I've seen this at every company I've worked for, it's the "as long as it's within our network, we're safe" thinking. I guess it's human nature to do things the easy way, and people don't like change. When I took over our company's CVS server, first thing I did was delete user accounts...from people that were laid off a year prior! I'm not kidding. And beyond that, passwords were the same as the user's name! Nice! Of course it was all running on Solaris that hadn't been updated in 2 years. I finally went to them and told them that I would take responsibility for CVS *if* I could rebuild it in Linux, the way I want, and keep up with all security. They allowed it, and then thing "just works" now. I have more *nix boxes here that I'd like to do the same with, but my time here is running out, as I've given up on the place.
Marketing drives the product, everything else get's left to the bandaids and rubberbands it seems. Meanwhile over in the UK we have 3 reps trying to hawk our wares...
it's a good point, I'm not quite there, but I do run Apache with MediaWiki on my laptop, that way I can take notes, share info with people at work, while having my moveable "notepad" that is the Wiki to take home, work on at the coffee shop, whatever.
Yeah, I do agree with you there. I think most of those blades are far under utilizied, and would work better as simple file servers so multiple accounts could attach access them on the fly. It all comes back to the same thing though; there are TOO many computers sitting idle, or not being used to their full potential in today's offices.
Relax Grandpa, note I said I could do it for my Grandma, not for EVERYONEs! My point was, Linux CAN be easy to use, if you have someone to set it up for you. Honestly, I can SETUP a Gnome desktop to work basically like OS X. Plug in a camera, have things like Hald and D-bus in the background detect it, launch Gphoto2 and start downloading. I've also starting using Gamin in place for Famd, it's much better. Change a file, save a new one, bam, it shows the change in Nautilus immediately.
Oh, and thanks for calling me a genuis, but I don't consider myself that smart, I'm just inquisitive. Oh, and I'm proud of you for learning how to bold words! It sure puts me in my place.;)
a phone that out specs my home web/mail/chat server? That's crazy. But really, I like how documents that are even touching the internet are being scoured and sourced to things like Google. Do these companies have ANY network security in place? Seems to be an afterthought, while it should be the BASE of any network.
Thin clients are where it's at. Today there is no reason anyone needs a full computer tower at their desk: go thin clients with Blades back in the server room. Everytime we hire someone I just cringe at how much hardware gets thrown their way.
This looks like the future if you ask me: Clear Cube.
but now I suspect we'll get a ton of "My grandma wouldn't be able to run Linux, so it's not mainstream" when on a server level, it's ready to play; given a fully level playing field. Problem is Winders is too entrenched, and IBM and Solaris are trying to appear to be on Linux's side, while still hawking their own *nix solutions. Still, it won't be long before that breaks down, I give it a few years, so I think the 2008 comment is fair.
And setup right, I could make a Gentoo box that a grandma could use; it's all in the preparation.
this is interesting, but where is the source? Do they know someone in the industry, or how do they get the files to start with? As for keep it secret and private, check out privoxy, and then tor; it's as secure as anything I've seen as it doesn't allow anyone to see where your data is coming from or going to.
The thing is, tried and true inventions like a safe cannot be bettered in a long time. It says something about today's design, versus how it used to be. Gives credence to the old phrase, "They don't make em like they used to".
Hmmm...have you read the article? Have you read the posts here on/.? It seems you're somewhat naive, and uninformed. Please remove your foot from your mouth.
You might want to do some research online before you jump to such conclusions. I did my research, read articles about the deals in Wired, checked with the better business, and even found a site where people could network and see "proof" that people do actually get free stuf. As for emails, yeah, they got an email alias of mine, that was killed after the deal. They made no requirement that you couldn't use a throwaway email addy. Personal info? You mean the name that went with the email address? Then for a shipping address, just have it shipped to work. I gave up some time, and then paid back people that signed up thru me with Gmail and a webpage to help them get more refs.
Don't like it? Fine, but don't post false comments.
Oh, and for the 'personal information' I gave up, it was actually all fake, less the address, which was my old work address. I felt somewhat bad about that, but hey, they get their $ from whomever I did my trial from, so they didn't seem to care.
Someone makes money, but if you jump through their hoops, you will get a free iPod, if you stick with it (free shipping too). Granted it was easier in the early days (I think I may have been one of the first with it in my/. sig) as I got my signups in 4 days. I have it in my sig now to help those that signed up through me; I think it's only fair. I participated in a trial I was interested in (stamps.com) and found that it was windows client based, with no Mac or Linux option. I called to cancel, told them to make a web option (the rep agreed, said they were looking into it, and that was that. Look, I didn't think I'd fall for a thing like this, but hey, I did, and I got a free iPod out of it. I would not have paid for the iPod, it's too much for me, but to get it free, cool!
Now, as for marketing, I use my own mailserver, so I made some dummy aliases that got spammed right away. No matter, I used them to help my Spamassassin rules, and then just cut them off when I was done. Yes, I told the others the same thing, so there would be no surprises. Would I do the same for the other free offers out there? (computer/pvr/money/etc) prob not, just cause I don't have the time to spend on it, and a new Dell isn't as 'sexy' while requiring 10 recs. But people calling me scum and other names just don't know the whole story; if you're not interested move along, go back to spamming the GNAA posts and all the other crap that's filled up/. posts of late.
In the story, why does the link for "Jeff Bezos's" include "Jeff Bezos" but not the "'s"? Kinda weird if you ask me.
As for Burt, he rocks, the A+E documentary on the development and first flights of SpaceshipOne was amazing, the fact that smart people can actually get together and do something that Nasa can't shows the power of the team.
Slashdot Mirror
This all comes down to default settings in a distro; what will be the least burdensome setting without compromising too much security. With Gentoo things are made a bit more secure. As an example users aren't automatically added to the wheel group, so I think this issue is in line with that. Additionally, I'm running gentoo-2.4.28-hardened-r4 kernel, is there a setting within the kernel that would prevent this? I see CONFIG_BSD_PROCESS_ACCT which I do not have set, but is that all that would be needed, or is /etc/security/limits.conf the proper place to set this? (just trying to figure out if my server is vuln w/o trying it and crashing my server first).
I for one am glad this is out now, instead of after an exploit is out using it! I'm checking my Linux and FreeBSD servers at home tonight.
CB
I think you're confusing me with someone else, my accout was once hacked and someone changed my sig, but I've fixed it before. I dont' see it, what link do they have it pointing to?
I'll go change my password again, Is there another way they could be 'hacking' into my account?
CB
Uh, I actually have a law degree, and am studying the effects of the release of the DSS code on more 'closed' format restrictions such as Apple's much aligned ACC format. While it's lossy, it's far from 'free *AND* open'.
I still wish OGG would have become the next MP3, but without hardware support it seems to be withering on the vine much as I hope WMA will...ah, but I digress.
CB
Your fp has been copy protected, and thus, unuseable to you without proper authorization.
CB
Really, how is this not dealing with the root issue? They take one step forward, then the opposition finds a way around it, and then end up two steps back. More open standards and how they relate to the DSS need to be considered, else the AACS will be the next DCMA.
CB
I know the link you're talking about, but it's not in my sig anymore. And yeah, it was only there to show that Firefox's popup blocker needs more work to be "1.0". Is there a bug on this in bugzilla?
CB
It got me too, that's why I had to add it to my sig.
Really, why doesn't Firefox block the popups/tab opening? I was surprised it got around all of that. Perhaps Google toolbar would help? I'm in Linux, so I can't test the theory, but yeah, I feel your pain.
Just wait till you click that link on your future Samsung phone!
CB
It's very true, I've seen this at every company I've worked for, it's the "as long as it's within our network, we're safe" thinking. I guess it's human nature to do things the easy way, and people don't like change. When I took over our company's CVS server, first thing I did was delete user accounts...from people that were laid off a year prior! I'm not kidding. And beyond that, passwords were the same as the user's name! Nice! Of course it was all running on Solaris that hadn't been updated in 2 years. I finally went to them and told them that I would take responsibility for CVS *if* I could rebuild it in Linux, the way I want, and keep up with all security. They allowed it, and then thing "just works" now. I have more *nix boxes here that I'd like to do the same with, but my time here is running out, as I've given up on the place.
Marketing drives the product, everything else get's left to the bandaids and rubberbands it seems. Meanwhile over in the UK we have 3 reps trying to hawk our wares...
CB
it's a good point, I'm not quite there, but I do run Apache with MediaWiki on my laptop, that way I can take notes, share info with people at work, while having my moveable "notepad" that is the Wiki to take home, work on at the coffee shop, whatever.
CB
Yeah, I do agree with you there. I think most of those blades are far under utilizied, and would work better as simple file servers so multiple accounts could attach access them on the fly. It all comes back to the same thing though; there are TOO many computers sitting idle, or not being used to their full potential in today's offices.
CB
Relax Grandpa, note I said I could do it for my Grandma, not for EVERYONEs! My point was, Linux CAN be easy to use, if you have someone to set it up for you. Honestly, I can SETUP a Gnome desktop to work basically like OS X. Plug in a camera, have things like Hald and D-bus in the background detect it, launch Gphoto2 and start downloading. I've also starting using Gamin in place for Famd, it's much better. Change a file, save a new one, bam, it shows the change in Nautilus immediately.
;)
Oh, and thanks for calling me a genuis, but I don't consider myself that smart, I'm just inquisitive. Oh, and I'm proud of you for learning how to bold words! It sure puts me in my place.
CB
a phone that out specs my home web/mail/chat server? That's crazy. But really, I like how documents that are even touching the internet are being scoured and sourced to things like Google. Do these companies have ANY network security in place? Seems to be an afterthought, while it should be the BASE of any network.
CB
Thin clients are where it's at. Today there is no reason anyone needs a full computer tower at their desk: go thin clients with Blades back in the server room. Everytime we hire someone I just cringe at how much hardware gets thrown their way.
This looks like the future if you ask me: Clear Cube.
CB
Or FreeBSD, which is running better than ever now. It may my new server, replacing my beloved Gentoo box.
CB
but now I suspect we'll get a ton of "My grandma wouldn't be able to run Linux, so it's not mainstream" when on a server level, it's ready to play; given a fully level playing field. Problem is Winders is too entrenched, and IBM and Solaris are trying to appear to be on Linux's side, while still hawking their own *nix solutions. Still, it won't be long before that breaks down, I give it a few years, so I think the 2008 comment is fair.
And setup right, I could make a Gentoo box that a grandma could use; it's all in the preparation.
CB
this is interesting, but where is the source? Do they know someone in the industry, or how do they get the files to start with? As for keep it secret and private, check out privoxy, and then tor; it's as secure as anything I've seen as it doesn't allow anyone to see where your data is coming from or going to.
Pcbb@
The thing is, tried and true inventions like a safe cannot be bettered in a long time. It says something about today's design, versus how it used to be. Gives credence to the old phrase, "They don't make em like they used to".
Amen to that.
Pcvb3
Hmmm...have you read the article? Have you read the posts here on /.? It seems you're somewhat naive, and uninformed. Please remove your foot from your mouth.
Now, if you want a free iPod...
CB
You might want to do some research online before you jump to such conclusions. I did my research, read articles about the deals in Wired, checked with the better business, and even found a site where people could network and see "proof" that people do actually get free stuf. As for emails, yeah, they got an email alias of mine, that was killed after the deal. They made no requirement that you couldn't use a throwaway email addy. Personal info? You mean the name that went with the email address? Then for a shipping address, just have it shipped to work. I gave up some time, and then paid back people that signed up thru me with Gmail and a webpage to help them get more refs.
Don't like it? Fine, but don't post false comments.
CB
Oh, and for the 'personal information' I gave up, it was actually all fake, less the address, which was my old work address. I felt somewhat bad about that, but hey, they get their $ from whomever I did my trial from, so they didn't seem to care.
CB
I really doubt that will occur.
CB
Someone makes money, but if you jump through their hoops, you will get a free iPod, if you stick with it (free shipping too). Granted it was easier in the early days (I think I may have been one of the first with it in my /. sig) as I got my signups in 4 days. I have it in my sig now to help those that signed up through me; I think it's only fair. I participated in a trial I was interested in (stamps.com) and found that it was windows client based, with no Mac or Linux option. I called to cancel, told them to make a web option (the rep agreed, said they were looking into it, and that was that. Look, I didn't think I'd fall for a thing like this, but hey, I did, and I got a free iPod out of it. I would not have paid for the iPod, it's too much for me, but to get it free, cool!
/. posts of late.
Now, as for marketing, I use my own mailserver, so I made some dummy aliases that got spammed right away. No matter, I used them to help my Spamassassin rules, and then just cut them off when I was done. Yes, I told the others the same thing, so there would be no surprises. Would I do the same for the other free offers out there? (computer/pvr/money/etc) prob not, just cause I don't have the time to spend on it, and a new Dell isn't as 'sexy' while requiring 10 recs. But people calling me scum and other names just don't know the whole story; if you're not interested move along, go back to spamming the GNAA posts and all the other crap that's filled up
Now, back to my 20G iPod...
BCb
Festivus Happy's you! Props for a good holiday and peace ya'll.
CB
Now I know why, Apple prob sued and now you can't link with the "'s" anymore. Makes sense.
PCB#$@
In the story, why does the link for "Jeff Bezos's" include "Jeff Bezos" but not the "'s"? Kinda weird if you ask me.
As for Burt, he rocks, the A+E documentary on the development and first flights of SpaceshipOne was amazing, the fact that smart people can actually get together and do something that Nasa can't shows the power of the team.
CVb