This is a big time saver, and it has worked flawlessly for me. I typically still reboot after installing a service pack however. Not sure if this is needed.
Depends. Some do require a reboot before other service packs show up in Windows Update. (For Windows 2000...maybe not for Windows XP?)
Firewall will help, though it's not complete. Use a secure connection (SSH (Putty)) and turn off all other exposed services. Windows also supports encrypted point-to-point connections (CIPE). Use it.
Alternatively, you can get all patches and put them on the machine. Write a script that takes down the network connection, applies the patches, and brings it back up when done. Do you feel lucky?:)
Thanks. I thought there were some XFree options for that, but didn't look. Much simpler.
USB host mode - Add hard drives, other USB devices
on
Zaurus SL-6000 Review
·
· Score: 4, Informative
Most PDAs -- including (all?) previous ones from Sharp -- were USB slave devices. You could connect the PDA to a computer, and that computer could use the PDA, but you could not connect the PDA to a USB device and have the PDA use that device.
The SL-600 changes that. In theory, you should now be able to connect any USB device that Linux supports to the SL-6000 and use it. So far, unfortunately, I've heard no sucess doing this yet...though the hardware is there.
Anyone have sucess using random devices with the Zaurus?
I'd expect that the following should work without much trouble;
USB splitter
Keyboard
disk drives (including flash)
Some may require software tweaks or added support as the Zaurus is intentionally a minimalist device.
Now how do I get Task Scheduler to stop listening for connections. Oh, and LSASS too.
I don't have Windows infront of me, though the typical method for anything is;
Find an approved method of shutting it off such as using the administrative services menu or use Google to see how others have disabled it.
If that fails, bring up the task list (ctrl-alt-del) to see what is running and track down the software. (This list lies BTW.)
Run Dependency Walker on that program and remove the associated software (be careful as things the software uses are also in use elsewhere). Other tools -- including ones for memory analysis -- can be found at sysinternals.com.
When in doubt, rename the file(s) instead of deleting them.
Reboot and check to see that something has not "repaired" the changes you have made. If so, check the registry for likely settings.
Still, you might find a way to start a terminal (Ctrl-Alt-F1), and there goes any KDE-dependant locking down.
Edit/etc/inittab and #comment out (do not remove) the other terminals. Make sure that you leave one runlevel unchanged just in case you mess it up. (Typically, runlevel 5 is used for graphical desktops.)
If you pick on someone else's ignorance, do not get upset if the favor is returned.
Your rant at the end about viri/viruses/... is the same nit picking.
The distinction between process and tools is bedrock; it's the single most important part. Your comments ignored it; you yourself gave the dumbed down 'use a firewall'.
Specifically;
What I said, paraphrased, was: "If you are head of an IT department charged with installing software on a new machine, a good idea is to place it behind a firewall with no open ports, to prevent worms from exploiting the vulnerable operating system while you patch it."
"Firewall not important!"
How you got from that I was suggesting that a firewall is the only security you need, or that I was making any suggestiong to home users, I have no idea.
This;
I was suggesting to put up the box behind a firewall appliance -- a cheap Dlink would do -- as the ONLY thing behind it. Put it on your installation bench sort of like a surge protector for viruses.
Why bother with a cheap hardware firewall box for one machine unless you're talking about a home machine. (Isolate machines at the router and update from a trusted server that is read-only and exposed to the isolated segment only.) Home or corporate network, you've shot a degree of certianty by relying on a firewall to ensure security; "Firewall not important!"
I'll match your rant: As for things that I'm sick of one is being forced to deal with the apathy and 'it is good enough' attitude of people who are paid to know better.
I was suggesting to put up the box behind a firewall appliance -- a cheap Dlink would do -- as the ONLY thing behind it. Put it on your installation bench sort of like a surge protector for viruses.
I still disagree. Let's start with the surge protector. If you plug your power into a good surge protector but not any other wires (network, phone, external audio,...) you can still have your system fried. My little sister did that, and I spent way too much time on the phone walking her through repairs...eventually buying the system from her to get off the hook on supporting it. Turns out the system board and network card were fried.
Getting back to firewalls...
For a home user? Even if not, it's not very effective since connecting to other systems opens up the chance that the user will choose to do something they shouldn't, or may turn off system-level protections, or a "helpful" program will open up a hole that normally would be plugged by the firewall itself.
Example: I helped "speed up" one friend's machine. It was the only one he had, behind a cable modem and a firewall router.
Checking the firewall using a remote scanner showed that the system had all ports completly hidden.
Checking his system, it had Microsoft's "low security" setting. That was enough for about 30 spyware programs (not cookies) and 6 viri to end up on his system.
After cleaning up the mess and reinstalling some dammaged software, I turned it up to "medium". Not because I thought this would protect him much, even with the firewall, but because it was a good first step and with some people no good deed goes unpunished. (I told him explicitly what I proposed, what I suggested for the future, and he agreed before I made changes. If it were my system, I would have backed up data, nuked it, and put back a minimially exposed OS installation.)
Firewalls aren't security. They are a tool to be used with other tools to perform a task that may lead to better security; "process before product" or "process not product" are two mantras to keep in mind. Firewalls are ineffective and give a false sense of security if you just plug them in like a surge suppressor and do nothing more.
I agree on the reasons why management doesn't want Linux. That and fear; they don't run it so they suspect it's major voodoo. Running a test system with a web app or two is like a camel's nose, though.
A new computer is like a new baby. You need to inocculate it or it'll get sick. If you're putting out in a wild environment without protection -- and a suitably large organization is almost as bad as the internet itself -- you're just asking for trouble. The best way to prevent this is to patch it up to a useful level behind a one way firewall. An even better way is to update your corporate ghost image once a month so you're never more than 30 days behind in your patches.
I strongly disagree;
Firewalls don't protect jack if ports are open client side within your network that shouldn't be.
Infections can't be stopped by running virus scanners.
Testing is very much necessary, as are customizing the desktop so that it doesn't have exposed interfaces. (Run a port scan or better yet Nessus. Know what's running and in most cases TURN IT OFF.)
Baseline configuration is the way to go since you're at the mercy of the vendor's marketing team otherwise -- and marketing teams don't care about security, stability, or usefulness.
When done with this, go back and work on tuning firewall(s) and routers. Split the network into parts that are isolated by function using the router; accounting should not be directly accessable from development or development from production.
In a corporate network environment, such as mine, a few weeks is barely enough time to get a patch onto every desktop.
Suggestions;
Create a base-line standard machine and make sure everything matches (including firmware).
Reduce any odd-ball computers so that the baseline means something.
Automate mainteance to these machines *entirely*.
Put everything you can on the network -- data and applications. (Runtime environments should be local, though custom apps should be locked down elsewhere.)
For servers, have a seperate baseline installation. Automate the deployment also, though set aside test and roll-back time.
I wrote a 70 page document explaining why we should switch from Windows to Linux. Management wouldn't even start to read it. This is what they get for their ignorance.
I wrote a 50 page document and a 30 page add-on that described basic admin functions. One tip: Don't use the default password on the database. Really; it's that bad.
Show that you can handle Windows, and while you're at it drop in something that runs on Linux that management can get all excited about. A wiki, a test replacement for Exchange (if you have Exchange). The costs -- risks and money -- to switch are minimal since it's "done"; that will be more effective. That said, I did a similar demo for my boss and his reaction was "good...does it run under Windows?". This was for a web app.
I spend several hours a month supporting my mother-in-law and her skanky disease-ridden Windows laptop. I'd love to get her onto a nice Linux system, supported by somebody who's not me.
*That's* the reason. Sure, Linux isn't Windows so the post install issues will be minimal, though 2 calls a year will crush any profit from $5/month payments if we're talking g-ma.
The $5-per-machine/month is for groups that can hear the answer to a question a couple times and then not call back again on that question. The number of calls per machine is easily below 2 a year.
Summary: Very small portable computer with a regular keyboard. The base system is built on a name-brand hardware (Sharp) with a customized Linux distribution on it. The customizations take care of the specific hardware; just like Dell, IBM, Compaq/HP, Sony, and -- well -- Sharp do for the customized versions of Windows they ship. Includes support, and yes you can update the packages -- just don't expect support for packages they don't provide.
Element computer also has a good selection of hardware customized for Linux. Not rebranded IBM/Sony/Sharp/... though you can get a notepad laptop of you want -- ready to go -- and it looks like good stuff. They do not sell Windows, so you won't be paying Microsoft like Emperorlinux had to (using top-notch hardware with Windows already bundled on it).
This also led to discussion where management would say things like, "We need to make X new feature as complicated as possible... instead of doing it in 3 pages, let's do it in 7 cos then we'll serve more ads".
I'm curious. What is it like working at Tom's Hardware these days?
You aren't terribly familiar with the Dutch, are you?
Yep. Been in the Neitherlands many times and other Dutch speaking parts of Europe.
They don't attempt to drain the enitre Atlantic, just reclaim parts. Sounds like they are at #3 and do #2 only where it's reasonable.
Microsoft executives either think they can pave over the ocean or they are just attempting to carve out a piece -- like the Netherlands does -- and do not really think that they will have a chance to entirely wipe it out. If they aren't at that understanding yet, they will be eventually. (IMNSHO)
There is always enthusiasm in our business for new concepts. So-called 'free software' is the latest new thing.
It's only been around since the 1960's.
Yeah, I got a grin out of that too. One company I worked for in the late 80s/early 90s was told by a potential customer "give us your source code, or we will not buy 3,000 units of your software".
I thought it was outrageous at the time. The compromise was to have a seperate contract that said the customer would gain access to the source (held in 3rd party escrow) if the company I worked for went under. What surprised me was that the compromise was even considered by the chief developer and owner of the company.
The less information (or more misinformation) potential Microsoft customers have, the easier it is to influence their choices. Microsoft might come off looking ignorant to some of us, but we're not who they're after, and they're louder than we are.
Exactly. I get a grin, though, when the intentional FUD isn't swallowed whole -- and they are called on it by those who traditionally support Microsoft. It happens rarely, though I've had a couple die-hard MS fans speak reasonably about OSS over the last couple years. One, while still solidly in the MS camp, will recommend OSS (if not Linux specifically) when it is appropriate. 'To do otherwise would be unprofessional' is his attitude, and it's a good one.
IBM's endorsement of Linux has added credibility and an illusion of support and accountability, although the reality is there is no 'center of gravity,' or central body, investing in the health and growth of noncommercial software or innovating in critical areas like engineering, manageability, compatibility and security."
I suspect that Novell, Red Hat and IBM have a strenuous argument against this bit of cheerleading.
Well, I took that to mean 'unlike Microsoft -- a central body for Windows -- there is no one single place that you can go for Linux (with the exclusion of all other sources). The list of companies you mention support this assertion, though I actually like having multiple vendors. It keeps the others more honest.
Microsoft leaders must be deeply frustrated with attacking Linux and OSS. It's like having a large private island and fighting the ocean around it;
Pound on it all you like, there's always more water.
The water for the most part doesn't pay attention.
The water is busy erroding the coast line.
The only tactics that they have left are to;
Poison the water. (Statements like this are just one example of that attempt...IP focused lawsuits and fud are another. FUD is the stock and trade of MS in the past since it is so effective, so I doubt it will be dropped in the future.)
Give up some mountains or hills and fill in part of the ocean. (Declare victory while loosing in the process; cut licence fees, spread money around, hype what they have. This has happened over the last year.)
Allow the ocean to be an ocean, understand it, and live with what that means. (Has happend a little. This is like the "acceptance" stage of denial.)
There's a lot of water, though, and all of is drinkable if not tasty.
I think we are in agreement on the DVD media licences; you bought it, it's yours for private use. (if not more...arguable)
As a seperate issue, and more interesting, as I see it the DVDCCA would have to show material harm that is seperate from the MPAA copyright holders and that harm would be limited to DVDCCA's losses.
If they use MPAA "losses" (actual or fictional) they are saying they are an agent of the MPAA and not a unique seperate entity.
I'd hate to be dragging money out of people on this pretext if I were at the DVDCCA. The main benefactor would be the MPAA who chose a "secret sauce" to protect things they sell physically to others; "lack of physical security = lack of assurance of any security".
Yes, it sucks that to play DVDs, you have to buy a license. But...so?
If it's only a licence, I've got that. I actually have a few spares. Every DVD drive I've bought was bundled with Windows DVD playing software. A few system boards too.
I'd like to see this legal proceeding;
Judge: So, why didn't you use a licenced player?
Defendant: I had one, but it didn't run under Linux.
Judge: But you could have used that player.
Defendant: It would be unreasonable your honor.
Judge: Is that a fact?
Defendant: Using the same machine, I would have to purchase an operating system from a third party... install it... and use the software for DVD playing, right?
Judge: Continue.
Defendant: The licence has been paid once, why burden myself and others to go out of our way to pay it yet a second time or to go through special steps that bear an additional cost. The proscution has already recieved payment. Forcing the use of a third party product would benifit no one represented in this case. The prosecution is not under any obligation to provide software. They in fact don't provide any software at all, only the licence. They are obligated to live up to the already paid for licence, though. Does the The prosecution does not refute that the licence has been paid for in full already.
Judge: Isn't the licence tied to the software, and the software does not run under Linux?
Defendant: The software was sold as a bundle with my DVD drive. As such, it is already tied to the same hardware -- if Linux is running or some other operating system. That said, if it were purchased without hardware, it would still be one licence paid for the device in question.
Judge: It actually is not, because you aren't using the licenced software under Linux.
Defendant: If two different licenced software players for two different DVD drives were used as the manufacturer recommends...but the two players were switched on each machine...would there be a violation? They are not using the right operating system or hardware, Linux or not, yet the licence has been paid in both cases.
Judge: Yet, you can't use Linux and this licenced software.
Defendant: True, your honor, and for that we do not ask for a remedy from the prosecution. It is a technical issue; the licence has been undisputedly paid. It was tied to the hardware, so any method to make use of the paid for licence would be reasonable and have no impact on both the licensee and the licensor.
Slashdot Mirror
Depends. Some do require a reboot before other service packs show up in Windows Update. (For Windows 2000...maybe not for Windows XP?)
Alternatively, you can get all patches and put them on the machine. Write a script that takes down the network connection, applies the patches, and brings it back up when done. Do you feel lucky? :)
Thanks. I thought there were some XFree options for that, but didn't look. Much simpler.
The SL-600 changes that. In theory, you should now be able to connect any USB device that Linux supports to the SL-6000 and use it. So far, unfortunately, I've heard no sucess doing this yet...though the hardware is there.
Anyone have sucess using random devices with the Zaurus?
I'd expect that the following should work without much trouble;
USB splitter
Keyboard
disk drives (including flash)
Some may require software tweaks or added support as the Zaurus is intentionally a minimalist device.
I don't have Windows infront of me, though the typical method for anything is;
Edit /etc/inittab and #comment out (do not remove) the other terminals. Make sure that you leave one runlevel unchanged just in case you mess it up. (Typically, runlevel 5 is used for graphical desktops.)
If it's not running, it can't be exploited!
That not me. Check the thread again; here.
If you pick on someone else's ignorance, do not get upset if the favor is returned.
Your rant at the end about viri/viruses/... is the same nit picking.
The distinction between process and tools is bedrock; it's the single most important part. Your comments ignored it; you yourself gave the dumbed down 'use a firewall'.
Specifically;
"Firewall not important!"
This;
Why bother with a cheap hardware firewall box for one machine unless you're talking about a home machine. (Isolate machines at the router and update from a trusted server that is read-only and exposed to the isolated segment only.) Home or corporate network, you've shot a degree of certianty by relying on a firewall to ensure security; "Firewall not important!"
I'll match your rant: As for things that I'm sick of one is being forced to deal with the apathy and 'it is good enough' attitude of people who are paid to know better.
I still disagree. Let's start with the surge protector. If you plug your power into a good surge protector but not any other wires (network, phone, external audio, ...) you can still have your system fried. My little sister did that, and I spent way too much time on the phone walking her through repairs...eventually buying the system from her to get off the hook on supporting it. Turns out the system board and network card were fried.
Getting back to firewalls...
For a home user? Even if not, it's not very effective since connecting to other systems opens up the chance that the user will choose to do something they shouldn't, or may turn off system-level protections, or a "helpful" program will open up a hole that normally would be plugged by the firewall itself.
Example: I helped "speed up" one friend's machine. It was the only one he had, behind a cable modem and a firewall router.
Checking the firewall using a remote scanner showed that the system had all ports completly hidden.
Checking his system, it had Microsoft's "low security" setting. That was enough for about 30 spyware programs (not cookies) and 6 viri to end up on his system.
After cleaning up the mess and reinstalling some dammaged software, I turned it up to "medium". Not because I thought this would protect him much, even with the firewall, but because it was a good first step and with some people no good deed goes unpunished. (I told him explicitly what I proposed, what I suggested for the future, and he agreed before I made changes. If it were my system, I would have backed up data, nuked it, and put back a minimially exposed OS installation.)
Firewalls aren't security. They are a tool to be used with other tools to perform a task that may lead to better security; "process before product" or "process not product" are two mantras to keep in mind. Firewalls are ineffective and give a false sense of security if you just plug them in like a surge suppressor and do nothing more.
Stop relying on firewalls. Remove the services entirely!
Nessus, Dependency Walker, and a dozen other tools to examine your machines are much more effective.
If it's not running it can not be exploited!
I strongly disagree;
Firewalls don't protect jack if ports are open client side within your network that shouldn't be.
Infections can't be stopped by running virus scanners.
Testing is very much necessary, as are customizing the desktop so that it doesn't have exposed interfaces. (Run a port scan or better yet Nessus. Know what's running and in most cases TURN IT OFF.)
Baseline configuration is the way to go since you're at the mercy of the vendor's marketing team otherwise -- and marketing teams don't care about security, stability, or usefulness.
When done with this, go back and work on tuning firewall(s) and routers. Split the network into parts that are isolated by function using the router; accounting should not be directly accessable from development or development from production.
Suggestions;
Create a base-line standard machine and make sure everything matches (including firmware).
Reduce any odd-ball computers so that the baseline means something.
Automate mainteance to these machines *entirely*.
Put everything you can on the network -- data and applications. (Runtime environments should be local, though custom apps should be locked down elsewhere.)
For servers, have a seperate baseline installation. Automate the deployment also, though set aside test and roll-back time.
I wrote a 50 page document and a 30 page add-on that described basic admin functions. One tip: Don't use the default password on the database. Really; it's that bad.
Show that you can handle Windows, and while you're at it drop in something that runs on Linux that management can get all excited about. A wiki, a test replacement for Exchange (if you have Exchange). The costs -- risks and money -- to switch are minimal since it's "done"; that will be more effective. That said, I did a similar demo for my boss and his reaction was "good...does it run under Windows?". This was for a web app.
I spend several hours a month supporting my mother-in-law and her skanky disease-ridden Windows laptop. I'd love to get her onto a nice Linux system, supported by somebody who's not me.
*That's* the reason. Sure, Linux isn't Windows so the post install issues will be minimal, though 2 calls a year will crush any profit from $5/month payments if we're talking g-ma.
The $5-per-machine/month is for groups that can hear the answer to a question a couple times and then not call back again on that question. The number of calls per machine is easily below 2 a year.
OK, I fibbed. It's a Linux notebook.
Summary: Very small portable computer with a regular keyboard. The base system is built on a name-brand hardware (Sharp) with a customized Linux distribution on it. The customizations take care of the specific hardware; just like Dell, IBM, Compaq/HP, Sony, and -- well -- Sharp do for the customized versions of Windows they ship. Includes support, and yes you can update the packages -- just don't expect support for packages they don't provide.
The company selling this one has other name-brand hardware that fit other categories of notebook/laptops.
Element computer also has a good selection of hardware customized for Linux. Not rebranded IBM/Sony/Sharp/... though you can get a notepad laptop of you want -- ready to go -- and it looks like good stuff. They do not sell Windows, so you won't be paying Microsoft like Emperorlinux had to (using top-notch hardware with Windows already bundled on it).
I'm curious. What is it like working at Tom's Hardware these days?
Yep. Been in the Neitherlands many times and other Dutch speaking parts of Europe.
They don't attempt to drain the enitre Atlantic, just reclaim parts. Sounds like they are at #3 and do #2 only where it's reasonable.
Microsoft executives either think they can pave over the ocean or they are just attempting to carve out a piece -- like the Netherlands does -- and do not really think that they will have a chance to entirely wipe it out. If they aren't at that understanding yet, they will be eventually. (IMNSHO)
It's only been around since the 1960's.
Yeah, I got a grin out of that too. One company I worked for in the late 80s/early 90s was told by a potential customer "give us your source code, or we will not buy 3,000 units of your software".
I thought it was outrageous at the time. The compromise was to have a seperate contract that said the customer would gain access to the source (held in 3rd party escrow) if the company I worked for went under. What surprised me was that the compromise was even considered by the chief developer and owner of the company.
Like "bug" and "defect".
Exactly. I get a grin, though, when the intentional FUD isn't swallowed whole -- and they are called on it by those who traditionally support Microsoft. It happens rarely, though I've had a couple die-hard MS fans speak reasonably about OSS over the last couple years. One, while still solidly in the MS camp, will recommend OSS (if not Linux specifically) when it is appropriate. 'To do otherwise would be unprofessional' is his attitude, and it's a good one.
I suspect that Novell, Red Hat and IBM have a strenuous argument against this bit of cheerleading.
Well, I took that to mean 'unlike Microsoft -- a central body for Windows -- there is no one single place that you can go for Linux (with the exclusion of all other sources). The list of companies you mention support this assertion, though I actually like having multiple vendors. It keeps the others more honest.
Microsoft leaders must be deeply frustrated with attacking Linux and OSS. It's like having a large private island and fighting the ocean around it;
The only tactics that they have left are to;
There's a lot of water, though, and all of is drinkable if not tasty.
I think we are in agreement on the DVD media licences; you bought it, it's yours for private use. (if not more...arguable)
As a seperate issue, and more interesting, as I see it the DVDCCA would have to show material harm that is seperate from the MPAA copyright holders and that harm would be limited to DVDCCA's losses.
If they use MPAA "losses" (actual or fictional) they are saying they are an agent of the MPAA and not a unique seperate entity.
I'd hate to be dragging money out of people on this pretext if I were at the DVDCCA. The main benefactor would be the MPAA who chose a "secret sauce" to protect things they sell physically to others; "lack of physical security = lack of assurance of any security".
You open source people have to cover this or Microsoft will walk all over you.
(Satire, probably bad, noted here to CMA.)
If it's only a licence, I've got that. I actually have a few spares. Every DVD drive I've bought was bundled with Windows DVD playing software. A few system boards too.
I'd like to see this legal proceeding;
Defendant: I had one, but it didn't run under Linux.
Judge: But you could have used that player.
Defendant: It would be unreasonable your honor.
Judge: Is that a fact?
Defendant: Using the same machine, I would have to purchase an operating system from a third party ... install it ... and use the software for DVD playing, right?
Judge: Continue.
Defendant: The licence has been paid once, why burden myself and others to go out of our way to pay it yet a second time or to go through special steps that bear an additional cost. The proscution has already recieved payment. Forcing the use of a third party product would benifit no one represented in this case. The prosecution is not under any obligation to provide software. They in fact don't provide any software at all, only the licence. They are obligated to live up to the already paid for licence, though. Does the The prosecution does not refute that the licence has been paid for in full already.
Judge: Isn't the licence tied to the software, and the software does not run under Linux?
Defendant: The software was sold as a bundle with my DVD drive. As such, it is already tied to the same hardware -- if Linux is running or some other operating system. That said, if it were purchased without hardware, it would still be one licence paid for the device in question.
Judge: It actually is not, because you aren't using the licenced software under Linux.
Defendant: If two different licenced software players for two different DVD drives were used as the manufacturer recommends...but the two players were switched on each machine...would there be a violation? They are not using the right operating system or hardware, Linux or not, yet the licence has been paid in both cases.
Judge: Yet, you can't use Linux and this licenced software.
Defendant: True, your honor, and for that we do not ask for a remedy from the prosecution. It is a technical issue; the licence has been undisputedly paid. It was tied to the hardware, so any method to make use of the paid for licence would be reasonable and have no impact on both the licensee and the licensor.
Judge: Hmmm....
One of the best slang phrases I've ever heard was from someone who was about that age, comenting on something he really really liked;
I can assure you he wasn't talking about a cat.
That's what I figured. Thanks for the tips!