Hey, I worked for years for a manufacturer of MAC hardware, I actually maintained several Linux Ethernet kernel drivers for a few years. It's not polite to call people who have a clue "noobs" just because they missed the period at the end of the sentence. I'm not even a native English speaker. It's slashdot, for crying out loud.
I'm lucky to have worked with and for Intel's ethernet linux driver group. All of intel's gigabit ethernet is autosensing... it was a tough ordeal actually finding a crossover cable:)
Yes, but you're assuming that any and all possible bots running on the machine will not be capable of hiding for a local wireshark process running on the windows machine.
That's probably a reasonable assumption, until you encounter one that does exactly this...
You don't need a HUB at all. Linux bridging allows you to use two ports on a system 'as a HUB', while still providing you with the ability to tcpdump a port on the bridge. You just add both interfaces to your bridge and stick the linux bridge in between the real router and the infected machine. Only thing needed is a linux system with 2 physical ethernet ports.
ONLY if "The Apple Store" also provides the source code to all the customers who obtain a copy of the binary.
this may be an unexpected surprise for apple. Since they are the one distributing the software to the Phones, they just got suckered into a nightmare. It wouldn't surprise me if Apple's distribution model would actually not allow Apple to be obligated to distribute something like this, due to it's clauses, and Apple would have no recourse but to take all GPL based software away from the iPhone store.
This issue has much more to it than "yes, it's OK" - it directly puts Apple as a GPL software distributor in a potentially nasty spot.
why not? this is how many armies train soldiers - punish the entire team for the misconduct of one person in it. It works great: the entire team will beat up everyone who crosses the line for doing this. And it's a lot better and cheaper in the long run.
Actually, the US can have him extradited and convicted even if he didn't commit any act on US soil. Just look what happened to the UK hacker that got extradited, and the fellows who were claiming political asylum in the US for something they did outside the US.
Endangering the economic well-being of americans will likely not go unpunished, especially if amongst those are lobbyists, military personnel, etc.
not store any data at all locally, which is generally faster and uses less battery power etc. (than whole disk encryption).
Since he doesn't care about losing the system, not having any data on it would guarantee that he'd never lose any real data. Whole disk encryption would just invite him to store "some" data on the netbook.
The way the UI presents all the hardware to the user is independent from the implementation. A clean and segmented implementation allows for better maintenance, security, readability and a lot more benefits than a monolithic approach
I'm not saying sugar is bad, but the *implementation* certainly seems to be not looked into properly. For a system this complex, it should have been split up more.
KGI replaces X, KMS only implements the hardware-specific parts in the kernel, while keeping the entire Xorg userspace (the real "graphics" parts) in userspace.
Every X API allowed the user to insert possibly bad data into the Xserver, possibly exploiting the suid root bit by forcing a buffer overflow/underrun etc.
Imagine how many X API's there are, and all of them result with user data ending up in root memory space. Local root exploits could be anywhere in any X library.
There are, but vastly outnumbered by the number of possible attacks on the typical windows desktop system.
Windows desktops are not just an easy target, they're more diverse, numbered and aren't all run by Joe Hacker.
Exploiting one windows system means you can exploit maybe billions worldwide. Exploit one linux box and you have the technology to maybe exploit a few thousand more at best. Diversity interestingly here makes Linux inherently more secure.
Not necessarily, it points out that consultants (often independent companies) are wrongly evaluating software contract offers.
That's a big problem, not just for Microsoft, but especially for large organizations and the companies that evaluate these offers for them. No bashing there.
"we'll let this nuclear bomb just explode and make sure there's no one near it."
Nice attitude:)
how do you guarantee your data on that box to be secure if you know it's been compromised? I hope you do not work for any company that I use services from:o
Maybe it's a strength that Linux is used less. That results in a lower cost of ownership overall for organizations "right now". In the far future, this could change obviously, but nothing suggests that this cost will be larger than that of Microsoft implementations, not by any margin, not any time soon.
So, as fundamentally correct as your point may be, the story "beats" you because it points out that Closed Source is misrepresenting a lower TCO by not accounting for security issues with the entire solution.
Close source solution offers "skip over" the windows virus/malware problem, Open Source has a clear answer to it now, and likely in the future. Large contracts should be made evaluating these things thoroughly, and include a real assessment of the validity of these offers, and not just take Joe I.T. Contractor's word for it.
Slashdot Mirror
That doesn't mean that it works properly on every ethernet card. Cheap vendors are notorious for omitting parts of the spec. Oops.
Hey, I worked for years for a manufacturer of MAC hardware, I actually maintained several Linux Ethernet kernel drivers for a few years. It's not polite to call people who have a clue "noobs" just because they missed the period at the end of the sentence. I'm not even a native English speaker. It's slashdot, for crying out loud.
I'm lucky to have worked with and for Intel's ethernet linux driver group. All of intel's gigabit ethernet is autosensing... it was a tough ordeal actually finding a crossover cable :)
Yes, but you're assuming that any and all possible bots running on the machine will not be capable of hiding for a local wireshark process running on the windows machine.
That's probably a reasonable assumption, until you encounter one that does exactly this...
but then you are not bridging, but routing, which is significantly different.
if you're paranoid, sure. Don't use this method to 'snoop' data where you are not allowed.
For a sysadmin, this is a great way to isolate a machine without touching it. I doubt a botnet is smart enough to detect MAC address changes...
You don't need a HUB at all. Linux bridging allows you to use two ports on a system 'as a HUB', while still providing you with the ability to tcpdump a port on the bridge. You just add both interfaces to your bridge and stick the linux bridge in between the real router and the infected machine. Only thing needed is a linux system with 2 physical ethernet ports.
but
ONLY if "The Apple Store" also provides the source code to all the customers who obtain a copy of the binary.
this may be an unexpected surprise for apple. Since they are the one distributing the software to the Phones, they just got suckered into a nightmare. It wouldn't surprise me if Apple's distribution model would actually not allow Apple to be obligated to distribute something like this, due to it's clauses, and Apple would have no recourse but to take all GPL based software away from the iPhone store.
This issue has much more to it than "yes, it's OK" - it directly puts Apple as a GPL software distributor in a potentially nasty spot.
it takes ONE MIRROR to break this system.
good luck.
why not? this is how many armies train soldiers - punish the entire team for the misconduct of one person in it. It works great: the entire team will beat up everyone who crosses the line for doing this. And it's a lot better and cheaper in the long run.
Actually, the US can have him extradited and convicted even if he didn't commit any act on US soil. Just look what happened to the UK hacker that got extradited, and the fellows who were claiming political asylum in the US for something they did outside the US.
Endangering the economic well-being of americans will likely not go unpunished, especially if amongst those are lobbyists, military personnel, etc.
"I have just moved overseas on a 2-year working holiday visa"
gimme one of those!!!
not really, a serious alternative exists:
not store any data at all locally, which is generally faster and uses less battery power etc. (than whole disk encryption).
Since he doesn't care about losing the system, not having any data on it would guarantee that he'd never lose any real data. Whole disk encryption would just invite him to store "some" data on the netbook.
The way the UI presents all the hardware to the user is independent from the implementation. A clean and segmented implementation allows for better maintenance, security, readability and a lot more benefits than a monolithic approach
I'm not saying sugar is bad, but the *implementation* certainly seems to be not looked into properly. For a system this complex, it should have been split up more.
I use Nmap in an enterprise environment to scan 3 /16 networks (all ports). Do you?
you poor bastard.
I had the sad experience of working on a single /16 network once for a few years. Well, obviously not much "worked" well.
With 3 /16 networks, your life must be hell. I wouldn't trust any of the code you wrote :).
KGI replaces X, KMS only implements the hardware-specific parts in the kernel, while keeping the entire Xorg userspace (the real "graphics" parts) in userspace.
Every X API allowed the user to insert possibly bad data into the Xserver, possibly exploiting the suid root bit by forcing a buffer overflow/underrun etc.
Imagine how many X API's there are, and all of them result with user data ending up in root memory space. Local root exploits could be anywhere in any X library.
Yes, DRI access is done through /dev/dri* and works correctly.
http://en.wikipedia.org/wiki/Parable_of_the_broken_window
There are, but vastly outnumbered by the number of possible attacks on the typical windows desktop system.
Windows desktops are not just an easy target, they're more diverse, numbered and aren't all run by Joe Hacker.
Exploiting one windows system means you can exploit maybe billions worldwide. Exploit one linux box and you have the technology to maybe exploit a few thousand more at best. Diversity interestingly here makes Linux inherently more secure.
they should, and I expect companies like redhat, novell etc. to include auditing and monitoring in their service contracts.
Not necessarily, it points out that consultants (often independent companies) are wrongly evaluating software contract offers.
That's a big problem, not just for Microsoft, but especially for large organizations and the companies that evaluate these offers for them. No bashing there.
"we'll let this nuclear bomb just explode and make sure there's no one near it."
Nice attitude :)
how do you guarantee your data on that box to be secure if you know it's been compromised? I hope you do not work for any company that I use services from :o
Maybe it's a strength that Linux is used less. That results in a lower cost of ownership overall for organizations "right now". In the far future, this could change obviously, but nothing suggests that this cost will be larger than that of Microsoft implementations, not by any margin, not any time soon.
So, as fundamentally correct as your point may be, the story "beats" you because it points out that Closed Source is misrepresenting a lower TCO by not accounting for security issues with the entire solution.
Close source solution offers "skip over" the windows virus/malware problem, Open Source has a clear answer to it now, and likely in the future. Large contracts should be made evaluating these things thoroughly, and include a real assessment of the validity of these offers, and not just take Joe I.T. Contractor's word for it.
TCP is so horrible. I wish HTTP used UDP by default so I wouldn't have the pro