With RedHat, it's an employee. With Fedora Legacy, who? Is there anyway to find out?
With Fedora it is still a Red Hat employee. Fedora and Red Hat are still very much the same group of developers. Remember, a lot of the work done backporting for RHEL 2.1 is still going to apply to RedHat 7.3 and RHEL 3 to RH9.
Remember everything that Red Hat ships was developed by the community for the community. If you're running unsupported (IE not RHEL), you're not getting anything from Red Hat that you won't get from Fedora-Legacy. If Red Hat had screwed up a fix, they'd just release another fix later.
If you don't trust Fedora, write your own fixes and maintain it yourself. If you wish to pay someone to do it, Progeny will gladly take your money. You are free to do so, which is the true power of the GPL. A lot of NT4 users are hurting right now with migration costs and upgrades because they have no such option. Yet Sun was able to maintain their RH6 derivative for the Cobalts for quite a while longer than NT4 by using a lot of debian's GPL'd backports and a little creative repackaging. Gotta love the community.....
IIRC the bnetd group had contacted blizzard for inclusion of their cd checking scheme into the software. When they did not get a reply, they released without this feature.
# (1) Trademarks: A company gets in the business of certifying drvers as GPL, and allows a unique string to be embedded in the binary. Because the taint function is purely informative, binary-only driver makers can't claim a need to use it, unlike, for example, the filenames IBMBIO.COM and IBMDOS.COM. # (2) Crypto web-of-trust: For a kernel to accept a module as open source, it must have a trusted signature.
The last thing we need is a Verisign of the Linux Kernel.....
Seriously, there aren't that many companies that do Linux drivers at all. Most companies that release binary only drivers don't lie about it. This is hardly going to be the big problem of the future like spam.
"XBox and PS2 can do it because they have one type of hardware that doesn't change."
And that only solves point (6). All the rest you made still apply. This would be CRAP idea.
Ok let me further explain the rest...
1) Game Patches, Extended Levels, and add ons would be gone Microsoft does this on a few of the X Box games via the wire...
2) Saving Games, maybe network, still slow when I have a 120GB hd sitting around empty Memory Cards, Hard Disks. On a PC this is different because of the various file systems...
3) Network Configuration for Dialup (WinModumb Support), PPPoE, 802.1x, Wireless (Drivers?), will be a hassle for playing games. Saves config on a mem card, once again a pc has too many different fs and hardware to keep this going. Even if you used usb keys, finding the usb bus may be more difficult as pc's evolve.
4) Ventrilo Support?!?! How am I gonna talk shit to my buddies when they snipe me? TeamSpeak support on a few select games
5) Load Times... HD is way faster than CD/DVD Reason Nintendo wanted to stick to carts. Still plagues the games a bit...
6) Drivers, even if you include all the drivers up until this point... what happens next year when you upgrade to the nVidia GeForce Ubberfast 6000 or the ATI Radeon 10,000,000? You're shit out of luck... Nuff Said
7) Always gotta have the CD/DVD on hand... Still a problem with console
As you can see though, consoles are quickly evolving to be more pc like every day. Hell the X Box is a p3.
Re:They have built an amazing system using Linux..
on
How does Google do it?
·
· Score: 1
1) They provide an alternative to Microsoft. Not only search, it looks like they will give a blow to hotmail as well. They prevent MSN from becoming the portal. I think this is very important, people see things can be done better than the Microsoft way, and it can be done with Linux;-)
Very important. Microsoft thinks they own so much of the browser market that you now have to accept their self signed certs to log out of hotmail. This means non-MS people are pulled with a message saying that there is no Certificate Authority behind this site. What's next? Drop the global DNS system and only allow MS Browsersto find your site???
A little OT, but Super Metroid was the first game I ever played start ot finish without the use of a single cheat code! It's a cool game, and I'm glad John Woo is at the helm.
Because you calculated a fucking average. If you'd ever volunteered to work the polls, you'd know people don't show up in an even distribution. Try again.
Agreed!
Besides it's a fucking stupid idea to vote online.
Why? I agree myself, but allow me to play devils advocate.
1) With access to the internet, people would have access to multiple web sites and possibly make more informed decisions. 2) It will also be a lot more convenient for people who work with computers to vote, instead of having to leave work and vote which in turn could increase voter turnout. 3) Votes can be calculated faster, with instant results as you go and we will need less volunteers. 4) If crackers got in, this war on Intellectual Property would be over!
First of all, we're not talking about previously back-ported security fixes. Distributions don't tend to ship an older version of an application with back-ported security fixes from a later release; they release the latest "stable" with back-ported "features" from the development release.
The parent poster was posting about how he hated security backports because he can't tell whether he was vulnerable or not from his security scanner. I was commenting on that. He's saying that he'll find a box with apache 1.3.26-39, and not know whether he's vulnerable for something that hit 1.3.26.
Second of all, in your Apache example, I'm sure that the vast majority of apache users haven't done this. I have no numbers to back-up my position at this time, but I'd say that far and away the most (maybe 90%) of people aren't running any other software taht will only interface with an older stable version. Most of the time you can just upgrade it and the plugin is none the wiser.
The chilisoft plugin, ok...but this would also mean recompiling all packages that are a part of apache as well (the mod_*'s). Why rebuild php, mod_perl, mod_ssl when there is only a bug in apache? Doesn't make much sense, it just means more things that can go wrong.
Of course, if that's not the case, you have no choice but to backport. Still, I would rather be the one making that call, not the distribution. I am no great C programmer, but I can read it well enough and move the few lines that are changed in something.c and recompile. In short, if it's going to be backported I want to be the one doing the backporting.
Go for it. No one is forcing you to use any updates that the vendor puts out. That's the beauty of open source.:)
I believe the theory behind this is that the motors are built to spin faster and the drive is expected to have people write at max. And thus are less accurate when writing at slower speeds.
Administrative Contact:
DNS Admin (NIC-1340142) Google Inc.
2400 E. Bayshore Pkwy Mountain View CA 94043 US
dns-admin@google.com +1.6503300100 Fax- +1.6506181499
Technical Contact, Zone Contact:
DNS Admin (NIC-1340144) Google Inc.
2400 E. Bayshore Pkwy Mountain View CA 94043 US
dns-admin@google.com +1.6503300100 Fax- +1.6506181499
Created on..............: 1997-Sep-15.
Expires on..............: 2011-Sep-14.
Record last updated on..: 2003-Apr-07 10:42:46.
I would also recommend NexSan's ATA-boy. Their ATA-beast sucks on performance, but hasn't let us down. Their ATA-boy has decent performance, has a nice footprint and is competitivly priced.
1) Game Patches, Extended Levels, and add ons would be gone 2) Saving Games, maybe network, still slow when I have a 120GB hd sitting around empty 3) Network Configuration for Dialup (WinModumb Support), PPPoE, 802.1x, Wireless (Drivers?), will be a hassle for playing games. 4) Ventrilo Support?!?! How am I gonna talk shit to my buddies when they snipe me? 5) Load Times... HD is way faster than CD/DVD 6) Drivers, even if you include all the drivers up until this point... what happens next year when you upgrade to the nVidia GeForce Ubberfast 6000 or the ATI Radeon 10,000,000? You're shit out of luck... 7) Always gotta have the CD/DVD on hand...
Well you get the idea, this would stink on a PC. XBox and PS2 can do it because they have one type of hardware that doesn't change. On a PC that would be a PITA.
If you're using dialup pop, then you should be retrieving only headers, and your email client should download individual messages for you instead of grabbing all of them up front. This will let you eliminate obvious spams (based on header contents.) The more thoughtful email clients put notes on attachments in the header...
I don't know of a single pop client that does this by default, and don't know if pop can do this at all. Typically imap is used for things like this.
If you can tell me where the errata pages are for older versions I'll shit a brick, 'cause they don't seem to be indexed by the search engine and if they're there, they're buried somewhere.
Well, let's see.... At the very end of Red Hat's Errata Page you will see the following text:
Advisories for unsupported products
Errata that have been previously released for unsupported and End of Life Products are also available.
So is a.b.c-g vulnerable or not? Did RedHat back-port something from the a.e.X branch that fixes this? Now I have to dig through some RedHat mailing lists which I may not be subscribed to to find out. Now I know for a fact that when I see an a.b.c-h version for download from RedHat's site, that I've need to upgrade
That's what the errata pages are for. One quick stop at redhat.com/errata will answer all your questions.
What if I hear about a vulnerability in version a.e.X of that same software, but that the a.b.X version is safe. Did the vendor back-port some vulnerable bit of code from a.e.X into their a.b.c-g binaries? How am I to know?
Again, errata pages
Back-porting things like this makes it hell on a sysadmin who then has to subscribe to lots of different mailing lists, particularly if you're running different distributions.
Let's just think about Apache as an example. Say a bug comes out in Apache 1.3.26, theres a fix in 1.3.29. Now let's say that you also bought an apache mod ala Chilisoft to handle ASP, but it only works with 1.3.26. Would you feel good about RH updating to 1.3.29, instead of moving over those 2 or 3 lines that fix some buffer overflow in some.c file on an older version?
In addition there are open source modules. Imagine a problem with Apache 1.3.26 so RH puts out a fix for 1.3.29 in addition you'd have to release errata for php + all it's modules, mod_ssl, mod_perl, mod_python, and more...
Backporting is the best way to run a stable and secure system. Micro changes to known good subsystems. In fact if you notice, Debian Stable is secure and stable because of the backporting of fixes and those releases last for decades.
Lemme guess, you're a programmer and not a sysadmin by trait right? Probably asked to double up as a sysadmin huh?
Let's just stick with your example in Apache. Say a bug comes out in Apache 1.3.26, theres a fix in 1.3.29. Now let's say that you also bought an apache mod ala Chilisoft to handle ASP, but it only works with 1.3.26. Would you feel good about RH updating to 1.3.29, instead of moving over those 2 or 3 lines that fix some buffer overflow in some.c file on an older version?
In addition there are open source modules. Imagine a problem with Apache 1.3.26 so RH puts out a fix for 1.3.29 in addition you'd have to release errata for php + all it's modules, mod_ssl, mod_perl, mod_python, and more...
These are just a few scenarios that a sysadmin may come across. It's just easier for a 3 line security fix to be pushed back to an older version. What does it gain you in blindly upgrading? Nothing but dealing with even MORE packages and more things that could go wrong.
Besides Network Scanners are to be interpreted, they are not Gospel. In fact Nessus, the Open Source Network Scanner, actually says 'This may be a false positive, verify by typing rpm -q blah and checking if it's blah-1.11.2-33 or higher.
Slashdot Mirror
We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install.
I love OpenBSD as much as anyone serious about security, but this quote is completely full of shit.
Ok Ok, well I got one that's completely true and an even longer timeframe.
MS-DOS: 0 Remote Root Exploits in over 20 years
With RedHat, it's an employee. With Fedora Legacy, who? Is there anyway to find out?
With Fedora it is still a Red Hat employee. Fedora and Red Hat are still very much the same group of developers. Remember, a lot of the work done backporting for RHEL 2.1 is still going to apply to RedHat 7.3 and RHEL 3 to RH9.
Remember everything that Red Hat ships was developed by the community for the community. If you're running unsupported (IE not RHEL), you're not getting anything from Red Hat that you won't get from Fedora-Legacy. If Red Hat had screwed up a fix, they'd just release another fix later.
If you don't trust Fedora, write your own fixes and maintain it yourself. If you wish to pay someone to do it, Progeny will gladly take your money. You are free to do so, which is the true power of the GPL. A lot of NT4 users are hurting right now with migration costs and upgrades because they have no such option. Yet Sun was able to maintain their RH6 derivative for the Cobalts for quite a while longer than NT4 by using a lot of debian's GPL'd backports and a little creative repackaging. Gotta love the community.....
IIRC the bnetd group had contacted blizzard for inclusion of their cd checking scheme into the software. When they did not get a reply, they released without this feature.
# (1) Trademarks: A company gets in the business of certifying drvers as GPL, and allows a unique string to be embedded in the binary. Because the taint function is purely informative, binary-only driver makers can't claim a need to use it, unlike, for example, the filenames IBMBIO.COM and IBMDOS.COM.
# (2) Crypto web-of-trust: For a kernel to accept a module as open source, it must have a trusted signature.
The last thing we need is a Verisign of the Linux Kernel.....
Seriously, there aren't that many companies that do Linux drivers at all. Most companies that release binary only drivers don't lie about it. This is hardly going to be the big problem of the future like spam.
`bzcat linux-2.4.2x.tar.bz2 | lpr`
Then weigh the resulting print job! EZ Huh?
stop feeding the trolls...
You know the old adage "a Jobs minion and his money are soon parted...."
"XBox and PS2 can do it because they have one type of hardware that doesn't change."
And that only solves point (6). All the rest you made still apply. This would be CRAP idea.
Ok let me further explain the rest...
1) Game Patches, Extended Levels, and add ons would be gone
Microsoft does this on a few of the X Box games via the wire...
2) Saving Games, maybe network, still slow when I have a 120GB hd sitting around empty
Memory Cards, Hard Disks. On a PC this is different because of the various file systems...
3) Network Configuration for Dialup (WinModumb Support), PPPoE, 802.1x, Wireless (Drivers?), will be a hassle for playing games.
Saves config on a mem card, once again a pc has too many different fs and hardware to keep this going. Even if you used usb keys, finding the usb bus may be more difficult as pc's evolve.
4) Ventrilo Support?!?! How am I gonna talk shit to my buddies when they snipe me?
TeamSpeak support on a few select games
5) Load Times... HD is way faster than CD/DVD
Reason Nintendo wanted to stick to carts. Still plagues the games a bit...
6) Drivers, even if you include all the drivers up until this point... what happens next year when you upgrade to the nVidia GeForce Ubberfast 6000 or the ATI Radeon 10,000,000? You're shit out of luck...
Nuff Said
7) Always gotta have the CD/DVD on hand...
Still a problem with console
As you can see though, consoles are quickly evolving to be more pc like every day. Hell the X Box is a p3.
1) They provide an alternative to Microsoft. Not only search, it looks like they will give a blow to hotmail as well. They prevent MSN from becoming the portal. I think this is very important, people see things can be done better than the Microsoft way, and it can be done with Linux ;-)
Very important. Microsoft thinks they own so much of the browser market that you now have to accept their self signed certs to log out of hotmail. This means non-MS people are pulled with a message saying that there is no Certificate Authority behind this site. What's next? Drop the global DNS system and only allow MS Browsersto find your site???
A little OT, but Super Metroid was the first game I ever played start ot finish without the use of a single cheat code! It's a cool game, and I'm glad John Woo is at the helm.
Begun this clone war has....
Because you calculated a fucking average. If you'd ever volunteered to work the polls, you'd know people don't show up in an even distribution. Try again.
Agreed!
Besides it's a fucking stupid idea to vote online.
Why? I agree myself, but allow me to play devils advocate.
1) With access to the internet, people would have access to multiple web sites and possibly make more informed decisions.
2) It will also be a lot more convenient for people who work with computers to vote, instead of having to leave work and vote which in turn could increase voter turnout.
3) Votes can be calculated faster, with instant results as you go and we will need less volunteers.
4) If crackers got in, this war on Intellectual Property would be over!
First of all, we're not talking about previously back-ported security fixes. Distributions don't tend to ship an older version of an application with back-ported security fixes from a later release; they release the latest "stable" with back-ported "features" from the development release.
:)
The parent poster was posting about how he hated security backports because he can't tell whether he was vulnerable or not from his security scanner. I was commenting on that. He's saying that he'll find a box with apache 1.3.26-39, and not know whether he's vulnerable for something that hit 1.3.26.
Second of all, in your Apache example, I'm sure that the vast majority of apache users haven't done this. I have no numbers to back-up my position at this time, but I'd say that far and away the most (maybe 90%) of people aren't running any other software taht will only interface with an older stable version. Most of the time you can just upgrade it and the plugin is none the wiser.
The chilisoft plugin, ok...but this would also mean recompiling all packages that are a part of apache as well (the mod_*'s). Why rebuild php, mod_perl, mod_ssl when there is only a bug in apache? Doesn't make much sense, it just means more things that can go wrong.
Of course, if that's not the case, you have no choice but to backport. Still, I would rather be the one making that call, not the distribution. I am no great C programmer, but I can read it well enough and move the few lines that are changed in something.c and recompile. In short, if it's going to be backported I want to be the one doing the backporting.
Go for it. No one is forcing you to use any updates that the vendor puts out. That's the beauty of open source.
I guess we agree to disagree
I believe the theory behind this is that the motors are built to spin faster and the drive is expected to have people write at max. And thus are less accurate when writing at slower speeds.
According to this link, Google is not one of their customers.
Where the hell are people getting this info from? When I whois google.com I see the following:
Registrant:
Google Inc. (DOM-258879)
2400 E. Bayshore Pkwy Mountain View CA 94043 US
Domain Name: google.com
Registrar Name: Alldomains.com
Registrar Whois: whois.alldomains.com
Registrar Homepage: http://www.alldomains.com
Administrative Contact:
DNS Admin (NIC-1340142) Google Inc.
2400 E. Bayshore Pkwy Mountain View CA 94043 US
dns-admin@google.com +1.6503300100 Fax- +1.6506181499
Technical Contact, Zone Contact:
DNS Admin (NIC-1340144) Google Inc.
2400 E. Bayshore Pkwy Mountain View CA 94043 US
dns-admin@google.com +1.6503300100 Fax- +1.6506181499
Created on..............: 1997-Sep-15.
Expires on..............: 2011-Sep-14.
Record last updated on..: 2003-Apr-07 10:42:46.
Domain servers in listed order:
NS3.GOOGLE.COM 216.239.36.10
NS4.GOOGLE.COM 216.239.38.10
NS1.GOOGLE.COM 216.239.32.10
NS2.GOOGLE.COM 216.239.34.10
I would also recommend NexSan's ATA-boy. Their ATA-beast sucks on performance, but hasn't let us down. Their ATA-boy has decent performance, has a nice footprint and is competitivly priced.
Hell it would just suck.
1) Game Patches, Extended Levels, and add ons would be gone
2) Saving Games, maybe network, still slow when I have a 120GB hd sitting around empty
3) Network Configuration for Dialup (WinModumb Support), PPPoE, 802.1x, Wireless (Drivers?), will be a hassle for playing games.
4) Ventrilo Support?!?! How am I gonna talk shit to my buddies when they snipe me?
5) Load Times... HD is way faster than CD/DVD
6) Drivers, even if you include all the drivers up until this point... what happens next year when you upgrade to the nVidia GeForce Ubberfast 6000 or the ATI Radeon 10,000,000? You're shit out of luck...
7) Always gotta have the CD/DVD on hand...
Well you get the idea, this would stink on a PC. XBox and PS2 can do it because they have one type of hardware that doesn't change. On a PC that would be a PITA.
If you're using dialup pop, then you should be retrieving only headers, and your email client should download individual messages for you instead of grabbing all of them up front. This will let you eliminate obvious spams (based on header contents.) The more thoughtful email clients put notes on attachments in the header...
I don't know of a single pop client that does this by default, and don't know if pop can do this at all. Typically imap is used for things like this.
If you can tell me where the errata pages are for older versions I'll shit a brick, 'cause they don't seem to be indexed by the search engine and if they're there, they're buried somewhere.
Well, let's see.... At the very end of Red Hat's Errata Page you will see the following text:
Advisories for unsupported products
Errata that have been previously released for unsupported and End of Life Products are also available.
In that text, there is a link to this URL:
http://www.redhat.com/security/archives.html
So get to shittin.....
So is a.b.c-g vulnerable or not? Did RedHat back-port something from the a.e.X branch that fixes this? Now I have to dig through some RedHat mailing lists which I may not be subscribed to to find out. Now I know for a fact that when I see an a.b.c-h version for download from RedHat's site, that I've need to upgrade
.c file on an older version?
That's what the errata pages are for. One quick stop at redhat.com/errata will answer all your questions.
What if I hear about a vulnerability in version a.e.X of that same software, but that the a.b.X version is safe. Did the vendor back-port some vulnerable bit of code from a.e.X into their a.b.c-g binaries? How am I to know?
Again, errata pages
Back-porting things like this makes it hell on a sysadmin who then has to subscribe to lots of different mailing lists, particularly if you're running different distributions.
Let's just think about Apache as an example. Say a bug comes out in Apache 1.3.26, theres a fix in 1.3.29. Now let's say that you also bought an apache mod ala Chilisoft to handle ASP, but it only works with 1.3.26. Would you feel good about RH updating to 1.3.29, instead of moving over those 2 or 3 lines that fix some buffer overflow in some
In addition there are open source modules. Imagine a problem with Apache 1.3.26 so RH puts out a fix for 1.3.29 in addition you'd have to release errata for php + all it's modules, mod_ssl, mod_perl, mod_python, and more...
Backporting is the best way to run a stable and secure system. Micro changes to known good subsystems. In fact if you notice, Debian Stable is secure and stable because of the backporting of fixes and those releases last for decades.
Yea, RedHat ships everything GPL (or compatible) with the exception of their artwork.
try rpm -qi redhat-artwork and you'll see the following:
Name: redhat-artwork
License: GPL
Description: redhat-artwork contains the themes and icons that make up the Red Hat default look and feel.
No, actually it's proactively energizing our core synergies
I believe the PHB term is synergizing core energies
I didn't realize Linux was now a set of feminine hygiene products...
My bad, you're right. Misread it...
Lemme guess, you're a programmer and not a sysadmin by trait right? Probably asked to double up as a sysadmin huh?
.c file on an older version?
Let's just stick with your example in Apache. Say a bug comes out in Apache 1.3.26, theres a fix in 1.3.29. Now let's say that you also bought an apache mod ala Chilisoft to handle ASP, but it only works with 1.3.26. Would you feel good about RH updating to 1.3.29, instead of moving over those 2 or 3 lines that fix some buffer overflow in some
In addition there are open source modules. Imagine a problem with Apache 1.3.26 so RH puts out a fix for 1.3.29 in addition you'd have to release errata for php + all it's modules, mod_ssl, mod_perl, mod_python, and more...
These are just a few scenarios that a sysadmin may come across. It's just easier for a 3 line security fix to be pushed back to an older version. What does it gain you in blindly upgrading? Nothing but dealing with even MORE packages and more things that could go wrong.
Besides Network Scanners are to be interpreted, they are not Gospel. In fact Nessus, the Open Source Network Scanner, actually says 'This may be a false positive, verify by typing rpm -q blah and checking if it's blah-1.11.2-33 or higher.