Being the most targeted is not a good reason to switch (being the most exploited may be). However, rather than say "acroread sucks, try something else", shouldn't a security company actually check the security of the alternatives? Alternative does not automatically imply better; how do I know that the alternatives are not worse?
How many of the alternatives implement all the features require (and implement them securely)? Viewing an owner's guide PDF or some such isn't a big deal (I'd hope they can all do that); I need to know if all the form handling works correctly (because I need to use that).
Wow, I can't believe you've been moderated "Informative" with completely wrong information. Light travels from the Sun to the Earth in a little over 8 minutes, not 8 seconds. You are a little closer on the delay between the Earth and the Moon, but it is about 1.25 seconds, not.25.
Also, anything interactive requires a round trip, so for practical purposes, the delay is double that (about 16.5 minutes for the Sun and 2.5 seconds for the Moon).
Unfortunately, noexec doesn't really do much anymore. All the scripting languages like perl and python will run scripts from a noexec filesystem, and there are even ways to run binaries from them.
Also, like all linux distros, in order to do any real damage on a mac, you need to enter an admin password
Please stop repeating this fallacy! First, on a single-user system (e.g. the vast majority of home computers), the end user has rights to all the interesting data files (songs, pictures, documents, etc.), so anything running as the user can do significant local damage. Sure, the OS and apps may be protected, but that isn't really what the end user cares about (since that's all easily replaced). However, since the goal of most viruses/worms/trojans is to control the computer for distributed and untraceable nefarious purposes (and not have the owner notice), they don't do that anymore. They cause the computer to join botnets, connect to master control servers, and wait for instructions. Sending spam, scanning other systems for vulnerabilities, hosting fast-flux phishing sites, etc. don't require elevated privilege.
People complain about providers advertising "unlimited" that they can't provide for the price. People complain when providers have unpublished caps. People complain when providers publish caps. People complain when providers offer an "unlimited" service for a price that supports it.
Bandwidth and infrastructure cost real money. Providing "unlimited" access means allocating more bandwidth for those customers; why should they not charge for that? I work at a relatively small ISP, and our Internet circuits cost us $50-75/meg (plus we have multiple paths for redundancy), and that doesn't include our infrastructure (routers/switches, UPS/generator, A/C, people, etc.). If you want a guaranteed 6 meg pipe, you shouldn't expect to get it for $99.
Well, the company isn't really paying the sales tax, the consumer (in another area) is. The company is presumably already paying property taxes, payroll taxes, etc. Why should I (as a consumer) pay sales tax to build roads in another state? If I pay sales tax, I want it to go towards my local roads, schools, etc.
The main reason is that sales taxes in the US are only at the state/county/city level, not the federal level. Many years ago, there was a federal court ruling against one state trying to charge sales tax on something bought in another state (I don't remember the details but I'm sure Google does), so mail-order businesses did not have to charge sales tax on shipments to states where they did not have a physical presence.
Also, the way sales taxes are handled complicates collections on mail/web-order sales. For example, I pay 8% sales tax here: 4% to the state, 2% to the county, and 2% to the city. If I buy something online, how is a random merchant (in another state) supposed to know how much sales tax to collect and where to send it? A big business like Amazon could handle it, but it could put small (Mom-n-Pop type) shops out of business (or they just won't sell online). Telling Amazon to collect taxes because they can handle it, while letting the small businesses bypass taxes, would create unfair competition.
Also, what gets taxed varies from area to area. For a long time, my state did not tax computer software and games, because they were not considered a physical sale but a license (for once that concept worked for consumers instead of against). That changed of course as software sales went up. Many states don't tax some types of food and clothing ("essential" items), but the exceptions vary.
That breaks functionality that uses those interpreters. For example, I see python running on my system for a printer applet. There are a number of things in a "modern" desktop that use python and perl (and ruby and...).
Also, if you change the permissions, your system package manager will probably at least complain, if not change them back the next time the packages are updated.
Mounting "noexec" makes execution harder but does not disable it. Any scripted language (perl, python, etc.) can still run, and from some, you can execute binaries as well (write a custom perl module that essentially duplicates the linker with dlopen() and you can run anything you want).
If security/absolute control is your goal, you'll need to look at something like SELinux. "noexec" is pretty much useless in a modern system, unless you also remove perl and python (which would mean goodbye yum, puppet, etc.).
In general "rabbit ears" are set-top TV antennas of any type. Also, VHF is not going away (some DTV stations will still be using VHF). Only the top part of the UHF band will no longer be available for TV stations.
I have a high-load mail server that uses a 2G RAM disk (a Curtis Nitro!Xe) for the queue. It looks like a normal 3.5"/1" high SCSI drive with a SCA hot-swap connector. It was made before high-density CF cards, so it has a 2.5" notebook hard drive inside for storage after shutdown (it has a battery to start the drive, dump the RAM, and shut down). We've had this in service for almost 5 years, and it has really made a difference.
The point to a RAM disk is not necessarily bulk data throughput, but I/O operations per second. Mechanical drives are limited to 100-200 random IOPS or less, while the RAM disk can easily hit 100,000.
I had one RHEL 4 server (out of a half dozen identically configured systems) crash at exactly the moment the leap second should have been inserted. The logs run up to 18:59:59 CST (UTC-06:00) and the system froze, when all my other Linux systems logged they were inserting a leap second. I have read reports of some Debian systems having a similar problem. The leap second code is probably one of the least tested areas of the Linux kernel (there have only been 8 leap seconds since Linux was started); there is probably some race condition related to stepping the clock that only some systems hit.
I have also read reports of problems with Oracle RAC (not stand-alone Oracle) crashing at the leap second.
I had a DNS-323 and never could get what I would consider good throughput with it (why bother with gigabit when it can barely fill 100 megabit). I ended up building a cheap PC out of spare parts and a few new things for not a lot more than the DNS-323, and it performs much better.
That's not exactly a new concept; AdvFS has done that for 10+ years on DEC^WDigital OSF/1^WUnix^W^WCompaq^WHP Tru64 Unix (and VMS had it before that I believe).
However, snapshots are not free, and not just thrown around like that. They especially don't help for databases, as a file contains a table, tablespace, or even database (depending on the DB used), and you can't just roll back to an older copy. If you care about that type of thing for databases, you set up the database to have rotating update logs, where you can pull out a bad transaction and roll it back (you don't try to solve that problem at the FS layer where it doesn't make sense).
X-33 was an unmanned test platform that would never reach orbit. A lot was learned before the project was cancelled, even though it never flew. One big thing that was learned was that we don't have the materials capability to make a composite fuel tank that works; both the O2 and H2 composite fuel tanks failed.
X-33 and SS1 were both sub-orbital vehicles and did not have to deal with orbital re-entry speeds, so comparing to them is not valid. You can't magically lower re-entry speeds; orbital velocity is fixed and you have to slow down somehow. If you don't use a heat shield of some type and allow for atmospheric braking, you have to carry enough fuel and engines to slow down quickly throughout your flight (which is a huge waste of launch mass as well as greatly limits any orbital maneuvering).
Also, the Saturn V was not the only launch vehicle from the 1960s; the Saturn 1B was also used for launches of just a capsule (the first Apollo capsule test, the Apollo-Soyuz flight, and the manned missions to Skylab). Rather than try to make smaller and larger man-rated vehicles, it makes more sense to focus on one for manned launches and one for heavy-lift unmanned launches.
When a system is hosed (I/O errors, fork bombed, etc.) or somebody deletes/bin, you can often still poke around (and sometimes work towards recovery) with Bourne shell built-in commands. For example, since the shell expands wildcards, "echo *" will give you a list of (non dot-) files in the current directory. The following shell function will implement cat without calling out:
shcat() {
xIFS="$IFS";
IFS="";
while [ "$1" != "" ]; do
while read line; do
echo "$line";
done <$1;
shift;
done;
IFS="$xIFS" }
Add a counter (requires ksh or bash) and you can re-implement a simple "more" command.
On systems with a text-based/proc (like Linux), you can combine the two to essentially do all the same things as "ps" (useful if something has run away and fork bombed the system).
Where I live, we have two competing cable companies throughout most of the city. They each have their own physical plant, which is good for me, because when I had trouble with one that they weren't interested in fixing, I switched to the other. If the city owned the physical plant, there'd be no competition, and it would probably be managed like most everything else government manages (i.e. poorly, by corrupt political hacks lining their pockets rather than fixing the problems).
I hate the telcos as much as the next guy (more than most probably, since I work for a private ISP and have to deal with telco crap all the time), but I don't think getting government trying to compete with companies is a solution at all.
There are many ways to get to a "protected" caching resolver. Users on the trusted network browse the web, send email, IM, etc.; all of those require DNS lookups, and many can be subverted to cause lookups of arbitrary names.
In any case, trying to excuse Apple by saying "not too many are affected" is crap. They shipped software that is now known to have security issues and it should be addressed. They've known there is a problem for almost 3 months and still have not done anything to protect their customers. If this was Microsoft, Sun, Red Hat, etc., people would be ranting about it, but since it is Apple, it must be okay.
You should check the designs before you criticize them. Ares I uses an extended solid rocket booster (upgraded from the Shuttle) and a J-2X engine (upgraded from the Saturn V second and third stages). Ares V uses extended SRBs and RS-68 engines (from the Delta IV).
The Shuttle main engines (SSMEs) were considered instead of the J-2X and/or the RS-68, but the cost was too high. The SSME is a high performance engine, but it is an expensive engine. Also, one concern for using it for the Ares I is that the liquid engine is the second stage engine, which will be started in-flight and at high altitude. The SSME has never been tried like that (nor was it designed for that), while the J-2 was used that way in the Saturn.
As for Scaled Composites Tier 1b, it is a sub-orbital vehicle (good for nothing but tourists and hype). IIRC Tier 2 may be an orbital vehicle, but that is a long way off as well, since Scaled is working on Tier 1b (Ares is much further along in development).
Slashdot Mirror
The system seems to fail when he arches his eyebrows.
Fascinating!
Being the most targeted is not a good reason to switch (being the most exploited may be). However, rather than say "acroread sucks, try something else", shouldn't a security company actually check the security of the alternatives? Alternative does not automatically imply better; how do I know that the alternatives are not worse?
How many of the alternatives implement all the features require (and implement them securely)? Viewing an owner's guide PDF or some such isn't a big deal (I'd hope they can all do that); I need to know if all the form handling works correctly (because I need to use that).
Wow, I can't believe you've been moderated "Informative" with completely wrong information. Light travels from the Sun to the Earth in a little over 8 minutes, not 8 seconds. You are a little closer on the delay between the Earth and the Moon, but it is about 1.25 seconds, not .25.
Also, anything interactive requires a round trip, so for practical purposes, the delay is double that (about 16.5 minutes for the Sun and 2.5 seconds for the Moon).
Unfortunately, noexec doesn't really do much anymore. All the scripting languages like perl and python will run scripts from a noexec filesystem, and there are even ways to run binaries from them.
Also, like all linux distros, in order to do any real damage on a mac, you need to enter an admin password
Please stop repeating this fallacy! First, on a single-user system (e.g. the vast majority of home computers), the end user has rights to all the interesting data files (songs, pictures, documents, etc.), so anything running as the user can do significant local damage. Sure, the OS and apps may be protected, but that isn't really what the end user cares about (since that's all easily replaced). However, since the goal of most viruses/worms/trojans is to control the computer for distributed and untraceable nefarious purposes (and not have the owner notice), they don't do that anymore. They cause the computer to join botnets, connect to master control servers, and wait for instructions. Sending spam, scanning other systems for vulnerabilities, hosting fast-flux phishing sites, etc. don't require elevated privilege.
Okay, how about this: he pirated the email!
People complain about providers advertising "unlimited" that they can't provide for the price. People complain when providers have unpublished caps. People complain when providers publish caps. People complain when providers offer an "unlimited" service for a price that supports it.
Bandwidth and infrastructure cost real money. Providing "unlimited" access means allocating more bandwidth for those customers; why should they not charge for that? I work at a relatively small ISP, and our Internet circuits cost us $50-75/meg (plus we have multiple paths for redundancy), and that doesn't include our infrastructure (routers/switches, UPS/generator, A/C, people, etc.). If you want a guaranteed 6 meg pipe, you shouldn't expect to get it for $99.
The Rosetta Stone for this era will be all the multilingual manuals for microwave ovens, DVD players, cameras, phones, etc.
Thanks Bob, Bob. I'll get right on those TPS reports now.
Well, the company isn't really paying the sales tax, the consumer (in another area) is. The company is presumably already paying property taxes, payroll taxes, etc. Why should I (as a consumer) pay sales tax to build roads in another state? If I pay sales tax, I want it to go towards my local roads, schools, etc.
The main reason is that sales taxes in the US are only at the state/county/city level, not the federal level. Many years ago, there was a federal court ruling against one state trying to charge sales tax on something bought in another state (I don't remember the details but I'm sure Google does), so mail-order businesses did not have to charge sales tax on shipments to states where they did not have a physical presence.
Also, the way sales taxes are handled complicates collections on mail/web-order sales. For example, I pay 8% sales tax here: 4% to the state, 2% to the county, and 2% to the city. If I buy something online, how is a random merchant (in another state) supposed to know how much sales tax to collect and where to send it? A big business like Amazon could handle it, but it could put small (Mom-n-Pop type) shops out of business (or they just won't sell online). Telling Amazon to collect taxes because they can handle it, while letting the small businesses bypass taxes, would create unfair competition.
Also, what gets taxed varies from area to area. For a long time, my state did not tax computer software and games, because they were not considered a physical sale but a license (for once that concept worked for consumers instead of against). That changed of course as software sales went up. Many states don't tax some types of food and clothing ("essential" items), but the exceptions vary.
That breaks functionality that uses those interpreters. For example, I see python running on my system for a printer applet. There are a number of things in a "modern" desktop that use python and perl (and ruby and ...).
Also, if you change the permissions, your system package manager will probably at least complain, if not change them back the next time the packages are updated.
Mounting "noexec" makes execution harder but does not disable it. Any scripted language (perl, python, etc.) can still run, and from some, you can execute binaries as well (write a custom perl module that essentially duplicates the linker with dlopen() and you can run anything you want).
If security/absolute control is your goal, you'll need to look at something like SELinux. "noexec" is pretty much useless in a modern system, unless you also remove perl and python (which would mean goodbye yum, puppet, etc.).
In general "rabbit ears" are set-top TV antennas of any type. Also, VHF is not going away (some DTV stations will still be using VHF). Only the top part of the UHF band will no longer be available for TV stations.
I have a high-load mail server that uses a 2G RAM disk (a Curtis Nitro!Xe) for the queue. It looks like a normal 3.5"/1" high SCSI drive with a SCA hot-swap connector. It was made before high-density CF cards, so it has a 2.5" notebook hard drive inside for storage after shutdown (it has a battery to start the drive, dump the RAM, and shut down). We've had this in service for almost 5 years, and it has really made a difference.
The point to a RAM disk is not necessarily bulk data throughput, but I/O operations per second. Mechanical drives are limited to 100-200 random IOPS or less, while the RAM disk can easily hit 100,000.
I had one RHEL 4 server (out of a half dozen identically configured systems) crash at exactly the moment the leap second should have been inserted. The logs run up to 18:59:59 CST (UTC-06:00) and the system froze, when all my other Linux systems logged they were inserting a leap second. I have read reports of some Debian systems having a similar problem. The leap second code is probably one of the least tested areas of the Linux kernel (there have only been 8 leap seconds since Linux was started); there is probably some race condition related to stepping the clock that only some systems hit.
I have also read reports of problems with Oracle RAC (not stand-alone Oracle) crashing at the leap second.
I had a DNS-323 and never could get what I would consider good throughput with it (why bother with gigabit when it can barely fill 100 megabit). I ended up building a cheap PC out of spare parts and a few new things for not a lot more than the DNS-323, and it performs much better.
That's not exactly a new concept; AdvFS has done that for 10+ years on DEC^WDigital OSF/1^WUnix^W^WCompaq^WHP Tru64 Unix (and VMS had it before that I believe).
However, snapshots are not free, and not just thrown around like that. They especially don't help for databases, as a file contains a table, tablespace, or even database (depending on the DB used), and you can't just roll back to an older copy. If you care about that type of thing for databases, you set up the database to have rotating update logs, where you can pull out a bad transaction and roll it back (you don't try to solve that problem at the FS layer where it doesn't make sense).
X-33 was an unmanned test platform that would never reach orbit. A lot was learned before the project was cancelled, even though it never flew. One big thing that was learned was that we don't have the materials capability to make a composite fuel tank that works; both the O2 and H2 composite fuel tanks failed.
X-33 and SS1 were both sub-orbital vehicles and did not have to deal with orbital re-entry speeds, so comparing to them is not valid. You can't magically lower re-entry speeds; orbital velocity is fixed and you have to slow down somehow. If you don't use a heat shield of some type and allow for atmospheric braking, you have to carry enough fuel and engines to slow down quickly throughout your flight (which is a huge waste of launch mass as well as greatly limits any orbital maneuvering).
Also, the Saturn V was not the only launch vehicle from the 1960s; the Saturn 1B was also used for launches of just a capsule (the first Apollo capsule test, the Apollo-Soyuz flight, and the manned missions to Skylab). Rather than try to make smaller and larger man-rated vehicles, it makes more sense to focus on one for manned launches and one for heavy-lift unmanned launches.
When a system is hosed (I/O errors, fork bombed, etc.) or somebody deletes /bin, you can often still poke around (and sometimes work towards recovery) with Bourne shell built-in commands. For example, since the shell expands wildcards, "echo *" will give you a list of (non dot-) files in the current directory. The following shell function will implement cat without calling out:
Add a counter (requires ksh or bash) and you can re-implement a simple "more" command.
On systems with a text-based /proc (like Linux), you can combine the two to essentially do all the same things as "ps" (useful if something has run away and fork bombed the system).
Where I live, we have two competing cable companies throughout most of the city. They each have their own physical plant, which is good for me, because when I had trouble with one that they weren't interested in fixing, I switched to the other. If the city owned the physical plant, there'd be no competition, and it would probably be managed like most everything else government manages (i.e. poorly, by corrupt political hacks lining their pockets rather than fixing the problems).
I hate the telcos as much as the next guy (more than most probably, since I work for a private ISP and have to deal with telco crap all the time), but I don't think getting government trying to compete with companies is a solution at all.
Of course, because pipes never break, get dug up, etc. If you have 5 times the pipes, you have something like 5 times the cost of maintaining them.
That's why I use nspluginwrapper. I run x86_64, so it is required if I want to use any i386 plugins, but it helps with the native plugins as well.
There are many ways to get to a "protected" caching resolver. Users on the trusted network browse the web, send email, IM, etc.; all of those require DNS lookups, and many can be subverted to cause lookups of arbitrary names.
In any case, trying to excuse Apple by saying "not too many are affected" is crap. They shipped software that is now known to have security issues and it should be addressed. They've known there is a problem for almost 3 months and still have not done anything to protect their customers. If this was Microsoft, Sun, Red Hat, etc., people would be ranting about it, but since it is Apple, it must be okay.
You should check the designs before you criticize them. Ares I uses an extended solid rocket booster (upgraded from the Shuttle) and a J-2X engine (upgraded from the Saturn V second and third stages). Ares V uses extended SRBs and RS-68 engines (from the Delta IV).
The Shuttle main engines (SSMEs) were considered instead of the J-2X and/or the RS-68, but the cost was too high. The SSME is a high performance engine, but it is an expensive engine. Also, one concern for using it for the Ares I is that the liquid engine is the second stage engine, which will be started in-flight and at high altitude. The SSME has never been tried like that (nor was it designed for that), while the J-2 was used that way in the Saturn.
As for Scaled Composites Tier 1b, it is a sub-orbital vehicle (good for nothing but tourists and hype). IIRC Tier 2 may be an orbital vehicle, but that is a long way off as well, since Scaled is working on Tier 1b (Ares is much further along in development).