Here is the Changelog in all it's glory. Mostly security fixes.
If you need a more secured, more stable, even faster, better SMP support, IDE LBA48 support, LFS support, IPSec support, HTB support, IPVS support etc. enabled kernel with many more features and important fixes, please use my 2.2-secure tree. You may find more informations about it at http://www.wolk-project.de.
2.2.26
CAN-2004-0077: behave safely in case of do_munmap() failures in mremap(2)
CAN-2003-0984:/dev/rtc can leak parts of kernel memory to unprivileged users (2.4 backport)
CAN-2003-0244: hashing exploits in network stack (David S. Miller)
Embarrassing question (I am too lazy to look it up) - when did SCO buy their rights? I got my very first PC (a 386) second hand in 87 or 88 and it was preloaded with SCO Unix.
While I hope/assume that this is not really the case, AT&T's letter to IBM would be useless if they had actually previously assigned the rights to SCO.
I agree with that bit about 'viral' licences though. Who can now write programs for SCO Unix?
An anti-trust case ran against IBM for years until Reagan got in and his people made sure it got dropped (ring a bell?), I wonder what would happen if IBM really got into difficulties through this. The rules would probably be changed to protect the innocent:-)
C't reported the people to the police who arrested them. No-one got strung up. What is 'anti-democratic' about putting an 'unpopular minority' (trojan authors) at the mercy of the police? What the hell has this got to do with gay marriage?
I did not read the article online, but assume it is the same as was in the copy of C't which I read this morning.
This is not really 'vigilante justice', especially in the racist sense which some ACs below saw there. It was someone who was affected (if only when cleaning up someone else's computer) and took the trouble to see what the trojan could do and where it came from. He then went to the only organisation he could think of (C't) which was technically able to understand the problem and had the legal knowledge necessary.
Interesting was that companies like Symantec had also done the analytical work on the trojan(s) (and had posted the results) but had no interest in treating this problem at source (the ISS team). They make their money protecting computers from threats and not attacking those threats at source.
Randy Newman put that better over 30 years ago. Political Science Lyrics No one likes us-I don't know why We may not be perfect, but heaven knows we try But all around, even our old friends put us down Let's drop the big one and see what happens
We give them money-but are they grateful? No, they're spiteful and they're hateful They don't respect us-so let's surprise them We'll drop the big one and pulverize them
Asia's crowded and Europe's too old Africa is far too hot And Canada's too cold And South America stole our name Let's drop the big one There'll be no one left to blame us
We'll save Australia Don't wanna hurt no kangaroo We'll build an All American amusement park there They got surfin', too
Boom goes London and boom Paree More room for you and more room for me And every city the whole world round Will just be another American town Oh, how peaceful it will be We'll set everybody free You'll wear a Japanese kimono And there'll be Italian shoes for me
They all hate us anyhow So let's drop the big one now Let's drop the big one now
It was documented at the time, on paper. The terms it was couched in went along the lines of 'getting the Soviets into an arms race that would bankrupt them'.
SDI's technical aims - being able to knock down incoming missiles using ground-based lasers - were simply impossible. Chemical-based lasers would not have the power, the only way to do it would be with lasers powered by nuclear explosions. With the number of MIRVs the Soviets had, and assuming a 60% hit rate, the US would have nuked itself and probably have blown the planet out of orbit.
SCO (claiming to own copyrights to Un*x) says anything derivative of Unix (AIX in this case) becomes their IP Viral licences anyone? Arn't they Unamerican according to Darl?
SCO loses Yup, looks like Darl has found another way to lose.
I am sure you are right. I was just about to head off for a week and did not have the time (or inclination at that point - it was 23:40 local) to look it up.
There were linux benchmarks which made/. recently, comparing the speed of 32-bit code and 64-bit code on the Opteron. 32-bit code ran measurably faster.
That part is the most plausible bit of Safire's tale. Back in the 60's (I think, possibly the 50's), the French made the decision to go the nuclear way on their own. This entailed building a large number of nuclear reactors, something that was only economic for the energy-producing companies because they were heavily subsidised by the state.
Fast forward to the early 80's. The French were selling some of their excess electricity to German producers and obviously wanted to sell a whole lot more. The very last thing they wanted was for some cheap alternative to become available. That was the French interest. Reagan's interest was anything that would hurt the commies, especially after Afghanistan.
If this story is true, the Soviets bought the stuff in Canada. The chips were under an embargo so they could not buy them in the States legitimally.
fwiw, the pipeline was built and the world did not come to an end. Reagan also placed some restrictions on what US firms could sell to Europeans, something that led directly to the EU taking steps to become independent of US suppliers so that sort of thing can not happen again. I always got the impression that Airbus Industries were given more of a kick-start than they otherwise would have got for that reason. Airbus is now bigger than Boeing.
actually, the story sounds like a load of bull. Quite apart from anything else, it implies that French security sources exposed a valuable source to Mitterand who then exposed him to Reagan. That would have been insane, if you tell politicians then you are telling the world.
Re:Slashdotted Reuters?
on
SCO Offline
·
· Score: 1
mea culpa
Thanks for the other links (those Italian ones). I knew the beast was attacking port 80, but was very wrong about how it was going about that.
Re:Slashdotted Reuters?
on
SCO Offline
·
· Score: 1
Damn, found better links just after having posted: This is about XP and this is a referring page which shows how previous attacks could be blocked. M$ were warned and - demonstrating unbelieveable arrogance - ignored all warnings. Even now, a service pack changing this behaviour would probably reduce the effects of this sort of worm.
Re:Slashdotted Reuters?
on
SCO Offline
·
· Score: 2, Insightful
Did someone write a variant that went for www.reuters.com? Although they claim Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm..
Does anyone remember the article about Distributed Reflection Denial of Service from around 2 years ago? Quotating that one: I imagine that anyone reading this page is already well aware of my feelings regarding the deliberate and unnecessary inclusion of the raw socket API in a mass market consumer desktop PC. I am referring, of course, to the absolute insanity of Microsoft's inclusion -- and subsequent defense of -- the raw socket API in Windows XP.
While pedantic network experts, and Microsoft themselves, correctly argue that there are other ways to produce malicious Internet traffic, there is no easier way than through the use of raw sockets. The best way to earn users' trust is to deserve it. But deliberately incorporating this unnecessary facility into every Windows XP machine -- and essentially enabling it, by design, to become a malicious reflection attack generator -- makes a mockery of Microsoft's recent "Trustworthy Computing" rhetoric. We can always hope, as I fervently do, that Microsoft will recognize that it is not too late, and will remove raw sockets from XP during one of the product's continuous flow of patches and Windows Updates.
Microsoft really have brought this upon themselves. Sorry, but they were warned and deserve all they get. What this is about is: before XP, it was possible to recognise (and block) this sort of traffic at the routers.
The Airport should not be using a secure-protocol because the data is public, but the Airline may very well be. The other problem is: the url does not get displayed so something like www4 instead of www will be a problem to detect. Maybe I should view the page-source of the referring page and look for the offending java script.
Nice story that, I missed it the first time around. Comcast seem to have a history, but at least they did their best to clear up the mess they made.
The rules are the same here in Germany - once you have filed criminal charges, you cannot withdraw them. The prosecutor has to make their own decision to do this. I knew someone who was beaten up by her boyfriend. She went to the police and reported it. Later, she tried to get those charges withdrawn, the answer was NO. The guy had a history of domestic violence, the prosecutor's decision was absolutely correct, and that is a textbook example of why the complainant cannot withdraw charges themselves. For the record, she married someone else and moved to Central America with him.
Infuriatingly, a few of the sites I use rely on them.
If I want to reconfigure any of my ISP's settings, the menus come up as pop-ups
At least two of the sites I use to book airline tickets also require this (one - the one offering the best deals - did not work at all with Mozilla or Konq until recently, forcing me to use Netscape 4.7x)
My local airport's site also delivers some information via pop-up's.
X11's demise has meant that I can normally leave pop-ups activated, the business2.com site just forced me to deactivate them again.
Obviously Mozilla allows me to specify which sites are allowed to use pop-ups. For some reason, the airport and one of the airline-ticket sites do not work that way - even after restarting the browser.
I just tried it with Mozilla 1.5 under Linux and the file's name is ie.{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}Secunia_I nternet_Explorer%2Epdf which means Windows would probably ask you what application to open it with.
At work, they finally allowed Netscape 7.1 about 6 weeks ago. Before that, only clients announcing themselves as Netscape 4.7x were allowed through the proxy. Manipulating IE (is that even possible?) to pass itself off as any version of Netscape is a hanging offence. And so it should be:-)
OK, the ISS was not an option and the Atlanta was a pretty unlikely option. That explains why NASA subsequently said there had been no way of rescuing them.
We can reject throwing one or more of the crew overboard to save food/oxygen until Atlanta could get there.
Slashdot Mirror
NO WE DO NOT.
;-)
Flamewars are a menace and those who propagate them should be horsewhipped.
You too can be a volunteer - you can add the language support. I am sure the KDE crew would welcome your input.
Win2K only supports WINS in some 'compatability mode', don't know if XP supports it at all.
WINS is dying.
If you need a more secured, more stable, even faster, better SMP support, IDE LBA48 support, LFS support, IPSec support, HTB support, IPVS support etc. enabled kernel with many more features and important fixes, please use my 2.2-secure tree.
You may find more informations about it at http://www.wolk-project.de.
2.2.26
- CAN-2004-0077: behave safely in case of do_munmap() failures in mremap(2)
- CAN-2003-0984:
/dev/rtc can leak parts of kernel memory to unprivileged users (2.4 backport) - CAN-2003-0244: hashing exploits in network stack (David S. Miller)
- update_atime() performance improvement (2.4 backport) (Solar Designer)
- ability to swapoff after a device file might have been re-created
- MAINTAINERS correction for Kernel 2.2 and 2.2 fixes (me)
- fixed some typos (Solar Designer, me)
Sorry, had to edit that a bit to get it past the lameness filter. Most (all?) of the other patches here came from Solar Designer.Embarrassing question (I am too lazy to look it up) - when did SCO buy their rights? I got my very first PC (a 386) second hand in 87 or 88 and it was preloaded with SCO Unix.
:-)
While I hope/assume that this is not really the case, AT&T's letter to IBM would be useless if they had actually previously assigned the rights to SCO.
I agree with that bit about 'viral' licences though. Who can now write programs for SCO Unix?
An anti-trust case ran against IBM for years until Reagan got in and his people made sure it got dropped (ring a bell?), I wonder what would happen if IBM really got into difficulties through this. The rules would probably be changed to protect the innocent
C't reported the people to the police who arrested them. No-one got strung up. What is 'anti-democratic' about putting an 'unpopular minority' (trojan authors) at the mercy of the police? What the hell has this got to do with gay marriage?
I did not read the article online, but assume it is the same as was in the copy of C't which I read this morning.
This is not really 'vigilante justice', especially in the racist sense which some ACs below saw there. It was someone who was affected (if only when cleaning up someone else's computer) and took the trouble to see what the trojan could do and where it came from. He then went to the only organisation he could think of (C't) which was technically able to understand the problem and had the legal knowledge necessary.
Interesting was that companies like Symantec had also done the analytical work on the trojan(s) (and had posted the results) but had no interest in treating this problem at source (the ISS team). They make their money protecting computers from threats and not attacking those threats at source.
What is going to happen to ISS now?
Joan Vinge.
Her vision of the future was dominated by amoral corrupt corporations, hypocritical religion, by a class/caste system and by drug syndicates.
Then again, maybe that was just observation.
Randy Newman put that better over 30 years ago.
Political Science Lyrics
No one likes us-I don't know why
We may not be perfect, but heaven knows we try
But all around, even our old friends put us down
Let's drop the big one and see what happens
We give them money-but are they grateful?
No, they're spiteful and they're hateful
They don't respect us-so let's surprise them
We'll drop the big one and pulverize them
Asia's crowded and Europe's too old
Africa is far too hot
And Canada's too cold
And South America stole our name
Let's drop the big one
There'll be no one left to blame us
We'll save Australia
Don't wanna hurt no kangaroo
We'll build an All American amusement park there
They got surfin', too
Boom goes London and boom Paree
More room for you and more room for me
And every city the whole world round
Will just be another American town
Oh, how peaceful it will be
We'll set everybody free
You'll wear a Japanese kimono
And there'll be Italian shoes for me
They all hate us anyhow
So let's drop the big one now
Let's drop the big one now
Don't expect to have any allies. Raining that much destruction on Canada would probably render the US semi-inhabitable.
Actually, rain it on Mexico instead and it would be Texas which went down the tubes.
Yup, you are crazy.
It was documented at the time, on paper. The terms it was couched in went along the lines of 'getting the Soviets into an arms race that would bankrupt them'.
SDI's technical aims - being able to knock down incoming missiles using ground-based lasers - were simply impossible. Chemical-based lasers would not have the power, the only way to do it would be with lasers powered by nuclear explosions. With the number of MIRVs the Soviets had, and assuming a 60% hit rate, the US would have nuked itself and probably have blown the planet out of orbit.
SCO (claiming to own copyrights to Un*x) says anything derivative of Unix (AIX in this case) becomes their IP
Viral licences anyone? Arn't they Unamerican according to Darl?
SCO loses
Yup, looks like Darl has found another way to lose.
I am sure you are right. I was just about to head off for a week and did not have the time (or inclination at that point - it was 23:40 local) to look it up.
:-)
Vlad
There were linux benchmarks which made /. recently, comparing the speed of 32-bit code and 64-bit code on the Opteron. 32-bit code ran measurably faster.
no no no!
That part is the most plausible bit of Safire's tale. Back in the 60's (I think, possibly the 50's), the French made the decision to go the nuclear way on their own. This entailed building a large number of nuclear reactors, something that was only economic for the energy-producing companies because they were heavily subsidised by the state.
Fast forward to the early 80's. The French were selling some of their excess electricity to German producers and obviously wanted to sell a whole lot more. The very last thing they wanted was for some cheap alternative to become available. That was the French interest. Reagan's interest was anything that would hurt the commies, especially after Afghanistan.
temper, temper
If this story is true, the Soviets bought the stuff in Canada. The chips were under an embargo so they could not buy them in the States legitimally.
fwiw, the pipeline was built and the world did not come to an end. Reagan also placed some restrictions on what US firms could sell to Europeans, something that led directly to the EU taking steps to become independent of US suppliers so that sort of thing can not happen again. I always got the impression that Airbus Industries were given more of a kick-start than they otherwise would have got for that reason. Airbus is now bigger than Boeing.
actually, the story sounds like a load of bull. Quite apart from anything else, it implies that French security sources exposed a valuable source to Mitterand who then exposed him to Reagan. That would have been insane, if you tell politicians then you are telling the world.
mea culpa
Thanks for the other links (those Italian ones). I knew the beast was attacking port 80, but was very wrong about how it was going about that.
Damn, found better links just after having posted: This is about XP and this is a referring page which shows how previous attacks could be blocked. M$ were warned and - demonstrating unbelieveable arrogance - ignored all warnings. Even now, a service pack changing this behaviour would probably reduce the effects of this sort of worm.
Did someone write a variant that went for www.reuters.com? Although they claim Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm..
Does anyone remember the article about Distributed Reflection Denial of Service from around 2 years ago? Quotating that one: I imagine that anyone reading this page is already well aware of my feelings regarding the deliberate and unnecessary inclusion of the raw socket API in a mass market consumer desktop PC. I am referring, of course, to the absolute insanity of Microsoft's inclusion -- and subsequent defense of -- the raw socket API in Windows XP.
While pedantic network experts, and Microsoft themselves, correctly argue that there are other ways to produce malicious Internet traffic, there is no easier way than through the use of raw sockets. The best way to earn users' trust is to deserve it. But deliberately incorporating this unnecessary facility into every Windows XP machine -- and essentially enabling it, by design, to become a malicious reflection attack generator -- makes a mockery of Microsoft's recent "Trustworthy Computing" rhetoric. We can always hope, as I fervently do, that Microsoft will recognize that it is not too late, and will remove raw sockets from XP during one of the product's continuous flow of patches and Windows Updates.
Microsoft really have brought this upon themselves. Sorry, but they were warned and deserve all they get. What this is about is: before XP, it was possible to recognise (and block) this sort of traffic at the routers.
thanks, I'll bear that in mind next time.
The Airport should not be using a secure-protocol because the data is public, but the Airline may very well be. The other problem is: the url does not get displayed so something like www4 instead of www will be a problem to detect. Maybe I should view the page-source of the referring page and look for the offending java script.
Nice story that, I missed it the first time around. Comcast seem to have a history, but at least they did their best to clear up the mess they made.
The rules are the same here in Germany - once you have filed criminal charges, you cannot withdraw them. The prosecutor has to make their own decision to do this.
I knew someone who was beaten up by her boyfriend. She went to the police and reported it. Later, she tried to get those charges withdrawn, the answer was NO. The guy had a history of domestic violence, the prosecutor's decision was absolutely correct, and that is a textbook example of why the complainant cannot withdraw charges themselves. For the record, she married someone else and moved to Central America with him.
- If I want to reconfigure any of my ISP's settings, the menus come up as pop-ups
- At least two of the sites I use to book airline tickets also require this (one - the one offering the best deals - did not work at all with Mozilla or Konq until recently, forcing me to use Netscape 4.7x)
- My local airport's site also delivers some information via pop-up's.
X11's demise has meant that I can normally leave pop-ups activated, the business2.com site just forced me to deactivate them again.Obviously Mozilla allows me to specify which sites are allowed to use pop-ups. For some reason, the airport and one of the airline-ticket sites do not work that way - even after restarting the browser.
Possibly.
I nternet_Explorer%2Epdf which means Windows would probably ask you what application to open it with.
I just tried it with Mozilla 1.5 under Linux and the file's name is
ie.{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}Secunia_
At work, they finally allowed Netscape 7.1 about 6 weeks ago. Before that, only clients announcing themselves as Netscape 4.7x were allowed through the proxy. Manipulating IE (is that even possible?) to pass itself off as any version of Netscape is a hanging offence. And so it should be :-)
OK, the ISS was not an option and the Atlanta was a pretty unlikely option. That explains why NASA subsequently said there had been no way of rescuing them.
We can reject throwing one or more of the crew overboard to save food/oxygen until Atlanta could get there.
Sad.