As a security freak, this scares the shit out of me. The last thing I want is for any random user to be able to allow inbound connections through the firewall. No thanks - they can suffer with filtering, proxying and NAT.
Before you knew it, you'd have everybody under the sun using netcat to allow themselves back into a protected network from the outside...just because it is convenient.
Um...switched? For an aggresssive attacker, be they admin or otherwise, being on a switch does you almost no good security wise.
Why?
Arp. There are a million-and-one arp (gratuitous or otherwise) spoofers/relayers out there nowadays. Relaying your packets allows the attacker to not only sniff, but intercept, block, modify, or originate new traffic......and arp flooding can fill the MAC table and leave many switches in 'open' mode.
Protection? Static arp...but that is unmanagable in most environments, and seems I remember WinXX boxes accepting MACs from the network, subsequently overriding statically defined ones. (ouch!)
Oh...and if you use DHCP you're still sunk.
You guys need to get it through your heads that encryption is your only protection...and even that has to be suspect if you don't have autonomous control over the endpoints.
:-)
Hopefully PKI and IPv6 will lead us into a happier day. Having encryption (well, ipsec) below the application layer will make me a happy guy.
...of the Olympics. What was once a noble event for participant and country alike has turned into a corrupt, media-choked farce. In Greek times, it was meant to be the epitome of competition - one person, only representing themself, against the best the world had to offer. The glory of the self.
I'm not going to start a rant here but I do want to make a few points
Does anybody care how the basketball teams (men and womens) do? The honor those players extoll can only be from getting the EXPERIENCE OF BEING THERE; not from the competition. How can they possibly have any national pride over their victories? There would be more competition having them play the NCAA champs. This has been and will probably always continue to be a sham for the networks & NBA to make big $.
USA gymnastics has been a joke during the Olympics. I laugh now at all the hype the media gave simply because it blew up in their faces. We were horribly outclassed this time.
Bah now I'm just pissed off. Only events I care to watch are the decathlon, table tennis, judo, tae kwon do, boxing and gymnastics...half of which apparently don't get airtime in the US.
As several posters pointed out, why would you use an open-source OS like Linux if you're planning on making it so closed as to completely inhibit 'hacking'?
Price? Seems to me the cost of using CE or some other OS (QNX?) with better SDKs and APIs would offset that enough to keep the price low, and third-party developer interest high.
Aside from that though, what causes me to think this will probably fail is this:
14. Will nVidia be doing all future GPUs for the system?
[JG] No, future GPUs will be done by several manufacturers, hence driving the price down and making them more available.
I hope for their sake that the hardware will be ONE design, possibly manufactured by several competitors. If not, then hardware and subsequent software incompatibility will cause more headaches than the cost savings would ever be able to help.
Consoles have been and will continue to be successful because of their 100% closed architecture design. Once you start throwing variables this big into the mix, console developers turn and run.
...that guy posted some terribly uninspired comments. Jeesh. You'd think somebody with that much time on their hands would at least write SOMETHING marginally amusing.
I disagree with the 'It may have a few cool features, but we don't need Yet Another Operating System to choose from.' statement.
How will the Amiga truly differentiate itself as it did in the past, by running someone else's Linux distro? (And this was/is one of the BIG reasons it had its success and lingering zealots) Even if they license it, and extensively modify it, it will still be primarily Linux, and probably run X. (Not that it is such a bad thing...)
While there are certainly marketing advantages to joining the Linux bandwagon, I would have rather seen them use BeOS or QNX/Neutrino. Both of those have distinct advantages (in different ways) that Amiga could've leveraged to position themselves to ship new Amiga hardware faster than rebuilding Linux.
Nobody here would agree that the squelching of free speech is anything but wrong and an enormous step backwards for our country/government.
Having said that, society, driven by it's finite moral spectrum, will stomp on individual speech or expression whenever any mass disapproval arises. Too often the misguided rationale of protection of society, especially children, is used as an excuse to lessen another's expression to 'tolerable social limits'. All one has to do is look at anything containing a parental warning or the abundant disclaimers adorning seemingly everything nowadays to see the grip we and our government have around our very necks.
I say these things because I fall on the opposite end of the scale from most. I extoll and cherish open and free expression. If those around me wish to say vulgar or inappropriate things, so be it. I have no problem with anyone expressing themselves...I draw the line at expression one's self physically through agression towards another living thing though.:-)
What I feel most of society misses though, is that it is up to the individual to decide for themselves whether or not what they're hearing is worth listening to. I don't plan on 'protecting' my children (when I have them) from anything; rather I'll educate them to listen, interpret, understand and evaluate what they see and hear.
This extends to: If Mitnick wants to make millions of the fame and knowledge of his actions, so be it. Certainly the industry can learn something from his exploits...but I also feel that any murderer or rapist should be allowed to do the same. If they wish to do lectures once they're paroled or write books from the slammer let them. Let them be as grotesque and unrepentant as they wish. Only then, when society is able see the true nature of these people and inhumanities, will it be able to make an educated decision on how to improve the prison system. As it stands now, Dahmer and Bundy are only freaks at a side show...our reactions to them are based on censored information. We have no idea how far away from the status-quo they truly are. When society learns to not place value in trviality or shock value, and begins thinking thoughtful and long-term on issues, we will finally make it somewhere as a PEOPLE.
I don't believe in sheltering anyone or anything. No matter how sheltered you may be, you will eventually find hideousness. Your 'education' as a sentient, understanding human will protect you against misunderstanding and reactionism.
The world is vast and contains wonders of all types. It is up to the individual to decide how they feel about them.
sedawkgrep
Short and attitude riddled...
on
Theo's Thoughts
·
· Score: 1
...article from one of the industry's biggest misfits.
DeRaadt has the attitude and social skills of a mule who's been repeatedly kicked in the nuts.
It's too bad, really...OpenBSD would benefit enormously from a congenial and thoughtful spokesperson...not the detrimental egotist many of us find ourselves using the OS in spite of.
What DOES excite me is Monterey...but I am an AIX bigot.
With the strategic partnership hubbub between SCO and IBM building an IA-64 Unix, there has been little said about the actual capabilities of the OS. It is worth noting to those unfamiliar with AIX that it is the most feature-ridden Unix I've ever adminned. (And I've run most all of them) It would be fantastic to see the MANY features in AIX in Monterey.
So...
What are views on Monterey from SCO, insofar as what the end-user can expect? (practical answers, not the usual marketing crap) Does SCO/IBM plan on open-sourcing any of the OS? Where does Linux fit in the grand scheme vs. Monterey and other SCO developed Unix solutions?
Is that rather than utilizing TCP/IP like it should be used, (relying on the IP headers for soruce/destination addresses) the coders are encapsulating the true source IP inside the packet payload. I've also heard DirectPlay does this. This of course will break MASQing.
This is becoming such an issue these days I doubt the problem will persist for too much longer.
VPNs only protect traffic as it traverses from one VPN gateway to the other. (or host if the VPN is host-based) Before the first gateway and after the last gateway the traffic is susceptible to any and all forms of network attack/abuse. AFAIK, VPN gateways do no massaging of packets in order to attempt to make them less dangerous - it just encapsulates them (AH/ESP...) and sends them on their way.
Irregardless...
This also includes sniffing, which is certainly enough reason to not use insecure authentication protocols.
This sounds a bit clumsy, as well as having a tree of directories that go to infinity.
IMHO what Linux needs is a really well designed fileset+revision based mechanism like AIX and installp.
In AIX, nearly every file (and everything in system directories) belongs to a fileset that is registered in a database. Filesets on AIX look like this:
bos.net.tcpip.client.4.2.1.99
Which is hierarchical and is completely descriptive. The last four places indicate oslevel (4.2.1) and fileset revision (the 99th). Using commands like lslpp you can tell what files belong to what filesets. The entire mechanism is elegant and very efficient. My experience with all other UNIXes continually leaves me in greater appreciate of AIX and its superior designS.
I'll soapbox here for a minute and say one thing: Its all too common for us OS bigots to dismiss anything we know little about or don't fully realize. I can't tell you the scores of times I've heard Solaris admins rip AIX...I used to be one of them. But, after running AIX for a few years in a large environment, my productivity on it is so much higher that all other UNIXes that now that I'm away from them they all seem very clumsy. Ask any serious AIX admin and they'll probably agree.
There is no doubting that AIX is the most advanced UNIX for the administrator on the market today.
Can somebody swing by there and pick me up an OpenBSD 2.6 CD set? Austin Hook and the rest of the goons at canuck.com don't seem to want to give me the CDs for the $30 I gave them two months ago.:-\ sedawkgrep
Slashdot Mirror
Yikes.
As a security freak, this scares the shit out of me. The last thing I want is for any random user to be able to allow inbound connections through the firewall. No thanks - they can suffer with filtering, proxying and NAT.
Before you knew it, you'd have everybody under the sun using netcat to allow themselves back into a protected network from the outside...just because it is convenient.
Ugh. Please somebody take us to PKI and IPv6.
sedawkgrep
Um...switched? For an aggresssive attacker, be they admin or otherwise, being on a switch does you almost no good security wise.
Why?
Arp. There are a million-and-one arp (gratuitous or otherwise) spoofers/relayers out there nowadays. Relaying your packets allows the attacker to not only sniff, but intercept, block, modify, or originate new traffic......and arp flooding can fill the MAC table and leave many switches in 'open' mode.
Protection? Static arp...but that is unmanagable in most environments, and seems I remember WinXX boxes accepting MACs from the network, subsequently overriding statically defined ones. (ouch!)
Oh...and if you use DHCP you're still sunk.
You guys need to get it through your heads that encryption is your only protection...and even that has to be suspect if you don't have autonomous control over the endpoints.
:-)
Hopefully PKI and IPv6 will lead us into a happier day. Having encryption (well, ipsec) below the application layer will make me a happy guy.
sedawkgrep
...of the Olympics. What was once a noble event for participant and country alike has turned into a corrupt, media-choked farce. In Greek times, it was meant to be the epitome of competition - one person, only representing themself, against the best the world had to offer. The glory of the self.
I'm not going to start a rant here but I do want to make a few points
Does anybody care how the basketball teams (men and womens) do? The honor those players extoll can only be from getting the EXPERIENCE OF BEING THERE; not from the competition. How can they possibly have any national pride over their victories? There would be more competition having them play the NCAA champs. This has been and will probably always continue to be a sham for the networks & NBA to make big $.
USA gymnastics has been a joke during the Olympics. I laugh now at all the hype the media gave simply because it blew up in their faces. We were horribly outclassed this time.
Bah now I'm just pissed off. Only events I care to watch are the decathlon, table tennis, judo, tae kwon do, boxing and gymnastics...half of which apparently don't get airtime in the US.
Nice.
sedawkgrep
As several posters pointed out, why would you use an open-source OS like Linux if you're planning on making it so closed as to completely inhibit 'hacking'?
Price? Seems to me the cost of using CE or some other OS (QNX?) with better SDKs and APIs would offset that enough to keep the price low, and third-party developer interest high.
Aside from that though, what causes me to think this will probably fail is this:
14. Will nVidia be doing all future GPUs for the system?
[JG] No, future GPUs will be done by several manufacturers, hence driving the price down and making them more available.
I hope for their sake that the hardware will be ONE design, possibly manufactured by several competitors. If not, then hardware and subsequent software incompatibility will cause more headaches than the cost savings would ever be able to help.
Consoles have been and will continue to be successful because of their 100% closed architecture design. Once you start throwing variables this big into the mix, console developers turn and run.
sedawkgrep
sedawkgrep
I disagree with the 'It may have a few cool features, but we don't need Yet Another Operating System to choose from.' statement.
How will the Amiga truly differentiate itself as it did in the past, by running someone else's Linux distro? (And this was/is one of the BIG reasons it had its success and lingering zealots) Even if they license it, and extensively modify it, it will still be primarily Linux, and probably run X. (Not that it is such a bad thing...)
While there are certainly marketing advantages to joining the Linux bandwagon, I would have rather seen them use BeOS or QNX/Neutrino. Both of those have distinct advantages (in different ways) that Amiga could've leveraged to position themselves to ship new Amiga hardware faster than rebuilding Linux.
IMHO.
sedawkgrep
things I personally see going wrong in society.
:-)
Nobody here would agree that the squelching of free speech is anything but wrong and an enormous step backwards for our country/government.
Having said that, society, driven by it's finite moral spectrum, will stomp on individual speech or expression whenever any mass disapproval arises. Too often the misguided rationale of protection of society, especially children, is used as an excuse to lessen another's expression to 'tolerable social limits'. All one has to do is look at anything containing a parental warning or the abundant disclaimers adorning seemingly everything nowadays to see the grip we and our government have around our very necks.
I say these things because I fall on the opposite end of the scale from most. I extoll and cherish open and free expression. If those around me wish to say vulgar or inappropriate things, so be it. I have no problem with anyone expressing themselves...I draw the line at expression one's self physically through agression towards another living thing though.
What I feel most of society misses though, is that it is up to the individual to decide for themselves whether or not what they're hearing is worth listening to. I don't plan on 'protecting' my children (when I have them) from anything; rather I'll educate them to listen, interpret, understand and evaluate what they see and hear.
This extends to: If Mitnick wants to make millions of the fame and knowledge of his actions, so be it. Certainly the industry can learn something from his exploits...but I also feel that any murderer or rapist should be allowed to do the same. If they wish to do lectures once they're paroled or write books from the slammer let them. Let them be as grotesque and unrepentant as they wish. Only then, when society is able see the true nature of these people and inhumanities, will it be able to make an educated decision on how to improve the prison system. As it stands now, Dahmer and Bundy are only freaks at a side show...our reactions to them are based on censored information. We have no idea how far away from the status-quo they truly are. When society learns to not place value in trviality or shock value, and begins thinking thoughtful and long-term on issues, we will finally make it somewhere as a PEOPLE.
I don't believe in sheltering anyone or anything. No matter how sheltered you may be, you will eventually find hideousness. Your 'education' as a sentient, understanding human will protect you against misunderstanding and reactionism.
The world is vast and contains wonders of all types. It is up to the individual to decide how they feel about them.
sedawkgrep
...article from one of the industry's biggest misfits.
DeRaadt has the attitude and social skills of a mule who's been repeatedly kicked in the nuts.
It's too bad, really...OpenBSD would benefit enormously from a congenial and thoughtful spokesperson...not the detrimental egotist many of us find ourselves using the OS in spite of.
sedawkgrep
Forgive me, but Tarantella does not excite me.
What DOES excite me is Monterey...but I am an AIX bigot.
With the strategic partnership hubbub between SCO and IBM building an IA-64 Unix, there has been little said about the actual capabilities of the OS. It is worth noting to those unfamiliar with AIX that it is the most feature-ridden Unix I've ever adminned. (And I've run most all of them) It would be fantastic to see the MANY features in AIX in Monterey.
So...
What are views on Monterey from SCO, insofar as what the end-user can expect? (practical answers, not the usual marketing crap) Does SCO/IBM plan on open-sourcing any of the OS? Where does Linux fit in the grand scheme vs. Monterey and other SCO developed Unix solutions?
sedawkgrep
Is that rather than utilizing TCP/IP like it should be used, (relying on the IP headers for soruce/destination addresses) the coders are encapsulating the true source IP inside the packet payload. I've also heard DirectPlay does this. This of course will break MASQing.
This is becoming such an issue these days I doubt the problem will persist for too much longer.
sedawkgrep
In a word? nope.
VPNs only protect traffic as it traverses from one VPN gateway to the other. (or host if the VPN is host-based) Before the first gateway and after the last gateway the traffic is susceptible to any and all forms of network attack/abuse. AFAIK, VPN gateways do no massaging of packets in order to attempt to make them less dangerous - it just encapsulates them (AH/ESP...) and sends them on their way.
Irregardless...
This also includes sniffing, which is certainly enough reason to not use insecure authentication protocols.
sedawkgrep
This sounds a bit clumsy, as well as having a tree of directories that go to infinity.
IMHO what Linux needs is a really well designed fileset+revision based mechanism like AIX and installp.
In AIX, nearly every file (and everything in system directories) belongs to a fileset that is registered in a database. Filesets on AIX look like this:
bos.net.tcpip.client.4.2.1.99
Which is hierarchical and is completely descriptive. The last four places indicate oslevel (4.2.1) and fileset revision (the 99th). Using commands like lslpp you can tell what files belong to what filesets. The entire mechanism is elegant and very efficient. My experience with all other UNIXes continually leaves me in greater appreciate of AIX and its superior designS.
I'll soapbox here for a minute and say one thing: Its all too common for us OS bigots to dismiss anything we know little about or don't fully realize. I can't tell you the scores of times I've heard Solaris admins rip AIX...I used to be one of them. But, after running AIX for a few years in a large environment, my productivity on it is so much higher that all other UNIXes that now that I'm away from them they all seem very clumsy. Ask any serious AIX admin and they'll probably agree.
There is no doubting that AIX is the most advanced UNIX for the administrator on the market today.
sedawkgrep
Can somebody swing by there and pick me up an OpenBSD 2.6 CD set? Austin Hook and the rest of the goons at canuck.com don't seem to want to give me the CDs for the $30 I gave them two months ago. :-\ sedawkgrep