We also have a Synology. I host a DS1512+ at my place and have 50/25 internet. There are smartphone apps, you can run your own dropbox-like cloud sync, host your own photos... pretty much everything OP wants to do. I have 3 WD Red 3TB drives in RAID5. (Already had one disk die, overnighted a new one, the array rebuilt with no problem and I had full usability of the system the entire time. The replacement drive is now a hot spare.)
We use plex very heavily on it, and it works well. All our HTPC boxes are plugging into my house wide gigabit, but streaming over mobile internet works extremely well with plex. In some cases I spin up a VM on my desktop with plex server on it and use that to stream from if I need extra transcoding power. Since I have a DSLR, I end up taking tons of photos. I have an Eyefi card which I've configured to upload directly to an "instant uploads" folder I've configured in PhotoStation. I come home, and my camera automatically begins uploading the photos to my NAS as soon as it sees my wifi (when I enabled the transfer), and I can view it on my phone or laptop as it uploads.
I own a Synology NAS. It's great and includes plenty of useful features, including a dropbox/box-like application where one can sync files easily to any of their devices. No storage limit (other than the NAS and the storage of whatever devices I'm syncing to) and there's far more other things you can do besides the dropbox-like feature. Why should I pay a monthly fee to let someone else have all my important files, when I can easily host my own? It works great and I never have to worry about some provider getting hacked or changing their TOS.
Of course, one should back up their NAS (and there's plenty of easy ways to do so on the Synology), but the point is if people are concerned about their data, they should take responsibility for it.
Rob, I've been reading this site nearly since the beginning (though I'm mainly the lurker type) and it has always provided me with some good reading material. I'm happy for the success you've had in this venture and in life and I'm sure that after you take a nice break that you'll find some other thing to be hugely successful in. The comments on your last post are a testament to how many people will miss you on this "little" website you've created.
Apparently the attackers aren't awesome programmers because history has shown that the real danger comes after a sample exploit is made, not when the info becomes known.
Apparently you fail to realize this was a 0-day exploit. That is, there were people already exploiting this flaw before anyone else found out about it. Because they didn't release their source code do you feel safer by this? So your argument that the attackers aren't "awesome programmers" is completely worthless because these attackers found and wrote the original exploit code to begin with. We don't know how long this flaw may have been used in the wild before this one was found. Some "awesome programmers" could've been using this flaw years ago to break into networks. Re-read my original reply.
Now some people who happen to have analyzed that exploit figured out just exactly how seriously this flaw is and what could be done with it if it's not fixed.
A simple explanation is plenty.
So you're saying that if all the attackers have is a simple explanation that they wouldn't be able to write code based upon that explanation? Yeah right. The people who wrote these sample exploits didn't even have that to begin with and look at what they've been able to come up with. The people ("attackers") who wrote the originally known exploit didn't need a simple explanation either.
So now virus scan writers and IDS maintainers, etc, now have a LOT more information for how to defend against this particular threat. A simple explanation isn't sufficient. Now scanners and IDS can use these discovered methods to improve detection and prevention of exploitation of this flaw.
Again, I just don't see why someone would need to make the most evil version of this possible and distribute the source code.
Well, I can't explain it any clearer. You're using the "security through obscurity" argument that history has shown to be insufficient for protecting our computers and networks.
They do it to show what can be done with a flaw such as this. The people who we really have to worry about can (and probably have) already come up with other ways of crafting exploits around this bug that we aren't likely to find out about until after the major exploits come out. And the people we really have to worry about aren't going to make major exploits at all, but use it to exploit machines with potentially sensitive information (such as your personal information).
Until Micorosft fixes the problem, publishing information such as linked in the post above helps those of us who have to actually secure machines. True it might result in more end-user Windows PC's being exploited, but at least we can figure out how to protect the computers that must be secure.
The information may help the "bad guys" but it's not anything they couldn't have come up with themselves. "Because it's there" isn't the reason.
OSX runs like crap on a G3 of less than about 800MHz, and even then there's features you won't get.
So which features are those? I have Mac OS X 10.3.5 running on my iBook 700Mhz (640MB RAM) and it works perfectly. Not slowly. Not like crap. In fact, 10.3 is faster than 10.2 ever was on here.
... my XP system...
Ok, you say you have an XP system, but you don't mention your OS X system. So uh... you're just another anti-mac zealot, right?
Another killer was doing an ftp-install of FreeBSD... That was probably my first reason for becoming a FreeBSD user. I could trim down the install to such a minimal level that it didn't take as long to download as any of the linux distros would have. And central source updates made keeping up-to-date over the modem rather easy for our lowly bandwidth.:)
First of all, it was far less than 50 diskettes to get a running system.
Second of all, how else would you recommend installing it back then? Did you have a CD burner in 1994?
Third of all, while there were CDs that you could install slackware from back then (usually attached to books or magazines, that is how I got slackware 3.0, while I had installed a previous version from floppies) not that many people had CD drives back then. I still have a stack of Windows 95 installation floppies (which I'm not going to dig out and count) but there were more of them than the number of disks it took to get slackware working with X and devel tools.
I realize you probably weren't being serious, but please explain what's so 'hard' about using a floppy disk. If you meant the distro itself was 'hard' then you probably haven't used it.
A few machines of ours were compromised due to compromised accounts from other systems which were then used to execute local root exploits on a few high use machines at our place. I agree with the other poster that the attackers appeared more interested in government machines. We've tracked some of them to various military machines in the west, and NOAA and NASA machines here on the east. Attacks came from IPs at UCONN, Iowa State, as well as some places in Japan.
The machines were only compromised for a couple of hours thanks to our careful monitoring of the network and the machines. Due to the large number of users that log into the systems though, a number of passwords to other machines were compromized as well. Everything has been taken care of, but we're hearing reports at other universities and at NOAA of computers being down for a whole week while they assessed the damage. Ah well... just a little excitement in the life of IT.
I see it coming: "This quarter, I'm taking Intro. to GNU Emacs, Advanced BASH Scripting and Mozilla! I'll be getting all A's!"
Actually, it's not like that at all. The first day of class you learn some basic unix. After that, they assumed you knew how to use it. The rest of the classes are completely separated from whatever tools you use. Like I said, you could program in Visual Studio if you wanted. The point was, you learned programmingnot tools and products.
That is different from lots of schools where it IS the product that you learn (i.e. Visual Studio) and not the real stuff, like how to program, how to analyze algorithms, and how to write efficient code.
And I don't know what college you go to, but what is the "quarter" thing you speak of?:)
(posted w/o karma bonus due to being offtopic for the story, but on topic for the reply:)
Glad to know other Universities embrace the unix philosophy as well...:)
We also now have a cluster of Linux (redhat) machines that the upper-level courses do their coding on.
When I got here 3 years ago, you started out at C and moved to C++, etc. You only did Java and other languages once you got to your junior level (3rd year). Unfortunately, just this past year they now start the intro classes at Java. I overheard some teachers the other day saying they wished it was still C. Ah well, gotta change with the times, I guess. Either way, you learn more about how to code, than how to use an IDE, and that is what I feel is important.
what kind of comp sci program doesn't even introduce unix to students before their senior year of college
I agree with your sentiments. Thankfully at my school (University of Maryland) we learned UNIX from day 1. And I literally mean that. The very first programming course you take, you are expected to write your program, test, and debug it on a unix cluster (DEC Alpha machines).
You learn how to navigate the unix environment, ssh, emacs, using grep, etc. all during your intro programming class. Sure you can write your program in Visual Studio, or whatever, but it has to run and be submitted on the unix cluster. The next programming class after the intro one you have to write Makefiles for your projects, etc. It's really a much more well rounded education that you can get learning strictly how to program in VS or something.
I though that was the norm, but apparently it isn't. Even though I knew all these things long before I went there, it was still nice to see that everyone else had to learn it regardless.
More on topic...
I'm glad I'm graduating a year... And I have no worries about being able to find a job. There's lots of jobs for the picking around the D.C. area, and I have plenty of friends already working at great places that can hook me up. I do feel sorry that a lot of good people are finding it difficult to get jobs, but like others have said, you definitely have to adapt to the situations. I realize that's not always possible for some people, but if they want any chance of hope they have to adapt. Sitting on your ass complaining about losing your job on slashdot isn't going to do anything to help you.
Getting an internship is a GREAT idea. Like you, instead of waiting until graduation to get my foot in the door, I've been working as a sysadmin at my school and I've learned much more than I could've learned in class, and all that knowledge and real world experience is even more beneficial after graduation. Not to mention the fact I get paid really well for my work.
to just do what they do at the University of Maryland and block Netbios and SMB? Seems like it would be more difficult (and costly) for them to just force people to upgrade to XP when a number of security vulnerabilities also exist for that. Sure blocking these services isn't a catch-all solution, but neither is forcing people to use a newer yet still buggy version of Windows.
Where I live (DC) there's a Netflix distribution center about 20 miles away in Gaithersburg. About a quarter of the time when I drop a DVD off at the post office on the way to work, they get it the same day and ship the next movie out and I get that the next day. I can watch significantly more movies for $20/mo with Netflix than the Blockbuster that's a half mile down the street.
While my other comment regarding the jdk was correct, in regards to your question "does it mean we don't need the linux-jdk anymore?" which I neglected to answer. Yes it still depends on linux-jdk for compilation purposes as evidenced by the port's Makefile.
Have you seen the October Maxim? Knowing that Jolene Blalock is that... vulcan lady (can you tell I wasn't paying that much attention to what was being said??!)... well I'll let you guess my reaction...:P
To stop animated.gif's, right click on the page and click "Stop Animations." It'd be nice if there was a one-click way to do that... but as of right now, that's how ya do it.
This is something I'm interested in as well. I live in the D.C. metro area and if something like this existed I would definitly be interested.
One thing, however... those "cheapo" computer show and sales really aren't all that bad. I've found some pretty good deals there. True, you can generally find better deals online, but I've had good success with these computer shows. I've been "e-screwed" a few times with online companies and it's been hell to get a DOA product replaced or my money back. At the computer shows, you actually talk to the people, get the product in your hands, and usually the dealers are phyiscally located nearby (say in Alexandria or Bethesda for instance) and if you have a problem... you know where they live! And like I said, the deals are competitive with products you can purchase online, especially when you factor in shipping costs and the "I want it now damnit!" factor.
But compared to what you're referring to... I guess these marketpro shows really don't compare.
Or maybe the FBI/CIA should just host an EFNet server themselves.
I was thinking the exact same thing earlier today before this article came on slashdot. IRC servers are some of the most popular targets for these kinds of attacks and if the feds got involved somehow they could probably help curtail some of these attacks. But then... remember just what is on IRC: pirated software, mass porn channels... etc.. I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network. I know I wouldn't and the only channel I've pretty much ever been in on EFNet is #linuxhelp. (op in there since around 1996, but I haven't been on efnet in quite awhile due to channel takeovers and constant server splits.)
So I guess one of the main reasons for not getting the feds involved is for the protection of the users and the admins themselves. And the fact that for most of the ISPs that host those servers it's easier to just pull the plug on the server than deal with trying to prove "monetary losses" when their voluntarily run server is part of the medium that thousands of people use to trade pirated software.
"The BSD-based OSes all look to be doing better and better at the moment, even without Linux's marketing fury behind them." - ZDNet article
de Icaza musta been coding too late or something because even on the front page of the Gnome site it says that "GNOME is included in pretty much every BSD and GNU/Linux distribution" so it must have some market share if it's worth keeping it compatible. Can't be that DEAD can it?
Slashdot Mirror
We also have a Synology. I host a DS1512+ at my place and have 50/25 internet. There are smartphone apps, you can run your own dropbox-like cloud sync, host your own photos... pretty much everything OP wants to do. I have 3 WD Red 3TB drives in RAID5. (Already had one disk die, overnighted a new one, the array rebuilt with no problem and I had full usability of the system the entire time. The replacement drive is now a hot spare.)
We use plex very heavily on it, and it works well. All our HTPC boxes are plugging into my house wide gigabit, but streaming over mobile internet works extremely well with plex. In some cases I spin up a VM on my desktop with plex server on it and use that to stream from if I need extra transcoding power. Since I have a DSLR, I end up taking tons of photos. I have an Eyefi card which I've configured to upload directly to an "instant uploads" folder I've configured in PhotoStation. I come home, and my camera automatically begins uploading the photos to my NAS as soon as it sees my wifi (when I enabled the transfer), and I can view it on my phone or laptop as it uploads.
I own a Synology NAS. It's great and includes plenty of useful features, including a dropbox/box-like application where one can sync files easily to any of their devices. No storage limit (other than the NAS and the storage of whatever devices I'm syncing to) and there's far more other things you can do besides the dropbox-like feature. Why should I pay a monthly fee to let someone else have all my important files, when I can easily host my own? It works great and I never have to worry about some provider getting hacked or changing their TOS.
Of course, one should back up their NAS (and there's plenty of easy ways to do so on the Synology), but the point is if people are concerned about their data, they should take responsibility for it.
Rob,
I've been reading this site nearly since the beginning (though I'm mainly the lurker type) and it has always provided me with some good reading material. I'm happy for the success you've had in this venture and in life and I'm sure that after you take a nice break that you'll find some other thing to be hugely successful in. The comments on your last post are a testament to how many people will miss you on this "little" website you've created.
Thanks and good luck!
James
Apparently you fail to realize this was a 0-day exploit. That is, there were people already exploiting this flaw before anyone else found out about it. Because they didn't release their source code do you feel safer by this? So your argument that the attackers aren't "awesome programmers" is completely worthless because these attackers found and wrote the original exploit code to begin with. We don't know how long this flaw may have been used in the wild before this one was found. Some "awesome programmers" could've been using this flaw years ago to break into networks. Re-read my original reply.
Now some people who happen to have analyzed that exploit figured out just exactly how seriously this flaw is and what could be done with it if it's not fixed.
A simple explanation is plenty.
So you're saying that if all the attackers have is a simple explanation that they wouldn't be able to write code based upon that explanation? Yeah right. The people who wrote these sample exploits didn't even have that to begin with and look at what they've been able to come up with. The people ("attackers") who wrote the originally known exploit didn't need a simple explanation either.
So now virus scan writers and IDS maintainers, etc, now have a LOT more information for how to defend against this particular threat. A simple explanation isn't sufficient. Now scanners and IDS can use these discovered methods to improve detection and prevention of exploitation of this flaw.
Again, I just don't see why someone would need to make the most evil version of this possible and distribute the source code.
Well, I can't explain it any clearer. You're using the "security through obscurity" argument that history has shown to be insufficient for protecting our computers and networks.
Until Micorosft fixes the problem, publishing information such as linked in the post above helps those of us who have to actually secure machines. True it might result in more end-user Windows PC's being exploited, but at least we can figure out how to protect the computers that must be secure.
The information may help the "bad guys" but it's not anything they couldn't have come up with themselves. "Because it's there" isn't the reason.
So which features are those? I have Mac OS X 10.3.5 running on my iBook 700Mhz (640MB RAM) and it works perfectly. Not slowly. Not like crap. In fact, 10.3 is faster than 10.2 ever was on here.
Ok, you say you have an XP system, but you don't mention your OS X system. So uh... you're just another anti-mac zealot, right?
Nothing to see here...
So true... :)
:)
Another killer was doing an ftp-install of FreeBSD... That was probably my first reason for becoming a FreeBSD user. I could trim down the install to such a minimal level that it didn't take as long to download as any of the linux distros would have. And central source updates made keeping up-to-date over the modem rather easy for our lowly bandwidth.
First of all, it was far less than 50 diskettes to get a running system.
Second of all, how else would you recommend installing it back then? Did you have a CD burner in 1994?
Third of all, while there were CDs that you could install slackware from back then (usually attached to books or magazines, that is how I got slackware 3.0, while I had installed a previous version from floppies) not that many people had CD drives back then. I still have a stack of Windows 95 installation floppies (which I'm not going to dig out and count) but there were more of them than the number of disks it took to get slackware working with X and devel tools.
I realize you probably weren't being serious, but please explain what's so 'hard' about using a floppy disk. If you meant the distro itself was 'hard' then you probably haven't used it.
/* still uses slack to this day */
UMBC? yoU Made a Bad Choice! :)
:)
I know UMCP has plenty of wireless covereage. I can sit anywhere on the mall or any of the libraries, as well as many classrooms and get connected.
But, gloat away
A few machines of ours were compromised due to compromised accounts from other systems which were then used to execute local root exploits on a few high use machines at our place. I agree with the other poster that the attackers appeared more interested in government machines. We've tracked some of them to various military machines in the west, and NOAA and NASA machines here on the east. Attacks came from IPs at UCONN, Iowa State, as well as some places in Japan.
The machines were only compromised for a couple of hours thanks to our careful monitoring of the network and the machines. Due to the large number of users that log into the systems though, a number of passwords to other machines were compromized as well. Everything has been taken care of, but we're hearing reports at other universities and at NOAA of computers being down for a whole week while they assessed the damage. Ah well... just a little excitement in the life of IT.
I'm pretty sure that's what I was saying.
Actually, it's not like that at all. The first day of class you learn some basic unix. After that, they assumed you knew how to use it. The rest of the classes are completely separated from whatever tools you use. Like I said, you could program in Visual Studio if you wanted. The point was, you learned programming not tools and products.
That is different from lots of schools where it IS the product that you learn (i.e. Visual Studio) and not the real stuff, like how to program, how to analyze algorithms, and how to write efficient code.
And I don't know what college you go to, but what is the "quarter" thing you speak of? :)
Glad to know other Universities embrace the unix philosophy as well... :)
We also now have a cluster of Linux (redhat) machines that the upper-level courses do their coding on.
When I got here 3 years ago, you started out at C and moved to C++, etc. You only did Java and other languages once you got to your junior level (3rd year). Unfortunately, just this past year they now start the intro classes at Java. I overheard some teachers the other day saying they wished it was still C. Ah well, gotta change with the times, I guess. Either way, you learn more about how to code, than how to use an IDE, and that is what I feel is important.
I agree with your sentiments. Thankfully at my school (University of Maryland) we learned UNIX from day 1. And I literally mean that. The very first programming course you take, you are expected to write your program, test, and debug it on a unix cluster (DEC Alpha machines).
You learn how to navigate the unix environment, ssh, emacs, using grep, etc. all during your intro programming class. Sure you can write your program in Visual Studio, or whatever, but it has to run and be submitted on the unix cluster. The next programming class after the intro one you have to write Makefiles for your projects, etc. It's really a much more well rounded education that you can get learning strictly how to program in VS or something.
I though that was the norm, but apparently it isn't. Even though I knew all these things long before I went there, it was still nice to see that everyone else had to learn it regardless.
More on topic...
I'm glad I'm graduating a year... And I have no worries about being able to find a job. There's lots of jobs for the picking around the D.C. area, and I have plenty of friends already working at great places that can hook me up. I do feel sorry that a lot of good people are finding it difficult to get jobs, but like others have said, you definitely have to adapt to the situations. I realize that's not always possible for some people, but if they want any chance of hope they have to adapt. Sitting on your ass complaining about losing your job on slashdot isn't going to do anything to help you.
Getting an internship is a GREAT idea. Like you, instead of waiting until graduation to get my foot in the door, I've been working as a sysadmin at my school and I've learned much more than I could've learned in class, and all that knowledge and real world experience is even more beneficial after graduation. Not to mention the fact I get paid really well for my work.
Also it's NOT a screenshot of SkyOS with goatse loaded in a browser on it. In fact it doesn't even show a web browser in the screenshot.
Mirror of the image
to just do what they do at the University of Maryland and block Netbios and SMB? Seems like it would be more difficult (and costly) for them to just force people to upgrade to XP when a number of security vulnerabilities also exist for that. Sure blocking these services isn't a catch-all solution, but neither is forcing people to use a newer yet still buggy version of Windows.
Where I live (DC) there's a Netflix distribution center about 20 miles away in Gaithersburg. About a quarter of the time when I drop a DVD off at the post office on the way to work, they get it the same day and ship the next movie out and I get that the next day. I can watch significantly more movies for $20/mo with Netflix than the Blockbuster that's a half mile down the street.
While my other comment regarding the jdk was correct, in regards to your question "does it mean we don't need the linux-jdk anymore?" which I neglected to answer. Yes it still depends on linux-jdk for compilation purposes as evidenced by the port's Makefile.
Yes, that's exactly what you should do.
Just cvsup then: /usr/ports/java/jdk && make all install clean
cd
and then to get JFC (Swing): /usr/ports/java/jfc && make all install clean
cd
Source of these instructions.
More info on Java for FreeBSD.
Kde 2.0 Release Announcement
boo yow!
To stop animated .gif's, right click on the page and click "Stop Animations." It'd be nice if there was a one-click way to do that... but as of right now, that's how ya do it.
James Crawford
One thing, however... those "cheapo" computer show and sales really aren't all that bad. I've found some pretty good deals there. True, you can generally find better deals online, but I've had good success with these computer shows. I've been "e-screwed" a few times with online companies and it's been hell to get a DOA product replaced or my money back. At the computer shows, you actually talk to the people, get the product in your hands, and usually the dealers are phyiscally located nearby (say in Alexandria or Bethesda for instance) and if you have a problem... you know where they live! And like I said, the deals are competitive with products you can purchase online, especially when you factor in shipping costs and the "I want it now damnit!" factor.
But compared to what you're referring to... I guess these marketpro shows really don't compare.
I was thinking the exact same thing earlier today before this article came on slashdot. IRC servers are some of the most popular targets for these kinds of attacks and if the feds got involved somehow they could probably help curtail some of these attacks. But then... remember just what is on IRC: pirated software, mass porn channels... etc.. I don't think that the users and admins of EFNet would like the thought of having the government actually being part of their network. I know I wouldn't and the only channel I've pretty much ever been in on EFNet is #linuxhelp. (op in there since around 1996, but I haven't been on efnet in quite awhile due to channel takeovers and constant server splits.)
So I guess one of the main reasons for not getting the feds involved is for the protection of the users and the admins themselves. And the fact that for most of the ISPs that host those servers it's easier to just pull the plug on the server than deal with trying to prove "monetary losses" when their voluntarily run server is part of the medium that thousands of people use to trade pirated software.
Well, that's what I think anyways.
And yet this "no market share" has been rising steadily.
Lessee there's MacOS X...
And of course there's the relatively new TrustedBSD.
And you remember this article don't you, about RTL/BSD?
Oh yeah, and Windriver's acquisition of BSDi which will greatly benefit the other BSDs.
And here's a small quote:
de Icaza musta been coding too late or something because even on the front page of the Gnome site it says that "GNOME is included in pretty much every BSD and GNU/Linux distribution" so it must have some market share if it's worth keeping it compatible. Can't be that DEAD can it?