"No, if it did, they would have used Windows. The point is that they want to be able to use the best option for the job, and that includes the speed with which they can set up the system properly."
You're assuming fixing Linux would have taken more time than fixing the windows harddisk thrashing that they encountered?
The first shot is free, but that is just to get you hooked on it. Once you're hooked, prices go through the roof and they will take everything you have.
Compressed streams often have a 'signature' at the beginning of the stream. When this signature is encrypted, then the attacker knows a little bit of unencrypted data and the 'corresponding' encrypted data. This will make a plaintext attack more feasible. It may still require the attacker to eavesdrop many packets and spend a lot of cpu time on them, but it will be less than with completely random data. However, not compressing also aids the plaintext attack, especially when the data is known or patterns of it are guessable, such as english text (alphabetic statistics), protocols "GET/cgi-bin/login.cgi", "HELO myserver", headers "X-Mime-Type:", etc.
To be most secure, you should only encrypt and transmit absolutely random data.
As is indicated at the end of the article, a Linux application running with system priveleges can create windows anywhere with no implications for security. Creating X11 windows does not give any other process any execution rights, but with Win32 and this shatter program it does.
Anyway, when I can't modify the source to remove the click-through and then redistribute it myself under the same terms, then it's not free software (free not as in beer, but free as in non-captive). And it shouldn't be called open source. If they start accepting this, then pretty soon they will have to accept licences including 'and you can only modify it to fix my bugs and then let me sell it again'.
I've been waiting for this. I've seen the malloc debuggers and the like (electric-fence, gccchecker, etc), but they're all incomplete, have problems with C++ code, or are just for allocated memory ('new'-ed objects, malloc()-ed data, etc), not for regular vairables: statics, local variables, etc.
But valgrind seems to be just right I gave it a quick tryout and it is looking good!
Wow.
apt-get install valgrind.
And all we need now is a gvalgrind, and/or a kvalgrind gui interface just like purify has and I'm all happy.
for those actually following this as a guideline (if anybody): I forgot to mention: make a/etc/vservers/01.conf and you need IP aliasing support in the kernel (and of course a kernel with the vservers/ctx patch).
"You know, to be honest, I think they kept it vague on purpose"
It's a basic economic principle: The less transparency, the higher the profit margins.
It's the same reason why often the price is not the only thing you're paying for, there are lots of added fees (try buying a car or even simple telephoneservice).
About.net: it microsoft's long-term response to linux: move the applications a layer up away from the OS. Just like what often is already happening with html. Who needs to buy TurboTax if you can do it securely on-line on their website? Expand that to all applications and you don't really use the operating system anymore except for a java capable html browser. Now 'embrace and extend' that and you get.net
Actually, I run Debian (woody) and I've been running a pristine RedHat7.2 install in a vserver on it for a couple of weeks now. I'm running two distributions in parallel. No more upgrading of distributions, just install new ones additionally. I can always still use the old version (as long as they all accept a common 2.4 kernel)
howto? Simple, install redhat7.2 on an empty disk, and copy all the files including permissions to/vservers/01 (or mount the disk there).
The vserver sources are easy to deb-make (man deb-make) (tip: "RPM_BUILD_ROOT=$(DESTDIR)" in the Makefile).
"vserver 01 start" to boot rh72, and "vserver 01 enter" to enter it as root. edit the ListenAddress in/etc/ssh/sshd_config of your debian to only bind to one IP instead of 0.0.0.0, and then you can start an ssh in the rh72 vserver and there you are, as if you had an extra computer running rh72.
(did I mention the whole thing is diskless remote boot too?)
Slashdot Mirror
"Please download the PSM"
Yep:
# apt-get install mozilla-psm
Works like a charm on Debian/Linux.
I see no reason to give up the popup blocker, plus I think that the previous NS preview didn't even support tabbed browsing... That's ancient.
Ahhh. This is a good day for Open Source.
"No, if it did, they would have used Windows. The point is that they want to be able to use the best option for the job, and that includes the speed with which they can set up the system properly."
You're assuming fixing Linux would have taken more time than fixing the windows harddisk thrashing that they encountered?
But it didn't, did it?
Anyway, if it did, it would have been fixed.
IBM knows as almost no other how to apply 'Use the Source Luke' UTSL and fix things. You can't UTSL Windows.
Computer systems in an ASIC fab cannot be compared with monitoring PCs in a chemical fab.
ASIC design and test files are huge and on the equipment interfaces for testers, they deal with very high data throughputs.
Plus, at 4 reboots per year, that is an average uptime of less than 100 days, that would be a really bad performance in unix world.
The first shot is free, but that is just to get you hooked on it. Once you're hooked, prices go through the roof and they will take everything you have.
bingo
Compressed streams often have a 'signature' at the beginning of the stream. When this signature is encrypted, then the attacker knows a little bit of unencrypted data and the 'corresponding' encrypted data. This will make a plaintext attack more feasible. It may still require the attacker to eavesdrop many packets and spend a lot of cpu time on them, but it will be less than with completely random data. However, not compressing also aids the plaintext attack, especially when the data is known or patterns of it are guessable, such as english text (alphabetic statistics), protocols "GET /cgi-bin/login.cgi", "HELO myserver", headers "X-Mime-Type:", etc.
To be most secure, you should only encrypt and transmit absolutely random data.
But you won't be stuck in a traffic jam of tourists... because they will be on the train...
Maybe it's a fee, but you're getting space on your roads back for it.
Otherwise, you'd be paying more just to expand the roads.
"To hover, the Transrapid requires less power than its air conditioning equipment"
Wow, and that is in Germany. Think of the ratio in the sunshine state!
Right on the bat.
Whatever information they don't give us, we'll have to make up ourselves.
Let's vote on an answer for question one.
I nominate "But only imported beer" as an answer for question one.
Anybody knows the questions?
As is indicated at the end of the article, a Linux application running with system priveleges can create windows anywhere with no implications for security. Creating X11 windows does not give any other process any execution rights, but with Win32 and this shatter program it does.
Why don't you read rule three and four of the official definition.
And if you still don't see it, then skip ahead and read the last rule, rule nine "The License Must Not Restrict Other Software".
I fully agree.
Anyway, when I can't modify the source to remove the click-through and then redistribute it myself under the same terms, then it's not free software (free not as in beer, but free as in non-captive). And it shouldn't be called open source. If they start accepting this, then pretty soon they will have to accept licences including 'and you can only modify it to fix my bugs and then let me sell it again'.
# apt-get dist-upgrade
- - -
downloading...
click-click-click-click-click-click-click-click
click-click-click-click-click-click-click-click
click-click-click-click-click-click-click-click
click-click-click-click-click-click-click-click
AAAAAARGH. hurting hands, fingers.
Repetitive Strain Injury!
Lawsuit!
IIRC purify also doesn't guarantee to catch all oob accesses, so they probably use a similar technique.
Being first is not always being best.
Actually, in software, the first version usually has the most bugs.
Rush, Rush, and Rush. Debug later sell first.
"but there's a long long list of ways in which it is vastly inferior to Purify right now"
How about showing us that list?
"companys should employ this man"
;-))
I know my company will be employing this on every project I work on
I've been waiting for this. I've seen the malloc debuggers and the like (electric-fence, gccchecker, etc), but they're all incomplete, have problems with C++ code, or are just for allocated memory ('new'-ed objects, malloc()-ed data, etc), not for regular vairables: statics, local variables, etc.
But valgrind seems to be just right I gave it a quick tryout and it is looking good!
Wow.
apt-get install valgrind.
And all we need now is a gvalgrind, and/or a kvalgrind gui interface just like purify has and I'm all happy.
"There's a lot more than I/O and memory management to make up an operating system."
Translation, they accept defeat on I/O and memory management efficiency and go on to claim that an OS needs a good flying madonna to be complete?
Talk about changing the topic of discussion.
for those actually following this as a guideline (if anybody): I forgot to mention: make a /etc/vservers/01.conf and you need IP aliasing support in the kernel (and of course a kernel with the vservers/ctx patch).
"You know, to be honest, I think they kept it vague on purpose"
.net: it microsoft's long-term response to linux: move the applications a layer up away from the OS. Just like what often is already happening with html. Who needs to buy TurboTax if you can do it securely on-line on their website? Expand that to all applications and you don't really use the operating system anymore except for a java capable html browser. Now 'embrace and extend' that and you get .net
It's a basic economic principle: The less transparency, the higher the profit margins.
It's the same reason why often the price is not the only thing you're paying for, there are lots of added fees (try buying a car or even simple telephoneservice).
About
Actually, I run Debian (woody) and I've been running a pristine RedHat7.2 install in a vserver on it for a couple of weeks now. I'm running two distributions in parallel. No more upgrading of distributions, just install new ones additionally. I can always still use the old version (as long as they all accept a common 2.4 kernel)
/vservers/01 (or mount the disk there).
/etc/ssh/sshd_config of your debian to only bind to one IP instead of 0.0.0.0, and then you can start an ssh in the rh72 vserver and there you are, as if you had an extra computer running rh72.
howto? Simple, install redhat7.2 on an empty disk, and copy all the files including permissions to
The vserver sources are easy to deb-make (man deb-make) (tip: "RPM_BUILD_ROOT=$(DESTDIR)" in the Makefile).
"vserver 01 start" to boot rh72, and "vserver 01 enter" to enter it as root. edit the ListenAddress in
(did I mention the whole thing is diskless remote boot too?)
It's not a mysterious force. We've all felt this force when we were away from home for a long time.
Poineer 10 is homesick.