It's nice to see so many genome-related research projects receive renewed interest and attention after the terrorist attacks.
Although the citizens of the U.S. will probably suffer an unspeakable loss of civil liberties and privacy, we will probably reap many benefits from the medical research that was spurred.
Doesn't UNIX have the same limitations? I have never seen a daemon invoke/bin/su to change credentials, because it is clunky and unreliable. UNIX processes can also have a saved or real uid different from their effective uid, and require that separate processes are used in order to completely drop privilege. (For a look at this mechanism in action, see the source of your favorite ftp daemon.)
The problem as I see it with NT is that they *need* this "su to someone else" functionality to run their web server because running different scripts as different users is a very common configuration. Apache users are accustomed to running everything as the same user (except for suexec users) so it's not a big deal.
The root of IIS's troubles is not exploitability of particular services. It is the fact that much of the IIS server code runs as SYSTEM, which is the same as "root" under UNIX - an all-powerful user. Years ago, the developers of NCSA httpd and Apache learned to make their products usable by non-root users. Currently, Apache only needs root privileges to bind to port 80 - then it completely relinquishes them. That is the way it should be and that would make 0wning an IIS box many times more difficult - because using an "ordinary user" account to get SYSTEM access on NT is a lot more difficult than on UNIX because NT doesn't have setuid bits.
Admittedly, IIS does run certain scripts and perform certain functions as a "nobody" user. But most of the recent exploits were able to get an immediate "root shell" because the services being exploited did run as SYSTEM. And unless Microsoft is willing to address that problem, admins who need to enable many services and don't keep up on patches will still get rooted on a regular basis.
Windows pipes are much lower on the evolutionary ladder than Linux IPC mechanisms. Consider:
Windows pipes cannot exist in arbitrary places on the filesystem. Therefore service hijackings are easy if you can DOS the existing service into dying. On Linux, an ordinary user can't create/dev/log or/dev/printer (even if they kill syslogd/lpd), but on Windows anyone can name a pipe whatever they want (as long as it doesn't already exist).
Windows pipes have no access control. Hmm, didn't SANS just report on the sorry state of Windows security?
Windows pipes do not support ancillary data or OOB data. This makes them limited communication facilities.
Linux pipes use copy-on-write instead of straight out copying. Therefore the paging mechanisms enhance speed because the data is simply remapped, not manually copied.
Linux provides a much richer set of IPC mechanisms, such as semaphores, shm, messages, as well as the socket based facilities.
Linux pipes are much easier to write for. Win32 pipes are difficult to use in a C program and subtle programming errors can cause many problems in unrelated modules.
As is often the case, Microsoft just threw something together and called it "infrastructure." Linux developers drew on 25 years of UNIX evolution and experience, and made a better product as a result.
Forgot a big one: Debian changed the default X config so that it listens on a local UNIX socket instead of 0.0.0.0:6000. Coupled with ssh X forwarding, this maintains all the old functionality but makes a huge difference in security.
Many of these vulnerabilities have been addressed in the past 1-2 years by the major Linux vendors. Redhat and Debian, in particular, have been quite good at reducing the avenues of attack. For instance, the changes I've observed include:
Redhat used to open up the xfs port to internet traffic, but now uses a local UNIX socket. No access -> no exploit.
After many problems with lpd, most Linux distros now restrict the internet hosts that can connect to port 515 to localhost only.
I don't know of a single Linux distro that ships with default passwords for any user. (Even Solaris and the other oldskool unices stopped this practice within the past few years.)
With the rp_filter option, Linux (by default) drops packets that are spoofed to look like they come from a different network. For instance, traffic from the internet with your internal network's addresses in the header is automatically discarded. (FreeBSD should really do the same but they're being stubborn about it.)
GNU Apache and most of the distros out there remove all of the sample cgis (like nph) that used to be a security threat. Indeed, my Debian box has only the Apache manual (static html) installed; and that's damn hard to exploit.:)
Samba has never been vulnerable to the NETBIOS unprotected share vulnerabilities. It takes a considerable amount of effort to enable sharing anything via Samba to the general public - if you don't intend for that to happen, it's not going to happen.
Samba has no Null Session support. Samba does not send out lists of users (the equivalent of/etc/passwd under shadowing) like NT does. It is very difficult to break into a Linux box through SMB networking.
In general, setuid root programs have become setgid (something else) programs through the years. xterm and xlock immediately come to mind; on other platforms (even OpenBSD) they are still setuid root. This further hardens the GNU/Linux system. ps and netstat do not need privilege because of the privilege-bracketing nature of/proc.
Linux boxes are much more secure than any of the competitors. Solaris is getting better; UnixWare is pretty hopeless (see BUGTRAQ). NT is... well, draw your own conclusions about NT. I feel much safer with a Linux server than with any other OS and the security just keeps getting better.
The SuSE approach to Linux distros is misguided and likely to blame for the poor financial shape of the company. Consider:
The everything-but-the-kitchen-sink approach to software. How many users choose SuSE just because the esoteric, useless package they need is provided as an rpm? It's probably not that many. Seriously, folks - how many users *actually need* five or six CDs of packages? Debian offers three but only the first is really required, unless you need something weird. But Debian doesn't have to pay the maintainers of the extraneous CDs; they're volunteers.
The crappy installer. It's proprietary and annoying. dselect or kpackage blows it out of the water. And the penguin looks like the ball he's sitting on is wedged up his behind. (cf "Take it Tux")
The fact that you need to cycle through each of the 5-6 installation CDs for a standard install. It completely defies reason.
The silly, unprofessional prompts. "Have a lot of fun!" Is this really from a serious company that wants to make money? I showed it to my boss and he thought it was a joke (like the "redneck" dialect in RH 4 - which actually was funny).
Beeping right before rebooting the system. Again, it serves no useful purpose and only annoys your office mates.
I'm sure there are plenty of other reasons. SuSE is losing customers because Debian, Mandrake, and even Redhat have replaced it for all practical purposes. The only good thing about SuSE is that the company supports some very nice projects (such as ReiserFS) - and for that I will be sad to see it go.
I work for a small firm that offers UNIX (including Linux) based software to integrate the newer UNIX servers with old mainframe applications (like CICS and such). We have 110 employees, 95 of whom are "technical" (coders, sysadmins, etc.). A few months ago we tried to move the 15 non-technical employees (receptionists, accounting, etc.) to a Linux desktop, to save ourselves from spiraling Microsoft upgrade costs. We tried several combinations of KDE, Gnome, and traditional window managers; we also tried both Koffice and StarOffice for word processing and spreadsheets. (For text editing, vim was out of the question; emacs was bordering on insanity.) The result? They hated it, and productivity went down fast. The IS folks' workload tripled overnight as the Linux newbies got stuck trying to figure out why the KDE/Gnome desktops were so illogical. We couldn't find a non-IE browser that would work with our bank's site, so bookkeeping needed a Windows PC regardless (which they tended to fight over, since nobody liked Linux). People would hit the reset button when X died or crashed, and the resulting fsck would take half their filesystem with it. It was a nightmare.
Today our non-techies run Windows and our coders mostly run Linux, just as before. And it works (relatively) well. There are crashes and annoyances on the Windows side but at least it's usable. Linux simply isn't up to the task yet - and with funding for open source projects going down the toilet as LNUX, SGI, CALD, and RHAT slowly die off, things aren't going to change anytime soon.
My neighbor is an attorney who is on retainer for one of the Baby Bells, and we were talking about the 10 lawsuits that were heading to the Supreme Court. He said that his clients were not concerned that the rulings would do anything besides strengthen the status quo, and that his client will be invariably pleased with the result. Why? Because the lawsuits are not questioning the interpretation of the law; rather, they are questioning the fairness of it. And the Supreme Court does not necessarily aim for the most fair result - its only obligation is to make sure the law is Constitutional, and to set a precedent for interpreting the law so that it fulfills the intent of Congress.
He said that any meaningful reform of the 1996 telecom act would need a lot of intervention from Capitol Hill, and the interests that oppose reform are giving like mad to our elected leaders.
In my MIS course, we learn about client-server technology, but when I ask if my peers have tested their web pages on Macintosh, they reply, "Why would I have to do that?" Most of them don't even think of Linux as an operating system, but more as a hacker's toy. Forget about asking them to make it Mozilla or Lynx compatible. They don't want to waste their time. But the University will make sure it is ADA compliant, since any institution that receives federal funding must require this...
Unfortunately, this is just a reflection of the realities of the marketplace. What will happen if a site that requires ADA compliance is not compliant? The owner will probably get fined by the government. What happens if the site isn't Lynx or Netscape on Linux compatible? They risk alienating a couple of die-hard Linux users - BUT, most of us are used to just cursing out the site and booting into Windows, if we really need to access it. Why? Because a lot of sites are like that and it's not something that can easily be changed.
Supporting Linux users just doesn't make a positive impact on the bottom line for the average business.
the company that designed the copy protection being used in CDs that nobody really buys
Don't let this lull you into a false sense of complacency. It's just being beta tested right now (except for Universal Music). When not enough people complain anymore about not being able to play CDs on their computers (and they will give up soon), some sort of copy protection will show up on every CD ever manufactured.
On the plus side, copy protection is always an arms race and the hackers have the upper hand. Remember when Copy II Plus came out for the Apple II and it could break every single media-based copyprotect scheme that existed at the time? There is still hope.
Apple has a really bad taste in their mouth from the last time their "look and feel" was blatantly copied. I've used Aqua quite a bit since it came out (one of our machines here at work runs OS X) and it is a *very* slick interface. If they set the precedent of tolerating copying by allowing us Linux users to use similar themes, M$ would have a very good argument to cover their butts when Apple inevitably sues them for doing the same thing.
-sting3r
Don't profit from criminal acts
on
Brian West Update
·
· Score: 1, Interesting
Isn't it obvious to us computer types by now that trying to profit from shady/unscrupulous/criminal acts will land you in trouble with the legal system? The precedents are overwhelming:
If I give copies of WinXP to my friends or share them on an ftp site, either a) nothing will happen, or b) my ISP will cut me off. If I try to sell them to strangers, I will go to jail.
If I discover a security hole and report it to BUGTRAQ, nobody cares. If I try to use it for extortion or try to sell the information, I will go to jail (just like this guy).
If I run a (arguably) for-profit song-swapping service that deals mostly in copyrighted songs (which I have no license to distribute), I will get sued into oblivion. If I am a Gnutella node, the worst they can do is cancel my @home account.
An un-split Microsoft has no choice but to use IIS. How much faith would you have in the Apache Project if their Jakarta team, for instance, switched their home page over to IIS or AOLserver?
Many pundits and observers believed that Microsoft would be more profitable split than whole. Why? Because the two (or three) BabySofts would not need to promote each others' products, and they would still not be in competition with each other. Currently the IIS offering hurts the Hailstorm group because they are not free to choose the best, most secure product(s) to run their system. Bad for billg, good for the Hailstorm detractors.
I think I speak for the majority of experienced sysadmins when I say that closed source software is a huge pain to support. Excluding relational databases and the like, the majority of the time, using OSS exclusively just makes sense. I'm not a Stallmanite and I don't mind software that is released under a non-Free Open Source license (like IPfilter) - although those packages do have limited benefit to the community because of distribution restrictions. It's just that being able to change the source and recompile it of the utmost importance when dealing with software conflicts, bugs, and customization. And that's why I think these "powerpacks" are a bad idea - they're just a bunch of bloat, and they tie my hands as a sysadmin because I can't fix them when they break.
If I wanted to have a job where I had to wake up every day and tell my users, "sorry, that's just the way it works" or "I can't do anything about that", I would administer a bunch of Win2k boxes. But I run a cluster of Linux systems because I like the environment, and it helps me serve my employer and my users to the best of my ability. Nothing is impossible if the admin is willing to do a little hacking and recompiling. And that's why closed-source powerpacks are undermining all of the advantages that OSS has brought to the marketplace.
The Security Systems Standards and Certification Act will do nothing but put a feather in the cap of a large, monopolizing software giant who is already in trouble with anti-trust concerns. If this bill is passed, we (computer users) will be forced to use the very operating system that is at the center of all the anti-trust proceedings mentioned above. It is *another story* of "the left hand not paying attention to what the right hand is doing." Typical of bureaucracy. ..
The US governemnt can easily do for a "suspected cryptographic datastream" the same thing that the UK government has done for encryption keys: make it the suspect's burden of proof that they aren't using encryption.
Does this fly in the face of the "innocent until proven guilty" policy? Definitely. But these new laws aren't there for the citizens' benefit - they're there for the snoops, and the snoops don't care if you're sent to jail for 20 years because you couldn't prove you weren't using PGP.
Although it is very cool to have these new models available, the PDA industry is facing an uphill struggle right now as the economy sours and the industry's usual customers don't have quite as much discretionary income which can be spent on expensive toys like these. Although Visor does have a definite cost advantage over Palm, it is not clear whether or not the market will sustain either as users move to cheaper CE-based devices.
I really hate to say it, but I am not optimistic about Visor's chances of turning a profit anytime soon. Cheaper knockoffs are starting to chip away at their customer base, and muchwealthier companies are taking over the high end with their CE devices.
I am shocked and dismayed to see an article like this on Slashdot just days after such a horrible tragedy. The terrorist acts that occurred last Tuesday have destroyed the nation's sense of security and we all need to support Congress as they do everything within their power to apprehend the individuals involved and prevent this from happening again.
Almost 5000 people are still missing, presumed dead (or buried without hope). That could have been any one of us, or our family members, friends, or co-workers. If it could happen in New York, it could happen anywhere in America. How can the./ editors sit there and bitch about privacy and civil liberties (which pretty much don't exist in this country anyway) when five thousand people are dead? Who do they think they are, anyway? Obviously they have not felt the pain of losing a loved one to this senseless act.
We all need to face the fact that things are going to be different after this tragedy. We need to let our elected officials do what they need to do to make sure this never happens again. Because next time, it could be one of us in that jet or in that building. And you're not going to be thinking about giving criminals more rights anymore when they're about to crash the plane you're on.
Everyone who keeps complaining about the port 80 blocking needs to put the situation in perspective. (Yes I am one of them.) http is one of those "nice" Internet services that will easily run on any port, without changes to the client software. Try to do that with Windows SMB networking - you can't (easily) because the port range is hard-coded into the OS and can't be changed without much hacking. At least we have the option of simply changing our URLs to end with ":81" to solve the problem. And if you happen to be serving a domain off your cable modem and the:81 makes your URL look ugly... well, cable modems just weren't designed for serving domains anyway, so look for another provider.
If @home *really* wanted to be jerks, they could block incoming connections to your PC (except as required by ftp/irc clients). We agreed not to run servers so that's well within their rights. But they're not doing that and it's trivial to work around the port 80 block, so let's just be happy for what we have (and enjoy the newfound lack of Code Red sponsored congestion).
Lego obviously has no financial incentive to prosecute customers who write or utilize alternative software on their devices. Why? Because it doesn't hurt their bottom line at all. These devices aren't like somedevices which are sold at a loss and rely on subscription or advertising revenue to survive. Lego has made their profit by the time their device is sold, and so it doesn't matter to them whether the toy is used, thrown away, hacked, or left on the shelf. Hacking the toys costs Lego nothing.
The only legitimate argument in the article was that Lego might get a few support calls from users of alternative software. The way to deal with this is the same exact way that Tivo deals with upgrades, AMD deals with overclocking, and Maxtor deals with tinkerers: void the warranty if the user tampers with the equipment and something breaks. Simple.
Slashdot Mirror
Although the citizens of the U.S. will probably suffer an unspeakable loss of civil liberties and privacy, we will probably reap many benefits from the medical research that was spurred.
-sting3r
The problem as I see it with NT is that they *need* this "su to someone else" functionality to run their web server because running different scripts as different users is a very common configuration. Apache users are accustomed to running everything as the same user (except for suexec users) so it's not a big deal.
Or am I way off base here?
-sting3r
Admittedly, IIS does run certain scripts and perform certain functions as a "nobody" user. But most of the recent exploits were able to get an immediate "root shell" because the services being exploited did run as SYSTEM. And unless Microsoft is willing to address that problem, admins who need to enable many services and don't keep up on patches will still get rooted on a regular basis.
-sting3r
-sting3r
As is often the case, Microsoft just threw something together and called it "infrastructure." Linux developers drew on 25 years of UNIX evolution and experience, and made a better product as a result.
-sting3r
Forgot a big one: Debian changed the default X config so that it listens on a local UNIX socket instead of 0.0.0.0:6000. Coupled with ssh X forwarding, this maintains all the old functionality but makes a huge difference in security.
Linux boxes are much more secure than any of the competitors. Solaris is getting better; UnixWare is pretty hopeless (see BUGTRAQ). NT is ... well, draw your own conclusions about NT. I feel much safer with a Linux server than with any other OS and the security just keeps getting better.
-sting3r
I'm sure there are plenty of other reasons. SuSE is losing customers because Debian, Mandrake, and even Redhat have replaced it for all practical purposes. The only good thing about SuSE is that the company supports some very nice projects (such as ReiserFS) - and for that I will be sad to see it go.
-sting3r
Today our non-techies run Windows and our coders mostly run Linux, just as before. And it works (relatively) well. There are crashes and annoyances on the Windows side but at least it's usable. Linux simply isn't up to the task yet - and with funding for open source projects going down the toilet as LNUX, SGI, CALD, and RHAT slowly die off, things aren't going to change anytime soon.
-sting3r
He said that any meaningful reform of the 1996 telecom act would need a lot of intervention from Capitol Hill, and the interests that oppose reform are giving like mad to our elected leaders.
-sting3r
Unfortunately, this is just a reflection of the realities of the marketplace. What will happen if a site that requires ADA compliance is not compliant? The owner will probably get fined by the government. What happens if the site isn't Lynx or Netscape on Linux compatible? They risk alienating a couple of die-hard Linux users - BUT, most of us are used to just cursing out the site and booting into Windows, if we really need to access it. Why? Because a lot of sites are like that and it's not something that can easily be changed.
Supporting Linux users just doesn't make a positive impact on the bottom line for the average business.
-sting3r
Don't let this lull you into a false sense of complacency. It's just being beta tested right now (except for Universal Music). When not enough people complain anymore about not being able to play CDs on their computers (and they will give up soon), some sort of copy protection will show up on every CD ever manufactured.
On the plus side, copy protection is always an arms race and the hackers have the upper hand. Remember when Copy II Plus came out for the Apple II and it could break every single media-based copyprotect scheme that existed at the time? There is still hope.
-sting3r
Apple has a really bad taste in their mouth from the last time their "look and feel" was blatantly copied. I've used Aqua quite a bit since it came out (one of our machines here at work runs OS X) and it is a *very* slick interface. If they set the precedent of tolerating copying by allowing us Linux users to use similar themes, M$ would have a very good argument to cover their butts when Apple inevitably sues them for doing the same thing.
-sting3r
Crime doesn't pay (much).
-sting3r
An un-split Microsoft has no choice but to use IIS. How much faith would you have in the Apache Project if their Jakarta team, for instance, switched their home page over to IIS or AOLserver?
Many pundits and observers believed that Microsoft would be more profitable split than whole. Why? Because the two (or three) BabySofts would not need to promote each others' products, and they would still not be in competition with each other. Currently the IIS offering hurts the Hailstorm group because they are not free to choose the best, most secure product(s) to run their system. Bad for billg, good for the Hailstorm detractors.
-sting3r
I think I speak for the majority of experienced sysadmins when I say that closed source software is a huge pain to support. Excluding relational databases and the like, the majority of the time, using OSS exclusively just makes sense. I'm not a Stallmanite and I don't mind software that is released under a non-Free Open Source license (like IPfilter) - although those packages do have limited benefit to the community because of distribution restrictions. It's just that being able to change the source and recompile it of the utmost importance when dealing with software conflicts, bugs, and customization. And that's why I think these "powerpacks" are a bad idea - they're just a bunch of bloat, and they tie my hands as a sysadmin because I can't fix them when they break.
If I wanted to have a job where I had to wake up every day and tell my users, "sorry, that's just the way it works" or "I can't do anything about that", I would administer a bunch of Win2k boxes. But I run a cluster of Linux systems because I like the environment, and it helps me serve my employer and my users to the best of my ability. Nothing is impossible if the admin is willing to do a little hacking and recompiling. And that's why closed-source powerpacks are undermining all of the advantages that OSS has brought to the marketplace.
-sting3r
Hey AC-
Where did you guys work?
-sting3r
-sting3r
Does this fly in the face of the "innocent until proven guilty" policy? Definitely. But these new laws aren't there for the citizens' benefit - they're there for the snoops, and the snoops don't care if you're sent to jail for 20 years because you couldn't prove you weren't using PGP.
-sting3r
Oops. s/Visor/Handspring/
-sting3r
I really hate to say it, but I am not optimistic about Visor's chances of turning a profit anytime soon. Cheaper knockoffs are starting to chip away at their customer base, and much wealthier companies are taking over the high end with their CE devices.
-sting3r
Almost 5000 people are still missing, presumed dead (or buried without hope). That could have been any one of us, or our family members, friends, or co-workers. If it could happen in New York, it could happen anywhere in America. How can the ./ editors sit there and bitch about privacy and civil liberties (which pretty much don't exist in this country anyway) when five thousand people are dead? Who do they think they are, anyway? Obviously they have not felt the pain of losing a loved one to this senseless act.
We all need to face the fact that things are going to be different after this tragedy. We need to let our elected officials do what they need to do to make sure this never happens again. Because next time, it could be one of us in that jet or in that building. And you're not going to be thinking about giving criminals more rights anymore when they're about to crash the plane you're on.
-sting3r
Everyone who keeps complaining about the port 80 blocking needs to put the situation in perspective. (Yes I am one of them.) http is one of those "nice" Internet services that will easily run on any port, without changes to the client software. Try to do that with Windows SMB networking - you can't (easily) because the port range is hard-coded into the OS and can't be changed without much hacking. At least we have the option of simply changing our URLs to end with ":81" to solve the problem. And if you happen to be serving a domain off your cable modem and the :81 makes your URL look ugly... well, cable modems just weren't designed for serving domains anyway, so look for another provider.
If @home *really* wanted to be jerks, they could block incoming connections to your PC (except as required by ftp/irc clients). We agreed not to run servers so that's well within their rights. But they're not doing that and it's trivial to work around the port 80 block, so let's just be happy for what we have (and enjoy the newfound lack of Code Red sponsored congestion).
-sting3r
See what billg has up his sleeve
This was another excellent analysis and we trolls all appreciate your work immensely.
I've learned more from your posts than I've learned from reading Slashdot for the past two years. Keep up the good work.
-sting3r
(posting anonymously to preserve my precious karma)
The only legitimate argument in the article was that Lego might get a few support calls from users of alternative software. The way to deal with this is the same exact way that Tivo deals with upgrades, AMD deals with overclocking, and Maxtor deals with tinkerers: void the warranty if the user tampers with the equipment and something breaks. Simple.
--sting3r