Basically OpenBSD releases are supported one year (2 releases). i.e. you have to upgrade only any other release. In fact a release is supported for 13 months to give users a 1 month window to upgrade.
At the time of the telnetd exploit (July 2001) the oldest supported release was 2.7 or 2.8 and telnetd had been disabled from the default install between 2.5 and 2.6. So if you used a supported release you were safe. Since upgrades are free and take about one hour there's no reason not to do it once a year...
OK, so American companies like Chase and Citibank are hounding me (an American) for being late on my credit card payments, yet they're sending their jobs to an entirely different country instead of supporting the very Americans they're driving into debt.
So it's not your fault you're getting into debt, you were forced to buy that car, that TV, that VCR, that computer... With money that you didn't had...
Using pre-canned prime numbers and making key using combination of them can be quite fast. But at least the actual signing of the message is expensive. But if does not help much if it is sent a million times...
On the other hand using professional certificate authorities may not be needed, if a key is not somehow trusted, like not linked to the PGP core of intertrusting keys if could rise a likely spam flag...
Somehow I hate the concept of fatcats like Verisign being part of the solution against spam...
It would give a foolproof way to authenticate a spammer making very easy to publish accurate blacklists.
And if they try to to use throwaway digital identities thankfully generating a key is computationaly expensive so it would greatly reduce the rate at which they send spam...
Implement automatic account deactivation and some kid will code a script to brute-deactivate your users. You only have to know or guess a login name (that 99% of the time will be like the email address) to cut someone the ability to use email...
if any given IDE drive has, say, a 5% chance of failing per month (obviously, I'm making this up to illustrate the math involved, rather than trying to show real life failure rates), then two drives would have a 10% chance of failure
So if you get 20 of these drives you have a 100% chance of failure?
Let me guess... You're a product of the American public school system?
You have no grasp of probabilities... Hint: lookup the Bayes formula.
bmf + spamassassin on the front line get more that 99% of it meaning that I see a spam only about one every three days, filtering about 100 a day.
And I do care about a proposal that will hinder my ability to use SMTP relay that I have a legitimate access to, because some people can't take proper technical measure like filtering on content.
Filtering on dubious technical criteria is not the way, a spam message is one because of its content, not because of the relay it used.
I oppose any measure that affect current legitimate use.
What if I don't have access to the authorized relay, as in all company outgoing mail must go through company SMTP server, wether it as a @company.com from address or a @vanitydomain.com address.
If you read personnal email at work (bad) but keep it separate from your professionnal email (good) this will greatly inconvenience you.
And what about the consultant on a customer's site, if he don't have access to the authorized relay. He can't send mail while still having a perfectly usable SMTP relay at his disposition...
How come this was moderated as troll? SPF really does not achieve anything worthwhile and is an inconvenience to many legitimate use...
If it is used solely for scoring it won't be too bad but there will always be people denying mail altogether because of that and it will uterly sucks...
Are you used to sending personnal email (one that have another domain than your employers in the From: address) from work using your company SMTP server as a relay? You know, the only one you have access to with many reasonable security policies...
Can't do that anymore, your message will be flagged as spam by the recipient server if he checks for SPF records.
Have AOL warned its customers of this little side effect of it implementing SPF?
Plus SPF technically wise sucks, it should have been a new record type using TXT records is an ugly kludge...
Yes there are (a lot of them). It does not means that there are security holes because of it it's just that's it's way easier to make a safety error using strcpy() than using strlcpy(). And in fact a systematic effort to eliminate those is the occasion to revisit some code long forgotten and to fix other things on the way...
Well, unlike under Linux, OpenBSD had shared libs in a.out already so there was no ELF features that where really needed. The main reason for going to ELF was that binutils are only well maintained for ELF and the cost of the change was inferior to the cost of maintaining a.out in binutils. And ELF binaries made W^X way easier.
...that your employability would increase if you actually learned how to spell (and format your posts, they're a PITA to read).
You read like a high school dropout who landed a high paying job in a stupid startup in the crazy years because you where PHP litterate and is angry because the tougher job market actually requires real skills now...
% grep uid_t/usr/include/sys/types.h
typedef u_int32_t uid_t;/* user id */
% uname -mr
3.2 i386
OpenBSD does support 32 bits UIDs and always has. off_t is 64 bits and always has too. Linux is the OS with grow problems, decent OSes are sized correctly from the start.
What is done is protecting memory zones created by the linker, mostly memory zone holding constants and static variables, so no there's no executable code in this area.
When you write a JIT you allocate your own memory on the heap and then compile your code there. On order for this code to be executable you have to mprotect(2) the memory zone holding your code with the PROT_EXEC flag, or PROT_EXEC | PROT_WRITE if you want to be able to modify it afterward. Anyway you can change the memory protection at anytime so anything you could do before you still can do.
Slashdot Mirror
See Daniel Harmeier answer.
Basically OpenBSD releases are supported one year (2 releases). i.e. you have to upgrade only any other release. In fact a release is supported for 13 months to give users a 1 month window to upgrade.
At the time of the telnetd exploit (July 2001) the oldest supported release was 2.7 or 2.8 and telnetd had been disabled from the default install between 2.5 and 2.6. So if you used a supported release you were safe. Since upgrades are free and take about one hour there's no reason not to do it once a year...
Then the cooling is almost only a one time expense...
The Amazing Properties of Aerogel
So it's not your fault you're getting into debt, you were forced to buy that car, that TV, that VCR, that computer... With money that you didn't had...
What happened to personnal responsability?
Using pre-canned prime numbers and making key using combination of them can be quite fast. But at least the actual signing of the message is expensive. But if does not help much if it is sent a million times...
On the other hand using professional certificate authorities may not be needed, if a key is not somehow trusted, like not linked to the PGP core of intertrusting keys if could rise a likely spam flag...
Somehow I hate the concept of fatcats like Verisign being part of the solution against spam...
It would give a foolproof way to authenticate a spammer making very easy to publish accurate blacklists.
And if they try to to use throwaway digital identities thankfully generating a key is computationaly expensive so it would greatly reduce the rate at which they send spam...
Implement automatic account deactivation and some kid will code a script to brute-deactivate your users. You only have to know or guess a login name (that 99% of the time will be like the email address) to cut someone the ability to use email...
You're real smart aren't you?
Solaris 9 does not support yet that machine... Will do thi spring.
Not even that the new addresses are 128 bits long and not 64 like he states repeatedly...
And prefering Netscape 4 to Mozilla, I want some of the stuff he takes...
So if you get 20 of these drives you have a 100% chance of failure?
Let me guess... You're a product of the American public school system?
You have no grasp of probabilities... Hint: lookup the Bayes formula.
bmf + spamassassin on the front line get more that 99% of it meaning that I see a spam only about one every three days, filtering about 100 a day.
And I do care about a proposal that will hinder my ability to use SMTP relay that I have a legitimate access to, because some people can't take proper technical measure like filtering on content.
Filtering on dubious technical criteria is not the way, a spam message is one because of its content, not because of the relay it used.
I oppose any measure that affect current legitimate use.
What if I don't have access to the authorized relay, as in all company outgoing mail must go through company SMTP server, wether it as a @company.com from address or a @vanitydomain.com address.
If you read personnal email at work (bad) but keep it separate from your professionnal email (good) this will greatly inconvenience you.
And what about the consultant on a customer's site, if he don't have access to the authorized relay. He can't send mail while still having a perfectly usable SMTP relay at his disposition...
How come this was moderated as troll? SPF really does not achieve anything worthwhile and is an inconvenience to many legitimate use...
If it is used solely for scoring it won't be too bad but there will always be people denying mail altogether because of that and it will uterly sucks...
Are you used to sending personnal email (one that have another domain than your employers in the From: address) from work using your company SMTP server as a relay? You know, the only one you have access to with many reasonable security policies...
Can't do that anymore, your message will be flagged as spam by the recipient server if he checks for SPF records.
Have AOL warned its customers of this little side effect of it implementing SPF?
Plus SPF technically wise sucks, it should have been a new record type using TXT records is an ugly kludge...
Something like 80% of the cannabis smoked in Europe comes from Morrocco.
If that's not a strategic partner what is one?
What the fuck that country would be? Eritrea?
Hardly a North African country. Where did you "learn" geography (and spelling...)? In an American school?
Look at the Samsung 2410 board.
Louis XIV died of old age...
http://developers.slashdot.org/article.pl?sid=03/1 0/29/1355259 : Info Glut - Five Exabytes of Data Created in 2002
I don't use Linux, I use OpenBSD. And I took the pain of downloading the Linux kernel just to give an accurate answer to this guy...
Like he could have done, unless he doesn't have broadband...
Too lazy (or too dumb) to use grep(1)?
Yes there are (a lot of them). It does not means that there are security holes because of it it's just that's it's way easier to make a safety error using strcpy() than using strlcpy(). And in fact a systematic effort to eliminate those is the occasion to revisit some code long forgotten and to fix other things on the way...
% grep -r -l strcpy linux-2.6.0-test9c c b.cc . c ... plenty more ... ]
linux-2.6.0-test9/drivers/i2c/busses/i2c-ibm_iic.
linux-2.6.0-test9/drivers/net/8139too.c
linux-2.6.0-test9/drivers/net/sk98lin/skproc.c
linux-2.6.0-test9/drivers/net/sk98lin/skge.c
linux-2.6.0-test9/drivers/net/sk98lin/skvpd.c
linux-2.6.0-test9/drivers/net/tulip/de4x5.c
linux-2.6.0-test9/drivers/net/tulip/xircom_tulip_
linux-2.6.0-test9/drivers/net/tulip/winbond-840.c
linux-2.6.0-test9/drivers/net/tulip/tulip_core.c
linux-2.6.0-test9/drivers/net/tulip/xircom_cb.c
linux-2.6.0-test9/drivers/net/tulip/de2104x.c
linux-2.6.0-test9/drivers/net/tulip/dmfe.c
linux-2.6.0-test9/drivers/net/wireless/wl3501_cs.
linux-2.6.0-test9/drivers/net/wireless/airo.c
linux-2.6.0-test9/drivers/net/wireless/atmel.c
linux-2.6.0-test9/drivers/net/wireless/ray_cs.c
linux-2.6.0-test9/drivers/net/wireless/atmel_cs.c
linux-2.6.0-test9/drivers/net/wireless/wavelan_cs
[
Well, unlike under Linux, OpenBSD had shared libs in a.out already so there was no ELF features that where really needed. The main reason for going to ELF was that binutils are only well maintained for ELF and the cost of the change was inferior to the cost of maintaining a.out in binutils. And ELF binaries made W^X way easier.
You read like a high school dropout who landed a high paying job in a stupid startup in the crazy years because you where PHP litterate and is angry because the tougher job market actually requires real skills now...
Progress is always slower in the thirld world.
typedef u_int32_t uid_t;
% uname -mr
3.2 i386
OpenBSD does support 32 bits UIDs and always has. off_t is 64 bits and always has too. Linux is the OS with grow problems, decent OSes are sized correctly from the start.
What is done is protecting memory zones created by the linker, mostly memory zone holding constants and static variables, so no there's no executable code in this area.
When you write a JIT you allocate your own memory on the heap and then compile your code there. On order for this code to be executable you have to mprotect(2) the memory zone holding your code with the PROT_EXEC flag, or PROT_EXEC | PROT_WRITE if you want to be able to modify it afterward. Anyway you can change the memory protection at anytime so anything you could do before you still can do.