BIOS->login prompt in about 12 seconds or less (with tuning).
All the boot scripts are clearly written shell scripts that are easy to adapt (unlike most distros).
It's weaknesses are the packaging system, I just couldn't ever go back to any non-source-based packaging again. I still remember having to re-install to get new glibc support, never again.
I never had the problems you mention with FreeBSD or Linux, mainly because the libs I use seem to be always backwards compatible. Compared to the problems I have had with binary-packages I'll take a little library clashing anyday, at least you know that can be fixed in ten minutes by compiling two of the problem packages from source.
I reckon the lecturor said based on HTTP not run over HTTP, damnit, I'm still waiting for the final exam results too:/
SIP seems very nice and simple, I'm sure it wouldn't be too hard to add a "nat: <natport>" extension to it that could make the client send appropriate packets out to convince the NAT router that packets should be allowed back in on that particular port.
The entire NAT problem is overrated imo, its not like we don't have the processing power to deal with a little address & port remapping. It's worked perfectly well for me etc etc (don't mention IPSec).
Disclaimer: I just finished studying this and haven't implemented any of it so could be miles out.
The actual phone conversations run over RTP whether you're using SIP or H.323. It's how the call is set up that differs.
SIP uses set-up mechanism that works over HTTP, arranging the caller, receiver and codecs etc. Because of this it is simpler than H.323, which uses loads of other protocols that run over a mix of UDP and TCP, such as H.225 (call setup/RAS), H.245 (call management) and a few more I should probably know but have forgotten. H.323 needs a separate "gatekeeper" to control connections whereas a SIP client can use the DNS to find it's destination, addresses in SIP look similar to email addresses but may include a port number aswell.
A lot of companies receive at mail.company.com and send from smtp.company.com.
That isnt the problem, as you state MX records solve that. The problem is that in this case while "smtp.company.com" resolves to an IP address, there is no reverse DNS lookup for that IP address.
Certain firewalls, e.g. Symantec, have their default behaviour to block mail from hosts who either have no reverse DNS lookup or where the reverse DNS doesn't match the A record.
For those of us that aren't CCIE's, Cisco routers and Layer 3 switches have a function called CEF, or Cisco Express Forwarding. CEF is a technology that by its simplest definition caches routes.
This method isn't unique to Cisco, it's called the "forwarding information database" on Loonix.
If they're using a hub yea, I'd have thought most business networks would have moved over to switched Ethernet yonks ago, in which case you'll only see your own traffic unless you use something like Ettercap (does this work on fat switches?).
If your company network is still one huge collision domain then you have more urgent issues to solve than MAC filtering:-)
The teachers aren't the ones who decide to put kids with special needs in with normal classes so its not really fair to blame them when those situations don't work out.
The teacher you mention is certainly not the norm as far as teachers here go. In the UK such an attitude would prevent her from studying a maths major in the first place and certainly no school is going to hire a maths teacher who can't do calculus. Maybe thats just a culteral difference.
The problem with that old adage is that bad teaching is a vicious circle that we'd never get out of until everyone had become trailer trash. I don't accept that is our future.
If you are going to claim to be a genius in a public forum then you'll need a little more evidence than learning PHP or you can expect asshats like me to flame you. You also do a great disservice to the education system by describing it in such terms, sure there are quite a few bad teachers around but theres also a lot of good ones who work hard for their students.
The state of my website is not really the issue, I'm not claiming anything and I certainly don't claim its useful to anyone other than me.
The article states its the build-up of static rather than the phone itself sparking the fires.
Personally I'd always assumed that was a myth and the petrol stations didn't want people using mobile phones due to interference with their wifi links between the tills and the fuel pumps. If they actually said "no phones please incase we accidently charge you too little" then they wouldn't discourage using them much:-)
For one thing its just a mirror, all that software is available on hundreds of other sites.
For another the only people who will noticed the difference between mirror.ac.uk and any european FTP site are those on janet (joint academic network). I'll be quite annoyed at getting 800kb/sec instead of 2MB/sec at uni but I'm sure I'll cope:)
Strange though, I'd have thought at the end of the day this is just going to cost JANET more as they're now going to have to pay someone external for the bandwidth for all those linux isos the students leech.
I had to set the type as ExplorerPS/2 in XF86Config (was IMPS/2 before).
Although, you should see something when you cat/dev/input/mouse0 and hit the wheel, maybe you're missing some modules. Check you have: ohci_hcd, ehci_hcd, uhci_hcd, usbmouse and usbhid.
Hrm, according to this MiB and its bastard relatives have made it into valid SI units.
Why are we letting vendors of hard disks re-scale the units of measurement so that their products appear larger by having bigger numbers on the box, its madness.
Personally I think we should redefine an inch as half a centimeter so we can all go out and score bigtime tonite.
If the service is denied network access, cannot access any files other than its own configuration, cannot launch any other programs or processes and cannot change privileges then your inserted code won't do much.
You're right that ACLs don't solve all problems, but no individual step will. The point with them is to remove the affect that those buffer overflows will have on the system by restricting each programs access to the minimal required to run.
Please don't, its not a proof and its not a law. It is an "aid" to analysis and is not absolute in itself. In reality it is nothing more than common sense that was quoted out of context by the film "Contact" and has been gathering momentum ever since (btw the book was better).
Anyway, you missed one, I'd say its also quite plausible that someone saw the source and found the exploit themselves.
As for the idea that non-exposure is good, this is not really followed by anyone in information security. Companies will not fix bugs if they have no incentive, its as simple as that. That is why currently cert.org recommend you inform the vendor, then wait 45 days and inform the users. They will even do it for you if you like. That way the vendor has plenty of time to fix the problem and provide patches.
Releasing "half" of the exploit misses out on the part where the users can test for themselves if the vendor has fixed it or not, hence removing the incentive for it to be fixed. That's not to say that people should post complete exploit code, but hiding the details is just going back to security through obscurity.
Its a lot more appropriate than using windows XP with ICS turned on:)
And what happens if you want an audit-trail of connections and connection attempts or similar. Remember this is a government system not some home users shared LAN, using a $30 linksys is not really a solution (although again, better than ICS).
The parent was right, most UK IT stuff is done by MCSEs who have no previous knowledge and no particular interest in computers. They realise they get paid more for doing a few week long course and acting like they know everything than if they go work in macdonalds.
Yea but you can't run things like LIDS, SELinux and GRSecurity on Windows.
Sure, maybe if Linux was mainstream people would start writing more viruses for it. So you stop your system being able to run untrusted binaries, without using DRM. Remember we're talking about govt machines used for specific tasks so using such ACLs would be much easier here than for a home users desktop.
The Linux 2.6 kernel even has capability hooks built into it (CONFIG_SECURITY) so what were you saying about it not being more secure by design:-)
I would rather blame whoever it was responsible for choosing Microsoft systems for such a vital operation. Theres plenty of alternatives that don't have the same security issues.
What makes it worse is that as a British Taxpayer I actually helped fund this and I now have no say whatsoever in stopping my money being wasted. I also have a lot of family members who spend a lot of time at sea and to be honest this whole thing makes me feel decidedly sick.
Sure, blame the admins/viruswriters or whoever, but the solution to this issue already exists and has done for many years. Shouldn't we put the blame on the people who ignore the solution ?
You can blame the virus writer but putting them in prison is shutting the barn door after the horse has shit and left.
Ethernet can use CSMA/CD to deal with this kind of thing and hit around 97% throughput on wires. Wifi can't use the CD part (collision detect) as to transmit and receive at the same time requires very expensive equipment, so it can't tell if a collision has occurred while it's transmitting.
The rest of the Internet is made up of either point-to-point links which won't have collisions as there's only two stations or other wired connections that can use CSMA/CD or similar.
Slashdot Mirror
Tip from a German magazine a coupla years ago, to make your PHP classes work in PHP4/5, write them in this format:If you need a destructor too, call it __destruct() and use register_shutdown_function in the php 4 constructor.
Three: Sierra Leone.
It's weaknesses are the packaging system, I just couldn't ever go back to any non-source-based packaging again. I still remember having to re-install to get new glibc support, never again.
I never had the problems you mention with FreeBSD or Linux, mainly because the libs I use seem to be always backwards compatible. Compared to the problems I have had with binary-packages I'll take a little library clashing anyday, at least you know that can be fixed in ten minutes by compiling two of the problem packages from source.
I reckon the lecturor said based on HTTP not run over HTTP, damnit, I'm still waiting for the final exam results too :/
SIP seems very nice and simple, I'm sure it wouldn't be too hard to add a "nat: <natport>" extension to it that could make the client send appropriate packets out to convince the NAT router that packets should be allowed back in on that particular port.
The entire NAT problem is overrated imo, its not like we don't have the processing power to deal with a little address & port remapping. It's worked perfectly well for me etc etc (don't mention IPSec).
Disclaimer: I just finished studying this and haven't implemented any of it so could be miles out.
The actual phone conversations run over RTP whether you're using SIP or H.323. It's how the call is set up that differs.
SIP uses set-up mechanism that works over HTTP, arranging the caller, receiver and codecs etc. Because of this it is simpler than H.323, which uses loads of other protocols that run over a mix of UDP and TCP, such as H.225 (call setup/RAS), H.245 (call management) and a few more I should probably know but have forgotten. H.323 needs a separate "gatekeeper" to control connections whereas a SIP client can use the DNS to find it's destination, addresses in SIP look similar to email addresses but may include a port number aswell.
A lot of companies receive at mail.company.com and send from smtp.company.com.
That isnt the problem, as you state MX records solve that. The problem is that in this case while "smtp.company.com" resolves to an IP address, there is no reverse DNS lookup for that IP address.
Certain firewalls, e.g. Symantec, have their default behaviour to block mail from hosts who either have no reverse DNS lookup or where the reverse DNS doesn't match the A record.
For those of us that aren't CCIE's, Cisco routers and Layer 3 switches have a function called CEF, or Cisco Express Forwarding. CEF is a technology that by its simplest definition caches routes.
This method isn't unique to Cisco, it's called the "forwarding information database" on Loonix.
If they're using a hub yea, I'd have thought most business networks would have moved over to switched Ethernet yonks ago, in which case you'll only see your own traffic unless you use something like Ettercap (does this work on fat switches?).
:-)
If your company network is still one huge collision domain then you have more urgent issues to solve than MAC filtering
Birds too :-)
Still, if it was cheap enough to use for home connections they wouldn't mind loosing the connection when its foggy or when birds fly past.
The teachers aren't the ones who decide to put kids with special needs in with normal classes so its not really fair to blame them when those situations don't work out.
The teacher you mention is certainly not the norm as far as teachers here go. In the UK such an attitude would prevent her from studying a maths major in the first place and certainly no school is going to hire a maths teacher who can't do calculus. Maybe thats just a culteral difference.
The problem with that old adage is that bad teaching is a vicious circle that we'd never get out of until everyone had become trailer trash. I don't accept that is our future.
If you are going to claim to be a genius in a public forum then you'll need a little more evidence than learning PHP or you can expect asshats like me to flame you. You also do a great disservice to the education system by describing it in such terms, sure there are quite a few bad teachers around but theres also a lot of good ones who work hard for their students.
The state of my website is not really the issue, I'm not claiming anything and I certainly don't claim its useful to anyone other than me.
I still can't believe after the rest of your post you used the actual words (and I quote) "us genius types", priceless.
Wake the fuck up.
Ignorance is no excuse for breaking the law.
The article states its the build-up of static rather than the phone itself sparking the fires.
:-)
Personally I'd always assumed that was a myth and the petrol stations didn't want people using mobile phones due to interference with their wifi links between the tills and the fuel pumps. If they actually said "no phones please incase we accidently charge you too little" then they wouldn't discourage using them much
If its not democratic then howcome I've just had a letter through telling me when and where to go and vote for our euro minister.
Stop spreading FUD spewed forth by the Sun
Nah I don't see it.
:)
For one thing its just a mirror, all that software is available on hundreds of other sites.
For another the only people who will noticed the difference between mirror.ac.uk and any european FTP site are those on janet (joint academic network). I'll be quite annoyed at getting 800kb/sec instead of 2MB/sec at uni but I'm sure I'll cope
Strange though, I'd have thought at the end of the day this is just going to cost JANET more as they're now going to have to pay someone external for the bandwidth for all those linux isos the students leech.
Ewps very true, I could have sworn I read USB.
You'd probably only need the psmouse and maybe hid module for plain ps/2 mouse.
Aha, mine also stopped working in 2.6.6-rcX.
/dev/input/mouse0 and hit the wheel, maybe you're missing some modules. Check you have: ohci_hcd, ehci_hcd, uhci_hcd, usbmouse and usbhid.
I had to set the type as ExplorerPS/2 in XF86Config (was IMPS/2 before).
Although, you should see something when you cat
Hrm, according to this MiB and its bastard relatives have made it into valid SI units.
Why are we letting vendors of hard disks re-scale the units of measurement so that their products appear larger by having bigger numbers on the box, its madness.
Personally I think we should redefine an inch as half a centimeter so we can all go out and score bigtime tonite.
If the service is denied network access, cannot access any files other than its own configuration, cannot launch any other programs or processes and cannot change privileges then your inserted code won't do much.
You're right that ACLs don't solve all problems, but no individual step will. The point with them is to remove the affect that those buffer overflows will have on the system by restricting each programs access to the minimal required to run.
Apply Occam's Razor.
Please don't, its not a proof and its not a law. It is an "aid" to analysis and is not absolute in itself. In reality it is nothing more than common sense that was quoted out of context by the film "Contact" and has been gathering momentum ever since (btw the book was better).
Anyway, you missed one, I'd say its also quite plausible that someone saw the source and found the exploit themselves.
As for the idea that non-exposure is good, this is not really followed by anyone in information security. Companies will not fix bugs if they have no incentive, its as simple as that. That is why currently cert.org recommend you inform the vendor, then wait 45 days and inform the users. They will even do it for you if you like. That way the vendor has plenty of time to fix the problem and provide patches.
Releasing "half" of the exploit misses out on the part where the users can test for themselves if the vendor has fixed it or not, hence removing the incentive for it to be fixed. That's not to say that people should post complete exploit code, but hiding the details is just going back to security through obscurity.
Its a lot more appropriate than using windows XP with ICS turned on :)
And what happens if you want an audit-trail of connections and connection attempts or similar. Remember this is a government system not some home users shared LAN, using a $30 linksys is not really a solution (although again, better than ICS).
The parent was right, most UK IT stuff is done by MCSEs who have no previous knowledge and no particular interest in computers. They realise they get paid more for doing a few week long course and acting like they know everything than if they go work in macdonalds.
Yea but you can't run things like LIDS, SELinux and GRSecurity on Windows.
:-)
Sure, maybe if Linux was mainstream people would start writing more viruses for it. So you stop your system being able to run untrusted binaries, without using DRM. Remember we're talking about govt machines used for specific tasks so using such ACLs would be much easier here than for a home users desktop.
The Linux 2.6 kernel even has capability hooks built into it (CONFIG_SECURITY) so what were you saying about it not being more secure by design
I would rather blame whoever it was responsible for choosing Microsoft systems for such a vital operation. Theres plenty of alternatives that don't have the same security issues.
What makes it worse is that as a British Taxpayer I actually helped fund this and I now have no say whatsoever in stopping my money being wasted. I also have a lot of family members who spend a lot of time at sea and to be honest this whole thing makes me feel decidedly sick.
Sure, blame the admins/viruswriters or whoever, but the solution to this issue already exists and has done for many years. Shouldn't we put the blame on the people who ignore the solution ?
You can blame the virus writer but putting them in prison is shutting the barn door after the horse has shit and left.
Because normal Internet doesn't need it.
Ethernet can use CSMA/CD to deal with this kind of thing and hit around 97% throughput on wires. Wifi can't use the CD part (collision detect) as to transmit and receive at the same time requires very expensive equipment, so it can't tell if a collision has occurred while it's transmitting.
The rest of the Internet is made up of either point-to-point links which won't have collisions as there's only two stations or other wired connections that can use CSMA/CD or similar.