I don't understand the "forced to use Microsoft products" part.
Even when you need to work on Windows, why should you be _forced_ to use Internet Exploder? Mozilla is the first thing I always install on Windows.
There are organizations where people are indeed forced to use a fixed set of software. In this case, if there's a security hole, the responsability belongs to the sysadmin who forced people to use broken and out of date software.
I own a Logitech ergonomic cordless keyboard and 2.6.x still doesn't work with it. The key repeat is very strange and typing anything becomes impossible.
That's very strange. I also have a Logitech cordless confort keyboard that is basically the same but with a different base, and that one perfectly works.
There's no need for such a very technical benchmark.
Regular usage of various operating systems on the same host makes it obvious.
When it comes to speed and features (or bloat), Linux is more efficient than FreeBSD, NetBSD and OpenBSD. This is especially significant in SMP environments.
Linux users are always talking about the just-released experimental patches that will help their system to get 0.1% faster, or the most aggressive flags to optimize their Gentoo system.
BSD users just advocate their system with the generic word "robust".
Nowadays, stability is not really the key. Every Linux or BSD free operating system has basically the same stability. The software is the same, with the same bugs. The package system have equivalents (Debian works on NetBSD, Gentoo works a lot like BSD ports, etc) and support for common hardware is almost identical.
The reason to choose one OS over another is often more political than technical. People tend to use FreeBSD just to try "something else". People tend to use Linux because the Mandrake/RedHat/Conectiva/SuSE installers are beautiful or because Gentoo is fashion and a good way to learn what Unices are made of.
But if this is just to use common software like Apache and Qmail there's no real difference except speed. If this is what you need, Linux is definitely the best choice nowadays, especially since 2.6 kernels are almost ready for production use.
For other needs, your mileage may vary.
For instance I love OpenBSD for development. The compiler and the libc have very handy features to automatically detect bogus code. And the man pages are also excellent, with helpful hints.
For firewalls and trafic shaping, I wouldn't use anything but *BSD because of PF. PF is really the best thing in *BSD systems IMHO. The firewall is very easy to configure yet extremely powerful and fast. And I was fond of Iptables before.
For bridging and transparent firewalls, I would also use BSD because it seems to work better than Linux in this area.
In fact it's just like the girl of your dreams. Everyone's always looking for the perfect operating system that will perfectly fit all needs, but it just doesn't exist.
No 2.6.x kernel ever worked with my keyboard (tried to various hardware, just the keyboard was the same).
The keyboard is a Logitech Cordless Pro (ps/2, not USB).
With a 2.6.x or 2.6.x-mm kernel, the keyboard works a by oddly. A single key stroke can produce 20 characters. Or sometimes 0. It's very irregular and using the keyboard becomes impossible.
I had no problem with older 2.5.x kernels nor 2.4.x kernels. No problem with OpenBSD either.
I really don't understand why every time a single line of code is changed to this beta version of FreeBSD, a Slashdot article is made.
Moreover something like that one... Except some rare developpers, nobody knows what it actually changes. Just because in fact... nothing changes... only internals. So what's the point?
Argl, I forgot to enable "Extrans" before submitting the previous post:(
Let's try again, sorry for the noise, I believed "plain old text" would escape HTML tags.
---
Yes, HTMLTidy can "convert" an HTML page to XHTML. It basically adds CDATA marks, closes tags and create CSS classes instead of attributes like "background".
But correct XHTML is more than that. The goal is to actually give the right context to every element of the text.
to display a title, how do you want an automatic tool like Tidy to convert it to:
<h1>My company</h1>
?
It just can't. It will see a table with no caption, no column headers and three elements : two images and a text that is not supposed to be a title at all.
Converting an HTML web site with no semantic to XHTML using Tidy is useless. The result will still be unparsable (it will, but elements will have no meaning), the site will still be unaccessible to alternative browsers, it will still be a hell to maintain, etc. Of course easy navigation with the keyboard shortcuts using Mozilla is out of question.
And the code will even be larger because of the indentation, closing and styles created by Tidy.
All benefits of XHTML/CSS are totally lost.
Look at an horror like:
http://www.skyrock.com/
Try to access it with Lynx or the built-in browser of a phone or PDA with no support for styles (ex: Sony/Ericsson P800).
You don't see anything but the names of three files supposed to be images. And this is all you can see on the web site. You don't see any link nor any text.
Convert this to XHTML using Tidy.
The site still doesn't look like anything but three useless filenames. It's just twice longer to load because the code is larger.
Correct XHTML sites have to be designed the right way from the ground up. There's no magic to convert an horror to something clean. And even manually, the best way to do so is almost always to restart from scratch.
Yes, HTMLTidy can "convert" an HTML page to XHTML. It basically adds CDATA marks, closes tags and create CSS classes instead of attributes like "background".
But correct XHTML is more than that. The goal is to actually give the right context to every element of the text.
When you have an horror like:
My company
to display a title, how do you want an automatic tool like Tidy to convert it to:
My company
?
It just can't. It will see a table with no caption, no column headers and three elements : two images and a text that is not supposed to be a title at all.
Converting an HTML web site with no semantic to XHTML using Tidy is useless. The result will still be unparsable (it will, but elements will have no meaning), the site will still be unaccessible to alternative browsers, it will still be a hell to maintain, etc. Of course easy navigation with the keyboard shortcuts using Mozilla is out of question.
And the code will even be larger because of the indentation, closing and styles created by Tidy.
All benefits of XHTML/CSS are totally lost.
Look at an horror like:
http://www.skyrock.com/
Try to access it with Lynx or the built-in browser of a phone or PDA with no support for styles (ex: Sony/Ericsson P800).
You don't see anything but the names of three files supposed to be images. And this is all you can see on the web site. You don't see any link nor any text.
Convert this to XHTML using Tidy.
The site still doesn't look like anything but three useless filenames. It's just twice longer to load because the code is larger.
Correct XHTML sites have to be designed the right way from the ground up. There's no magic to convert an horror to something clean. And even manually, the best way to do so is almost always to restart from scratch.
OpenBSD (vn* devices) and Linux (crypto-loop) have this for years. NetBSD also has it. Windows XP also has it.
Now FreeBSD introduces yet another implementation of the same thing.
This is great, but what about interoperability?
Right now, all operating systems I can use encrypted partitions, but the way they do it is different on every system.
If I encrypt my USB memory key on FreeBSD, I won't be able to use it on Linux. Even if the actual file system is the same, even if the encryption algorithm is the same.
This is illogical. Encrypted partitions are nice for small, portable devices, that you can plug on various hosts running various operating systems. That's the theory. But because everyone reinvents the wheel, you can't do that. It won't work.
Now that we have filesystems that almost any operating system out there has support for (ext2/ext3 and vfat), maybe it would be nice to use a common format for the encryption layer.
It gives the server a new feature to answer that a host is nonexistent if it actually resolves to certain IP address.
It was specifically designed for Verisign:)
It works extremely well and brings back the DNS caching the way it was working until the Verisign change.
Get it here:
http://tinydns.org/djbdns-1.05-ignoreip.patch
Or if you want a pre-patched djbdns including this patch and other recommended patches (like the Linux glibc patch and other patches that don't break the stability):
ftp://ftp.fr.pureftpd.org/misc/djbdns-jedi.tar.g z
I've installed several Courier-IMAP servers on very loaded systems and they always worked like a charm.
Courier-IMAP is simple to set up, yet extremely configurable and easy to customize for special needs (especially when you need a specific authentication backend).
It supports IMAP over SSL by default and the package also includes a POP server. So setting up a POP/IMAP/IMAPS server is simple, using only one software.
No compatiblity issue even with picky clients.
The Maildir format is a plus and it integrates very well with Qmail and Postfix. What else to expect?
Dovecot is also very nice. Not as flexible and feature as Courier-IMAP, but I use it on a personal server and it works very well so far.
I tried Cyrus, I just hate it. SASL is silly, why reinvent the weel? Cyrus is an horror to configure and the documentation rather sucks. The code is spaghetti. A bunch of remotely exploitable vulnerabilities have also been discovered. And it uses its own format to store mails, that is just incompatible with everything else and that doesn't scale (what happens when you got more that 32k subdirectories on an ext3 or UFS partition? Nothing works any more).
People are driving on it and they go where they want to go.
On a real highway, everything works like a charm when these conditions are met:
- people respect the driving laws.
- drivers are mentally and physically ok, and they have a driving license.
- cars are secure.
When you violate these rules: 1) You can make severe damage to yourself and to other people. 2) You can say goodbye to your driving license and/or your car, you can have to pay a lot of money and you can go to jail.
Now, how are things on the "internet highway"?
Anyone can drive. Even people who absolutely don't know how to drive (ie. people don't patch their system, never heard about the netiquette, send HTML mails, etc).
Most people have a car that wasn't designed to drive on a highway (Windows is obviously something _not_ designed with security in mind).
People don't even keep their car in a good state (no update).
As a result, when their car explodes, they happily make all other car explode as well.
They are so many people violating the driving laws that it's a common practice that correct people tolerate.
I receive hundreds of SPAM and Nimda virus every day, my host is scanned on ports 21 and 135 every minute, my web server receive IIS unicode attacks every hour. This is just "normal", and I can't do anything but ignore that, because this is how the "highway" is nowadays.
Jesus. The fact that internet is a marvellous world where anyone can connect and express himself is great. But nowadays, it's nothing but a big mess and even careful drivers are hit by the silliness of people driving with broken cars and no license.
And if you still have issues, ask for help on the mailing-list. Maybe you forgot to forward some ports or something like that.
However the problem with the GNU Server is that someone with local shell access used a Linux kernel bug to gain root access. Pure-FTPd wouldn't help a lot in this case.
This is probably not considered a mainframe, but does anyone know how to train with OS/400 and z/OS ?
A lot of companies are looking for people with AS/400 knowledge. But none is willing to pay any initial training ("because it would be cheaper to get a support contract with IBM" I was told once).
So they are looking for people who already know about AS/400.
But AS/400 is not something we usually learn at CS school. I've looked at AS/400 learning sessions at IBM's and at various learning centers and prices are way too high for an individual, even to learn the basics.
So I'm desperate : is there any way to get experience on those machines?
- Is a valuable thing to grab through cross-scripting vulnerabilities.
- Waste space on your hard disk and they are a mess to sort out (visit a web site, get 3 new cookies).
- There use is totally irrelevant most of the time. You absolutely don't need cookies to track sessions. Ever heard about GET and POST methods and their abilities to carry variables? Ever heard about the SID variable in PHP?
So what are cookies really useful for?
To avoid users type their username/password? Well... most browsers can autofill forms so this is not a big issue any more.
The only real "use" of cookies I can see is for advertisement capping (so that an ad is only shown once).
Slashdot Mirror
I don't understand the "forced to use Microsoft products" part.
Even when you need to work on Windows, why should you be _forced_ to use Internet Exploder?
Mozilla is the first thing I always install on Windows.
There are organizations where people are indeed forced to use a fixed set of software. In this case, if there's a security hole, the responsability belongs to the sysadmin who forced people to use broken and out of date software.
I own a Logitech ergonomic cordless keyboard and 2.6.x still doesn't work with it. The key repeat is very strange and typing anything becomes impossible.
That's very strange. I also have a Logitech cordless confort keyboard that is basically the same but with a different base, and that one perfectly works.
Well... yes.
There are better (at least for performance) alternatives like Zeus, but why they aren't as popular as Apache is because these products cost money.
There's no need for such a very technical benchmark.
Regular usage of various operating systems on the same host makes it obvious.
When it comes to speed and features (or bloat), Linux is more efficient than FreeBSD, NetBSD and OpenBSD. This is especially significant in SMP environments.
Linux users are always talking about the just-released experimental patches that will help their system to get 0.1% faster, or the most aggressive flags to optimize their Gentoo system.
BSD users just advocate their system with the generic word "robust".
Nowadays, stability is not really the key. Every Linux or BSD free operating system has basically the same stability. The software is the same, with the same bugs. The package system have equivalents (Debian works on NetBSD, Gentoo works a lot like BSD ports, etc) and support for common hardware is almost identical.
The reason to choose one OS over another is often more political than technical. People tend to use FreeBSD just to try "something else". People tend to use Linux because the Mandrake/RedHat/Conectiva/SuSE installers are beautiful or because Gentoo is fashion and a good way to learn what Unices are made of.
But if this is just to use common software like Apache and Qmail there's no real difference except speed. If this is what you need, Linux is definitely the best choice nowadays, especially since 2.6 kernels are almost ready for production use.
For other needs, your mileage may vary.
For instance I love OpenBSD for development. The compiler and the libc have very handy features to automatically detect bogus code. And the man pages are also excellent, with helpful hints.
For firewalls and trafic shaping, I wouldn't use anything but *BSD because of PF. PF is really the best thing in *BSD systems IMHO. The firewall is very easy to configure yet extremely powerful and fast. And I was fond of Iptables before.
For bridging and transparent firewalls, I would also use BSD because it seems to work better than Linux in this area.
In fact it's just like the girl of your dreams. Everyone's always looking for the perfect operating system that will perfectly fit all needs, but it just doesn't exist.
No 2.6.x kernel ever worked with my keyboard (tried to various hardware, just the keyboard was the same).
:(
The keyboard is a Logitech Cordless Pro (ps/2, not USB).
With a 2.6.x or 2.6.x-mm kernel, the keyboard works a by oddly. A single key stroke can produce 20 characters. Or sometimes 0. It's very irregular and using the keyboard becomes impossible.
I had no problem with older 2.5.x kernels nor 2.4.x kernels. No problem with OpenBSD either.
It's a real pity
About 10 years ago, thousands of free and non-free Minitel (french bbs-like) servers did it.
Including real-time chat that let you see every key stroke of other users.
The problem is : if Microsoft is judged responsible, what would happen to others in the same situation ? Especially to free software ?
I really don't understand why every time a single line of code is changed to this beta version of FreeBSD, a Slashdot article is made.
:
Moreover something like that one... Except some rare developpers, nobody knows what it actually changes. Just because in fact... nothing changes... only internals. So what's the point?
And the 3.4 OpenBSD song has been released
http://www.openbsd.org/lyrics.html
Why is there no Slashdot article about this?
Argl, I forgot to enable "Extrans" before submitting the previous post :(
:
:
:
Let's try again, sorry for the noise, I believed
"plain old text" would escape HTML tags.
---
Yes, HTMLTidy can "convert" an HTML page to XHTML. It basically adds CDATA marks, closes tags and create CSS classes instead of attributes like "background".
But correct XHTML is more than that. The goal is to actually give the right context to every element of the text.
When you have an horror like
<table><tr><td width="100%" align="center"><img src="transparentpix.gif" width="20"><font size="9"><b>My company</b></font><img src="transparentpix.gif" width="20"></td></tr></table>
to display a title, how do you want an automatic tool like Tidy to convert it to
<h1>My company</h1>
?
It just can't. It will see a table with no caption, no column headers and three elements : two images and a text that is not supposed to be a title at all.
Converting an HTML web site with no semantic to XHTML using Tidy is useless. The result will still be unparsable (it will, but elements will have no meaning), the site will still be unaccessible to alternative browsers, it will still be a hell to maintain, etc. Of course easy navigation with the keyboard shortcuts using Mozilla is out of question.
And the code will even be larger because of the indentation, closing and styles created by Tidy.
All benefits of XHTML/CSS are totally lost.
Look at an horror like
http://www.skyrock.com/
Try to access it with Lynx or the built-in browser of a phone or PDA with no support for styles (ex: Sony/Ericsson P800).
You don't see anything but the names of three files supposed to be images. And this is all you can see on the web site. You don't see any link nor any text.
Convert this to XHTML using Tidy.
The site still doesn't look like anything but three useless filenames. It's just twice longer to load because the code is larger.
Correct XHTML sites have to be designed the right way from the ground up. There's no magic to convert an horror to something clean. And even manually, the best way to do so is almost always to restart from scratch.
Yes, HTMLTidy can "convert" an HTML page to XHTML. It basically adds CDATA marks, closes tags and create CSS classes instead of attributes like "background".
:
:
:
But correct XHTML is more than that. The goal is to actually give the right context to every element of the text.
When you have an horror like
My company
to display a title, how do you want an automatic tool like Tidy to convert it to
My company
?
It just can't. It will see a table with no caption, no column headers and three elements : two images and a text that is not supposed to be a title at all.
Converting an HTML web site with no semantic to XHTML using Tidy is useless. The result will still be unparsable (it will, but elements will have no meaning), the site will still be unaccessible to alternative browsers, it will still be a hell to maintain, etc. Of course easy navigation with the keyboard shortcuts using Mozilla is out of question.
And the code will even be larger because of the indentation, closing and styles created by Tidy.
All benefits of XHTML/CSS are totally lost.
Look at an horror like
http://www.skyrock.com/
Try to access it with Lynx or the built-in browser of a phone or PDA with no support for styles (ex: Sony/Ericsson P800).
You don't see anything but the names of three files supposed to be images. And this is all you can see on the web site. You don't see any link nor any text.
Convert this to XHTML using Tidy.
The site still doesn't look like anything but three useless filenames. It's just twice longer to load because the code is larger.
Correct XHTML sites have to be designed the right way from the ground up. There's no magic to convert an horror to something clean. And even manually, the best way to do so is almost always to restart from scratch.
Maybe it is better, faster, stronger.
But it doesn't work outside a development version of one specific operating system.
So it is just as useless as other solutions for portable storage devices that you want to plug into friend's computers.
This is not a new idea.
OpenBSD (vn* devices) and Linux (crypto-loop) have this for years. NetBSD also has it. Windows XP also has it.
Now FreeBSD introduces yet another implementation of the same thing.
This is great, but what about interoperability?
Right now, all operating systems I can use encrypted partitions, but the way they do it is different on every system.
If I encrypt my USB memory key on FreeBSD, I won't be able to use it on Linux. Even if the actual file system is the same, even if the encryption algorithm is the same.
This is illogical. Encrypted partitions are nice for small, portable devices, that you can plug on various hosts running various operating systems. That's the theory. But because everyone reinvents the wheel, you can't do that. It won't work.
Now that we have filesystems that almost any operating system out there has support for (ext2/ext3 and vfat), maybe it would be nice to use a common format for the encryption layer.
Guys, please stop playing with your Wifi devices.
See the results...
Other DNS caches like djbdns provided patches to handle this before Bind.
Why a Slashdot article to specifically announce the late Bind implementation?
A patch against this is available for djbdns.
:)
:
:
g z
It gives the server a new feature to answer that a
host is nonexistent if it actually resolves to certain IP address.
It was specifically designed for Verisign
It works extremely well and brings back the DNS caching the way it was working until the Verisign change.
Get it here
http://tinydns.org/djbdns-1.05-ignoreip.patch
Or if you want a pre-patched djbdns including this patch and other recommended patches (like the Linux glibc patch and other patches that don't break the stability)
ftp://ftp.fr.pureftpd.org/misc/djbdns-jedi.tar.
I've installed several Courier-IMAP servers on very loaded systems and they always worked like a charm.
.
Courier-IMAP is simple to set up, yet extremely configurable and easy to customize for special needs (especially when you need a specific authentication backend).
It supports IMAP over SSL by default and the package also includes a POP server. So setting up a POP/IMAP/IMAPS server is simple, using only one software.
No compatiblity issue even with picky clients.
The Maildir format is a plus and it integrates very well with Qmail and Postfix. What else to expect?
Dovecot is also very nice. Not as flexible and feature as Courier-IMAP, but I use it on a personal server and it works very well so far.
I tried Cyrus, I just hate it. SASL is silly, why reinvent the weel? Cyrus is an horror to configure and the documentation rather sucks. The code is spaghetti. A bunch of remotely exploitable vulnerabilities have also been discovered. And it uses its own format to store mails, that is just incompatible with everything else and that doesn't scale (what happens when you got more that 32k subdirectories on an ext3 or UFS partition? Nothing works any more)
USB keys are really neat to store keys (PGP, SSH, etc) .
This is definitely the handiest way to replace multiple passwords.
Internet is often described as a "highway".
:
:
.
.
People are driving on it and they go where they want to go.
On a real highway, everything works like a charm when these conditions are met
- people respect the driving laws.
- drivers are mentally and physically ok, and they have a driving license.
- cars are secure.
When you violate these rules
1) You can make severe damage to yourself and to other people.
2) You can say goodbye to your driving license and/or your car, you can have to pay a lot of money and you can go to jail.
Now, how are things on the "internet highway"?
Anyone can drive. Even people who absolutely don't know how to drive (ie. people don't patch their system, never heard about the netiquette, send HTML mails, etc)
Most people have a car that wasn't designed to drive on a highway (Windows is obviously something _not_ designed with security in mind).
People don't even keep their car in a good state (no update)
As a result, when their car explodes, they happily make all other car explode as well.
They are so many people violating the driving laws that it's a common practice that correct people tolerate.
I receive hundreds of SPAM and Nimda virus every day, my host is scanned on ports 21 and 135 every minute, my web server receive IIS unicode attacks every hour. This is just "normal", and I can't do anything but ignore that, because this is how the "highway" is nowadays.
Jesus. The fact that internet is a marvellous world where anyone can connect and express himself is great. But nowadays, it's nothing but a big mess and even careful drivers are hit by the silliness of people driving with broken cars and no license.
If you're worried about plaintext passwords through FTP, just use an FTP server that supports FTP over SSL/TLS.
Read the FAQ : http://pure-ftpd.org/FAQ
And if you still have issues, ask for help on the mailing-list. Maybe you forgot to forward some ports or something like that.
However the problem with the GNU Server is that someone with local shell access used a Linux kernel bug to gain root access. Pure-FTPd wouldn't help a lot in this case.
This is probably not considered a mainframe, but does anyone know how to train with OS/400 and z/OS ?
A lot of companies are looking for people with AS/400 knowledge. But none is willing to pay any initial training ("because it would be cheaper to get a support contract with IBM" I was told once).
So they are looking for people who already know about AS/400.
But AS/400 is not something we usually learn at CS school. I've looked at AS/400 learning sessions at IBM's and at various learning centers and prices are way too high for an individual, even to learn the basics.
So I'm desperate : is there any way to get experience on those machines?
Any emulator, maybe?
> Are you talking about dynamically creating URLs on the client side?
Dynamic or not, even window.open('...') is not rewritten.
> you can assign the SID to a JavaScript variable initialisation on the server side.
And how is it still transparent then?
It's half-transparent. Sometimes it works, sometimes you must take care or doing it manually, possibly by adding new tweaks to your code. It's a mess.
Transparent session IDs is not that reliable.
For instance it doesn't work with Javascript.
And I really don't like to have the interpreter transparently rewrite parts of my XHTML code in a different way.
Manually adding the SID variable to each link is not a big deal and at least, the result you get is exactly the one you expect.
This is a damn good thing.
:
.
.
Cookies
- Violate your privacy.
- Is a valuable thing to grab through cross-scripting vulnerabilities.
- Waste space on your hard disk and they are a mess to sort out (visit a web site, get 3 new cookies)
- There use is totally irrelevant most of the time. You absolutely don't need cookies to track sessions. Ever heard about GET and POST methods and their abilities to carry variables? Ever heard about the SID variable in PHP?
So what are cookies really useful for?
To avoid users type their username/password? Well... most browsers can autofill forms so this is not a big issue any more.
The only real "use" of cookies I can see is for advertisement capping (so that an ad is only shown once)
A 200Gb hard disk costs about $200.
5.6TB probably costs about $5,000.
Rather cheap to make it possible to crack highly confidential info protected by an a military-grade encryption algorithm.