I remember, back when the last ptrace bug was found, some kind soul created a kernel module that (a) renamed the current ptrace function to something else and (b) implemented a new wrapper function that first checked to see if you were root, before deciding whether to call the old ptrace. Slick!
I'm surprised this sort of workaround hasn't been
done for other kernel bugs. It seems it wouldn't
even have to be a workaround. A module could actually provide a new, repaired version of the buggy routine. Couldn't it?
I can imagine insmoding a list of "kernel-fix"
modules at boot time. Then, every once in a while , I'd upgrade my machines to a new kernel, but without the urgency of getting a new kernel installed
RIGHT NOW! to fix a small (code-wise) security
problem.
For a while now, I've been involved in a
lawsuit against a big company. It's really changed my perception of the legal system. I guess I've always realized that justice, law and judicial decisions were three
separate things, but I've learned that they have much less overlap than I thought. Here's my view now:
Judicial decisions are consistent with the law about 80% of the time, and
Law is consistent with "justice" (okay, with my opinions of what's just) about 80% of the time.
So, that means that justice is done in about 64% of the cases that go to court. (0.8 * 0.8, for the math-challenged.) But hey, we're still above
50%!
Somehow, this needs to change. For one thing,
judges have enormous discretionary power and little oversight. Judges do make decisions that are contrary to the law. Yes, these decisions can
be appealed, but the appeals courts are busy,
and few appeals are accepted. I don't know what to do about it, but it really scares me that
it's entirely possible for judges to ignore the law, and get away with it.
The one that bugs me is "in harm's way". We started hearing this during the first Iraqi war, and it's become a universal, knee-jerk euphemism for "in danger". A quick google search turns up 61,200 hits for this phrase. I bet you could gauge world angst at any given time by looking at the current number of Google hits for "in harm's way".
For those inclined to use this phrase, I offer the following tasty substitutes:
In danger
Emperiled
At risk
In jeopardy
Finally, I wonder if the insistence on the phrase "shock and awe" isn't just an effort to avoid the more natural term "terror", which might imply that we were doing something bad.
The problem is, once everyone has signed up, the
list becomes a huge source of valid phone numbers
for the unscrupulous telemarketer who's willing
to risk the law (or who's based overseas where the
law doesn't apply).
And I'm sure there are other ways such an enormous
compendium of phone numbers could be abused.
Not that I'm saying this law is a bad thing. I'm
thrilled about it. But I'm just listening for the
other shoe to fall.
Here's a problem with the "type a few clues, then hit 'search'" approach:
A while back, one of my users called me and said that he had a problem with his computer. He had two files with the same name! My first thought was "must be a corrupt filesystem". I went to his office to take a look, and realized that he'd been using the finder to "find" a file (this was a Mac), and it had indeed turned up two files with the same name...but in different directories. I then tried (unsuccessfully, I think) to explain directories to him.
...than a comp sci degree. I started out as a physicist. As I made my way through grad school, I was always interested in computers. Gradually, I started managing machines for our research group and helping out with the management of the departmental machines. These were all VAX/VMS at the time. When we got our first Ultrix workstations, I was at the same level of knowledge as everybody else -- zero. I took over the management of these and some other Unix-y workstations owned by other research groups, and learned as I went along. (I learned the hard way, for example, that partition "C" in Ultrix means "the whole disk"!)
After I got my PhD, I worked as a post-doc and research scientist for a while. I still did a lot of work with computers, including a wide range of odd machines involved in the experiments I was working on at Los Alamos and in a couple of places in Switzerland. (If you like to travel, go into particle physics.)
After a few years of that, I took a job as the system administrator here in the Physics department. I'd long ago decided that I liked doing computers more than doing experimental physics, and my job security isn't quite so much subject to the whims of the funding agencies.
Anyway, I just sort of worked myself into it. Linux helped a lot. I started deploying Linux machines around 1993. Being able to poke around in the source code was useful, but it was also useful having a large, active community of enthusiasts who were all strung out along the same learning curve I was climbing. Another big help was the first edition of the "Unix System Administration Handbook", by Nemeth, Snyder and Seebass. Excellent book, and the newest edition looks even better.
One last thing: a big factor in my becoming a competent (?) system administrator was the support of the people directing me, who gave me a lot of latitude and let me experiment. Being able to spend time trying out new things (i.e., playing) is a vital part of learning system administration.
And here are some more out-of-date stats,
from last year, to give you an idea of our
department's size. We have one IIS server, and
three NT file servers, but all other servers
are running Linux. All (well, almost all)
Linux workstations and servers (including
four clusters) are updated nightly through
a remote update scheme we developed here:
Number of Users 247
Faculty 57
Senior Research Staff 7
Research Associates 15
Graduate Students 59
Majors 81
Staff 28
Number of Computers 220
Operating Systems:
Number of Linux Computers:
Counting clusters as single machines 66
Counting individual boxes 92
Desktop workstations 36
Laptops 4
Research group servers 8
Departmental servers 8
X terminals 10
Number of Windows Computers 114
Number of Macintosh Computers 21
Number of Computers with Other Operating Systems 25
Average Logins per Day:
Galileo (departmental cluster) 112
Mail Server (interactive) 70
Mail Server (pop/imap) 3,270
Computer Lab 70
Messages per Day through Mail Server 3,010
Web Server:
Visits per Day 1,300
Pages per Day 2,430
Hits per Day 15,400
Pages Printed per Day 847
Disk Space Backed Up (GB) 370
Departmentally-owned Computers 150
Research_Group_Computers 220
...the skill and effort required to install and configure it is not.
The same is true for Windows, which isn't free.
Also, our university is currently
thinking about deploying a central PDC to
authenticate everyone on campus. This would
require the purchase of 20,000 MS client licenses
at $5.00 each. You do a lot of installing and
configuring (not to mention training) for
$100,000.00
Slashdot Mirror
I remember, back when the last ptrace bug was found, some kind soul created a kernel module that (a) renamed the current ptrace function to something else and (b) implemented a new wrapper function that first checked to see if you were root, before deciding whether to call the old ptrace. Slick!
I'm surprised this sort of workaround hasn't been done for other kernel bugs. It seems it wouldn't even have to be a workaround. A module could actually provide a new, repaired version of the buggy routine. Couldn't it?
I can imagine insmoding a list of "kernel-fix" modules at boot time. Then, every once in a while , I'd upgrade my machines to a new kernel, but without the urgency of getting a new kernel installed RIGHT NOW! to fix a small (code-wise) security problem.
"Hello. Oh, OK. Here, it's for you.".
Blech!
- Judicial decisions are consistent with the law about 80% of the time, and
- Law is consistent with "justice" (okay, with my opinions of what's just) about 80% of the time.
So, that means that justice is done in about 64% of the cases that go to court. (0.8 * 0.8, for the math-challenged.) But hey, we're still above 50%!Somehow, this needs to change. For one thing, judges have enormous discretionary power and little oversight. Judges do make decisions that are contrary to the law. Yes, these decisions can be appealed, but the appeals courts are busy, and few appeals are accepted. I don't know what to do about it, but it really scares me that it's entirely possible for judges to ignore the law, and get away with it.
...although with rpmfind, you'll only see the
"outage" notice when you submit a search.
(....also irked that I submitted this story two
days ago and it was rejected....grumble)
This sounds similar to the recent BestBuy hoax.
For those inclined to use this phrase, I offer the following tasty substitutes:
Finally, I wonder if the insistence on the phrase "shock and awe" isn't just an effort to avoid the more natural term "terror", which might imply that we were doing something bad.
And I'm sure there are other ways such an enormous compendium of phone numbers could be abused.
Not that I'm saying this law is a bad thing. I'm thrilled about it. But I'm just listening for the other shoe to fall.
Here's a problem with the "type a few clues, then hit 'search'" approach:
A while back, one of my users called me and said that he had a problem with his computer. He had two files with the same name! My first thought was "must be a corrupt filesystem". I went to his office to take a look, and realized that he'd been using the finder to "find" a file (this was a Mac), and it had indeed turned up two files with the same name...but in different directories. I then tried (unsuccessfully, I think) to explain directories to him.
How about "Antarctica", by Kim Stanley Robinson?
See the following article in The Register:
l
http://www.theregister.co.uk/content/56/22846.htm
CNN live closed captioning is available at #CNN_Newsfeed at chat.cnn.com.
...than a comp sci degree. I started out as a physicist. As I made my way through grad school, I was always interested in computers. Gradually, I started managing machines for our research group and helping out with the management of the departmental machines. These were all VAX/VMS at the time. When we got our first Ultrix workstations, I was at the same level of knowledge as everybody else -- zero. I took over the management of these and some other Unix-y workstations owned by other research groups, and learned as I went along. (I learned the hard way, for example, that partition "C" in Ultrix means "the whole disk"!)
After I got my PhD, I worked as a post-doc and research scientist for a while. I still did a lot of work with computers, including a wide range of odd machines involved in the experiments I was working on at Los Alamos and in a couple of places in Switzerland. (If you like to travel, go into particle physics.)
After a few years of that, I took a job as the system administrator here in the Physics department. I'd long ago decided that I liked doing computers more than doing experimental physics, and my job security isn't quite so much subject to the whims of the funding agencies.
Anyway, I just sort of worked myself into it. Linux helped a lot. I started deploying Linux machines around 1993. Being able to poke around in the source code was useful, but it was also useful having a large, active community of enthusiasts who were all strung out along the same learning curve I was climbing. Another big help was the first edition of the "Unix System Administration Handbook", by Nemeth, Snyder and Seebass. Excellent book, and the newest edition looks even better.
One last thing: a big factor in my becoming a competent (?) system administrator was the support of the people directing me, who gave me a lot of latitude and let me experiment. Being able to spend time trying out new things (i.e., playing) is a vital part of learning system administration.
And here are some more out-of-date stats,
from last year, to give you an idea of our
department's size. We have one IIS server, and
three NT file servers, but all other servers
are running Linux. All (well, almost all)
Linux workstations and servers (including
four clusters) are updated nightly through
a remote update scheme we developed here:
Number of Users 247
Faculty 57
Senior Research Staff 7
Research Associates 15
Graduate Students 59
Majors 81
Staff 28
Number of Computers 220
Operating Systems:
Number of Linux Computers:
Counting clusters as single machines 66
Counting individual boxes 92
Desktop workstations 36
Laptops 4
Research group servers 8
Departmental servers 8
X terminals 10
Number of Windows Computers 114
Number of Macintosh Computers 21
Number of Computers with Other Operating Systems 25
Average Logins per Day:
Galileo (departmental cluster) 112
Mail Server (interactive) 70
Mail Server (pop/imap) 3,270
Computer Lab 70
Messages per Day through Mail Server 3,010
Web Server:
Visits per Day 1,300
Pages per Day 2,430
Hits per Day 15,400
Pages Printed per Day 847
Disk Space Backed Up (GB) 370
Departmentally-owned Computers 150
Research_Group_Computers 220
If you're without a radio or TV in your office, try #CNN_Newsfeed on chat.cnn.com. It shows the closed captions for what's currently on-screen on CNN.
...the skill and effort required to install and configure it is not.
The same is true for Windows, which isn't free. Also, our university is currently thinking about deploying a central PDC to authenticate everyone on campus. This would require the purchase of 20,000 MS client licenses at $5.00 each. You do a lot of installing and configuring (not to mention training) for $100,000.00
Unless, of course, the product is RSA.