Please read the announcement. The system was compromised using the the ptrace Linux kernel bug. But a person with a local account. Absolutely nothing to do with the FTP protocol or ftp server applications. It is true that some FTP servers (wu-ftp, proftp etc) have had a history of security problems. It doesn't make the FTP protocol somehow insecure. Of course authenticated FTP is as insecure as telnet because of clear text passwords, but anonymous FTP is a perfectly fine protocol and there is absolutely nothing wrong with running an anonymous ftp server. You are not advising people to stop running web servers because IIS is insecure? Or stop using email because sendmail has a bad security history?
I've already posted this question but I'll post it again here since this is obviously a better place;)
------------------
Could someone more 1337 than me explain how could they crack it using the ptrace exploit? Isn't it local only? Does this mean that someone who had an account on the ftp.gnu.org did it? Are they not disclosing the exact method of attack? Why? Of all people FSF should be happy to tell exactly what happened, no?
because anonymous ftp is the best way to let people download files? ftp server [theoretically] is much simpler than HTTP server (apache) and therefore is more secure. In this particular case I don't think that the FTP server APPLICATION was compromised. I think the FTP server (as in "computer serving ftp requests") was compromised.
Could someone more 1337 than me explain how could they crack it using the ptrace exploit? Isn't it local only? Does this mean that someone who had an account on the ftp.gnu.org did it? Are they not disclosing the exact method of attack? Why? Of all people FSF should be happy to tell exactly what happened, no?
Right, but honestly: would you like to pay a full price for a piece of hardware which was disassembled by a guy who put his hard drive in a freezer?
And I thikn that putting a hard drive in plexiglass takes having way too much free time on ones hands and some bolts missing in the head. Nothing to do with balls.
I've been a long time advocate of requiring a license for the right to use Internet, much like car driving license. And I think that the first question on the test should be "Have you ever done any visual mods to your cases or used strange and unexpected items instead of cases?". If you answer yes to this question -- sorry, no license for you.
Someone will now buy a hard drive from his brother. A hard drive with the controller removed, put in a different drive, removed again, put back in and all that in an environment quite different from the original manufacturers sterile assembly plant. Ethical.
Possibly. But Gartner group also told many companies to go with RedHat Enterprise Linux (as opposed to the free versions), so RedHat might have a better relationship with them than you might think.
I hope at least one of them sticks till the end. Someone must make an example out of SCO. I pity honest people who are still employed there.
Let's say SCO will crowl to IBM and beg for forgiveness. Even if IBM decides to settle out of court (for whatever reason, can't think of one... mercy maybe?) after the settlement in favour of IBM, RedHat's position will be really strong, and they will likely go to court -- to get cash if nothing else. And RedHat *are* entitled to a lot of cash in this. Didn't Gardner group recommend that enterprises delay Linux deployments? I smell financial loss, and possibly a big one. Then at the same time Novell rumor about complete change of direction towards Linux comes on the very same day as IBM files suit.
I understand that this is a cool idea for building automatic translators, but is it practical? Basically what they are doing is taking a well-researched domain of languages and trying to make something new and cool in it by completely ignoring the domain knowledge. My intuition tells me that "always use as much domain knowledge as posssible" is an engineering axiom.
I'm sorry, but this sounds really, really, really bad. Vatican vs Atlantis would have been a better name, probably. And with a story line like that (and with the new name) it should have been a computer game, not a book. Don't you hate the entertainment industry? They can fuck up even the best ideas!
um... what is insightful about this? No one makes shitload of money doing this, but I know people doing freelance tech support/small company system administration at $50-$70 an hour which in my book is called making money.
Yes, my school has a similar setup and LDAP solutions work great for a simple university environment. When I'm talking about enterprise I mean an enterprise structure on three continents where you want to keep the distributed network synchronized, replicated etc. Novell does that reasonably well.
I can't say I'm a big fan of Novell's support, but I'm somewhat impressed with parts of their products. They, I think, make more sense in enterprise than Windows-based solutions and this new direction will also help Linux a lot because Linux really doesn't have much to offer in the area of enterprise organization (I don't think pure LDAP solutions are powerful enough, but I might be wrong). This will also mean more products on Linux as a lot of companies which already support NetWare will have to move in Linux direction.
Isn't 768 memory requirement a little bit outrageous? Can anyone really expect people to have more than 512 in a normal PC? I have never had a problem with 256 even running Visual Studio and 10 tabs in Mozilla. Not to mention my FreeBSD box -- it's pretty happy with 128 (yeah, that's because I don't use Gnome/KDE in case you are wondering) Well, any new computer I'd buy today would have 512 of course, but 768???
fvwm2 is the best
on
fvwm Turns Ten
·
· Score: 2, Interesting
I think fvwm2 is the best window manager and I'm really happy to see this thread. I think that window manager/desktop must have the following features: * ability to start xterm instantaneously * pager which shows windows and their titles * flexible configuration in an editable file... I think that's it. Now I know that there are some newer wms which can do that as well, but I think fvwm was the first one which offered this and I see no reason to switch.
I'm not too clear on what does this do. My CURRENT is a couple of weeks old and I can just do unset load_acpi and it won't load it. The bigger problem is that boot process just hangs if I don't have ACPI loaded.
I really, really hate it when they post those slashdot bsd articles with links to bsdforums. We do not need this useless layer of indirection. Bsdforums do not have any ifnormation, just a link to the mailing list archive post. If I wanted to read basforums I would. I read slashdot and want a pointer to content, not to a place which has link to the content. This is breeding carma whores.
It's an estimate based on my intuition, experience and the nature of the project (no real free alternative, if someone needs to use it, they will either figure it out or ask me) and on the difficulty of the problem.
on one of my open source projects I used (more accidentaly than deliberately) the technique which is standard among people who write exploit. I have a small error in the makefile which causes something liek 50% of people come back for help on compiling it. This gives me pretty good estimate of how many people are actually using the package:) Of course this leaves out win32 users who just download the binary, but oh well.
Slashdot Mirror
how many cliches can I handle in one article?
Please read the announcement. The system was compromised using the the ptrace Linux kernel bug. But a person with a local account. Absolutely nothing to do with the FTP protocol or ftp server applications. It is true that some FTP servers (wu-ftp, proftp etc) have had a history of security problems. It doesn't make the FTP protocol somehow insecure. Of course authenticated FTP is as insecure as telnet because of clear text passwords, but anonymous FTP is a perfectly fine protocol and there is absolutely nothing wrong with running an anonymous ftp server. You are not advising people to stop running web servers because IIS is insecure? Or stop using email because sendmail has a bad security history?
------------------
because anonymous ftp is the best way to let people download files? ftp server [theoretically] is much simpler than HTTP server (apache) and therefore is more secure. In this particular case I don't think that the FTP server APPLICATION was compromised. I think the FTP server (as in "computer serving ftp requests") was compromised.
Could someone more 1337 than me explain how could they crack it using the ptrace exploit? Isn't it local only? Does this mean that someone who had an account on the ftp.gnu.org did it? Are they not disclosing the exact method of attack? Why? Of all people FSF should be happy to tell exactly what happened, no?
Right, but honestly: would you like to pay a full price for a piece of hardware which was disassembled by a guy who put his hard drive in a freezer?
And I thikn that putting a hard drive in plexiglass takes having way too much free time on ones hands and some bolts missing in the head. Nothing to do with balls.
I've been a long time advocate of requiring a license for the right to use Internet, much like car driving license. And I think that the first question on the test should be "Have you ever done any visual mods to your cases or used strange and unexpected items instead of cases?". If you answer yes to this question -- sorry, no license for you.
Someone will now buy a hard drive from his brother. A hard drive with the controller removed, put in a different drive, removed again, put back in and all that in an environment quite different from the original manufacturers sterile assembly plant. Ethical.
Other than that, of course, it's really cool.
Possibly. But Gartner group also told many companies to go with RedHat Enterprise Linux (as opposed to the free versions), so RedHat might have a better relationship with them than you might think.
you go to slashdot and brag about it.
I hope at least one of them sticks till the end. Someone must make an example out of SCO. I pity honest people who are still employed there.
Let's say SCO will crowl to IBM and beg for forgiveness. Even if IBM decides to settle out of court (for whatever reason, can't think of one... mercy maybe?) after the settlement in favour of IBM, RedHat's position will be really strong, and they will likely go to court -- to get cash if nothing else. And RedHat *are* entitled to a lot of cash in this. Didn't Gardner group recommend that enterprises delay Linux deployments? I smell financial loss, and possibly a big one.
Then at the same time Novell rumor about complete change of direction towards Linux comes on the very same day as IBM files suit.
I understand that this is a cool idea for building automatic translators, but is it practical? Basically what they are doing is taking a well-researched domain of languages and trying to make something new and cool in it by completely ignoring the domain knowledge. My intuition tells me that "always use as much domain knowledge as posssible" is an engineering axiom.
I'm sorry, but this sounds really, really, really bad.
Vatican vs Atlantis would have been a better name, probably. And with a story line like that (and with the new name) it should have been a computer game, not a book. Don't you hate the entertainment industry? They can fuck up even the best ideas!
um... what is insightful about this? No one makes shitload of money doing this, but I know people doing freelance tech support/small company system administration at $50-$70 an hour which in my book is called making money.
yes, we are switching to RedHat Enterprise because Garnder group told us so.
Yes, my school has a similar setup and LDAP solutions work great for a simple university environment. When I'm talking about enterprise I mean an enterprise structure on three continents where you want to keep the distributed network synchronized, replicated etc. Novell does that reasonably well.
I can't say I'm a big fan of Novell's support, but I'm somewhat impressed with parts of their products. They, I think, make more sense in enterprise than Windows-based solutions and this new direction will also help Linux a lot because Linux really doesn't have much to offer in the area of enterprise organization (I don't think pure LDAP solutions are powerful enough, but I might be wrong).
This will also mean more products on Linux as a lot of companies which already support NetWare will have to move in Linux direction.
One of the biggest CAD packages, PRO/Engineer , runs on HP-UX, IRIX, Solaris and Linux.
if you bite a troll hard enough, will it die?
OpenSSH
Isn't 768 memory requirement a little bit outrageous? Can anyone really expect people to have more than 512 in a normal PC? I have never had a problem with 256 even running Visual Studio and 10 tabs in Mozilla.
Not to mention my FreeBSD box -- it's pretty happy with 128 (yeah, that's because I don't use Gnome/KDE in case you are wondering)
Well, any new computer I'd buy today would have 512 of course, but 768???
I think fvwm2 is the best window manager and I'm really happy to see this thread. ... I think that's it.
I think that window manager/desktop must have the following features:
* ability to start xterm instantaneously
* pager which shows windows and their titles
* flexible configuration in an editable file
Now I know that there are some newer wms which can do that as well, but I think fvwm was the first one which offered this and I see no reason to switch.
I'm not too clear on what does this do. My CURRENT is a couple of weeks old and I can just do unset load_acpi and it won't load it. The bigger problem is that boot process just hangs if I don't have ACPI loaded.
I really, really hate it when they post those slashdot bsd articles with links to bsdforums. We do not need this useless layer of indirection. Bsdforums do not have any ifnormation, just a link to the mailing list archive post. If I wanted to read basforums I would. I read slashdot and want a pointer to content, not to a place which has link to the content. This is breeding carma whores.
It's an estimate based on my intuition, experience and the nature of the project (no real free alternative, if someone needs to use it, they will either figure it out or ask me) and on the difficulty of the problem.
on one of my open source projects I used (more accidentaly than deliberately) the technique which is standard among people who write exploit. I have a small error in the makefile which causes something liek 50% of people come back for help on compiling it. This gives me pretty good estimate of how many people are actually using the package :)
Of course this leaves out win32 users who just download the binary, but oh well.
do you honestly think this article is news? People cheat in on-line games? wow.