Re:Have you learned nothing?
on
Cyber-Attacks?
·
· Score: 1
No, the problem is that big ISPs don't know their own installations well enough to trust them - probably for good reason. So find a few holes around and abouts, and you can still cause fairly major infrastructural damage.
(Oops, did I just say something to help them? Bummer!)
Re:Have you learned nothing?
on
Cyber-Attacks?
·
· Score: 1
"A "cyber attack" is so thoroughly within the reach of Al Queda that the only reason I can suggest that they've not done it is that they've been busy regrouping after their previous hosts, the Taliban, had their arses royally kicked a few months back."
Awww, cute, a typical yankee national viewpoint.
No, the reason they've not bothered is (a) it's too soon after Sep 11, and (b) everyone's going off on one imagining new threats so they'll think of something *else* to attack where we're not looking instead.
There have been plenty more vulnerabilities with openssh in the last year - I remember days when "you must get 2.9!" and so on.
As for `at least theo is saying something now', that's crap. It encourages people - whole distributions - to upgrade to something they don't know, including wrecking stable versions and everything, for no good reason other than "the great Theo said so" - when as it happens, Debian's packages aren't even going to be vulnerable because (a) it's a protocol-2-only bug and (b) they don't use SKEY or BSD-AUTH.
In retrospect, adopting a policy of "until we know what it is, there is no problem" would have saved a lot of people a hell of a lot of unnecessary stress.
I would *much* rather there were some details - look at how much M$loth tell you when a patch comes out, how much people take no notice of "oh just another bug-fix for things we've never seen affect us", and then whammo, Code Red.
Not that the GNU/linux world is without more than its fair share of idiots, but if there's something you can do upstream to stop the mentality spreading, it's fine by me.
"My favorite specious argument is that the artists don't get money from their recordings. Too bad. Let me cry them a river while they are passed out on the Green Room floor with a needle in their arm. They should have signed a better contract with the record companies or been entrepreneurial enough to distribute the music themselves."
What work or addition of extra value does a "label" actually do to the resultant CD at the end of the day? Given that I believe the answer is "stuff-all", that music labels do nothing but own studios and know "contacts" who can push the "make millions of CDs" button, why is it folks at this point in the chain who are making *all* the money, sorry, noise?
Maybe I *am* all in favour of a direct-to-listener 'Net-based approach after all...
"An X bug allows all available memory to be consumed, which causes the system to freeze."
Why on earth would that happen, unless your kernel VM was seriously screwed? Last time I saw any one process hog all the RAM, it got killed pretty sharpish.
There's also a call in the bugtraq thread for apps to be more sensitive about the data they get back from calls into external APIs. That makes sense to me - especially when anyone can LD_PRELOAD a library with broken return values for various functions.
Well spotted mozilla, now everyone *else* get your acts together please;)
Yes, well, it certainly wasn't posted to provoke intellectual discussion.
I gave up on the article half-way through, when it started talking about Javascript being "supported on both Windows and on most Unix/Linux systems". Following the first sentence of the alleged article, I'm wondering exactly where the distro flavour, kernel version and in fact anything in the OS have anything to do with javascript - unless I'm missing out on Every Linux Box Must Have A Commandline Javascript Interpreter or something?
And why the heck are people writing crap about searching for shell scripts (note: the grep -s command presented is heavily bash-dependent as it relies on non-interpretation of both # and !) when you can simply plug in an LKM that redirects execution of a particular command off to an "infected" version, while ordinary open() calls retrieve the real binary? And, HINT, it won't chug the luser's hard-drive to death revealing its own presence.
Face it, the days of user-space viruses are n/a here. There are much better ways to propogate; all we need is an interesting payload, and let the nerds argue whether it's a worm or a virus.
I've had a palm pilot (note: *not* just a "palm"!) and a psion 5mx in my time. Both have been OK, but I'm now looking for another nice trendy toy to sit at a rakish angle on the desk. I've already got a bluetooth phone, and was thinking of replacing it with a Treo if it weren't for them saying that they'll never put expansion slots in the treo - and the other Handspring offerings look like butt-ugly cheapo plastic to me.
I want PalmOS not CE; I want bluetooth; I want GPRS; I want a phone; I want GPS as well, at the very least as an expansion option; I want a PDA of some sort; I'm not so fussed on wireless access, nor does IrDA thrill me, but I have USB and ethernet and bluetooth networking options at my dispoal.
The problem currently is the way any one PDA only addresses a few of the above requirements; I want to be able to use with my bluetooth earpiece whilst taking down someone's details into the organizer, whilst on the built-in phone.
And last, I don't want it to say "requires windoze 98 or better" on the box.
So either a) do something to justify your existence - write your own engine licensed under your own terms and quit complaining; or b) use an existing GPL engine but have a different license for the original art packs (not linked into the binary, *duh*) if they're that worthwhile.
A month or so back I had the unenviable joy of being stuck in Brighton Hospital for a while... Discovered they have machines advertising "www.pienetworks.com" in their cafe area, running Galeon, fvwm{2,95}, just one mouse button, C-A-f1 disabled... the works. Nice to see non-windoze OSs making it into public access terminals.
"it's interesting to note that this story is entirely from the perspective of a capitalist but that still needs demonstrating from first principles on a frequent basis.)
"on its own moral high-ground of assuming an 'information free' culture already exists in its native province (UK)."
Erm, not entirely sure what you mean by "information-free". Presumably not that there's no info in the UK, although that wouldn't surprise me?
a) Dual-license it so companies who want to nick it for their own purposes and not release modifications have to sign a different agreement with you at some significant cost
b) have a consultancy business around the product specialising in easing installations and customization (with after-installation support an optional block cost)
c) sell t-shirts, caps, charge for shipping CDs with software on.
d) found a co-operative of several like-minded or related companies who want to advertise on your web-space
these are just ottomh. A little imagination might provide a few more:)
Emacs is currently keeping my job sane - I get patches in the mail every day, have to save out, gunzip, and apply and commit them. I can do all this with emacs, Gnus, Ediff-mode and vc-mode - and most importantly I don't have to leave my environment to run gunzip in a shell.
"It appears to me that Donna Dubinsky's announcement was a mistake. The expensive phone/PDA Treo has not sold well, probably simply because it is expensive and times are tough right now."
As soon as they produce something combining GPRS, Bluetooth, PDA (incl web-browser) and phone all at once - ideally with radio, mp3 player and GPS as a very optional extra - I'll be interested. I don't mind something a little bit bulkier but I do hate having to take my pick of a set of features. Oh, and if they're going to use expansion boards for things, make it possible to use 2 or more at once?
Example: I've got two nokia phones - both have GPRS (which I only use on one), one has bluetooth and the other has a radio (I now prefer internet radio instead;) Give me *lots* of toys all in one!;)
Re:How many people just give up?
on
Disconnecting
·
· Score: 1
I've cancelled more ISP agreements than I care to remember in the past 18 months.
First, we have the (UK-based) 0800 dialup provider, with whom I signed up for trial purposes. Then a few short weeks later, they went and switched me to the real full service - and in the process, managed to delete information of both accounts, trial and real. On a Friday night. And they all buggered off back home for the weekend. By Monday morning, I'd *long*-since signed up with Demon, if only to get myself back online.
Then we have Freeserve; I was one of the original folks who really liked the idea of an "unlimited" 24x7 dialup number - what was it called, "Freeserve AnyTime"? Anyway, they went and changed the T+Cs on me without giving me the statutory 30 days' written notice that was an integral part of the T+Cs originally. And I *object* to their policy of changing the T+Cs - basically it introduced a "we can cut you off for overuse despite you using what you signed up for" clause. So I pulled the direct-debit out from under their feet. Fortunately, the day afterwards I got an email saying the DD had been refused by my bank - to which I replied saying "surprise!". And they had the cheek to reply saying they might send someone around to extract "any outstanding amount". The reply to that was short and sweet: "expect to be sued for wear and tear on the baseball bat". Contract breakers suck.
Face it: telcos and ISPs all suck. All software sucks. All hardware sucks. The best you can do is dream of taking up running a hotel on the isle of Skye.
Duh. Yet another "oh look the DUL is wonderful" idiot.
Hint: No it's not. Any ISP that actively blocks its users from receiving mail just because they have some stupid carpet-ban of a rule that "all dialup users are evil" will never receive a penny of support from me, for censorship grounds.
Wake up, smell the coffee - settling for using some isp-provided "smart"host is pandering to the DUL. Die die die.
OK, so I see you've refined from "OS" down to "desktop OS". Let's not forget that's a very big jump.
What I really object to, however, is the idea that Gnome and KDE are necessary for a desktop. Having experienced both for a fairly long while, I currently neither use nor need neither. And I have a GUI as well - I'm posting this in mozilla with a simple X + fluxbox environment.
I also think it's horribly unfair to label Gnome and KDE part of some mythical "linux" - don't forget that these things are open-source for a reason, namely that other *OS*s can -and do- port them to the rest of their userspaces. You're doing those project members who use non-Linux environments a disservice.
IOW, make finer distinctions between your "packages" at a lower level. What we really *have*, damned politicians aside, is a linux kernel as distinct from any other, a GNU-based userspace, an X Windowing System, and some complete suites of "desktop environments" bolted on the top (to say nothing of the utility of Gnome as a programming API...). *Think* about the precision in my pedanticism in the previous sentence, please!
"What part of Linux is the OS anyway? Is it the underlying kernel that provides support for your hardware and devices? Is it the set of GNU system tools and utilities that you use to maintain your system? Is it the window manager and desktop shell? "
It can only be the kernel, otherwise you don't have linux, do you?
I've seen a lot of RMS-bashing concerning the leading "GNU/" in `GNU/Linux', but don't forget, he's 100% right to specify where the userspace and the OS come from, and everyone else is 100% idiot to separate "userspace" into commandline versus GUI for some arbitrary reason.
"This carpet bombing of people with advertisements makes everyone immune to the message after a while and as a result the ads do not have the desired effect."
Well said. In my case, I still *watch* adverts - at least when they're not so repetitive I get bored after a weekend of having the telly on - but only for the pretty-picture, childish humour or nice music factors. It's a matter of personal principles that I won't buy something as a result of an advert.
How's about this for an idea: Make an online shopping portal with a mark-up to account for programming?
Agreed entirely - I don't think I've ever had an email virus, and if I did I wouldn't worry all that much - we have procmail...
And the plural of "virus" is simply "viruses". It's a perfectly good English word, so you don't have to foul up the language for pretentious bogo-Latin reasons.
Slashdot Mirror
No, the problem is that big ISPs don't know their own installations well enough to trust them - probably for good reason. So find a few holes around and abouts, and you can still cause fairly major infrastructural damage.
(Oops, did I just say something to help them? Bummer!)
"A "cyber attack" is so thoroughly within the reach of Al Queda that the only reason I can suggest that they've not done it is that they've been busy regrouping after their previous hosts, the Taliban, had their arses royally kicked a few months back."
Awww, cute, a typical yankee national viewpoint.
No, the reason they've not bothered is (a) it's too soon after Sep 11, and (b) everyone's going off on one imagining new threats so they'll think of something *else* to attack where we're not looking instead.
There have been plenty more vulnerabilities with openssh in the last year - I remember days when "you must get 2.9!" and so on.
As for `at least theo is saying something now', that's crap. It encourages people - whole distributions - to upgrade to something they don't know, including wrecking stable versions and everything, for no good reason other than "the great Theo said so" - when as it happens, Debian's packages aren't even going to be vulnerable because (a) it's a protocol-2-only bug and (b) they don't use SKEY or BSD-AUTH.
In retrospect, adopting a policy of "until we know what it is, there is no problem" would have saved a lot of people a hell of a lot of unnecessary stress.
I would *much* rather there were some details - look at how much M$loth tell you when a patch comes out, how much people take no notice of "oh just another bug-fix for things we've never seen affect us", and then whammo, Code Red.
Not that the GNU/linux world is without more than its fair share of idiots, but if there's something you can do upstream to stop the mentality spreading, it's fine by me.
"My favorite specious argument is that the artists don't get money from their recordings. Too bad. Let me cry them a river while they are passed out on the Green Room floor with a needle in their arm. They should have signed a better contract with the record companies or been entrepreneurial enough to distribute the music themselves."
What work or addition of extra value does a "label" actually do to the resultant CD at the end of the day?
Given that I believe the answer is "stuff-all", that music labels do nothing but own studios and know "contacts" who can push the "make millions of CDs" button, why is it folks at this point in the chain who are making *all* the money, sorry, noise?
Maybe I *am* all in favour of a direct-to-listener 'Net-based approach after all...
"An X bug allows all available memory to be consumed, which causes the system to freeze."
;)
Why on earth would that happen, unless your kernel VM was seriously screwed? Last time I saw any one process hog all the RAM, it got killed pretty sharpish.
There's also a call in the bugtraq thread for apps to be more sensitive about the data they get back from calls into external APIs. That makes sense to me - especially when anyone can LD_PRELOAD a library with broken return values for various functions.
Well spotted mozilla, now everyone *else* get your acts together please
Your reading is non-optimal.
It's a multimedia story on Slashdot because it has audio+video (bcast2k's successor) and more audio stuff (audacity) in it.
Yes, well, it certainly wasn't posted to provoke intellectual discussion.
I gave up on the article half-way through, when it started talking about Javascript being "supported on both Windows and on most Unix/Linux systems". Following the first sentence of the alleged article, I'm wondering exactly where the distro flavour, kernel version and in fact anything in the OS have anything to do with javascript - unless I'm missing out on Every Linux Box Must Have A Commandline Javascript Interpreter or something?
And why the heck are people writing crap about searching for shell scripts (note: the grep -s command presented is heavily bash-dependent as it relies on non-interpretation of both # and !) when you can simply plug in an LKM that redirects execution of a particular command off to an "infected" version, while ordinary open() calls retrieve the real binary? And, HINT, it won't chug the luser's hard-drive to death revealing its own presence.
Face it, the days of user-space viruses are n/a here. There are much better ways to propogate; all we need is an interesting payload, and let the nerds argue whether it's a worm or a virus.
I've had a palm pilot (note: *not* just a "palm"!) and a psion 5mx in my time. Both have been OK, but I'm now looking for another nice trendy toy to sit at a rakish angle on the desk.
I've already got a bluetooth phone, and was thinking of replacing it with a Treo if it weren't for them saying that they'll never put expansion slots in the treo - and the other Handspring offerings look like butt-ugly cheapo plastic to me.
I want PalmOS not CE; I want bluetooth; I want GPRS; I want a phone; I want GPS as well, at the very least as an expansion option; I want a PDA of some sort; I'm not so fussed on wireless access, nor does IrDA thrill me, but I have USB and ethernet and bluetooth networking options at my dispoal.
The problem currently is the way any one PDA only addresses a few of the above requirements; I want to be able to use with my bluetooth earpiece whilst taking down someone's details into the organizer, whilst on the built-in phone.
And last, I don't want it to say "requires windoze 98 or better" on the box.
So either
a) do something to justify your existence - write your own engine licensed under your own terms and quit complaining;
or
b) use an existing GPL engine but have a different license for the original art packs (not linked into the binary, *duh*) if they're that worthwhile.
A month or so back I had the unenviable joy of being stuck in Brighton Hospital for a while... Discovered they have machines advertising "www.pienetworks.com" in their cafe area, running Galeon, fvwm{2,95}, just one mouse button, C-A-f1 disabled... the works. Nice to see non-windoze OSs making it into public access terminals.
"it's interesting to note that this story is entirely from the perspective of a capitalist but that still needs demonstrating from first principles on a frequent basis.)
"on its own moral high-ground of assuming an 'information free' culture already exists in its native province (UK)."
Erm, not entirely sure what you mean by "information-free". Presumably not that there's no info in the UK, although that wouldn't surprise me?
"They actual hurl through the sky at a qhick pace."
Erm, they do? Relative to *what*, exactly?
"if you were sitting on the sattelite, the time would still be wrong."
What is "the" time?
/me thinks someone missed the point of relativity. Try again.
Two options:
e for "APNIC", and refuse connection to all the relevant netblocks.
:)
a) man procmailrc, drop it there
b) grep http://www.iana.org/assignments/ipv4-address-spac
I do both. I don't get *Korean* spam any more
a) Dual-license it so companies who want to nick it for their own purposes and not release modifications have to sign a different agreement with you at some significant cost
:)
b) have a consultancy business around the product specialising in easing installations and customization (with after-installation support an optional block cost)
c) sell t-shirts, caps, charge for shipping CDs with software on.
d) found a co-operative of several like-minded or related companies who want to advertise on your web-space
these are just ottomh. A little imagination might provide a few more
Which bit of VC / CVS-mode have you not used?
Emacs is currently keeping my job sane - I get patches in the mail every day, have to save out, gunzip, and apply and commit them. I can do all this with emacs, Gnus, Ediff-mode and vc-mode - and most importantly I don't have to leave my environment to run gunzip in a shell.
"It appears to me that Donna Dubinsky's announcement was a mistake. The expensive phone/PDA Treo has not sold well, probably simply because it is expensive and times are tough right now."
;) ;)
As soon as they produce something combining GPRS, Bluetooth, PDA (incl web-browser) and phone all at once - ideally with radio, mp3 player and GPS as a very optional extra - I'll be interested.
I don't mind something a little bit bulkier but I do hate having to take my pick of a set of features.
Oh, and if they're going to use expansion boards for things, make it possible to use 2 or more at once?
Example: I've got two nokia phones - both have GPRS (which I only use on one), one has bluetooth and the other has a radio (I now prefer internet radio instead
Give me *lots* of toys all in one!
I've cancelled more ISP agreements than I care to remember in the past 18 months.
First, we have the (UK-based) 0800 dialup provider, with whom I signed up for trial purposes. Then a few short weeks later, they went and switched me to the real full service - and in the process, managed to delete information of both accounts, trial and real. On a Friday night. And they all buggered off back home for the weekend.
By Monday morning, I'd *long*-since signed up with Demon, if only to get myself back online.
Then we have Freeserve; I was one of the original folks who really liked the idea of an "unlimited" 24x7 dialup number - what was it called, "Freeserve AnyTime"? Anyway, they went and changed the T+Cs on me without giving me the statutory 30 days' written notice that was an integral part of the T+Cs originally. And I *object* to their policy of changing the T+Cs - basically it introduced a "we can cut you off for overuse despite you using what you signed up for" clause.
So I pulled the direct-debit out from under their feet. Fortunately, the day afterwards I got an email saying the DD had been refused by my bank - to which I replied saying "surprise!".
And they had the cheek to reply saying they might send someone around to extract "any outstanding amount". The reply to that was short and sweet: "expect to be sued for wear and tear on the baseball bat". Contract breakers suck.
Face it: telcos and ISPs all suck. All software sucks. All hardware sucks. The best you can do is dream of taking up running a hotel on the isle of Skye.
I saw quite a few ads - xbox included. Still surprised that there aren't more of them, though.
Duh. Yet another "oh look the DUL is wonderful" idiot.
Hint: No it's not. Any ISP that actively blocks its users from receiving mail just because they have some stupid carpet-ban of a rule that "all dialup users are evil" will never receive a penny of support from me, for censorship grounds.
Wake up, smell the coffee - settling for using some isp-provided "smart"host is pandering to the DUL. Die die die.
OK, so I see you've refined from "OS" down to "desktop OS". Let's not forget that's a very big jump.
What I really object to, however, is the idea that Gnome and KDE are necessary for a desktop. Having experienced both for a fairly long while, I currently neither use nor need neither. And I have a GUI as well - I'm posting this in mozilla with a simple X + fluxbox environment.
I also think it's horribly unfair to label Gnome and KDE part of some mythical "linux" - don't forget that these things are open-source for a reason, namely that other *OS*s can -and do- port them to the rest of their userspaces. You're doing those project members who use non-Linux environments a disservice.
IOW, make finer distinctions between your "packages" at a lower level. What we really *have*, damned politicians aside, is a linux kernel as distinct from any other, a GNU-based userspace, an X Windowing System, and some complete suites of "desktop environments" bolted on the top (to say nothing of the utility of Gnome as a programming API...). *Think* about the precision in my pedanticism in the previous sentence, please!
"What part of Linux is the OS anyway? Is it the underlying kernel that provides support for your hardware and devices? Is it the set of GNU system tools and utilities that you use to maintain your system? Is it the window manager and desktop shell? "
It can only be the kernel, otherwise you don't have linux, do you?
I've seen a lot of RMS-bashing concerning the leading "GNU/" in `GNU/Linux', but don't forget, he's 100% right to specify where the userspace and the OS come from, and everyone else is 100% idiot to separate "userspace" into commandline versus GUI for some arbitrary reason.
"This carpet bombing of people with advertisements makes everyone immune to the message after a while and as a result the ads do not have the desired effect."
Well said. In my case, I still *watch* adverts - at least when they're not so repetitive I get bored after a weekend of having the telly on - but only for the pretty-picture, childish humour or nice music factors. It's a matter of personal principles that I won't buy something as a result of an advert.
How's about this for an idea: Make an online shopping portal with a mark-up to account for programming?
Agreed entirely - I don't think I've ever had an email virus, and if I did I wouldn't worry all that much - we have procmail...
And the plural of "virus" is simply "viruses". It's a perfectly good English word, so you don't have to foul up the language for pretentious bogo-Latin reasons.
Hey, not to worry, it only adds to the crud we see on slashdot...
And *neither* quote is particularly news-worthy, IMO.
a) linux-is-not-piracy is remarkably boring. There's a dictionary at , go figure.
b) linux-is-a-means-for-software-engineering is still wrong, it's a frigging OS kernel, deal with it.
One word: duh.