Now if someone could fully animate the KMFMS logo, I'd *love* to see how this ends!! Kinda like the cover from the greatest punk album of all time, Big Black's "The Hammer Party".
Open **source** DB2? I hardly think so. You mean port. That was the app that got me to switch from slackware to RH. I work for big blue so the media costs me nothing.. some of the DB2 licenses start at $30k.. they did not open source DB2. They ported it.
IBM wouldn't float a distro primarily to keep Oracle's Linux compatibility alive and well. IBM and Oracle have always been in a huge database war. Now to float SuSe's s/390 distro, now THAT'S a reason.
Back in the earliest posting about this on/., the technology was described as resembling a sugarcube, installed inside the keyboard. It stored keystrokes for later retrieval. The agents would return, park a few blocks away, and retrieve the contents remotely via rf. The article said you would have to weigh the keyboard and detect tiny fractions of an ounce to notice the added weight.
No software keyloggers here. Also, it has nothing to do with defeating PGP because the documents and outbound emails were retrieved as plaintext key sequences directly from the keyboard. They said that sure, they caught the passphrases in the key sequences, but they're useless without the private key and they didn't need to decrypt anything anyway.
I work at IBM e-business, and while there's a huge push for us to incorporate Linux into our e-business solutions, I don't see an IBM distro coming out any time soon. On the surface, my first impression is that this is due to financial reasons.
Some may suggest redeploying the OS/2 developers to a Linux group. I'm not in a position to know, but I tend to think that the company feels that Linux is doing fine by itself, is happy with the relatively few (open source) contributions they are making, and are more than happy to sell consulting services and their own closed source applications for the platform.
I don't think there are so many problems with Linux that someone needs to start over with it. I think the company will be happy to continue porting Linux to all its hardware platforms as well as porting all its server software to Linux.
I hope that Lotus surprises the Linux world by releasing Smartsuite for Linux, and soon!
O'Reilly's "Stopping Spam" features a Procmail recipe that institutes an "approved sender" list. In order to get through, a sender will need to send you just one email with your custom keyword on the subject line. Until that email is received, procmail replies to emails with instructions on becoming an "approved sender".
Spammers usually forge a return address, and also forge a different return address for each mass mailing. They never get your instructions, and their mail never gets through.
You can get it here. Also, you should check your full headers ('h' in pine) and see if your mail host is doing blacklist checking. You'll notice an X-Spam-Warning near the end of the headers if the email was delivered to your mail server from a machine known to not protect against spam. A procmail recipe to throw those out would be easy. Any takers?
I just downloaded an AliceBot to run on my laptop yesterday, first to see if I can get it to talk XML RPC or SOAP to my home automation server running Misterhouse, and second to see if I could turn it into a level 1 tech support agent for the TOTALLY inane questions that cripple the daily operations of my client's help desk.
First thing I have to do is whittle down AliceBot's knowledge base from over 27,000 categories to just a few. First, how to get the weather report. Next, how to read Slashdot, and finally, the rest of home automation.
We're in agreement, I was being fecetious in that she thinks her ex actually left oklahoma to go all the way to Florida just to do construction work, as if there's absolutely no construction work to be had between Oklahoma City and Tampa. It was adding to the ridiculous nature of the fact that she thought the guy in Tampa was *her* "no good ex-husband".
Second, that FUD about service packs re-breaking the OS is just garbage. Please give me ONE example, JUST ONE, of a service pack opening up new holes for ANY WINDOWS OS, 3.1 and up. You can't because you are a paid basher talking out of your ass.
You deny Service Packs breaking the OS and then ask for an example of one "opening a hole". I don't have an example of a Service Pack that "opened a hole", but Service Pack 6 broke TCP/IP on NTWS and NT Server such that only users who were logged in with **admin** privileges could use TCP/IP. Imagine being 5,000 users into an automated 10,000 user upgrade when you find out that none of the regular employees can access their email anymore.
If you suggest putting the 10,000 users in the Domain Admin group to get around this, then you are as fucking stupid as you sound.
As an employee of IBM e-business, I am *extremely* glad to see this development. I joined IBM a year ago so I could do exactly that kind of work. Now I'm expecting to start working on a project developing a Linux-based enterprise network supportng an eventual 250,000 wireless webpad users at hundreds of locations.
In case anyone is wondering, the new mainframes are not the room-sized behemoths of old. If anyone has visited IBM at a recent LinuxWorld Expo, they would have seen one of the new z900's running hundreds or thousands of copies of Linux in a single 19" rack.
To facilitate learning how to do just this, I managed to track down one of the company's "mainframe-in-a-server" training units. It's called a P390, and it's a standard-sized OS/2 server with a real S/390 chip on an expansion card. I should expect to be able to run about 5 concurrent copies of Linux, however, not thousands:) Although it is cool winning the "toy contest" among my friends by saving the "I have a mainframe at home" for last.
And finally, IBM is giving out free virtual machines on a mainframe. Visit www.ibm.com/linux for more information.
CR-2 does not infect NT4. It uses a Win2k-specific API call which crashes NT boxes, but does not infect them. That may be only for the installation of CR-II's back door. If the box crashes, it gets rebooted and uninfected.
Mozilla does not recognize the Certificate Authority that issued this certificate.
When you run any SSL server and sign your own certificates, you will always pop up the security warning stating that the server is issuing a certificate signed by an untrusted authority.
That behavior is normal when rolling your own SSL. You can learn how to generate a CA Certificate and teach your users how to import the CA Certificate.
Lets assume that, unless proven otherwise, all people are law abiding.
Sounds like you've never lived in a city. Or you're a Christian Fundamentalist. Or both. You're already naive, that's for sure.
Have you ever seen women carrying their purses with the straps on the opposite shoulder? How about women that turn their engagement rings over when walking alone? How about guys who move their wallets from their back pockets to the front before getting on the subway?
You have to assume that if someone bumps you in New York, they just tried to steal something right off your body. Although your idea of "there are no criminals on the street anymore" may hold up in the sticks where the woman that caused this whole problem came from.
Now cops with no understanding of software failability are being given buggy software and the ability to drag people off at gunpoint based on its output
Holy cow. You started out by misunderstanding the article and then went way off the deep end. The software did not misidentify the man. A flaky single mom from the 2nd most boring place in the country read a national rag and thought she recognized her ex (who left her so he could become a construction worker in Florida). This has NOTHING to do with "flaky software" and it certainly has nothing to do with people getting dragged off at gunpoint by "the Man".
Holy shit. There are paranoid people here, who exaggerate to make a point.. every damn day.
I assume she recognized him right after Elvis gave her a haircut on a UFO
EXACTLY. I wanted to see how far down I needed to scroll before I found someone with a bit of reason. Some half-baked woman in Oklahoma sees a guy's face in USN&WR and *swears* it's her ex-husband? I'm surprised they only got one call!
I personally don't have a problem with the Face Scanning system. If they want to surgically remove wanted criminals from the streets, let 'em. They'll walk right past me. And please, people, this was a *human* who misidentified the man, not the system.
Code Red and Sadmind/IIS does not use the same vulnerability
The poster was not referring to the type of attack. He was referring to the back door that only CR-II installs on the victim server. CR-II does indeed install the same back door that Sadmind installed.. that is, copying cmd.exe to %iisroot/scripts as root.exe.
IANAL,BMSI (But my sister is - Stanford Law, at that!)
So I asked her if MS could be sued due to the poor quality of their software, and the millions of dollars spent restoring businesses to normal operations. She said that they absolutely cannot be sued for the resulting conditions based upon misuse of their product. Same goes for any product manufacturers.. gun, automobile, kitchen knives, whatever.
They would have to continue to produce software that was known to contain bugs and major security risks, and here's the key: never release any updates or patches to try to resolve the situation. You have to admit, they've release tons of patches this year alone. They *are* trying to resolve problems as they come up. At least a little bit.
Just so you know, I got a professionally packaged (i.e. not just a burn) 7.1 CD kit in my RHCE class the first week of June.. it certainly didn't come out last month..
and all sane distros, Red Hat inclusive, don't install network-listening deamons by default, but rather a firewall
I know I've posted this before, but one big thing I love about RH71 is that when the install script modifies the sendmail.cf for a workstation install, it either intentionally leaves out or deletes the line that's required in order to make sendmail bind a listener to the network card.
It's perfect for pointing your MUA to localhost for mail handling without having to check sendmail every day to see if they released a 8.25.72 because of a major vulnerability in 8.25.71!!
I'm sorry but that was just an awesome bit of thinking.
how about this gnutella hack having built-in support for tcp bounces.. servers will find IPs of other servers in their logs.. the bounce servers won't log bounce traffic.. it'll be just like how NAT works today..
hey I got it.. the gnutella peers find themselves based on detected probes!! they don't even have to look for each other.. they automatically announce!
now if we could just select a port and community string..
Zone alarm is going crazy reporting attacks to different ports. What gives I thought this was a port 80 thing?
I was wondering the same thing when looking at my snort firewall logs.. I figured it out when I decided to pull up a web page off of one of the IP's "attacking" on a high port -- Slashdot came up!
Your firewall is only looking for the signature of the attack to come across the wire. Yours, like mine, is not differentiating between which port the payload is destined for on your machine. It sees the attack sequence come in on a web page, and its been posted plenty of times, and your firewall points it out. Can any snort gurus tell us what to change to make it only look for the payload coming in on port 80?
I guess you never ran a PPP server. You absolutely can assign a static IP to an individual username. In PPP, the original identifying token was actually the computer name. the -name parameter used in the pppd command line actually means "pretend your computer name is:", not "use this username:"
Just the same as how DHCP can allocate a fixed IP to a machine, so can PPP.
Slashdot Mirror
Now if someone could fully animate the KMFMS logo, I'd *love* to see how this ends!! Kinda like the cover from the greatest punk album of all time, Big Black's "The Hammer Party".
Open **source** DB2? I hardly think so. You mean port. That was the app that got me to switch from slackware to RH. I work for big blue so the media costs me nothing.. some of the DB2 licenses start at $30k.. they did not open source DB2. They ported it.
IBM wouldn't float a distro primarily to keep Oracle's Linux compatibility alive and well. IBM and Oracle have always been in a huge database war. Now to float SuSe's s/390 distro, now THAT'S a reason.
Back in the earliest posting about this on /., the technology was described as resembling a sugarcube, installed inside the keyboard. It stored keystrokes for later retrieval. The agents would return, park a few blocks away, and retrieve the contents remotely via rf. The article said you would have to weigh the keyboard and detect tiny fractions of an ounce to notice the added weight.
No software keyloggers here. Also, it has nothing to do with defeating PGP because the documents and outbound emails were retrieved as plaintext key sequences directly from the keyboard. They said that sure, they caught the passphrases in the key sequences, but they're useless without the private key and they didn't need to decrypt anything anyway.
Of course, for those who know what I'm talking about, the Sash WDK is kinda cool. :)
:)
I tried out the Sash Jabber, but it was really raw, and the daily updates never seemed to do anything to the executable!
I work at IBM e-business, and while there's a huge push for us to incorporate Linux into our e-business solutions, I don't see an IBM distro coming out any time soon. On the surface, my first impression is that this is due to financial reasons.
Some may suggest redeploying the OS/2 developers to a Linux group. I'm not in a position to know, but I tend to think that the company feels that Linux is doing fine by itself, is happy with the relatively few (open source) contributions they are making, and are more than happy to sell consulting services and their own closed source applications for the platform.
I don't think there are so many problems with Linux that someone needs to start over with it. I think the company will be happy to continue porting Linux to all its hardware platforms as well as porting all its server software to Linux.
I hope that Lotus surprises the Linux world by releasing Smartsuite for Linux, and soon!
Procmail is awesome for filtering spam.
O'Reilly's "Stopping Spam" features a Procmail recipe that institutes an "approved sender" list. In order to get through, a sender will need to send you just one email with your custom keyword on the subject line. Until that email is received, procmail replies to emails with instructions on becoming an "approved sender".
Spammers usually forge a return address, and also forge a different return address for each mass mailing. They never get your instructions, and their mail never gets through.
You can get it here. Also, you should check your full headers ('h' in pine) and see if your mail host is doing blacklist checking. You'll notice an X-Spam-Warning near the end of the headers if the email was delivered to your mail server from a machine known to not protect against spam. A procmail recipe to throw those out would be easy. Any takers?
I just downloaded an AliceBot to run on my laptop yesterday, first to see if I can get it to talk XML RPC or SOAP to my home automation server running Misterhouse, and second to see if I could turn it into a level 1 tech support agent for the TOTALLY inane questions that cripple the daily operations of my client's help desk.
First thing I have to do is whittle down AliceBot's knowledge base from over 27,000 categories to just a few. First, how to get the weather report. Next, how to read Slashdot, and finally, the rest of home automation.
We're in agreement, I was being fecetious in that she thinks her ex actually left oklahoma to go all the way to Florida just to do construction work, as if there's absolutely no construction work to be had between Oklahoma City and Tampa. It was adding to the ridiculous nature of the fact that she thought the guy in Tampa was *her* "no good ex-husband".
Second, that FUD about service packs re-breaking the OS is just garbage. Please give me ONE example, JUST ONE, of a service pack opening up new holes for ANY WINDOWS OS, 3.1 and up. You can't because you are a paid basher talking out of your ass.
You deny Service Packs breaking the OS and then ask for an example of one "opening a hole". I don't have an example of a Service Pack that "opened a hole", but Service Pack 6 broke TCP/IP on NTWS and NT Server such that only users who were logged in with **admin** privileges could use TCP/IP. Imagine being 5,000 users into an automated 10,000 user upgrade when you find out that none of the regular employees can access their email anymore.
If you suggest putting the 10,000 users in the Domain Admin group to get around this, then you are as fucking stupid as you sound.
I patched and rebuilt, and I'm having unresolved symbols errors while loading the apm module on a Thinkpad 570.
/lib/modules/2.4.8 and make modules_install and even copying System.map to /boot/System.map-2.4.8 all to no avail.
I've tried rm -rf
Anyone else getting this?
As an employee of IBM e-business, I am *extremely* glad to see this development. I joined IBM a year ago so I could do exactly that kind of work. Now I'm expecting to start working on a project developing a Linux-based enterprise network supportng an eventual 250,000 wireless webpad users at hundreds of locations.
:) Although it is cool winning the "toy contest" among my friends by saving the "I have a mainframe at home" for last.
In case anyone is wondering, the new mainframes are not the room-sized behemoths of old. If anyone has visited IBM at a recent LinuxWorld Expo, they would have seen one of the new z900's running hundreds or thousands of copies of Linux in a single 19" rack.
To facilitate learning how to do just this, I managed to track down one of the company's "mainframe-in-a-server" training units. It's called a P390, and it's a standard-sized OS/2 server with a real S/390 chip on an expansion card. I should expect to be able to run about 5 concurrent copies of Linux, however, not thousands
And finally, IBM is giving out free virtual machines on a mainframe. Visit www.ibm.com/linux for more information.
so yes, NT 4 can be easily infected
CR-2 does not infect NT4. It uses a Win2k-specific API call which crashes NT boxes, but does not infect them. That may be only for the installation of CR-II's back door. If the box crashes, it gets rebooted and uninfected.
Mozilla does not recognize the Certificate Authority that issued this certificate.
When you run any SSL server and sign your own certificates, you will always pop up the security warning stating that the server is issuing a certificate signed by an untrusted authority.
That behavior is normal when rolling your own SSL. You can learn how to generate a CA Certificate and teach your users how to import the CA Certificate.
Lets assume that, unless proven otherwise, all people are law abiding.
Sounds like you've never lived in a city. Or you're a Christian Fundamentalist. Or both. You're already naive, that's for sure.
Have you ever seen women carrying their purses with the straps on the opposite shoulder? How about women that turn their engagement rings over when walking alone? How about guys who move their wallets from their back pockets to the front before getting on the subway?
You have to assume that if someone bumps you in New York, they just tried to steal something right off your body. Although your idea of "there are no criminals on the street anymore" may hold up in the sticks where the woman that caused this whole problem came from.
Now cops with no understanding of software failability are being given buggy software and the ability to drag people off at gunpoint based on its output
Holy cow. You started out by misunderstanding the article and then went way off the deep end. The software did not misidentify the man. A flaky single mom from the 2nd most boring place in the country read a national rag and thought she recognized her ex (who left her so he could become a construction worker in Florida). This has NOTHING to do with "flaky software" and it certainly has nothing to do with people getting dragged off at gunpoint by "the Man".
Holy shit. There are paranoid people here, who exaggerate to make a point.. every damn day.
I assume she recognized him right after Elvis gave her a haircut on a UFO
EXACTLY. I wanted to see how far down I needed to scroll before I found someone with a bit of reason. Some half-baked woman in Oklahoma sees a guy's face in USN&WR and *swears* it's her ex-husband? I'm surprised they only got one call!
I personally don't have a problem with the Face Scanning system. If they want to surgically remove wanted criminals from the streets, let 'em. They'll walk right past me. And please, people, this was a *human* who misidentified the man, not the system.
YASP. Yet Another Sensationalistic Posting.
Code Red and Sadmind/IIS does not use the same vulnerability
The poster was not referring to the type of attack. He was referring to the back door that only CR-II installs on the victim server. CR-II does indeed install the same back door that Sadmind installed.. that is, copying cmd.exe to %iisroot/scripts as root.exe.
IANAL,BMSI (But my sister is - Stanford Law, at that!)
So I asked her if MS could be sued due to the poor quality of their software, and the millions of dollars spent restoring businesses to normal operations. She said that they absolutely cannot be sued for the resulting conditions based upon misuse of their product. Same goes for any product manufacturers.. gun, automobile, kitchen knives, whatever.
They would have to continue to produce software that was known to contain bugs and major security risks, and here's the key: never release any updates or patches to try to resolve the situation. You have to admit, they've release tons of patches this year alone. They *are* trying to resolve problems as they come up. At least a little bit.
Oh. SPARC. Sorry.
What? No takebacks? Oh crap.
Just so you know, I got a professionally packaged (i.e. not just a burn) 7.1 CD kit in my RHCE class the first week of June.. it certainly didn't come out last month..
and all sane distros, Red Hat inclusive, don't install network-listening deamons by default, but rather a firewall
I know I've posted this before, but one big thing I love about RH71 is that when the install script modifies the sendmail.cf for a workstation install, it either intentionally leaves out or deletes the line that's required in order to make sendmail bind a listener to the network card.
It's perfect for pointing your MUA to localhost for mail handling without having to check sendmail every day to see if they released a 8.25.72 because of a major vulnerability in 8.25.71!!
I'm sorry but that was just an awesome bit of thinking.
how about this gnutella hack having built-in support for tcp bounces.. servers will find IPs of other servers in their logs.. the bounce servers won't log bounce traffic.. it'll be just like how NAT works today..
hey I got it.. the gnutella peers find themselves based on detected probes!! they don't even have to look for each other.. they automatically announce!
now if we could just select a port and community string..
Zone alarm is going crazy reporting attacks to different ports. What gives I thought this was a port 80 thing?
I was wondering the same thing when looking at my snort firewall logs.. I figured it out when I decided to pull up a web page off of one of the IP's "attacking" on a high port -- Slashdot came up!
Your firewall is only looking for the signature of the attack to come across the wire. Yours, like mine, is not differentiating between which port the payload is destined for on your machine. It sees the attack sequence come in on a web page, and its been posted plenty of times, and your firewall points it out. Can any snort gurus tell us what to change to make it only look for the payload coming in on port 80?
You can't do that with PPP
I guess you never ran a PPP server. You absolutely can assign a static IP to an individual username. In PPP, the original identifying token was actually the computer name. the -name parameter used in the pppd command line actually means "pretend your computer name is:", not "use this username:"
Just the same as how DHCP can allocate a fixed IP to a machine, so can PPP.