Red Hat 9 is a 'major distribution' and I haven't had a kernel patch in ages. My box is probably venerable to all sorts of bugs. But now Red Hat wants me to pay for security updates? Grrr. Someone tell me there is a better solution. I want a 'pay once but free update for 5 year' solution that other OS vendors offer.
Then just update what you want. Nothing is stopping you.
If you can't figure out how, get apt and Synaptic...run Synaptic, and update.
If I start receiving spam, I just look at which address its sent to and I know right away which company sold my address or which online forum my email was harvested from. If the spam gets too bad, I actually go and create a real mailbox for that address and route it to a black hole... viola, no more spam.
I do almost the same thing. The mail to abandonded addresses is sent to a spam filter to help train it.
That way if the same spam gets sent to a good address, it gets filtered out.
Why give them a golden master? It can get dammaged, and you will then have dammaged duplicates.
Instead, make an image, call it a golden image, checksum the image (MD5sum for example), compress it and send it on any media you like or over the net.
If uncompressing the image causes an error, you should hear from the duplication facility right away.
Check the first disk from the duplication facility before having them perform bulk duplication.
If the checksum doesn't match what you expect, verify your golden image and resend it.
This is a good resource for people new to Linux and want to try Red Hat's flavors. It's not a guide for idiots, though, and at times it does have some handy sections. For example, the article on SElinux is good as is the one on Evolution...though after using Evolution for a few years I personally found nothing new about that.
You won't appreciate much in this magazine if you are not curious about software, are a die hard Debian fan, or simply know quite a bit about Red Hat or Fedora Linux already.
I've bookmarked it, will review it regularly, and will consider passing along articles or the URL to friends and associates as it is appropriate.
Then, when the oil really starts to run dry they'll have the upper hand, and China, India, and the US will be buying technology from them.
Yet, when top elected leaders in the US decide that we are in the 'end of days', why would they care about emerging energy technologies, or if oil runs out in 20 years, or if polution causes any environmental dammage. They won't be here -- only the sinners will be!
For the last time you ludites -- it doesn't matter if you have a piece of paper!
The only thing that matters is that the process is transparent, traceable, and verifiable. With that, you can have reasonable certianty.
With computerized systems, it is possible to reach certianty with most/all mistakes or fraud pushed to outside the voting systems. (Ex: Corrupt officials refusing or thwarting investigations, votes being bought,....)
With each piece of data being fairly small, it's not unreasonable to log a checksum for each and every part -- from software used through to the individual voter's choices and even data packets themselves.
A careful sampling of both the voter roles and the population in general should be enough to make sure that votes weren't changed and that phantom votes weren't counted.
This article contains material on evolution. Evolution is a theory, not a fact, regarding the origin of living things. This material should be approached with an open mind, studied carefully, and critically considered....
By chance, you don't happen to live under a bridge...do you?
To give you a basic idea, some are quite painful to install with SSL enabled if you don't have root access. Others just discourage it.
Additionally, quite a few have a default data from the development site; you're getting a carbon copy of a site not an application. Wikis tend to be the biggest offenders. Twiki, for example, is a royal pain to configure from scratch if you want to start with a blank slate. Use the Twiki site data itself, and most of it seems to work...till you start to customize things...and it breaks again. Very annoying.
(This is perfect: Teposted to gain visibility -- Moderators please mod up the original.)
What are questions you're getting that Windows 'can't do either' ?
Windows isn't easy to install, but Linux gets ridiculed all the same. Office isn't fully compatible with itself across versions, Linux gets ridiculed because it isn't fully compatible with Office. Windows doesn't have a consistent and easy to use GUI, Linux gets ridiculed for the same.
Biggest problem with Linux is still the kernel. How in the hell do you make something convenient when more than half the drivers need to be compiled into modules first before loading into the kernel.
I haven't had to fiddle with the kernel in years. If I do, it's for fun or to try out a bleeding edge feature. For the last 6 months I've been running a stock, pre-compiled, kernel. The only thing I've had to do kernel wise is run Nvidia's binary video driver installer.
I'm not saying you don't have a problem, though the kernel hasn't been a big issue -- or the biggest -- for quite a while.
I've not come across people that just make up random words, then ridicule Linux because it doesn't measure up when Windows doesn't measure up either.
I get that all the time...though it usually starts out with some reasonable words before shifting into an impossible wishlist.
When called on it, the answer is usually "Yeah, but that's Windows. Isn't there something that Linux can do?". NO! That's the point...there is no magic!
I had a friend who insisted that he wouldn't bother with Mozilla till it could fit on a floppy. When asked why, he said that browsers should be small. The 'Does IE fit on a floppy' question was answered with a shrug and 'It doesn't have to'. He's looking at Firefox now though still thinks that it is too large.
Another guy here talked about support for a data format only handled by a legacy DOS app...that he didn't want to run under a DOS emulator...but Linux would have to support natively or he couldn't use it. Note that it wasn't that the app couldn't run under emulation...only that he didn't want to do that.
This is frustratingly irrational.
If we emphasised using truely multi-vendor or open formats to store data and meta data (business rules, etc) we'd all be better off. Unfortunately, I see more decisions being made on the shape of buttons and informal recommendations instead of if it's dangerous to use the data format or not.
Let me be more clear. Sure they can run it in a DOS emulator on Linux. That's not the problem. What they want is "external support" for that particular configuration, and they don't have the time or the patience to chase down dozens of Google leads, whenever a problem comes up. They'd rather pay (and expense) for a dedicated vendor, but the market is too small to support one.
I have similar customers -- fee based on yearly retainer + remote support + on-site support -- though if the original vendor no longer exists you've already lost the dedicated vendor...so they have no other options but to go to a third party if they can't or don't want to move to another software program.
The most troublesome has a CAD package that only worked under DOS with specific video hardware. That hardware was not emulated. They are looking at dumping or migrating all the CAD files they have when they begin to run out of video cards. Nobody can help them; they did it to themselves by not planning for migration to other systems. One of the reasons why propriatory formats are bad for business -- well, bad for the customers of the software!
Take the report writer; without Seagate Software offering a Linux version, we'd have rewrite thousands of reports unless a comparable piece of software existed that has all the features of Crystal reports we use and can do the conversion for us.
Seems like it should work, if not with a bit of configuration; http://appdb.winehq.org/appview.php?appId=748&vers ionId=990, http://www.unixodbc.org/doc/wine.html
I'm not suggesting that Linux won't be there. Just that it isn't there yet.
A focused patch is a good thing; it fixes a defined known problem with a low chance of introducing additonal problems.
Microsoft's updates tend to be mixed feature and defect updates...introducing defects along with the new features. That's why auto updates have a bad rep.
Many Linux distributions handle updates in a similar way, with some important differences;
Each update tends to be at the package level; an X update doesn't impact Perl, a kernel update doesn't change X.
Updates tend to be incremental and not by major version number; a change from version 2.75.38-2 to 2.75.38-3 to cover distribution tuning or a change of 3.14.4 to 3.14.5 to cover an actual code upgrade are common.
This often works, though not always. The more focused the patch, the more likely I'd turn on automatic updates.
In all reality, this is just driving toward another revenue stream for them. It is much easier to charge Spamers a fee to reach you than it is to get you to pay 19.99 a year for Mail Plus.
Why would Yahoo! do anything that would cause them to be blacklisted?
(Before you say nobody would blacklist Yahoo check history; national mail providers have been blacklisted in the past -- when they decided to do nothing about spam and pissed off enough people.)
For those that grew up with Toy Story being their first Disney film, the Disney brand recognition is pretty worthless in films.
Two words: Disney Princesses.
Many of the popular disney films have a 'princess' of some sort, and pre-teen girls love them.
That said, Disney does not apeal nearly as much to the teen and up groups...let alone pre-teen boys. The brand is weak almost everywhere except for the fans of the princesses.
It's almost an admision of defeat to install the firewall by default.
Why? Is there a reason that a computer should by default allow all traffic to flow in and out without any user interaction at all?
If there's nothing to say "Yep, I'm here!" there's nothing for the firewall to block. Some ports under Windows CAN'T be turned off -- they have to be blocked. Bad design.
Firewalls are for allowing traffic. If you want to block the network, turn it off.:)
The guide has lots of practical advice and is almost complete (I could add 2-3 more pages). I'd consider it a minimum base configuration for all Windows XP systems out there -- even helps quite a bit with NT-style pre-XP versions of Windows.
(If you don't need it, consider passing it along to those who do.)
Add a good external audit tool such as Nessus to the list, and XP becomes pretty darn secure.
Keep in mind that unless you automate these steps for larger installations, each machine will take about 2 hours to secure and bring up what is common under different flavors of *nix. Consider that by not doing these steps you could get exploited and spend 2+ hours cleaning up and recovering -- if at all possible!
I am a sysadmin, a poor one, and I can definitely say I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over. And I have a sneaking suspicion that someone who knows what's going on could redo our environment entirely such that I wouldn't have to. What an unfortunate thing! I don't even know what I'd do with all those extra resources freed up. I think our company had something to do with turning profits, long ago...
Security is tough...though doable. The general idea is to secure your systems well enough so that if a new exploit occurs it is difficult to impossible for the exploit to impact your unpatched systems.
General tips;
Simplify; run only what you absolutely need on any system. Remember that even simple programs have been exploited in the past so don't fall into the "that's just a harmless ________" trap.
Isolate; don't just keep minimial systems exposed to the internet, keep all systems visible on a 'need to know' basis. If the database server only talks with the intranet web server and the accounting database, make it so only those machines can see the database. If something breaks, or a developer needs access, either change the router or treat the database as a remote resource and have the group use a SSH tunnel.
Automate; whatever can be automated, automate. Keep in mind that updates can break systems in some way, though focused patches tend to be fairly harmless. Have rollbacks enabled so that any dammage can be reversed without resorting to backups. (You do backup everything, right? Nightly incremental backups + occasional full backups.)
Hire me; I'd be glad to charge, er, help you out with this. Reasonable fees and all that.
I'm all for open source software, to the point of administering a sourceforge project. But. But I cannot think open source is anything to get rich with. Can you run a bussiness ? Sure. Can you make money with it ? Sure. But can you make a lot of money with it ? Hardly....
... The money will quietly remain in the companies using OSS. They should refocus their strategy and perhaps invest in those companies (the ones heavily using OSS).
I mostly agree, with a slight change in perspective.
Propriatory rates can't be charged most of the time for a commodity. The problem for the Oracle's of the world is that they can't charge as high of a propriatory rate anymore...since software+hardware are commodites. OSS has knocked the mystique out of most brands, though not entirely.
That's in the US only. For 1 year. Now, much of that goes into boats (think big projects), though there are plenty of other businesses linked to sport fishing (stores/guides/rental/camping/restaurants/... think smaller projects/contracts) that unless you go looking for evidence of sport fishing making anyone money, it's largely invisible.
OSS is also largely invisible...yet, IBM alone has both spent and earned billions on it. Large amounts of money is already being made and we are in the mid to early stages of large scale adoption.
A single piece of OSS swimming by itself is admirable, though in isolation not very useful. Like the fish in fishing, OSS is both about software and not about the software.
Slashdot Mirror
Er...why is this post marked insightful? Funny, yep, insightful...no no no no no.
Then just update what you want. Nothing is stopping you.
If you can't figure out how, get apt and Synaptic...run Synaptic, and update.
III.j. For justice, all your base are belong to us.
Excellent idea. Thanks for the tip!
I do almost the same thing. The mail to abandonded addresses is sent to a spam filter to help train it.
That way if the same spam gets sent to a good address, it gets filtered out.
Instead, make an image, call it a golden image, checksum the image (MD5sum for example), compress it and send it on any media you like or over the net.
You won't appreciate much in this magazine if you are not curious about software, are a die hard Debian fan, or simply know quite a bit about Red Hat or Fedora Linux already.
I've bookmarked it, will review it regularly, and will consider passing along articles or the URL to friends and associates as it is appropriate.
Yet, when top elected leaders in the US decide that we are in the 'end of days', why would they care about emerging energy technologies, or if oil runs out in 20 years, or if polution causes any environmental dammage. They won't be here -- only the sinners will be!
The only thing that matters is that the process is transparent, traceable, and verifiable. With that, you can have reasonable certianty.
With computerized systems, it is possible to reach certianty with most/all mistakes or fraud pushed to outside the voting systems. (Ex: Corrupt officials refusing or thwarting investigations, votes being bought, ... .)
With each piece of data being fairly small, it's not unreasonable to log a checksum for each and every part -- from software used through to the individual voter's choices and even data packets themselves.
A careful sampling of both the voter roles and the population in general should be enough to make sure that votes weren't changed and that phantom votes weren't counted.
Aren't a few of those companies on the "don't have a clue"/"will parrot any opinion for a price" list?
By chance, you don't happen to live under a bridge...do you?
(checks posting history) Well! I guess you do!
Additionally, quite a few have a default data from the development site; you're getting a carbon copy of a site not an application. Wikis tend to be the biggest offenders. Twiki, for example, is a royal pain to configure from scratch if you want to start with a blank slate. Use the Twiki site data itself, and most of it seems to work...till you start to customize things...and it breaks again. Very annoying.
I'd treat them with a great deal of caution.
Windows isn't easy to install, but Linux gets ridiculed all the same. Office isn't fully compatible with itself across versions, Linux gets ridiculed because it isn't fully compatible with Office. Windows doesn't have a consistent and easy to use GUI, Linux gets ridiculed for the same.
I haven't had to fiddle with the kernel in years. If I do, it's for fun or to try out a bleeding edge feature. For the last 6 months I've been running a stock, pre-compiled, kernel. The only thing I've had to do kernel wise is run Nvidia's binary video driver installer.
I'm not saying you don't have a problem, though the kernel hasn't been a big issue -- or the biggest -- for quite a while.
I get that all the time...though it usually starts out with some reasonable words before shifting into an impossible wishlist.
When called on it, the answer is usually "Yeah, but that's Windows. Isn't there something that Linux can do?". NO! That's the point...there is no magic!
I had a friend who insisted that he wouldn't bother with Mozilla till it could fit on a floppy. When asked why, he said that browsers should be small. The 'Does IE fit on a floppy' question was answered with a shrug and 'It doesn't have to'. He's looking at Firefox now though still thinks that it is too large.
Another guy here talked about support for a data format only handled by a legacy DOS app...that he didn't want to run under a DOS emulator...but Linux would have to support natively or he couldn't use it. Note that it wasn't that the app couldn't run under emulation...only that he didn't want to do that.
This is frustratingly irrational.
If we emphasised using truely multi-vendor or open formats to store data and meta data (business rules, etc) we'd all be better off. Unfortunately, I see more decisions being made on the shape of buttons and informal recommendations instead of if it's dangerous to use the data format or not.
I have similar customers -- fee based on yearly retainer + remote support + on-site support -- though if the original vendor no longer exists you've already lost the dedicated vendor...so they have no other options but to go to a third party if they can't or don't want to move to another software program.
The most troublesome has a CAD package that only worked under DOS with specific video hardware. That hardware was not emulated. They are looking at dumping or migrating all the CAD files they have when they begin to run out of video cards. Nobody can help them; they did it to themselves by not planning for migration to other systems. One of the reasons why propriatory formats are bad for business -- well, bad for the customers of the software!
ERP: http://www.compiere.org, http://www.fisterra.org
Seems like it should work, if not with a bit of configuration; http://appdb.winehq.org/appview.php?appId=748&vers ionId=990, http://www.unixodbc.org/doc/wine.html
It's situation specific, not black and white.
Microsoft's updates tend to be mixed feature and defect updates...introducing defects along with the new features. That's why auto updates have a bad rep.
Many Linux distributions handle updates in a similar way, with some important differences;
Each update tends to be at the package level; an X update doesn't impact Perl, a kernel update doesn't change X.
Updates tend to be incremental and not by major version number; a change from version 2.75.38-2 to 2.75.38-3 to cover distribution tuning or a change of 3.14.4 to 3.14.5 to cover an actual code upgrade are common.
This often works, though not always. The more focused the patch, the more likely I'd turn on automatic updates.
Why would Yahoo! do anything that would cause them to be blacklisted?
(Before you say nobody would blacklist Yahoo check history; national mail providers have been blacklisted in the past -- when they decided to do nothing about spam and pissed off enough people.)
Two words: Disney Princesses.
Many of the popular disney films have a 'princess' of some sort, and pre-teen girls love them.
That said, Disney does not apeal nearly as much to the teen and up groups...let alone pre-teen boys. The brand is weak almost everywhere except for the fans of the princesses.
Why? Is there a reason that a computer should by default allow all traffic to flow in and out without any user interaction at all?
If there's nothing to say "Yep, I'm here!" there's nothing for the firewall to block. Some ports under Windows CAN'T be turned off -- they have to be blocked. Bad design.
Firewalls are for allowing traffic. If you want to block the network, turn it off. :)
SP2 has some important security enhancements. That said, it's not secure by default. To improve the security quite a bit, take a look here;
Securing Windows XP
The guide has lots of practical advice and is almost complete (I could add 2-3 more pages). I'd consider it a minimum base configuration for all Windows XP systems out there -- even helps quite a bit with NT-style pre-XP versions of Windows.
(If you don't need it, consider passing it along to those who do.)
Add a good external audit tool such as Nessus to the list, and XP becomes pretty darn secure.
Keep in mind that unless you automate these steps for larger installations, each machine will take about 2 hours to secure and bring up what is common under different flavors of *nix. Consider that by not doing these steps you could get exploited and spend 2+ hours cleaning up and recovering -- if at all possible!
Security is tough...though doable. The general idea is to secure your systems well enough so that if a new exploit occurs it is difficult to impossible for the exploit to impact your unpatched systems.
General tips;
... The money will quietly remain in the companies using OSS. They should refocus their strategy and perhaps invest in those companies (the ones heavily using OSS).
I mostly agree, with a slight change in perspective.
Propriatory rates can't be charged most of the time for a commodity. The problem for the Oracle's of the world is that they can't charge as high of a propriatory rate anymore...since software+hardware are commodites. OSS has knocked the mystique out of most brands, though not entirely.
Try this on for size;
- How much money do you think is spent on
-
Sport fishing each year?
(Guess before you click! Ready?)That's in the US only. For 1 year. Now, much of that goes into boats (think big projects), though there are plenty of other businesses linked to sport fishing (stores/guides/rental/camping/restaurants/... think smaller projects/contracts) that unless you go looking for evidence of sport fishing making anyone money, it's largely invisible.
OSS is also largely invisible...yet, IBM alone has both spent and earned billions on it. Large amounts of money is already being made and we are in the mid to early stages of large scale adoption.
A single piece of OSS swimming by itself is admirable, though in isolation not very useful. Like the fish in fishing, OSS is both about software and not about the software.
How's your speaking?