8.1 was supported for a long time, but I don't think it still is.
The most recent OpenSSL patch was announced on April 8th, with patches available for Slackware 11.0 through -current. It's possible that the version of OpenSSL that shipped with Slackware 10.2 and previous isn't vulnerable so no patch is needed, and indeed CVE-2009-0591 says it only affects 0.9.8h-0.9.8j, but it would be nice to know definitively whether my 10.1 machine is vulnerable or not. (OpenSSL is just an example, of course.)
Barq's is the only major brand of root beer that contains caffeine (there may be some obscure brands that do too, but I haven't personally found one yet).
Oh, sweet, good to know, thanks. Looks like that's as of 12.2, which I haven't installed yet so I wasn't aware of the change. About damn time.:-)
By the way, is there an official policy regarding how long a release is supported in terms of security patches, and a list of which versions are currently maintained? Some of us like to keep old systems running for a long time (because if it's not broke, why fix it?) but after awhile one notices that no new patches are available...
I'm happy to license my personal stuff GPL, and if somebody wants to incorporate it into a larger project, they're welcome to contact me to make other arrangements. If I own the copyright, I can re-license it however I want.
But it's OK, because the data was encrypted, right? RIGHT?
Except that the purpose of putting this data on this hard drive was so that the National Archives would have free access to it, so that they could convert it into another format, encrypting as necessary. Yes, they could have encrypted it first, and given the National Archives the password along with the drive, but I'd be willing to bet they didn't.
Last time I used (five years ago) Slackware it had no dependencies tracking, no automatic updates or update manager, it lacked any utilities to automatically set up network interfaces and used LILO. Is it better now?;)
If you want updates, I recommend the optional slackpkg package (in the extras directory). Edit/etc/slackpkg/mirrors and uncomment your favorite mirror, then run slackpkg update to retrieve the latest package database, and finally run slackpkg upgrade-all to be presented with a list of all available updates. After installation, you'll be asked what to do about configuration files that have changed.
Subscribe to the slackware-security mailing list, and you'll get an e-mail whenever a patch is released. It's safest to wait a day or so before applying them, in case any problems are found.
It still doesn't track dependencies, but as long as you install everything in the L series, you'll probably be fine.
The real question is, what's the target audience of Slackware? People who have no active social life and prefer computers to chicks?
Au contraire - the target audience is people who want to set up their server, configure it the way they like, and then pretty much just leave it alone for three years so they can go out and have a social life without worrying that the server might break.
There's no L in Akamai, but yes, Akamai mirrors the static content, such as images. However, dynamic content such as search results are still served by Microsoft.
Plus, having the ability to monetize services individually will - Lord forgive me for seeing a bright side here - will encourage Microsoft to ship with a minimal default install, which one would hope would lead to improved overall security.*
Here's why Microsoft won't do it:
Of course you're right it would be GREAT for users if they did, for precisely the reason you described. You bought a new PC for the secretary at your small business, but it came with Home Premium installed, and now your IT guy wants everybody to be able to join a domain? No problem, just buy that feature.
But making components optional means that third parties could offer competing solutions. Perhaps not for joining a domain, but certainly for touchscreen support, Media Center, etc. Those third parties will offer their solutions cheaper than whatever Microsoft is charging to enable them. Microsoft doesn't want that.
If Media Center were a stand-alone product you had to pay for, people would do comparison shopping. They might even decide MPC-HC is good enough.
An ADSL CPE in RFC 1483 bridging mode isn't a router either. Most likely the device has routing capability built-in as well (even if it's not being used), but that certainly doesn't have to be the case.
Sometimes if you make it more expensive, people will buy it for that reason alone. They see the higher price, and think that there must be a good reason for it to be a little bit more expensive than the alternatives.
Not to mention ADSL modem, there's no such fucking thing. Modem = Modulator/Demodulator, a simple AD-converter. There's no AD-converting in ADSL. ADSL is solely digital.
This is caused by the lack of a suitable alternative term. The actual technical term for what most people call a DSL or cable modem is "CPE".
And yet, the Windows 7 RC is somehow really buggy, compared to Vista.
I've got a folder containing a handful of very large (over 8GB) video files (recorded with PVR software). When I try to open the folder, it hangs. If I boot into Safe Mode, move some of the files into different folders, then reboot normally, it becomes apparent that accessing certain files causes the system to hang, while accessing other files is no problem. It's not an Explorer problem, because CLI commands will hang too. I've run the mfgr's hard drive diagnostic tests, and chkdsk.
I have a VGA CRT and a DVI LCD projector set up for mirroring/clone mode. Every couple of minutes, the CRT goes blank for a second, then returns to normal. This didn't happen on Vista.
I like the new Mac-like taskbar, although I notice it STILL can't reliably figure out what the front-most window is. Notification icons are monochrome like Apple's menu thingies, which is fine for things like a volume control but not so good for, you know, notification. Still, they had to do something about that mess.
The title you can't think of is "The Saga Begins".
Weird Al very rarely does a direct parody of the original song. Examples I can think of include:
Smells Like Nirvana
Achy Breaky Song
Six Words Long
Confessions Part III
On the other hand, it's hard to argue that "Trapped in the Drive-Thru", ostensibly about a late night fast food run, isn't really a commentary on the tedious stupidity of R. Kelly's original...
I understand that if you overwrite the data with zeros, you can figure out the original state of many of the bits, because there will be a tiny bit of charge present in the bits that had been 1.
I understand that if you overwrite it with zeros again, you might still be able to recover some of the data.
I don't understand how, if the data is overwritten with random crap at least twice, you'd be able to distinguish between the previous (random) state and the original state for any given bit.
If the marketshare argument was true then there wouldn't have been any viruses for pre-OSX Macs either. But there were; lots of them.
Malware was different in those days. Yes, there used to be Mac viruses. Nowhere near as many as DOS/Windows viruses, but a lot. They were mostly transmitted on physical media, not downloaded over a network; most of them were written before TCP/IP support was included in the OS. Most of the holes that allowed the old viruses to spread have been closed, and there just aren't that many holes that new viruses can take advantage of.
Old-school Mac viruses were created by people looking for a creative way to make a virus because it was a fun challenge and it might gain them a bit of notoriety; there was never any profit in it (and most of the viruses weren't deliberately destructive, although some of them were accidentally destructive due to bugs). Modern malware authors are in it for the money.
Since the OS itself is really pretty secure these days, the best way to spread Mac malware is to trick the user into deliberately executing your code for you, clicking through all the security warnings. If you're in it for the money, that's the approach you'll take. If you're not in it for the money, there's no technical challenge in that! Anybody could make a malicious application that looks like a fun toy, so what's the point?
And if you're in it for the money, there's more money to be made on Windows right now. As Macs grow in popularity and Windows users start keeping their antivirus software up to date, the balance will shift, but it hasn't shifted yet.
Slashdot Mirror
Mac OS X 10.4.11:
phroggy@curry:~$ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
8.1 was supported for a long time, but I don't think it still is.
The most recent OpenSSL patch was announced on April 8th, with patches available for Slackware 11.0 through -current. It's possible that the version of OpenSSL that shipped with Slackware 10.2 and previous isn't vulnerable so no patch is needed, and indeed CVE-2009-0591 says it only affects 0.9.8h-0.9.8j, but it would be nice to know definitively whether my 10.1 machine is vulnerable or not. (OpenSSL is just an example, of course.)
Yeah, what the hell is wrong with the Tropicana people?
Barq's is the only major brand of root beer that contains caffeine (there may be some obscure brands that do too, but I haven't personally found one yet).
Oh, sweet, good to know, thanks. Looks like that's as of 12.2, which I haven't installed yet so I wasn't aware of the change. About damn time. :-)
By the way, is there an official policy regarding how long a release is supported in terms of security patches, and a list of which versions are currently maintained? Some of us like to keep old systems running for a long time (because if it's not broke, why fix it?) but after awhile one notices that no new patches are available...
I'm happy to license my personal stuff GPL, and if somebody wants to incorporate it into a larger project, they're welcome to contact me to make other arrangements. If I own the copyright, I can re-license it however I want.
But it's OK, because the data was encrypted, right? RIGHT?
Except that the purpose of putting this data on this hard drive was so that the National Archives would have free access to it, so that they could convert it into another format, encrypting as necessary. Yes, they could have encrypted it first, and given the National Archives the password along with the drive, but I'd be willing to bet they didn't.
Last time I used (five years ago) Slackware it had no dependencies tracking, no automatic updates or update manager, it lacked any utilities to automatically set up network interfaces and used LILO. Is it better now? ;)
If you want updates, I recommend the optional slackpkg package (in the extras directory). Edit /etc/slackpkg/mirrors and uncomment your favorite mirror, then run slackpkg update to retrieve the latest package database, and finally run slackpkg upgrade-all to be presented with a list of all available updates. After installation, you'll be asked what to do about configuration files that have changed.
Subscribe to the slackware-security mailing list, and you'll get an e-mail whenever a patch is released. It's safest to wait a day or so before applying them, in case any problems are found.
It still doesn't track dependencies, but as long as you install everything in the L series, you'll probably be fine.
The real question is, what's the target audience of Slackware? People who have no active social life and prefer computers to chicks?
Au contraire - the target audience is people who want to set up their server, configure it the way they like, and then pretty much just leave it alone for three years so they can go out and have a social life without worrying that the server might break.
There's no L in Akamai, but yes, Akamai mirrors the static content, such as images. However, dynamic content such as search results are still served by Microsoft.
Plus, having the ability to monetize services individually will - Lord forgive me for seeing a bright side here - will encourage Microsoft to ship with a minimal default install, which one would hope would lead to improved overall security.*
Here's why Microsoft won't do it:
Of course you're right it would be GREAT for users if they did, for precisely the reason you described. You bought a new PC for the secretary at your small business, but it came with Home Premium installed, and now your IT guy wants everybody to be able to join a domain? No problem, just buy that feature.
But making components optional means that third parties could offer competing solutions. Perhaps not for joining a domain, but certainly for touchscreen support, Media Center, etc. Those third parties will offer their solutions cheaper than whatever Microsoft is charging to enable them. Microsoft doesn't want that.
If Media Center were a stand-alone product you had to pay for, people would do comparison shopping. They might even decide MPC-HC is good enough.
You're assuming that their competition won't simply license the patent from Microsoft.
Remember, Apple was one of the first licensees of Amazon's OneClick patent.
An ADSL CPE in RFC 1483 bridging mode isn't a router either. Most likely the device has routing capability built-in as well (even if it's not being used), but that certainly doesn't have to be the case.
And Blackjack!
In fact, forget the bike paths! And the Blackjack.
Sometimes if you make it more expensive, people will buy it for that reason alone. They see the higher price, and think that there must be a good reason for it to be a little bit more expensive than the alternatives.
The free antivirus app you're referring to was called "Disinfectant".
The theme from Monty Python's Flying Circus is in fact The Liberty Bell March by John Philip Sousa.
Sounds less like ditching tabs, and more like adding grouping. Make it optional, and I don't see a problem.
And moving the grouped tabs to a sidebar, instead of across the top. Not a bad idea as we all move to 16:9 LCDs.
Not to mention ADSL modem, there's no such fucking thing. Modem = Modulator/Demodulator, a simple AD-converter. There's no AD-converting in ADSL. ADSL is solely digital.
This is caused by the lack of a suitable alternative term. The actual technical term for what most people call a DSL or cable modem is "CPE".
Customer Premise Equipment.
Literally, "that little box in your house."
And if I hear the phrase "now, I am computer illiterate..." one more fucking time....
The best therapy for that one though, is to mentally change illiterate to ignorant.
Trust me, those people are fine. It's the ones who pretend to know what they're talking about, that cause the headaches.
And yet, the Windows 7 RC is somehow really buggy, compared to Vista.
I've got a folder containing a handful of very large (over 8GB) video files (recorded with PVR software). When I try to open the folder, it hangs. If I boot into Safe Mode, move some of the files into different folders, then reboot normally, it becomes apparent that accessing certain files causes the system to hang, while accessing other files is no problem. It's not an Explorer problem, because CLI commands will hang too. I've run the mfgr's hard drive diagnostic tests, and chkdsk.
I have a VGA CRT and a DVI LCD projector set up for mirroring/clone mode. Every couple of minutes, the CRT goes blank for a second, then returns to normal. This didn't happen on Vista.
I like the new Mac-like taskbar, although I notice it STILL can't reliably figure out what the front-most window is. Notification icons are monochrome like Apple's menu thingies, which is fine for things like a volume control but not so good for, you know, notification. Still, they had to do something about that mess.
The title you can't think of is "The Saga Begins".
Weird Al very rarely does a direct parody of the original song. Examples I can think of include:
On the other hand, it's hard to argue that "Trapped in the Drive-Thru", ostensibly about a late night fast food run, isn't really a commentary on the tedious stupidity of R. Kelly's original...
I understand that if you overwrite the data with zeros, you can figure out the original state of many of the bits, because there will be a tiny bit of charge present in the bits that had been 1.
I understand that if you overwrite it with zeros again, you might still be able to recover some of the data.
I don't understand how, if the data is overwritten with random crap at least twice, you'd be able to distinguish between the previous (random) state and the original state for any given bit.
So how come no attacks to speak of? My vote is that the Russian Mafia all use macs, and they don't want to foul their own nest. :-)
More likely the opposite is true: the Russian mafia all use PCs, and they have no idea how to write a Mac virus.
If the marketshare argument was true then there wouldn't have been any viruses for pre-OSX Macs either. But there were; lots of them.
Malware was different in those days. Yes, there used to be Mac viruses. Nowhere near as many as DOS/Windows viruses, but a lot. They were mostly transmitted on physical media, not downloaded over a network; most of them were written before TCP/IP support was included in the OS. Most of the holes that allowed the old viruses to spread have been closed, and there just aren't that many holes that new viruses can take advantage of.
Old-school Mac viruses were created by people looking for a creative way to make a virus because it was a fun challenge and it might gain them a bit of notoriety; there was never any profit in it (and most of the viruses weren't deliberately destructive, although some of them were accidentally destructive due to bugs). Modern malware authors are in it for the money.
Since the OS itself is really pretty secure these days, the best way to spread Mac malware is to trick the user into deliberately executing your code for you, clicking through all the security warnings. If you're in it for the money, that's the approach you'll take. If you're not in it for the money, there's no technical challenge in that! Anybody could make a malicious application that looks like a fun toy, so what's the point?
And if you're in it for the money, there's more money to be made on Windows right now. As Macs grow in popularity and Windows users start keeping their antivirus software up to date, the balance will shift, but it hasn't shifted yet.
What do you suggest REI should have done differently under the circumstances?
Ah, well good, that's something they fixed then. My mistake. What about adding a printer, though?