Amen. I'd rather spend my money seeing Lavay Smith at the Cafe Du Nord than giving my hard-earned cash to the Machine by picking up the latest MTV fad band at Tower Records.
Black and White can easily be played with no violence. It also offers you to interact with a "creature" and "villagers". It's a great game in my opinion and kids will love it.
I figure if IBM is trying to keep alive a distribution that includes a Lotus app, why not support a more stable company that can do the same thing? It's not like Red Hat or Caldera can't include the same IBM or Lotus app in their distribution. In fact, I've personally seen IBM's enterprise software running on Red Hat and Caldera. One less software distribution won't make a difference.
Wouldn't that be a hoot? If there is a grid and other people use your processing power however distributed, sure, charge as much as possible for it. Maybe I can charge per use of GCC or have a sliding scale for apps and scripts that take less processing power. Of course we in California could get a grid/barter by exchanging processing power for the oh-so-expensive electricity.
People always stress the technical aspects of security, but this Verizon story is a good example of what happens when you don't have a well-designed security policy. I can't stress how important policy is to the field of security in general, computer or otherwise. Experienced security professionals need to consider everything, and think about loopholes like the ones Verizon obviously missed.
Some of the talks at this year's Defcon 9 were worthwhile, including Thomas Munn's talk on AIR IDS, his method of designing an intrusion detection system. Use a bit of creativity and cover all your bases, and you should have a great IDS that will really work.
If you just want easy to use, then get something like LIDS (Linux IDS), and Tripwire. The free version of tripwire still helps a little, but the best way is to make your own IDS. I'd advise contacting Thomas Munn to see if he has a product that's available to the public.
I have friends at Linuxcare and it's gotta be a rough time over there. I never met a group of people I'd rather work with. They really know their stuff are wonderful people and are great representatives of the Linux community. It's a real tragedy. Best of luck to Linuxcare in the future and to those employees who are no longer with the company.
There are plenty of Linux-compatible hardware
to choose from. If you are going to be
overclocking, I highly recommend Abit's KT7 and
KT7A line of motherboards. They offer jumper-
free multiplier and voltage adjustments and the
board plays nice with Linux. Get any old
soundcard that works and the best AGP card you
can afford. A good list of Linux-compatible
hardware can be found at the Linux Hardware
Database:
NVIDIA and Matrox have good Linux drivers.
AMD Athlons and Durons are pretty affordabe.
Agilent Articooler, Lian Li case.
Go crazy and I'm sure you'll have an awesome
gaming rig. Hope this helps.
I'm interested in this PDA but I haven't seen any ratings on the Linux Hardware Database yet.
If anyone has this device and wants to submit comments, go to:
http://lhd.zdnet.com/db/dispproduct.php3?DISP?2719
Thanks. I need all the input I can get
...people will check with others before posting stories like this. It would be nice for slashdot and story posters to cut down on the inaccurate information being rolled on like wallpaper to the site. at least 12 of my friends in the area use GAIM and have had no problems whatsoever.
LOL. Too funny. It's all too true that everything becomes virtualized in the free software development arena. Testosterone and penis-size contests translate perfectly into the world of Free Software.
In my experience, I've received e-mails from people where their list of OSS achievements is 8 times longer than the body of their e-mail message. Yo, let's pull em out at the next BALUG meeting and measure! LOL, anyways, good post!
It is not the responsibility of the Linux distribution or the OSS developers to make their software secure.
High security computing is a process, not an out-of-box solution you can buy or download from a website or FTP server.
GPL software is designed to be fixed and improved, and while Dr. Spafford may have a point with "infosec standards", I can give you an example where the GPL actually improved the security of the Linux kernel.
The following is available at www.rootshell.com:
[ http://www.rootshell.com/ ]
Date: Tue, 1 Jun 1999 17:43:17 +0200 From: Piotr Wilkin Subject: Linux kernel 2.2.x vulnerability/exploit
I'm sorry if this has been noticed before, but since I did't find anything in the archives, I post it here. There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that causes them to panic when they are sent a large number of specific ICMP packages. I think the problem comes from the combination of the mangled header length (shorter or longer ihl's don't cause hangup) and the random ICMP packets (random type/subtype and source address) this program sends. Windows 9x and FreeBSD 3.0 seem to be unaffected.
When an ICMP denial-of-service attack threatened Linux kernels 2.2.9 and pre-2.2.9 (at that time, most distributions shipped with 2.2.9 or pre-2.2.9) debian used 2.0.36 or something, the exploit was not only posted, but immediately fixed by none other than kernel hacker extraordinaire Alan Cox.
Besides the internet security alerts, CERT, rootshell, etc, i don't believe that this even made the evening news in most major markets. Unlike Outlook Express exploits, Linux bugs get fixed, and they get fixed quickly.
So if you want a secure system "solution", get a system and unplug it from the internet and build a brick wall around it, hire some armed guards, and only use one-time pad passwords. I'm not joking, and some of this is even suggested by Dr. Spafford and Simson Garfinkel in their seminal book, "Practical UNIX and Internet Security", which I read and enjoyed about 2 years ago.
Anyways, I think Bruce Schneier's article about OSS and security that appeared in Linux Magazine a while back was more informative and stressed the strengths of OSS for system security.
Dungeon Dweller (in another post) made a nice list of important criteria for picking encryption algorithms. According to DD, the algorithm should be: 1) Useful. You want an encryption that is actually worth using. Not worth encrypting something if it can be cracked without any effort. 2) Suited to the application, as I stated above. 3) Available Internationally (nobody wants to be stuck with a product that gets you arrested on export). 4) Open spec (you want it to work with other products. ** This list is in order of importance Not only should the specs be open, but also the source code. It helps to know that NSA Skipjack is an 80-bit stream cipher, but it would be more productive for crypto experts to be able to critically examine the source code. With source code, we could see how hash functions operate, how many rounds of encryption occur, and so on. In my opionion, opening the source code to algorithms would provide a better way for us to evaluate their strengths and weaknesses.
I met Dave Whitinger several times when he was with Linux Today and I have to say that he is definitely a people person with good insight and a real connection with the Linux and OSS communities. I have to say that I never visited Linsight, but I probably should have. When I was talking to Dave at the 1999 Austin Open Source Forum about the kha0s Linux distribution, he seemed as excited about it as I was, and even posted a story up on Linux Today, which was immediately picked up by Slashdot. My opinion is that Dave knows what new developments make for interesting news and reading, and he will remain a valuable asset to the Linux community.
Furthermore, A Crusoe-based webpad would most likely strengthen the handheld computing market as a whole. Palm is already successful and will continue to be, regardless of the Nerd factor. In my opinion, a Crusoe-based webpad would surely attract Nerds and non-Nerds alike, from Soccer Moms to People-who-download-the-most-bleeding-edge-develop ment-Linux-kernel. I feel that the Palm/webpad overlap will be minimal, since most people still use the palm as a comfortable-to-hold general organizer and use the internet options as one feature of a fully-featured PDA. A webpad would probably me more focused on internet connectivity, a larger screen (not necessarily more comfortable-to-hold), and web browsing for information on the network. Palm is not in any trouble, but Microsoft's PocketPC? That's another story:)
Slashdot Mirror
Amen. I'd rather spend my money seeing Lavay Smith at the Cafe Du Nord than giving my hard-earned cash to the Machine by picking up the latest MTV fad band at Tower Records.
-- Justin
Linux Summer, by Justin Cheung
Black and White can easily be played with no violence. It also offers you to interact with a "creature" and "villagers". It's a great game in my opinion and kids will love it.
I figure if IBM is trying to keep alive a distribution that includes a Lotus app, why not support a more stable company that can do the same thing? It's not like Red Hat or Caldera can't include the same IBM or Lotus app in their distribution. In fact, I've personally seen IBM's enterprise software running on Red Hat and Caldera. One less software distribution won't make a difference.
Do we need to pass measures to get a local grid?
Whoops! :)
Justin Cheung
Linux Summer, by Justin Cheung
I'll post some more info about Linux security over at http://www.ocamd.com/articles
Some of the talks at this year's Defcon 9 were worthwhile, including Thomas Munn's talk on AIR IDS, his method of designing an intrusion detection system. Use a bit of creativity and cover all your bases, and you should have a great IDS that will really work.
If you just want easy to use, then get something like LIDS (Linux IDS), and Tripwire. The free version of tripwire still helps a little, but the best way is to make your own IDS. I'd advise contacting Thomas Munn to see if he has a product that's available to the public.
Best of luck to you :)
Justin Cheung
I have friends at Linuxcare and it's gotta be a rough time over there. I never met a group of people I'd rather work with. They really know their stuff are wonderful people and are great representatives of the Linux community. It's a real tragedy. Best of luck to Linuxcare in the future and to those employees who are no longer with the company.
There are plenty of Linux-compatible hardware to choose from. If you are going to be overclocking, I highly recommend Abit's KT7 and KT7A line of motherboards. They offer jumper- free multiplier and voltage adjustments and the board plays nice with Linux. Get any old soundcard that works and the best AGP card you can afford. A good list of Linux-compatible hardware can be found at the Linux Hardware Database:
http://www.linhardware.com
NVIDIA and Matrox have good Linux drivers. AMD Athlons and Durons are pretty affordabe. Agilent Articooler, Lian Li case. Go crazy and I'm sure you'll have an awesome gaming rig. Hope this helps.
I'm interested in this PDA but I haven't seen any ratings on the Linux Hardware Database yet. If anyone has this device and wants to submit comments, go to: http://lhd.zdnet.com/db/dispproduct.php3?DISP?2719
Thanks. I need all the input I can get
...people will check with others before posting stories like this. It would be nice for slashdot and story posters to cut down on the inaccurate information being rolled on like wallpaper to the site. at least 12 of my friends in the area use GAIM and have had no problems whatsoever.
LOL. Too funny. It's all too true that everything becomes virtualized in the free software development arena. Testosterone
and penis-size contests translate perfectly
into the world of Free Software.
In my experience, I've received e-mails from people where their list of OSS achievements is 8 times longer than the body of their e-mail message. Yo, let's pull em out at the next BALUG meeting and measure! LOL, anyways, good post!
I've said this before but I'll say it again:
It is not the responsibility of the Linux distribution or the OSS developers to make their software secure.
High security computing is a process, not an out-of-box solution you can buy or download from a website or FTP server.
GPL software is designed to be fixed and improved, and while Dr. Spafford may have a point with "infosec standards", I can give you an example where the GPL actually improved the security of the Linux kernel.
The following is available at www.rootshell.com:
[ http://www.rootshell.com/ ]
Date: Tue, 1 Jun 1999 17:43:17 +0200
From: Piotr Wilkin
Subject: Linux kernel 2.2.x vulnerability/exploit
I'm sorry if this has been noticed before, but since I did't find anything
in the archives, I post it here. There seems to be a bug in kernels 2.2.x
(tested on 2.2.7 and 2.2.9), that causes them to panic when they are sent a
large number of specific ICMP packages. I think the problem comes from the
combination of the mangled header length (shorter or longer ihl's don't
cause hangup) and the random ICMP packets (random type/subtype and source
address) this program sends. Windows 9x and FreeBSD 3.0 seem to be
unaffected.
When an ICMP denial-of-service attack threatened Linux kernels 2.2.9 and pre-2.2.9 (at that time, most distributions shipped with 2.2.9 or pre-2.2.9)
debian used 2.0.36 or something, the exploit was not only posted, but immediately fixed by none other than kernel hacker extraordinaire Alan Cox.
Besides the internet security alerts, CERT, rootshell, etc, i don't believe that this even made the evening news in most major markets. Unlike Outlook Express exploits, Linux bugs get fixed, and they get fixed quickly.
So if you want a secure system "solution", get a system and unplug it from the internet and build a brick wall around it, hire some armed guards, and only use one-time pad passwords. I'm not joking, and some of this is even suggested by Dr. Spafford and Simson Garfinkel in their seminal book, "Practical UNIX and Internet Security", which I read and enjoyed about 2 years ago.
Anyways, I think Bruce Schneier's article about OSS and security that appeared in Linux Magazine a while back was more informative and stressed the strengths of OSS for system security.
Dungeon Dweller (in another post) made a nice list of important criteria for picking encryption algorithms. According to DD, the algorithm should be: 1) Useful. You want an encryption that is actually worth using. Not worth encrypting something if it can be cracked without any effort. 2) Suited to the application, as I stated above. 3) Available Internationally (nobody wants to be stuck with a product that gets you arrested on export). 4) Open spec (you want it to work with other products. ** This list is in order of importance Not only should the specs be open, but also the source code. It helps to know that NSA Skipjack is an 80-bit stream cipher, but it would be more productive for crypto experts to be able to critically examine the source code. With source code, we could see how hash functions operate, how many rounds of encryption occur, and so on. In my opionion, opening the source code to algorithms would provide a better way for us to evaluate their strengths and weaknesses.
I met Dave Whitinger several times when he was with Linux Today and I have to say that he is definitely a people person with good insight and a real connection with the Linux and OSS communities. I have to say that I never visited Linsight, but I probably should have. When I was talking to Dave at the 1999 Austin Open Source Forum about the kha0s Linux distribution, he seemed as excited about it as I was, and even posted a story up on Linux Today, which was immediately picked up by Slashdot. My opinion is that Dave knows what new developments make for interesting news and reading, and he will remain a valuable asset to the Linux community.
Furthermore, A Crusoe-based webpad would most likely strengthen the handheld computing market as a whole. Palm is already successful and will continue to be, regardless of the Nerd factor. In my opinion, a Crusoe-based webpad would surely attract Nerds and non-Nerds alike, from Soccer Moms to People-who-download-the-most-bleeding-edge-develop ment-Linux-kernel. I feel that the Palm/webpad overlap will be minimal, since most people still use the palm as a comfortable-to-hold general organizer and use the internet options as one feature of a fully-featured PDA. A webpad would probably me more focused on internet connectivity, a larger screen (not necessarily more comfortable-to-hold), and web browsing for information on the network. Palm is not in any trouble, but Microsoft's PocketPC? That's another story :)
Peace out,
O