A critical vulnerability has been identified in Sendmail, which could be exploited by remote attackers or network worms to take complete control of an affected system. This flaw is due to errors in the "setjmp()", "longjmp()" and "sm_syslog()" functions that do not properly handle certain asynchronous signals, which could be exploited by remote unauthenticated attackers to execute arbitrary commands by sending specially crafted requests to the SMTP port.
How about also exposing the companies that pay for the information gathered by spyware/adware? In other words, the ones actually funding it...
/Didn't RTFA
Re:People have done this for years!!
on
Hard Drive Window
·
· Score: 1
People have done this for years!!
Actually the mod by Linear (TFA) was done years ago. There isn't a date on the article as far as I can tell, so I can see how someone might assume that if it's new to them, it's new to everyone.
Their lack of ability to think for themselves convinced me that if for some unknown reason my future is ever in the hands of a jury, I'm totally hosed. My subsequent jury duty experiences have done nothing to assuage my fears.
Having sat on a civil jury, I am now even further convinced that committing a crime is literally gambling with your life. I do not trust my fellow citizen to provide a (wait for it) "fair and balanced" approach to deliberations. And even if they did, I fear that most Americans are not given the opportuntity to practice their critical thinking skills. Sure, maybe they can get by at work without those skills, but when my fate is being decided in a court room, I want people to be able to differentiate fact from innuendo.
I wouldn't say SOE was trying to screw up the game, it just seems like they had three problems:
1. Poor QA 2. Poor change control 3. A lack of time/ability to polish their product.
I certainly agree that their design was good but the implementation was flawed.
The perfect example of this was the "Test Center" servers. Publicly, SOE asked the players to test the upcoming publishes on these servers. There were plenty of bugs of course, but this is a "test" server so to a degree one might expect that. A lot of the bugs would be "obvious" game breaking bugs, leading one to think that very little QA had been done on the TC release. But let's just accept that for now and move on... so the players test it and report bugs (game breaking bugs). Publishes would be announced ahead of time of course, and on the day of the publish, they got pushed to live whether they were ready or not. Imagine the frustration of a TC player who spent time beta testing the publish only to have it released with the same game-breaking, reproducible bugs they had just reported. Except now those bugs affected the entire population of Galaxies; many players would simply wait a day or two after a publish before logging on, just so they would know (by reading the forums) how to work around the bugs.
If I am searching for their Madonna, well, they will probably make a cut of whatever I find that I might buy from that search.
If Warner is successful, keep an eye out for the music industry's minions/enslaved artists to pop up in the news more often. Think about Madonna's publicized trip to Israel a while back; imagine how many Google searches get generated after that (in Google News or elsewhere). As far as the music industry is concerned, this is literally a way to print money (or perhaps more accurately, siphon it from Google's accounts).
It makes it harder, but if the attacker achieves root (well, you're toast, anyways), they can then modify the boot scripts so that their script loads before everything is locked down. This is why you lock down the Kernal from loading modules at all -- it means that they then have to replace the entire kernel. If you're lucky, they'll modify the boot scripts, not knowing that it does them no good.
If an attacker gains root on my system, and "attempts" to install a rootkit into my startup scripts, that means they have to reboot the system to take effect. So they do so. Now the system comes back up, but they don't have a working rootkit. The vulnerability is still there so they just exploit it again to get root, and this time recompile the kernel appropriately. You were hinting at this in your comment but I really think it is worth making clear;
I understand that rootkits are a problem but once someone has root you're out of luck either way. The issue on Windows is that so many end users run as Administrator that they are far more likely to get hit by a rootkit.
On a side note, does anyone know the command for apt-get / dpkg to verify all my installed binaries?
A massive 61% don't understand the difference between gigabytes, kilobytes and megabytes and as a result have sent e-mails with huge attachments that have blocked clients' systems.
This is partially a side effect of not understanding the metric system. Cue Grandpa Simpson's quote about gas milage. While certainly a mail administrator can configure this to avoid overflowing their own system, the end user will still generate a complaint as to why they can't send mail. The real misunderstanding is file size comparisions. For example, if you didn't know how big a "gigabyte" was, you might think one or two gigabytes wasn't very large (as far as emails go).
WinAmp I'm willing to cut a little slack because they can't even seem to find the %USERPROFILE% directory to save settings, let alone have such advances as following HIG./sarcasm
This is true by default on Linux but set to false on Windows. By setting this to false, you can then middle click to close tabs. Note you may still need to enable a preference to close tabs on middle click (through the preferences dialog).
I could see the address book being stored in MySQL, so I'll concede that. But with a high performance server like Cyrus (with whatever backend you want) the webmail system should not do its own storage of mail.
IMP/Horde (or whatever it's called) used MySQL as well and I think that's why many turned to SquirrelMail instead.
Incidently I found an open source mail client that has a lot of similar functions: Round Cube I have installed that and it is almost as impressive
It looks pretty nice, but I am just surprised it requires MySQL. Is that for storing configs? SquirrelMail works without MySQL and it manages to save my configs just fine.
I'm definitely happy with SquirrelMail; I wish I was a real web developer as I could do something useful towards Async Javascript integration into SM.
I've heard, however, that SM1.5 has a much better templating engine which should make for easier integration of DHTML/AJ goodies.
My understanding of how LILO works is that it hardcodes the location of your kernel image when you run "lilo". Then when it boots it just starts loading the kernel from that point. If I upgrade the kernel I have to rerun "lilo", and I better hope that kernel will boot and I had a backup boot entry or I will be digging out my boot CDs.
Now I'm using GRUB because at least if I goof up/corrupt my config file it will still boot. It boots into a very simple shell from which I can inspect partitions and determine where my kernel went, and then boot it.
How many times did I end up with a "LI" on the screen and nothing else... or endless rows of "01"? I haven't had these problems with GRUB; it just boots to a prompt and I can recover from there.
<promotion target="self" type="shameless"> Also, for those of you wanting to migrate to a software root RAID, check out a guide I wrote: Migrating To A Mirrored RAID Using GRUB </promotion>
By midday, senior executives including Microsoft Chairman Bill Gates and CEO Steve Ballmer were notified. The "Executive e-mail" is a key part of the response process, and it includes the use of a very specific, high-priority subject line to make sure the mail is read by the senior executives.
So how long until this special subject line is either released and/or "bruteforced"?
I used to think that if a move wasn't "original" it was just flat out bad; the writer(s) just leeched off someone else. I used to think "why aren't there any good movies, why are they all so predictable?"
Certainly, in a market like the US any movie that is "strange" will not sell as well and thus big theaters are less likely to show it. But I think the problem is deeper than that.
Every type of plot has been done: love triangles, revenge, etc. This is why I thought movies were not "original". But each movie is different; each has its own set of characters and we go to watch the characters interact as much as we want to know what happens. Bad acting and poor screenwriting make even a good plot unbearable.
This is why remakes, sequels and overdone special effects are often seen as signs of a bad movie; the focus shifts from the characters and story to the "flashy things" ("bling"). For an experienced movie-goer, "average" characters and acting isn't good enough anymore; you can pick out the flaws in a movie and that makes it less enjoyable. When studios use sequels and remakes as a crutch, they typically skimp on the important stuff like story, characters, and quality acting. In the end, they want to make money and if you still go when they half-ass it, why should they try harder the next time? From a business standpoint, it is far far cheaper to half-ass a movie and thus your profit is far greater.
In many ways the industry is maturing; movies are a mass-market medium, but the public has become more demanding and are looking for quality.
Check out The Art of Dramatic Writing for some hints on writing and why the characters are what drive the success, not the plot, special effects, or handome lead.
The default policies on a Windows 2000/XP box give Power Users the ability to schedule tasks. Try this as a Power User:
at 00:00/interactive cmd.exe
Where "00:00" is a 24-hour time at which you'd like to escalate privileges; one minute in the future works well.
Wait a minute and up pops a command prompt on the console (may not be visible via TS/RDC), which is now running as Local System (NT_AUTHORITY\SYSTEM), which has full adminstrator permissions and more.
You can use this to kill errant services, among other things, however a malicious user can use this trick to then do pretty much whatever they want. This works *great* when you need to do things like recover from a corrupt Active Directory domain security policy.
Note that regular users cannot schedule tasks by default.
Slackware has this (or something rather like this) -- it comes with a whole set of kernels compiled for different kinds of hardware.
I think the grandparent was talking about different kernel tuning parameters based on the intended usage for the system. For example, the max number of open sockets or file handles or whatever (I'm not a developer and don't tune my kernels so I can't be specific).
The architecture isn't the issue here as most vendors have pre-build kernels for this.
What might be nice is a separate RPM/DEB/etc that auto configured kernel options at boot for you based on your preferred system "type" (or even better, your measured usage over time).
Obviously there will be different kernel tweaks (through/proc I assume) for a web server, file server, database server, firewall, and a graphics workstation.
Public perception is a funny thing... now if we routinely sent thousands or tens of thousands of people to space, the media hype over accidents would subside considerably (on a national level anyway).
A good example there might be the airline industry?
You're right, the media isn't whipped into a frenzy when an airliner crashes.
Try running 50 copies of your calculator app and just watch as each one drops to hardly anything.
While I understand the point of your statement, you have to admit that the example is rediculous. I guess the real question is how many of these "memory hogging" processes can be run concurrently. Most people are probably going to run a.NET app once or maybe twice at the most. Granted, on a server this will be different, but the parent is talking about Avalon, not a web server. So I guess as long as the same libraries are used, you won't suffer much of an impact.
Slashdot Mirror
Most likely, this "confirmation" by SOE is designed to counter stories like this blog entry:
SOE losing Star Wars: Galaxies license? @ GameSpot
Given the previous statements made by SOE concerning SWG, any comments from their PR department should be cast in a very skeptical light.
http://www.frsirt.com/english/advisories/2006/104
Déjà vu
I think I've heard that before...
How about also exposing the companies that pay for the information gathered by spyware/adware? In other words, the ones actually funding it...
/Didn't RTFA
Actually the mod by Linear (TFA) was done years ago. There isn't a date on the article as far as I can tell, so I can see how someone might assume that if it's new to them, it's new to everyone.
Having sat on a civil jury, I am now even further convinced that committing a crime is literally gambling with your life. I do not trust my fellow citizen to provide a (wait for it) "fair and balanced" approach to deliberations. And even if they did, I fear that most Americans are not given the opportuntity to practice their critical thinking skills. Sure, maybe they can get by at work without those skills, but when my fate is being decided in a court room, I want people to be able to differentiate fact from innuendo.
I wouldn't say SOE was trying to screw up the game, it just seems like they had three problems:
1. Poor QA
2. Poor change control
3. A lack of time/ability to polish their product.
I certainly agree that their design was good but the implementation was flawed.
The perfect example of this was the "Test Center" servers. Publicly, SOE asked the players to test the upcoming publishes on these servers. There were plenty of bugs of course, but this is a "test" server so to a degree one might expect that. A lot of the bugs would be "obvious" game breaking bugs, leading one to think that very little QA had been done on the TC release.
But let's just accept that for now and move on... so the players test it and report bugs (game breaking bugs). Publishes would be announced ahead of time of course, and on the day of the publish, they got pushed to live whether they were ready or not.
Imagine the frustration of a TC player who spent time beta testing the publish only to have it released with the same game-breaking, reproducible bugs they had just reported. Except now those bugs affected the entire population of Galaxies; many players would simply wait a day or two after a publish before logging on, just so they would know (by reading the forums) how to work around the bugs.
Patent reform as proposed by arkanes:
[x] Yes
[ ] No
#2, #3 and #7 would solve a lot of problems...
Granted, this is old SCO not new SCO, but it's amusing they show up on this list.
Strangely, I don't see ALGORE.COM on that list.
...HaikuOS has a paid developer for a few weeks.
Axel's development blog is available, as is the story on OSNews where I found the link.
Apparently, Haiku should have a bootable CD image soon.
If Warner is successful, keep an eye out for the music industry's minions/enslaved artists to pop up in the news more often. Think about Madonna's publicized trip to Israel a while back; imagine how many Google searches get generated after that (in Google News or elsewhere). As far as the music industry is concerned, this is literally a way to print money (or perhaps more accurately, siphon it from Google's accounts).
If an attacker gains root on my system, and "attempts" to install a rootkit into my startup scripts, that means they have to reboot the system to take effect. So they do so. Now the system comes back up, but they don't have a working rootkit. The vulnerability is still there so they just exploit it again to get root, and this time recompile the kernel appropriately. You were hinting at this in your comment but I really think it is worth making clear;
I understand that rootkits are a problem but once someone has root you're out of luck either way. The issue on Windows is that so many end users run as Administrator that they are far more likely to get hit by a rootkit.
On a side note, does anyone know the command for apt-get / dpkg to verify all my installed binaries?
This is partially a side effect of not understanding the metric system. Cue Grandpa Simpson's quote about gas milage. While certainly a mail administrator can configure this to avoid overflowing their own system, the end user will still generate a complaint as to why they can't send mail. The real misunderstanding is file size comparisions. For example, if you didn't know how big a "gigabyte" was, you might think one or two gigabytes wasn't very large (as far as emails go).
WinAmp I'm willing to cut a little slack because they can't even seem to find the %USERPROFILE% directory to save settings, let alone have such advances as following HIG. /sarcasm
Set "middlemouse.paste" to false in about:config.
This is true by default on Linux but set to false on Windows. By setting this to false, you can then middle click to close tabs. Note you may still need to enable a preference to close tabs on middle click (through the preferences dialog).
I could see the address book being stored in MySQL, so I'll concede that. But with a high performance server like Cyrus (with whatever backend you want) the webmail system should not do its own storage of mail.
IMP/Horde (or whatever it's called) used MySQL as well and I think that's why many turned to SquirrelMail instead.
Incidently I found an open source mail client that has a lot of similar functions: Round Cube I have installed that and it is almost as impressive
It looks pretty nice, but I am just surprised it requires MySQL. Is that for storing configs? SquirrelMail works without MySQL and it manages to save my configs just fine.
I'm definitely happy with SquirrelMail; I wish I was a real web developer as I could do something useful towards Async Javascript integration into SM.
I've heard, however, that SM1.5 has a much better templating engine which should make for easier integration of DHTML/AJ goodies.
My understanding of how LILO works is that it hardcodes the location of your kernel image when you run "lilo". Then when it boots it just starts loading the kernel from that point. If I upgrade the kernel I have to rerun "lilo", and I better hope that kernel will boot and I had a backup boot entry or I will be digging out my boot CDs.
Now I'm using GRUB because at least if I goof up/corrupt my config file it will still boot. It boots into a very simple shell from which I can inspect partitions and determine where my kernel went, and then boot it.
How many times did I end up with a "LI" on the screen and nothing else... or endless rows of "01"? I haven't had these problems with GRUB; it just boots to a prompt and I can recover from there.
<promotion target="self" type="shameless">
Also, for those of you wanting to migrate to a software root RAID, check out a guide I wrote:
Migrating To A Mirrored RAID Using GRUB
</promotion>
So how long until this special subject line is either released and/or "bruteforced"?
I used to think that if a move wasn't "original" it was just flat out bad; the writer(s) just leeched off someone else. I used to think "why aren't there any good movies, why are they all so predictable?"
Certainly, in a market like the US any movie that is "strange" will not sell as well and thus big theaters are less likely to show it. But I think the problem is deeper than that.
Every type of plot has been done: love triangles, revenge, etc. This is why I thought movies were not "original". But each movie is different; each has its own set of characters and we go to watch the characters interact as much as we want to know what happens. Bad acting and poor screenwriting make even a good plot unbearable.
This is why remakes, sequels and overdone special effects are often seen as signs of a bad movie; the focus shifts from the characters and story to the "flashy things" ("bling"). For an experienced movie-goer, "average" characters and acting isn't good enough anymore; you can pick out the flaws in a movie and that makes it less enjoyable. When studios use sequels and remakes as a crutch, they typically skimp on the important stuff like story, characters, and quality acting. In the end, they want to make money and if you still go when they half-ass it, why should they try harder the next time? From a business standpoint, it is far far cheaper to half-ass a movie and thus your profit is far greater.
In many ways the industry is maturing; movies are a mass-market medium, but the public has become more demanding and are looking for quality.
Check out The Art of Dramatic Writing for some hints on writing and why the characters are what drive the success, not the plot, special effects, or handome lead.
The default policies on a Windows 2000/XP box give Power Users the ability to schedule tasks. Try this as a Power User:
/interactive cmd.exe
at 00:00
Where "00:00" is a 24-hour time at which you'd like to escalate privileges; one minute in the future works well.
Wait a minute and up pops a command prompt on the console (may not be visible via TS/RDC), which is now running as Local System (NT_AUTHORITY\SYSTEM), which has full adminstrator permissions and more.
You can use this to kill errant services, among other things, however a malicious user can use this trick to then do pretty much whatever they want. This works *great* when you need to do things like recover from a corrupt Active Directory domain security policy.
Note that regular users cannot schedule tasks by default.
Slackware has this (or something rather like this) -- it comes with a whole set of kernels compiled for different kinds of hardware.
/proc I assume) for a web server, file server, database server, firewall, and a graphics workstation.
I think the grandparent was talking about different kernel tuning parameters based on the intended usage for the system. For example, the max number of open sockets or file handles or whatever (I'm not a developer and don't tune my kernels so I can't be specific).
The architecture isn't the issue here as most vendors have pre-build kernels for this.
What might be nice is a separate RPM/DEB/etc that auto configured kernel options at boot for you based on your preferred system "type" (or even better, your measured usage over time).
Obviously there will be different kernel tweaks (through
Public perception is a funny thing... now if we routinely sent thousands or tens of thousands of people to space, the media hype over accidents would subside considerably (on a national level anyway).
A good example there might be the airline industry?
You're right, the media isn't whipped into a frenzy when an airliner crashes.
Didn't Darl admit he carries a pistol with him at all times? /tinfoil (and bulletproof?) hat
Try running 50 copies of your calculator app and just watch as each one drops to hardly anything.
.NET app once or maybe twice at the most. Granted, on a server this will be different, but the parent is talking about Avalon, not a web server. So I guess as long as the same libraries are used, you won't suffer much of an impact.
While I understand the point of your statement, you have to admit that the example is rediculous. I guess the real question is how many of these "memory hogging" processes can be run concurrently. Most people are probably going to run a