Its pretty obvious that you're not a senior-level admin...at least not for AIX or HP-UX.
AIX and HP-UX have SO MANY MORE administrative features than Solaris (and let's not even start with Linux) that it's not even funny.
The problem is, there are tons of people just like you, who think that Linux/xBSD rule and don't understand exactly why the big vendors UNIX offerings are truly enterprise-class. So you rip on AIX/HP-UX because you don't know how to effectively manage them. Anybody who is a senior-level admin with either of them can easily be twice as productive with their tasks/chores as on Solaris, or god forbid, Linux.
Don't get me wrong - I love Linux (Slackware!) and the BSDs. But they have their place...and where it is *not* is at the enterprise level.
I agree alot with what you've said...however, this piece was written as a warning of impending troubles. Examples given should be taken in a general sense.
I don't feel Stallman or anyone else worrying about this type of thing right now is "out there" at all. Contrarily, I feel they're working in the public's best interests to try to inform and stop liberty infringement before it gains a head of steam...and in the coming weeks and months is exactly when it will happen.
I don't see this as being a FUD piece at all.
AFA this weakened-crypto proposal...does anybody have details? Who submitted it? I'd like to put a name and face to those who are actively trying to subvert privacy and/or freedoms.
240 hours of community service is quite a bit, at least in my book.
Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.
Anybody want to give up 30 saturdays? I didn't think so.
The punishment is certainly less than what one might have expected, but I think this is a good trend, not a bad one. I'd much rather see these marginally troublesome white-collar criminals get easier sentences than ANY drunk driver or other violent criminal acts. So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident? Hell - he didn't even try to steal information or money.
Punishments should fit the crime. What he did was not excusable, but a little perspective check is in order - especially after tuesday's events.
sedawkgrep
Re:Aptitude vs. Intelligence vs. Effectiveness [OT
on
Bobby Fischer Online?
·
· Score: 1
As with other replies to this post, I disagree.
When athletic ability reaches its highest level, improvement comes from intelligence. Anyone who is a "student of the game" will be better than one who is not, given approximate level of physical skills.
The same thing applies to almost everything else. I really don't believe in this esoteric idea of a aptitude. To me, aptitude is just having more understanding of a subject than the person making the assessment.
sedawkgrep
Re:This sounds like...[slightly OT]
on
IBM Wants Linux
·
· Score: 2, Interesting
Good lord. Why would you love to see SMIT go away? It is easily the best designed and most powerful administrative interface/frontend on any UNIX.
Sure SMIT allows morons to admin a machine, but it is only an interface to the WEALTH of commands that exist on the back-end. Once you've done a lot of AIX work you use them, only firing up smit when you're concerned about doing something kinda odd/dangerous correctly, or to review command syntax.
AIX is probably the most misunderstood and least known UNIX out there. Makes me sad, really. I love it, and don't really think any other UNIX compares to it from an administrative/features standpoint. But understand this - If AIX features were available in Linux, I would certainly prefer Linux...for more reasons than I can list.
Honestly I don't really understand why any major vendors would be supporting Linux development in PREFERENCE to their own OS. The slant here (historically for the past 1-2 years) seems to think that SGI, Compaq and IBM are dying to pitch their current OSes in favor of Linux. I just don't see that happening, for a multitude of reasons.
For SGI it could be a long-term strategic plan, if they migrate solely to IA-64 for their hardware. But customers [admins] are going to be pretty unhappy with Linux of 2001-2002 being run on their higher-end hardware I think.
IBM I believe is just hedging bets, and designing a mechanism by which they can be poised for a large sweep of AIX into the mainstream. Once I can run AIX on commodity hardware I can actually afford, it will be done. (IA-64...but when the hell will it be a reasonable cost?!!?)
Compaq...don't know much about Tru64 anymore, and Compaq is a small player. Alpha is a terrific architecture and Linux/FreeBSD are reportedly ROCK stable on those so who knows.
I don't mean to get on a rant here (:-). I just read things like "IBM Wants Linux", which is a slight misrepresentation of the story, and wonder how much pro-Linux fascism there really is on this site.
First off, you're correct - I spoke a little early without doing any research on PPPoE for OBSD.
That said - my 'jackass' comment was geared simply at the fact that the original poster was being a jackass in that he said: "it doesn't suck - stop crying".
points:
1 - Large ISPs (including telcos) are against giving average users static IPs. Notice all the comments here and you'll see the consensus. This is true for Qwest and RMI here in Denver as well.
2 - directly from that link on OBSD/PPPoE:
"Don't complain if your xDSL connection drops occasionally, remember that OpenBSD doesn't have really stable PPPoE drivers yet, but I have gone for hours without a problem, so it really isn't that bad. I have found that if my connection is dropping fairly quickly, if I turn the modem off and on again the problems go away.dropping fairly quickly, if I turn the modem off and on again the problems go away."
Nice - I want a reliable connection. Throwing extra stuff in the mix that lessens that is bad, IMNSHO. Forget getting Linux/xBSD/etc support from your ISP if you cannot make it work. Time to scour the newsgroups and mailing lists hoping someone has already solved your particular problem.
So, couple those and my points are still valid, albeit only if the world isn't a perfect place. And guess what? It isn't. Telco-ISPs and the like aren't going to give you premium types of service if there is any way they can avoid it.
Just because you aren't dissatisfied doesn't mean that this is something everybody will learn to accept.
I use "bridged" DSL. My firewall (OpenBSD), does all my routing, filtering and NAT. I currently have two static IPs.
What will I lose by moving to PPPoE you ask?
1) If OpenBSD cannot do PPPoE, or cannot establish connections with the ISP, no more packet filtering, and no more NAT.
1a) If it *can* work, then my filtering rules will largely need to be reworked to use logical interface names instead of IPs, and a number of anti-DoS rules that depend on my local segment info are useless.
2) No more static IPs
3) My inbound mail. Unless I use some kind of kludgey dynamic DNS crap, I'm screwed. Now I get to use someone ELSE's mail server. How nice.
4) My web-server. Nobody can find it since its address keeps changing. See above.
So just because you're not impacted, doesn't mean jack shit.
Perhaps its just that as a knowledgeable "power user", I like to have complete control of the traffic that deals with my IP and my DNS. Perhaps you simple folk just need "the internet to be up", but for a large number of us, having our ISP service brain-damaged to the point of high degress of uselessness is just not acceptable.
I quit Qwest for precisely this reason, and have been THRILLED with Speakeasy.net's superior service and support ever since.
...an impression? You bet. I can probably scope out and/or access more of your hosts/networks than you thought.
Ok - here's a little nugget of potentially useful info you.
If you have a valid shell, but one that is for all intents and purposes useless (like/usr/bin/yes), attackers can still wield that against a host/network.
What can be done is to setup port-forwarding. Sure the victim user cannot login, but we can still forward ports on their behalf. Such access could be used to circumvent many TCP connections that use host-based authentication.
Used to target 'sync' accounts like that waaaaaay back in the day.
Just an FYI. Give em a shell that doesn't exist. Or, get rid of them altogether, and for God's sake, CHOWN ROOT ANY BIN OWNED FILES!!!!
I'm sorry, but you're so off-base with this, its not even funny.
Enthusiast sites can exist without funding...until they grow large enough to demand high-speed links, load-balancers, etc etc etc. This stuff is extremely NOT CHEAP.
Back before the inet was commercial, the government paid the costs for every US organization that was connected, save just a few. UUCP, or gopher, or veronica, or archie, bbs's, or just simple e-mail was all you typically had. These were extremely low-bandwidth and suited the hundreds or perhaps thousands of transactions per day they served.
I wonder how many hits slashdot gets in a day? I don't know...but I am confident that no person could host slashdot at their house.;-)
So before you go off on your misguided rant, think about the sites you visit, and whether or not they are hosted on a single PC at somebody's house, or are actually architected across several platforms and hosted at a co-lo, complete with fast links, high-availability, conditioned power, etc etc etc. Every significant site I visit fits this category.
If a site isn't sponsored, they have to either earn money from advertising, or subscription.
Yes, it sucks. Its doubtful I'd pay much money to keep sites alive. I'd probably pay $1/month. But if slashdot, for instance got 100k users (about 20% reg'd users, right?) to pay $1/month, that would be a monthly revenue of...yup, $100,000. Just a thought.
Ramps - yes, and another fantastically simple idea.
I saw a program that, strangely, only mentioned the simplest and most logical (once you figured it out) way of building a pyramid...only as a footnote. This was very recent; maybe 2-3 months ago.
It turns out archaeologists found sets of wooden arches with strapping. These 'arches' (don't know of a better way to describe them) would be strapped to the four sides of a block, on each end, thus making a square into a circle. (Think of drawing a circle around a square...The blocks ended up looking like a spool of thread, without the thread.) This solved the problems of resistance and provided an incredibly simple and elegant way for Egyptians to roll their blocks up the Pyramid ramps using significantly less manpower.
I would've figured they could've done an ENTIRE program on just this! As I said though, had I not been paying attention, it would've passed me right by.
Still, ancient aliens is a lot more fascinating than simple, practical solutions!:-)
DEC had journaling in Ultrix? I don't know, because I never adminned any Ultrix boxes, but AIX has had journaling since at least 1991-92, possibly earlier.
I've adminned boxes from every major player and I'd still take AIX over any of them. $0.02.
Truthfully, logic errors like this one are the toughest to ferret out during an audit. The code can be 100% secure syntactically/semantically, but logically flawed.
These types of vulnerabilities are never cookie-cutter, and cannot be fixed by the usual "grep for scary syscalls" routine.
Vulnerabilities like this will probably never go away
If you think IPF is cryptic and idiosyncratic, then you've got to be a moron. There can't be any other explanation.
IPF is the simplest and most powerful firewall I have ever seen or used, and I've used pretty much everything out there. Perhaps simple is an inaccurate word to use though; it is only simple if you know WTF you're doing, and what is actually happening as packets enter and leave interfaces.
sedawkgrep
Re:Japanese (and American) revisionist history
on
Review: Pearl Harbor
·
· Score: 3
Pearl Harbor did not justify really justify any retaliatory action from the US during the war. However, comparing the bombing of Hiroshima and Nagasaki in any way to this is completely misguided.
War is ugly, and a dirty business to be sure. It shouldn't be left to be fought soldier to soldier. It shouldn't be detached from the lives of the populous. If the general public cannot see the ugliness and brutality, then the politicians [spoken: largely non-military] WHO MAKE WAR will be more likely to pursue aggressive movements, simply because they themselves haven't seen it, or been directly affected by it. EVERYONE SHOULD FEAR WAR. The US hasn't been attacked at its borders or had war in its lands for a really long time. At least long enough that nobody alive today has seen it.:-) This is quite unlike most of the rest of the world, where, especially during WWII, battles were fought in city streets and the general public was witness to it firsthand.
I am too tired to write about why I feel that the nuclear bombings of Japan saved so many lives. The truth IMHO is simply that Japan was fully committed to Asian and Pacific domination, even after the fall of the Axis powers.
The war in europe ended on May 8, 1945. V-E day (Victory in Europe) is what it is referred to now. V-J day (Victory over Japan) didn't occur until August 15. Yes, war wtih Japan continued for just over three months. In desperation you had Japanese using Kamikaze tactics, inflicting tremendous casualties on US troops and resources. It was probably the consensus of the US govt to follow the european victory with a strong stroke against Japan in hopes of ending the war as quickly as possible. Consequences be damned. The US public probably felt great relief at the fall of the Nazis, but the war didn't end there. We [all non-Axis...] had fought the war with them for so long, that the public would've felt relief, when in fact there was more work to do. The govt and military wouldn't want anyone going soft on the idea of finishing the war outright. This is something that apparently happened with the extraction of Iraqis from Kuwait at the end of Desert Storm.
I remember hearing somewhere that the initial target wasn't either Hiroshima or Nagasaki, but another city. I forget the name, but it was known as their spiritual center. It was considered that this was a poor choice for a target, due to the fact that it could seriously damage Japanese culture and even possibly prevent Japan from EVER agreeing to surrender. Even after the first bombing, Japan was unwilling to quit.
I suppose in a simplistic way you could compare it to boxing. Each fighter would much rather get a knockout and end the punishment of both sides if they can. No boxer wants to go 12 rounds every time they step into the ring if they can help it.
So no, I don't share your opinion that the Manhattan Project was such a terrible thing. It was an ugly but necessary piece of the war. It was designed for use against the Nazis, though, as they were the much larger concern for nearly the entire war.
Also, accelerated nuclear research and has given us good things despite the bombs.
...into porting/creating apps for this device? I mean, the issue of piracy is a huge deal to companies, and with an OS-based OS (ugh) like Linux, controlling the media is going to be a definite challenge.
I'm VERY exited over this machine though. Nokia certainly has the money to design, build and distribute something like this, and considering their success with the IP-xxx firewalls, they have more than zero experience dealing with electronic appliances. "It just might work!"
But again - are they just 'testing the waters' to see developer/community interest, or is there really a machine/dev-kit (which is a whole other issue) and a business plan? Is Nokia really committed to delivering a new console/appliance?
I'll go you one more - Given the fact that people hate dealing with multiple passwords, it is likely a HUGE portion of their workforce will use the same passwords for the AOL access as they do for access to internal (corporate) resources.
And seeing that SOOO many companies use PPTP VPNs, (or heck...most any VPN) authenticating against NT domains, you're just asking for every AOL employee who has more than 1/2 a clue to have a peek into your network. Not to mention those more clever types who 0wn AOL.
If I was the security manager at Time-Warner I would pissed enough to probably just start sending out my resume.
What advantage is there to running NetBSD on Alpha vs. FreeBSD? I'm not intending to start a flame - I do believe diversity and choice is better...but I'm not sure I see why, with the proven robustness of FreeBSD, one would choose to run NetBSD?
IPFilter (shipped with OpenBSD) has been able to do this for as long as I've used it. I don't recall exactly how its done, since I have been statically addressed for a LONG time now, but I think you design your firewall rules to use your interface name instead of the IP, like ppp0.
I thought FreeBSD came with IPF. Does it ship with ipfw instead?
Actually, I am looking forward to this game more than I do most FPS (except HalfLife II) simply because it deals with a topic I find endlessly fascinating:
European (in this case Nazi) WWII history.
Granted, they will take many liberties with characters, environments, etc, but being able to run around as a 3rd-reich-0wn1ng-one-man-wrecking-crew-badass has me totally jazzed. I hope there is enough realism in the environments (rooms, uniforms, guns, buildings, architecture (Speer)) to add that extra spark to the game. Star Trek Elite Force was wonderful in that it was exactly like being in an episode of Voyager. (albeit with a lot more killing..heh)
I think that as more companies adopt using previously-developed engines we will find many games that are either sequels to much older games, or that are derived from historical references or legends. I have no problem with this, if the games are done well. I also think fewer next-generation game companies are going to have the time/talent/budget to build Oni-type games, opting instead for simpler designs with stronger stories. Look at Half-Life. Outstanding game - simple (almost comic) storyline, executed perfectly and captivating from beginning to end. Opposing Force was nearly as good!
There will always be game companies that do innovative things too, though. I just don't feel the need to spurn the ideas - only the finished products if they are poor.
You're right - it is best to have your DNS (among others) servers geographically segmented.
And, actually, it would be quite simple to segment that network across a large geographic area.
All you have to do is get that/24 routed to you, via another network of course, then you can fire off each 8-IP segment as far as you want, so long as each router knows how to get there. Each network could be routed as near or as far as you want. 0-7 could be in Redmond, 8-15 could be in Tokyo, 16-23 in London, etc.
What it does introduce is a point of failure at your border router, but even with modern routing protocols it would still be possible to overcome.
I'm no badass network engineer but I have built a ton of firewalls and done my share of router setups...so forgive me if I don't see this 'incompetence' you claim.
...that buffer overflows still exist in this code. Honestly, BIND has to be the most used piece of software on the net, and it is completely open-source to boot.
How, despite the thousands of eyes that look at it ever day, did these problems not reveal themselves earlier?
Um...why do you say they're on the same segment? Don't you know how netmasks work?
A netmask of 255.255.255.240 would segment 6/7 from 4/5. Just because they look like they fall on the same class-C, doesn't mean they are. Even if MS owns all of 207.46, they could mix and match the network ranges however they want. Don't assume anything.
The only incompetence I can verify is that you don't know how to segment networks.
I figure they're embracing it simply because there are so few NetBSD/DC users out there that it couldn't possibly dent their income. I would be surprised if there were more than 1000 NetBSD/DC users worldwide (but hey...who knows)
So, if they embrace this niche, and help assist the NBSD team create a usable OS, the end-user may pick up a commercial game from time to time, just to have something else to do with his DC...thus actually economically contributing to the system, even if only a little. Perhaps, in time the new generation of gaming APIs will be ported and someone/company may distro a DC game that is NetBSD based. Running a free OS could give the DC enough longevity to possibly see it someday.
Back to reality though, I doubt that many people are going to ever dig into using this setup, simply because it wasn't built to be a workable PC. It will always be cumbersome; at least moreso than a PC.
...but I have to think that if someone could get two NICs into it, it would make a dandy low-profile firewall.;-)
This is just not correct. There are (or at least were) Mac clones, and I'm sure they were PPC based.
Aside from that though, IBM RS6000 machines (and AS400's, right?) have been using PPC chips for many many years. They've used 601, 604 and I think they're using 620s now. All those big iron IBM AIX boxes? They're all using PPC chips...at least until the power-4 is rolling out the doors.
So, no. I have two PPC boxes in my house, and neither is an Apple. They're not exactly ordinary boxes (they're rs6ks) but they are certainly PPC, and certainly available in the real world. I would love to run either Linux or NetBSD on my older rs6k boxes...if the support was only there...(but I *DO LOVE* AIX!!!)
Slashdot Mirror
Its pretty obvious that you're not a senior-level admin...at least not for AIX or HP-UX.
AIX and HP-UX have SO MANY MORE administrative features than Solaris (and let's not even start with Linux) that it's not even funny.
The problem is, there are tons of people just like you, who think that Linux/xBSD rule and don't understand exactly why the big vendors UNIX offerings are truly enterprise-class. So you rip on AIX/HP-UX because you don't know how to effectively manage them. Anybody who is a senior-level admin with either of them can easily be twice as productive with their tasks/chores as on Solaris, or god forbid, Linux.
Don't get me wrong - I love Linux (Slackware!) and the BSDs. But they have their place...and where it is *not* is at the enterprise level.
At least not yet.
sedawkgrep
I agree alot with what you've said...however, this piece was written as a warning of impending troubles. Examples given should be taken in a general sense.
I don't feel Stallman or anyone else worrying about this type of thing right now is "out there" at all. Contrarily, I feel they're working in the public's best interests to try to inform and stop liberty infringement before it gains a head of steam...and in the coming weeks and months is exactly when it will happen.
I don't see this as being a FUD piece at all.
AFA this weakened-crypto proposal...does anybody have details? Who submitted it? I'd like to put a name and face to those who are actively trying to subvert privacy and/or freedoms.
sedawkgrep
240 hours of community service is quite a bit, at least in my book.
Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.
Anybody want to give up 30 saturdays? I didn't think so.
The punishment is certainly less than what one might have expected, but I think this is a good trend, not a bad one. I'd much rather see these marginally troublesome white-collar criminals get easier sentences than ANY drunk driver or other violent criminal acts. So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident? Hell - he didn't even try to steal information or money.
Punishments should fit the crime. What he did was not excusable, but a little perspective check is in order - especially after tuesday's events.
sedawkgrep
As with other replies to this post, I disagree.
When athletic ability reaches its highest level, improvement comes from intelligence. Anyone who is a "student of the game" will be better than one who is not, given approximate level of physical skills.
The same thing applies to almost everything else. I really don't believe in this esoteric idea of a aptitude. To me, aptitude is just having more understanding of a subject than the person making the assessment.
sedawkgrep
Good lord. Why would you love to see SMIT go away? It is easily the best designed and most powerful administrative interface/frontend on any UNIX.
Sure SMIT allows morons to admin a machine, but it is only an interface to the WEALTH of commands that exist on the back-end. Once you've done a lot of AIX work you use them, only firing up smit when you're concerned about doing something kinda odd/dangerous correctly, or to review command syntax.
AIX is probably the most misunderstood and least known UNIX out there. Makes me sad, really. I love it, and don't really think any other UNIX compares to it from an administrative/features standpoint. But understand this - If AIX features were available in Linux, I would certainly prefer Linux...for more reasons than I can list.
Honestly I don't really understand why any major vendors would be supporting Linux development in PREFERENCE to their own OS. The slant here (historically for the past 1-2 years) seems to think that SGI, Compaq and IBM are dying to pitch their current OSes in favor of Linux. I just don't see that happening, for a multitude of reasons.
For SGI it could be a long-term strategic plan, if they migrate solely to IA-64 for their hardware. But customers [admins] are going to be pretty unhappy with Linux of 2001-2002 being run on their higher-end hardware I think.
IBM I believe is just hedging bets, and designing a mechanism by which they can be poised for a large sweep of AIX into the mainstream. Once I can run AIX on commodity hardware I can actually afford, it will be done. (IA-64...but when the hell will it be a reasonable cost?!!?)
Compaq...don't know much about Tru64 anymore, and Compaq is a small player. Alpha is a terrific architecture and Linux/FreeBSD are reportedly ROCK stable on those so who knows.
I don't mean to get on a rant here (:-). I just read things like "IBM Wants Linux", which is a slight misrepresentation of the story, and wonder how much pro-Linux fascism there really is on this site.
sedawkgrep
First off, you're correct - I spoke a little early without doing any research on PPPoE for OBSD.
That said - my 'jackass' comment was geared simply at the fact that the original poster was being a jackass in that he said: "it doesn't suck - stop crying".
points:
1 - Large ISPs (including telcos) are against giving average users static IPs. Notice all the comments here and you'll see the consensus. This is true for Qwest and RMI here in Denver as well.
2 - directly from that link on OBSD/PPPoE:
"Don't complain if your xDSL connection drops occasionally, remember that OpenBSD doesn't have really stable PPPoE drivers yet, but I have gone for hours without a problem, so it really isn't that bad. I have found that if my connection is dropping fairly quickly, if I turn the modem off and on again the problems go away.dropping fairly quickly, if I turn the modem off and on again the problems go away."
Nice - I want a reliable connection. Throwing extra stuff in the mix that lessens that is bad, IMNSHO. Forget getting Linux/xBSD/etc support from your ISP if you cannot make it work. Time to scour the newsgroups and mailing lists hoping someone has already solved your particular problem.
So, couple those and my points are still valid, albeit only if the world isn't a perfect place. And guess what? It isn't. Telco-ISPs and the like aren't going to give you premium types of service if there is any way they can avoid it.
sedawkgrep
Hey jackass,
/ X11/wilco/VNC/serviceX/serviceY/serviceZ
Just because you aren't dissatisfied doesn't mean that this is something everybody will learn to accept.
I use "bridged" DSL. My firewall (OpenBSD), does all my routing, filtering and NAT. I currently have two static IPs.
What will I lose by moving to PPPoE you ask?
1) If OpenBSD cannot do PPPoE, or cannot establish connections with the ISP, no more packet filtering, and no more NAT.
1a) If it *can* work, then my filtering rules will largely need to be reworked to use logical interface names instead of IPs, and a number of anti-DoS rules that depend on my local segment info are useless.
2) No more static IPs
3) My inbound mail. Unless I use some kind of kludgey dynamic DNS crap, I'm screwed. Now I get to use someone ELSE's mail server. How nice.
4) My web-server. Nobody can find it since its address keeps changing. See above.
5) My quake-3 server. See above.
6) Inbound ssh/irc/dns/pop/imap/snmp/talk/netbios/news/xdmcp
...you get the idea.
So just because you're not impacted, doesn't mean jack shit.
Perhaps its just that as a knowledgeable "power user", I like to have complete control of the traffic that deals with my IP and my DNS. Perhaps you simple folk just need "the internet to be up", but for a large number of us, having our ISP service brain-damaged to the point of high degress of uselessness is just not acceptable.
I quit Qwest for precisely this reason, and have been THRILLED with Speakeasy.net's superior service and support ever since.
GO SPEAKEASY!
sedawkgrep
...an impression? You bet. I can probably scope out and/or access more of your hosts/networks than you thought.
/usr/bin/yes), attackers can still wield that against a host/network.
Ok - here's a little nugget of potentially useful info you.
If you have a valid shell, but one that is for all intents and purposes useless (like
What can be done is to setup port-forwarding. Sure the victim user cannot login, but we can still forward ports on their behalf. Such access could be used to circumvent many TCP connections that use host-based authentication.
Used to target 'sync' accounts like that waaaaaay back in the day.
Just an FYI. Give em a shell that doesn't exist. Or, get rid of them altogether, and for God's sake, CHOWN ROOT ANY BIN OWNED FILES!!!!
sedawkgrep
I'm sorry, but you're so off-base with this, its not even funny.
;-)
Enthusiast sites can exist without funding...until they grow large enough to demand high-speed links, load-balancers, etc etc etc. This stuff is extremely NOT CHEAP.
Back before the inet was commercial, the government paid the costs for every US organization that was connected, save just a few. UUCP, or gopher, or veronica, or archie, bbs's, or just simple e-mail was all you typically had. These were extremely low-bandwidth and suited the hundreds or perhaps thousands of transactions per day they served.
I wonder how many hits slashdot gets in a day? I don't know...but I am confident that no person could host slashdot at their house.
So before you go off on your misguided rant, think about the sites you visit, and whether or not they are hosted on a single PC at somebody's house, or are actually architected across several platforms and hosted at a co-lo, complete with fast links, high-availability, conditioned power, etc etc etc. Every significant site I visit fits this category.
If a site isn't sponsored, they have to either earn money from advertising, or subscription.
Yes, it sucks. Its doubtful I'd pay much money to keep sites alive. I'd probably pay $1/month. But if slashdot, for instance got 100k users (about 20% reg'd users, right?) to pay $1/month, that would be a monthly revenue of...yup, $100,000. Just a thought.
sedawkgrep
Ramps - yes, and another fantastically simple idea.
:-)
I saw a program that, strangely, only mentioned the simplest and most logical (once you figured it out) way of building a pyramid...only as a footnote. This was very recent; maybe 2-3 months ago.
It turns out archaeologists found sets of wooden arches with strapping. These 'arches' (don't know of a better way to describe them) would be strapped to the four sides of a block, on each end, thus making a square into a circle. (Think of drawing a circle around a square...The blocks ended up looking like a spool of thread, without the thread.) This solved the problems of resistance and provided an incredibly simple and elegant way for Egyptians to roll their blocks up the Pyramid ramps using significantly less manpower.
I would've figured they could've done an ENTIRE program on just this! As I said though, had I not been paying attention, it would've passed me right by.
Still, ancient aliens is a lot more fascinating than simple, practical solutions!
sedawkgrep
Slightly offtopic, but....
DEC had journaling in Ultrix? I don't know, because I never adminned any Ultrix boxes, but AIX has had journaling since at least 1991-92, possibly earlier.
I've adminned boxes from every major player and I'd still take AIX over any of them. $0.02.
sedawkgrep
Truthfully, logic errors like this one are the toughest to ferret out during an audit. The code can be 100% secure syntactically/semantically, but logically flawed.
These types of vulnerabilities are never cookie-cutter, and cannot be fixed by the usual "grep for scary syscalls" routine.
Vulnerabilities like this will probably never go away
sedawkgrep
If you think IPF is cryptic and idiosyncratic, then you've got to be a moron. There can't be any other explanation.
IPF is the simplest and most powerful firewall I have ever seen or used, and I've used pretty much everything out there. Perhaps simple is an inaccurate word to use though; it is only simple if you know WTF you're doing, and what is actually happening as packets enter and leave interfaces.
sedawkgrep
Pearl Harbor did not justify really justify any retaliatory action from the US during the war. However, comparing the bombing of Hiroshima and Nagasaki in any way to this is completely misguided.
:-) This is quite unlike most of the rest of the world, where, especially during WWII, battles were fought in city streets and the general public was witness to it firsthand.
War is ugly, and a dirty business to be sure. It shouldn't be left to be fought soldier to soldier. It shouldn't be detached from the lives of the populous. If the general public cannot see the ugliness and brutality, then the politicians [spoken: largely non-military] WHO MAKE WAR will be more likely to pursue aggressive movements, simply because they themselves haven't seen it, or been directly affected by it. EVERYONE SHOULD FEAR WAR. The US hasn't been attacked at its borders or had war in its lands for a really long time. At least long enough that nobody alive today has seen it.
I am too tired to write about why I feel that the nuclear bombings of Japan saved so many lives. The truth IMHO is simply that Japan was fully committed to Asian and Pacific domination, even after the fall of the Axis powers.
The war in europe ended on May 8, 1945. V-E day (Victory in Europe) is what it is referred to now. V-J day (Victory over Japan) didn't occur until August 15. Yes, war wtih Japan continued for just over three months. In desperation you had Japanese using Kamikaze tactics, inflicting tremendous casualties on US troops and resources. It was probably the consensus of the US govt to follow the european victory with a strong stroke against Japan in hopes of ending the war as quickly as possible. Consequences be damned. The US public probably felt great relief at the fall of the Nazis, but the war didn't end there. We [all non-Axis...] had fought the war with them for so long, that the public would've felt relief, when in fact there was more work to do. The govt and military wouldn't want anyone going soft on the idea of finishing the war outright. This is something that apparently happened with the extraction of Iraqis from Kuwait at the end of Desert Storm.
I remember hearing somewhere that the initial target wasn't either Hiroshima or Nagasaki, but another city. I forget the name, but it was known as their spiritual center. It was considered that this was a poor choice for a target, due to the fact that it could seriously damage Japanese culture and even possibly prevent Japan from EVER agreeing to surrender. Even after the first bombing, Japan was unwilling to quit.
I suppose in a simplistic way you could compare it to boxing. Each fighter would much rather get a knockout and end the punishment of both sides if they can. No boxer wants to go 12 rounds every time they step into the ring if they can help it.
So no, I don't share your opinion that the Manhattan Project was such a terrible thing. It was an ugly but necessary piece of the war. It was designed for use against the Nazis, though, as they were the much larger concern for nearly the entire war.
Also, accelerated nuclear research and has given us good things despite the bombs.
sedawkgrep
...into porting/creating apps for this device? I mean, the issue of piracy is a huge deal to companies, and with an OS-based OS (ugh) like Linux, controlling the media is going to be a definite challenge.
I'm VERY exited over this machine though. Nokia certainly has the money to design, build and distribute something like this, and considering their success with the IP-xxx firewalls, they have more than zero experience dealing with electronic appliances. "It just might work!"
But again - are they just 'testing the waters' to see developer/community interest, or is there really a machine/dev-kit (which is a whole other issue) and a business plan? Is Nokia really committed to delivering a new console/appliance?
sedawkgrep
I'll go you one more - Given the fact that people hate dealing with multiple passwords, it is likely a HUGE portion of their workforce will use the same passwords for the AOL access as they do for access to internal (corporate) resources.
And seeing that SOOO many companies use PPTP VPNs, (or heck...most any VPN) authenticating against NT domains, you're just asking for every AOL employee who has more than 1/2 a clue to have a peek into your network. Not to mention those more clever types who 0wn AOL.
If I was the security manager at Time-Warner I would pissed enough to probably just start sending out my resume.
sedawkgrep
What advantage is there to running NetBSD on Alpha vs. FreeBSD? I'm not intending to start a flame - I do believe diversity and choice is better...but I'm not sure I see why, with the proven robustness of FreeBSD, one would choose to run NetBSD?
Is there technical merit to it? I'm just curious.
sedawkgrep
IPFilter (shipped with OpenBSD) has been able to do this for as long as I've used it. I don't recall exactly how its done, since I have been statically addressed for a LONG time now, but I think you design your firewall rules to use your interface name instead of the IP, like ppp0.
I thought FreeBSD came with IPF. Does it ship with ipfw instead?
sedawkgrep
Actually, I am looking forward to this game more than I do most FPS (except HalfLife II) simply because it deals with a topic I find endlessly fascinating:
European (in this case Nazi) WWII history.
Granted, they will take many liberties with characters, environments, etc, but being able to run around as a 3rd-reich-0wn1ng-one-man-wrecking-crew-badass has me totally jazzed. I hope there is enough realism in the environments (rooms, uniforms, guns, buildings, architecture (Speer)) to add that extra spark to the game. Star Trek Elite Force was wonderful in that it was exactly like being in an episode of Voyager. (albeit with a lot more killing..heh)
I think that as more companies adopt using previously-developed engines we will find many games that are either sequels to much older games, or that are derived from historical references or legends. I have no problem with this, if the games are done well. I also think fewer next-generation game companies are going to have the time/talent/budget to build Oni-type games, opting instead for simpler designs with stronger stories. Look at Half-Life. Outstanding game - simple (almost comic) storyline, executed perfectly and captivating from beginning to end. Opposing Force was nearly as good!
There will always be game companies that do innovative things too, though. I just don't feel the need to spurn the ideas - only the finished products if they are poor.
sedawkgrep
You're right - it is best to have your DNS (among others) servers geographically segmented.
/24 routed to you, via another network of course, then you can fire off each 8-IP segment as far as you want, so long as each router knows how to get there. Each network could be routed as near or as far as you want. 0-7 could be in Redmond, 8-15 could be in Tokyo, 16-23 in London, etc.
And, actually, it would be quite simple to segment that network across a large geographic area.
All you have to do is get that
What it does introduce is a point of failure at your border router, but even with modern routing protocols it would still be possible to overcome.
I'm no badass network engineer but I have built a ton of firewalls and done my share of router setups...so forgive me if I don't see this 'incompetence' you claim.
sedawkgrep
...that buffer overflows still exist in this code. Honestly, BIND has to be the most used piece of software on the net, and it is completely open-source to boot.
How, despite the thousands of eyes that look at it ever day, did these problems not reveal themselves earlier?
sedawkgrep
Um...why do you say they're on the same segment? Don't you know how netmasks work?
A netmask of 255.255.255.240 would segment 6/7 from 4/5. Just because they look like they fall on the same class-C, doesn't mean they are. Even if MS owns all of 207.46, they could mix and match the network ranges however they want. Don't assume anything.
The only incompetence I can verify is that you don't know how to segment networks.
sedawkgrep
I figure they're embracing it simply because there are so few NetBSD/DC users out there that it couldn't possibly dent their income. I would be surprised if there were more than 1000 NetBSD/DC users worldwide (but hey...who knows)
;-)
So, if they embrace this niche, and help assist the NBSD team create a usable OS, the end-user may pick up a commercial game from time to time, just to have something else to do with his DC...thus actually economically contributing to the system, even if only a little. Perhaps, in time the new generation of gaming APIs will be ported and someone/company may distro a DC game that is NetBSD based. Running a free OS could give the DC enough longevity to possibly see it someday.
Back to reality though, I doubt that many people are going to ever dig into using this setup, simply because it wasn't built to be a workable PC. It will always be cumbersome; at least moreso than a PC.
...but I have to think that if someone could get two NICs into it, it would make a dandy low-profile firewall.
sedawkgrep
This is just not correct. There are (or at least were) Mac clones, and I'm sure they were PPC based.
Aside from that though, IBM RS6000 machines (and AS400's, right?) have been using PPC chips for many many years. They've used 601, 604 and I think they're using 620s now. All those big iron IBM AIX boxes? They're all using PPC chips...at least until the power-4 is rolling out the doors.
So, no. I have two PPC boxes in my house, and neither is an Apple. They're not exactly ordinary boxes (they're rs6ks) but they are certainly PPC, and certainly available in the real world. I would love to run either Linux or NetBSD on my older rs6k boxes...if the support was only there...(but I *DO LOVE* AIX!!!)
sedawkgrep
MORON.
People - please stop trying to justify this theft.
As a classical musician I find it amazing to keep seeing people say things like "they make most of their money from concerts".
Yeah right.
If only that really were the case.
sedawkgrep