Okay I admit it I am extremeley lame and I live in a an isolated box somewhere in the middle of nowhere.
Would someone please help me out and explain this kettle telling the pot that it's black comment for me? I've heard it a few times here on/. and I just don't get it.
I would appreciate it.
Thanks,
-- Garett
P.S sorry for being OT but this has been bothering me...
$ host www.slashdot.org www.slashdot.com is an alias for slashdot.com. slashdot.com has address 64.28.67.150
$ host www.slashdot.org www.slashdot.org is an alias for slashdot.org. slashdot.org has address 64.28.67.150
64.28.67.150 - there's what you want to block.
If you also consider fm, thinkgeek, themes.org etc. to be "time wasting" then block the entire C class which OSDN uses for all those sites.
Considering the size of OSDN and the number of sites that share the same class, I'm willing to bet that they own the whole class (only 256 IPs) so blocking the whole class will only block OSDN - not a big deal;)
I personally don't really give a shit if little Johnny down the street is using ogg or not.
What matter to me is wether I'm using ogg or not and at the moment the answer is yes. All of the cds that I rip are ripped into ogg.
And when I download music I don't care the slightest bit wether it's in mp3 or ogg because if I really like it I'll go buy the album and then I'll rip it into ogg. If I don't like it enough to buy the album then I don't like it enough to want it in a better format either so it doesn't matter.
The only thing I would like to see regarding ogg is portable ogg players (that also support mp3 of course) and other devices like dvd players etc. But with Real and AOL blessing ogg maybe that's not a pipe dream afterall?
Just because I prefer a certain format doesn't mean other people need to prefer the same.
Write perl scripts to rewrite outgoing mails (s/the/teh/g) and on incoming mails as well (s/Regards,/I find you strangely attractive,/g)
Hah that's priceless! I'm thinking of doing just this to a co-worker for kicks. I figure it will be much safer to do this to e-mails comming to the user (so he doesn't get in trouble) rather than the converse.
So here's a script for all you lazy admins;)
It's up to you to configure your sendmail.cf though.
#!/usr/bin/perl
use strict;
my %words = ( "^((Regards|Sincerely|Thanks|Peace|Cya),)" =>
"I find you strangely attractive,",
"\\s+the\\s+" => " teh ",
"\\s+and\\s+" => " adn " );
# Expression to match victim's e-mail address
my $victim = "(user|fname.lname)\@domain.tld";
my @lines = <STDIN>;
# Make sure the e-mail is going to the user. # If it is not just output the e-mail un-changed.
developers are nowadays too full of false pride as well, thinkin: I am the lead coder, analyzing bugs is the job of trainees. In my opinion the situation should be (atleast in some cases) completely opposite
I don't know who your company is hiring but where I work things are as they should be. It's the college kids who are hired for the experience are the one's with cocky attitudes while the advanced developers are trying to push management to get better processes in place rather than just "Fly to the moon by next thursday."
... Then wednsday comes and it's "No wait, fly to Mars instead. But still do it by tommorow".
At the moment our company isn't as structured as it should be. We don't have a QA team or a testing team. It's just management pushing the developers to get thigns done. But the developers are pushing back to say "hey, we need a process here. It's not just writing code. We need to design it first. And that takes time. We also need to implement code review and pick someone who's got the experience to decide what goes in CVS."
So my point is that in my experience it's the inexperienced developers who want to just jump in and write code thinking "it's not my job to fix bugs". I think this has a lot to do with wanting to get that advanced status. But as they grow they realize that they're going about it wrong and smarten up with regards to processes.
Man, I have a good job and before I moved out of my mother's I always had my box up to date. But the last couple years I haven't been able to do much with my machine because I have kids.
Not that I'm complaining. I'm just trying to state that not everyone has a disposable income that they can throw at luxury items like the latest from Nvidia and AMD.
-- Garett
Re:Luke, use the source...
on
Is RPM Doomed?
·
· Score: 3
Hard choice, no matter what you do.
Well, yeah considering that there's no possible way that I could audit every single peice of code that runs on my system.
There's this myth that code is more secure than binaries. In theory this may be true but in practice we have seen tons of source distributions for packages have trojans (apache, an irc client recently had one reported on bug track, ken thompson's c compiler etc.).
I have no choice but to trust the vendor of my distro because I am simply not super man. I have audited some code (such as portmap) when I've been particularly uneasy running that particular daemon on my servers but I just can't do this for all my packages.
So I don't see how running binaries is any less secure than source packages. It's not just about convenience it's about practicality. With rpms I can have all my servers patches in minutes. Whereas with source I'm looking at a couple hours.
-- Garett
Re:Luke, use the source...
on
Is RPM Doomed?
·
· Score: 3, Insightful
I'm an administrator too but I try my hardest *never* to install from source. This is because of security and ease of maintenance.
The main concern is that if I install OpenSSH from source on all 50 of my servers when it comes time to patch it I've got myself a little inconvencience. I would most likely compile it on one machine, tar up the source directory (complete with new binaries) and do a 'make install' on all 50 machines so I don't have to recompile for each box. But this is still going to take me a lot of time.
So therefore we've set some policies in place to make keeping systems up to date and secure easy:
For starters, we've standardized on Mandrake for Linux. This helps a lot because if we have a single rpm to install it will install on all of our servers.
We also mirror the updates locally so that we don't have to worry about slow downloads and we make heavy use of urpmi to automatically grab all the updates, check dependancies, gpg signatures and install them for us.
We don't install from source unless we absolutely have to. Actually, we try not to install any software that doesn't come with Mandrake but obviously this isn't always possible. In those cases we follow the convention where everything goes in/opt/pkg_name so we can easily get rid of them if we have to.
I really like RPM for this reason. However, as you stated as long as the systems the RPM was compiled for is roughly the same it will work well. Which is why we standardized on one distro.
You're right but that's not what I meant. I guess it's a poor choice in wording on my end.
What I meant to say was that Mac's weren't designed to run services like http, smtp, dns etc.
They were made for home users and that's it. Any networking capability that they had was solely to either make home users lives easier or for some cash (like selling to schools where networking is important).
I still wouldn't rely on this for really critical security implementations.
The main problem is that most vendors stop supporting old products. This creates a huge security threat. Just because no one knows about security holes don't mean they exist.
Sure you've eliminated probably 99% of all script kiddie threats and if that's the only threat you can identify then by all means this is a cute idea. However, as security administrator at my company I do my best to secure against any and all threats which means I must presume that old versions of Solaris (for example) have gaping security holes that were never fixed and therefore running the leatest and greatest with all applied security patches and a rock hard configuration is my best bet when it comes to security.
Roblimo's friend does have a point, though regarding Macs. Old Mac's are really the most secure systems out there. Simply because they can't really do much. They weren't designed to be networked and so there aren't any services to exploit;^)
You make a lot of good points and they're all points that have been made before.
The way I see it is that it all comes down to the age old argument "guns don't kill people, people kill people".
You can say all you want about Napster's intent but the fact is that intent usually doesn't come into play in U.S law. There was a case a year or so ago about a guy who wrote a parody or a satire about the Church of Scientology. Well they took the guy to court and won because despite the guy's intent and the context in which his parody was used, what he said was considered a threat and was therefore illegal.
The same thing can be applied to Napster but in this case I don't think Napster was doing anything illegal.
They provided a way in which people could share mp3 files. Sure they're intent may have been for you to grab the latest Staind songs and burn them to CD but using the case I described above intent has nothing to do with the law and I have yet to read a law where it says that royalties must be payed on all mp3 files regardless of who owns the copyright!
The fact is that it's entirely up to the users as to wether the mp3 files that they download are copyrighted by someone who demands royalties on them. I know that Napster got burned because they lmiited their system to audio files only but I'm baffled at how the courts can look at that as illegal because as I just stated there is no law which states that all audio files are property of the RIAA so you're really alienating the users who use the system legitimately regardless of how small that user base may be.
When intent is taken into consideration in the judicial system then you can burn Napster for intending to violate copyright but for now it was just a tool.
And just for the record I don't miss Napster. I used it for a bit but I don't care now that's it's gone. I'm not defending them because I want to see them thrive I'm defending them because I don't see why what they did is illegal (but I'm not a laywer so what do I know?). If they were still around and just as popular as they were 2 years ago I would not use it.
To shamelessly quote Dennis Miller: "Of course this is just my opinion I could be wrong".
Slashdot Mirror
No you're forgetting that Microsoft is a big and wealthy company so they are exempt from the law. Yes, even copyright law.
gdb on the other hand.... well I'll sure miss it.
--
Garett
Thanks everyone.
:)
Makes perfect now sense now
--
Garett
Okay I admit it I am extremeley lame and I live in a an isolated box somewhere in the middle of nowhere.
/. and I just don't get it.
Would someone please help me out and explain this kettle telling the pot that it's black comment for me? I've heard it a few times here on
I would appreciate it.
Thanks,
--
Garett
P.S sorry for being OT but this has been bothering me...
When you're within 20 ft, the obvious solution is TO PUT A &%$#@*! KNOB ON THE THING, not to put bluetooth, a webserver, and VNC on it.
That's what they said about the television too.
Gotta love humans!
--
Garett
And no, I'm not talking about grass.
Yup. As well as convincing the govt., a lot of good ol' Mary Jane would be able to convince me of pretty much anything too
--
Garett
$ host www.slashdot.org
;)
www.slashdot.com is an alias for slashdot.com.
slashdot.com has address 64.28.67.150
$ host www.slashdot.org
www.slashdot.org is an alias for slashdot.org.
slashdot.org has address 64.28.67.150
64.28.67.150 - there's what you want to block.
If you also consider fm, thinkgeek, themes.org etc. to be "time wasting" then block the entire C class which OSDN uses for all those sites.
Considering the size of OSDN and the number of sites that share the same class, I'm willing to bet that they own the whole class (only 256 IPs) so blocking the whole class will only block OSDN - not a big deal
--
Garett
I personally don't really give a shit if little Johnny down the street is using ogg or not.
What matter to me is wether I'm using ogg or not and at the moment the answer is yes. All of the cds that I rip are ripped into ogg.
And when I download music I don't care the slightest bit wether it's in mp3 or ogg because if I really like it I'll go buy the album and then I'll rip it into ogg. If I don't like it enough to buy the album then I don't like it enough to want it in a better format either so it doesn't matter.
The only thing I would like to see regarding ogg is portable ogg players (that also support mp3 of course) and other devices like dvd players etc. But with Real and AOL blessing ogg maybe that's not a pipe dream afterall?
Just because I prefer a certain format doesn't mean other people need to prefer the same.
--
Garett
Write perl scripts to rewrite outgoing mails (s/the/teh/g) and on incoming mails as well (s/Regards,/I find you strangely attractive,/g)
;)
/(To|CC):/) { /$victim/i)) {
/$expr/$words{$expr}/ig;
Hah that's priceless! I'm thinking of doing just this to a co-worker for kicks. I figure it will be much safer to do this to e-mails comming to the user (so he doesn't get in trouble) rather than the converse.
So here's a script for all you lazy admins
It's up to you to configure your sendmail.cf though.
#!/usr/bin/perl
use strict;
my %words = (
"^((Regards|Sincerely|Thanks|Peace|Cya),)" =>
"I find you strangely attractive,",
"\\s+the\\s+" => " teh ",
"\\s+and\\s+" => " adn "
);
# Expression to match victim's e-mail address
my $victim = "(user|fname.lname)\@domain.tld";
my @lines = <STDIN>;
# Make sure the e-mail is going to the user.
# If it is not just output the e-mail un-changed.
foreach my $l (@lines) {
if($l =~
if(!($l =~
foreach my $lin (@lines) {
print $lin;
}
exit 0;
}
}
}
# Now re-write the e-mail
foreach my $line (@lines) {
foreach my $expr (keys %words) {
$line =~
}
print $line;
}
--
Garett
Not December 21! Any day but Dec 21! Oh please not Dec 21!!!!!
That's my mother in law's birthday!!!!!
--
Garett
int main()
{
int i;
for (;;)
{
printf("Walmart sucks\n");
}
}
To be extremely anal and OT:
What's the "i" for???? Also your main() returns an int but you don't have a return....
I would implement that like:
#include <stdio.h>
int main(void)
{
while(1)
fputs("Walmart sucks\n", stdout);
return 0;
}
I have _way_ too much time on my hands....
--
Garett
Another gripe that I have is referring to "interactive games". All games are interactive - please give me an example of one that isn't...
Solitaire (with a real deck of cards)...
--
Garett
Don't use SSH. Switch to telnet instead....
ChallengeResponse... oh please! Telnet's never had these problems.
(note for the humour impared: this is a *joke*).
--
Garett
developers are nowadays too full of false pride as well, thinkin: I am the lead coder, analyzing bugs is the job of trainees. In my opinion the situation should be (atleast in some cases) completely opposite
I don't know who your company is hiring but where I work things are as they should be. It's the college kids who are hired for the experience are the one's with cocky attitudes while the advanced developers are trying to push management to get better processes in place rather than just "Fly to the moon by next thursday."
... Then wednsday comes and it's "No wait, fly to Mars instead. But still do it by tommorow".
At the moment our company isn't as structured as it should be. We don't have a QA team or a testing team. It's just management pushing the developers to get thigns done. But the developers are pushing back to say "hey, we need a process here. It's not just writing code. We need to design it first. And that takes time. We also need to implement code review and pick someone who's got the experience to decide what goes in CVS."
So my point is that in my experience it's the inexperienced developers who want to just jump in and write code thinking "it's not my job to fix bugs". I think this has a lot to do with wanting to get that advanced status. But as they grow they realize that they're going about it wrong and smarten up with regards to processes.
--
Garett
One word: family.
Man, I have a good job and before I moved out of my mother's I always had my box up to date. But the last couple years I haven't been able to do much with my machine because I have kids.
Not that I'm complaining. I'm just trying to state that not everyone has a disposable income that they can throw at luxury items like the latest from Nvidia and AMD.
--
Garett
Hard choice, no matter what you do.
Well, yeah considering that there's no possible way that I could audit every single peice of code that runs on my system.
There's this myth that code is more secure than binaries. In theory this may be true but in practice we have seen tons of source distributions for packages have trojans (apache, an irc client recently had one reported on bug track, ken thompson's c compiler etc.).
I have no choice but to trust the vendor of my distro because I am simply not super man. I have audited some code (such as portmap) when I've been particularly uneasy running that particular daemon on my servers but I just can't do this for all my packages.
So I don't see how running binaries is any less secure than source packages. It's not just about convenience it's about practicality. With rpms I can have all my servers patches in minutes. Whereas with source I'm looking at a couple hours.
--
Garett
I'm an administrator too but I try my hardest *never* to install from source. This is because of security and ease of maintenance.
/opt/pkg_name so we can easily get rid of them if we have to.
The main concern is that if I install OpenSSH from source on all 50 of my servers when it comes time to patch it I've got myself a little inconvencience. I would most likely compile it on one machine, tar up the source directory (complete with new binaries) and do a 'make install' on all 50 machines so I don't have to recompile for each box. But this is still going to take me a lot of time.
So therefore we've set some policies in place to make keeping systems up to date and secure easy:
For starters, we've standardized on Mandrake for Linux. This helps a lot because if we have a single rpm to install it will install on all of our servers.
We also mirror the updates locally so that we don't have to worry about slow downloads and we make heavy use of urpmi to automatically grab all the updates, check dependancies, gpg signatures and install them for us.
We don't install from source unless we absolutely have to. Actually, we try not to install any software that doesn't come with Mandrake but obviously this isn't always possible. In those cases we follow the convention where everything goes in
I really like RPM for this reason. However, as you stated as long as the systems the RPM was compiled for is roughly the same it will work well. Which is why we standardized on one distro.
--
Garett
I do.
But I'm the security administrator. I have to....
--
Garett
He'll also need to watch out for zombies.....
--
Garett
It also applies to the converse.
Whenever I have a religious discussion with anyone I always start out by stating that I'm agnostic and that means:
a) I will not believe in a God until it's existance can be proven.
b) I will not NOT believe in a God until it's existance can be disproven.
--
Garett
You're right but that's not what I meant. I guess it's a poor choice in wording on my end.
What I meant to say was that Mac's weren't designed to run services like http, smtp, dns etc.
They were made for home users and that's it. Any networking capability that they had was solely to either make home users lives easier or for some cash (like selling to schools where networking is important).
--
Garett
Just because no one knows about security holes don't mean they exist.
err... doesn't mean they do not exist.
--
Garett
I still wouldn't rely on this for really critical security implementations.
;^)
The main problem is that most vendors stop supporting old products. This creates a huge security threat. Just because no one knows about security holes don't mean they exist.
Sure you've eliminated probably 99% of all script kiddie threats and if that's the only threat you can identify then by all means this is a cute idea. However, as security administrator at my company I do my best to secure against any and all threats which means I must presume that old versions of Solaris (for example) have gaping security holes that were never fixed and therefore running the leatest and greatest with all applied security patches and a rock hard configuration is my best bet when it comes to security.
Roblimo's friend does have a point, though regarding Macs. Old Mac's are really the most secure systems out there. Simply because they can't really do much. They weren't designed to be networked and so there aren't any services to exploit
--
Garett
OT and I have way too much time on my hand ;^)
5) ed
6) sed
7) tr
8) as & gas
9) toe
10) grops
11) read
12) esd
13) date
--
Garett
How do you wash your dishes or take a shower?
Things would get awfully expensive very fast.
--
Garett
You make a lot of good points and they're all points that have been made before.
The way I see it is that it all comes down to the age old argument "guns don't kill people, people kill people".
You can say all you want about Napster's intent but the fact is that intent usually doesn't come into play in U.S law. There was a case a year or so ago about a guy who wrote a parody or a satire about the Church of Scientology. Well they took the guy to court and won because despite the guy's intent and the context in which his parody was used, what he said was considered a threat and was therefore illegal.
The same thing can be applied to Napster but in this case I don't think Napster was doing anything illegal.
They provided a way in which people could share mp3 files. Sure they're intent may have been for you to grab the latest Staind songs and burn them to CD but using the case I described above intent has nothing to do with the law and I have yet to read a law where it says that royalties must be payed on all mp3 files regardless of who owns the copyright!
The fact is that it's entirely up to the users as to wether the mp3 files that they download are copyrighted by someone who demands royalties on them. I know that Napster got burned because they lmiited their system to audio files only but I'm baffled at how the courts can look at that as illegal because as I just stated there is no law which states that all audio files are property of the RIAA so you're really alienating the users who use the system legitimately regardless of how small that user base may be.
When intent is taken into consideration in the judicial system then you can burn Napster for intending to violate copyright but for now it was just a tool.
And just for the record I don't miss Napster. I used it for a bit but I don't care now that's it's gone. I'm not defending them because I want to see them thrive I'm defending them because I don't see why what they did is illegal (but I'm not a laywer so what do I know?). If they were still around and just as popular as they were 2 years ago I would not use it.
To shamelessly quote Dennis Miller: "Of course this is just my opinion I could be wrong".
--
Garett