Actually, I just set the input mode at the bottom to "code". For a while the code tag itself wasn't working, but I see it is again. I don't tend to use it that much.
My general rule is that one should stick to default settings unless one has a good reason to vary from them, if for no other reason than to remain close to the documentation, for the sake of other poor slobs who may have to maintain your system, and that nontrivial variations should be documented.
You're absolutely right.
I've worked on an awful lot of machines over the years. Myself, I got annoyed that things like Apache would show up in unexpected places. To make a simple change to a web page, where no one is around that knows the right path, I've had to drop test files "echo test > testme.html", and try to hit it with the web browser. Quite a few times, I've found entire duplicates of their site in the wrong directory, because someone before me thought it was right, so they uploaded everything there. Don't ask if you can clean up for them though, they'll freak. "You can't delete those, we might need them" (and then pointing out the last modified date was 5 years previous).
Some directory structures aren't totally distro specific. On distro X, it may be in one place in version 4.0, but another in 4.1, and yet another place from a patch. None of them are where the author intended, nor in the path shown in the documentation as you said.
While I respect LFS users it isn't actually *that* hard to build your own linux distro (if you already know your way around linux). But why would you make your own when you can build on top of an already proven platform?
I was just saying that if you're going to build on someone else's work, say that it's theirs with mods. The post I was replying to was complaining that these "distros" weren't distros, they were skins with some packages added. Only 2 of 12 were distros in their own right. The remaining 10 were existing distros with mods.
When I take Slackware and mod the heck out of it, it's still Slackware with mods.
The "asking questions" is just a polite formality. Its a lot easier and gets less attention if you walk to their car, rather than if they have to drag your freshly dead body. That, and it leaves less of a mess in their trunk.:)
Well, unless it was a "tragic incident during a home invasion." Or in the case of Drew Peterson's ex-wives, it could be a tragic accident at home, where you slip in the tub or fall into a barrel. Hey, accidents happen, right? I guess it's better than to be a guest at the Dahmer residence. Mmm, those hamburgers were good, where did you get the meat?
Ahhh, humans, you gotta love 'em. We always come up with creative ways to kill each other off.
[checks his pulse] Nope, they haven't gotten me yet.
My example must have been from an older busybox. I know I've seen it recently, but not everyone stays up to date on boot disk utilities.:) To find the flags, I just searched Google for "busybox cp options", and got this page, which shows the older options set.
If I'm moving a lot of stuff around, especially if there are a variety of ownerships and permissions, I (out of habit) use "cp -RPp". I know "cp -a" would do the same thing in either case. It wasn't crippled, it just broke my habits, and some scripts when they ran in that environment. I'm glad they updated it.
That's kind of where mine was progressing towards. I'd grab the sources, and the build scripts were flexible enough to build new versions. My build environment did everything from scratch on a weekly basis. The project was never completed (as I mentioned), but it was set up to rebuild everything from current sources and build a fresh ISO, so i didn't have to sit around waiting for it, I could just go grab the current ISO to use. It was to take advantage of the fact that there was a scheduled weekly build, so if say a new version of zlib came out because of a nasty bug, everything that was linked to it would be updated for me too. I'm sure we all remember that happening. Automation was important, so I couldn't screw something up manually.:)
Not every authors site has a friendly way to just check in and see what the current release is. Sometimes there are version number naming convention changes. Like their version history may go: 2.0 , 2.0.1beta, 2.0.2-rc3, 2.0.2-final, 2.0.2.1, 2.2 . You could go all crazy with regular expressions, but extra decimals, abbreviations, and text make it a nightmare to automate. Even if you just had a crawler in place to see if their releases page had changed, sometimes the authors simply add some text change, which would trigger it. Like, someone may have their releases on their front page, and put news updates also. Great. On Dec 25, you could very likely get a flurry of notices that pages changed, just to find out that a few dozen people put up a note saying "Merry Christmas". What's worse is when they move. They may have a message on their page saying that it's going to be served from a new site. You may have to go hunt it down.
I'd suspect it has been done. I'd also suspect that those folks spend a lot of time reading false alarms.
I read your post and i'm not really sure why you are taking something someone else did and trying to keep "loyal" to his work.
Over the years, I've seen many times where end users will have a fault that was a direct result of patches the distro vendor did. Basically, they install the vendor (distro) provided package. It has some nasty bug that makes the software crash. The end user goes to the software author's mailing list or forum (obvious choices for getting help with a specific program) and says "Your program always crashes. You need to fix it! Help me!" In reality, the software works fine as the author wrote it, but the vendor patches broke it. I've seen it where either applications, or even major libraries.
It's not always just crashing problems. Sometimes there are induced security holes. I cringe every time I see an announcement on a security mailing list, where the only affected systems are from a particular distro vendor, because they inadvertently created the security hole.
I believe in loyalty to the authors work, because they are the experts in it. If there's a fix to be made, provide it to the author, and let them include it in their future release. If you think you know the authors software so much better than them, and their program needs your patches so bad but you aren't willing to submit them back up, fork it or write your own competing software.
If your making your own distro/branch/whatever. You snapshot whatever source your taking it from, and then just work from that. If you keep going back to the source and trying to add updates to your NOT finished work, you will never get your project finished.
You don't read security mailing lists much, do you? You'll never make a snapshot of a utopian world. Program x today may have a huge bugfix tomorrow. Distros are always putting out upgrade packages specifically to fix problems. If you just grab what's available today, and bury your head in the sand, you'll have all kinds of problems in the future. I worked somewhere, and they sang the song you're singing. They'd used a particular version of a distro years ago. Once they decided that worked for them, they kept installing the same version of that distro everywhere. They didn't do patches. They didn't upgrade anything because "We don't know what else it could break." They also found themselves vulnerable to a huge variety of remote exploits that had been corrected in subsequent patches and newer versions.
Plus, if your going to follow someones source so close, just go help them out instead of stealing their crap and changing stuff for your own. Your just wasting your time, and then theirs if they are trying to help you fix something that's not working.
Where did I say anything about stealing anyone else's stuff?
I was using Slackbuilds, but those can get complicated, with programs that require complex setups. I wish everyone just set up for "./configure && make && make install", of course with setting an install prefix so it doesn't just go stomping all over the running filesystem.
For my old work, we ran our own Slackware mirror, and let it pull additional packages as needed. It was a very smooth operation. You have to love a network of about 150 machines, where there are just two guys doing all of the IT, and everything works like clockwork, so the only "urgent" work is the occasional page warning something is down. Of course, those come at the worst times. No woman is impressed when your phone starts beeping, when you're having an X rated adult moment. Somehow, the servers knew when it was happening, and would break something before either of us finished.:(
Xorg became almost mindless to get configured. Just run xorgconfig, and let it do it's thing. Ok, so it's not well documented, or at least I don't read the documentation.
I was having an argument at one job, where they were very insistent that they *MUST* run a Redhat derivative. I was working on one specific machine, so it wasn't just identical hardware, it was the same machine. I found it I installed various verions of Redhat, Fedora, CentOS, and Slackware. Slackware performed like a champ. The others, not so well. Each had it's own fatal problem. Some couldn't see the network card, and no loadable module would make it work, so I added a second card when running that one. Some couldn't get into X at all, insisting the video card didn't exit. For them, I had made a backup of my xorg.conf, so I could copy it back in. Different problems came up with our own application, which was the purpose of the machine. I put Slackware on, when they were finally desperate for a solution. Slackware picked up all the devices properly, and went into X, just as it was told to.
I'm a strong believer in building kernels specifically for the machine that's in use. I don't want extra drivers. I don't want loadable kernel modules. If the hardware exists, it'll exist. Build it all in, and leave out the fluff. It cuts down the kernel build time dramatically, and improves the performance of the machine. Oh, I didn't mention, building your own kernel may as well have been a moral sin. The guy in charge of the department {sigh} once tried to build a kernel, and it didn't work. Ever since then, customized kernels were against company policy.
Most of my laptops get the dual-boot treatment. If I'm on the road, and must run a Windows app, I can boot into Windows. That's for silly things like cell modems who don't want to activate on anything but Windows, and for the occasional "But it doesn't work under MSIE" complaint, so I can bring it up in Windows and verify that they were stupid.
I've only had one laptop that didn't perform very well under Linux. There was some funky software control for the wireless network card, where the card would be seen, and an IP could be statically set on it, but there was a soft button that enabled the antenna. I didn't find a physical reason for it, so it's something they put in the card.
I know we've come a long way with Linux. There's really no messing around with every driver, trying to get sound, graphic mode video, etc, up. Usually, a generic install will make everything work fine. I remember the "good old days", when once you got Linux installed, you were trying to figure out what drivers would support your hardware
On my current laptop, an Acer Aspire 5532, there's something funky with the touchpad mouse. It doesn't accept clicks on the pad. You have to reach down, and click the physical mouse buttons. That's no show stopper. It's a known bug with these specific touchpads. The damned thing doesn't work very well under Windows either, so I use a wireless USB mouse most of the time. I can't complain much, it was a $350 laptop, and works very nicely.
My home machine dual boots (Slackware64 13.0 and Windows 7 Ultimate). I've had several instances so far where Windows messes up and doesn't want to boot. I can go into Linux and everything is fine. I have to dual boot it though. There's one game, Stargate Resistance(Wine info says it won't work) that I need Windows to play. Even then, it won't play for more than a few minutes on an ATI video card. With a Nvidia card, it plays fine, but there's a bug in the Win7 x64 driver so even Windows will randomly crash. Nice, huh? So, when I want to do something, and keep doing it, I do it under Linux. When I want to play the game, I play under Windows un
I only did it to differentiate between those who have chosen to use Ubuntu, and those who didn't. I know Ubuntu is a pretty skinned Debian with some extra patches. Ubuntu patches on top of Debian patches, on previously good code, what could possibly go wrong. Oh, lots.
It's similar to CentOS being a patched derivation of RHEL. It's another layer of people messing with perfectly good code, and making it not so perfectly good. In the list provided, there were no CentOS, RHEL, nor Fedora variations, so I didn't mention them.
I'm anything but a fan of messing with someone else's code, unless it's for internal use. Sure, I'll make my own changes to your code, but I won't then distribute it as if it was as good as the original. I know there are a lot of authors and software companies/groups who agree with me on that. My changes are usually performance patches (as necessary), and usually commented in the code that the change may be acceptable. For example, here's one I use on Apache for my web servers:
cd apache_$apache/src/include ; cat httpd.h | sed -e s/HARD_SERVER_LIMIT\\ 256/HARD_SERVER_LIMIT\\ 4096/g > httpd.h.new ; mv httpd.h.new httpd.h.
(that's just one line of my 152 line Apache/PHP/mod_ssl build script. It's 76 lines without the comments and stdout messages showing the status of the build)
I don't pass it off my Apache as the official Apache version though. It's known if you use my Apache/PHP/mod_ssl build script, it will make some minor changes like this. If you use my build of Apache, it's a given I've made some changes. It's amazing, I can drop this on just about any server, and it's blazing fast compared to the RH provided one. I can't comment on what changes Debian or Ubuntu make to their installed version of Apache, I haven't needed to deal with that yet for a high load production environment.
Thanks. Since the only one left is tinfoil, I grabbed it, and did a little poking around. Just based on the mentions in the readme.txt, it may be a self-rolled distro. It to be Busybox based. I was thinking of rolling one of those up myself, except busybox annoys me when it can't do particular things because it doesn't understand posix flags (my biggest annoyance is with cp). That can be corrected easily enough with some select static binaries, rather than symbolic links to busybox.:)
There are others, I've just had quite a few occasions to boot to a Busybox based CD, and then my commands don't work. Or worse, a script on the machine doesn't work because the flags don't work.
So the distro tally is up to:
Damn Vulnerable Linux Debian Tinfoil Hat Linux self-rolled (?) CAINE Ubuntu CAELinux Ubuntu Ubuntu Christian Edition Ubuntu live.linuX-gamers.net Arch Parted Magic Ubuntu GMusix GNU+Linux Debian Zeroshell Linux self-rolled - LFS methods Mythbuntu Ubuntu Damn Small Linux Debian Tiny Core Linux self-rolled
Ubuntu (5) 41.6% Debian (3) 25.0% Arch (1) 8.3% -------------- Known Distros (9) 75.0% Original (3) 25.0%
That's still a long way from a list of distros to check out, unless you like checking out the same thing over... and over... and over...
BTW, sorry for the code formatting. I wanted to keep my columns straight in the data parts of the post, and I don't know of a better way on here to do it.
Really, I hadn't thought it was so hard until I tried. I'm glad I did. It's something every really serious senior Linux admin should try at least once. Besides a very interesting understanding of how things work beyond "type this command, watch this happen", it taught me to respect my elders, and watch for mistakes that are made (like the patching chaos that is the Redhat/Debian/derivatives world).
After that dive in, I pray to the Slackware god, since he does things pretty damned close to the way I like. There are several finer points that I could probably argue with Patrick about over beers sometime (assuming we're ever in the same place at the same time, and he'd accept a free drink or three). Not that the argument would get anywhere, but it would be a nice discussion, and a fun excuse to drink. Bah. Who needs excuses for that?:)
It only took 12 hours for the site to load, but lets have a look at the "distro" and their roots.
Damn Vulnerable Linux unknown Tinfoil Hat Linux unknown CAINE Ubuntu CAELinux Ubuntu Ubuntu Christian Edition Ubuntu live.linuX-gamers.net unknown Parted Magic Ubuntu GMusix GNU+Linux Debian Zeroshell Linux LFS methods (i.e., actually rolled themselves) Mythbuntu Ubuntu Damn Small Linux Debian Tiny Core Linux unknown
Ubuntu 41.6% Debian 16.6% -------------- Known Distros 58.3%
Unknown distros 33.3% Original works 8.3%
Feel free to reply with updates if you know the origin of the unknown's.
I know from personal experience, rolling your own distro is hard work. I tried, using other distros (Slackware and LFS methods) as a guide. Just taking someone elses patched beyond usefulness sources and calling them your own isn't your own work. You aren't building, and you can't go back to the original author and submit a fix. Mine was to stay true to the original author's work, since I've seen so many problems which are directly (correctly) attributed to some distro haphazardly patching (and breaking) things.
I spent a lot of spare time writing and rewriting build scripts, hunting down sources (real quick, where is the authors site for the most current version of "ps"?), building a build environment, building the sources into installable packages. It sounds like an awful lot of fun, until you've already spent a month putting things together, and you've just gotten past the low level stuff (basic system utilities, filesystem utilities, compilers, major required libraries, and the boot loader of your choice). Wow, a month later, and we don't even have X, a desktop manager, or occasionally useful things like a web browser. Now you have to go back and check all your versions against the current version available from the author. Unless you have a rather dedicated team of folks with no day jobs nor personal lives, you'll spend your days just verifying that your packages are built from current sources.
God forbid there's a change in say glibc, which breaks some other application. Now you're notifying the author of the application, which can be a job in itself to go back and forth with them about what distro you're running (built it myself). Oh, you're own? That's good and bad. What versions of the compiler and required libraries are you using? "Sign up to my mailing list, so we can all work on it." Two weeks later, you may have a patch which may become a released version two more weeks later. If you're a good guy, and somehow have way too much time on your hands, well versed in every programming language and methodology, a genetic disposition to not sleeping, and a serious speed habit, you may be patching it yourself, and handing that patch up to the author. What? Your patch was refused because it didn't follow his methodology? It doesn't work in recursion and will break older distros (like the one right before the glibc update). Now you've fallen into what others do. I'll patch mine, but just this one, I swear. It'll be the authors true code when he releases the right fix. On to the next!
The electronic ones are the obvious ones. Well, the ones that are public knowledge. I know of a few other routes that they're done by, that are not necessarily public knowledge. Well, given to me as "This is probably still classified, so I can't tell you all of it, but...."
They were told to me for the sake that they were technologically and historically interesting. Through other means, more information was gathered on them to confirm that they were real. I'll suffice it to say (for the sake of the black van parked outside my house), there's more to modern intelligence than is provided publicly or portrayed in the media, television, or movies.
If the Carter administration let 10,000 intelligence gathering people go, there are tens of thousands of others still out there, either in dark dungeons (like us, living in datacenters), or in the field continuing their covers so they aren't found and executed.
The 9/11 intelligence was gathered and processed. It was ignored by the decision makers as a non-threat. You can thank the then-current administration for that one.
That's those damned foreigners. Us Americans are the shining example of how to do things right. If Ms. Manners had to pick a government to say others should act like, it would be the fine United States of America.
(I hope everyone can read my sarcasm in these posts)
He's definitely the exception to what I said, not the rule. I've known people like him. They're great to have beside you in a bar fight. Not so great to be the one angry at you.
"No sir, your girlfriend wasn't all over me. That was another girl that looked a lot like her, I promise."
Lets not forget about the ultimate, ROT52. 4 times the security at only 4 times the price. From what I understand, it's to be the new official government standard for encrypting classified documents. AES is just too hard to do with a pencil and paper.
Nah, she'll just sit on you so you can't pull out. She's been gaining weight for attention for years, she needs that little crying shitting bundle of joy so people will look at her.
Makes me think of someone I saw yesterday. She had an oxygen tank and cane, because she could barely walk. She had a dozen gallon boxes of ice cream, and enough other assorted crap foods that could feed a normal person for a month (or more).
I can hear the conversation with her doctor now.
"No ma'am, the human body isn't designed to carry the weight of an elephant. And please don't bring a bucket of fried chicken into my examining room again."
"Are you saying I'm fat? I'm not fat. It's genetics that make me like this!"
"Ma'am, the only genetics at work here are the ones that make you too dumb to realize you eat too much. And, where's my nurse?"
"Sorry, I was hungry."
Unfortunately, she was wearing a dress, and I saw her ankles. Well, there were no ankles, just a huge chunk of flesh that went from somewhere I don't want to even think about down to her shoes that were crushed under the pressure. And she was with her fat kid, probably all of 12 years old, about 5' tall and 180 pounds. Ya momma, treat your kids like you treat yourself.
Ya, it's always "blow up the evil base", "destroy his equipment", etc, etc. Don't they realize it's advantageous to loot the evil base for technology and resources? The badguy always has some spiffy superweapon that borders on physically impossible.... or is that how Batman gets a spiffy new car in every movie?
Actually, the reason you'd see the same or similar ads in a particular genre of porn would be that porn folks are usually pretty good at targeted marketing. For the successful ones, they watch their revenue streams very carefully. They learn (through trial and error mostly) which ad campaigns work, which ones don't, and the best placement on their pages.
There are some shady dealings too, where folks running ad campaigns shave profits. If campaign A gives them 1:300 conversion rate, but campaign B gives them a 1:600 conversion rate, but all other things are the same (same type of content, same cost and membership length) you can look at the possibility that the company running the campaign is stealing from you.
Popovers, popunders, jumping monkeys, or whatever aren't the biggest concern of the webmaster. If that ad method didn't make money, it wouldn't be used. It's not worth it for the webmaster to waste space and/or time with ads people don't click on, or worse, ads that don't pay.
For most of them, it's far from their best interest, to have a malware infected site. If you go there, and your antivirus does kick off saying "This site is infected, run!", you're very likely not to go there again. You may tell your perv friends "Hey, don't go there, it has viruses." If it's a "clean" site (as in viruses, not smut level), you may be back every day, and tell your perv friends "hey, check this site out."
Word of mouth doesn't seem like it would be that significant, but it is. I worked at one of the highest trafficked adult sites for many years. They got that big by word of mouth. SEO on the site was almost nonexistent, unless you are looking for their name only, which they usually abbreviated, making that useless too. It was in their best interest to keep it a safe place to go.
I'd guess most of the malware stuff is either done by dirty webmasters who don't ever expect to have a repeat visitor, or (and more of) lost and lonely porn sites in virtual hosting environments, where the user permissions were all set wrong. Have 0666 / a+rw on your files is an open invitation for anyone else on that machine to cause you a lot of grief.
A lot of times, people don't even know that the problem exists. I was helping someone out with a non-porn site. I pulled down a copy of the live site with wget. That was fine. I went to their location, and we downloaded the entire contents of their site, and there were two html files with javascript malware in them, that weren't linked from the live site. It appears someone else on the server had a script crawl through and add their malicious payload to any default.html that was world writeable. The script kiddies can't tell if the files are actually used, they just write to anything they can. Sometimes they'll stick it in any.html or.htm file that's world writeable, but that takes longer than just sticking it in any index.html or default.html that they can.
Regular webmaster type folks usually only have a handful of sites. Porn webmasters usually have hundreds or thousands of them. It's all about how much exposure your content gets. If I have one site, the chances of someone tripping over my site are slim. If I have 10,000 sites, the chances get much better, which means my ads are seen and I can make more money. People rarely set up porn sites for their love of the topic. They do it to make money.
The Segway in every home was sarcasm.:) When it was announced, it was lead by announcements of "it", and there was all kinds of speculation in many places, including here. I just see it as a rich kid toy, where they had excess money to burn.
My example was a rural area. They never provided a good reason for the expansion. There was no city water, sewer, or gas. The only utilities were power, phones, and (eventually) cable. Those were all run overhead.
In that it was a rural area, the fences were usually to keep livestock in. It wasn't decorative or for security. Moving a length of fence isn't a terribly big deal for most residential properties, but when a single change like that has dozens of people moving several miles of fence, it does become a big deal. If I remember right (which I may not), the county finally conceded to allow the fences to remain in place, but any new fences must be built by their new rules, and if the county were to ever decide that they needed the fences moved, they'd be moved one way or another. They had made enough room for a 4 lane highway to be put through (in theory), where only a couple dozen people ever drove that road, and it didn't look like that would increase any time in the foreseeable future. In reality, 20 years later, last I heard is that the population is the same there, mostly the same families that had lived there for quite a while.
Slashdot Mirror
Actually, I just set the input mode at the bottom to "code". For a while the code tag itself wasn't working, but I see it is again. I don't tend to use it that much.
You're absolutely right.
I've worked on an awful lot of machines over the years. Myself, I got annoyed that things like Apache would show up in unexpected places. To make a simple change to a web page, where no one is around that knows the right path, I've had to drop test files "echo test > testme.html", and try to hit it with the web browser. Quite a few times, I've found entire duplicates of their site in the wrong directory, because someone before me thought it was right, so they uploaded everything there. Don't ask if you can clean up for them though, they'll freak. "You can't delete those, we might need them" (and then pointing out the last modified date was 5 years previous).
Some directory structures aren't totally distro specific. On distro X, it may be in one place in version 4.0, but another in 4.1, and yet another place from a patch. None of them are where the author intended, nor in the path shown in the documentation as you said.
I was just saying that if you're going to build on someone else's work, say that it's theirs with mods. The post I was replying to was complaining that these "distros" weren't distros, they were skins with some packages added. Only 2 of 12 were distros in their own right. The remaining 10 were existing distros with mods.
When I take Slackware and mod the heck out of it, it's still Slackware with mods.
The "asking questions" is just a polite formality. Its a lot easier and gets less attention if you walk to their car, rather than if they have to drag your freshly dead body. That, and it leaves less of a mess in their trunk. :)
Well, unless it was a "tragic incident during a home invasion." Or in the case of Drew Peterson's ex-wives, it could be a tragic accident at home, where you slip in the tub or fall into a barrel. Hey, accidents happen, right? I guess it's better than to be a guest at the Dahmer residence. Mmm, those hamburgers were good, where did you get the meat?
Ahhh, humans, you gotta love 'em. We always come up with creative ways to kill each other off.
[checks his pulse] Nope, they haven't gotten me yet.
My example must have been from an older busybox. I know I've seen it recently, but not everyone stays up to date on boot disk utilities. :) To find the flags, I just searched Google for "busybox cp options", and got this page, which shows the older options set.
http://spblinux.de/2.0/doc/cp.html
If I'm moving a lot of stuff around, especially if there are a variety of ownerships and permissions, I (out of habit) use "cp -RPp". I know "cp -a" would do the same thing in either case. It wasn't crippled, it just broke my habits, and some scripts when they ran in that environment. I'm glad they updated it.
That's kind of where mine was progressing towards. I'd grab the sources, and the build scripts were flexible enough to build new versions. My build environment did everything from scratch on a weekly basis. The project was never completed (as I mentioned), but it was set up to rebuild everything from current sources and build a fresh ISO, so i didn't have to sit around waiting for it, I could just go grab the current ISO to use. It was to take advantage of the fact that there was a scheduled weekly build, so if say a new version of zlib came out because of a nasty bug, everything that was linked to it would be updated for me too. I'm sure we all remember that happening. Automation was important, so I couldn't screw something up manually. :)
Not every authors site has a friendly way to just check in and see what the current release is. Sometimes there are version number naming convention changes. Like their version history may go: 2.0 , 2.0.1beta, 2.0.2-rc3, 2.0.2-final, 2.0.2.1, 2.2 . You could go all crazy with regular expressions, but extra decimals, abbreviations, and text make it a nightmare to automate. Even if you just had a crawler in place to see if their releases page had changed, sometimes the authors simply add some text change, which would trigger it. Like, someone may have their releases on their front page, and put news updates also. Great. On Dec 25, you could very likely get a flurry of notices that pages changed, just to find out that a few dozen people put up a note saying "Merry Christmas". What's worse is when they move. They may have a message on their page saying that it's going to be served from a new site. You may have to go hunt it down.
I'd suspect it has been done. I'd also suspect that those folks spend a lot of time reading false alarms.
Over the years, I've seen many times where end users will have a fault that was a direct result of patches the distro vendor did. Basically, they install the vendor (distro) provided package. It has some nasty bug that makes the software crash. The end user goes to the software author's mailing list or forum (obvious choices for getting help with a specific program) and says "Your program always crashes. You need to fix it! Help me!" In reality, the software works fine as the author wrote it, but the vendor patches broke it. I've seen it where either applications, or even major libraries.
It's not always just crashing problems. Sometimes there are induced security holes. I cringe every time I see an announcement on a security mailing list, where the only affected systems are from a particular distro vendor, because they inadvertently created the security hole.
I believe in loyalty to the authors work, because they are the experts in it. If there's a fix to be made, provide it to the author, and let them include it in their future release. If you think you know the authors software so much better than them, and their program needs your patches so bad but you aren't willing to submit them back up, fork it or write your own competing software.
You don't read security mailing lists much, do you? You'll never make a snapshot of a utopian world. Program x today may have a huge bugfix tomorrow. Distros are always putting out upgrade packages specifically to fix problems. If you just grab what's available today, and bury your head in the sand, you'll have all kinds of problems in the future. I worked somewhere, and they sang the song you're singing. They'd used a particular version of a distro years ago. Once they decided that worked for them, they kept installing the same version of that distro everywhere. They didn't do patches. They didn't upgrade anything because "We don't know what else it could break." They also found themselves vulnerable to a huge variety of remote exploits that had been corrected in subsequent patches and newer versions.
Where did I say anything about stealing anyone else's stuff?
I was using Slackbuilds, but those can get complicated, with programs that require complex setups. I wish everyone just set up for "./configure && make && make install", of course with setting an install prefix so it doesn't just go stomping all over the running filesystem.
For my old work, we ran our own Slackware mirror, and let it pull additional packages as needed. It was a very smooth operation. You have to love a network of about 150 machines, where there are just two guys doing all of the IT, and everything works like clockwork, so the only "urgent" work is the occasional page warning something is down. Of course, those come at the worst times. No woman is impressed when your phone starts beeping, when you're having an X rated adult moment. Somehow, the servers knew when it was happening, and would break something before either of us finished. :(
Xorg became almost mindless to get configured. Just run xorgconfig, and let it do it's thing. Ok, so it's not well documented, or at least I don't read the documentation.
I was having an argument at one job, where they were very insistent that they *MUST* run a Redhat derivative. I was working on one specific machine, so it wasn't just identical hardware, it was the same machine. I found it I installed various verions of Redhat, Fedora, CentOS, and Slackware. Slackware performed like a champ. The others, not so well. Each had it's own fatal problem. Some couldn't see the network card, and no loadable module would make it work, so I added a second card when running that one. Some couldn't get into X at all, insisting the video card didn't exit. For them, I had made a backup of my xorg.conf, so I could copy it back in. Different problems came up with our own application, which was the purpose of the machine. I put Slackware on, when they were finally desperate for a solution. Slackware picked up all the devices properly, and went into X, just as it was told to.
I'm a strong believer in building kernels specifically for the machine that's in use. I don't want extra drivers. I don't want loadable kernel modules. If the hardware exists, it'll exist. Build it all in, and leave out the fluff. It cuts down the kernel build time dramatically, and improves the performance of the machine. Oh, I didn't mention, building your own kernel may as well have been a moral sin. The guy in charge of the department {sigh} once tried to build a kernel, and it didn't work. Ever since then, customized kernels were against company policy.
Most of my laptops get the dual-boot treatment. If I'm on the road, and must run a Windows app, I can boot into Windows. That's for silly things like cell modems who don't want to activate on anything but Windows, and for the occasional "But it doesn't work under MSIE" complaint, so I can bring it up in Windows and verify that they were stupid.
I've only had one laptop that didn't perform very well under Linux. There was some funky software control for the wireless network card, where the card would be seen, and an IP could be statically set on it, but there was a soft button that enabled the antenna. I didn't find a physical reason for it, so it's something they put in the card.
I know we've come a long way with Linux. There's really no messing around with every driver, trying to get sound, graphic mode video, etc, up. Usually, a generic install will make everything work fine. I remember the "good old days", when once you got Linux installed, you were trying to figure out what drivers would support your hardware
On my current laptop, an Acer Aspire 5532, there's something funky with the touchpad mouse. It doesn't accept clicks on the pad. You have to reach down, and click the physical mouse buttons. That's no show stopper. It's a known bug with these specific touchpads. The damned thing doesn't work very well under Windows either, so I use a wireless USB mouse most of the time. I can't complain much, it was a $350 laptop, and works very nicely.
My home machine dual boots (Slackware64 13.0 and Windows 7 Ultimate). I've had several instances so far where Windows messes up and doesn't want to boot. I can go into Linux and everything is fine. I have to dual boot it though. There's one game, Stargate Resistance (Wine info says it won't work) that I need Windows to play. Even then, it won't play for more than a few minutes on an ATI video card. With a Nvidia card, it plays fine, but there's a bug in the Win7 x64 driver so even Windows will randomly crash. Nice, huh? So, when I want to do something, and keep doing it, I do it under Linux. When I want to play the game, I play under Windows un
I only did it to differentiate between those who have chosen to use Ubuntu, and those who didn't. I know Ubuntu is a pretty skinned Debian with some extra patches. Ubuntu patches on top of Debian patches, on previously good code, what could possibly go wrong. Oh, lots.
It's similar to CentOS being a patched derivation of RHEL. It's another layer of people messing with perfectly good code, and making it not so perfectly good. In the list provided, there were no CentOS, RHEL, nor Fedora variations, so I didn't mention them.
I'm anything but a fan of messing with someone else's code, unless it's for internal use. Sure, I'll make my own changes to your code, but I won't then distribute it as if it was as good as the original. I know there are a lot of authors and software companies/groups who agree with me on that. My changes are usually performance patches (as necessary), and usually commented in the code that the change may be acceptable. For example, here's one I use on Apache for my web servers:
cd apache_$apache/src/include ; cat httpd.h | sed -e s/HARD_SERVER_LIMIT\\ 256/HARD_SERVER_LIMIT\\ 4096/g > httpd.h.new ; mv httpd.h.new httpd.h.
(that's just one line of my 152 line Apache/PHP/mod_ssl build script. It's 76 lines without the comments and stdout messages showing the status of the build)
I don't pass it off my Apache as the official Apache version though. It's known if you use my Apache/PHP/mod_ssl build script, it will make some minor changes like this. If you use my build of Apache, it's a given I've made some changes. It's amazing, I can drop this on just about any server, and it's blazing fast compared to the RH provided one. I can't comment on what changes Debian or Ubuntu make to their installed version of Apache, I haven't needed to deal with that yet for a high load production environment.
Thanks. Since the only one left is tinfoil, I grabbed it, and did a little poking around. Just based on the mentions in the readme.txt, it may be a self-rolled distro. It to be Busybox based. I was thinking of rolling one of those up myself, except busybox annoys me when it can't do particular things because it doesn't understand posix flags (my biggest annoyance is with cp). That can be corrected easily enough with some select static binaries, rather than symbolic links to busybox. :)
... Target
... Target
... and over ... and over ...
The busybox "cp" flags are:
cp [-a] [-d] [-p] [-R] Source
The posix "cp" flags are:
cp [-f] [-H] [-i] [-p] [-r | -R] [--] Source
There are others, I've just had quite a few occasions to boot to a Busybox based CD, and then my commands don't work. Or worse, a script on the machine doesn't work because the flags don't work.
So the distro tally is up to:
Damn Vulnerable Linux Debian
Tinfoil Hat Linux self-rolled (?)
CAINE Ubuntu
CAELinux Ubuntu
Ubuntu Christian Edition Ubuntu
live.linuX-gamers.net Arch
Parted Magic Ubuntu
GMusix GNU+Linux Debian
Zeroshell Linux self-rolled - LFS methods
Mythbuntu Ubuntu
Damn Small Linux Debian
Tiny Core Linux self-rolled
Ubuntu (5) 41.6%
Debian (3) 25.0%
Arch (1) 8.3%
--------------
Known Distros (9) 75.0%
Original (3) 25.0%
That's still a long way from a list of distros to check out, unless you like checking out the same thing over
BTW, sorry for the code formatting. I wanted to keep my columns straight in the data parts of the post, and I don't know of a better way on here to do it.
hehe. Thanks. :)
Really, I hadn't thought it was so hard until I tried. I'm glad I did. It's something every really serious senior Linux admin should try at least once. Besides a very interesting understanding of how things work beyond "type this command, watch this happen", it taught me to respect my elders, and watch for mistakes that are made (like the patching chaos that is the Redhat/Debian/derivatives world).
After that dive in, I pray to the Slackware god, since he does things pretty damned close to the way I like. There are several finer points that I could probably argue with Patrick about over beers sometime (assuming we're ever in the same place at the same time, and he'd accept a free drink or three). Not that the argument would get anywhere, but it would be a nice discussion, and a fun excuse to drink. Bah. Who needs excuses for that? :)
It only took 12 hours for the site to load, but lets have a look at the "distro" and their roots.
Damn Vulnerable Linux unknown
Tinfoil Hat Linux unknown
CAINE Ubuntu
CAELinux Ubuntu
Ubuntu Christian Edition Ubuntu
live.linuX-gamers.net unknown
Parted Magic Ubuntu
GMusix GNU+Linux Debian
Zeroshell Linux LFS methods (i.e., actually rolled themselves)
Mythbuntu Ubuntu
Damn Small Linux Debian
Tiny Core Linux unknown
Ubuntu 41.6%
Debian 16.6%
--------------
Known Distros 58.3%
Unknown distros 33.3%
Original works 8.3%
Feel free to reply with updates if you know the origin of the unknown's.
I know from personal experience, rolling your own distro is hard work. I tried, using other distros (Slackware and LFS methods) as a guide. Just taking someone elses patched beyond usefulness sources and calling them your own isn't your own work. You aren't building, and you can't go back to the original author and submit a fix. Mine was to stay true to the original author's work, since I've seen so many problems which are directly (correctly) attributed to some distro haphazardly patching (and breaking) things.
I spent a lot of spare time writing and rewriting build scripts, hunting down sources (real quick, where is the authors site for the most current version of "ps"?), building a build environment, building the sources into installable packages. It sounds like an awful lot of fun, until you've already spent a month putting things together, and you've just gotten past the low level stuff (basic system utilities, filesystem utilities, compilers, major required libraries, and the boot loader of your choice). Wow, a month later, and we don't even have X, a desktop manager, or occasionally useful things like a web browser. Now you have to go back and check all your versions against the current version available from the author. Unless you have a rather dedicated team of folks with no day jobs nor personal lives, you'll spend your days just verifying that your packages are built from current sources.
God forbid there's a change in say glibc, which breaks some other application. Now you're notifying the author of the application, which can be a job in itself to go back and forth with them about what distro you're running (built it myself). Oh, you're own? That's good and bad. What versions of the compiler and required libraries are you using? "Sign up to my mailing list, so we can all work on it." Two weeks later, you may have a patch which may become a released version two more weeks later. If you're a good guy, and somehow have way too much time on your hands, well versed in every programming language and methodology, a genetic disposition to not sleeping, and a serious speed habit, you may be patching it yourself, and handing that patch up to the author. What? Your patch was refused because it didn't follow his methodology? It doesn't work in recursion and will break older distros (like the one right before the glibc update). Now you've fallen into what others do. I'll patch mine, but just this one, I swear. It'll be the authors true code when he releases the right fix. On to the next!
The electronic ones are the obvious ones. Well, the ones that are public knowledge. I know of a few other routes that they're done by, that are not necessarily public knowledge. Well, given to me as "This is probably still classified, so I can't tell you all of it, but...."
They were told to me for the sake that they were technologically and historically interesting. Through other means, more information was gathered on them to confirm that they were real. I'll suffice it to say (for the sake of the black van parked outside my house), there's more to modern intelligence than is provided publicly or portrayed in the media, television, or movies.
If the Carter administration let 10,000 intelligence gathering people go, there are tens of thousands of others still out there, either in dark dungeons (like us, living in datacenters), or in the field continuing their covers so they aren't found and executed.
The 9/11 intelligence was gathered and processed. It was ignored by the decision makers as a non-threat. You can thank the then-current administration for that one.
That's those damned foreigners. Us Americans are the shining example of how to do things right. If Ms. Manners had to pick a government to say others should act like, it would be the fine United States of America.
(I hope everyone can read my sarcasm in these posts)
He's definitely the exception to what I said, not the rule. I've known people like him. They're great to have beside you in a bar fight. Not so great to be the one angry at you.
"No sir, your girlfriend wasn't all over me. That was another girl that looked a lot like her, I promise."
[runs away quickly]
The United States gets very offended by espionage activity, because we would never do it to anyone else. They promise. Not a single satellite. No high altitude spy planes. No high altitude long range supersonic spy planes (we retired all of these, we promise). No remote control spy planes. No flock of agencies with covert operations world wide. Nope, not the US. Keep your spies out of our country, we don't do it to you.
Excuse me, there are a couple nice men in black suits knocking at my door that just want to ask me a few questions.
Lets not forget about the ultimate, ROT52. 4 times the security at only 4 times the price. From what I understand, it's to be the new official government standard for encrypting classified documents. AES is just too hard to do with a pencil and paper.
Nah, she'll just sit on you so you can't pull out. She's been gaining weight for attention for years, she needs that little crying shitting bundle of joy so people will look at her.
Makes me think of someone I saw yesterday. She had an oxygen tank and cane, because she could barely walk. She had a dozen gallon boxes of ice cream, and enough other assorted crap foods that could feed a normal person for a month (or more).
I can hear the conversation with her doctor now.
"No ma'am, the human body isn't designed to carry the weight of an elephant. And please don't bring a bucket of fried chicken into my examining room again."
"Are you saying I'm fat? I'm not fat. It's genetics that make me like this!"
"Ma'am, the only genetics at work here are the ones that make you too dumb to realize you eat too much. And, where's my nurse?"
"Sorry, I was hungry."
Unfortunately, she was wearing a dress, and I saw her ankles. Well, there were no ankles, just a huge chunk of flesh that went from somewhere I don't want to even think about down to her shoes that were crushed under the pressure. And she was with her fat kid, probably all of 12 years old, about 5' tall and 180 pounds. Ya momma, treat your kids like you treat yourself.
Ya, it's always "blow up the evil base", "destroy his equipment", etc, etc. Don't they realize it's advantageous to loot the evil base for technology and resources? The badguy always has some spiffy superweapon that borders on physically impossible. ... or is that how Batman gets a spiffy new car in every movie?
I still want to take the "Tumbler" for a drive.
Actually, the reason you'd see the same or similar ads in a particular genre of porn would be that porn folks are usually pretty good at targeted marketing. For the successful ones, they watch their revenue streams very carefully. They learn (through trial and error mostly) which ad campaigns work, which ones don't, and the best placement on their pages.
There are some shady dealings too, where folks running ad campaigns shave profits. If campaign A gives them 1:300 conversion rate, but campaign B gives them a 1:600 conversion rate, but all other things are the same (same type of content, same cost and membership length) you can look at the possibility that the company running the campaign is stealing from you.
Popovers, popunders, jumping monkeys, or whatever aren't the biggest concern of the webmaster. If that ad method didn't make money, it wouldn't be used. It's not worth it for the webmaster to waste space and/or time with ads people don't click on, or worse, ads that don't pay.
For most of them, it's far from their best interest, to have a malware infected site. If you go there, and your antivirus does kick off saying "This site is infected, run!", you're very likely not to go there again. You may tell your perv friends "Hey, don't go there, it has viruses." If it's a "clean" site (as in viruses, not smut level), you may be back every day, and tell your perv friends "hey, check this site out."
Word of mouth doesn't seem like it would be that significant, but it is. I worked at one of the highest trafficked adult sites for many years. They got that big by word of mouth. SEO on the site was almost nonexistent, unless you are looking for their name only, which they usually abbreviated, making that useless too. It was in their best interest to keep it a safe place to go.
I'd guess most of the malware stuff is either done by dirty webmasters who don't ever expect to have a repeat visitor, or (and more of) lost and lonely porn sites in virtual hosting environments, where the user permissions were all set wrong. Have 0666 / a+rw on your files is an open invitation for anyone else on that machine to cause you a lot of grief.
A lot of times, people don't even know that the problem exists. I was helping someone out with a non-porn site. I pulled down a copy of the live site with wget. That was fine. I went to their location, and we downloaded the entire contents of their site, and there were two html files with javascript malware in them, that weren't linked from the live site. It appears someone else on the server had a script crawl through and add their malicious payload to any default.html that was world writeable. The script kiddies can't tell if the files are actually used, they just write to anything they can. Sometimes they'll stick it in any .html or .htm file that's world writeable, but that takes longer than just sticking it in any index.html or default.html that they can.
Regular webmaster type folks usually only have a handful of sites. Porn webmasters usually have hundreds or thousands of them. It's all about how much exposure your content gets. If I have one site, the chances of someone tripping over my site are slim. If I have 10,000 sites, the chances get much better, which means my ads are seen and I can make more money. People rarely set up porn sites for their love of the topic. They do it to make money.
They still put bibles in hotel rooms? I haven't noticed. I only ever open the drawers to stash my ... errr ... No, I never open the drawers.
The Segway in every home was sarcasm. :) When it was announced, it was lead by announcements of "it", and there was all kinds of speculation in many places, including here. I just see it as a rich kid toy, where they had excess money to burn.
I speculate it'll be something as earth shattering as the "it" announcement was, or how every person has a Segway in their home now.
My example was a rural area. They never provided a good reason for the expansion. There was no city water, sewer, or gas. The only utilities were power, phones, and (eventually) cable. Those were all run overhead.
In that it was a rural area, the fences were usually to keep livestock in. It wasn't decorative or for security. Moving a length of fence isn't a terribly big deal for most residential properties, but when a single change like that has dozens of people moving several miles of fence, it does become a big deal. If I remember right (which I may not), the county finally conceded to allow the fences to remain in place, but any new fences must be built by their new rules, and if the county were to ever decide that they needed the fences moved, they'd be moved one way or another. They had made enough room for a 4 lane highway to be put through (in theory), where only a couple dozen people ever drove that road, and it didn't look like that would increase any time in the foreseeable future. In reality, 20 years later, last I heard is that the population is the same there, mostly the same families that had lived there for quite a while.