Re:Excellent, I'm enjoying this coverage
on
WinXP Security Flaw
·
· Score: 2, Informative
...Although it seems to be lacking in some areas. Would you care to post a big announcement the next time a security flaw is found in a Linux distribution or any of the myriad of software that is usually bundled with one?
Looks like the DO post a big announcement when holes are found in Linux or software usually bundled with. Fancy that.
Re:FINALLY, slashdot wakes up and posts this
on
WinXP Security Flaw
·
· Score: 1
As far as the security hole goes I've heard even worse things are possible since XP now allows "raw" socket access to non-administrators.
This HAS to have been discussed on/. before, but the whole raw socket thing is much ado about nothing. You can have raw sockets under ANY microsoft OS by installing enhanced drivers, something any k1d33 can do while he installs his r00tk1t...
If grc spent 1/4 of the effort he spent on that working instead on getting large ISPs to do effective ingress/egress filtering, it might actually help solve the problem.
Now what we need is some game that provides a playable veneer over an actual problem that benefits from human judgement. Kind of like Seti@Home benefits from all the idle computer power out there. Humans are capable of inuition and pattern discrimination that computers are not, and a game would be an excellent way to apply massive amounts of distributed human analysis to an appropriate problem.
Has anyone got an appropriate problem? I'm thinking that somewhere in the vast field of genetics there's got to be some problem that humans can work on better than computers, next step is to turn it into a game and getting it bundled with your favorite (or least favorite;>) operating system...
The grammar is correct: gambol (g m b l) intr.v.gamboled, or gambolledgamboling, or gambollinggambols or gambols
To leap about playfully; frolic.
In short, "doctor-what-about-my-game-playing-addiction." It said exactly what it was meant to say. Don't blame them because you missed the clever play on the traditional phrase.
Sounds like Stephen R. Donaldson had something going when he described datacores in the Gap series.
If you can jack one of these things up into giga, tera, or larger ranges, then you can start using it to provide write-once history logging. Big brother, black boxes, personal recorders...
[Gandalf, Strider & Co]... are so well-seen and acted, so fearsome in battle, that we can't imagine the Hobbits getting anywhere without them.
Having re-read FOTR this fall in preparation, I'd have to say... yeah. That's pretty much the way it is. The hobbits get saved repeatedly - by elves in the shire, by Strider the night they meet him, again by Strider on the hilltop, by the actions of the elves at the ford,... It isn't until "The Two Towers" that the hobbits start taking care of themselves, once the fellowship breaks. And in "Return of the King" they finally start giving the enemy nasty suprises.
So, yes, LOTR is about the bravery of the hobbits... but not from day one. They grow into their bravery - the Sam that left the shire never would have acted as the Sam who returned to it.
So, let's see what happens in 2002 and 2003 before we start accusing the movies of removing the lesson of the bravery of little people.
I'd be willing to pay for fast software updates, but not $8-$10/month. I'm thinking half that or so.
But let me poll here - what's it worth? I've been using Evolution for two weeks now, and am pretty happy with it, but have avoided the whole "red carpet" thing because I've never liked "we're here to take of your machine" type apps. What sort of an improvement is Red Carpet over RH7.2 vanilla GNOME?
(Note, I'm still secure saying that it isn't worth the price without knowing what it is, because my opinion on the price is the value of fast updates, not the value of the software itself.)
Our PS1 just broke and our PS2 is in the mail. Backwards compatibility with the handful of games we own was a big element in the decision.
The other big element was that the reviews we quickly looked at all said something to the effect of "Xbox for action, but if you want to have a variety of game types (action, rpg, etc.) to choose from, go with PS2." Action alone just doesn't do it in my household.
If I read the article right, it decomposed back into sodium(22). We can create lots of elements with super science gadgets, but none that I've heard of are stable.
However, I have to wonder what would happen to radioactive waste that was modified this way. We've got to figure out some way to make that stuff less dangerous, at least until we can create black holes to dump it into.
Yup - that's why I plan to buy one. I've been waiting for one of these devices that looks like it works on Linux easily.
Worried about your laptop being stolen and your private key being compromised? Keep it on your keychain, and plug it in when you need to do something securely.
IPsec for IPv6 (and I assume IPv4) is pretty flexible and can be used on UDP (DNS, DHCP), and I *think* ICMP
Well, yes and no. DNS, for example, works fine if you have LAN clients and your single LAN DNS server, but you won't be likely to set up IPSec SAs with many external servers.
DHCP, no - how can you set up an SA when one of the endpoints has no IP address? (Not that DHCP is all that much worth protecting, but...)
ICMP, same as DNS - how many remote systems are you going to have, or be able to negotiate, SAs with?
Now, once IPv6 comes in, and IPSec becomes truly opportunistic, maybe - but in IPv4, it isn't really useful for "casual" encryption.
Bull pucky. While OE is obviously closer to Modern English than Greek is, it's very opaque if you're not taking a course in it,
I did not suggest that a Modern English speaker could suss it out without a course or some other instruction. However, based on 3-1/2 years of classes in French and off-and-on attempts at learning Welsh, I think it is reasonable to say that OE is much easier to learn than truly "foreign" languages. Phonetically, it makes sense - once you know that æt wæs is pronounced reasonably close to "that was," you can figure a lot of it out by phonetics and context.
and it's not reasonable to ask everyone who wants to appreciate Beowulf in some form to do that.
Of course not. But because the barrier for entry is so much lower than foreign languages, people who want to appreciate it should know they can do so in a semester rather than the 2-4 years it takes to be able to read interesting french, spanish, or italian texts.
If you insist on your point, I expect to hear that you've learned Old Norse before tackling the Icelandic sagas.
Unfortunately, my university didn't include such a course, which is really too bad. I would love to do so, given the opportunity.
{sarcasm}Yeah, I remember back when we had to migrate our people off of DOS and onto that Windows platform. It was a nightmare. People didn't even know what to do with the mouse.{/sarcasm}
Whereas few companies actually "train" anyone anything when upgrading to new operatings systems, and whereas the average "business user" handles their system at the most basic level possible, teaching people to use Linux instead of Windows isn't that big a hit. If you don't tell them it isn't Windows, some of them won't even notice.
It just depends on whether the applications are there or not. The desktop is getting there. The back end will get there, but will cost the same as Windows for applications if not OS (because, as someone pointed out, you need a bunch of CPA skills to write good accounting software).
I see two main reasons why packet-level encryption is worthwhile (assuming it isn't totally broken, of course):
Having encryption in the network hardware means that it is more likely to be used and to become ubiquitous. Hardware people are MUCH better at interoperably supporting standards than software people (maybe because hardware people write tighter standards).
You can't (or won't) encrypt EVERY protocol. DNS, DHCP, ICMP? All of these aren't worth adding application-layer encryption, but do provide valuable data to an attacker.
Personally, I'm happy to have working packet-level encryption because that adds one more layer. SSH over IPSec over WEP, anyone?
In college, I took a one-semester course on Old English. One of the things we did was read Beowulf in Old English. I highly recommend it for those who can find a course like that nearby (I have no idea how rare that is).
As several here have noted, the goal of a good translation is to retain some of the alliteration and stylistic sense of the original verse. In my experience and my opinion, it's easier to learn enough Old English to appreciate the original than it is to have a translation do it.
I mean, we're not talking Greek here. OE isn't that hard to a modern English speaker (I actually found it easier in some ways than Chaucer's Middle English).
But, by definition, if you're using a Word-compatible word processor, you need enough compatibility to exchange Word documents with Windows/MS-Office users without stripping out 99% of the existing formatting.
If you want a GOOD word processor - by all means, avoid cloneing Word. But if you want a word processor that works with Word documents, you're playing a different game. If you can't offer a certain degree of compatibility with Word, you might as well not even try.
As far as Word being buggy bloatware - I agree absolutely. I just want to be able to modify and exchange Word documents created by coworkers without having to run Windows and MS-Office.
I think the AbiWord people are in a bind trying to catch up with something as complex (you can read that as crappy) as Word. That's a tough task for such a small group, and it's a thankless task (as their letter indicates has been the case) because you end up with luser unhappiness.
On the other hand, OpenOffice seems to do a much better job with the Word documents (limited set, mind) that I've worked with. That's probably the result of the corporate heritage of Star/OpenOffice which meant that, for some time, serious resources were thrown at the problem, and someone dug in and did the crap work required.
In short - AbiWord is getting crap because they bit off more than they can true, on a product whose user base tends to be whiny. They certainly have my condolences.
Think of P2P as a way of efficiently distributing data and/or processing. The key word here is efficiently. Consider DNS, a distributed database. DNS is the system that was designed to allow the Internet to scale up from modest beginnings, and it exceeded expectations (and continues to do so) for scalability. It's the glue that keeps the Internet going, and which works better than a lot of newer, application-layer protocols (HTTP - been slashdotted lately?)
Therefore, an efficient and easily usable P2P framework allows application builders to build things that work better and faster than is available today. This isn't the new car - it's the new road.
Once you get the road built, then you start figuring out how to make money off of it. No one makes money off of DNS, but there's money to be made of the Internet that it enables (pr0n if nothing else!)
I've never had any problem with PayPal, but my use has been minimal. I think it is worth noting, though, that PayPal has got one of the more vigorous anti-fraud groups around. I think their fraud rate is around 1/2 of 1 percent, which is (IIRC) lower than many credit cards.
Some of this information is from an MSNBC Article that showed up on SANS NewsBytes. But I've also heard personal anecdotes from security professionals who'd rather have the Mafia after them than PayPal.
If I recall correctly from Guns, Germs & Steel, Australia was the extinction ground of a few types of animal because by the time Humans spread to the continent, they were advanced enough to kill things pretty expertly but hadn't yet gotten to agriculture or domestication.
As everyone has pointed out, true P2P won't work because then you're at the mercy of whatever the next "Peer" decided to stuff into the "package" he passes you, which will very likely be malware.
But what about a 1/2 P2P network (P1/2P)? The packages come from peers, but there are one or more central servers with a database of packages and their cryptographic sums. You get the aggregate bandwidth of a P2P network, but the authority comes from matching the checksums of the packages against the master list.
When they can put a 25-page book together what accepts some sort of floppy disk or memory chip so you can read different books with it for under $50, then that's cheap. Until then, they may be using a different definition than you and I.
Agreed. I'm also a Salon subscriber, because during the heavy news burst after 9/11 I found their coverage to be more interesting, and to have more interesting points of view. I don't agree with all of the points of view but there's a lot more there than you can get off CNN, MSNBC, or any of the other news sites.
Porn, such-as-it-is, is under the "Sex" tab. I can't really imagine paying for what is there either, but there you have it.
Slashdot Mirror
Ummm....
Solaris, AIX login holeSSH and OpenSSH Comparisons (note the Update about SSHv1 security bulletin...)
Running BIND 4 or 8? Upgrade!
The Twenty Most Critical Internet Security Holes (Includes "General," "Windows," and "Unix" vulnerabilities)
Open-Source != Security; PGP Provides Cautionary Tale
Debian 2.2 "Has Major Security Issues"? UPDATED
Vulnerability In SSH1
SSH Secure Shell 3.0.0 Remote Hole ("is a gaping remote hole on various unixes.")
Garfinkel Warns Of Linux Virus "Epidemic"
ProFTPD, Wuarchive Ftpd Compromised
Looks like the DO post a big announcement when holes are found in Linux or software usually bundled with. Fancy that.
As far as the security hole goes I've heard even worse things are possible since XP now allows "raw" socket access to non-administrators.
This HAS to have been discussed on /. before, but the whole raw socket thing is much ado about nothing. You can have raw sockets under ANY microsoft OS by installing enhanced drivers, something any k1d33 can do while he installs his r00tk1t...
If grc spent 1/4 of the effort he spent on that working instead on getting large ISPs to do effective ingress/egress filtering, it might actually help solve the problem.
"Oh, you wanted a DOOR to hang that lock on.... Sure, I guess we could do that..."
Now what we need is some game that provides a playable veneer over an actual problem that benefits from human judgement. Kind of like Seti@Home benefits from all the idle computer power out there. Humans are capable of inuition and pattern discrimination that computers are not, and a game would be an excellent way to apply massive amounts of distributed human analysis to an appropriate problem.
Has anyone got an appropriate problem? I'm thinking that somewhere in the vast field of genetics there's got to be some problem that humans can work on better than computers, next step is to turn it into a game and getting it bundled with your favorite (or least favorite ;>) operating system...
>>doctor-what-about-my-gamboling-addiction
>And your lack of grammar skills.
The grammar is correct:gambol (g m b l)
intr.v. gamboled, or gambolled gamboling, or gambolling gambols or gambols
To leap about playfully; frolic.
In short, "doctor-what-about-my-game-playing-addiction." It said exactly what it was meant to say. Don't blame them because you missed the clever play on the traditional phrase.
Sounds like Stephen R. Donaldson had something going when he described datacores in the Gap series.
If you can jack one of these things up into giga, tera, or larger ranges, then you can start using it to provide write-once history logging. Big brother, black boxes, personal recorders...
[Gandalf, Strider & Co]... are so well-seen and acted, so fearsome in battle, that we can't imagine the Hobbits getting anywhere without them.
Having re-read FOTR this fall in preparation, I'd have to say... yeah. That's pretty much the way it is. The hobbits get saved repeatedly - by elves in the shire, by Strider the night they meet him, again by Strider on the hilltop, by the actions of the elves at the ford,... It isn't until "The Two Towers" that the hobbits start taking care of themselves, once the fellowship breaks. And in "Return of the King" they finally start giving the enemy nasty suprises.
So, yes, LOTR is about the bravery of the hobbits... but not from day one. They grow into their bravery - the Sam that left the shire never would have acted as the Sam who returned to it.
So, let's see what happens in 2002 and 2003 before we start accusing the movies of removing the lesson of the bravery of little people.
I'd be willing to pay for fast software updates, but not $8-$10/month. I'm thinking half that or so.
But let me poll here - what's it worth? I've been using Evolution for two weeks now, and am pretty happy with it, but have avoided the whole "red carpet" thing because I've never liked "we're here to take of your machine" type apps. What sort of an improvement is Red Carpet over RH7.2 vanilla GNOME?
(Note, I'm still secure saying that it isn't worth the price without knowing what it is, because my opinion on the price is the value of fast updates, not the value of the software itself.)
Our PS1 just broke and our PS2 is in the mail. Backwards compatibility with the handful of games we own was a big element in the decision.
The other big element was that the reviews we quickly looked at all said something to the effect of "Xbox for action, but if you want to have a variety of game types (action, rpg, etc.) to choose from, go with PS2." Action alone just doesn't do it in my household.
If I read the article right, it decomposed back into sodium(22). We can create lots of elements with super science gadgets, but none that I've heard of are stable.
However, I have to wonder what would happen to radioactive waste that was modified this way. We've got to figure out some way to make that stuff less dangerous, at least until we can create black holes to dump it into.
Yup - that's why I plan to buy one. I've been waiting for one of these devices that looks like it works on Linux easily.
Worried about your laptop being stolen and your private key being compromised? Keep it on your keychain, and plug it in when you need to do something securely.
IPsec for IPv6 (and I assume IPv4) is pretty flexible and can be used on UDP (DNS, DHCP), and I *think* ICMP
Well, yes and no. DNS, for example, works fine if you have LAN clients and your single LAN DNS server, but you won't be likely to set up IPSec SAs with many external servers.
DHCP, no - how can you set up an SA when one of the endpoints has no IP address? (Not that DHCP is all that much worth protecting, but...)
ICMP, same as DNS - how many remote systems are you going to have, or be able to negotiate, SAs with?
Now, once IPv6 comes in, and IPSec becomes truly opportunistic, maybe - but in IPv4, it isn't really useful for "casual" encryption.
Bull pucky. While OE is obviously closer to Modern English than Greek is, it's very opaque if you're not taking a course in it,
I did not suggest that a Modern English speaker could suss it out without a course or some other instruction. However, based on 3-1/2 years of classes in French and off-and-on attempts at learning Welsh, I think it is reasonable to say that OE is much easier to learn than truly "foreign" languages. Phonetically, it makes sense - once you know that æt wæs is pronounced reasonably close to "that was," you can figure a lot of it out by phonetics and context.
and it's not reasonable to ask everyone who wants to appreciate Beowulf in some form to do that.
Of course not. But because the barrier for entry is so much lower than foreign languages, people who want to appreciate it should know they can do so in a semester rather than the 2-4 years it takes to be able to read interesting french, spanish, or italian texts.
If you insist on your point, I expect to hear that you've learned Old Norse before tackling the Icelandic sagas.
Unfortunately, my university didn't include such a course, which is really too bad. I would love to do so, given the opportunity.
{sarcasm}Yeah, I remember back when we had to migrate our people off of DOS and onto that Windows platform. It was a nightmare. People didn't even know what to do with the mouse.{/sarcasm}
Whereas few companies actually "train" anyone anything when upgrading to new operatings systems, and whereas the average "business user" handles their system at the most basic level possible, teaching people to use Linux instead of Windows isn't that big a hit. If you don't tell them it isn't Windows, some of them won't even notice.
It just depends on whether the applications are there or not. The desktop is getting there. The back end will get there, but will cost the same as Windows for applications if not OS (because, as someone pointed out, you need a bunch of CPA skills to write good accounting software).
I see two main reasons why packet-level encryption is worthwhile (assuming it isn't totally broken, of course):
Personally, I'm happy to have working packet-level encryption because that adds one more layer. SSH over IPSec over WEP, anyone?
In college, I took a one-semester course on Old English. One of the things we did was read Beowulf in Old English. I highly recommend it for those who can find a course like that nearby (I have no idea how rare that is).
As several here have noted, the goal of a good translation is to retain some of the alliteration and stylistic sense of the original verse. In my experience and my opinion, it's easier to learn enough Old English to appreciate the original than it is to have a translation do it.
I mean, we're not talking Greek here. OE isn't that hard to a modern English speaker (I actually found it easier in some ways than Chaucer's Middle English).
But, by definition, if you're using a Word-compatible word processor, you need enough compatibility to exchange Word documents with Windows/MS-Office users without stripping out 99% of the existing formatting.
If you want a GOOD word processor - by all means, avoid cloneing Word. But if you want a word processor that works with Word documents, you're playing a different game. If you can't offer a certain degree of compatibility with Word, you might as well not even try.
As far as Word being buggy bloatware - I agree absolutely. I just want to be able to modify and exchange Word documents created by coworkers without having to run Windows and MS-Office.
I think the AbiWord people are in a bind trying to catch up with something as complex (you can read that as crappy) as Word. That's a tough task for such a small group, and it's a thankless task (as their letter indicates has been the case) because you end up with luser unhappiness.
On the other hand, OpenOffice seems to do a much better job with the Word documents (limited set, mind) that I've worked with. That's probably the result of the corporate heritage of Star/OpenOffice which meant that, for some time, serious resources were thrown at the problem, and someone dug in and did the crap work required.
In short - AbiWord is getting crap because they bit off more than they can true, on a product whose user base tends to be whiny. They certainly have my condolences.
And I thought their offer to provide the software was such a nice idea, too...
Here's the big question: How much does this matter with half the states contesting the settlement issue?
The question isn't who pays, it is who benefits.
Think of P2P as a way of efficiently distributing data and/or processing. The key word here is efficiently. Consider DNS, a distributed database. DNS is the system that was designed to allow the Internet to scale up from modest beginnings, and it exceeded expectations (and continues to do so) for scalability. It's the glue that keeps the Internet going, and which works better than a lot of newer, application-layer protocols (HTTP - been slashdotted lately?)
Therefore, an efficient and easily usable P2P framework allows application builders to build things that work better and faster than is available today. This isn't the new car - it's the new road.
Once you get the road built, then you start figuring out how to make money off of it. No one makes money off of DNS, but there's money to be made of the Internet that it enables (pr0n if nothing else!)
I've never had any problem with PayPal, but my use has been minimal. I think it is worth noting, though, that PayPal has got one of the more vigorous anti-fraud groups around. I think their fraud rate is around 1/2 of 1 percent, which is (IIRC) lower than many credit cards.
Some of this information is from an MSNBC Article that showed up on SANS NewsBytes. But I've also heard personal anecdotes from security professionals who'd rather have the Mafia after them than PayPal.
If I recall correctly from Guns, Germs & Steel, Australia was the extinction ground of a few types of animal because by the time Humans spread to the continent, they were advanced enough to kill things pretty expertly but hadn't yet gotten to agriculture or domestication.
Maybe this is just returning the favor...
As everyone has pointed out, true P2P won't work because then you're at the mercy of whatever the next "Peer" decided to stuff into the "package" he passes you, which will very likely be malware.
But what about a 1/2 P2P network (P1/2P)? The packages come from peers, but there are one or more central servers with a database of packages and their cryptographic sums. You get the aggregate bandwidth of a P2P network, but the authority comes from matching the checksums of the packages against the master list.
Nice teaser article, but how cheap is cheap?
When they can put a 25-page book together what accepts some sort of floppy disk or memory chip so you can read different books with it for under $50, then that's cheap. Until then, they may be using a different definition than you and I.
Agreed. I'm also a Salon subscriber, because during the heavy news burst after 9/11 I found their coverage to be more interesting, and to have more interesting points of view. I don't agree with all of the points of view but there's a lot more there than you can get off CNN, MSNBC, or any of the other news sites.
Porn, such-as-it-is, is under the "Sex" tab. I can't really imagine paying for what is there either, but there you have it.