Ah, but, you can have both! And thats actually how X.Org behaves.
It's as simple as having two buffers, one for "proper" copy/cutting/pasting, and one for quick jobs, where a highlight and a middle click is better suited.
As an example, in Firefox right now, if I middle click, I'll paste my first sentence, because it's the last thing I highlighted. If I hit ctrl+v, I'll paste my subject, because it's the last thing I had highlighted when I hit ctrl+c.
Best of both worlds.
Not being able to middle-click paste is the reason I don't use a Mac currently, and just finished building a new whitebox to run Linux on for work.
I would prefer knowing there was a new release of SSH. A maintenance release. 10-15 days later, an announcement that this release was due to a vulnerability found should be released.
NO more detail than that. NO patch. NO post to bugtraq. NO exploit code.
That would provide adequate security with minimum damage.
So, armour is revolutionized and becomes 99% unpiercable. Next, ammo is revolutionized, and pierces every shot.
Rinse, repeat.
We had a mathematics breakthrough recently that made public key crypto shorter than 4k bits almost trivial to crack. I think it was on Slashdot, but I don't remember any links... Either way, the revolution was made, and a lot of encryption is no longer providing the protection it should.
So, now we use 4k bit encryption or higher. What happens when that becomes trivially cracked? 8k bit? 128k bit?
Thats the problem, the weapons makers know the specifications, EXACTLY, of the defence mechanisms.
Unfortunately you are correct, Open Source itself promotes full disclosure, which is part of whats so annoying... Open Source rocks. But full disclosure doesn't. Thems the breaks I guess?
Well, all of the machines WE run of course will be upgraded. Automatically, since we run an auto-update system...
But rackshack.net (sticking with my example) provide unmanaged services. This means their users are on their own.
Also; once you have a couple hundred clients with a machine each, upgrading for them, or walking them through the process, or even ensuring they all actually do so, becomes very difficult. And I'm sure they have many more than a couple hundred.
Also - Theres a difference between SSH running, and using SSH. Stupid users may never use SSH, but SSH will likely still be running on the machine. (Depending on distro, etc. But mostly RedHat 7.x's and Cobalt, which both have SSH enabled by default).
If someone ran the T1 themselves, yes it's likely they would be capable of upgrading.
What about dedicated servers? 99 bucks a month. rackshack.net. They can put out a couple mbps each. How many vulnerable machines do you think are going to remain on that network alone because of clueless users?
It's not as cut and dry as you might think. And yes, secfocus does distribute code, when code is available.
Please take a look at http://anti.security.is when you have some spare time.
In particular:
Q: What's wrong with full disclosure? A: Full disclosure attempts to contradict the saying "two wrongs don't make a right" in the sense that it stimulates criminal activities in order to catalyze security awareness. Take the following example: An unrestricted maniac runs around the streets, shooting people in the name of improving security because he aims to increase the public use of bullet-proof vests. And who makes these vests? After everybody is protected by vest v1, the public is complacent, and sales of vest v2 must be stimulated by inventing a shotgun which penetrates the first vest. There is competition in the vest manufacturing business, so they all profit from the development of higher powered munitions. Manufacturers get money, and also lobby for pro-homicidal laws in other countries to spread the market, while innocent people suffer at their expense. The cycle still doesn't end with vest v666, because a newer armor-piercing bullet is in the works. How do you end the rat race? Stop full disclosure!
Script kiddies are the scavengers who feed off of other peoples code. A great place to get this code is secfocus.
As for what you say about bandwidth being relative to upgrades... Well. Explain the previous worms and DDoS nets? Not everyone gives a fuck. Not everyone will be bothered to upgrade. Some people don't even know how...
Please don't post to bugsmaq when you're done. =p We really don't need more smart-enough-to-be-dangerous script kiddies armed with other peoples code causing more mayhem.
Please read the articles before posting. A remote exploit has not been ruled out. Chances are, one will be available shortly to the general public and script kiddie scenes.
Debian goes through more quality assurance then Mandrake, RedHat and SuSE combined.
You do realise that Debian stable has been tried and tested over the course of *years*?
I highly recommend you go and read up on Debian's release schedual and release criteria before you condemn it as an 'amateur distro'.
No, I just use Debian.
apt takes care of all that for me.
Typical scenario:
[vince] I want to try some new software!
/me types apt-get install new-package
[vince] This sucks.
/me types dpkg --purge new-package
Slashdot Mirror
Works fine in the UK.
Atleast, it does for me. (landline service is provided by Virgin).
Cheers,
Vince.
Ah, but, you can have both! And thats actually how X.Org behaves.
It's as simple as having two buffers, one for "proper" copy/cutting/pasting, and one for quick jobs, where a highlight and a middle click is better suited.
As an example, in Firefox right now, if I middle click, I'll paste my first sentence, because it's the last thing I highlighted. If I hit ctrl+v, I'll paste my subject, because it's the last thing I had highlighted when I hit ctrl+c.
Best of both worlds.
Not being able to middle-click paste is the reason I don't use a Mac currently, and just finished building a new whitebox to run Linux on for work.
I really wish OS X worked like X.org when it came to copy/pasting.
Highlight = copied, middle click = pasted.
Why bother with menus and keyboards?
s/\\/\//g
Would do what you asked for.
Dunno wtf happened there, thats not what I typed. :|
Fixed link: http://suidrewt.org/hotcoffee.wmv
Mirrored here:
http://www.slashdot.org/hotcoffee.wmv
I would prefer knowing there was a new release of SSH. A maintenance release.
10-15 days later, an announcement that this release was due to a vulnerability found should be released.
NO more detail than that.
NO patch. NO post to bugtraq. NO exploit code.
That would provide adequate security with minimum damage.
Vince.
So, armour is revolutionized and becomes 99% unpiercable.
Next, ammo is revolutionized, and pierces every shot.
Rinse, repeat.
We had a mathematics breakthrough recently that made public key crypto shorter than 4k bits almost trivial to crack. I think it was on Slashdot, but I don't remember any links... Either way, the revolution was made, and a lot of encryption is no longer providing the protection it should.
So, now we use 4k bit encryption or higher. What happens when that becomes trivially cracked?
8k bit? 128k bit?
Thats the problem, the weapons makers know the specifications, EXACTLY, of the defence mechanisms.
Unfortunately you are correct, Open Source itself promotes full disclosure, which is part of whats so annoying... Open Source rocks. But full disclosure doesn't. Thems the breaks I guess?
Vince.
Well, all of the machines WE run of course will be upgraded. Automatically, since we run an auto-update system...
But rackshack.net (sticking with my example) provide unmanaged services. This means their users are on their own.
Also; once you have a couple hundred clients with a machine each, upgrading for them, or walking them through the process, or even ensuring they all actually do so, becomes very difficult.
And I'm sure they have many more than a couple hundred.
Also - Theres a difference between SSH running, and using SSH. Stupid users may never use SSH, but SSH will likely still be running on the machine. (Depending on distro, etc. But mostly RedHat 7.x's and Cobalt, which both have SSH enabled by default).
Vince.
Please read the article.
A remote exploit has not been ruled out.
As of now, a local exploit isn't even confirmed, since there is no concept code.
Vince.
A hell of a lot.
(I'm in the webhosting business myself...)
Vince.
Okay - Forget the link, and just read the section from the FAQ that I posted.
:)
It makes sense to me, atleast.
Vince.
If someone ran the T1 themselves, yes it's likely they would be capable of upgrading.
What about dedicated servers?
99 bucks a month. rackshack.net.
They can put out a couple mbps each. How many vulnerable machines do you think are going to remain on that network alone because of clueless users?
It's not as cut and dry as you might think.
And yes, secfocus does distribute code, when code is available.
Vince.
Since when was a valid opinion a troll?
I thought the point of Slashdot was to have discussions among users?
Moderators: Try to remember - spend your points modding up interesting posts rather than modding down retarded ones.
Vince.
Please take a look at http://anti.security.is when you have some spare time.
In particular:
Q: What's wrong with full disclosure?
A: Full disclosure attempts to contradict the saying "two wrongs don't make a right" in the sense that it stimulates criminal activities in order to catalyze security awareness. Take the following example: An unrestricted maniac runs around the streets, shooting people in the name of improving security because he aims to increase the public use of bullet-proof vests. And who makes these vests? After everybody is protected by vest v1, the public is complacent, and sales of vest v2 must be stimulated by inventing a shotgun which penetrates the first vest. There is competition in the vest manufacturing business, so they all profit from the development of higher powered munitions. Manufacturers get money, and also lobby for pro-homicidal laws in other countries to spread the market, while innocent people suffer at their expense. The cycle still doesn't end with vest v666, because a newer armor-piercing bullet is in the works. How do you end the rat race? Stop full disclosure!
Vince.
Script kiddies are the scavengers who feed off of other peoples code.
A great place to get this code is secfocus.
As for what you say about bandwidth being relative to upgrades... Well. Explain the previous worms and DDoS nets? Not everyone gives a fuck. Not everyone will be bothered to upgrade. Some people don't even know how...
Vince.
Please don't post to bugsmaq when you're done. =p
We really don't need more smart-enough-to-be-dangerous script kiddies armed with other peoples code causing more mayhem.
Vince.
Please read the articles before posting.
A remote exploit has not been ruled out.
Chances are, one will be available shortly to the general public and script kiddie scenes.
Vince.
Full disclosure is where the script kiddies get their tools.
Now this is public knowledge, an exploit will be available within hours.
There is a difference between the people who discover vulnerabilities and those who browse security-focus for them.
This should have been fixed before it was announced, and a period of time waited for people to upgrade.
There isn't even a fixed version available for multiple platforms yet, ffs.
Vince.
Yay!
Now we get another bunch of worms scanning the whole net for vulnerable boxes so they can make DDoS nets!
Thank god for full disclosure!
*gags*
Vince.
2.2.20 is stable. Considered stable, proven stable.
It also supports USB.
Vince.
Debian goes through more quality assurance then Mandrake, RedHat and SuSE combined.
You do realise that Debian stable has been tried and tested over the course of *years*?
I highly recommend you go and read up on Debian's release schedual and release criteria before you condemn it as an 'amateur distro'.
http://www.debian.org
Vince.
No, I just use Debian.
apt takes care of all that for me.
Typical scenario:
[vince] I want to try some new software!
/me types apt-get install new-package
[vince] This sucks.
/me types dpkg --purge new-package
You get the idea.
Regards,
Vince.
Yep, it is.
Sparc ISO's of 2.2r3
I'm pretty sure the Debian Sparc devel tree is pretty active.
Maybe you should give that a try.