Blockbuster has a 2-day turnaround for me...although I live just outside the DC metro area and the distro center is only about 40 miles away.
Last month I went through 15 movies, which could've cost me $45-60 to rent locally (assuming I could even find that many movies worth watching amidst the rows upon rows of garbage), but instead was only $15.
I used to split Netflix with my roommates in school...but I have to say I went with BB on my own because of the price and the two free movie/game local rental coupons per month.
What does this mean?
on
Revising the GPL
·
· Score: 2, Interesting
The next version likely will have a mechanism for dealing with GPL software that has been modified and that runs on publicly accessible computers. Today, a programmer who wanted his or her GPL software to run in this public fashion could insert a programming command that would let the public download a version of the software if it's been modified. However, with the current GPL, the organization running the software could simply remove that section of the code. Stallman is considering a provision that would prohibit its removal. "If the program has such a command already, and you modify the program, you must keep that working," he said.
Any ideas what this is talking about? At first glance it kind of bothers me because it sounds like the FDL invariant sections, and possibly worse, since "...you must keep that working." Meaning now you have a legal obligation to supply some correctly working functionality in the code. I always thought a big part of open-source licenses was "no warranty" to avoid these sorts of things. Not to mention the freedom to do modify the code as you like, including removing parts.
I could be totally misunderstanding this though. Any insights appreciated.
If you get perchild working, let me know. As far as I can tell from trying to use it is that it is broken (at least on linux), and no one is doing anything to fix it--I haven't seen anything in the changelogs about it for a while now, anyways.
I manage email for a domain that was recently "dictionaried" by someone who sent *15,000* emails, each with a different username, all to the same domain. My mail system was bogged down for a while trying to deliver the bounces, all of course to non-existant return addresses, which then bounced...and so on.
I now have a catch-all setup on that domain, only it points to/dev/null.
Nmap huh? Now why would that be one of the very first programs you need to install? Perhaps you are a sysadmin concerned with the security of your internal network. Or perhaps j00 h4v3 a bur|\|1ng n33d to f1nd s0m3 n3tw3rx t0 h4X0r.
It's impressive how you can call up so much indignance over something that cost you nothing.
Whenever you get through whining, you might like to know that you only run VideoLan *once*, to get the key for your account/computer. Then all tracks you have purchased with that account can be decoded with that key. VideoLAN is not something you have to run once for every file.
For me (former Redhat user), I like Debian because it seems to be more of an "administrator's" distribution. The base install is very small at around 100MB, and comes with a minimum of fluff. The filesystem layout, particularly for configuration files, makes more sense to me (I dislike Redhat's/etc/sysconfig and messy rc setup).
Then of course there is APT, which makes staying up to date, searching for and installing new programs very simple. The package catalog is huge, far larger than Redhat's, and while of course you can download RPMs for virtually everything, you'll have to keep track of those yourself, whereas 95% of the packages you'd want for Debian are in the official repositories. And lets not get started on dependencies with RPMs.
A lot of people complain about Debian not being up-to-date, but that is simply not true if you use "unstable". The latest versions of KDE are available within days of release, and so is most other software (my only complaint is that XFree86 is still v4.2.1). And despite it's name, I use unstable exclusively on my desktop-type machines, with hardly ever a problem. I still use "stable" on my server-type machines, as I don't typically need the newest software.
As far as "testing", I don't have a lot of experience using it, but I have used stable and unstable Debian for years (I've not reinstalled my main desktop Debian system in over 5 years) and had very few package dependency problems.
Bad things about Debian:
- The current installer can be tough for people who aren't familiar with Linux. This is really a non-issue for others, however, and the next release of Debian will have a port of Redhat's installer (one of Redhat's strong points, I admit).
- If you are running a server using stable, and you need the latest versions of some server-type software (for features of course, as Debian stable is maintained security-wise), you're going to be stuck backporting from unstable or testing (which ranges from really easy to kind of painful), or compiling it the old-fashioned way.
Eh? Running Firebird 0.7 on Windows XP here, and it shows it as being an HTML file in two different places on the dialog that pops up. And it also shows a really long filename that doesn't look innocent in any way.
Ignoring the comment implying "obvious" superiority of softupdates, I'd like to point out that at least two of the journaling file systems available for Linux (JFS and XFS) come from companies with as much experience designing and writing FS code as anyone. To suggest that there is no direction or planning for code that goes into Linux (filesystems or otherwise) is pretty close-minded and bordering on ignorance, regardless of your preferences in software development strategies.
I agree for a number of reasons. Any ISP has the right to set such policies, and they can only result in better service for everyone else who actually keeps up with their security patches and doesn't waste bandwidth. How many campus residential networks went offline for extended periods over the last several weeks due to worms? Since when do people whose computers are loaded with virii and trojans have a divine right to use them on the network? I'm failing to see the big deal here.
Besides that, since when is living on-campus the only way to go? I did that for my first couple years before moving off-campus, and I wish I had moved sooner. The dorms are so incredibily expensive (and crowded) now.
Anyways I find the title of this story highly ignorant on the part of the slashdot editors, for the above reasons and more. If you dont' like the rules of on-campus dorms, move somewhere else! What does that have to do with the quality of the school or its education?
Although that has happened a few times in the past, the reason Debian released a second fix to OpenSSH was not because there was anything wrong with their first fix, but rather because the OpenSSH team discovered another vulnerability. You'll see this if you visit OpenBSD's notice regarding the problem or read changelog.Debian.gz in/usr/share/doc/ssh. You'll also notice that OpenBSD immediately released OpenSSH 3.7.1, right after 3.7.0 was released. This new version fixes those additional problems.
I agree....you have to keep updated pretty much no matter what...it's just a matter of frequency. Although I have to say I have not heard of any vulnerabilities in qmail, and I have been using it for about 3 years now. No one has claimed the cash prize that I know of either.
I hear you...You might be interested to know that Debian backports security patches to the version of the software in the stable branch, so no version upgrades necessary. Unstable (and eventually testing) get the new version of the software.
You obviously have no first-hand experience with Debian systems. Security updates for the current stable branch are always released within a day or two of any sort of advisory (usually on the same day). The security patches are often backported to older versions rather than just using the newest version of the software. This makes life easy many admins, as new versions of software can be non-backwards compatible or behave differently than older versions.
And if you don't mind this, you can always use the "testing" or "unstable" branches for cutting-edge software.
Besides the fact that Debian is extremely easy to update:
Really? Could you point to an example of a vulnerability? Someone must be missing out on some money, because no one has yet to claim the cash reward.
P.S. I've been running qmail on many hosts for several years with nary a problem of any kind. Just because an update isn't released every 2 weeks doesn't mean it's insecure or "bitrotted." If it isn't broken, dont' fix it.
"Easy" does not equate to "no knowledge required." "Easy" means reasonable defaults, fewer steps necessary for a secure installation, good documentation, and a sensible configuration method.
Oh, and minimal maintenance required (like patches for critical security holes).
One does not need to follow the MS way of doing things in order to have an easy-to-administer server...and a server does not need to be difficult to configure to be secure.
The fact is, I administer a number of qmail systems, and I find it easy to configure and maintain. So yes, you *can* have your cake and eat it too.
I agree that probably 90% of security holes with any system are due to poor configuration. However, some packages (like sendmail) make it very easy to misconfigure. This is not to say that admins should be lazy, just that it helps when software doesn't make it so difficult to configure securely. qmail is a cinch, and despite your intimations it is very powerful.
For the record, there is a 2001 survey here with statistics on 958 SMTP servers found in a group of 1000000 randomly chosen IPs. If you will note, sendmail leads with 401 machines, IIS/exchange next with 176 and qmail with 167. I hardly think the fact that sendmail runs on less than 2.5 times as many machines as qmail is the cause of the 0 to 100 advisory differential between the two. You dont' hear as much about qmail because it just works...there's not some huge hole found in it with disturbing regularity. And it's practically fire and forget configuration-wise. Regarding features, there are plenty of add-ons that give it 99% of those that sendmail has.
Hmm, I use putty with Debian sarge, woody and sid machines regularly, as well as with a RH 7.2 box, and I am able to use '/' without a problem. Are you using the latest version of putty? Or maybe some settings are being held over from an old version? It can be made to work without too much difficulty I'm sure:)
Let's see...a search for advisories on Security Focus with "sendmail" = 100 hits. qmail gives 1 hit, and it isn't even for qmail, it's for "masqmail".
It's time for the sendmail people to start from scratch. You can keep patching all you want (and apparently take two months to do it), but if your initial security design model is flawed, you are going to keep finding holes.
That doesn't help when you're in a terminal window, which is one of the big advantages to Unix
Agreed...and 'info' is a pain to use. However, I have found pinfo to be quite usable. It behaves similarly to lynx with respect to following links, page scrolling, and searching.
Why do people insist on inventing new and confusing interfaces to programs? Sometimes even it is a huge win for a program to use one that people are familiar with rather than inventing something that might be 1% more efficient for the people who actually bother to learn to use it (of course wasting far more time than could theoretically be saved using the "more efficient" interface). I have noticed this in several GNU programs. Many of them seem to enjoy changing established conventions just for the heck of it. Oh well.
I have to agree with most people's experience here. Sure, djbdns has a bit of a learning curve, but if you know how DNS works and have a bit of patience, it's not bad and it's worth the effort. Once you understand it, it's actually much simpler and easier to maintain, too. DJB's online docs are helpful if you work through them, (though I do sometimes wish he would include built-in help in his command-line utils), and the way he does things does usually make more sense when you think about them. daemontools is pretty slick if you ask me, and the modularization of the djbdns package is really a good idea. I mean isn't that what UNIX is all about? Writing programs to do one thing, and do it well? tinydns and dnscache are trivially easy to set up once you have done it before, and the best part is, it's easy to secure them. Unlike BIND, where it's easy to make a mistake if you don't know what you are doing...and lord knows that improperly configured servers are probably responsible for 90% of break-ins.
Besides, who else gives an actual security guarantee? I mean look at qmail's track record. Hasn't it been around for 6 years now? And how many holes has it had? How about sendmail for comparison? I'm inclined to believe that djbdns/qmail are some of the most secure server programs ever written. Sure DJB might be lacking some of the social graces many of us take for granted, but it would appear that he knows what he's talking about, and I would trust his software over pretty much anyone else's.
Slashdot Mirror
Blockbuster has a 2-day turnaround for me...although I live just outside the DC metro area and the distro center is only about 40 miles away.
Last month I went through 15 movies, which could've cost me $45-60 to rent locally (assuming I could even find that many movies worth watching amidst the rows upon rows of garbage), but instead was only $15.
I used to split Netflix with my roommates in school...but I have to say I went with BB on my own because of the price and the two free movie/game local rental coupons per month.
The next version likely will have a mechanism for dealing with GPL software that has been modified and that runs on publicly accessible computers. Today, a programmer who wanted his or her GPL software to run in this public fashion could insert a programming command that would let the public download a version of the software if it's been modified. However, with the current GPL, the organization running the software could simply remove that section of the code. Stallman is considering a provision that would prohibit its removal. "If the program has such a command already, and you modify the program, you must keep that working," he said.
Any ideas what this is talking about? At first glance it kind of bothers me because it sounds like the FDL invariant sections, and possibly worse, since "...you must keep that working." Meaning now you have a legal obligation to supply some correctly working functionality in the code. I always thought a big part of open-source licenses was "no warranty" to avoid these sorts of things. Not to mention the freedom to do modify the code as you like, including removing parts.
I could be totally misunderstanding this though. Any insights appreciated.
If you get perchild working, let me know. As far as I can tell from trying to use it is that it is broken (at least on linux), and no one is doing anything to fix it--I haven't seen anything in the changelogs about it for a while now, anyways.
I manage email for a domain that was recently "dictionaried" by someone who sent *15,000* emails, each with a different username, all to the same domain. My mail system was bogged down for a while trying to deliver the bounces, all of course to non-existant return addresses, which then bounced...and so on.
/dev/null.
I now have a catch-all setup on that domain, only it points to
Nmap huh? Now why would that be one of the very first programs you need to install? Perhaps you are a sysadmin concerned with the security of your internal network. Or perhaps j00 h4v3 a bur|\|1ng n33d to f1nd s0m3 n3tw3rx t0 h4X0r.
It's impressive how you can call up so much indignance over something that cost you nothing.
Whenever you get through whining, you might like to know that you only run VideoLan *once*, to get the key for your account/computer. Then all tracks you have purchased with that account can be decoded with that key. VideoLAN is not something you have to run once for every file.
Hey, way to plagiarize.
The lesson is clear: stay out of movie theaters and you won't get arrested.
Or how about, DON'T BREAK THE LAW.
Here are windows binaries in a nice installer. 2.0pre4 is the newest release available at the moment, but it is working fine for me right now.
For me (former Redhat user), I like Debian because it seems to be more of an "administrator's" distribution. The base install is very small at around 100MB, and comes with a minimum of fluff. The filesystem layout, particularly for configuration files, makes more sense to me (I dislike Redhat's /etc/sysconfig and messy rc setup).
Then of course there is APT, which makes staying up to date, searching for and installing new programs very simple. The package catalog is huge, far larger than Redhat's, and while of course you can download RPMs for virtually everything, you'll have to keep track of those yourself, whereas 95% of the packages you'd want for Debian are in the official repositories. And lets not get started on dependencies with RPMs.
A lot of people complain about Debian not being up-to-date, but that is simply not true if you use "unstable". The latest versions of KDE are available within days of release, and so is most other software (my only complaint is that XFree86 is still v4.2.1). And despite it's name, I use unstable exclusively on my desktop-type machines, with hardly ever a problem. I still use "stable" on my server-type machines, as I don't typically need the newest software.
As far as "testing", I don't have a lot of experience using it, but I have used stable and unstable Debian for years (I've not reinstalled my main desktop Debian system in over 5 years) and had very few package dependency problems.
Bad things about Debian:
- The current installer can be tough for people who aren't familiar with Linux. This is really a non-issue for others, however, and the next release of Debian will have a port of Redhat's installer (one of Redhat's strong points, I admit).
- If you are running a server using stable, and you need the latest versions of some server-type software (for features of course, as Debian stable is maintained security-wise), you're going to be stuck backporting from unstable or testing (which ranges from really easy to kind of painful), or compiling it the old-fashioned way.
Give it a shot...who knows, maybe you'll like it.
Eh? Running Firebird 0.7 on Windows XP here, and it shows it as being an HTML file in two different places on the dialog that pops up. And it also shows a really long filename that doesn't look innocent in any way.
Ignoring the comment implying "obvious" superiority of softupdates, I'd like to point out that at least two of the journaling file systems available for Linux (JFS and XFS) come from companies with as much experience designing and writing FS code as anyone. To suggest that there is no direction or planning for code that goes into Linux (filesystems or otherwise) is pretty close-minded and bordering on ignorance, regardless of your preferences in software development strategies.
I agree for a number of reasons. Any ISP has the right to set such policies, and they can only result in better service for everyone else who actually keeps up with their security patches and doesn't waste bandwidth. How many campus residential networks went offline for extended periods over the last several weeks due to worms? Since when do people whose computers are loaded with virii and trojans have a divine right to use them on the network? I'm failing to see the big deal here.
Besides that, since when is living on-campus the only way to go? I did that for my first couple years before moving off-campus, and I wish I had moved sooner. The dorms are so incredibily expensive (and crowded) now.
Anyways I find the title of this story highly ignorant on the part of the slashdot editors, for the above reasons and more. If you dont' like the rules of on-campus dorms, move somewhere else! What does that have to do with the quality of the school or its education?
Although that has happened a few times in the past, the reason Debian released a second fix to OpenSSH was not because there was anything wrong with their first fix, but rather because the OpenSSH team discovered another vulnerability. You'll see this if you visit OpenBSD's notice regarding the problem or read changelog.Debian.gz in /usr/share/doc/ssh. You'll also notice that OpenBSD immediately released OpenSSH 3.7.1, right after 3.7.0 was released. This new version fixes those additional problems.
I agree....you have to keep updated pretty much no matter what...it's just a matter of frequency. Although I have to say I have not heard of any vulnerabilities in qmail, and I have been using it for about 3 years now. No one has claimed the cash prize that I know of either.
If someone knows better, feel free to correct me.
I hear you...You might be interested to know that Debian backports security patches to the version of the software in the stable branch, so no version upgrades necessary. Unstable (and eventually testing) get the new version of the software.
And as always, updates are easy:
apt-get update
apt-get upgrade
You obviously have no first-hand experience with Debian systems. Security updates for the current stable branch are always released within a day or two of any sort of advisory (usually on the same day). The security patches are often backported to older versions rather than just using the newest version of the software. This makes life easy many admins, as new versions of software can be non-backwards compatible or behave differently than older versions.
And if you don't mind this, you can always use the "testing" or "unstable" branches for cutting-edge software.
Besides the fact that Debian is extremely easy to update:
apt-get update
apt-get upgrade
Know what you are talking about before you speak.
Really? Could you point to an example of a vulnerability? Someone must be missing out on some money, because no one has yet to claim the cash reward.
P.S. I've been running qmail on many hosts for several years with nary a problem of any kind. Just because an update isn't released every 2 weeks doesn't mean it's insecure or "bitrotted." If it isn't broken, dont' fix it.
Yeah, but can I get font antialiasing with that? :)
"Easy" does not equate to "no knowledge required." "Easy" means reasonable defaults, fewer steps necessary for a secure installation, good documentation, and a sensible configuration method.
Oh, and minimal maintenance required (like patches for critical security holes).
One does not need to follow the MS way of doing things in order to have an easy-to-administer server...and a server does not need to be difficult to configure to be secure.
The fact is, I administer a number of qmail systems, and I find it easy to configure and maintain. So yes, you *can* have your cake and eat it too.
I agree that probably 90% of security holes with any system are due to poor configuration. However, some packages (like sendmail) make it very easy to misconfigure. This is not to say that admins should be lazy, just that it helps when software doesn't make it so difficult to configure securely. qmail is a cinch, and despite your intimations it is very powerful.
For the record, there is a 2001 survey here with statistics on 958 SMTP servers found in a group of 1000000 randomly chosen IPs. If you will note, sendmail leads with 401 machines, IIS/exchange next with 176 and qmail with 167. I hardly think the fact that sendmail runs on less than 2.5 times as many machines as qmail is the cause of the 0 to 100 advisory differential between the two. You dont' hear as much about qmail because it just works...there's not some huge hole found in it with disturbing regularity. And it's practically fire and forget configuration-wise. Regarding features, there are plenty of add-ons that give it 99% of those that sendmail has.
When in doubt, check the facts.
Hmm, I use putty with Debian sarge, woody and sid machines regularly, as well as with a RH 7.2 box, and I am able to use '/' without a problem. Are you using the latest version of putty? Or maybe some settings are being held over from an old version? It can be made to work without too much difficulty I'm sure :)
Let's see...a search for advisories on Security Focus with "sendmail" = 100 hits. qmail gives 1 hit, and it isn't even for qmail, it's for "masqmail".
It's time for the sendmail people to start from scratch. You can keep patching all you want (and apparently take two months to do it), but if your initial security design model is flawed, you are going to keep finding holes.
That doesn't help when you're in a terminal window, which is one of the big advantages to Unix
Agreed...and 'info' is a pain to use. However, I have found pinfo to be quite usable. It behaves similarly to lynx with respect to following links, page scrolling, and searching.
Why do people insist on inventing new and confusing interfaces to programs? Sometimes even it is a huge win for a program to use one that people are familiar with rather than inventing something that might be 1% more efficient for the people who actually bother to learn to use it (of course wasting far more time than could theoretically be saved using the "more efficient" interface). I have noticed this in several GNU programs. Many of them seem to enjoy changing established conventions just for the heck of it. Oh well.
I have to agree with most people's experience here. Sure, djbdns has a bit of a learning curve, but if you know how DNS works and have a bit of patience, it's not bad and it's worth the effort. Once you understand it, it's actually much simpler and easier to maintain, too. DJB's online docs are helpful if you work through them, (though I do sometimes wish he would include built-in help in his command-line utils), and the way he does things does usually make more sense when you think about them. daemontools is pretty slick if you ask me, and the modularization of the djbdns package is really a good idea. I mean isn't that what UNIX is all about? Writing programs to do one thing, and do it well? tinydns and dnscache are trivially easy to set up once you have done it before, and the best part is, it's easy to secure them. Unlike BIND, where it's easy to make a mistake if you don't know what you are doing...and lord knows that improperly configured servers are probably responsible for 90% of break-ins.
Besides, who else gives an actual security guarantee? I mean look at qmail's track record. Hasn't it been around for 6 years now? And how many holes has it had? How about sendmail for comparison? I'm inclined to believe that djbdns/qmail are some of the most secure server programs ever written. Sure DJB might be lacking some of the social graces many of us take for granted, but it would appear that he knows what he's talking about, and I would trust his software over pretty much anyone else's.