How about the concept of pinning those cute penguin pins onto the shirts of young pretty girls who know nothing about Linux, and thereby get drafted to the cause. You should see what happens after a few guys explain the meaning of the penguin to the girl, ok, she's going to be a self-appointed expert soon, and there is just no other advertising space that can compete. (By the way, any lonely geeks out there, this *works* - take note.)
You know, this might actually work. Whenever girls have looked at one of my Linux mascot dolls or the picture of the Linux Logo on my credit card, the reaction is almost universally that the penguin is very cute. I can definitely see young pretty women wanting to wear a Linux penguin pin.
I think one of the major causes of this problem is that RedHat (and others) do not go to much effort to make their distribution secure. RedHat could be considerate and do the following:
No unneeded services running by default. This means, for example, there should not be a network service of lpd needed just so someone can print a file. Any services running should be services the user specifically asks for during the install.
The default version of X should not bind to port 6000-6020, or, in a default system, ports 6000-6020 should be ipchained off.
Programs with more than a given number of reports on Bugtraq should not be installed by default. What percent of new RedHat Linux users are going to actually run mh? Why does RedHat insist on having mh installed in the default install, despite the number of patches this has in a desperate attempt to make mh's suids not local root holes.
ftpd-BSD, IMHO, should be the default ftp server (my version a patch that makes the default umask something sane). If not ftpd-BSD, at least anything besides wu-ftpd.
Come September 20, RedHat will be able to make OpenSSH part of their distro. Hopefully, this will mean that they don't run telnet unless the user asks for it.
Little things like this would do much to make it so people just struggling to learn Linux and Unix don't have to worry about securing their systems at the same time.
There have been a few cases where someone uses a fake email address of "idonotlikespame@samiam.org" or "nospam@samiam.org". Rather annoying, because I like to have an "umbrella" email address, so I can get email from people who mistype my email address.
Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.
The proper way to make a "nospam" email address is to use "name@example.com", or if you can not do that, use an invalid ".gov", ".edu", or ".mil" domain, such as "compost.gov".
Spending your teen years learning programming is not something you will be thankful for when you are forty.
OK, I am not forty, merely in my late 20s. However, I can tell you this much--I make use of the fact I learned programming in my pre-teen and early teenager years almost every single day. If I did not learn programming during those years, I would probably be working in a grogery store today. Instead, I am doing very well in the computer industry here in San Francisco.
- Sam
Re:Some of these lock-ins may be unintentional
on
Web Site "Lock-In"
·
· Score: 1
The reason why www.disney.com is not in your history after the redirect is because they perform what is known as a 302 redirect instead of a refresh meta tag.
A 302 redirect is faster and more efficient than a refresh meta tag, but has the disadvantage that it can't be part of an HTML document. [1]
Many web designers preview their web page by vieing it as file:/// links on their own personal computer before uploading the web page. When this kind of preview is performed, the only redirection that works is a META tag refresh. In addition, a META tag refresh does not need special cgi, php, or other scripting to work.
While, in the ideal world, all redirects would be 302 redirects that do not currupt the browser history, there are a number of reasons this will not happen any time soon.
- Sam
[1] It can be part of an HTML document if php3 is enabled.
Some of these lock-ins may be unintentional
on
Web Site "Lock-In"
·
· Score: 3
Something to keep in mind is that sometimes these lock-ins are unintentional. For example, people may, to make web site updating easier, place all of the web documents in a sub directory, and have the front page be a redirecton to the actual front page of their web site.
Clumsy designs may have multiple redirects, the same way clumsy UNIX sysadmins may sometimes have a chain of symbolic links eventually pointing to a file.
The real solution is the reponsibility of the web browser designers--pages that have refresh meta tags should not be part of the browser's history, unless user-enabled.
I am not going to get in to the javascript games, since I, for security reasons, have Javascript siabled on my browser. Don't get me started on pages that need Javascript enabled to be browsed.
As bad as the Microsoft dominance is, I feel that things would have been a lot worse off if Steve Jobs won the "Look and feel" lawsuits. Programs like KDE (looks and feels like CDE, MacOS, and Windows), Gimp (looks and feels like Photoshop), Gnumeric (looks and feels like Lotus/Excel), and in fact Linux itself (looks and feels like UNIX) would be destroyed by "Look and feel" lawsuits.
The free BSDs would almost certaintly been killed by AT&T performing a "Look and Feel" lawsuit against BSD. AT&T tried unscucesfully to destroy the free BSDs by claiming they had copyrighted UNIX code--imagine how much stronger a "look and feel" lawsuit would have been.
If Microsoft was stillborn, it is very possible that PCs would not have the success that they have today, and the dominant computer would be overpriced, proprietary Macintoshes. It would be difficult, if not impossible, to port Linux or another free OS to this platform. People would pay more for a lesser computer.
As bad as the Microsoft dominance is, it could have been a lot worse.
I find myself in the strange position of defending Solaris, being a long-time Linux user who is just starting to really learn Solaris at my current job, and still considers Linux superior in many ways.
With Linux running on pretty much all of the commodity hardware these days (not as much as NetBSD, though, I think), I think it stands to become the standard Unix.
I agree that Linux will eventually overtake solaris. However, there are a number of areas where Linux is still playing catch up compared to Solaris:
Solaris scales better. Mainly becuase its SMP performance is better than Linux's.
Solaris threads better. Last time I looked, Linux could not properly do core dumps with a multithreaded process.
Solaris has kernel crash dumps. Linux's kernel crash dumps are not ready for prime time. In other words, you can find out exactly why Solaris crashed.
Excellent support. Just in case you are not a Solaris kernel guru, you can call up Sun and they can get someone who can tell you why your Solaris box crashed. Sort of like getting Linus Torvalds on the phone after your Linux kernel crashed.
Solaris has better NFS support. To put it mildly.
Solaris has a much bigger mindshare among the corporate suits. In fact, I had a hell of a time getting a job as a UNIX sys admin because Solaris people do not consider Linux sys admin experience real UNIX experience.
I notice that Solaris people often have had little or no exposure to Linux--a lot of people go to college see a lot of Solaris and very little Linux. I am amazed at the number of Solaris people who don't know their head form a hole in the ground when it comes to Linux.
I believe that Linux will eventually overtake Solaris, especially with SGI, IBM, and soon SCO backing it, but Linux is not there. Yet.
One security weakness I see is that an attacker can keep track of the pad database, keeping a note of the dates all pads are added to the database. This way, they can determine the location of at least one 'guilty' pad--the most recently uploaded pad in a set of pads contining undesirable material.
With this attack in mind, I really don't see what these pads give us that the traditional cypherpunk techniques, such as the anonymous mailers, freenet, etc. don't give us.
When choosing a crypto system to use, I make the following considerations:
The algorithm has to be free and unencumbered by patents. The ElGamal public key algorithm is an example of an unencumbered algorithm, but it did not become unencumbered until the DH patent expired in 1997. The symmetric key algorithm Blowfish is the first unencumbered post-DES algorithm that people believe is secure, which is why it is so popular.
The algorithm has to feel secure. This is way people stull use 3DES, even though it is far slower than Blowfish and most of the other new SK algorithms at the block cipher lounge and the AES candidates.
The algorithm has to, once it meets the above two criteria, be efficient. Blowfish has an inefficient key generation cycle, but is otherwise efficient. Rijndael is the most efficient of the AES candidates.
One thing people can do is use a cryptosystem instead of a single algorithm. This makes implememtation much easier, since people don't need to become familiar with Applied Cryptography and the literature on crypto. This is why people like SSL--it is free outside of the US, and will become free in the US on September 20th, and is a complete system belived to be secure.
One of the nice things about crypto research is that most of the research papers out there are freely available on the internet.
Obviously, turn off all unneeded network services in/etc/inetd.conf and (usually)/etc/rc.d/rc3.d. You can see what services are running on your machine with netstat -na.
For a UNIX that is free and (hopefully) secure out of the box, check out OpenBSD or Trustix.
The advantage of an open-source solution is that we have greater control over our systems, and can better optimize our systems for security.
Can you say "prior art". I thought you could. Lets look at the abstract for this patent, dated, oh, from 1996:
A local host computing system, a remote host computing system as connected by a network, and service functionalities
Telnet, telnetd, and the DARPA ARPANet, circa 1981.
a human interface service functionality,
That would be the telnet client
a starter service functionality,
The negotitation that happens at the beginning of telnet session to determine your terminal type
and a desired utility service functionality,
Such as remote access to the UNIX or VMS commands on that other machine on the DARPA ARPANet
and a Client-Server-Service (CSS) model is imposed on each service functionality.
Telnet won't much work if without a telnet client, a telnetd server, and both being compatible with the appropriate RFCs. Come to think of it, I think the RFCs would be the place to find prior art.
The real developer of QDOS, Tim Paterson, has a web page. He worked for Microsoft on and off in the 80s and pretty much continously for them in the 90s.
A look at his page shows that is is pretty much still a Microsoft shill.
Judging by the posts here, with people talking about trading movies, etc., I think we can safely state that a large number of Slashdot people are NOT using DeCSS to view DVDs on Linux, but are using it to trade (read: pirate) movies. So much for the "It is impractical to pirate DVDs, DeCSS doesn't make pirating any easier" arguments. This "DivX" standard (which has as little to do with the GNU vision or free software as does the tea in China) blows those arguments in to the water.
The thing that most disturbs me is that I feel a certain sense of dishonesty from the slashdot crowd. On the one hand, the Linux community on Slashdot rightly decries the repression of DeCSS, pointing out that it should be OK for open-source operating systems to view DVD content. On the other hand, we get a community of Slashdot posters who give the RIAA plenty of evidence that DeCSS is not being used for just Linux interoperability.
I think it is very difficult for groups like OpenDVD.org and what not to make a case for allowing DeCSS to exist in a climate with posts like this:
The DivX codec & widespread use of it is actually fairly new. I heard about it about a month ago, and went on IRC to try to find one to see what it was all about. There were only about 8 people trading them in the divx channels. It's becoming much more prevalent, and in about two months, you'll be able to find 'em just about anywhere. I get mine off gnutella now, altho it takes a week or so per movie cuz nobody seems to leave their computer up continuosly on gnutella.
The DivX codec is actually extremely good. But it is only as good as the person who ripped the DVD.
near perfect DVD rips onto a single CD.
I've seen full length movies compressed into 660 megs with the Divx codec and they look nearly as good as DVDs, very impressive; looks like VCDs are on their way out
A popular use for the DivX codec is bootlegging DVDs or other movies.
I fully expect to be moderated down for not taking the Slashdot party line on this issue. If people want to support DeCSS because it allows them to copy DVDs, I think Slashdot should stop the dishonesty and flat out tell the press and others that they don't feel the MPAA, RIAA, and others should do anything to stop widespread copying of their intelectual property. Perhaps Slashdot should use the VCR argument and other similar arguments. But please don't try BSing people by only mentioning the "Linux Interoperability" argument when programs like DeCSS face court challenges.
The QT toolkit will allow you to use the same toolkit for the graphical elements in both the Linux and the Windows environment. This will make porting between Windows and Linux much easier.
The posting was a troll because it was high on emotion and low on fact. It was bringing up issues designed to deliberately enrage Linux advocates. In other words, if it was not moderated down, it would lower the quality of discussion here on Slashdot. Plain simply, it was a troll.
First of all, I am disgusted with the number of idiots who have this notion that Linux can do no wrong who respond to ligitimate criticism of the certification process by getting all emotional.
That said, if you are in the Silicon Valley area, you do not need to fly to N.C. to get certified. You do need to take the one week coursework before taking the test, yes, where you can get away with just taking the test if you go to N.C., but besides that the prices are comparable.
As for the other points, we are looking at economies of scale here. As more and more people get certified, the certification process will cost less and less. Give it time. Until then, consultants have an edge because, as other posters have correctly pointed out, a RedHat certificate is more valuable than a MCSE. This edge is easily worth the time and expense of getting the certificate.
With his level of competence, he would be hired again making more money before tea-time was over. You would probably be begging on your knees to have him work for you again within a week.
As for the people who think he is lying about the NT admin seeing the server in its improved state: There are many possible situtations where the old NT admin may come back to the job site months after leaving the job.
For example, they may have needed him on a consultancy basis because some other NT box on the netowrk took a shit.
It is very common, in the gamer culture, for people to release mods and what not without releasing the source to those mods. It seems that a lot of people are bashful about releasing source, or that people are so used to closed-source applications, they think being closed-source is perfectly normal.
This is bad for the gaming community, since some important mods have been lost on more than one occasion when people's hard disks crashed. In addition, it means that the community can not add to other people's cool mods.
I once had a gig where I had to look at 100 pages of Visual Basic code with all of 10 comments. Talk about unreadable. It is possible for beginner programmers to make VB code that is pure spagetti.
Most of the Perl code I have seen is pretty reasonable. The only time I wrote a piece of unmaintainable Perl code was when I had a program that was initially simple and to the point. Then the PHBs wanted to change it. Again. Then again. Before I was done messing with that code, I was naming variables after girls I knew. I finally flatly told them I would not make any more changes to the code, but it was a pure mess by this time.
Slashdot Mirror
Python has some features that Visual Basic does not have.
- Sam
You know, this might actually work. Whenever girls have looked at one of my Linux mascot dolls or the picture of the Linux Logo on my credit card, the reaction is almost universally that the penguin is very cute. I can definitely see young pretty women wanting to wear a Linux penguin pin.
Speaking of which, where can one get Tux pins?
- Sam
I think one of the major causes of this problem is that RedHat (and others) do not go to much effort to make their distribution secure. RedHat could be considerate and do the following:
- No unneeded services running by default. This means, for example, there should not be a network service of lpd needed just so someone can print a file. Any services running should be services the user specifically asks for during the install.
- The default version of X should not bind to port 6000-6020, or, in a default system, ports 6000-6020 should be ipchained off.
- Programs with more than a given number of reports on Bugtraq should not be installed by default. What percent of new RedHat Linux users are going to actually run mh? Why does RedHat insist on having mh installed in the default install, despite the number of patches this has in a desperate attempt to make mh's suids not local root holes.
- ftpd-BSD, IMHO, should be the default ftp server (my version a patch that makes the default umask something sane). If not ftpd-BSD, at least anything besides wu-ftpd.
- Come September 20, RedHat will be able to make OpenSSH part of their distro. Hopefully, this will mean that they don't run telnet unless the user asks for it.
Little things like this would do much to make it so people just struggling to learn Linux and Unix don't have to worry about securing their systems at the same time.- Sam
Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.
The proper way to make a "nospam" email address is to use "name@example.com", or if you can not do that, use an invalid ".gov", ".edu", or ".mil" domain, such as "compost.gov".
- Sam
OK, I am not forty, merely in my late 20s. However, I can tell you this much--I make use of the fact I learned programming in my pre-teen and early teenager years almost every single day. If I did not learn programming during those years, I would probably be working in a grogery store today. Instead, I am doing very well in the computer industry here in San Francisco.
- Sam
A 302 redirect is faster and more efficient than a refresh meta tag, but has the disadvantage that it can't be part of an HTML document. [1]
Many web designers preview their web page by vieing it as file:/// links on their own personal computer before uploading the web page. When this kind of preview is performed, the only redirection that works is a META tag refresh. In addition, a META tag refresh does not need special cgi, php, or other scripting to work.
While, in the ideal world, all redirects would be 302 redirects that do not currupt the browser history, there are a number of reasons this will not happen any time soon.
- Sam
[1] It can be part of an HTML document if php3 is enabled.
Clumsy designs may have multiple redirects, the same way clumsy UNIX sysadmins may sometimes have a chain of symbolic links eventually pointing to a file.
The real solution is the reponsibility of the web browser designers--pages that have refresh meta tags should not be part of the browser's history, unless user-enabled.
I am not going to get in to the javascript games, since I, for security reasons, have Javascript siabled on my browser. Don't get me started on pages that need Javascript enabled to be browsed.
- Sam
The free BSDs would almost certaintly been killed by AT&T performing a "Look and Feel" lawsuit against BSD. AT&T tried unscucesfully to destroy the free BSDs by claiming they had copyrighted UNIX code--imagine how much stronger a "look and feel" lawsuit would have been.
If Microsoft was stillborn, it is very possible that PCs would not have the success that they have today, and the dominant computer would be overpriced, proprietary Macintoshes. It would be difficult, if not impossible, to port Linux or another free OS to this platform. People would pay more for a lesser computer.
As bad as the Microsoft dominance is, it could have been a lot worse.
- Sam
- Solaris scales better. Mainly becuase its SMP performance is better than Linux's.
- Solaris threads better. Last time I looked, Linux could not properly do core dumps with a multithreaded process.
- Solaris has kernel crash dumps. Linux's kernel crash dumps are not ready for prime time. In other words, you can find out exactly why Solaris crashed.
- Excellent support. Just in case you are not a Solaris kernel guru, you can call up Sun and they can get someone who can tell you why your Solaris box crashed. Sort of like getting Linus Torvalds on the phone after your Linux kernel crashed.
- Solaris has better NFS support. To put it mildly.
- Solaris has a much bigger mindshare among the corporate suits. In fact, I had a hell of a time getting a job as a UNIX sys admin because Solaris people do not consider Linux sys admin experience real UNIX experience.
- Solaris is well documented. With Linux, often times the source code is the only documentation you get.
I notice that Solaris people often have had little or no exposure to Linux--a lot of people go to college see a lot of Solaris and very little Linux. I am amazed at the number of Solaris people who don't know their head form a hole in the ground when it comes to Linux.I believe that Linux will eventually overtake Solaris, especially with SGI, IBM, and soon SCO backing it, but Linux is not there. Yet.
- Sam
With this attack in mind, I really don't see what these pads give us that the traditional cypherpunk techniques, such as the anonymous mailers, freenet, etc. don't give us.
- Sam
One thing people can do is use a cryptosystem instead of a single algorithm. This makes implememtation much easier, since people don't need to become familiar with Applied Cryptography and the literature on crypto. This is why people like SSL--it is free outside of the US, and will become free in the US on September 20th, and is a complete system belived to be secure.
One of the nice things about crypto research is that most of the research papers out there are freely available on the internet.
- Sam
- Use qmail or postfix instead of Sendamil.
- Make sure you have all security patches for your system installed. Redhat users, for example, can find those patches here.
- Linux users can read Linux weekly news for security updates.
- Manage your SUIDs. Make sure you keep a close eye on all your suids. For example, I use this script to put all my suid in the directory
/suid/bin:
- Obviously, turn off all unneeded network services in
/etc/inetd.conf and (usually) /etc/rc.d/rc3.d. You can see what services are running on your machine with netstat -na. - For a UNIX that is free and (hopefully) secure out of the box, check out OpenBSD or Trustix.
The advantage of an open-source solution is that we have greater control over our systems, and can better optimize our systems for security.#!/bin/sh
/root/suids
/root/suids` ; do
find / -type f -perm +6000 >
for a in `cat
done
- Sam
A local host computing system, a remote host computing system as connected by a network, and service functionalities
Telnet, telnetd, and the DARPA ARPANet, circa 1981.
a human interface service functionality,
That would be the telnet client
a starter service functionality,
The negotitation that happens at the beginning of telnet session to determine your terminal type
and a desired utility service functionality,
Such as remote access to the UNIX or VMS commands on that other machine on the DARPA ARPANet
and a Client-Server-Service (CSS) model is imposed on each service functionality.
Telnet won't much work if without a telnet client, a telnetd server, and both being compatible with the appropriate RFCs. Come to think of it, I think the RFCs would be the place to find prior art.
- Sam
A look at his page shows that is is pretty much still a Microsoft shill.
- Sam
Judging by the posts here, with people talking about trading movies, etc., I think we can safely state that a large number of Slashdot people are NOT using DeCSS to view DVDs on Linux, but are using it to trade (read: pirate) movies. So much for the "It is impractical to pirate DVDs, DeCSS doesn't make pirating any easier" arguments. This "DivX" standard (which has as little to do with the GNU vision or free software as does the tea in China) blows those arguments in to the water.
The thing that most disturbs me is that I feel a certain sense of dishonesty from the slashdot crowd. On the one hand, the Linux community on Slashdot rightly decries the repression of DeCSS, pointing out that it should be OK for open-source operating systems to view DVD content. On the other hand, we get a community of Slashdot posters who give the RIAA plenty of evidence that DeCSS is not being used for just Linux interoperability.
I think it is very difficult for groups like OpenDVD.org and what not to make a case for allowing DeCSS to exist in a climate with posts like this:
I fully expect to be moderated down for not taking the Slashdot party line on this issue. If people want to support DeCSS because it allows them to copy DVDs, I think Slashdot should stop the dishonesty and flat out tell the press and others that they don't feel the MPAA, RIAA, and others should do anything to stop widespread copying of their intelectual property. Perhaps Slashdot should use the VCR argument and other similar arguments. But please don't try BSing people by only mentioning the "Linux Interoperability" argument when programs like DeCSS face court challenges.
- Sam
- Sam
- Sam
- Sam
First of all, I am disgusted with the number of idiots who have this notion that Linux can do no wrong who respond to ligitimate criticism of the certification process by getting all emotional.
That said, if you are in the Silicon Valley area, you do not need to fly to N.C. to get certified. You do need to take the one week coursework before taking the test, yes, where you can get away with just taking the test if you go to N.C., but besides that the prices are comparable.
As for the other points, we are looking at economies of scale here. As more and more people get certified, the certification process will cost less and less. Give it time. Until then, consultants have an edge because, as other posters have correctly pointed out, a RedHat certificate is more valuable than a MCSE. This edge is easily worth the time and expense of getting the certificate.
- Sam
As for the people who think he is lying about the NT admin seeing the server in its improved state: There are many possible situtations where the old NT admin may come back to the job site months after leaving the job.
For example, they may have needed him on a consultancy basis because some other NT box on the netowrk took a shit.
- Sam
This is bad for the gaming community, since some important mods have been lost on more than one occasion when people's hard disks crashed. In addition, it means that the community can not add to other people's cool mods.
- Sam
- Sam
I find it ironic that both of these interfaces are considered new, since they are essentially reinventions of the UNIX 'write' and 'talk' commands.
- Sam (who remembers doing all-night USENET sessions on a UNIX box and having one of my buddies on the same system 'write' me.)
Most of the Perl code I have seen is pretty reasonable. The only time I wrote a piece of unmaintainable Perl code was when I had a program that was initially simple and to the point. Then the PHBs wanted to change it. Again. Then again. Before I was done messing with that code, I was naming variables after girls I knew. I finally flatly told them I would not make any more changes to the code, but it was a pure mess by this time.
- Sam