ssh (at least OpenSSH) uses the same algorithm as gzip.
You could also use the 'z' option to tar, which also uses gzip to compress/uncompress tar files.
An even easier (and more portable) variant would be to use:
scp -C -r sourceDir 'me@host:destinationDir'
thereby bypassing the overhead of tar. Only a fast link (+100M), you could probably get better performance by skipping the compression (too much overhead). This only shows why this book is over-rated!
Another review of "Computer Forensics"
on
Computer Forensics
·
· Score: 1
OK, I admit that IBM has signed consent decrees, but let us investigate them a bit more, shall we?
1956: A consent decree is signed in the US, specifying that IBM shall not compete in the second hand computer market and allow punched cards (etc) to be manufactured by third parties. Is this relevant to the discussion? No!
1984: A consent decree is signed with the EC (European Commission), that specifies that Interfaces will be updated and that IBM will announce everything within a short timeframe from initial announcement also in the EC. Is this relevant to the discussion? No.
2000: A consent decree is signed stipulating that IBM will make a volontary contribution to the FCC of $70.000 regarding a minor error (which FCC agrees is minor) in the handling of radio licenses. Is this relevant? No.
So, let us keep it relevant. It is also well known that IBM (during anti-trust litigation) volontary imposed rules to prevent any recurrance of behaviour that would have been or could have been in violation of anti-trust laws in the US.
I am the former security architect for AIX, so I believe I know some of the issues as well. But let us be generous: you are correct and I am wrong, IBM has signed consent decrees, but none that has any bearing or relevance on this discussion.
Learn history. IBM never signed a consent decree, as the case were dropped by the Reagan DoJ (in 1984 I believe). Granted, IBM had before that dropped some of the worst parts of its behavior, but had never been ruled against.
At my university, we keep such statistics. Would you believe us if we published them? Such Netflow data can be forged pretty easily.
True, such data is easily forged, but even data of unknown origin can be analysed better than no data. Some data may be refuted or upheld and may lead to further questions, but no data is just posturing.
Groklaw's statement that SCO is obviously lying because DoS via TCP SYN flood can't be a problem for them since Linux and Cisco routers have built-in protection against SYN floods is far more credible, of course.
You can at least rest assured that I've never said anything like that. What is interesting, is that people on GrokLaw has been in contact with XO.net, which says they haven't seen any spikes in traffic or anything they would consider strange (and they are SCO's upstream provider). Of course, we may have spoken to the wrong people, or been lied to (for what reason, I don't know, but the possibility exists).
Any data that can lead us further to a resolution, is good, but you have to understand why most people are a bit perplexed when SCO claims that their internal operations are affected by this alleged DoS attack (no firewall!?). Meanwhile they claim that their pipe into SCO is clogged by SYN-packets (which mysteriously doesn't affect any other machines on the same subnets, which I would believe were supplied by the same pipe).
Oh, and from a contingency standpoint, I would prefer that they toasted my router instead of my host (which is supposed to have data as opposed to routing tables).
If you have any evidence, please feel free to submit it, as the comment as it stands is proof of nothing.
Again, if you have evidence, submit it or submit a link to a place where evidence may be collected (and don't tell me SCO), and we'll look into it (you may even submit it directly to me if you like).
At 40, I'm a child of the computer age (started programming at 17 and was on the Internet when that meant using FTP or UUCP in the 80-ties.).
Nevertheless, I read fiction and non-fiction in book form (as can be seen on the reviews on my homepage, a hobby of mine), but every time I need some quick info, I too google, msn, etc, for the information I need (I love google, but they don't have all information).
Why do I still read non-fiction books? As I'm interested in Management (and has an MBA), I can tell you that very little of the information that you need to learn to become a manager (or MBA) can be found on the Internet. You need to find the books or journals and read them. If I need to understand how PHP parses regexp as compared to PERL or how the object classes of OCCAM is built compared to C++, I can find it on the Internet. More specialised, non-computer related subjects, is still best found on paper (I would love if it wasn't so, but that is my experience).
For News on the other hand, I nearly always use the Internet, as it has the latest news, as it breaks and allows me to get different opinions (like the American, Canadian, French, Swedish, Israeli, Arab, etc opinions on the Iraqi question). TV, Radio and Newspapers are too focused on what they believe to be politically correct and it is hard to get an overview of opinions if I don't use the Internet. Also, the ensuing discussions, with experts, so-called-experts, crackpots and lay(wo)men is what I love about the Internet.
The Internet today, is a wonderful complement to hard sources of information, but it is far from replacing them.
Regards
Roland Buresund
Anyways the IEEE has a track record of working on security-related standards
Yes, like the P1003.6 (POSIX Security) which I was involved with (died because of lack of interest and politicial conflicts) as well as P1003.22 (Distributed Security) which I was one of the founders of (was later adopted by X/Open and is usually irrelevant today).
For some reasons (like practical experience), I don't believe the IEEE will manage this any better than they have before (i.e., very badly, mostly due to political aspects having precedents before technical and security aspects).
Please, do some research before mouthing off. Trolltech A/S is a Norwegian company; which means it is under another judical system and your comments have no value whatsoever (yeah, I know, I'll lose all karma etc...)
> Now, you can sell consulting, but that's a low margin business. Fer God's sake, don't tell IBM, McKinsey, Accenture, etc. Oh, and stop smoking whatever you're smoking, it seems to affect your thinking...
> Could someone explain what the EU has power > to do? > > Seems to me like they couldn't do much... Check out the General Electric and Honeywell merger attempt recently. The US authorities said OK to the deal, but the EU authorities refused it on anti-competitive grounds. End of merger! You gotta love a global economy...
I learned vi in the beginning of the eighties, what I learned was ZZ to write and quit.:x and:wq is in fact ed syntax. I never bothered to learn much of that...
For the young whipersnapers, ed is the equivalent to MS-DOG edlin (but much more powerful and an ancestor to sed, [am I the only one using it yet?]):-)
Older versions of AIX, namely AIX 4.1 and 4.2, weren't very good, standards-wise.
I'm sorry, but I have to take objection to this statement, as I was running the X/Open, OSF, and NIST test-suites in the Bull/IBM cooperation for the AIX 4.1. It passed every test suite we run on it (with the mandatory exceptions when the test case was disjoint from the interpretation of the standard). In addition, IBM was running other test suites and passing them.
You may challenge AIX 4.x on the grounds that it didn't comply with SunOS/Solaris, BSD, SysV.4 etc., but it did comply with SysV.2, X/Open, POSIX, NIST, OSF (with some exceptions).
In addition, it has always had its own Administration system (remember LiSA anyone). and a number of quirks as soon as the standards were out of the way (like JFS, LVM, etc.).
Critisize it all you want (there is lots to critisize), but don't misrepresent it.
True, but I believe you're failing to see the bigger picture here. If Mono was to continue as an Miguel/Ximian project, I daresay that many would care (zealots always exists, of course), but when Miguel begins talking about making.NET (or in reality, Mono) a cornerstone of Gnome, people feel insulted (probably the same people that were dead set against KDE, when it had a Open non-GPL license; now GNOME is LGPL while KDE is using the stricter GPL, bit no one complans...).
In my opinion (as a practicing Head of Information Security and a former Security Architect for a number of kernels) what Linux really needs are capabilities (which we have, we just need to start using them by default) and a functioning audit subsystem. A functioning audit subsystem does not compromise only the kernel part, but also the audit compression/reduction facilities (normally done in user space) and the tools to define what events to audit and tools to search and securely store audit trails.
Audit trails that can be (semi-) trusted is what most of us security people demand, and which Linux doesn't deliver (don't tell me about syslog, as it is designed for IT administrators, not security administrators).
These seems to be present in the HP-LX (can't access HP's website right now, but I assume it is based on the old SecureWare code HP purchased a while back and been using the last couple of years). Unfortunately, what Bruce (Perens) says about that it would be easy to reconstruct the user space parts of the auditing subsystem I disagree with, as this is the majority of the code and also the most complex part.
AFAIK the B1 level code HP uses are from SecureWare (which they bought a number of years ago). It is the same basis as the code in OSF/1 (and subsequently Digital UNIX). I agree that HP never really understood security (their absence or non-participation in the X/Open and IEEE committees in the beginning and mid-90s talk for themselves).
The SecureWare code is decent (I've once worked on it), but what I really would like is to get Data General to release their code (which is supposed to come from Adamax, now defunct I believe). THAT code I really respect and I believe it would be advantageous to get a real audit sub-system into Linux. I'll even settle for the AIX 4.x code for the audit sub-system, as it is already SMP-ready (I was the architect, so it would be extremely easy to retrofit it into Linux).
Which is better? Well, after 2000 years, Islam outnumbers Catholicism but still can't manage to organise a single peaceful and prosperous country.
Well, Islam is approx. 600 years younger than the Christian church, so compare Islam with the Christian church ala 1300-1400 (yes, I know I'm off-topic and the analogy doesn't hold, but so was the previous one).
Sigh.... The EU can sue a company in the same way the US can sue a company (and the congress and the president sign of on these laws; there isn't impartiality?).
Sorry, but the 2.4.x kernel wasn't broken, Mandrake's fix for a perceived problem in the PS/2 handling was broken. This has been acknowledged by Mandrake and their patch has been backed out of their distro's later kernels (check their cangelog for the gory details).
if any representative of Elcomsoft (or DeBeers, for that matter) steps foot in America, they can be arrested and charged on behalf of their company.
The question is that case is whether Skylarov is a representative of that company or meely an employee. This would make a big difference.
I live in Europe, which means that if Microsoft (the corporate entity, not B. Gates) was found guilty or under suspicion of a crime under European laws, we should arrest any employee of theirs that were unlucky enough to enter European soil?
The argument sucks, but if that is the correct interpretation under US law, you better watch out who you work for.
If the crucial parts of the system (like the C compiler and the libs) should decide what prefix to put on a project, shouldn't the current Linux be called Intel/Linux, as the i386 processor and its descendants is what made it possible to create the system in the first place. Also, I believe the first versions that Linus made was bootstrapped in assembler, which I suspect wasn't the gas assembler.
Furthermor, if KDE isn't part of the GNU project, neither is Linux. Both KDE/QT and Linux (the kernel) uses the GPL, while GNOME uses LGPL. Granted, GNOME is officially a GNU project, but neither Linux nor KDE/QT is in any kind a GNU project (interpreted as under the control of GPL/LGPL and copyrights owned by FSF).
Thirdly, the term Linux is a registred trademark, which means that the trademark owner decides in what context the trademark may be used and in which combinations (excepted press and equivalent fair use).
What all this means is that it is Linus Torvalds that gets to decide what to call anything related to Linux (as he is the trademark holder). Currently he calls the operating system that is based on his kernel Linux. End of that story.
As a sidepoint, Linus may (will probably not) instigate legal action on the FSF for fraudulent use of his trademark linux in their license, as they adds another identifier to it that has not been (to my knowledge) permitted by him (example, you're not allowed to call Coca Cola something like Walmart/CocaCola just because you are selling it in a Walmart store).
"If technical people were involved in the 'strategy discussions' 2 years ago, the dot-com thing wouldn't have been nearly as disasterous."
Speaking as an old-timer programmer (both in the applications field and in the UNIX-kernel field) and as a person that is currently in a management position and finishing up my MBA: The problem was that the "techies" were selling their wild-eyed dreams (without any clue how business reality looks like [which an MBA would have given them a hint about]) to PHB's with MBA's (that didn't have any clue what the techies were talking about, except when adviced by likewise enthusiastic hired techies (which didn't....)).
I'm a programmer (since 20 years), I still program (C, C++, tcl/tk, etc.), but I'm also a manager that has to say NO to braindead ideas that self-styled geeks has sold to ignorant MBA-only PHBs. An MBA coupled with solid IT skills, allows you to understand why you don't want to standardise on Win-NT (it sucks technically and the TCO can easily be beat by other solutions) while at the same time understand why you would pour money into MSFT on the Nasdaq (consistently beating earnings per share projections and a solid gearing).
Regards
Roland B.
Slashdot Mirror
You could also use the 'z' option to tar, which also uses gzip to compress/uncompress tar files.
An even easier (and more portable) variant would be to use:
thereby bypassing the overhead of tar. Only a fast link (+100M), you could probably get better performance by skipping the compression (too much overhead). This only shows why this book is over-rated!
www.buresund.se
In my opinion, there exists other (better) books.
Regards
Roland Buresund
1956: A consent decree is signed in the US, specifying that IBM shall not compete in the second hand computer market and allow punched cards (etc) to be manufactured by third parties. Is this relevant to the discussion? No!
1984: A consent decree is signed with the EC (European Commission), that specifies that Interfaces will be updated and that IBM will announce everything within a short timeframe from initial announcement also in the EC. Is this relevant to the discussion? No.
2000: A consent decree is signed stipulating that IBM will make a volontary contribution to the FCC of $70.000 regarding a minor error (which FCC agrees is minor) in the handling of radio licenses. Is this relevant? No.
So, let us keep it relevant. It is also well known that IBM (during anti-trust litigation) volontary imposed rules to prevent any recurrance of behaviour that would have been or could have been in violation of anti-trust laws in the US.
I am the former security architect for AIX, so I believe I know some of the issues as well. But let us be generous: you are correct and I am wrong, IBM has signed consent decrees, but none that has any bearing or relevance on this discussion.
Roland Buresund
Learn history. IBM never signed a consent decree, as the case were dropped by the Reagan DoJ (in 1984 I believe). Granted, IBM had before that dropped some of the worst parts of its behavior, but had never been ruled against.
Roland Buresund
True, such data is easily forged, but even data of unknown origin can be analysed better than no data. Some data may be refuted or upheld and may lead to further questions, but no data is just posturing.
Groklaw's statement that SCO is obviously lying because DoS via TCP SYN flood can't be a problem for them since Linux and Cisco routers have built-in protection against SYN floods is far more credible, of course.
You can at least rest assured that I've never said anything like that. What is interesting, is that people on GrokLaw has been in contact with XO.net, which says they haven't seen any spikes in traffic or anything they would consider strange (and they are SCO's upstream provider). Of course, we may have spoken to the wrong people, or been lied to (for what reason, I don't know, but the possibility exists).
Any data that can lead us further to a resolution, is good, but you have to understand why most people are a bit perplexed when SCO claims that their internal operations are affected by this alleged DoS attack (no firewall!?). Meanwhile they claim that their pipe into SCO is clogged by SYN-packets (which mysteriously doesn't affect any other machines on the same subnets, which I would believe were supplied by the same pipe).
Oh, and from a contingency standpoint, I would prefer that they toasted my router instead of my host (which is supposed to have data as opposed to routing tables).
Roland Buresund
If you have any evidence, please feel free to submit it, as the comment as it stands is proof of nothing.
Again, if you have evidence, submit it or submit a link to a place where evidence may be collected (and don't tell me SCO), and we'll look into it (you may even submit it directly to me if you like).
Roland Buresund
Roland Buresund
At 40, I'm a child of the computer age (started programming at 17 and was on the Internet when that meant using FTP or UUCP in the 80-ties.). Nevertheless, I read fiction and non-fiction in book form (as can be seen on the reviews on my homepage, a hobby of mine), but every time I need some quick info, I too google, msn, etc, for the information I need (I love google, but they don't have all information). Why do I still read non-fiction books? As I'm interested in Management (and has an MBA), I can tell you that very little of the information that you need to learn to become a manager (or MBA) can be found on the Internet. You need to find the books or journals and read them. If I need to understand how PHP parses regexp as compared to PERL or how the object classes of OCCAM is built compared to C++, I can find it on the Internet. More specialised, non-computer related subjects, is still best found on paper (I would love if it wasn't so, but that is my experience). For News on the other hand, I nearly always use the Internet, as it has the latest news, as it breaks and allows me to get different opinions (like the American, Canadian, French, Swedish, Israeli, Arab, etc opinions on the Iraqi question). TV, Radio and Newspapers are too focused on what they believe to be politically correct and it is hard to get an overview of opinions if I don't use the Internet. Also, the ensuing discussions, with experts, so-called-experts, crackpots and lay(wo)men is what I love about the Internet. The Internet today, is a wonderful complement to hard sources of information, but it is far from replacing them. Regards Roland Buresund
Yes, like the P1003.6 (POSIX Security) which I was involved with (died because of lack of interest and politicial conflicts) as well as P1003.22 (Distributed Security) which I was one of the founders of (was later adopted by X/Open and is usually irrelevant today).
For some reasons (like practical experience), I don't believe the IEEE will manage this any better than they have before (i.e., very badly, mostly due to political aspects having precedents before technical and security aspects).
Feel free to mod an old cynic down.
Please, do some research before mouthing off. Trolltech A/S is a Norwegian company; which means it is under another judical system and your comments have no value whatsoever (yeah, I know, I'll lose all karma etc...)
Roland B.
> Now, you can sell consulting, but that's a low margin business.
Fer God's sake, don't tell IBM, McKinsey, Accenture, etc. Oh, and stop smoking whatever you're smoking, it seems to affect your thinking...
> Could someone explain what the EU has power
/. readers ....
> to do?
>
> Seems to me like they couldn't do much...
Check out the General Electric and Honeywell merger attempt recently. The US authorities said OK to the deal, but the EU authorities refused it on anti-competitive grounds. End of merger! You gotta love a global economy...
As well as ignorant
I learned vi in the beginning of the eighties, what I learned was ZZ to write and quit. :x and :wq is in fact ed syntax. I never bothered to learn much of that...
:-)
....
For the young whipersnapers, ed is the equivalent to MS-DOG edlin (but much more powerful and an ancestor to sed, [am I the only one using it yet?])
Roland B.
Off-topic, I know
I'm sorry, but I have to take objection to this statement, as I was running the X/Open, OSF, and NIST test-suites in the Bull/IBM cooperation for the AIX 4.1. It passed every test suite we run on it (with the mandatory exceptions when the test case was disjoint from the interpretation of the standard). In addition, IBM was running other test suites and passing them.
You may challenge AIX 4.x on the grounds that it didn't comply with SunOS/Solaris, BSD, SysV.4 etc., but it did comply with SysV.2, X/Open, POSIX, NIST, OSF (with some exceptions).
In addition, it has always had its own Administration system (remember LiSA anyone). and a number of quirks as soon as the standards were out of the way (like JFS, LVM, etc.).
Critisize it all you want (there is lots to critisize), but don't misrepresent it.
Roland B.
True, but I believe you're failing to see the bigger picture here. If Mono was to continue as an Miguel/Ximian project, I daresay that many would care (zealots always exists, of course), but when Miguel begins talking about making .NET (or in reality, Mono) a cornerstone of Gnome, people feel insulted (probably the same people that were dead set against KDE, when it had a Open non-GPL license; now GNOME is LGPL while KDE is using the stricter GPL, bit no one complans...).
Regards
Roland B.
Interesting, now the questions is why I can't seem to access hp.com at all? "Slashdot effect" or Compaq/Fiorina effect?
Any mirrors?
Roland B.
In my opinion (as a practicing Head of Information Security and a former Security Architect for a number of kernels) what Linux really needs are capabilities (which we have, we just need to start using them by default) and a functioning audit subsystem. A functioning audit subsystem does not compromise only the kernel part, but also the audit compression/reduction facilities (normally done in user space) and the tools to define what events to audit and tools to search and securely store audit trails.
Audit trails that can be (semi-) trusted is what most of us security people demand, and which Linux doesn't deliver (don't tell me about syslog, as it is designed for IT administrators, not security administrators).
These seems to be present in the HP-LX (can't access HP's website right now, but I assume it is based on the old SecureWare code HP purchased a while back and been using the last couple of years). Unfortunately, what Bruce (Perens) says about that it would be easy to reconstruct the user space parts of the auditing subsystem I disagree with, as this is the majority of the code and also the most complex part.
With Best Regards
Roland B.
AFAIK the B1 level code HP uses are from SecureWare (which they bought a number of years ago). It is the same basis as the code in OSF/1 (and subsequently Digital UNIX). I agree that HP never really understood security (their absence or non-participation in the X/Open and IEEE committees in the beginning and mid-90s talk for themselves).
The SecureWare code is decent (I've once worked on it), but what I really would like is to get Data General to release their code (which is supposed to come from Adamax, now defunct I believe). THAT code I really respect and I believe it would be advantageous to get a real audit sub-system into Linux. I'll even settle for the AIX 4.x code for the audit sub-system, as it is already SMP-ready (I was the architect, so it would be extremely easy to retrofit it into Linux).
Off-topic, I know....
Roland B.
Which is better? Well, after 2000 years, Islam outnumbers Catholicism but still can't manage to organise a single peaceful and prosperous country.
Well, Islam is approx. 600 years younger than the Christian church, so compare Islam with the Christian church ala 1300-1400 (yes, I know I'm off-topic and the analogy doesn't hold, but so was the previous one).
Sigh.... The EU can sue a company in the same way the US can sue a company (and the congress and the president sign of on these laws; there isn't impartiality?).
Get a grip on reality.
Sorry, but the 2.4.x kernel wasn't broken, Mandrake's fix for a perceived problem in the PS/2 handling was broken. This has been acknowledged by Mandrake and their patch has been backed out of their distro's later kernels (check their cangelog for the gory details).
The question is that case is whether Skylarov is a representative of that company or meely an employee. This would make a big difference.
I live in Europe, which means that if Microsoft (the corporate entity, not B. Gates) was found guilty or under suspicion of a crime under European laws, we should arrest any employee of theirs that were unlucky enough to enter European soil?
The argument sucks, but if that is the correct interpretation under US law, you better watch out who you work for.
Roland B.
Furthermor, if KDE isn't part of the GNU project, neither is Linux. Both KDE/QT and Linux (the kernel) uses the GPL, while GNOME uses LGPL. Granted, GNOME is officially a GNU project, but neither Linux nor KDE/QT is in any kind a GNU project (interpreted as under the control of GPL/LGPL and copyrights owned by FSF).
Thirdly, the term Linux is a registred trademark, which means that the trademark owner decides in what context the trademark may be used and in which combinations (excepted press and equivalent fair use).
What all this means is that it is Linus Torvalds that gets to decide what to call anything related to Linux (as he is the trademark holder). Currently he calls the operating system that is based on his kernel Linux. End of that story.
As a sidepoint, Linus may (will probably not) instigate legal action on the FSF for fraudulent use of his trademark linux in their license, as they adds another identifier to it that has not been (to my knowledge) permitted by him (example, you're not allowed to call Coca Cola something like Walmart/CocaCola just because you are selling it in a Walmart store).
Regards
Roland Buresund
I thought it was my brain that had decayed when I couldn't get it to work in 7.2.
(:-)
(just mod it down, I don't mind)
"If technical people were involved in the 'strategy discussions' 2 years ago, the dot-com thing wouldn't have been nearly as disasterous." Speaking as an old-timer programmer (both in the applications field and in the UNIX-kernel field) and as a person that is currently in a management position and finishing up my MBA: The problem was that the "techies" were selling their wild-eyed dreams (without any clue how business reality looks like [which an MBA would have given them a hint about]) to PHB's with MBA's (that didn't have any clue what the techies were talking about, except when adviced by likewise enthusiastic hired techies (which didn't ....)).
I'm a programmer (since 20 years), I still program (C, C++, tcl/tk, etc.), but I'm also a manager that has to say NO to braindead ideas that self-styled geeks has sold to ignorant MBA-only PHBs. An MBA coupled with solid IT skills, allows you to understand why you don't want to standardise on Win-NT (it sucks technically and the TCO can easily be beat by other solutions) while at the same time understand why you would pour money into MSFT on the Nasdaq (consistently beating earnings per share projections and a solid gearing).
Regards
Roland B.