... promote the general welfare...
>>Don't look to the government, you know they'll just screw it up.
Too true, but it is the responsibility of the government to not screw it up.
>>Accouting is the most convoluted, outrageous set of standards and priciples that anyone ever could have dreamed up.
Thanks. Without really understanding, I believe you. Now take a careful look at all the interfaces between pieces of computer systems. These include, as a smallish part, the automation of various rules, standards, etc of accounting. It's big, too big for any one entity to even keep up with it.
Re:.NET might be very good to us
on
Perl and .NET
·
· Score: 1
Some of us are stuck with Microsoft and are looking for a way out before Microsoft really screws us over.
http://www.landfield.com/isn/mail-archive/2000/Oct/0029.html
...
"We fixed dozens if not over a hundred of format string vulnerabilities," says Aaron Campbell, an OpenBSD developer. "At the time, no exploits for format string problems were available. It was easy to crash programs, but methods for gaining elevated privileges were not publicly known and at the time it was largely theoretical."
...
Despite the effort, crackers still found a way to break into a system. Tuesday the friend of an OpenBSD developer had his OpenBSD 2.7 machine compromised by an exploit of the operating system's "chpass" utility -- a Unix tool that lets users edit database information associated with their account. Somebody had gained root access, the Unix equivalent of system administrator-level control.
...
"Are we surprised? No," says DeRaadt. "Should we have spent time checking each for exploitability? No, that's not the role we can play. And we cannot release a patch for 800 bugs, which may or may not be exploitable. We'd look like jerks."
Campbell says Tuesday's scare reaffirmed his faith in aggressive audits. Even though the bug was not known to be exploitable during the original summer audit, the fact that they identified and fixed it gave them a chance to seek out similar bugs, shoring up future versions of OpenBSD.
----------------
Took a while, but searching though google, I finally found the reference. It stuck in my mind because even OpenBSD can be vulnerable.
Personally, I would love to see an open standard compatible with WordPerfect 4.2/5.1 before the evil hackers/whatever finally let loose an msword/internet-explorer virus that actually does some damage.
Beautiful hack, but probably cannot be repeated anymore. It requires that both the compiler and the login program come from the same place. Something as trivial as changing login to logon would be enough to break the hack and possibly expose it. The key to the hack is a backdoor in the binary that is not in the source.
Slightly off-topic. There is a very good reason to have backdoors. Much worse than being broken into is permanently locking yourself out.
I'm sure they are clever enough to hide weaknesses in code from you, and from me. I doubt very much that they are clever enough to hide weaknesses in code from everybody who reads and post to slashdot.
Without being a bit paranoid, I think you are right. Out of the box, the BSDs, particularly OpenBSD should be more secure, but there is more to be gained by securing Linux than by further securing one of the BSDs. Of course anything actually significant in Linux will be picked up by the BSDs, so OpenBSD will keep its place as the most secure. Oddly enough I expect one of the results of selinux will be more OpenBSD desktops.;)
I see that the astroturfers have some moderator points.
>>Microsoft is rapidly becoming irrelevant. They are to be simultaneously pitied and despised.
Whether anyone actually runs selinux or not, the resource is available. Judging from recent cracks of OpenBSD and security advisories from FreeBSD, the current state-of-the art is far from adequately secure. At least Linux and the BSDs are potentially securable.
>And the Corporation very much feeds on the Community.
Hehe. That's the critical point. The Media is aimed at people who pay money and _buy_ things. The idea that a more up-to-date and better supported version is available for free download doesn't really fit in with their world view. If it's not bungled too badly, everybody gains. It is very much to the advantage of the Corporation that the Community does well, very well. Someone better at writing than I may be able to explain the relationships, subtle and plural, but do not expect them to come from the Media.
>How is a slide rule superior to a scientific calculator?
Solving proportions. A/B = C/D with one of A,B,C,D an unknown. Immediate readout with no multiplication or division involved. Only slide-rule accuracy, but the knowns are not that accurate anyway.
Too many MS droids with moderator points.
You raise a scary scenario. Reality may well be worse.
Some observations from the LoveBug episode. It took Microsoft something like three (3) days to get anything searchable on their site, and what they put there was not particularly useful. Slashdot coverage was timely and informative enough to actually quickly fix a couple of hits, and Slashdot is neither a virus-alert nor a Microsoft site. If, ie when, disaster strikes, you want as many lines of communication open as possible, right, wrong, and indifferent. If the information is relevant, surely you verify or check more than one source.
When the LoveBug hit, it took something like 3 days for a search on microsoft.com to show even a mostly useless hit. Fortunately, Slashdot coverage was timely and informative enough to quickly clean up a couple of infected systems.
Cheap trick. Put something like 123@bad.news in your address book.
You are confusing return codes from programs (where 0 means ok and anything else an error status) with logic values (where 0 is false and any non-zero is true).
To add to the confusion, you can have a true, b true, and a&b false (binary 10 & 01).
--- my two bits worth.
>...enemies have resources and will keep what they develop a secret, before deploying it once.
With open source, the bugs are openly published and fixed. With closed source, methinks the enemy is keeping what it knows under its hat.
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Looks normal for first IDE controller.
Should also show:
hda: whatever is the master
hdb: whatever is the slave
ide0 at 0x14c0-0x14c7,0x14b6 on irq 11
Looks VERY STRANGE.
Expect something like
ide1 at 0x170-0x177,0x376 on irq 15
Use Windows to see what the hardware is.
... promote the general welfare ...
>>Don't look to the government, you know they'll just screw it up.
Too true, but it is the responsibility of the government to not screw it up.
>>Accouting is the most convoluted, outrageous set of standards and priciples that anyone ever could have dreamed up.
Thanks. Without really understanding, I believe you. Now take a careful look at all the interfaces between pieces of computer systems. These include, as a smallish part, the automation of various rules, standards, etc of accounting. It's big, too big for any one entity to even keep up with it.
Some of us are stuck with Microsoft and are looking for a way out before Microsoft really screws us over.
Maybe to salvage his leaked memory?
http://www.landfield.com/isn/mail-archive/2000/Oc
...
"We fixed dozens if not over a hundred of format string vulnerabilities," says Aaron Campbell, an OpenBSD developer. "At the time, no exploits for format string problems were available. It was easy to crash programs, but methods for gaining elevated privileges were not publicly known and at the time it was largely theoretical."
...
Despite the effort, crackers still found a way to break into a system. Tuesday the friend of an OpenBSD developer had his OpenBSD 2.7 machine compromised by an exploit of the operating system's "chpass" utility -- a Unix tool that lets users edit database information associated with their account. Somebody had gained root access, the Unix equivalent of system administrator-level control.
...
"Are we surprised? No," says DeRaadt. "Should we have spent time checking each for exploitability? No, that's not the role we can play. And we cannot release a patch for 800 bugs, which may or may not be exploitable. We'd look like jerks."
Campbell says Tuesday's scare reaffirmed his faith in aggressive audits. Even though the bug was not known to be exploitable during the original summer audit, the fact that they identified and fixed it gave them a chance to seek out similar bugs, shoring up future versions of OpenBSD.
----------------
Took a while, but searching though google, I finally found the reference. It stuck in my mind because even OpenBSD can be vulnerable.
Personally, I would love to see an open standard compatible with WordPerfect 4.2/5.1 before the evil hackers/whatever finally let loose an msword/internet-explorer virus that actually does some damage.
Beautiful hack, but probably cannot be repeated anymore. It requires that both the compiler and the login program come from the same place. Something as trivial as changing login to logon would be enough to break the hack and possibly expose it. The key to the hack is a backdoor in the binary that is not in the source.
Slightly off-topic. There is a very good reason to have backdoors. Much worse than being broken into is permanently locking yourself out.
I'm sure they are clever enough to hide weaknesses in code from you, and from me. I doubt very much that they are clever enough to hide weaknesses in code from everybody who reads and post to slashdot.
Without being a bit paranoid, I think you are right. Out of the box, the BSDs, particularly OpenBSD should be more secure, but there is more to be gained by securing Linux than by further securing one of the BSDs. Of course anything actually significant in Linux will be picked up by the BSDs, so OpenBSD will keep its place as the most secure. Oddly enough I expect one of the results of selinux will be more OpenBSD desktops. ;)
I see that the astroturfers have some moderator points.
>>Microsoft is rapidly becoming irrelevant. They are to be simultaneously pitied and despised.
Whether anyone actually runs selinux or not, the resource is available. Judging from recent cracks of OpenBSD and security advisories from FreeBSD, the current state-of-the art is far from adequately secure. At least Linux and the BSDs are potentially securable.
Hehe. Unfair. Windoze is hurting. Not enough aps.
Think of XML as LISP for COBOL programmers. ... ) instead of <thingee> ... </thingee>
LISP is a bit more concise with (thingee
You are almost a century off. Punched cards were first used in the 1890 US Census.
Not as dumb as just using one wing. Thanks for the reminder.
>And the Corporation very much feeds on the Community.
Hehe. That's the critical point. The Media is aimed at people who pay money and _buy_ things. The idea that a more up-to-date and better supported version is available for free download doesn't really fit in with their world view. If it's not bungled too badly, everybody gains. It is very much to the advantage of the Corporation that the Community does well, very well. Someone better at writing than I may be able to explain the relationships, subtle and plural, but do not expect them to come from the Media.
This is why it makes sense for the government to subsidize mass transportation.
>How is a slide rule superior to a scientific calculator?
Solving proportions. A/B = C/D with one of A,B,C,D an unknown. Immediate readout with no multiplication or division involved. Only slide-rule accuracy, but the knowns are not that accurate anyway.
Unprintable. Unspeakable. Unpublishable.
Too many MS droids with moderator points.
You raise a scary scenario. Reality may well be worse.
Some observations from the LoveBug episode. It took Microsoft something like three (3) days to get anything searchable on their site, and what they put there was not particularly useful. Slashdot coverage was timely and informative enough to actually quickly fix a couple of hits, and Slashdot is neither a virus-alert nor a Microsoft site. If, ie when, disaster strikes, you want as many lines of communication open as possible, right, wrong, and indifferent. If the information is relevant, surely you verify or check more than one source.
When the LoveBug hit, it took something like 3 days for a search on microsoft.com to show even a mostly useless hit. Fortunately, Slashdot coverage was timely and informative enough to quickly clean up a couple of infected systems.
Cheap trick. Put something like 123@bad.news in your address book.
You are confusing return codes from programs (where 0 means ok and anything else an error status) with logic values (where 0 is false and any non-zero is true).
To add to the confusion, you can have a true, b true, and a&b false (binary 10 & 01).
--- my two bits worth.
>...enemies have resources and will keep what they develop a secret, before deploying it once.
With open source, the bugs are openly published and fixed. With closed source, methinks the enemy is keeping what it knows under its hat.
This is why we need Open Source. Flame wars about GNU/BSD etc. licensing, software, etc. are minor irritants at worst.
Dark horse. Open Source and IBM.
Too important for any one company to dominate, particularly either of Microsoft or Sun.
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Looks normal for first IDE controller.
Should also show:
hda: whatever is the master
hdb: whatever is the slave
ide0 at 0x14c0-0x14c7,0x14b6 on irq 11
Looks VERY STRANGE.
Expect something like
ide1 at 0x170-0x177,0x376 on irq 15
Use Windows to see what the hardware is.