The same story was on digg a couple days ago with the same misleading topic. Just like on Digg, people who dont read the story bashed TiVo. If you read the story, OR the comments then you would know the $150 cancellation is due to the $150 rebate they give you.
I wonder which news (cough) source will post the same bullshit headline next.
Lets talk apples to apples here. When we are talking about viruses/worms coming through open ports on a system running Linux, this is not a fault in *Linux*; this is other various open-source software running.
Its not Linux that has your port 25 open; it's sendmail or exim. Its not Linux that has your port 22 open; its openssh. With Windows *IT IS* the operating system that has those ports open.
It really depends on your distro how secure the system will be out of the box. What software is enabled, what configuration settings that system has.
For example, Redhat ships SSH with default settings to downgrade the connection to v1 if v2 fails. This leaves Redhat open to SSH1 attacks. A system like Debian does not allow SSH1 by default.
Some distributions are secure, some are not. You cant lump them all together. And you cant blame the kernel for the shortcomings of some other open source software. Put blame where blame is deserved.
Secondly, with regard to malware - Linux systems are much less vulnerable simply because we dont surf the web or run our systems as the root or Administrator user. Yes, running as a limited account on Windows accomplishes the same thing, but less people actually do it.
fakeap creates fake access points to trick net stumbler applications like netstumbler or kismet. It switches the ssid so quickly that nobody would be able to authenticate to any of them.
All you need is a card that supports master mode . Then, a couple iwconfig commands and your card becomes an access point.
Um. Thats exactly what I was speaking of, and no its not surprising nor is it new.
Take for example a linux machine is running wpa_supplicant or some other software which has a preferred access point of "linksys" (since that user uses that ssid at home). If a "linksys" access point pops up somewhere other than at home, the box will connect to it.
Its nothing special.
The only exploit that affects XP is that it broadcasts the names of the ssid's that its searching for. This allows an attacker to change his access point to that name that is being requested and have the user connect.
Sarge (Debian Stable) is best used as a server distro.
In my opinion you wont be happy running a stable distro on your desktop. Within a few months you will be complaining that your software is out of date.
You should try Debian Unstable... and you didnt have to wait.
I consider your points trolling. How you got +5 Insightful is beyond me.
Your first and second points are basically complaining how long it took to get out the door. Who cares? If you are not helping fix bugs then dont complain that it is taking too long to get them fixed.
All my servers run Debian stable and I love the fact that the release takes forever. This keeps the server maintainable. The configuration files never need updating because the software versions never change (except for security fixes). The servers have all been rock solid for years.
If you want a more current release run "unstable" (which is quite stable and I run on my desktop and laptop). From your comments I conclude that you shouldnt be using stable. You dont understand what its for.
Your last point - ship a broken upgrade after all the testing. My rebuttal is very simple - you didnt read the release notes. I did. All my servers were upgraded without issues.
I was going to do that but decided against it. My servers are all set on "stable". I cant wait for updated php, mysql, apache and spamassassin.
If you want to migrate to stable, and you currently have your apt sources set to "testing", I believe you can change those apt sources to say "sarge". This should migrate you to "stable" when the move happens.
My copy of XP (on my desktop) here will not resume (it will crash) when resuming from Hibernate. Sleep doesnt work at all for some reason. This is not some strange setup - Intel 845PEBT2 motherboard, Intel P4 2.4Ghz chip - all brand name parts.
However, I can hibernate my laptop running Debian over and over without issue. How's that for backwards!?
I have some ideas I would like to patent but I am poor. Does anyone have any information on where one could go to "partner" with someone who would put in the investment? What does one with no money do when they have a invention idea? It seems patents are just for the rich to get richer.
When I bought my IBM Thinkpad T41 6 months ago, it came from Hong Kong (tracking info showed). I just bought a upgraded wireless miniPCI card a couple days ago and again, Hong Kong. So I doubt much change will be there. They come from the far east already.
Very nice post. I do take issue with the comment about Debian's horrible installer though. Just because it is not graphical doesnt mean its horrible or difficult.
I can be in and done with a debian install in about 5 minutes! The ONLY (what you could call) difficult part about debian install is disk partition. If you cant figure out how to do the partition, use another tool first so you wont have to use Debians. Install the base files and APT-GET the rest! DONT use the installer to install packages. Do it all via apt-get after setup is over.
Can someone help me with a.htaccess script that would prevent getting slashdotted. Either a) redirect or b) show special page when referrer = slashdot.org
I have suspend and hibernate working on Debian "unstable". Lid support, and power button support.
I compiled my own kernel 2.6.10 and I unload USB ehci and any network drivers in my suspend and hibernate scripts
Why dont people understand default pages?
on
Mac mini to PC Hack
·
· Score: 1
when will people learn that the whole point of having an index page (index.php) is that you DO NOT need to show it on the URL. Since it is the default page, it is implied and you do not need to show it
I am using Sarge (testing). When it is released as (stable), Im wondering if I will auto-jump to sid? I ask because in my apt sources.list I have apt sources of "testing".
Slashdot Mirror
The same story was on digg a couple days ago with the same misleading topic. Just like on Digg, people who dont read the story bashed TiVo. If you read the story, OR the comments then you would know the $150 cancellation is due to the $150 rebate they give you.
I wonder which news (cough) source will post the same bullshit headline next.
Ahh, sensationalism at work.
Lets talk apples to apples here. When we are talking about viruses/worms coming through open ports on a system running Linux, this is not a fault in *Linux*; this is other various open-source software running.
Its not Linux that has your port 25 open; it's sendmail or exim. Its not Linux that has your port 22 open; its openssh. With Windows *IT IS* the operating system that has those ports open.
It really depends on your distro how secure the system will be out of the box. What software is enabled, what configuration settings that system has.
For example, Redhat ships SSH with default settings to downgrade the connection to v1 if v2 fails. This leaves Redhat open to SSH1 attacks. A system like Debian does not allow SSH1 by default.
Some distributions are secure, some are not. You cant lump them all together. And you cant blame the kernel for the shortcomings of some other open source software. Put blame where blame is deserved.
Secondly, with regard to malware - Linux systems are much less vulnerable simply because we dont surf the web or run our systems as the root or Administrator user. Yes, running as a limited account on Windows accomplishes the same thing, but less people actually do it.
If you think its not funny then I guess you havent seen the video.
fakeap creates fake access points to trick net stumbler applications like netstumbler or kismet. It switches the ssid so quickly that nobody would be able to authenticate to any of them.
All you need is a card that supports master mode . Then, a couple iwconfig commands and your card becomes an access point.
Um. Thats exactly what I was speaking of, and no its not surprising nor is it new.
Take for example a linux machine is running wpa_supplicant or some other software which has a preferred access point of "linksys" (since that user uses that ssid at home). If a "linksys" access point pops up somewhere other than at home, the box will connect to it.
Its nothing special.
The only exploit that affects XP is that it broadcasts the names of the ssid's that its searching for. This allows an attacker to change his access point to that name that is being requested and have the user connect.
Old news.
you gave me a total visual of that. Sweat dripping down his armpits. hahah
That technique is
a) old news
b) not Microsoft specific.
Linux and OSX can also be tricked into connecting to a rogue access point.
Whichever access point is most powerful, or higher priority will be connected to.
The only shocking thing about the article is that the engineers havent seen/heard/tried this before.
Ubuntu is a desktop distro
Sarge (Debian Stable) is best used as a server distro.
In my opinion you wont be happy running a stable distro on your desktop. Within a few months you will be complaining that your software is out of date.
You should try Debian Unstable... and you didnt have to wait.
I consider your points trolling. How you got +5 Insightful is beyond me.
Your first and second points are basically complaining how long it took to get out the door. Who cares? If you are not helping fix bugs then dont complain that it is taking too long to get them fixed.
All my servers run Debian stable and I love the fact that the release takes forever. This keeps the server maintainable. The configuration files never need updating because the software versions never change (except for security fixes). The servers have all been rock solid for years.
If you want a more current release run "unstable" (which is quite stable and I run on my desktop and laptop). From your comments I conclude that you shouldnt be using stable. You dont understand what its for.
Your last point - ship a broken upgrade after all the testing. My rebuttal is very simple - you didnt read the release notes. I did. All my servers were upgraded without issues.
The release notes clearly said not to use apt-get to do the dist-upgrade. You should have used aptitude
I was going to do that but decided against it. My servers are all set on "stable". I cant wait for updated php, mysql, apache and spamassassin.
If you want to migrate to stable, and you currently have your apt sources set to "testing", I believe you can change those apt sources to say "sarge". This should migrate you to "stable" when the move happens.
My copy of XP (on my desktop) here will not resume (it will crash) when resuming from Hibernate. Sleep doesnt work at all for some reason. This is not some strange setup - Intel 845PEBT2 motherboard, Intel P4 2.4Ghz chip - all brand name parts.
However, I can hibernate my laptop running Debian over and over without issue. How's that for backwards!?
I have some ideas I would like to patent but I am poor. Does anyone have any information on where one could go to "partner" with someone who would put in the investment? What does one with no money do when they have a invention idea? It seems patents are just for the rich to get richer.
When you order IBM stuff, usually it comes from HongKong/China. Simple parts like the accessories and bags come from Mexico.
When I bought my IBM Thinkpad T41 6 months ago, it came from Hong Kong (tracking info showed). I just bought a upgraded wireless miniPCI card a couple days ago and again, Hong Kong. So I doubt much change will be there. They come from the far east already.
I use Debian unstable on Thinkpad T41.
i nkpad-t41/http://chriscarey.us/hardware/myhardware /thinkpad-t41/>
Used to dual boot XP/Debian but no more. Now its full-time Linux. Basically all hardware works. Only minor issues exist.
I wouldnt use any other distro. Debian in the best. Redhat/Fedora pissed me off because with every new release you had to re-install.
ahref=http://chriscarey.us/hardware/myhardware/th
Very nice post. I do take issue with the comment about Debian's horrible installer though. Just because it is not graphical doesnt mean its horrible or difficult.
I can be in and done with a debian install in about 5 minutes! The ONLY (what you could call) difficult part about debian install is disk partition. If you cant figure out how to do the partition, use another tool first so you wont have to use Debians. Install the base files and APT-GET the rest! DONT use the installer to install packages. Do it all via apt-get after setup is over.
Im glad to see this post. I also had the Loraine memory system and had a lot of fun with it in my teen years.
Can someone help me with a .htaccess script that would prevent getting slashdotted. Either a) redirect or b) show special page when referrer = slashdot.org
I have suspend and hibernate working on Debian "unstable". Lid support, and power button support.
I compiled my own kernel 2.6.10 and I unload USB ehci and any network drivers in my suspend and hibernate scripts
when will people learn that the whole point of having an index page (index.php) is that you DO NOT need to show it on the URL. Since it is the default page, it is implied and you do not need to show it
b ecomes: http://www.kevinrose.com/?option=value
ex: http://www.kevinrose.com/index.php
becomes: ex: http://www.kevinrose.com/
or with parameters...
ex: http://www.kevinrose.com/index.php?option=value
I dont mean to pick on Kevin because I see this on most major websites around the net.
Why havent I seen a story on Slashdot yet about Godaddy going down for 1.5 hours yesterday? taking down who knows how many sites with it.
This is a huge story but nobody is talking about it.
I am using Sarge (testing). When it is released as (stable), Im wondering if I will auto-jump to sid? I ask because in my apt sources.list I have apt sources of "testing".
I installed java 5.0 with firefox 1.0 and its great. No problems and no issues setting it up or using it.
lol I was thinking the same thing