Slashdot Mirror


User: amicusNYCL

amicusNYCL's activity in the archive.

Stories
0
Comments
6,246
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,246

  1. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1

    But that's what I do here.. I'm a lot like WNight, except I don't run Unix.

  2. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 4, Informative

    Possibly, for sufficiently loose definitions of "much more".

    Linux kernel 2.0-2.6: 279 Secunia advisories, 473 vulnerabilities

    Windows 2000 Server + Windows Server 2003 Standard + Windows Server 2008: 472 Secunia advisories, 580 vulnerabilities

    It's also worth noting that kernel 2.6 alone contains 186 advisories for 352 vulnerabilities with 6% unpatched. Windows Server 2008 contains 40 advisories for 82 vulnerabilities with 0% unpatched.

    So there's the math. Keep in mind that's comparing an entire server OS with just the Linux kernel.

    We are now that picky...

    This is Slashdot. We've always been that picky.

  3. Re:tagged: !change on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 1

    Indeed.. just in case Jake Busey decides to blow one of them up.

  4. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 1

    Surely you can link to a few examples of privilege escalation exploits for Windows coming out every two Sundays. I mean, we've had a lot of Sundays since Windows has been out.

  5. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 4, Informative

    That's right. It's a trivial local exploit. Those aren't mutually exclusive.

  6. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1

    Did you just link me to a reference that I gave you?

  7. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1

    Yes, I agree with that statement. I do not believe that it's possible to fix a bug without knowing about it. However, even if you don't know about the bug, it's still a bug.

  8. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1

    And yes. If nobody knew it wasn't a security issue.

    No, moron. If nobody knew then it's a security issue that nobody knew about. It's still a security issue. Unless your name happens to be Schrodinger, a thing is still a thing even if no one is looking at it.

    If a tree falls in the forest, and no one's around...

  9. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1
  10. Re:Security through Obscurity? on Local Privilege Escalation On All Linux Kernels · · Score: 1

    No man, the OS is responsible for memory management. That's a major part of any OS, right up there with the scheduler. The memory management portion is responsible for allocating memory to an application and also for making sure that an application only accesses its own memory, or shared memory. So when an application tries to access a memory address you better believe that the OS is verifying that the application is allowed to do that. When an application tries to access memory that it doesn't own, that's one kind of general protection fault or page fault on Windows. The memory garbage collection routines definitely need to know which portions of memory are allocated to a certain process. Memory management is a major part of the Linux kernel. Here you go:

    http://linux-mm.org/

  11. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 2, Insightful

    Buzz off, little worker bee, its simply not the case: this happens once every, say, couple to four years in Linux. Microsoft has one of this bugs every couple of sundays.

    Citation needed.

  12. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 3, Insightful

    Yes, hardened windows is reasonably secure. After you spend an hour or two installing all the third party software and configuration settings you need to prevent being owned in under five minutes. Or you can just install Ubuntu.

    Yes, Ubuntu. Which apparently you don't need to configure at all to get owned.

    Seriously, in a story about how trivial it is to get code to execute as root you post a comment about how much more secure Ubuntu is than hardened Windows?

  13. Re:pwned on Local Privilege Escalation On All Linux Kernels · · Score: 5, Funny

    Aw, cheer up little guy. I thought it was a very nice comment.

  14. Re:Irony on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 1

    Which page is the iron on?

  15. Re:Really blacked out? on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 1

    Sounds like he really cut off his nose, despite his face.

  16. Re:This is not an issue on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 1

    That just goes to show and math can ruin any joke.

  17. Re:tagged: !change on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 2, Insightful

    You can build an entire online banking or betting application, go through a year of security audits and certifications, and still come in at under $1mil easily. The price doesn't all of a sudden go up just because there's money involved in the application. Any online application should be secure, that doesn't change just because it's for a bank or bookmaker.

    But the site in question isn't even dealing with people's money - it's just a lookup site to see where the money is going.

  18. Re:tagged: !change on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 1

    Seriously, I can't even imagine what the line item pricing table must look like. I've spent 2500-3000 hours developing a really complex web application over the past year and a half, and we've spent about $200k on development. An $18mil database lookup application would be a pretty sweet deal for any developer. The only thing that sucks about it is that it's taxpayer money.

  19. Re:Surprised? on $18M Contract For Transparency Website Released — But Blacked Out · · Score: 2, Funny

    Thanks for that thorough debunking.

    "... and to the representative democracy, for which it stands ..."

  20. Re:Played by? on Guitar, Studio Wizard Les Paul Dies At 94 · · Score: 2, Interesting

    I'll add Slash to the list. Not that when I think of a Les Paul I think of Slash, but when I think of Slash I do think of his black LP. Zakk Wylde has a spot in there also.

  21. Re:This isn't sensationalist, it's the truth on Leaving the GPL Behind · · Score: 1

    You may not realize this, but in this example, the GPL worked exactly the way the ExtJS developers intended it to.

    Yeah, I know. I didn't say the GPL doesn't work, just that it doesn't work for business. We're a business, and it made more sense not to use the GPL. I guess you could also say that the GPL does work for business because it encourages business customers to pay for a different license instead of using the GPL.

    This is exactly what you got in this example. You paid them for a different license to get the freedom that you wanted. You got your freedom, they get to keep their freedom, so what exactly are you complaining about?

    I'm not complaining at all. I'm trying to illustrate why the GPL does not work for business purposes. Almost everyone who uses the GPL version of ExtJS does so on a private project or personal site, not for anything they intend to distribute to customers that pay for their work. Personally, I love ExtJS and plan to continue using it with anything I can. If it's a commercial project, I'll pay them again for another license. I have absolutely zero problem doing that, I would actually prefer to pay them for their work instead of taking it for free just because I think their work is of such high quality.

    Are you complaining that the ExtJS devs *also* released under the GPL so that anyone willing to abide by its terms could use their stuff without paying? Is that not their *own* freedom to do so? Are you placing your own freedom over theirs? Is that fair?

    ..welcome to the Twilight Zone. No, I love the fact that anyone can use ExtJS without paying for it. I use it on several smaller projects under the GPL. I also love the fact that, as a business, I'm not required to use the GPL. Not being required to use the GPL is a good thing. Having the freedom to also use the GPL is also a good thing. Again, I'm not complaining about anything, I'm explaining why businesses do not use the GPL for things that they want to distribute and make money on. ExtJS recognized this fact and offered a proprietary license in addition to the GPL.

    If you put yourself in the shoes of the ExtJS devs and thought about it from their perspective, maybe you'd begin to understand why some people use/prefer the GPL

    Good god. Again, I use the GPL is non-commercial projects. Works great, I get other people's changes, other people get mine. For commercial projects on the other hand, the GPL doesn't work. This is the reason why ExtJS offers a proprietary license. If the GPL worked great for commercial products, ExtJS would not need to offer a proprietary license, would they? This isn't about being afraid of the GPL, it's about knowing when it works and when it doesn't.

  22. Re:Did it not occur to PALM that this is BAD? on Palm Pre Reports Your Location and Usage To Palm · · Score: 1

    He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back

    Sweet. That's sort of like swapping a Sequoia Advantage for a Diebold AccuVote.

  23. Re:Did it not occur to PALM that this is BAD? on Palm Pre Reports Your Location and Usage To Palm · · Score: 4, Funny

    How's the weather way, way, way, way down under the sand?

  24. Re:Lost the point on Leaving the GPL Behind · · Score: 1

    There's nothing that says that licenses must be written in legalese, and anyone telling you otherwise is probably a lawyer and has something to gain from it.

    If the concept of the GPL was simple enough to fit in 120 characters, then the GPL would be 120 characters. The reason the GPL is longer than 120 characters is not because someone decided it needed to be really wordy because of some arbitrary reason, it's because it's not simple enough to fit into 120 characters.

  25. Re:misleading on Leaving the GPL Behind · · Score: 1

    Right, I agree with all of that, which is why it still doesn't make sense for a business to use the GPL.