If you look at the docs for PHP, the online version has lots of comments underneath posted by users which either explains the docs in a different way, or adds their own experiences of doing similar things in a different way, or just better ways of doing what the docs suggest.
Dump the Gameboy and iPod and trick out your PDA. Try the CE/gg emulator that emulates gamegear / Master system games. Baku Baku animal, Doctor Robotnik's Mean Bean machine and Sonic Chaos are wicked. I've got a Dell Axim and with a Gig microdrive then I've also got the MP3 side of things covered. If battery life is an issue then go for the SD/MMC option. 128M SD card will let you store ~3.5 CD's (or 3 CD's and some random tracks)
On the other hand, perhaps the PHB knew that his geeky staff would start hacking it and bought it for a laugh to see what they would end up doing with it
The source-based thing isn't even why most people use gentoo. According to a recent poll on the gentoo-user mailing list, most people like it because of Portage (the package management system), with Customisation / Control coming in second (performance was third).
Having recently tried gentoo I have to say that it's a nice idea but it still needs work. For a month I tried emerge kde. Every single time it compliained about XFree86 not matching my md5sum. So every few days I would emerge sync then emerge kde to see if the portage for XFree86 matched the md5sum I had downloaded. I removed the contents of/usr/portage and resynced but to no avail. I posted help messages on the forums of the gentoo.org site, but no one seemed to either
a) know the answer to my problem
b) recognise that there was a problem to be fixed.
I was perfectly able to install other software such as postgres, apache2, php. The idea is a good one, and watching your sources download and compile to your own specification is definetly neat. But to leave such a glaring bug for so long just frustrated me and eventually I tired of waiting and went back to my regular distro. I can understand that some may say that I should stop whinging, get off my ass and fix the problem myself. Well maybe so. And if I had been using gentoo for longer and was more familiar with it and the people who run it, then I may have done. But as an intrigued newcomer all I can say is, close but no cigar.
If you read the article it says that the support engineers were looking around the PC was twofold
a) Ms. Perry's previous experience showed that virus's leave evidence of their existence on the system. The PC had come in with the end user suspecting it had a virus and the tech had had problems with getting virus software on there. It is inherently easier to fix a computer for an end user than to reinstall it and lose either data or custom settings which the user would find difficult to recreate.
b) The tech that actually found the porn (Mr. Gross aptly enough) was in the process of backing up the PC because Ms Perry believed the system was unstable and they wanted to retain the personal information on the computer fearing it might crash and lose valuable data. This approach was backed up by the help-desk calls from the law school's faculty because they knew when a professor's PC might contain, say, the chapters of a book in progress or class notes.. Now not being psychic and knowing what a professor mught use as part of a lecture or where he may store that key piece of research, I would say that these two were only being diligent in ensuring their user retained all of their personal info.
The notion that you can backup a computer without knowing what data you need to keep is just illogical.
What I find interesting on this is that Apple have taken Konqueror embedded and wrapped a Cocoa interface around it. According to the news story you link to, this is a bug not just in Safari but in Konqueror which Safari is based on.
So I've just been to to have a look at the recent news. No mention at all of an SSL bug in konqueror which requires immiediate patching. This makes me wonder - what is the KDE policy on releasing bug fixes like this to their codebase? And it also makes me wonder what Apple's approach to this is. They have given themselves a major headstart by using the Konqueror rendering engine to build a proprietary browser. Have they given their SSL patch back to KDE? Is Safari a codefork or an interrelated project?
Actually I think that most people who love Linux couldn't give a rats ass about the license it uses. Some people are zealots about licensing and OSS gives them the freedom to choose Debian. Most people love Linux becuase it allows them to run a UNIX variant on commodity hardware.
Granted, most commercial software doesn't come with a "works with Debian" sticker, so I'd be reluctant to run those apps on it
Yeah, that was kinda my point. I wasn't criticising the quality of Debian. But there is an argument that Debian is acceptable in the corporate environment because it is Linux. and I don't really see that as accurate. My own experience is that suits are extremely reluctant to accept Linux as an OS to base their business on. This has only relented when they see companies like Dell and Oracle supporting their products on Linux. And that only happens on RedHat and SUSE. Although "Linux in the Enterprise" is a commonly found buzzword, "RedHat in the Enterprise" is probably more accurate.
The easy answer is that you are more protected. Security is a combination of a variety of things. You don't benefit from running the most up to date version of Apache, if your ssh is 6 months old and full of known holes.
You are probably the kind of person who will get this most beneift from a project like this because you are aware of security issues and are proactive about it. I'm guessing you've spent time locking down your email, ssh and www services so that they can't be abused. So you are going to get more benefit from installing this distro and applying the functionality it provides as well as the steps you have already taken.
Remember, nothing is impenetrable. But the further you can get from completely insecure, the less likely you are to get hacked.
I'd say that until they get an external audit saying that they are B2 certified, they have a very long way to go.
But then that does depend on your goals. Debian is the least corporate of all the Linux distro's. They have always been end user based and not corporation based. Indeed the goal of this project is "to create a secure Linux platform and make it available to everyone". They probably aren't concerned with the majority of criticisms in this thread because they aren't looking ot create a product to sell.
Kind of a swings and roundabouts thing this. It's the freedom that OSS provides that allows for projects like OpenBSD and Trusted Debian, and yet many think that we should curtail that freedom and agree strict standards which all should adhere to. I have to say I found it extremely confusing after using RH for several years and being presented with debian. It may use the same kernel as RedHat, but that is where the similarities end.
My take on this is that we should have Linux distro's for newbies such as RedHat and Mandrake which try very hard to shield the end user from the fact they are running Linux. And if those users decide to get a little more technical, then they can dig a little deeper into their OS, or even go a little more 'hardcore' and go for a debian, slackware or even FreeBSD install.
Staying on topic, I think that Trusted Debian is not yet ready for the mainstream. Headlining the latest secure linux ditribution for those who never want to be hacked on the Slashdot homepage is a little misleading. There is some interesting ideas here, but there is a lot of work still to be done on this project.
to quote There is no other UNIX system which adds the same kind of protection against buffer overflows and at the same time protects against some less well-known or even some unknown problems. Except for OpenBSD
OK, the next line does say that the trusted debian developes think that OpenBSD falls short on these things. Having seen the maturity of the trusted debian project, it seems to me that whilst this may or may not be true, certainly trusted debian has a long way to go before it can accomplish a similar level of code audit in relation to how it interacts with OS.
It seems from the replies that I got to my question that I have come accross as some kind of OpenBSD zealot. Not the case. I was merely interested in what this new platform provided that OpenBSD doesn't already strive to achieve. As far as I can tell, all that this brings is some nifty kernel patches. But it has a long way to go before it can reach the stebility and security of the other "Trusted" OS's.
Depends what you are after I guess. If you want a secure and locked down system then you are going to have to put some work in to it yourself. What is the point of installing OpenBSD / Trusted Debian with a root password of "password", etc. If you want trustable security then you need to look at a platform that provides you with the tools to lock the system down.
I can understand how it may be easier to do that with a Linux distribution than a BSD based distro due to familiarity. However my Linux experience is mainly with RedHat and I find that I have to do as much learning with debian as I have to with BSD.
Considering you source article is from 2001, I think your info is a little out of date. And having read the article, it basically says - look linux has all these products so it must be better, right?
And in terms of industty support? Well if it was Trusted SUSE, or Trusted RedHat, you may have a point. Debian in the corparte environment? Give me a break.
It's not just the kernel that has changed. All of the code will have have been complied with -fstack, etc. so that not just the kernel, but the code itself is less likely to respond to stack overflows, etc. So you will be installing Trusted packages, instead of the standard woody packages.
It also uses a different access mechanism (calls it RSBAC) as do most "Trusted" (i.e. security enhanced) distributions. Based on ACL's it allows the Sys Admin more granularity on determinig who can access what.
I'm not trolling here, but I can't see the benefit of this over OpenBSD.
Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.
A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.
I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?
Slashdot Mirror
When Sam Fisher is watching the web broadcast on his PC, he's using GNOME as his desktop.
If you look at the docs for PHP, the online version has lots of comments underneath posted by users which either explains the docs in a different way, or adds their own experiences of doing similar things in a different way, or just better ways of doing what the docs suggest.
Dump the Gameboy and iPod and trick out your PDA. Try the CE/gg emulator that emulates gamegear / Master system games. Baku Baku animal, Doctor Robotnik's Mean Bean machine and Sonic Chaos are wicked. I've got a Dell Axim and with a Gig microdrive then I've also got the MP3 side of things covered. If battery life is an issue then go for the SD /MMC option. 128M SD card will let you store ~3.5 CD's (or 3 CD's and some random tracks)
Maximum amount of RAM you can fit in a Beige G3 is 768M.
The G3 will support 3x256M Dimms.
Have a look on Low End Mac or Accelerate Your Mac for some good pointers.
Probably
On the other hand, perhaps the PHB knew that his geeky staff would start hacking it and bought it for a laugh to see what they would end up doing with it
The source-based thing isn't even why most people use gentoo. According to a recent poll on the gentoo-user mailing list, most people like it because of Portage (the package management system), with Customisation / Control coming in second (performance was third).
/usr/portage and resynced but to no avail. I posted help messages on the forums of the gentoo.org site, but no one seemed to either
Having recently tried gentoo I have to say that it's a nice idea but it still needs work. For a month I tried emerge kde. Every single time it compliained about XFree86 not matching my md5sum. So every few days I would emerge sync then emerge kde to see if the portage for XFree86 matched the md5sum I had downloaded. I removed the contents of
a) know the answer to my problem
b) recognise that there was a problem to be fixed.
I was perfectly able to install other software such as postgres, apache2, php. The idea is a good one, and watching your sources download and compile to your own specification is definetly neat. But to leave such a glaring bug for so long just frustrated me and eventually I tired of waiting and went back to my regular distro. I can understand that some may say that I should stop whinging, get off my ass and fix the problem myself. Well maybe so. And if I had been using gentoo for longer and was more familiar with it and the people who run it, then I may have done. But as an intrigued newcomer all I can say is, close but no cigar.
Because it's rubbish ????
Maybe a trilogy of games where you could also play John Constantine.
Transmet
;)
Now that would be the coolest game ever
If you read the article it says that the support engineers were looking around the PC was twofold
a) Ms. Perry's previous experience showed that virus's leave evidence of their existence on the system. The PC had come in with the end user suspecting it had a virus and the tech had had problems with getting virus software on there. It is inherently easier to fix a computer for an end user than to reinstall it and lose either data or custom settings which the user would find difficult to recreate.
b) The tech that actually found the porn (Mr. Gross aptly enough) was in the process of backing up the PC because Ms Perry believed the system was unstable and they wanted to retain the personal information on the computer fearing it might crash and lose valuable data. This approach was backed up by the help-desk calls from the law school's faculty because they knew when a professor's PC might contain, say, the chapters of a book in progress or class notes.. Now not being psychic and knowing what a professor mught use as part of a lecture or where he may store that key piece of research, I would say that these two were only being diligent in ensuring their user retained all of their personal info. The notion that you can backup a computer without knowing what data you need to keep is just illogical.
What I find interesting on this is that Apple have taken Konqueror embedded and wrapped a Cocoa interface around it. According to the news story you link to, this is a bug not just in Safari but in Konqueror which Safari is based on.
So I've just been to to have a look at the recent news. No mention at all of an SSL bug in konqueror which requires immiediate patching. This makes me wonder - what is the KDE policy on releasing bug fixes like this to their codebase? And it also makes me wonder what Apple's approach to this is. They have given themselves a major headstart by using the Konqueror rendering engine to build a proprietary browser. Have they given their SSL patch back to KDE? Is Safari a codefork or an interrelated project?
nah, we laugh because you can't spell
Actually I think that most people who love Linux couldn't give a rats ass about the license it uses. Some people are zealots about licensing and OSS gives them the freedom to choose Debian. Most people love Linux becuase it allows them to run a UNIX variant on commodity hardware.
Granted, most commercial software doesn't come with a "works with Debian" sticker, so I'd be reluctant to run those apps on it
Yeah, that was kinda my point. I wasn't criticising the quality of Debian. But there is an argument that Debian is acceptable in the corporate environment because it is Linux. and I don't really see that as accurate. My own experience is that suits are extremely reluctant to accept Linux as an OS to base their business on. This has only relented when they see companies like Dell and Oracle supporting their products on Linux. And that only happens on RedHat and SUSE. Although "Linux in the Enterprise" is a commonly found buzzword, "RedHat in the Enterprise" is probably more accurate.
Whether or not that is true, popularity does not imply quality. Microsoft products should provide evidence of that.
The easy answer is that you are more protected. Security is a combination of a variety of things. You don't benefit from running the most up to date version of Apache, if your ssh is 6 months old and full of known holes.
You are probably the kind of person who will get this most beneift from a project like this because you are aware of security issues and are proactive about it. I'm guessing you've spent time locking down your email, ssh and www services so that they can't be abused. So you are going to get more benefit from installing this distro and applying the functionality it provides as well as the steps you have already taken.
Remember, nothing is impenetrable. But the further you can get from completely insecure, the less likely you are to get hacked.
I'd say that until they get an external audit saying that they are B2 certified, they have a very long way to go.
But then that does depend on your goals. Debian is the least corporate of all the Linux distro's. They have always been end user based and not corporation based. Indeed the goal of this project is "to create a secure Linux platform and make it available to everyone". They probably aren't concerned with the majority of criticisms in this thread because they aren't looking ot create a product to sell.
Kind of a swings and roundabouts thing this. It's the freedom that OSS provides that allows for projects like OpenBSD and Trusted Debian, and yet many think that we should curtail that freedom and agree strict standards which all should adhere to. I have to say I found it extremely confusing after using RH for several years and being presented with debian. It may use the same kernel as RedHat, but that is where the similarities end.
My take on this is that we should have Linux distro's for newbies such as RedHat and Mandrake which try very hard to shield the end user from the fact they are running Linux. And if those users decide to get a little more technical, then they can dig a little deeper into their OS, or even go a little more 'hardcore' and go for a debian, slackware or even FreeBSD install.
Staying on topic, I think that Trusted Debian is not yet ready for the mainstream. Headlining the latest secure linux ditribution for those who never want to be hacked on the Slashdot homepage is a little misleading. There is some interesting ideas here, but there is a lot of work still to be done on this project.
Yo. :$
to quote
There is no other UNIX system which adds the same kind of protection against buffer overflows and at the same time protects against some less well-known or even some unknown problems. Except for OpenBSD
OK, the next line does say that the trusted debian developes think that OpenBSD falls short on these things. Having seen the maturity of the trusted debian project, it seems to me that whilst this may or may not be true, certainly trusted debian has a long way to go before it can accomplish a similar level of code audit in relation to how it interacts with OS.
It seems from the replies that I got to my question that I have come accross as some kind of OpenBSD zealot. Not the case. I was merely interested in what this new platform provided that OpenBSD doesn't already strive to achieve. As far as I can tell, all that this brings is some nifty kernel patches. But it has a long way to go before it can reach the stebility and security of the other "Trusted" OS's.
Depends what you are after I guess. If you want a secure and locked down system then you are going to have to put some work in to it yourself. What is the point of installing OpenBSD / Trusted Debian with a root password of "password", etc. If you want trustable security then you need to look at a platform that provides you with the tools to lock the system down.
I can understand how it may be easier to do that with a Linux distribution than a BSD based distro due to familiarity. However my Linux experience is mainly with RedHat and I find that I have to do as much learning with debian as I have to with BSD.
Considering you source article is from 2001, I think your info is a little out of date. And having read the article, it basically says - look linux has all these products so it must be better, right?
And in terms of industty support? Well if it was Trusted SUSE, or Trusted RedHat, you may have a point. Debian in the corparte environment? Give me a break.
It's not just the kernel that has changed. All of the code will have have been complied with -fstack, etc. so that not just the kernel, but the code itself is less likely to respond to stack overflows, etc. So you will be installing Trusted packages, instead of the standard woody packages.
It also uses a different access mechanism (calls it RSBAC) as do most "Trusted" (i.e. security enhanced) distributions. Based on ACL's it allows the Sys Admin more granularity on determinig who can access what.
I'm not trolling here, but I can't see the benefit of this over OpenBSD.
Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.
A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.
I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?
Then you get what you pay for