Yep the range of ports thing is bad. FTP is the worst.
Isn't the data-port assignment reversed as well in FTP, so if it is enabled on the firewall it has to allow traffic to "any" port on the server hosts or something like that?
Not really a huge issue. The Citrix Winframe client would need to have a known vulnerability and be exploited for company to be exploitable by his actions. Then again, the case is the same for Netscape or IE clients running HTTP.
Actually, my friend, when I was running the kernel 2.2.x series instead of downloading the Changelog I would download the patch and quickly zless it to see whether any of the changes seemed to affect me much, I've got lazy recently and skim the Changelogs before even downloading patches.
The Patches are already a diff to the source tree, so that job is already done for you. I assume that you're running a vanilla kernel, of course.
I'm sure Alan knows that people will do this, he'd probably rather stay away from it and make the moral point to US law. Ironic since in an earlier post in another topic the US-posters were praising their First Amendment.
Exactly - my (Wireless) network is open, but it's users are protected from the Internet. All my terrestial hosts on the same network are tied down with ssh and passwords except for the services that can be accessed from the Internet anyway.
I actually like it - I'm not making any bandwidth limitations as yet, simply because I haven't noticed any problems.
The Internet access is DSL 512kbps down/256kbps up.
I wonder how many other people are giving this service? Is there anyway to advertise it? I'm relying on word-of-mouth, it's probably better that way:-)
If bandwidth or security become a problem I'll get a third interface on the firewall and throttle them down whilst locking them out of my wires network.
Yes quite, for those of you who just want to download Apache 2.0, compile it and have it running by the time you could have bought the package from Covalent, go here
I'd avoid Linux. I may well love the OS, and have been using it since the Linus boot/root disk days, but I'd advise something else for learning how to admin the box. Linux makes life too easy, with the consequence that you get used to the niceties and are then stuck when confronted with an OS that doesn't have them (and most of the paid Unix admin jobs will have such an OS).
I think you're right with the majority of mainstream Linux distributions, but I have two possible Linux exceptions to your argument:
I think this one speaks for itself, build your own system from scratch, it's a complete Linux course in itself that'll teach you a lot about UNIX as you go along.
You'll probably find that it is a component of NIS or NIS+, if you don't have this installed on your UNIX systems then the file will not appear, but if you install Linux systems with Full Install (newbie) then the file will almost certainly be there.
If you have to administer any great number of UNIX boxes of various flavours then you'll need to really install a NIS service to manage them.
Without being able to get more than 50 karma it's sometimes good to try to lose some of it, then we can get some of it back.
I've only known UNIX for ten of it's last ten years... I'm nearly thirty too, and we met each other at University. Haven't lost touch since, we're lifelong buddies.
Incredible - you think I am a troll...:-) I still love twm!! It has a place in my heart:-). Get into your ".twmrc" and the possibilities are endless.
Just one clarification - It wasn't the video card I was complaining about, but the cost of displays [read - screens]. If we set the video card to run at 1280x1024 all we got would have been fuzz... possibly followed by a "pop". you know what I mean!!
Looking at another reply I hear that even increasing the resolution didn't resolve the clunkyness... it seems that IBM made the clunkyness a part of the design.
Anyway all this is academic, IBM admitted defeat sometime ago...
Another annoying thing about OS/2 was installing... I don't know what it was, but I had to install countless OS/2 workstations, by hand, individually, using floppy disks - You can understand how that made me mad!!! This was before anyone had heard of Ghost... or perhaps they had heard of it, but still didn't trust it.
2 - Windows is better for games. Quite simply, if i want to run a Windows game at maximum performance, I'm going to run it under windows. Emulating windows or creating compatibility layers just doesn't perform the way real Windows does. This particular feature is probably the only reason that i HAVE to use windows.
I beat this argument by running a network. The X architecture is so good at this on a LAN that I can entertain my Linux fantasy while still beating everyone at Unreal Tournament.
Would you believe... so far the best use of Windows for me is as a X-Server... It's not the best X-Server (Sometimes Exceed, sometimes a free version), but it satisfies my need for both environments.
OS/2 had such a clunky GUI that made it useless, you cannot run OS/2 on a machine with 800x600 resolution, which unfortunately, at the time that OS/2 was released was the resolution that most monitors bought by corporate entities in my country could safely use under Health and Safety laws...
That's pretty open... you'd normally limit vty access to perhaps a single host on a network and you may want to apply anti-spoofing access lists to your interfaces.
Another tool to use is a TACACS+ server. Cisco produce both a Commercial Cisco server ($$$) and an open source TACACS+ server called tac_plus.
tac_plus allows you to implement AAA (Accounting, Authorisation & Authentication). Which basicly means this:
* Central User Access Authentication for all your Routers, Firewalls & Switches.
* Authorisation for each individual command entered (on a per user, per host basis)
* Accounting (read logging) of all configuration changes on networking equipment.
Tac_plus is open source and compiles on nearly all platforms. More information can be obtained here: at Cisco.com
router>enable
router#conf t
router(config)#int tunnel 0
router(conf-if)#tunnel source
router(conf-if)#tunnel destination
router(conf-if)#^Z
router#conf t
router#ip route 0.0.0.0 0.0.0.0 tunnel0
Or thereabouts... This creates half of a tunnel to a peer, which would normally be a router configured to tunnel back... but in this case we just configure the router to send all it's traffic to the victim...
I often get flamed for stating that Linux has no place on the office desktop. It's a point that I truely believe. I still think Gnome and KDE are at least three major version releases behind the rest of the competition in this area, as are most, and nearly all or their support applications, including Star Office, which compares to MSOffice like Concordski compared to Concord.
However, when it comes the embedded devices the Linux really shows so much promise. It's ability to run stablely in embedded devices and the ease to generate easy to use custom hardware interfaces is and area where Linux can take the leave and grab a market share across the planet.
Slashdot Mirror
Yep the range of ports thing is bad. FTP is the worst.
Isn't the data-port assignment reversed as well in FTP, so if it is enabled on the firewall it has to allow traffic to "any" port on the server hosts or something like that?
Now that is a security issue...
Not really a huge issue. The Citrix Winframe client would need to have a known vulnerability and be exploited for company to be exploitable by his actions. Then again, the case is the same for Netscape or IE clients running HTTP.
Yes - perhaps we should call it the "Bin Laden Effect"...
:(
It's even worse if Osama doesn't have to lift a finger and planes continue to fall out of the sky...
;(
Almost exactly 2 months after, they would probably not choose 11 Nov as it would be a Sunday.
/.'ed.
Not sure about the Target though, perhaps the passengers reacted.
This is going to cripple the airline industry further.
There still is a chance it could have been an accident.
My thoughts go with all.
All the news sites are pretty much
Actually, my friend, when I was running the kernel 2.2.x series instead of downloading the Changelog I would download the patch and quickly zless it to see whether any of the changes seemed to affect me much, I've got lazy recently and skim the Changelogs before even downloading patches.
The Patches are already a diff to the source tree, so that job is already done for you. I assume that you're running a vanilla kernel, of course.
This is only being restricted to the US. The rest of us all have this information.
If you really want to see it, click here:
kernel-2.2.20.log
kernel-2.2.20pre11.log
I'm sure Alan knows that people will do this, he'd probably rather stay away from it and make the moral point to US law. Ironic since in an earlier post in another topic the US-posters were praising their First Amendment.
Exactly - my (Wireless) network is open, but it's users are protected from the Internet. All my terrestial hosts on the same network are tied down with ssh and passwords except for the services that can be accessed from the Internet anyway.
:-)
I actually like it - I'm not making any bandwidth limitations as yet, simply because I haven't noticed any problems.
The Internet access is DSL 512kbps down/256kbps up.
I wonder how many other people are giving this service? Is there anyway to advertise it? I'm relying on word-of-mouth, it's probably better that way
If bandwidth or security become a problem I'll get a third interface on the firewall and throttle them down whilst locking them out of my wires network.
Yes quite, for those of you who just want to download Apache 2.0, compile it and have it running by the time you could have bought the package from Covalent, go here
I'd avoid Linux. I may well love the OS, and have been using it since the Linus boot/root disk days, but I'd advise something else for learning how to admin the box. Linux makes life too easy, with the consequence that you get used to the niceties and are then stuck when confronted with an OS that doesn't have them (and most of the paid Unix admin jobs will have such an OS).
I think you're right with the majority of mainstream Linux distributions, but I have two possible Linux exceptions to your argument:
Slackware
Slackware lacks many of the management tools that most of the distributions have so you have to go about it in the do it yourself way.
Linux From Scratch
I think this one speaks for itself, build your own system from scratch, it's a complete Linux course in itself that'll teach you a lot about UNIX as you go along.
You'll probably find that it is a component of NIS or NIS+, if you don't have this installed on your UNIX systems then the file will not appear, but if you install Linux systems with Full Install (newbie) then the file will almost certainly be there.
If you have to administer any great number of UNIX boxes of various flavours then you'll need to really install a NIS service to manage them.
I concur. nsswitch.conf is a pretty important file on your system with regards to security.
It defines where the system gets it's password, group and host information from and what the fallbacks are should one of those systems not respond.
Just go into the file and comment out the deactivate_page() calls.
That should fix it for you.
That patch was a very long winded way of saying "remove the lines".
I helps if you can read patches.
Actually WinXP is just another name for Windows version 5.1.2600
5.1.2600 just doesn't have the same ring to it as XP though... I think the 2600 is the build number...
I wonder what build number Linux would be if it incremented everytime Linux make a kernel change.
Without being able to get more than 50 karma it's sometimes good to try to lose some of it, then we can get some of it back.
I've only known UNIX for ten of it's last ten years... I'm nearly thirty too, and we met each other at University. Haven't lost touch since, we're lifelong buddies.
OK. So what is special about the Certificate Authority that makes them secure and prevents the Man in the Middle attack?
Am I right in thinking that this has no bearing on users actually using certificates as anyone can create certificates with Openssl on a i386.
So all they are doing is removing the convienience of the extra dialog box that the certificate was not from a trusted source.
I don't get the paying money for Certificates in the first place...
Incredible - you think I am a troll... :-) I still love twm!! It has a place in my heart :-). Get into your ".twmrc" and the possibilities are endless.
Just one clarification - It wasn't the video card I was complaining about, but the cost of displays [read - screens]. If we set the video card to run at 1280x1024 all we got would have been fuzz... possibly followed by a "pop". you know what I mean!!
Looking at another reply I hear that even increasing the resolution didn't resolve the clunkyness... it seems that IBM made the clunkyness a part of the design.
Anyway all this is academic, IBM admitted defeat sometime ago...
Another annoying thing about OS/2 was installing... I don't know what it was, but I had to install countless OS/2 workstations, by hand, individually, using floppy disks - You can understand how that made me mad!!! This was before anyone had heard of Ghost... or perhaps they had heard of it, but still didn't trust it.
2 - Windows is better for games. Quite simply, if i want to run a Windows game at maximum performance, I'm going to run it under windows. Emulating windows or creating compatibility layers just doesn't perform the way real Windows does. This particular feature is probably the only reason that i HAVE to use windows.
I beat this argument by running a network. The X architecture is so good at this on a LAN that I can entertain my Linux fantasy while still beating everyone at Unreal Tournament.
Would you believe... so far the best use of Windows for me is as a X-Server... It's not the best X-Server (Sometimes Exceed, sometimes a free version), but it satisfies my need for both environments.
OS/2 had such a clunky GUI that made it useless, you cannot run OS/2 on a machine with 800x600 resolution, which unfortunately, at the time that OS/2 was released was the resolution that most monitors bought by corporate entities in my country could safely use under Health and Safety laws...
That's part of the reason I still like twm...
That's pretty open... you'd normally limit vty access to perhaps a single host on a network and you may want to apply anti-spoofing access lists to your interfaces.
Another tool to use is a TACACS+ server. Cisco produce both a Commercial Cisco server ($$$) and an open source TACACS+ server called tac_plus.
tac_plus allows you to implement AAA (Accounting, Authorisation & Authentication). Which basicly means this:
* Central User Access Authentication for all your Routers, Firewalls & Switches.
* Authorisation for each individual command entered (on a per user, per host basis)
* Accounting (read logging) of all configuration changes on networking equipment.
Tac_plus is open source and compiles on nearly all platforms. More information can be obtained here: at Cisco.com
would be particularly easy.
router>enable
router#conf t
router(config)#int tunnel 0
router(conf-if)#tunnel source
router(conf-if)#tunnel destination
router(conf-if)#^Z
router#conf t
router#ip route 0.0.0.0 0.0.0.0 tunnel0
Or thereabouts... This creates half of a tunnel to a peer, which would normally be a router configured to tunnel back... but in this case we just configure the router to send all it's traffic to the victim...
no actually it should be "goto 2".
But otherwise the algorithm is correct.
second that...
yet another example why USA foreign policy may still kill us all...
Ah... I guess Broadband would be dead then...
I often get flamed for stating that Linux has no place on the office desktop. It's a point that I truely believe. I still think Gnome and KDE are at least three major version releases behind the rest of the competition in this area, as are most, and nearly all or their support applications, including Star Office, which compares to MSOffice like Concordski compared to Concord.
However, when it comes the embedded devices the Linux really shows so much promise. It's ability to run stablely in embedded devices and the ease to generate easy to use custom hardware interfaces is and area where Linux can take the leave and grab a market share across the planet.
Linux on the Server, yes
Linux Embedded, YES!!
alas still, not on the Desktop.
I have to say St. Georges A&E in Tooting can get pretty scary on a saturday night.