It's only a few cases like this, and everyone knows they're in prison.
OTOH, what good is served when chaps like RMS, Linus, Bruce, ESR etc. are all out in the open, yet can't achieve anything useful with just dissidence? To top it, we have some famous chaps from SCO on this side of the law, spouting their "Intellectual Property" claims!
Sincec the current ip address is ALWAYS going to be at variance with the original IP (assuming it was attached to a Corporate network - PHB) what's the big point in phoning home the IP?
If some kind of unique ID is getting transmitted, why at all log the IP? The IP would be useful to trace current location, not to pinpoint the current location of a stolen laptop.
This post is +5 insightful???? Holy cr*p - IP address isn't fixed to the laptop - mac address is. Though why AOL should be tracking mac addresses to user logins is beyond me.
Sensible stealers could just dump the network card and put a new one - or use a proxy over DSL.
1. When you steal computers, don't steal laptops. 2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat. 3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log! 4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
I don't think BackupMyPC offers a network backup solution. I remember numerous issues while using it with XP as well, besides problems with the boot floppies it generated..
I brought up this point to put in perspective some comments made in the article: . As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen
IMO, we just need to keep an eye on our CDs, tape, disks etc. - not the box itself. Securing a box connected online is not a task for 99% of Slashdot readers, planning for disaster recovery is.
Your config files are scattered all over your system, and I'll bet you don't know where half of them are. Also, the file locations aren't portable knowledge: they vary from distro to distro, and between versions of the same distro.
as long as the config files are just files, not registry hive entries, it doesn't matter. A simple file backup from a floppy boot can handle config issues. Not so with Windows.
I use DriveImage, which has been 100% reliable for me ever since it came out, and it can image all of my operating systems. Making a bootable restore image is a piece of cake, and network restore is just as easy. Notice that the compression is also top notch.
If you're Win2K occupies 1gig on a 20gig partition, DriveImage is useless. You can't use it to create 2 bootable CDs that restore your system back with screen savers and settings. It's a piece of cake with Linux with just a floppy and no 3rd party code.
PS: you need a spell-checker, moron.
Actually, I'm using a new keyboard with the plastic wrapper still on. And you need a bit more tolerance, Mr.Touchy. -
While that still leaves the system vulnerable to physical attacks, it more or less eliminates network-based ones as long as you use secure protocols.
In other words, you've achieved nothing. The issue here is the protocols, NOT passwords. Since these are not unnder the control of users, we should assume that any netwroked resource is insecure by design.
If you lose sleep over these so-callled 'Security Vulns' you can never sleep at all - unless you're running a box that's not hooked onto the net. Do you know how many 'root-attacks' are possible with Windows? 95,98,NT,2K,ME, XP - whichever version you're on? Can you even bet that after applying the latest fix from Microsoft, your system is free of vulns?
The best way to enjoy 8 hrs of sleep every night is to backup all files onto CDs / disks before going to the net. No matter what, you can get back live in about 30 mins next morning. With Windows, it could be 6 hours PLUS $600 for softtware.
More importantly, the openness of Debian is a much more important factor here. When I read these lines in the article: The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen. I got the distinct impression that Slashdot is transformig into a FUD channel for unsuspecting readers.
The fact that a 'clean' Linux system can be backed up and restored from any media, is of more relevance and importance to users. EVERY system connected to the internet has potential unknown vulns, those running Windows are often unpatched and have no disaster control system as well.
Viewed from this perspective, I don't think we need to keep an eye on our boxen just the backup tapes / disks/ CDs.
Since Linux has no use for hidden files, registry, active directory, complicated booting procecdures and other useless features that come standard with Windows - I see no point getting worked up about these so-called Security Warnings.
99% of Slashdot readers, I believe, treat viruses, worms and other 'security' attacks as a NUISANCE rather than a PRIVACY hazard. A Service Pack or bug fix a week for Windows merely highlights the fact that data privacy on a 'personal' computer is a joke. The nuisance of reinstalling the Windows OS from CD, and reinstalling each and every app with the zillions of settings OR buying expensive, uunreliable 3rd party s/w for disaster recovery can be intolerable.
With Linux, OTOH, simple tools exist that can take backups of disk data (not disk images, just the files), AFTRER installing the apps. A simple restore of these files gets the system back, with all settings and screen-savers intact.
To sum up, 99% of Slashdot readers do not need to care about these security risks, if they choose Linux for their personal or office systems.Those with Windows - a switch to Linux is cheaper than anti-virus s/w PLUS OS cost PLUS frequent updates PLUS frequent reinstalls PLUS loss of data PLUS nuisance.
Great post. However, more than MS Office, I suspect a different initiative from Microsoft will foster global unity - and that is Palladium / TCPA / MSNGSCB / DRM engine / whatever other name or form it acquires. MS Office is too small to perform this miracle.
I think the parent's point was that OOo was designed to compare and compete with MS Office and is hence bloated by design and default.It's not ANOTHER Office product by that yardstick.
Secondly, Open Office on Linux is not even half as good or useful as OOo on Windows. When considering a shift from MS Office, Israel could've evaluated better open-source word-processors and spreadsheets than OOo - I think that was the point he was making.
1. Speed: There's no point in being 100% compatible with MS Office, if it's 200% slower. 2. Bloated: Same as MS Office. 3. No option to install a dumbed-down version. 4. For word-processing, AbiWord is 10 times faster, and has all useful features. 5. For spreadsheets, Gnumeric is 15 times faster, and has all and more features.
Some of the best thinkers and code writers come from Israel. Given this fact, it is no wonder they resent outside monopoly control over software, albeit from the friendly US of A.
OTOH, Israel should be latching on to stuff like AbiWord, Gnumeric etc. rather than OOo. The latter neither provides full feature compatibility with MS Office, nor has any specific advantages to be adopted as a standard.
Slashdot Mirror
Also, we can note that the Chinese release political prisoners before a State visit, not after. (I'm talking about the UK detenus in Guantanamo Bay)
It's only a few cases like this, and everyone knows they're in prison.
OTOH, what good is served when chaps like RMS, Linus, Bruce, ESR etc. are all out in the open, yet can't achieve anything useful with just dissidence? To top it, we have some famous chaps from SCO on this side of the law, spouting their "Intellectual Property" claims!
Exactly! So, the incriminating info is not the IP address, it's the unnique id. The parent post said IP address, and I corrected the error.
,to pinpoint current location - the mods must be crazy!!
IP is reqd. after identifying,
Sincec the current ip address is ALWAYS going to be at variance with the original IP (assuming it was attached to a Corporate network - PHB) what's the big point in phoning home the IP?
If some kind of unique ID is getting transmitted, why at all log the IP? The IP would be useful to trace current location, not to pinpoint the current location of a stolen laptop.
This post is +5 insightful???? Holy cr*p - IP address isn't fixed to the laptop - mac address is. Though why AOL should be tracking mac addresses to user logins is beyond me.
Sensible stealers could just dump the network card and put a new one - or use a proxy over DSL.
1. When you steal computers, don't steal laptops.
2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
Judging by this article, it looks like they do!
I don't think BackupMyPC offers a network backup solution. I remember numerous issues while using it with XP as well, besides problems with the boot floppies it generated..
I brought up this point to put in perspective some comments made in the article:
. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen
IMO, we just need to keep an eye on our CDs, tape, disks etc. - not the box itself. Securing a box connected online is not a task for 99% of Slashdot readers, planning for disaster recovery is.
-
Your config files are scattered all over your system, and I'll bet you don't know where half of them are. Also, the file locations aren't portable knowledge: they vary from distro to distro, and between versions of the same distro.
as long as the config files are just files, not registry hive entries, it doesn't matter. A simple file backup from a floppy boot can handle config issues. Not so with Windows.
I use DriveImage, which has been 100% reliable for me ever since it came out, and it can image all of my operating systems. Making a bootable restore image is a piece of cake, and network restore is just as easy. Notice that the compression is also top notch.
If you're Win2K occupies 1gig on a 20gig partition, DriveImage is useless. You can't use it to create 2 bootable CDs that restore your system back with screen savers and settings. It's a piece of cake with Linux with just a floppy and no 3rd party code.
PS: you need a spell-checker, moron.
Actually, I'm using a new keyboard with the plastic wrapper still on. And you need a bit more tolerance, Mr.Touchy.
-
While that still leaves the system vulnerable to physical attacks, it more or less eliminates network-based ones as long as you use secure protocols.
In other words, you've achieved nothing. The issue here is the protocols, NOT passwords. Since these are not unnder the control of users, we should assume that any netwroked resource is insecure by design.
-
Will you cut off your head if you got a headache?
-
It is sadder to see that most of us think a 'safe' password means a secure system.
-
With Linux, it's ONE SINGLE learning curve for life. With Windows, you need to keep forgetting and re-learning with every version or Service Pack.
And BillyBoy is learning from your mistakes.
-
Law #2: If you can get back your system to pre-disaster condition after a floppy boot, you're running Linux!
-
If you lose sleep over these so-callled 'Security Vulns' you can never sleep at all - unless you're running a box that's not hooked onto the net. Do you know how many 'root-attacks' are possible with Windows? 95,98,NT,2K,ME, XP - whichever version you're on? Can you even bet that after applying the latest fix from Microsoft, your system is free of vulns?
The best way to enjoy 8 hrs of sleep every night is to backup all files onto CDs / disks before going to the net. No matter what, you can get back live in about 30 mins next morning. With Windows, it could be 6 hours PLUS $600 for softtware.
Most of us choose the 30 mins option.
-
More importantly, the openness of Debian is a much more important factor here. When I read these lines in the article:
The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.
I got the distinct impression that Slashdot is transformig into a FUD channel for unsuspecting readers.
The fact that a 'clean' Linux system can be backed up and restored from any media, is of more relevance and importance to users. EVERY system connected to the internet has potential unknown vulns, those running Windows are often unpatched and have no disaster control system as well.
Viewed from this perspective, I don't think we need to keep an eye on our boxen just the backup tapes / disks/ CDs.
-
Since Linux has no use for hidden files, registry, active directory, complicated booting procecdures and other useless features that come standard with Windows - I see no point getting worked up about these so-called Security Warnings.
99% of Slashdot readers, I believe, treat viruses, worms and other 'security' attacks as a NUISANCE rather than a PRIVACY hazard. A Service Pack or bug fix a week for Windows merely highlights the fact that data privacy on a 'personal' computer is a joke. The nuisance of reinstalling the Windows OS from CD, and reinstalling each and every app with the zillions of settings OR buying expensive, uunreliable 3rd party s/w for disaster recovery can be intolerable.
With Linux, OTOH, simple tools exist that can take backups of disk data (not disk images, just the files), AFTRER installing the apps. A simple restore of these files gets the system back, with all settings and screen-savers intact.
To sum up, 99% of Slashdot readers do not need to care about these security risks, if they choose Linux for their personal or office systems.Those with Windows - a switch to Linux is cheaper than anti-virus s/w PLUS OS cost PLUS frequent updates PLUS frequent reinstalls PLUS loss of data PLUS nuisance.
-
Microsoft doesn't get to make these 'implants'. The Service Packs, bug fixes and anti-virus updates would kill me!
-
Great post. However, more than MS Office, I suspect a different initiative from Microsoft will foster global unity - and that is Palladium / TCPA / MSNGSCB / DRM engine / whatever other name or form it acquires. MS Office is too small to perform this miracle.
Why don't you label the OOo CD as Office XP Service Pack CD and charge $10 for it? You could rake in a bit in your locality!
Hmmmm.. nice read... so, in Israel, you install the Service Pack first, then Windows?;-)
I think the parent's point was that OOo was designed to compare and compete with MS Office and is hence bloated by design and default.It's not ANOTHER Office product by that yardstick.
Secondly, Open Office on Linux is not even half as good or useful as OOo on Windows. When considering a shift from MS Office, Israel could've evaluated better open-source word-processors and spreadsheets than OOo - I think that was the point he was making.
-
Okay, some issues:
1. Speed: There's no point in being 100% compatible with MS Office, if it's 200% slower.
2. Bloated: Same as MS Office.
3. No option to install a dumbed-down version.
4. For word-processing, AbiWord is 10 times faster, and has all useful features.
5. For spreadsheets, Gnumeric is 15 times faster, and has all and more features.
enuff said?
-
Some of the best thinkers and code writers come from Israel. Given this fact, it is no wonder they resent outside monopoly control over software, albeit from the friendly US of A.
OTOH, Israel should be latching on to stuff like AbiWord, Gnumeric etc. rather than OOo. The latter neither provides full feature compatibility with MS Office, nor has any specific advantages to be adopted as a standard.
-
Is it SCOndomware license certified?
I'd hate to spend hours downloading the thig, for SCO to screw around.
-