Their exploitable server guess is a bit flawed...
on
June Netcraft Survey
·
· Score: 3, Informative
They are assuming that any apache site out there under 1.3.26 is vulnerable. But that's not true. Redhat back-ports patches into their supported revs when needed. RH 7.3 patched Apache is at 1.3.23 and RH 7.2 patched Apache is at 1.3.22. I'm sure a lot of other distros back port patches as well.
70 damn minutes. Why bother? It was almost as short as the short that played before it. 25 minutes of commercials, trailers, and chubb chubb, then 70 minutes of movie.
I'm not so sure. Management is growing very leary of employee time waste on desktop PCs. All IT has to say is that they can't ready the new server in time for the website launch because they are too busy having to fix desktop computers because staff keep screwing them up by loading crap like webshots on it, and you'll see how fast management says "Damn it, the computer is a company tool like the telephone, we can't have this."
Many companies already have a standard PC config that is locked down so much that employees can't install or modify it as it is.
Sorry, the nerds are back, with a vengence... I agree, it really sucks. I am in IT management, and the struggle to allocate my short-supply tech resources to best serve my company unfortunately requires me to be a real jerk to end-users at times. My ultimate responsibility lies with the big picture in the company, not joe or sally's satisfaction unfortunately. It sucks, I can understand why so many hate us.
However, all is not lost for the anarchists. The latest bane of IT staff everywhere are PDAs. Download all the corporate secrets to them and walk out the door. Currently very difficult to control them...
One reason for them to throw this out is to watch public reaction. They care a lot about profit, and judging from past history, they will back off to the point where they can balance what they want with what the customer will accept while maximizing their profit.
Kind of like any economic graph measuring the elasticity of a product's price. You need to find the sweet spot between achieving your ultimate end goals and what the customer will tolerate before moving to a competitor.
So even if you love Microsoft, your best bet is to publically rally against this thing. When Microsoft sees the public backlash, they will come back with a slightly gentler version.
But make no mistake about it, eventually, it will happen, and they have the market dominance, funds, and patience, to eventually ram it through the market... My very first boss told me that the best way to affect change in a company is to make small baby steps instead of one big giant step. People won't notice it if you change a little at a time. But if you do it a bit at a time, you'll catch them sleeping and by the time they realize the cumulative effect of all the mini changes, it will be too late.
My prediction. This will be a boon for workplace computers. The home market will reject it.
IT has been itching to seize control over the desktop ever since those rouge PCs yanked control from the terminal/mainframe days. This OS will help that greatly. Say goodbye to Personal in PC.
The home user will most likely reject it. We think about gramps with a computer, who doesn't care, but in almost all family situations, there's a younger and computer literate geek who is called whenever there is a computer problem. Most of them love Microsoft now (look at the flame wars here for examples). Removing Personal from PC at home just ain't going to fly. People will reject it and if future hardware enforces it, the hardware market will take a huge negative hit for years while people hold on to legacy computers until they all die out. For advanced gaming, we'll just buy consoles. For our home box tinkering needs, we'll hold on to our trusty current boxes...
Actually, 7.0 only had lk 2.2 and 7.1 moved to lk 2.4.
I believe the.0 are mainly a library/compiler issue which means a lot of brokeness with binary rpms between major release numbers. They also tend to shift stuff around in.0s, like location of files and how stuff is configured.
7.x series also used the controversial gcc 2.96 to compile stuff... Looks like that issue will finally be behind us.
Good point, and I agree. If there was an open format with interchangable games between platforms, I would define that as stable as well. I just don't see that happening.:(
By stable, I meant, consistent and long lived. The Atari 2600 came out in 1976 and was king for several years. The NES was the #1 console for ages as well. Having an unfragmented console market back then meant that all of your friends had the same system and you could haul your carts around, share, play together, etc...
I just don't think the market can support too many consoles. My closet is full of short-lived failed consoles, like my 3DO, Dreamcast, and N64.
Looks to me like PS2 is the winner this round. Just ask any kid who is current-generation consoleless what console they want.
Step carefully...
on
Microsoft Freon
·
· Score: 5, Insightful
Being quite an old flock()er, I can recallthe video game boom of late 70s early 80s. Atari was champ, then something happened. The market became too fractured. Atari 5200, Colecovision, and some others I can't remember. Then Atari announces 7800 shortly after 5200 was out and no one wanted to buy a 5200. Eventually, it all just died out.
It wasn't until the NES rose out of the console market's ashes did things kick back in gear. One thing that was great about the NES was it was stable and long lived. The same goes for the next market leader, Playstation.
Microsoft could very well risk killing the entire console market if it introduces too much confusion and churn into it. If they make consoles as complicated as PCs, a lot of buyers may just be turned off. Think of all the people, right down to the poorest you know, that have a console but no computer in their house.
24/7 Media and Flowgo. Do some google searches for them.
Look familiar?
*********
You've received this message because while visiting
a 24/7 Media, Inc. partner website, you opted in to
receive special online offers and discounts.
*********
... it was sent to an e-mail address I only use in my internic whois records. Impossible for me to have opted-in, even if I did visit one of their member sites and was stupid enough to forget to uncheck something while registered. I never use that address anywhere except internic purposes...
Flowgo is another one. I get loads of complaints from users who claim never to have opted-in to their junk lists.
Whenever a U.S. carrier comes out with a data service, they charge ridiculous rates to use it. Either airtime (for wap browsing on verizon) or some insane per Kilobyte fee for data. Plus the speed sucks too bad to use it for much more than text...
You hit on some very good points. The entire "security" industry smacks of being ambulance chasers to me. It seems all about self-promotion and little about a genuine concern about ensuring the safety of the world's computing infrastructure.
Each vulnerability has to be announced with great fanfare, wrapped up in copyright statements, insistance of proper credit being given, and of course the oh so popular naming of the incident like "weave-apache-043 vulnerability notice."
Here's a few examples from recent bugtraq:
Cluestick Advisory #001
Westpoint Security Advisory, wp-02-0002
Foundstone Advisory, FS-062502-22-AXSH
nCipher Advisory #4
SNS Advisory No.54
Now, before you can get that great reputation as a security know-it-all, you have to get your advisory out there. Notifying the vendor quietly so they can do the right thing doesn't serve your immediate needs, and that's publicity. And heaven help the vendor if you do notify them and they don't give you proper credit, else next time you'll just bypass them. Smacks of blackmail, eh?
The entire security industry just seems chaotic and unprofessional. A lot is riding on doing this right. Hiding this behind a super sekret cabal of "trusted" groups with a high cost of entry to the group isn't the answer, but I don't believe rushing to publish working proof of concept exploits is the answer either.
If the medical community operated like this, then the first person who identified a horrible disease would notify the drug companies and give them 30 days to come up with a cure, then after 30 days, go public, give out samples to anyone who asks with a disclaimer like "This is for educational purposes only, do not release it into the wild, we are not responsible" and then get the press to hype the fact that everyone is in great danger because some bad person could be releasing this at any moment.
They can scan for you all they want. Just sub -s with your CIDR of choice where you want to come with, and anyone else trying to connect to port 22 gets connection reset, making it look like nothing is listening on the port.
Don't these tunnels flood during freak storms typical of Vegas and other desert areas? I know the one guy said Metro warns them.
It just seems a bit too dangerous to me, even if the weather isn't calling for rain. Last time I was in Vegas (last October) a freak storm blew through and killed some kid playing in a wash somewhere in town...
I work at a college, and see a few Chinese nationals come here for an education. It's amazing how infatuated many of them are about porn. Way back in 1992, a student named Wang went ape shit over alt.binaries.erotica newsgroups. He sat down and wrote a program that would crawl the entire newsgroup and decode all of the multipart postings into files. Now, back then, this was a big deal. We take that for granted now, but to this day, its still useful. I can just run "wang" and let it churn for a few hours, come back, and have a directory full of images. He also got hold of an Radio Shack tone dialer with a different crystal and would sit in the lobby and red box himself into China at a few bucks a minute.
Imagine the good that ole Bill could do. Plant a trojan in every copy, set to go off years from now. When the magic date hits, start sending state secrets to U.S. on one hand, while opening up a tunnel around their firewall blocks and blast every normal computer user in the country with a real look at the outside world of news, events -- and boobies!
10 gigs on my iPod and pretty high bit rates claims 5 and a half days of music and 1650 songs. Remember, this is only supposed to be a portable. I can't imagine listening to all that at once. If you get sick of that 10 gig set, just toss it and transfer another 10 gigs from your computer (actually, 9.2 gigs, I hate gig == billion crap).
This certainly isn't my idea, I read it in previous UL thread, but I haven't seen it mentioned here yet.
If the UL distro is required to distribute binaries, why can't someone just compile them all and distrubyte/release a UL-based binary and source distro with no strings attached under some different name? FUL anyone? (Free United Linux that is...:)
My answer: Hell if I know. Ah, duh, maybe that's the problem. I buy a shitload of CDs, the latest being Disturbed (even though it was $20). My iPod has 5 1/2 days of stuff, all that I bought. So, how do I learn who you are to buy your product? That's not my problem, it's YOUR problem.
As for Disturbed, I first heard them on some net radio station. Too bad RIAA is shutting down that avenue for me to hear new music too. (You'd think they'd be happy these net-only stations are marketing their artists for free, but no, they have to CHARGE them...) I guess I should be an obediant slave and just listen to Clear Channel crap on a real radio... Ah, no, I won't. I'll just stop hearing new stuff via my RIAA-defined sinful methods and hence stop buying CDs as a result of not knowing what's out there.
Excuse me for my attitude, but I'm growing sick and tired of whining fucking musicians and record companies and their huge imaginary losses. Go get a real job you pathetic pieces of shit.
There's enough music out there now to last us forever. All the "new" stuff is just recycled old crap for the most part. Nothing new gets done. So big loss if you all decide it's not worth it anymore to stay in the field.
Hey, you know what, back in 1983 I lost $250 million dollars. Yup, I wrote a network OS laid over CP/M in Z80 assembler from scratch using some POS 230k/bps twisted pair network hardware from some washed up company called Orange Compuco for the college I worked for. No one else had a viable network OS out at the time. Instead of quitting and running with the code and starting my own company, ala Cisco, I stuck around the college as a loyal employee. I calculate my losses due to my employee loyalty at $250 million dollars. I think I should sue the college I work for for this imaginary estimated loss I just pulled out of my ass. Hey, it's all the rage now.
(This message is full of angst, probably from me listening to too much Disturbed!:-)
Slashdot Mirror
They are assuming that any apache site out there under 1.3.26 is vulnerable. But that's not true. Redhat back-ports patches into their supported revs when needed. RH 7.3 patched Apache is at 1.3.23 and RH 7.2 patched Apache is at 1.3.22. I'm sure a lot of other distros back port patches as well.
70 damn minutes. Why bother? It was almost as short as the short that played before it. 25 minutes of commercials, trailers, and chubb chubb, then 70 minutes of movie.
Many companies already have a standard PC config that is locked down so much that employees can't install or modify it as it is.
Sorry, the nerds are back, with a vengence... I agree, it really sucks. I am in IT management, and the struggle to allocate my short-supply tech resources to best serve my company unfortunately requires me to be a real jerk to end-users at times. My ultimate responsibility lies with the big picture in the company, not joe or sally's satisfaction unfortunately. It sucks, I can understand why so many hate us.
However, all is not lost for the anarchists. The latest bane of IT staff everywhere are PDAs. Download all the corporate secrets to them and walk out the door. Currently very difficult to control them...
Kind of like any economic graph measuring the elasticity of a product's price. You need to find the sweet spot between achieving your ultimate end goals and what the customer will tolerate before moving to a competitor.
So even if you love Microsoft, your best bet is to publically rally against this thing. When Microsoft sees the public backlash, they will come back with a slightly gentler version.
But make no mistake about it, eventually, it will happen, and they have the market dominance, funds, and patience, to eventually ram it through the market... My very first boss told me that the best way to affect change in a company is to make small baby steps instead of one big giant step. People won't notice it if you change a little at a time. But if you do it a bit at a time, you'll catch them sleeping and by the time they realize the cumulative effect of all the mini changes, it will be too late.
IT has been itching to seize control over the desktop ever since those rouge PCs yanked control from the terminal/mainframe days. This OS will help that greatly. Say goodbye to Personal in PC.
The home user will most likely reject it. We think about gramps with a computer, who doesn't care, but in almost all family situations, there's a younger and computer literate geek who is called whenever there is a computer problem. Most of them love Microsoft now (look at the flame wars here for examples). Removing Personal from PC at home just ain't going to fly. People will reject it and if future hardware enforces it, the hardware market will take a huge negative hit for years while people hold on to legacy computers until they all die out. For advanced gaming, we'll just buy consoles. For our home box tinkering needs, we'll hold on to our trusty current boxes...
Currently getting 1.1 MB/s transfer rate out of the psu.edu site. At about 10 minutes per ISO, I'll be done in less than an hour. Sweet....
(My work has a 10 meg line to the net, it's a holiday, lines are dead, perfect timing...)
I believe the .0 are mainly a library/compiler issue which means a lot of brokeness with binary rpms between major release numbers. They also tend to shift stuff around in .0s, like location of files and how stuff is configured.
7.x series also used the controversial gcc 2.96 to compile stuff... Looks like that issue will finally be behind us.
Good point, and I agree. If there was an open format with interchangable games between platforms, I would define that as stable as well. I just don't see that happening. :(
Damn the English language at times...
By stable, I meant, consistent and long lived. The Atari 2600 came out in 1976 and was king for several years. The NES was the #1 console for ages as well. Having an unfragmented console market back then meant that all of your friends had the same system and you could haul your carts around, share, play together, etc...
I just don't think the market can support too many consoles. My closet is full of short-lived failed consoles, like my 3DO, Dreamcast, and N64.
Looks to me like PS2 is the winner this round. Just ask any kid who is current-generation consoleless what console they want.
It wasn't until the NES rose out of the console market's ashes did things kick back in gear. One thing that was great about the NES was it was stable and long lived. The same goes for the next market leader, Playstation.
Microsoft could very well risk killing the entire console market if it introduces too much confusion and churn into it. If they make consoles as complicated as PCs, a lot of buyers may just be turned off. Think of all the people, right down to the poorest you know, that have a console but no computer in their house.
Look familiar?
*********
You've received this message because while visiting
a 24/7 Media, Inc. partner website, you opted in to
receive special online offers and discounts.
*********
Flowgo is another one. I get loads of complaints from users who claim never to have opted-in to their junk lists.
Whenever a U.S. carrier comes out with a data service, they charge ridiculous rates to use it. Either airtime (for wap browsing on verizon) or some insane per Kilobyte fee for data. Plus the speed sucks too bad to use it for much more than text...
I consider his claim of great wealth and money making to have the same level of truthfulness...
Each vulnerability has to be announced with great fanfare, wrapped up in copyright statements, insistance of proper credit being given, and of course the oh so popular naming of the incident like "weave-apache-043 vulnerability notice."
Here's a few examples from recent bugtraq:
Now, before you can get that great reputation as a security know-it-all, you have to get your advisory out there. Notifying the vendor quietly so they can do the right thing doesn't serve your immediate needs, and that's publicity. And heaven help the vendor if you do notify them and they don't give you proper credit, else next time you'll just bypass them. Smacks of blackmail, eh?
The entire security industry just seems chaotic and unprofessional. A lot is riding on doing this right. Hiding this behind a super sekret cabal of "trusted" groups with a high cost of entry to the group isn't the answer, but I don't believe rushing to publish working proof of concept exploits is the answer either.
If the medical community operated like this, then the first person who identified a horrible disease would notify the drug companies and give them 30 days to come up with a cure, then after 30 days, go public, give out samples to anyone who asks with a disclaimer like "This is for educational purposes only, do not release it into the wild, we are not responsible" and then get the press to hype the fact that everyone is in great danger because some bad person could be releasing this at any moment.
Create an IPTABLES rule like...
iptables -A INPUT -p tcp -s x.x.x.x/32 -dport 22 -j ACCEPT
iptables -A INPUT -p tcp -dport 22 -j reject-with tcp-reset
They can scan for you all they want. Just sub -s with your CIDR of choice where you want to come with, and anyone else trying to connect to port 22 gets connection reset, making it look like nothing is listening on the port.
It just seems a bit too dangerous to me, even if the weather isn't calling for rain. Last time I was in Vegas (last October) a freak storm blew through and killed some kid playing in a wash somewhere in town...
He loved this country! :)
He could trigger a revolution! :-)
If you read the article, it said "AFTER 2005" which means 2006 or beyond.
10 gigs on my iPod and pretty high bit rates claims 5 and a half days of music and 1650 songs. Remember, this is only supposed to be a portable. I can't imagine listening to all that at once. If you get sick of that 10 gig set, just toss it and transfer another 10 gigs from your computer (actually, 9.2 gigs, I hate gig == billion crap).
OK, the humor hasn't escaped me, but the popular media hasn't been hyping duke nukem or nwn for five years either...
Pre-announcing a product and starting the hype five years before it's expected to be released...
If the UL distro is required to distribute binaries, why can't someone just compile them all and distrubyte/release a UL-based binary and source distro with no strings attached under some different name? FUL anyone? (Free United Linux that is... :)
...
WHO THE FUCK IS MOBY?
My answer: Hell if I know. Ah, duh, maybe that's the problem. I buy a shitload of CDs, the latest being Disturbed (even though it was $20). My iPod has 5 1/2 days of stuff, all that I bought. So, how do I learn who you are to buy your product? That's not my problem, it's YOUR problem.
As for Disturbed, I first heard them on some net radio station. Too bad RIAA is shutting down that avenue for me to hear new music too. (You'd think they'd be happy these net-only stations are marketing their artists for free, but no, they have to CHARGE them...) I guess I should be an obediant slave and just listen to Clear Channel crap on a real radio... Ah, no, I won't. I'll just stop hearing new stuff via my RIAA-defined sinful methods and hence stop buying CDs as a result of not knowing what's out there.
Excuse me for my attitude, but I'm growing sick and tired of whining fucking musicians and record companies and their huge imaginary losses. Go get a real job you pathetic pieces of shit.
There's enough music out there now to last us forever. All the "new" stuff is just recycled old crap for the most part. Nothing new gets done. So big loss if you all decide it's not worth it anymore to stay in the field.
Hey, you know what, back in 1983 I lost $250 million dollars. Yup, I wrote a network OS laid over CP/M in Z80 assembler from scratch using some POS 230k/bps twisted pair network hardware from some washed up company called Orange Compuco for the college I worked for. No one else had a viable network OS out at the time. Instead of quitting and running with the code and starting my own company, ala Cisco, I stuck around the college as a loyal employee. I calculate my losses due to my employee loyalty at $250 million dollars. I think I should sue the college I work for for this imaginary estimated loss I just pulled out of my ass. Hey, it's all the rage now.
(This message is full of angst, probably from me listening to too much Disturbed! :-)