Always curious--where do you work that has 1100 Macs? I thought i knew most of the major Mac install sites, but that doesn't fit the profiles that I know.
Would be happy to discuss this off-list if you prefer. Email addy is above.
Here's the list of official changes to security in 10.2.8 (read it for yourself at security-announce@apple.com):
APPLE-SA-2003-09-22 Mac OS X 10.2.8
Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.
To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.
which is a UCITA state, with provisions. I understand that one of those provisions is that, if I fail to agree to the shrinkwrap EULA, I have the ability to return software (including games) even if opened, since I didn't have the opportunity to review the EULA until the game was opened.
What do I use? Nothing. Either of these are true: 1) the gov't in question can crack any lame, consumer oriented encyrption I use; therefore any security I use just provides me with a false sense of security. Or, 2) the gov't in question can't crack it, and their interests are raised. In this instance, "their interests are raised" means I am dragged down to the police station and my testicles have electrodes taped to them; my screams aren't encrypted, natch.
I would suggest that your father not talk about stupid things on the phone when visiting hostile foreign countries, and when he does so, to not depend on consumer grade security. He may as well use the decoder ring he got with a box of cereal.
What causes a "power bus" to die? Age, or technical malfunction?
Is the bird reparable, or of any use any more in a diminished capacity, or will it simply spend out the rest of the time it takes to de-orbit doing exactly nothing? Is it possible to task it with low-need scientific use, or is it now just another lump of iron?
It is a department more complex than anything ever attempted by any government in history
Please. How about administration of the British Empire? And that's just within the last 400 years. If I had more time, there's others as well--you don't think that the governments of ancient China and Egypt were complex?
spammers could make use of it, sure. But couldn't it also be used in email to defeat Echelon and TIA? Like so: I tnihk we soulhd bolw up San Fncrsicao nxet. If you add regular encryption etc, it would add one more level of difficulty that would require human oversight.
Matter of fact, this might make an interesting Turing test. If you cna't raed waht I'm syanig, tehn mybae yur'oe not a rael hmaun?
Browsers don't have spell checkers when submitting forms. Even if they did, they come as an after thought, as opposed to the way MS Word works by showing you the little squiggly line
OT, but you might be interested to know that Safari, Apple's browser for OS X, does work exactly like this. OS X contains an OS-wide dictionary, which any application can call.
Re:Take that 9th grade English teacher....
on
Can You Raed Tihs?
·
· Score: 1
Interestingly, I recall being trained to read this way in grammar school. I distinctly recall an exercise where I was given practice to read word shapes, instead of each letter. And it worked--I still do it to this day.
fwiw, I seem to have an high error rate, in both writing and typing, of transposing letters; I wonder if it's related.
There used to be a minimum amount of computer knowledge that was required to get online. It's once the bankers and marketers invaded online space, and tried to make it available to the unwashed consumer masses, that we started having all these issues. Returning the internet to the geeks, who were largely self-policing, would do away with the vast majority of problems.
Doing away with DNS would cure most of the issues, I think. How about having to remember the IP address for every site that you visit? If that's not enough, require three lines of CLI input before going anywhere. That'll stop the issues cold.
I'm only half-kidding, actually. These assholes that broke our internet want to certify us to get back onto it? Maybe they should just be dis-invited.
The Apple retail stores would be another option, if there's one close. You could even test on a new G5. They will for sure let you use the CD drives; they'd probably even let you make changes to your code, verify, and then burn it to a CD (but you'd have to bring the blank CD yourself.)
If you get hassled, you might explain what you're doing--and if they're alert enough, they'll do anything they can to encourage you in making sure your pages work with the Mac, and thank you for making the effort. I might suggest going during the weekday though.
I don't develop in Java, so I don't know. But I have read that some people apparently think the Mac is a pretty good platform. Interesting that Gosling would still be interested in the Mac, even after the features that you mentioned, neh? And he presumably has access to a pretty wide range of machines.
Before you say it--I didn't read this to say that Gosling has thrown out every piece of gear that doesn't have an Apple on it. But if he uses a powerbook as a regular machine in the mix, that's interesting enough for me. Think he might see something about Java on OS X that you don't?
I wonder if he might be going to Apple. They are using BSD, after all, in a desktop environment--and also have some favor among Java developers. Would a Joy be interested in drinking the cool-aid?
You can do exactly this with Mac OS X Server; now called the process is called NetBoot, I dunno what it was called at NeXT.
When one was hosting OS 9 clients from OS X Server 1.2, the clients could be diskless. Now, however, OS X 10.2 clients require a local drive, but just for swap; everything else is on the server--which could be in a locked closet, as you mention. And the local swap isn't even necessary with Server 10.3--hm, maybe Apple removed that requirement by request of a specific client?
The viriginia folks must have one huge room with some massive air handlers to circulate the air that will be trapped behind the towering walls of 1000 4U boxes.
I don't know any more than what's publicly availble, but the VT follks in the know have said that they've designed a specialized, liquid based cooling system precisely because of the issues wrt cooling this many units. The FA makes reference to this many units generating windspeeds of 60mph from fans alone.
I am gonna guess that behind each G5 rack will be a radiator type arrangement, with cooled pipes flowing with a liquid that will carry the heat away from the internal airspace, much like a large car radiator. I don't know if that would be cost-effective, or what it would take to move that much liquid, or if the radiator could be made to transfer enough heat fast enough. Maybe the liquid cooling units actually replace the internal fans directly. Who knows--I think we'll get some more details on this this week as the G5s start to come out of their boxes. They've apparently received about 10% of them already.
I caught that too. Use of Macs in 2006 no doubt depends on 2 factors: 1) how well the 2003 cluster works out, and 2) how the Mac compares to competitors in 2006. Could be a nice win for Apple, again, if they manage to keep both 1 and 2 competitive. Which remains to be seen, and I'm holding my breath.
I would pay for a photo of that. My guess, though, is that we won't have to--I'm gonna guess that Apple will supply them for free. With explanatory text like "Stomping Dell's guts since 1984" etc.
Or worse, it's a dust cloud resulting from Kupier belt objects that collided with each other over the billions of years. Single objects you could avoid, but how would you like to slam into a sandstorm at 26,000 mph?
I didn't see it stated, but is this cloud expected to lie in the orbital plane only, or does it envelope the Solar System like a sphere? If the latter, and it is a dust cloud, it could make extra-system exploration very difficult...
So what does "As a result, Karin Spaink's website,..., is entirely legal in the Netherlands." mean? That that site can be hosted in the Netherlands? If so, can/will foreign countries to the Netherlands prohibit linking or visiting his site? Doesn't this still beg the question--how are laws that are bounded by physical space impact the flow of information on the Internet that operates irrespective of physical definition?
Where I work, everyone is badged. Our badges are checked at the door; if we don't have a badge, we need to get a visitor pass from an employee that we know. Funny thing is: neither the FedEx nor the UPS guy have either badges or visitor badges, but they roam the campus freely. Apparently, I just need Brown polyester and I can go whereever I want to go. Perhaps they have to be personally recognized by the security guard--but I'm not holding my breath.
Yeah. And a fat lot of good it did Apple, too. Logically, it shouldn't help Microsoft retain their dominance any more than it prevented Apple from losing theirs.
And the reason is obvious: Moore's Law. The computers these students train on, whatever platform, will be radically different even four years later. Different enough, that besides having a generic computing familiarity, their skills learned in school won't apply.
I was going to flame you for an oversight--automatically blocking Macs et al, which is the wrong direction to take (you want to be supporting the usage of alternative OSes, since they cause less grief!)--but it looks like you thought it through. Kudos to you.
Now if you take the extra step that apparently other Unis have done--and actually charge those users that are causing the problem--and we'll be one step closer to a heterogeneous network, in which even Windows machines will magically become less exploited.
Slashdot Mirror
Pleased to meet you. I wondered if I was the last person in America to not have a cellphone--but now I've met the other person!
Always curious--where do you work that has 1100 Macs? I thought i knew most of the major Mac install sites, but that doesn't fit the profiles that I know.
Would be happy to discuss this off-list if you prefer. Email addy is above.
Here's the list of official changes to security in 10.2.8 (read it for yourself at security-announce@apple.com):
APPLE-SA-2003-09-22 Mac OS X 10.2.8
Mac OS X 10.2.8 is now available. It contains fixes for recent vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack.
To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is: OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.
which is a UCITA state, with provisions. I understand that one of those provisions is that, if I fail to agree to the shrinkwrap EULA, I have the ability to return software (including games) even if opened, since I didn't have the opportunity to review the EULA until the game was opened.
Question is, has anyone here actually tried it?
What do I use? Nothing. Either of these are true: 1) the gov't in question can crack any lame, consumer oriented encyrption I use; therefore any security I use just provides me with a false sense of security. Or, 2) the gov't in question can't crack it, and their interests are raised. In this instance, "their interests are raised" means I am dragged down to the police station and my testicles have electrodes taped to them; my screams aren't encrypted, natch.
I would suggest that your father not talk about stupid things on the phone when visiting hostile foreign countries, and when he does so, to not depend on consumer grade security. He may as well use the decoder ring he got with a box of cereal.
Thx. I'm more interested now.
What causes a "power bus" to die? Age, or technical malfunction?
Is the bird reparable, or of any use any more in a diminished capacity, or will it simply spend out the rest of the time it takes to de-orbit doing exactly nothing? Is it possible to task it with low-need scientific use, or is it now just another lump of iron?
It is a department more complex than anything ever attempted by any government in history
Please. How about administration of the British Empire? And that's just within the last 400 years. If I had more time, there's others as well--you don't think that the governments of ancient China and Egypt were complex?
spammers could make use of it, sure. But couldn't it also be used in email to defeat Echelon and TIA? Like so: I tnihk we soulhd bolw up San Fncrsicao nxet. If you add regular encryption etc, it would add one more level of difficulty that would require human oversight.
Matter of fact, this might make an interesting Turing test. If you cna't raed waht I'm syanig, tehn mybae yur'oe not a rael hmaun?
Browsers don't have spell checkers when submitting forms. Even if they did, they come as an after thought, as opposed to the way MS Word works by showing you the little squiggly line
OT, but you might be interested to know that Safari, Apple's browser for OS X, does work exactly like this. OS X contains an OS-wide dictionary, which any application can call.
Interestingly, I recall being trained to read this way in grammar school. I distinctly recall an exercise where I was given practice to read word shapes, instead of each letter. And it worked--I still do it to this day.
fwiw, I seem to have an high error rate, in both writing and typing, of transposing letters; I wonder if it's related.
There used to be a minimum amount of computer knowledge that was required to get online. It's once the bankers and marketers invaded online space, and tried to make it available to the unwashed consumer masses, that we started having all these issues. Returning the internet to the geeks, who were largely self-policing, would do away with the vast majority of problems.
Doing away with DNS would cure most of the issues, I think. How about having to remember the IP address for every site that you visit? If that's not enough, require three lines of CLI input before going anywhere. That'll stop the issues cold.
I'm only half-kidding, actually. These assholes that broke our internet want to certify us to get back onto it? Maybe they should just be dis-invited.
Make sure you look at the timestamp of the parent, and then look at the graph at that page.
The Apple retail stores would be another option, if there's one close. You could even test on a new G5. They will for sure let you use the CD drives; they'd probably even let you make changes to your code, verify, and then burn it to a CD (but you'd have to bring the blank CD yourself.)
If you get hassled, you might explain what you're doing--and if they're alert enough, they'll do anything they can to encourage you in making sure your pages work with the Mac, and thank you for making the effort. I might suggest going during the weekday though.
I saw this too. Anyone care to take a stab at why this might possibly be? Something to do with the bytecode of that particular letter?
I don't develop in Java, so I don't know. But I have read that some people apparently think the Mac is a pretty good platform. Interesting that Gosling would still be interested in the Mac, even after the features that you mentioned, neh? And he presumably has access to a pretty wide range of machines.
Before you say it--I didn't read this to say that Gosling has thrown out every piece of gear that doesn't have an Apple on it. But if he uses a powerbook as a regular machine in the mix, that's interesting enough for me. Think he might see something about Java on OS X that you don't?
I wonder if he might be going to Apple. They are using BSD, after all, in a desktop environment--and also have some favor among Java developers. Would a Joy be interested in drinking the cool-aid?
You can do exactly this with Mac OS X Server; now called the process is called NetBoot, I dunno what it was called at NeXT.
When one was hosting OS 9 clients from OS X Server 1.2, the clients could be diskless. Now, however, OS X 10.2 clients require a local drive, but just for swap; everything else is on the server--which could be in a locked closet, as you mention. And the local swap isn't even necessary with Server 10.3--hm, maybe Apple removed that requirement by request of a specific client?
The viriginia folks must have one huge room with some massive air handlers to circulate the air that will be trapped behind the towering walls of 1000 4U boxes.
I don't know any more than what's publicly availble, but the VT follks in the know have said that they've designed a specialized, liquid based cooling system precisely because of the issues wrt cooling this many units. The FA makes reference to this many units generating windspeeds of 60mph from fans alone.
I am gonna guess that behind each G5 rack will be a radiator type arrangement, with cooled pipes flowing with a liquid that will carry the heat away from the internal airspace, much like a large car radiator. I don't know if that would be cost-effective, or what it would take to move that much liquid, or if the radiator could be made to transfer enough heat fast enough. Maybe the liquid cooling units actually replace the internal fans directly. Who knows--I think we'll get some more details on this this week as the G5s start to come out of their boxes. They've apparently received about 10% of them already.
I caught that too. Use of Macs in 2006 no doubt depends on 2 factors: 1) how well the 2003 cluster works out, and 2) how the Mac compares to competitors in 2006. Could be a nice win for Apple, again, if they manage to keep both 1 and 2 competitive. Which remains to be seen, and I'm holding my breath.
I would pay for a photo of that. My guess, though, is that we won't have to--I'm gonna guess that Apple will supply them for free. With explanatory text like "Stomping Dell's guts since 1984" etc.
Or worse, it's a dust cloud resulting from Kupier belt objects that collided with each other over the billions of years. Single objects you could avoid, but how would you like to slam into a sandstorm at 26,000 mph?
I didn't see it stated, but is this cloud expected to lie in the orbital plane only, or does it envelope the Solar System like a sphere? If the latter, and it is a dust cloud, it could make extra-system exploration very difficult...
So what does "As a result, Karin Spaink's website,..., is entirely legal in the Netherlands." mean? That that site can be hosted in the Netherlands? If so, can/will foreign countries to the Netherlands prohibit linking or visiting his site? Doesn't this still beg the question--how are laws that are bounded by physical space impact the flow of information on the Internet that operates irrespective of physical definition?
Where I work, everyone is badged. Our badges are checked at the door; if we don't have a badge, we need to get a visitor pass from an employee that we know. Funny thing is: neither the FedEx nor the UPS guy have either badges or visitor badges, but they roam the campus freely. Apparently, I just need Brown polyester and I can go whereever I want to go. Perhaps they have to be personally recognized by the security guard--but I'm not holding my breath.
Yeah. And a fat lot of good it did Apple, too. Logically, it shouldn't help Microsoft retain their dominance any more than it prevented Apple from losing theirs.
And the reason is obvious: Moore's Law. The computers these students train on, whatever platform, will be radically different even four years later. Different enough, that besides having a generic computing familiarity, their skills learned in school won't apply.
I was going to flame you for an oversight--automatically blocking Macs et al, which is the wrong direction to take (you want to be supporting the usage of alternative OSes, since they cause less grief!)--but it looks like you thought it through. Kudos to you.
Now if you take the extra step that apparently other Unis have done--and actually charge those users that are causing the problem--and we'll be one step closer to a heterogeneous network, in which even Windows machines will magically become less exploited.