Slashdot Mirror


User: Alioth

Alioth's activity in the archive.

Stories
0
Comments
5,690
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,690

  1. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 1

    But the regulations in Ireland say that. They will soon in the Isle of Man. They will soon in Scotland, with England and Wales following (with exceptions).

  2. Preventative measures on Linux Lupper.Worm In the WIld · · Score: 3, Insightful

    Well, firstly, I doubt this worm will be particularly widespread - the vast majority of sites use name-based virtual hosting, and this worm just uses the IP address. Obviously some systems (with the very outdated versions of the vulnerable programs) will be vulnerable. But this isn't really the point of what I'm thinking about.

    The point is that if you run a server (of any OS) you can take preventative measures to stop the propagation of hacks/malware/trojans, even if you have users who install buggy PHP scripts. Some straightforward preventative measures are:

    1. Ensure that the 'wget' (and any other similar utilities) command is NOT available to the user which cgi/php scripts are run as. Many hackers use an initial exploit to get into the machine, then wget the script or program they really want to run (such as the good old bindshell)
    2. Mount /tmp (and anything else writeable by the script) no-exec (although there are ways around this, it will defeat many skript kiddies).
    3. Implement rate limiting on the MTA that runs on the machine. Have the MTA shut down altogether if the mail queue is gigantic. This way, if someone does get in, and tries to spam with your machine, it won't get very far. It will also give you time to investigate the problem.
    4. Use iptables! Only open ports that should be open. Also, use *egress* filtering too. If your server should not be contacting anything on port 80, say, except the Debian distro servers for apt, use iptables to stop outbound access to anything except those servers. Prevent all outbound access except where strictly needed.
    5. Treat every local root exploit as if it was a remote root exploit. If you run a web server, there is *no such thing* as a local root exploit. All it takes is a buggy PHP script, and an attacker can try and elevate their privileges through the local root exploit.

    Those 4 things will keep you safe against most of these cookie-cutter or skript kiddie attacks. But to go further:
    6. Use SElinux to only allow Apache to access what it should access and nothing else. Particularly executables. Therefore, if someone manages to successfully wget their exploit script after exploiting the buggy PHP script, they can't actually run it because SElinux will prevent it from being run.
    7. Use Xen to divide your server up. Put the web server (the most complex and most likely to be exploited) in a separate Xen-U instance to everything else. Then you can make sure that the only stuff installed on the instance is stuff strictly needed to run the web sites. You can also do much more agressive filtering with iptables - so for instance, if you put the MTA on another Xen-U, plus all the other services you need (DNS etc). you can make it so the web server needs to have no egress *at all* except via the services on the other xen-U. This makes it essentially impossible for someone to use an exploit to download and run another script on your web server - they can't even change the port number of their webserver (say, to 25) to allow them to get the file they need.

    I have had two serious attempts (i.e. NOT skript kiddies - the most recent one was a Romanian phishing group) to hack my (multi-user, shared hosting) web server in the last couple of years. They were both defeated by at least one of these techniques, and I learned from each. My web server is now divided into multiple Xen instances, and the HTTP server part has very strict egress rules.

  3. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 1

    You still don't understand: pubs STILL have to comply with health and safety regulations. If the health and safety regulations say that smoking is unacceptable in the workplace, pubs must comply.

  4. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 1

    But it's still a PUBLIC house. That's what 'pub' is short for. Notwithstanding whether property is private or not, owners still have to comply with health and safety regulations. Smoking does have deleterious effects on workers and other non smokers in the building.

  5. Re:Interesting dependency (not!) on Mandriva Linux 2006 Review · · Score: 2, Interesting

    I subscribe to the notion of a binary installation. However, until the Linux world can harmonize on a SINGLE package that runs on ALL Linux distros they will be far behind the Windows world in this regard.

    One word:

    Autopackage. http://www.autopackage.org/.

    I use it for Oolite-Linux. It has worked fine on all distros I've tried. I have had no user reports of problems with the Autopackage installer so far.
  6. Re:When theory and reality disagree... reality win on Mandriva Linux 2006 Review · · Score: 1

    Have you seen Autopackage yet? It's an installation system that is very easy for the end user. Third party software in a '.package' file - you just execute the .package file, and it installs. No harder than installing Windows software from a .msi file (except unlike .msi, Autopackage has the capability to resolve dependencies automatically if there are any).

  7. Re:When theory and reality disagree... reality win on Mandriva Linux 2006 Review · · Score: 2, Informative

    ...and in those cases, there is Autopackage.

    The difficulty in installing some software is not the fault of Linux - it's just that maybe the developers haven't got around to making a decent distro-agnostic installer. Oolite-Linux is *not* distributed with any Linux distro, but it is very easy to install - download the autopackage, and run it. An Autopackage is basically an archive wrapped in a shell script that bootstraps the entire process - including getting the autopackage management infrastructure if your distro doesn't have it, and resolving dependencies if there are any to be resolved. Autopackages can either be installed in a GUI or in a terminal window. Superficially, it looks similar to the InstallShield-style Windows installers (but it does quite a bit more, such as dependency resolution, and can install programs quite happily as a non-administrative user where this makes sense, for example, you can choose to install Oolite-Linux system wide or in your home directory).

    Autopackage is fairly new, but it's picking up popularity:
    http://www.autopackage.org/

  8. Re:We need deadlier cigarettes on Safe Cigarettes? · · Score: 1

    You know what? If instead of these enormous SUVs with airbags et al. I bet the standard of driving would vastly increase if everyone had to drive a small car with a spike sticking out the hub of the steering wheel.

  9. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 1

    Bars (called pubs in this country - which is short for PUBLIC house) are public places. The word 'pub' means public house. It may be privately owned (a free house) or owned by the brewery, but it's a PUBLIC house. The law already lays down certain expectations for behaviour in pubs - landlords are not supposed to serve people who are drunk, health and safety laws for staff must be complied with, and licensing laws must be complied with. Still, that's not the point - the point is not making certain activities (eating out or going for a beer) off-limits for non smokers. Making them non-smoking does *not* make them off-limits for smokers by the way - smokers can go outside when they want to light up. In Ireland, publicans provide covered outdoor places for smokers.

    No, I can't draw conclusions from a sample of one death. However, the BMA and other medical establishments can. If you think smoking doesn't adversely affect most people's health, you've got your head stuck firmly in the sand. http://www.tobaccofactfile.org/ There is no controversy in the medical establishment that tobacco, by and large, causes more harm than it does good.

  10. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 1

    There are NO non-smoking pubs where I live. Why should smokers make pubs no-go areas to me? It's their choice to light up in the first place - they can still smoke in private if they like.

  11. Re:Cause or Risk Factor? (warning pro-smoking) on Safe Cigarettes? · · Score: 5, Insightful

    Your 80 year old doctor might smoke two packs a day, but my mother died age 48 of smoking related disease. She had a healthy diet, too. You can't draw a conclusion on the safety of smoking from a sample of two (you and your doctor).

    As far as passive smoking -vs- unhealthy diets, if someone on the next table eats a bag of pork rinds, my eyes don't start to water and I don't leave the building smelling like an ash-tray. If someone on the next table eats the world's healthiest dinner but lights up, I end up leaving smelling like an ash tray. That's the difference - a person's unhealthy diet doesn't affect nearby strangers but their smoking will. That's the main problem with second hand smoke. I couldn't care less if it's totally harmless to me in the long term - in the short term it gives me what feels like an allergic reaction (stuffiness, watering eyes, lethargy) which isn't very pleasant. That's why there is a move on to ban smoking in public places. In the privacy of your own home, knock yourself out - I couldn't care less whether you smoke marijuana or tobacco. But in enclosed public spaces, please refrain from it - those of us who don't smoke find it at best smelly, at worst, feeling a bit ill.

  12. This is actually pretty cool. on MIT Wireless Campus Tracking Users · · Score: 2, Insightful

    This is actually pretty cool.

    You know what I miss about computing from the early-mid90s? Back then there was a *community* that came with the Internet. Take for example, our university server, csd. Boring name, but you logged in and typed 'who' and there were usually at least 100 other users on the system right at that moment. None of them spammers, all of them showing real names (so no males masquerading as females). I made a point to always have 'mesg y' in my .profile so random people could use 'talk'. I also made sure I had a publically viewable .plan. It was cool to occasionally get an incoming message from some random person. Sure - you can do that now on IM networks, but the only people likely to message you are spammers. An IM network doesn't have a community. Our Sun server, on the other hand did. Getting a talk request meant you usually got to know someone new who was worth meeting or hanging out with.

    Also, not many people had laptops. Most of us instead of lurking in our dorm rooms would go to the communal terminal or Unix workstation room - so there was physical community that went along with it, which dorm room ethernet and broadband has probably ended.

    That's what I miss these days. You just don't get these little communities on timesharing systems. Computing is much duller for it.

    But perhaps systems like this one, with a wireless equivalent of Unix's 'who' command and 'mesg y' will bring some of this community back.

  13. Re:digg.com slashdot on MIT Wireless Campus Tracking Users · · Score: 1

    Who CARES! Slashdot isn't trying to be 'first' or 'exclusive'. I don't read digg.com. Many others here don't read digg.com. We do read Slashdot. We couldn't give a damn if it's been on digg.com or boingboing or kuroshin, WE DON'T READ THEM.

  14. Re:Yes, and stripper girlfriends on Don't Network Administrators Require Privacy? · · Score: 1

    Get a rear view mirror on your monitor. Seriously. When I had an office, I positioned my kit so that I saw people entering first, and they had to walk at least 3 paces to see my screen even side on. The cube wasn't like this. All of the desk space was arranged so my back was to the entrance. I bought a couple of those blind spot mirrors for cars and stuck them on the monitor so people couldn't sneak up on me. (Other solutions I considered was to put a small camera on the outside of my cube looking up the dead-end corridor I was on, but the mirror was so much cheaper).

  15. Any suitably rigged... on New Technology Could Kill WiMax? · · Score: 1

    When I saw this on the front page - with the thing about the 850 ft tower it IMMEDIATELY brought the phrase "Any suitably rigged demo is indistinguishable from magic".

    There have been cases of this before - very convincing demos done that have turned out to be snake oil, or perhaps have the kernel of truth behind them (and the demo used to drum up capital - at which point the inventors HOPED they could make the technology actually do what the rigged demo showed).

    Basically, I'll believe it when you can buy it, not before. At the moment it sounds like a rigged demo.

  16. Re:Who are they kidding? on New Bill Threatens to Plug "Analog Hole" · · Score: 1

    Of course the government would make it illegal, given enough money from corporate sponsors. What the *AA fear is not necessarily piracy, but that people can now cut them out and distribute their own work without needing a big, traditional record company. If they can force all digital media players to only play secured media - and if they can then get to be the keyholders for those digital players, they ensure all artists still must go through a big, traditional record company to get any sort of widespread audience.

  17. Re:good for niche marked on The Microsoft Singularity · · Score: 1

    Ah, so basically Microsoft has got tired of copying Apple and have decided to copy OpenBSD instead!!

    OK, OK, mod me down now.

  18. Re:Not Sued For Downloading! on Slashback: DRM, MPAA, ADSL · · Score: 1

    That's a non-sequitor. Having an accident in someone's house is not in any way the equivalent of a family relative doing something actively that's illegal. Would the grandfather be guilty for murder if his grandson committed a murder in his house? No, of course not. Neither is he liable for copyright infringement that he didn't commit. If he was - then surely the theatre where someone videoed the movie with their HandyCam is liable, not the user of the handycam?

  19. Re:Read article 15min. ago--BS detector still blar on Floating Wind Turbine Platform · · Score: 2, Informative

    Where did you get THAT information from? Wind generators are steel (usually with fibreglass blades). The energy payback is around 6 months which is pretty damned good. Germany is already generating 12% of its power demands from your so called "feel good" measure.

    But I'm not convinced the floating platform idea will work - tall, floating structure = asking for trouble.

  20. Re:The irony on Red Hat Wants Xen In Linux Kernel · · Score: 1

    Xen is GPLd. Microsoft contributed to the funding of Xen. Therefore, my original comment still stands - MS were funding GPLd software at the same time as whining about the GPL.

  21. Re:Whiskey Tango Foxtrot!!! on GORM 1.0 Release to Take on GNOME/KDE? · · Score: 2, Interesting

    GNUstep is exactly how we ported Oolite (an open source game for Mac OS X) to Linux and FreeBSD. There were a few small issues to contend with (and we eventually went from using NSOpenGLView for the graphics to SDL) but 99% of the code is identical on OS X and Linux.

    It's a pity that GNOME was written way back when instead of GNUstep being the free desktop of choice - had all that effort gone into GNUstep, it would have been pretty easy to target both Mac OS X and Linux/*BSD instead of having to write separate UI code for each.

  22. Re:Why not? I'll tell you why not. on OpenBSD 3.8 Released · · Score: 2, Insightful

    So no installer gui makes it somehow _bad_?

    Sure, it's not newbie friendly (however, installed in conjunction with the Install Guide, a newbie can install it - I was an OpenBSD newbie once and I didn't have a problem with it). Once you've installed it on a couple of machines it is EXTREMELY fast to install. These days I typically PXE boot the installer, and I can go from a blank machine to a working OpenBSD system in around 5 minutes. This is something that cannot be done with a GUI installer.

    OpenBSD is not a system for non-technical desktop users; it is a server operating systems for system administrators or clued people. As such, certainly I'd prefer their efforts to be focused on things like the new malloc(3) implementation than making eye candy installers.

  23. Re:Theo's an asshole and OpenBSD is over rated on OpenBSD 3.8 Released · · Score: 2, Informative

    I've been using OpenBSD on sparc64 for about a year and found it entirely satisfactory. It also does something that Solaris cannot: it supports my Alcatel SpeedTouch USB modem.

  24. The irony on Red Hat Wants Xen In Linux Kernel · · Score: 4, Interesting

    The irony is that Microsoft provided some of the funding for Xen (probably for the early experimental Xenised versions of Windows XP). Yes - Microsoft does fund GPLd projects. Often in a company that big, the left hand doesn't know what the right hand is doing, so whilst Gates/Balmer spout off about how evil open source is, another part of MS is funding it (or even releasing it on Sourceforge).

  25. Re:pay more for music on Apple Sells 1 Million Videos in Under 20 Days · · Score: 1

    Personally - I don't buy CDs any more because they are too expensive. When I did buy them, I bought very few because they were too expensive. But in the last six months, I have bought more albums than I have in the previous 7 or 8 years.

    Places like iTunes and Magnatune sell music for a price I think is more value for money. I'm not particularly interested in the shiny plastic disk (to me it's an inconvenience), I'd rather have cheaper music that goes straight on my hard disk. I've bought more music of the likes of Magnatune than iTMS, because it's better value.

    If the record companies get their way and the cost of music on iTMS goes up, I stop buying there. It's only JUST at the price point where I think it's worth it as it is.