They'd better be property. for what I paid for mine I really wouldn't appreciate the government coming along and taking them away. I think these law makers and judges should seriously begin seeking out expert advice on these subjects.
``if a component claims to be up-to-date but doesn't work with Linux, can I sue?''
I really doubt it . . . for the same reason most computer companies' technical support refuse to help. If you computer isn't running windows, then any problems you have are your own.
How so? If my machine was compromised and I didn't understand how it was exploited, I would want to find out how it was done so I could patch the hole ASAP. If everyone else learns from it as well then all the more power to them. Security cannot be effectively developed by obscuring knowledge. And no, IANAL.
``But when the 6.02e23rd victim of the LOVEBUG emails them... they just don't care anymore.''
I agree that a common security hole won't cause a huge stir in the security world, however it is important to at least know how your machine was compromised. . . especially if you're not a security expert yourself. While they may not ``care'' per se, someone would be at least kind enough to point you in the right direction in terms of a solution.
Then again, it could be a new exploit that does need attention. You never know until the situation has been assessed by someone who knows what they're looking at.
Your best bet would be to head over to SecurityFocus and get on their ``Incidents'' mailing list. Give a thorough explanation of everything you know along with any recoverable (and relevant) logs. There's hundreds, if not thousands of security professionals on that list who would gladly help you out.
FreeVeracity sounds cool. FreeVeracity should be put on all my linux boxes. FreeVeracity might someday rival TripWire. FreeVeracity story submitters should learn to use pronouns.;-)
I think OSDN bought out Andover thereby inheriting all the sites under its reign.   (a.k.a. Slashdot, Freshmeat and a whole schlew of others.) Interestingly enough, OSDN is actually using a modified version of Slash.:-)
Actually makes a lot of sense when you think about it. Ever see those toys in the science shops that have the floating magnets on a stick, or try to push two magnets together?
Just imagine making roads out of magnetic material . . . we might be closer to those ``Back to the Future'' cars than we think.;-)
Microsoft can't even get their software right and people are supposed to trust their physical components of their home appliances with them? I just can't wait to see how my toaster handles a BSOD. %-)
I'm not even going to comment on the security implications of this and the whole ``home on the web'' thing.
Is it just me or does anyone else have a really hard time reading that article? I mean, using arial font at such a small text size makes web sites such as these virtually unreadable. (At least to a non-MS web user) Don't these webmasters believe in viewability across browsers? Sorry to complain but I hate having to change my character set from Western ISO 8859-1 to Western ISO 8859-15 and back every time I go to read one of these pages.
Ok... and for the moderators... I'm seriously looking forward to this movie. I've been a Batman fan as far back as I could open a comic book and look at the pictures.:-) Just hope they do it right this time.
If you work in the graphics/animation industry that space goes real fast. Look at Pixtar for example. "Toy Story" had to be saved somewhere during it's development.:-)
``Even if you are an aging boomer who was writing for mainframes back in the 60's, most of "computer history" happened long before you were born.''
True.:-) Unfortunately heroes such as Ms. Lovelace and Mr. Babbage only manage to get a paragraph or two in most computer books. Even more unfortunately, there's not much else to say besides what's already briefly stated.
A book would be a more than welcome addition to the industry, however I find it hard to see where a person would be able to make a living off of teaching the subject . . . at least at this point in time.
To be honest I don't think the computer has been around long enough to warrant such a field. For most of us "computer history" is just a recent memory. Perhaps in 20 or 30 years computer history will outgrow the bounds of the first chapter in your favorite Computer Science textbook and have its own area of study.
As much as I hate Microsoft, I would have to say that this problem is more of the admins' fault than anything. Personally I'd rather spend a few minutes ReadingTFM than days trying to recover a lost system.
"does anyone other than me find it a little wrong that the default password was actually published instead of a description of the vulnerability without the password?"
As a subscriber of the SecurityFocus lists I have noticed that the media often doesn't even get a drift of a problem such as this until it has been thouroughly discussed, solved and broadcast to the thousands of other list subscribers. Like it or not few of these subscribers are our ever beloved crackers. Simply put, the media is just publishing already common (in the security world anyway) knowledge.
According to http://members.ping.at/theofilu/netsc ape.html, Netscape gets its problems from memory management functions (big surprise there) in the the libc.so.x.x.x library. I'm trying the fix recommended on that page, sounds like it might help clear up the other Java problems.
Strange... I've had nothing but problems with Java on Linux, no matter what version I try to run it always has a tendancy to hang up. The only success I've had is running Java in Linux apps on top of Solaris. Check out lxrun for more details.:-)
Btw I run RedHat 6.2. Does anyone have any idea why it has such a hard time with Java apps in general? (Besides Netscape)
I agree with you fully. The RBHL, being a fully voluntary service, is essentially no different than each individual user keeping their own black list. It just provides a convienient means of doing so. If these ISPs do not like being blocked, then they should seriously consider auditing their anti-spam utilities and catch up with the thousands who do not have such severe problems.
I think the main point of the story is that certain (unnamed) religious institutions feel that it is their duty to cram their ideals down the throats of everyone else in order to "save" them. It's just nice to know that the people of Kansas are speaking out and showing that they have the capability of thinking for themselves. Sorry if this sounds offensive, but everyone has their own set of beliefs and morals. To say that yours and only yours is correct is just plain ignorant.
Slashdot Mirror
They'd better be property. for what I paid for mine I really wouldn't appreciate the government coming along and taking them away. I think these law makers and judges should seriously begin seeking out expert advice on these subjects.
``if a component claims to be up-to-date but doesn't work with Linux, can I sue?''
I really doubt it . . . for the same reason most computer companies' technical support refuse to help. If you computer isn't running windows, then any problems you have are your own.
That's the leech talk of a lawyer...
How so? If my machine was compromised and I didn't understand how it was exploited, I would want to find out how it was done so I could patch the hole ASAP. If everyone else learns from it as well then all the more power to them. Security cannot be effectively developed by obscuring knowledge. And no, IANAL.
``But when the 6.02e23rd victim of the LOVEBUG emails them... they just don't care anymore.''
I agree that a common security hole won't cause a huge stir in the security world, however it is important to at least know how your machine was compromised. . . especially if you're not a security expert yourself. While they may not ``care'' per se, someone would be at least kind enough to point you in the right direction in terms of a solution.
Then again, it could be a new exploit that does need attention. You never know until the situation has been assessed by someone who knows what they're looking at.
Your best bet would be to head over to SecurityFocus and get on their ``Incidents'' mailing list. Give a thorough explanation of everything you know along with any recoverable (and relevant) logs. There's hundreds, if not thousands of security professionals on that list who would gladly help you out.
FreeVeracity sounds cool. FreeVeracity should be put on all my linux boxes. FreeVeracity might someday rival TripWire. FreeVeracity story submitters should learn to use pronouns. ;-)
I think OSDN bought out Andover thereby inheriting all the sites under its reign.   (a.k.a. Slashdot, Freshmeat and a whole schlew of others.) Interestingly enough, OSDN is actually using a modified version of Slash. :-)
Actually makes a lot of sense when you think about it. Ever see those toys in the science shops that have the floating magnets on a stick, or try to push two magnets together?
;-)
Just imagine making roads out of magnetic material . . . we might be closer to those ``Back to the Future'' cars than we think.
Microsoft can't even get their software right and people are supposed to trust their physical components of their home appliances with them? I just can't wait to see how my toaster handles a BSOD. %-)
I'm not even going to comment on the security implications of this and the whole ``home on the web'' thing.
They should have changed their name to SCONIX. :-)
:-9
Mmmmm... scones...
Is it just me or does anyone else have a really hard time reading that article? I mean, using arial font at such a small text size makes web sites such as these virtually unreadable. (At least to a non-MS web user) Don't these webmasters believe in viewability across browsers? Sorry to complain but I hate having to change my character set from Western ISO 8859-1 to Western ISO 8859-15 and back every time I go to read one of these pages.
:-) Just hope they do it right this time.
Ok... and for the moderators... I'm seriously looking forward to this movie. I've been a Batman fan as far back as I could open a comic book and look at the pictures.
If you work in the graphics/animation industry that space goes real fast. Look at Pixtar for example. "Toy Story" had to be saved somewhere during it's development. :-)
``Even if you are an aging boomer who was writing for mainframes back in the 60's, most of "computer history" happened long before you were born.''
:-) Unfortunately heroes such as Ms. Lovelace and Mr. Babbage only manage to get a paragraph or two in most computer books. Even more unfortunately, there's not much else to say besides what's already briefly stated.
True.
A book would be a more than welcome addition to the industry, however I find it hard to see where a person would be able to make a living off of teaching the subject . . . at least at this point in time.
RedHat doesn't install anything by default. You are given the option of choosing exactly what you want and don't want when you install.
To be honest I don't think the computer has been around long enough to warrant such a field. For most of us "computer history" is just a recent memory. Perhaps in 20 or 30 years computer history will outgrow the bounds of the first chapter in your favorite Computer Science textbook and have its own area of study.
As much as I hate Microsoft, I would have to say that this problem is more of the admins' fault than anything. Personally I'd rather spend a few minutes ReadingTFM than days trying to recover a lost system.
"does anyone other than me find it a little wrong that the default password was actually published instead of a description of the vulnerability without the password?" As a subscriber of the SecurityFocus lists I have noticed that the media often doesn't even get a drift of a problem such as this until it has been thouroughly discussed, solved and broadcast to the thousands of other list subscribers. Like it or not few of these subscribers are our ever beloved crackers. Simply put, the media is just publishing already common (in the security world anyway) knowledge.
According to http://members.ping.at/theofilu/netsc ape.html, Netscape gets its problems from memory management functions (big surprise there) in the the libc.so.x.x.x library. I'm trying the fix recommended on that page, sounds like it might help clear up the other Java problems.
Strange... I've had nothing but problems with Java on Linux, no matter what version I try to run it always has a tendancy to hang up. The only success I've had is running Java in Linux apps on top of Solaris. Check out lxrun for more details. :-)
Btw I run RedHat 6.2. Does anyone have any idea why it has such a hard time with Java apps in general? (Besides Netscape)
Interesting.   One question though... what the fsck happened to the TiK site? It was working when I posted the link, now I'm getting all pop-ups?
Whoops... that's RBL .... time to start using that "preview" button. ;-)
I agree with you fully. The RBHL, being a fully voluntary service, is essentially no different than each individual user keeping their own black list. It just provides a convienient means of doing so. If these ISPs do not like being blocked, then they should seriously consider auditing their anti-spam utilities and catch up with the thousands who do not have such severe problems.
Give TiK a try. It works on all Linux/*NIX/BSD machines running tk/tcl.
;-)
'nuff said.
Makes sense. Just didn't know if the were all following a planned-out script. Television companies tend to do that kind of thing to boost ratings.
I think the main point of the story is that certain (unnamed) religious institutions feel that it is their duty to cram their ideals down the throats of everyone else in order to "save" them. It's just nice to know that the people of Kansas are speaking out and showing that they have the capability of thinking for themselves. Sorry if this sounds offensive, but everyone has their own set of beliefs and morals. To say that yours and only yours is correct is just plain ignorant.