Normally I wouldn't respond to ACs since they're mostly jackasses.
But a person who promotes security by obscurity, essentially saying that Apple should not detail security vulnerabilities, deserves to be called what he is, a jackass, jackass.
Wow. I offer my views about an alternative DNS server, and you get all emotional on me. What a nutcase.
Can you please point me to the link on cr.yp.to describing this methodology you tinydns zealots use (you know, the emotional nutcase strategy) against anyone who questions tinydns? Thanks.
challenge you to name s proper granular logging, comprehensive acls, a proper fucking configuration file so that I can make and deploy across a platform disk based permanent changes without losing uptime or a built cache.. multithreading.. DNSSEC, transaction signatures, operator access control with cryptographic keys, extensible IXFR, and FINALLY, extensible RR's. Shortly DNS will be used for more than just zone data, why don't you get drop the attitude, get on the home team, and come in for the big win, son?
When ORSC or the regulars use tinydns, IM me. Oh, never mind, I'll be dead from old age.
I like how you tell me to contribute to ISC's BIND. Why would I do that? I..
Well, for one, it would get you off of Slashdot running the tinydns propaganda machine. And second, it might give you a freakin' clue as to the work that actually goes into developing a reference implementation of the RFCs..
I encourage you to read DJB's rants against BIND and DNS in general. Thanks for the tip. I encourage you to kiss my white ass.
Why don't you do that instead of blindly supporting BIND 9?
I generally respect djb's work, especially the suing MS event, which I've been seeing now for many years.. actually I am not entitled to have an opinion on the person himself, and I'll abstain, since it might be colored by the ravings, flamings, and other output he's well known for but I have no reason to mention further.
More professionals don't use it simply because they're not aware it exists.
Now that is a wild claim, supposedly in defense of tinydns. I'd bet that 99% of serious BIND admins would name djb and tinydns when asked about a BIND alternative. They're connected to the Internet, remember??
Finally, BIND 9 is relatively new, Finally, BIND 9 HAS BEEN OUT FOR SEVERAL YEARS.
Quit clinging to poor software just because that's the UNIX party line. You know how I cling.. sorry.
had a DoS problem that was marked SERIOUS, liar.
It was wholly dependent upon openssl. 9.2.1 is two years ago. To say that it "continues" to have security problems is inaccurate, misleading to people who don't know better, and marks you as a raving jackass.
Who's to say it doesn't have more that have yet to be discovered
This asinine statement is not only useless since it can be applied to any software from any maker, but reveals what painfully little you really do know.
Please do not be in touch further unless you are coming over to install BIND 9.3.0 beta 2.
Not a BIND issue. OpenSSL. When OpenSSL has an issue, you'll be recompiling everything you built against it, I hope. Responsible vendors will notify users that their software will become vulnerable if compiled with _______________ as a result of the new vulns...
If you had a critical software problem, and you told the vendor you "won't buy another piece of software from them" you know what you still have?
Your same broken ass software, and a worse relationship with your vendor.
Read your EULAs, ask your lawyer about them, and then go do a little research on the reliability and fix times for problems in BIND, Postfix, Apache, OpenSSL/SSH, etc etc etc.
You'll find that you're better off in many cases with OSS, with many less dollars lost.
There hasn't been any significant security issue with BIND 9. Period. Your link points to BIND 8 stuff, which you shouldn't be using, specifically for those reasons, and I hope ISC stops supporting it soon, it's due for a quick death.
I use tinydns
Who gives a rat's ass what you use? Like an AC said earlier, and I paraphrase, "too bad tinydns is so lacking in features", when he was trying to be nice.
ISC's BIND is the reference implementation, in the free world anyway. Why don't you shut up and contribute code to it, instead of criticizing?
But everything from security to configuration is poorly done in BIND Really. Such as.. ??
There are a couple of problems with BIND (out of the scope of this rant) which will eventually get worked out. One of them is with zone transfers. But it only happens to losers who don't understand how to design and deploy a componentized architecture suiting the application at hand.
Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.
He's got a great track record
(re djb), Yes, but not necessarily in the DNS world. I don't understand. If it's so great, why haven't more professionals adopted it?
Quality's not so hot, and subject to buffering problems based on your network connection. Also, the content isn't necessarily separated by track, nor easily identified later...
I've saved some really nice ambient streams but have no frikkin' idea what's on 'em..
The port knocking idea is pretty old.. at least for months now all kinds of people are knocking my 135 1433 3127 and a bunch of others to DEATH, like hundreds a day, trying to get in..
Oops, that's Microsoft port knocking.. never mind, sorry, I guess it is new to Unix..
you have an interesting slant on ethics. By that mindset, a burglar is perfectly entitled to break into your apartment because your door could be kicked in.
No, I didn't say that anywhere. Please, re-read what I wrote.
The salient question raised by the article, which points to a trend in break-ins within a certain profile of Linux/Solaris installations, is "why are these break-ins happening?"
My answer is that the system administrators are at fault, for not patching the systems, or having a rotational plan to do so, in conjunction with better basic security practices. And this applies to any OS, not just Linux or Solaris. This article happened to be about Linux and Solaris.
You erred by assuming I was making some ethical statement, and then presented some irrelevant conjectures as if i had said them.
bad analogy. The goalie was the last line of defense with not many tools at his disposal to block the ball.
The fixes for the exploits discussed have been out for a while, any system administrator, with only normal tools and knowledge, would have done something about patching systems.
The excuse, "patching is easy in theory, hard in practice", is a LAME excuse.
How does that differ from the worms which get released for Microsoft almost a year after the patch was released? I hear people railing Microsoft all the time for not 'getting it right the first time' when THAT happens...
Wrong. People rail because Microsoft rarely gets it right the first time, and are damned slow and arrogant about fixing security holes. Oh, sorry. They did speed up their response time on security issues after realizing that the public was noticing and they were losing a little market share in IIS.
Read ANY fucking RFID article before posting.
Yes, sir, I will.
an RFID chip has absolutely NO logic on it. a "receiver" broadcasts a radio wave with an encrypted signal, if the encryption key matches that of the RFID chip, the chip is powered by the electromagnetic field to broadcast a "reply." The reader knows Absolutely nothing other than the fact that it is within range. There chip can not tell the reader anything.
Damn, I screwed up, thanks for providing the correct technical information, it means a lot.
That was a stupid joke that didn't make any sense to any sensible person.
Dewd, you sound a tad angry. There is a thing called "managing your anger". Also, controlling your emotions in public. And when you write shit in a public forum. They even have classes in it, for people like you, people who constantly thrashing your mouth off about nothing.
Well, thanks =bunches= for fucking up my day. I made a pretty good joke on Slashdot, kind of to throw a little humor on the fact that almost daily, it seems we're losing our personal privacy guarantees, here, no less, in the Land of the Free. And People Liked The Joke. The Joke didn't depend on Technical Accuracy, no, that WASN'T the point, NUMB NUTS. I could give a rat's wrinkled ass if an RFID chip can talk, listen, or shit itself when in the presence of a magnetic field or NOT.
Your joke is sort of like saying that liscense plates will start telling us that we're driving too fast--it doesn't make ANY sense.
A brilliant elucidation! Analogy of analogies!! You are a genius!!! Thanks for the laughs. Cretin.
What do I think of the issues raised by the article? Bullshit mostl
I read the author's qualifications, and her job sounded so interesting, that I read the article. Much to my disappointment. Check out the job she does - seems like it would take a bit of an enlightened person to "circumvent" government content filtering systems and the like... not the kind of article I'd expect from what sounds like possibly a real hacker (as in innovative technician/programmer)..
I'm getting weary of hearing all Open Source Software lumped together.
There are so many many types of OSS for different uses and different audiences, the writer would not make the same generalization about proprietary software.
The article, and all 5 reasons OSS will ultimately fail, should have been directed only to Office software, and maybe related desktop application software like CD burning, DVD authoring, and audio programs to name a few... I won't be needing a bound glossy manual for my netcat, bee-yotch, thank you.
Hell, I don't WANT my mom finding either the firewalk manual, the tcpdump manual, or the Metasploit manual. To boot, I loved the days of super terse unix man pages and getting flamed by geezers on usenet for daring to ask a remotely plausible question. It kept the bar HIGH. Look what we have now. The lowest common denominator has been invited in, and now every half ass dimwit wannabe win98 fanboi thinks "Linux is awesome". Die, you rat, commie bastards.
(while seated in a board meeting, 28th floor overlooking metropolis, a small internal voice speaks)
"Sorry for this brief intrusion. This is your government speaking. The RFID tag embedded in your ass notified us moments ago. It appears as if you want to fart. This is just a warning - farting now, may be a bad idea, and could have unexpected consequences, and possible adverse career effects."
to provide honest labels on software in the same way that the Pure Food and Drug Act of 1906 forced manufacturers of foods and drugs to divulge the contents of their products.
By opening or removing the seal to this package you agree to abide by the terms explained in the enclosed EULA. By the way, this product contains software code, which, by installing on your computer, could render you utterly defenseless from intrusion, viruses, worms, trojans, popup advertising, loss of data, loss of privacy, NOT TO MENTION putting you on an endless treadmill of planned obsolescence, making you a pawn in the global theater of consumer rape by corporations. Enjoy!! Oh, yeah, we don't guarantee that the software works, and, no refunds.
Slashdot Mirror
tuxracer.sourceforge.net or http://www.extremetuxracer.com/?screenshots
tuxracer flat out rocks!!
Normally I wouldn't respond to ACs since they're mostly jackasses.
But a person who promotes security by obscurity, essentially saying that Apple should not detail security vulnerabilities, deserves to be called what he is, a jackass, jackass.
I have to admit that it may be better that the details aren't published
Good. Keep everyone in the dark, and the world will be safe. Thank you for your views on how security incidents should be handled by vendors. JACKASS.
Portable Network Graphics
Oops, that was three words, sorry.
I would NEVER IN MY WILDEST DREAMS set up a caching only dns server on a machine with BIND. It is just asking for trouble.
I do it on FreeBSD bastion hosts with zero issues.
What's your problem, specifically?
Wow. I offer my views about an alternative DNS server, and you get all emotional on me. What a nutcase.
Can you please point me to the link on cr.yp.to describing this methodology you tinydns zealots use (you know, the emotional nutcase strategy) against anyone who questions tinydns? Thanks.
challenge you to name s
proper granular logging, comprehensive acls, a proper fucking configuration file so that I can make and deploy across a platform disk based permanent changes without losing uptime or a built cache.. multithreading.. DNSSEC, transaction signatures, operator access control with cryptographic keys, extensible IXFR, and FINALLY, extensible RR's. Shortly DNS will be used for more than just zone data, why don't you get drop the attitude, get on the home team, and come in for the big win, son?
When ORSC or the regulars use tinydns, IM me. Oh, never mind, I'll be dead from old age.
I like how you tell me to contribute to ISC's BIND. Why would I do that? I..
Well, for one, it would get you off of Slashdot running the tinydns propaganda machine. And second, it might give you a freakin' clue as to the work that actually goes into developing a reference implementation of the RFCs..
I encourage you to read DJB's rants against BIND and DNS in general.
Thanks for the tip. I encourage you to kiss my white ass.
Why don't you do that instead of blindly supporting BIND 9?
I generally respect djb's work, especially the suing MS event, which I've been seeing now for many years.. actually I am not entitled to have an opinion on the person himself, and I'll abstain, since it might be colored by the ravings, flamings, and other output he's well known for but I have no reason to mention further.
More professionals don't use it simply because they're not aware it exists.
Now that is a wild claim, supposedly in defense of tinydns. I'd bet that 99% of serious BIND admins would name djb and tinydns when asked about a BIND alternative. They're connected to the Internet, remember??
Finally, BIND 9 is relatively new,
Finally, BIND 9 HAS BEEN OUT FOR SEVERAL YEARS.
Quit clinging to poor software just because that's the UNIX party line.
You know how I cling.. sorry.
had a DoS problem that was marked SERIOUS, liar.
It was wholly dependent upon openssl. 9.2.1 is two years ago. To say that it "continues" to have security problems is inaccurate, misleading to people who don't know better, and marks you as a raving jackass.
Who's to say it doesn't have more that have yet to be discovered
This asinine statement is not only useless since it can be applied to any software from any maker, but reveals what painfully little you really do know.
Please do not be in touch further unless you are coming over to install BIND 9.3.0 beta 2.
What about those pluses in the matrix
Not a BIND issue. OpenSSL. When OpenSSL has an issue, you'll be recompiling everything you built against it, I hope. Responsible vendors will notify users that their software will become vulnerable if compiled with _______________ as a result of the new vulns...
You are, loudly, shooting yourself in the foot.
If you had a critical software problem, and you told the vendor you "won't buy another piece of software from them" you know what you still have?
Your same broken ass software, and a worse relationship with your vendor.
Read your EULAs, ask your lawyer about them, and then go do a little research on the reliability and fix times for problems in BIND, Postfix, Apache, OpenSSL/SSH, etc etc etc.
You'll find that you're better off in many cases with OSS, with many less dollars lost.
Security problems abound!
There hasn't been any significant security issue with BIND 9. Period. Your link points to BIND 8 stuff, which you shouldn't be using, specifically for those reasons, and I hope ISC stops supporting it soon, it's due for a quick death.
I use tinydns
Who gives a rat's ass what you use? Like an AC said earlier, and I paraphrase, "too bad tinydns is so lacking in features", when he was trying to be nice.
ISC's BIND is the reference implementation, in the free world anyway. Why don't you shut up and contribute code to it, instead of criticizing?
But everything from security to configuration is poorly done in BIND
Really. Such as.. ??
There are a couple of problems with BIND (out of the scope of this rant) which will eventually get worked out. One of them is with zone transfers. But it only happens to losers who don't understand how to design and deploy a componentized architecture suiting the application at hand.
Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.
He's got a great track record
(re djb), Yes, but not necessarily in the DNS world. I don't understand. If it's so great, why haven't more professionals adopted it?
Quality's not so hot, and subject to buffering problems based on your network connection. Also, the content isn't necessarily separated by track, nor easily identified later...
I've saved some really nice ambient streams but have no frikkin' idea what's on 'em..
save as html
.doc or html mail?
what's worse..
The port knocking idea is pretty old.. at least for months now all kinds of people are knocking my 135 1433 3127 and a bunch of others to DEATH, like hundreds a day, trying to get in..
Oops, that's Microsoft port knocking.. never mind, sorry, I guess it is new to Unix..
Good thing you have a lot of karma and mod points from one-sidedly promoting Linux in the past.
One of the ugliest things you'll ever see on Slashdot is karma-jealousy. I got all my karma, btw, from telling the truth about Apple.
Oh, and before I forget, PATCH ALL YOUR SYSTEMS, AND REBUILD ALL YOUR APPS, you jive ass armchair theorists, and stay ON TOPIC.
Die, you Microsoft defender.
you have an interesting slant on ethics. By that mindset, a burglar is perfectly entitled to break into your apartment because your door could be kicked in.
No, I didn't say that anywhere. Please, re-read what I wrote.
The salient question raised by the article, which points to a trend in break-ins within a certain profile of Linux/Solaris installations, is "why are these break-ins happening?"
My answer is that the system administrators are at fault, for not patching the systems, or having a rotational plan to do so, in conjunction with better basic security practices. And this applies to any OS, not just Linux or Solaris. This article happened to be about Linux and Solaris.
You erred by assuming I was making some ethical statement, and then presented some irrelevant conjectures as if i had said them.
Who am I??
Ask your mother about me.
the goalie's at fault for the other team's score
goalie sys admin
bad analogy. The goalie was the last line of defense with not many tools at his disposal to block the ball.
The fixes for the exploits discussed have been out for a while, any system administrator, with only normal tools and knowledge, would have done something about patching systems.
The excuse, "patching is easy in theory, hard in practice", is a LAME excuse.
How does that differ from the worms which get released for Microsoft almost a year after the patch was released? I hear people railing Microsoft all the time for not 'getting it right the first time' when THAT happens...
Wrong. People rail because Microsoft rarely gets it right the first time, and are damned slow and arrogant about fixing security holes. Oh, sorry. They did speed up their response time on security issues after realizing that the public was noticing and they were losing a little market share in IIS.
You're joking.
All the vulns mentioned have patches/fixes/replacements for the faulty code.
The System Administrators are at fault FOR NOT MAINTAINING THEIR SYSTEMS PROPERLY.
Read ANY fucking RFID article before posting.
Yes, sir, I will.
an RFID chip has absolutely NO logic on it. a "receiver" broadcasts a radio wave with an encrypted signal, if the encryption key matches that of the RFID chip, the chip is powered by the electromagnetic field to broadcast a "reply." The reader knows Absolutely nothing other than the fact that it is within range. There chip can not tell the reader anything.
Damn, I screwed up, thanks for providing the correct technical information, it means a lot.
That was a stupid joke that didn't make any sense to any sensible person.
Dewd, you sound a tad angry. There is a thing called "managing your anger". Also, controlling your emotions in public. And when you write shit in a public forum. They even have classes in it, for people like you, people who constantly thrashing your mouth off about nothing.
Well, thanks =bunches= for fucking up my day. I made a pretty good joke on Slashdot, kind of to throw a little humor on the fact that almost daily, it seems we're losing our personal privacy guarantees, here, no less, in the Land of the Free. And People Liked The Joke. The Joke didn't depend on Technical Accuracy, no, that WASN'T the point, NUMB NUTS. I could give a rat's wrinkled ass if an RFID chip can talk, listen, or shit itself when in the presence of a magnetic field or NOT.
Your joke is sort of like saying that liscense plates will start telling us that we're driving too fast--it doesn't make ANY sense.
A brilliant elucidation! Analogy of analogies!! You are a genius!!! Thanks for the laughs. Cretin.
++ on your comments..
What do I think of the issues raised by the article? Bullshit mostl
I read the author's qualifications, and her job sounded so interesting, that I read the article. Much to my disappointment. Check out the job she does - seems like it would take a bit of an enlightened person to "circumvent" government content filtering systems and the like... not the kind of article I'd expect from what sounds like possibly a real hacker (as in innovative technician/programmer)..
I'm getting weary of hearing all Open Source Software lumped together.
There are so many many types of OSS for different uses and different audiences, the writer would not make the same generalization about proprietary software.
The article, and all 5 reasons OSS will ultimately fail, should have been directed only to Office software, and maybe related desktop application software like CD burning, DVD authoring, and audio programs to name a few... I won't be needing a bound glossy manual for my netcat, bee-yotch, thank you.
Hell, I don't WANT my mom finding either the firewalk manual, the tcpdump manual, or the Metasploit manual. To boot, I loved the days of super terse unix man pages and getting flamed by geezers on usenet for daring to ask a remotely plausible question. It kept the bar HIGH. Look what we have now. The lowest common denominator has been invited in, and now every half ass dimwit wannabe win98 fanboi thinks "Linux is awesome". Die, you rat, commie bastards.
... ...
.. another save by Uncle Sam.
applications such as issuing alerts
(while seated in a board meeting, 28th floor overlooking metropolis, a small internal voice speaks)
"Sorry for this brief intrusion. This is your government speaking. The RFID tag embedded in your ass notified us moments ago. It appears as if you want to fart. This is just a warning - farting now, may be a bad idea, and could have unexpected consequences, and possible adverse career effects."
or one of its subsidiaries isn't doing this remotely?
that's one hell of an accusation..
to provide honest labels on software in the same way that the Pure Food and Drug Act of 1906 forced manufacturers of foods and drugs to divulge the contents of their products.
By opening or removing the seal to this package you agree to abide by the terms explained in the enclosed EULA. By the way, this product contains software code, which, by installing on your computer, could render you utterly defenseless from intrusion, viruses, worms, trojans, popup advertising, loss of data, loss of privacy, NOT TO MENTION putting you on an endless treadmill of planned obsolescence, making you a pawn in the global theater of consumer rape by corporations. Enjoy!! Oh, yeah, we don't guarantee that the software works, and, no refunds.