By taking this initiative, RedHat has brought some corporate muscle behind the fight of the SSSCA. Before now, it is all private citizens writing letters to their representatives, but now that there is a major corporate backer, the anti-SSSCA movement will go further, and more representatives will pay attention to it. As a corporation, RedHat can also provide some solid technical reference, details that a Congressman or Congresswoman would be able to better understand, and be more likely to pay attention to than what Joe Linux User says about copyright protection technology.
This guy makes several good arguments for *BSD, mainly, the difference between *BSD and Linux for the desktop. Many people think that *BSD is only the shell, but GNOME and KDE can be compiled on it just as easily as on Linux, no compatability code needed. Also, his point about.NET is a good one, that Microsoft is just using it as buzzword VaporWare to name whatever the new latest and greatest product that will "change the world".
This has its advantages for several different Operating Systems:
MacOS 8.x, 9.x Now your Mac can freeze 3.2 seconds faster than before, giving a higher liklihood of killing something important you're working on.
MacOS X The GUI will still crawl, but the awful flicker of DVD's (only applies to X.1) will be fast enough just to make you think your refresh rate is 60Hz, even on an LCD.
YellowDog/Mandrake/LinuxPPC If OpenFirmware doesn't freak out, and you actually CAN boot, your Mac will run a little quicker, which means you can compile kernel 1.6.x 30% faster!
If M$ were to take out the popup functionality, or even keep it off the default configuration, it would certainly kill these crappy advertising campaigns, but cause a few problems. Web app sites would have to be re-designed to some degree, so yes, M$ would be shooting their ASP and.NET initiative somewhat in the foot, but not too bad. As useful as popups are to leet JavaScript advertisement coders, they do serve a legitimate purpose.
Of course...if enough of them popped up, you would just run out of RAM.:-)
Like the beginning of the universe, the tech industry started with a bang. All little pieces, over time, coming together to form major entities.
So, it has come to this:
Consumer PC's I think its obvious here. Compaq, Dell, Microsoft. All have gobbled up smaller companies, or have significant stake in them (AHEM, Apple..) and are not facing any serious threat.
Internet OK, it's pretty clear that AOL is running the show here, but lots of people like their broadband (even if they use it to access AOL). Enter @Home. Great concept, poor implementation. Seems that all of our little @Homes are being gobbled up by large compaines (in this case AT&T). I hate to say it, but we're all becoming slaves to big telecom (Yeah, yeah I know, Troll).
Government The laws of physics in our tech-universe-explosion. Government says what stays and what goes. Now with the appearance of the SSSCA (sigh), we're leaning toward a AOL-MS planet. ("You've got mail! Enter your 29-digit license key to continue!"). Sickening.
Linux/OSS The distant relative that moves in with Microsft and overstays its welcome. Finally kicked out of the house when caught stealing money, but has stolen enough to buy its own house.
Splash some mercury on the table, and watch it all come together. Model of the tech industry.
WAP and WML are such a cool concept. Think of it, the ability to access any information available on the internet, on your cell phone! However, people see that it costs too much ($10 per month), and they realize that text on a cell phone looks like DOS running on a 9" monitor. So, it appears that WAP/WML is going the way of Clear Pepsi (you remember that stuff). Great concept, cool advertising campaign, but, when the reality struck people, it was too much to handle.
It's not a crisis until leet kiddies have a tool they can use to exploit your box. A truly leet haxor is not interested in your box, but rather those of major governments.
It's the kiddie-fear mentality. Yes, script kids are dangerous, even though all they can do is type./exploit your.host.name and get a root shell. They have no idea about packet timing or anything. It's nothing to fear.
This problem is easy to fix, use PKI or type randomly. I don't know if it even deserved a SecurityFocus article, let alone a Slashdot plug. Just a simple warning will do.
--Ted
Cool stuff you can do cheap with Linux
on
Linux Win In Schools
·
· Score: 2, Interesting
Here are a few cool things you can do with Linux for just the cost of the hardware.
1. Diskless art terminals: ThinkNIC (www.thinknic.com) has a wonderful product, a diskless internet workstation. Use some technical knowledge, and you can run GIMP from a server with Remote X, get 4 or 5 of these things at $300 each, and you've got a graphics lab for under $5,000.
2. Web Terminals: I don't mean to be plugging the ThinkNIC (no, I don't work there), but you can use it as a web terminal, placed strategically, like in a student rec center, where kids can surf or check e-mail.
3. Administrative Management: If you're skilled with PHP, and don't want to spend any cash on a competitive product, you can whip up a grades management system or something of that nature with just a dash of MySQL.
4. Haxor Checks: I admin at a private high school, and we just got a donation of about 50 Pentium-133 computers, complete with 2GB drive and 10/100 NIC. So, I set up Snort and SSH on about 10 of them, and put them in the basement of our dorms, sniffing for haxor activity.
5. FreeMail: I don't know if that word is copyrighted, but if you replace MS Exchange (which alot of schools have) with Sendmail or Qmail, you can save quite a bit of cash.
6. Critical Services: Who says you need WindowsNT for a DHCP or DNS server? Linux! A small to mid sized school can run a DNS and DHCP server on one underpowerd box, say a Pentium-100.
7. Support Windows 9x: If you sit down with Samba for a while, you can make it do everything you could need it to do. I have Samba set up as a Primary Domain Controller, and this computer holds all my home directories for the whole school.
What it all boils down to This is what I have saved with Linux:
3 Windows2000 Server Licenses. (DHCP/DNS Server, Primary Domain Controller, Exchange Server)
1 Microsoft Exchange Server License
5 Windows98 Licenses (ThinkNIC's in the art labs)
5 Adobe Photoshop Licenses (Replace with GIMP)
$2000x5 = $10,000 (Replaced actual $2,300 PC's with ThinkNIC's)
1 Microsoft Proxy Server License (Replaced with Squid)
We make students sign a contract before we work on their PC, that if it is damaged, they assume all liability. We technically have no staff to fix student PC's, our IT staff manages lab computers and servers. Student computers are not our responsibility.
Full disclosure, although it sounds like a dangerous idea, is perhaps the most effective manner for preventing attack.
It becomes a double-edged sword, when you release a vulnerability, who will get to it first, the vendor or the crackers?
Scenario 1: Crackers take charge. OK, for the sake of argument, let's say eEye discovers a remote root in IIS. They release the vulnerability specifics, and as soon as they do so, a cracker creates an exploit, and before you know it, it's the hottest thing on Packetstorm. The attacks spread rampant, but by this time, Microsoft has gotten wind of the threat, and released a patch. Thousands of boxen are patched by admins who keep up with the news, however thousands remain unpatched, and many have been cracked. Over the course of a few months, things get ironed out, cracked boxes get fixed, security patch is propogated everywhere.
Scenario 2: The Secret Vulnerability The same vulnerability, discovered by eEye, instead of being released to the public, is released to Microsoft only. Microsoft creates a patch, and puts it on the internet. Few admins apply it, because there is no huge hype about a massive attack wave. This leaves a massive amount of servers open to attack. Then, out of the blue, a cracker discovers the same exploit, and writes the code to exploit it. Script kiddies everywhere are rooting IIS boxen. The threat spreads vigorously, all the while, MS claims plausibly deniability, because they already released a patch.
The Skinny: Why one is better The second scenario is somewhat similar to the CodeRed situation. MS released a patch for the bug long before the worm spread, and people never expected it. When the wave hit, many admins flocked to the MS update site, and patched their boxen. It uses the media to propogate information about the vulnerability.
This is why CodeRed spread so fast, because there were fewer patched boxes. If more boxes had been patched, the spread would be less severe.
The point I am trying to make here is that we must sacrifice a certain amount of servers to any given bug before it is eliminated. The patching-frenzy is triggered by the massive infection. Such a necessity for a patch must be created for it to be propogated fully.
I hope this is understandable, for I still may be an idiot, I have yet to confirm.
--Ted
Similar Problems
on
Dorm Storm?
·
· Score: 4, Informative
I admin for a private high school in Connecticut, and I get this problem every year. Kids already have a NIC, but it's not set up right. Or something else obscure doesn't work. Here are a few helpers to get you through the mad rush.
1. Hire help. Cheap help. Go to the local high schools, and offer $50 bucks and pizza for a day of installing NIC's. Get tech-savvy students(duh).
2. Insist that your job is *only* setting them up on the network. If it doesn't work on the first plug, move on and come back to that person later.
3. Use only one type of NIC. I use 3Com 3C-905B cards. Carry a driver diskette with you.
4. Never help anyone with a Compaq Presario. They are a nightmare. Corollary: If you get suckered into helping anyone with a Presario, never, ever, call Compaq Tech Support asking for a recovery disk.
5. Set up a help desk site with common problems and solutions. Easy with PHP or something.
6. If students are savvy enough to do their own stuff, by all means, let them. This means anyone running Linux, so just give them the NIC, and tell them to have fun.
7. Block outgoing P2P. It will save you lots of bandwidth.
8. Use 10-Mbit hubs or switches in your dorms. This will keep the rest of your network (100Mbit?) nice and tidy from P2P traffic.
9. Keep a close eye on possible haxors. You know how to identify them, the kids who bring their own Cisco routers to school. They're the ones who are going to bring down your gateways.
10. Breathe. Just take it easy, and remember, they're only computers.
If you want to tinker with Linux on a game set-top box, get a Dreamcast. Althought the PS2 is a cool thing, use it for games. That's what it's made for.
--Ted
OK, Let the flames roll. I'll do you all a favor, my e-mail address is Ted.Dziuba@cheshireacademy.removethisbeforesending.org. Have any of you actually used OSX? I mean really? This is becoming the "Shiny Things OS". Let's face reality. The OS wars are over. Microsoft won. Let's look at OSX for a moment. It's all fine and dandy in its own little twisted reality of the Mac hardware platform. They can pretend to be important if they like, that's just fine. Next, onto Linux. There is a good reason that it is free. The IT industry wants things done right, and they want it done yesterday. Everything has to be compatible with what your clients are using. NT is the answer, folks. Linux is just a toy for those IT geeks who want to "be different". It takes a degree in computer science to do something on a Linux box that it takes a ten year old to do on NT. Come on people, this is reality here.
Flames. Yummy.
(Bring it, I'm the admin.)
Ted
Slashdot Mirror
By taking this initiative, RedHat has brought some corporate muscle behind the fight of the SSSCA. Before now, it is all private citizens writing letters to their representatives, but now that there is a major corporate backer, the anti-SSSCA movement will go further, and more representatives will pay attention to it. As a corporation, RedHat can also provide some solid technical reference, details that a Congressman or Congresswoman would be able to better understand, and be more likely to pay attention to than what Joe Linux User says about copyright protection technology.
Mod +1:Interesting.
The lovely Flame12 is new to the whole Slashdot thing, and I think we should start her off with a little bit of Karma?
This guy makes several good arguments for *BSD, mainly, the difference between *BSD and Linux for the desktop. Many people think that *BSD is only the shell, but GNOME and KDE can be compiled on it just as easily as on Linux, no compatability code needed. Also, his point about .NET is a good one, that Microsoft is just using it as buzzword VaporWare to name whatever the new latest and greatest product that will "change the world".
Where would leet script kiddie haxors be without the pipe? It is the backbone of |33+5p33|
This has its advantages for several different Operating Systems:
MacOS 8.x, 9.x Now your Mac can freeze 3.2 seconds faster than before, giving a higher liklihood of killing something important you're working on.
MacOS X The GUI will still crawl, but the awful flicker of DVD's (only applies to X.1) will be fast enough just to make you think your refresh rate is 60Hz, even on an LCD.
YellowDog/Mandrake/LinuxPPC If OpenFirmware doesn't freak out, and you actually CAN boot, your Mac will run a little quicker, which means you can compile kernel 1.6.x 30% faster!
If M$ were to take out the popup functionality, or even keep it off the default configuration, it would certainly kill these crappy advertising campaigns, but cause a few problems. Web app sites would have to be re-designed to some degree, so yes, M$ would be shooting their ASP and .NET initiative somewhat in the foot, but not too bad. As useful as popups are to leet JavaScript advertisement coders, they do serve a legitimate purpose.
:-)
Of course...if enough of them popped up, you would just run out of RAM.
Like the beginning of the universe, the tech industry started with a bang. All little pieces, over time, coming together to form major entities.
So, it has come to this:
Consumer PC's I think its obvious here. Compaq, Dell, Microsoft. All have gobbled up smaller companies, or have significant stake in them (AHEM, Apple..) and are not facing any serious threat.
Internet OK, it's pretty clear that AOL is running the show here, but lots of people like their broadband (even if they use it to access AOL). Enter @Home. Great concept, poor implementation. Seems that all of our little @Homes are being gobbled up by large compaines (in this case AT&T). I hate to say it, but we're all becoming slaves to big telecom (Yeah, yeah I know, Troll).
Government The laws of physics in our tech-universe-explosion. Government says what stays and what goes. Now with the appearance of the SSSCA (sigh), we're leaning toward a AOL-MS planet. ("You've got mail! Enter your 29-digit license key to continue!"). Sickening.
Linux/OSS The distant relative that moves in with Microsft and overstays its welcome. Finally kicked out of the house when caught stealing money, but has stolen enough to buy its own house.
Splash some mercury on the table, and watch it all come together. Model of the tech industry.
WAP and WML are such a cool concept. Think of it, the ability to access any information available on the internet, on your cell phone! However, people see that it costs too much ($10 per month), and they realize that text on a cell phone looks like DOS running on a 9" monitor. So, it appears that WAP/WML is going the way of Clear Pepsi (you remember that stuff). Great concept, cool advertising campaign, but, when the reality struck people, it was too much to handle.
It's not a crisis until leet kiddies have a tool they can use to exploit your box. A truly leet haxor is not interested in your box, but rather those of major governments.
./exploit your.host.name and get a root shell. They have no idea about packet timing or anything. It's nothing to fear.
It's the kiddie-fear mentality. Yes, script kids are dangerous, even though all they can do is type
This problem is easy to fix, use PKI or type randomly. I don't know if it even deserved a SecurityFocus article, let alone a Slashdot plug. Just a simple warning will do.
--Ted
Here are a few cool things you can do with Linux for just the cost of the hardware.
1. Diskless art terminals: ThinkNIC (www.thinknic.com) has a wonderful product, a diskless internet workstation. Use some technical knowledge, and you can run GIMP from a server with Remote X, get 4 or 5 of these things at $300 each, and you've got a graphics lab for under $5,000.
2. Web Terminals: I don't mean to be plugging the ThinkNIC (no, I don't work there), but you can use it as a web terminal, placed strategically, like in a student rec center, where kids can surf or check e-mail.
3. Administrative Management: If you're skilled with PHP, and don't want to spend any cash on a competitive product, you can whip up a grades management system or something of that nature with just a dash of MySQL.
4. Haxor Checks: I admin at a private high school, and we just got a donation of about 50 Pentium-133 computers, complete with 2GB drive and 10/100 NIC. So, I set up Snort and SSH on about 10 of them, and put them in the basement of our dorms, sniffing for haxor activity.
5. FreeMail: I don't know if that word is copyrighted, but if you replace MS Exchange (which alot of schools have) with Sendmail or Qmail, you can save quite a bit of cash.
6. Critical Services: Who says you need WindowsNT for a DHCP or DNS server? Linux! A small to mid sized school can run a DNS and DHCP server on one underpowerd box, say a Pentium-100.
7. Support Windows 9x: If you sit down with Samba for a while, you can make it do everything you could need it to do. I have Samba set up as a Primary Domain Controller, and this computer holds all my home directories for the whole school.
What it all boils down to
This is what I have saved with Linux:
3 Windows2000 Server Licenses. (DHCP/DNS Server, Primary Domain Controller, Exchange Server)
1 Microsoft Exchange Server License
5 Windows98 Licenses (ThinkNIC's in the art labs)
5 Adobe Photoshop Licenses (Replace with GIMP)
$2000x5 = $10,000 (Replaced actual $2,300 PC's with ThinkNIC's)
1 Microsoft Proxy Server License (Replaced with Squid)
I hope this gives you guys some ideas.
--Ted
We make students sign a contract before we work on their PC, that if it is damaged, they assume all liability. We technically have no staff to fix student PC's, our IT staff manages lab computers and servers. Student computers are not our responsibility.
Full disclosure, although it sounds like a dangerous idea, is perhaps the most effective manner for preventing attack.
It becomes a double-edged sword, when you release a vulnerability, who will get to it first, the vendor or the crackers?
Scenario 1: Crackers take charge. OK, for the sake of argument, let's say eEye discovers a remote root in IIS. They release the vulnerability specifics, and as soon as they do so, a cracker creates an exploit, and before you know it, it's the hottest thing on Packetstorm. The attacks spread rampant, but by this time, Microsoft has gotten wind of the threat, and released a patch. Thousands of boxen are patched by admins who keep up with the news, however thousands remain unpatched, and many have been cracked. Over the course of a few months, things get ironed out, cracked boxes get fixed, security patch is propogated everywhere.
Scenario 2: The Secret Vulnerability The same vulnerability, discovered by eEye, instead of being released to the public, is released to Microsoft only. Microsoft creates a patch, and puts it on the internet. Few admins apply it, because there is no huge hype about a massive attack wave. This leaves a massive amount of servers open to attack. Then, out of the blue, a cracker discovers the same exploit, and writes the code to exploit it. Script kiddies everywhere are rooting IIS boxen. The threat spreads vigorously, all the while, MS claims plausibly deniability, because they already released a patch.
The Skinny: Why one is better The second scenario is somewhat similar to the CodeRed situation. MS released a patch for the bug long before the worm spread, and people never expected it. When the wave hit, many admins flocked to the MS update site, and patched their boxen. It uses the media to propogate information about the vulnerability.
This is why CodeRed spread so fast, because there were fewer patched boxes. If more boxes had been patched, the spread would be less severe.
The point I am trying to make here is that we must sacrifice a certain amount of servers to any given bug before it is eliminated. The patching-frenzy is triggered by the massive infection. Such a necessity for a patch must be created for it to be propogated fully.
I hope this is understandable, for I still may be an idiot, I have yet to confirm.
--Ted
I admin for a private high school in Connecticut, and I get this problem every year. Kids already have a NIC, but it's not set up right. Or something else obscure doesn't work. Here are a few helpers to get you through the mad rush.
1. Hire help. Cheap help. Go to the local high schools, and offer $50 bucks and pizza for a day of installing NIC's. Get tech-savvy students(duh).
2. Insist that your job is *only* setting them up on the network. If it doesn't work on the first plug, move on and come back to that person later.
3. Use only one type of NIC. I use 3Com 3C-905B cards. Carry a driver diskette with you.
4. Never help anyone with a Compaq Presario. They are a nightmare. Corollary: If you get suckered into helping anyone with a Presario, never, ever, call Compaq Tech Support asking for a recovery disk.
5. Set up a help desk site with common problems and solutions. Easy with PHP or something.
6. If students are savvy enough to do their own stuff, by all means, let them. This means anyone running Linux, so just give them the NIC, and tell them to have fun.
7. Block outgoing P2P. It will save you lots of bandwidth.
8. Use 10-Mbit hubs or switches in your dorms. This will keep the rest of your network (100Mbit?) nice and tidy from P2P traffic.
9. Keep a close eye on possible haxors. You know how to identify them, the kids who bring their own Cisco routers to school. They're the ones who are going to bring down your gateways.
10. Breathe. Just take it easy, and remember, they're only computers.
Hope this helps.
Ted (Ted.Dziuba@LEGIT_MAIL_PLZ.cheshireacademy.org)
"Quoth the Penguin, pipe grep more"
This message is encrypted with the English(tm) encryption algorithm. Any attempt to defeat this security will be prosecuted under the DMCA.
If you want to tinker with Linux on a game set-top box, get a Dreamcast. Althought the PS2 is a cool thing, use it for games. That's what it's made for. --Ted
Seriously, we don't need standard library routines. What use is printf() anyhow??
OK, Let the flames roll. I'll do you all a favor, my e-mail address is Ted.Dziuba@cheshireacademy.removethisbeforesending .org. Have any of you actually used OSX? I mean really? This is becoming the "Shiny Things OS". Let's face reality. The OS wars are over. Microsoft won. Let's look at OSX for a moment. It's all fine and dandy in its own little twisted reality of the Mac hardware platform. They can pretend to be important if they like, that's just fine. Next, onto Linux. There is a good reason that it is free. The IT industry wants things done right, and they want it done yesterday. Everything has to be compatible with what your clients are using. NT is the answer, folks. Linux is just a toy for those IT geeks who want to "be different". It takes a degree in computer science to do something on a Linux box that it takes a ten year old to do on NT. Come on people, this is reality here.
Flames. Yummy.
(Bring it, I'm the admin.)
Ted