The biggest omission from the list was wuftpd <2.6.0 (and derivatives). This deserved to be number 2 on the list, after BIND, as it shipped enabled by default on every RedHat up to 6.0.
I generally recommend that Linux users replace wuftpd with ftpd-BSD, the Linux port of OpenBSD ftpd. It's not as featureful, but it's a lot easier to use, and the code has been audited.
I also think sendmail seemed out of place on the list. There hasn't been a root exploit on sendmail in what, three years? --
A lot of the stuff I like is available only as fan sub, so they might be difficult to find, but here are a few recommendations, off the top of my head.
Some of this stuff is available through Kodocha Anime.
(1) Pon Poko Tanuki. 1994 feature length animation about the tanuki (Japanese "racoon-dogs") and their reaction to encroachment on their territory in suburban Tokyo. Better animation than anything Disney's ever done.
(2) Kodomo no Omacha (Child's Toy). Fast-paced and wacky story of an 11-year-old TV star. So far only 29 (out of 102) have been subbed.
(3) Mahou Tsukai Tai (Magic Users Club). Funny, and slightly ecchi. Recently licensed, but not yet released commercially, so this could be tough to find.
(4) Shoujou Kakkumei Utena (Revolutionary Girl Utena). The first nine episodes are available commercially, but the rest haven't been licensed and so are available from fansubbers. This series is very strange. Sort of like Evangelion, but shoujou.
(5) Ping Pong Club. Available commercially. Very R-rated, and hilarious. Sort of a Japanese South Park.
(6) Fushigi Yugi (Mysterious Play). The usual "high school girl gets pulled into fantasy world", but done better than any other I've seen in this sub-genre. The commercial release is into the mid-40s out of 52.
(7) Marmalade boy. 76 episodes, available only as fansubs. Shoujou love story: no magic, no fighting robots. Great charaters. --
You missed the point about the Thompson's trojaned C compiler. It was designed not only to insert a backdoor into/bin/login whenever it detected that it was being compiled, but to insert this backdoor producing code into cc itself, if it detected that cc was being recompiled.
Thus Thompson could distribute clean source, but still guarantee that the trojaned binaries would propagate, since you had to use his trojaned cc binary to compile a (trojaned) cc binary from (clean) source.
Now if someone had compiled Thompson's cc source with a *different* C compiler, the resulting binary would have been clean. But at the time, his compiler was the only one available. --
You can always "whitelist" any servers that you wish to receive mail from, despite their presence on ORBS, RSS, RBL, or DUL, by putting them into/etc/mail/access (assuming you're running sendmail, and have that feature enabled), e.g.
mail.wideopenrelay.com RELAY
This, of course, diminishes the punitive value of the list, but it's better than not using the list at all. IMHO, you don't even need to give a second thought to using the RBL (which only lists serious repeat offenders, IIRC) and the DUL (dialup users should use their ISP's mailserver. The only servers I've had to whitelist at a user's request have been on RSS, which is far more agressive than the RBL. (I don't use ORBS, since I find it too aggressive.) --
"...you can't GPL it if someone's already patented it..."
Of course you can. The GPL makes no pretense of granting rights which are restricted by law. The GPL merely provides that the copyright holder(s) are not restricting use/distribution/modification of the code under copyright law: there may unfortunately be other laws that do restrict use/distribution/modification of the code, such as U.S. export laws, or patents.
That said, the existence of a patent can make software non-free (at least in the portions of the world where the patent is restricted) and free-software authors should use alternatives whenever possible (e.g. LZ instead of LZW compression).
The moral of the story: merely being GPLed (or BSDed, or in the public domain) does not make a piece of software free, but it's all the copyright holder can do. (Unless, of course, the copyright holder is also the patent holder.) --
Think about it: what's the biggest gripe with the Unisys LZW patent? That they (1) published it without even saying it was patented, and (2) didn't bother enforcing patent licensing until it became ubiquitous. Now that GIF is a standard, they want their pound of flesh.
If Unisys had lost their patent for failing to enforce it, or had enforced it from the beginning, we would now have an image standard unemcumbered by an obnoxious patent.
The same thing applies to trademarks. If you let a trademark get so diluted that it's become part of the language, the law says you have no right to complain. And that's a Good Thing.
What you need to do is find a Linux User Group to join. Here's a helpful page. Don't worry if there's not one within driving distance, they almost all have mailing lists. Just pick one. Or pick two or three, ask a few questions, and see which list is the most helpful.
I'll take this as an opportunity to plug our local LUG, GOLUM. You're welcome to join our list, or if you're in the Memphis area, come to the meetings. Plus we have the coolest mascot of any LUG.
In addition to the technical reasons cited in the article, I believe there's a cultural reason that viruses won't proliferate under Linux and other Unixes. Unlike Windows users, Linux users don't email executable files, such as this past holiday season's "Elf Bowling" and "Frogapault", to one another. If people only get executables from safe sources, e.g. from the vendors or developers themselves, or from well-known sites like metalab, there's little danger of passing around malicious code.
(This is not to say, of course, that we shouldn't step up efforts to distribute code with digital signatures. If someone compromised metalab we could be seriously screwed.) --
Legal question: Would escrowed source-code count as "prior art" for the pupose of defending against a patent law-suit? Would that count as "publishing", even if it weren't made public?
Practical question: Where would one go to escrow code? Or do you just need to make a paper printout and take it to your local notary public? --
If you name a machine after its function, what happens when the machine no longer serves that function? E.g. We have a mail server here named "dns1" - it used to do DNS, but that's no longer its function.
The functional names (mail, dns, ftp, www) of the machines should be listed in DNS as CNAMEs.
For the record, at my former employer we used names of pagan deities. Where I am now we use animal names. --
It was the summer of 1993, and she and I and her friend Jenne were all subscribed to this Sandman fanzine called "Dream Lovers", published by this guy who called himself "Fluffy". Jenne and I became pen-pals, and one week she invited me both and my future wife Janet to stay with her for a week in Onenonta, NY, halfway between where I lived (Rochester) and where Janet lived (Long Island).
Janet and I fell in love that week, and two years later were married. It's been four wonderful years.
Anyway, thanks Neil, for writing such a great comic book, and for playing your part in the chance or fated sequence of events that led to my marriage. I look forward to reading your new book.
Are there any other former "Dream Lovers" subscribers out reading Slashdot? --
(1) There were two separate vulnerabilities in the CGI: insufficient checking on user input, and failure to check the return value of "rename."
These were very subtle programming errors, and it took a great deal of cleverness to exploit them.
(2) There was a serious bit of misconfiguration on the part of the server itself: jfs couldn't overwrite index.html as nobody, but he could overwrite advisory.cgi!
Sorry PC Week, but this is covered in Webmaster 101. Never, ever, have any web-accessible file or directory writable by the user that httpd runs as!
(3) There was the vixie-cron exploit. This is the only part that could blamed on Linux. --
From/COPYRIGHT on a FreeBSD machine I have an account on:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
You still have to acknowledge UCB's copyright when you distribute the code in source or binary form, it just no longer has to be acknowleged in advertising.
When a piece of code is in the public domain, you do not have to acknowledge any copyright (because there is none). --
I agree that the "setting an example" method of enforcing laws has generally failed for violent crime/ordinary property crime, but in that case the criminals on average (a) are not particularly intelligent, and (b) don't have a potentially bright future to contrast with a life of prison and probation.
Script kiddies, on the other hand, are generally pretty intelligent kids with potentially bright futures. "Setting an example" may well work with them.
Oh, and the words "innocent" and "guilty" appear nowhere in the U.S. Constitution.:) --
What nobody seems to understand is that trademarks are legally protected against misuse only in a limited area of business. Thus Steve and Steve were able to start a computer company and call it "Apple", and they weren't infringing on the trademark of Apple records.
There would be nothing legally wrong with my purchasing "ford.com" (if I could), as long as I didn't use it to sell cars.
But domain name squatters are still the third lowest form of scum on the net, after spammers and script kiddies. But there's nothing we can do about them, other than refusing to give in to their demands. --
From Marc Maiffret, cracker turned security professional:
He said the raids have frightened some of the young hackers. [sic]... "People are afraid," he said. "There is a lot of pressure to go legit."
Good. This means the FBI crackdown is working. I'm generally skeptical about the "get tough on crime" approach, but it seems likely to work in the case of computer crime, in which the criminals are intelligent people with a potentially bright future: people with a lot to lose, and who know it. --
In the U.S. there is a Federal law, namely the "Telephone Consumer Protection Act of 1991" that says they have to put your number on the "no-call" list if you so request, and you can sue them for $500 per incident if they call you after you have requested to be on the list. See http://www.privacyrights.org/fs/fs5-tm kt.htm.
With spammers on the other hand, replying with "remove" in the subject line just verifies your email address. --
Well, they used to be at archive.netscape.com (username archive, password oldies) last time I looked, about a month ago when I was digging for a 3.0 version for Solaris. But now there appears to be nothing there either. Anybody know what happened to them? --
David Brin managed to nicely summarize most the general complaints I had about the Phantom Menace that have been brewing in my mind since I saw it for the third time this Saturday.
Particularly this paragraph:
So what do we see in this movie? Liam Neeson (Qui-Gon Jinn) gets separated from his nemesis, Darth Maul, by a force field. The adversaries pause and glare at each other before resuming the fight. What a great time for Maul to give his side of the story -- his seething need for revenge against the Jedi! Maybe some riveting mumbledy-jumble about the Jedi having crushed and suppressed one whole side of the Force for a thousand years, thus creating awful imbalance in the universe!
Although I was quite surprised that he didn't include Heinlein in the list (with A.E. Van Vogt, E.E. Smith, and L. Ron Hubbard) of authors whose "abiding contempt for the masses" he finds so "odious". --
Many of you seem to be forgetting that AT&T and TCI are corporations. And when corporations of a certain size wish to merge, the state has the right to refuse to allow that merger, or place conditions upon it, if that merger would harm the consumer.
Like corporate taxes, that's just part of the price that the owners of AT&T and TCI, the shareholders, pay for a very special privilege that the state has granted them: the privilege of limited liability. If I invest a thousand dollars in AT&T, then no matter what AT&T does, no matter how much debt it racks up and cannot pay, no matter how many fines it finds itself subjected to, I am at worst out a thousand dollars. I can never be held civilly or criminally liable for what AT&T has done with my thousand dollars.
The granting of limited liability is what enables the vast pooling of capital that makes the monopoly possible. Since this beast, the corporation, is a creation of the state, the state has both the right and the responsibility to impose whatever conditions it deems fit to keep it under control.
If you want to be a monopolist, try doing it without limited liability and see how far you get. --
Re:Yay! No more Microsoft charcodes
on
Bootlegging Buffy
·
· Score: 1
I don't know about the rest of you, but in the following snippet, I'm seeing apostrophes where there should be em-dashes:
Oz: "Guys'take a moment to deal with this'we survived."
Buffy: "It was a hell of a battle."
Oz: "Not the battle'high school."
Maybe we should get Jon to use Vim. There is a Macintosh port.
...was when developing an app that used user-input for pattern-matching. I kept wondering why things weren't working if the user didn't supply a pattern: the pattern defaulted to the null string, which to my mind should match everything!
After a few hours of banging my head against the wall, I discover this little gem buried on p. 70 of the Camel Book:
If the PATTERN evaluates to a null string, the last successfully executed regular expression not hidden within an inner block... is used instead.
Slashdot Mirror
The biggest omission from the list was wuftpd <2.6.0 (and derivatives). This deserved to be number 2 on the list, after BIND, as it shipped enabled by default on every RedHat up to 6.0.
I generally recommend that Linux users replace wuftpd with ftpd-BSD, the Linux port of OpenBSD ftpd. It's not as featureful, but it's a lot easier to use, and the code has been audited.
I also think sendmail seemed out of place on the list. There hasn't been a root exploit on sendmail in what, three years?
--
Some of this stuff is available through Kodocha Anime.
(1) Pon Poko Tanuki. 1994 feature length animation about the tanuki (Japanese "racoon-dogs") and their reaction to encroachment on their territory in suburban Tokyo. Better animation than anything Disney's ever done.
(2) Kodomo no Omacha (Child's Toy). Fast-paced and wacky story of an 11-year-old TV star. So far only 29 (out of 102) have been subbed.
(3) Mahou Tsukai Tai (Magic Users Club). Funny, and slightly ecchi. Recently licensed, but not yet released commercially, so this could be tough to find.
(4) Shoujou Kakkumei Utena (Revolutionary Girl Utena). The first nine episodes are available commercially, but the rest haven't been licensed and so are available from fansubbers. This series is very strange. Sort of like Evangelion, but shoujou.
(5) Ping Pong Club. Available commercially. Very R-rated, and hilarious. Sort of a Japanese South Park.
(6) Fushigi Yugi (Mysterious Play). The usual "high school girl gets pulled into fantasy world", but done better than any other I've seen in this sub-genre. The commercial release is into the mid-40s out of 52.
(7) Marmalade boy. 76 episodes, available only as fansubs. Shoujou love story: no magic, no fighting robots. Great charaters.
--
You missed the point about the Thompson's trojaned C compiler. It was designed not only to insert a backdoor into /bin/login whenever it detected that it was being compiled, but to insert this backdoor producing code into cc itself, if it detected that cc was being recompiled.
Thus Thompson could distribute clean source, but still guarantee that the trojaned binaries would propagate, since you had to use his trojaned cc binary to compile a (trojaned) cc binary from (clean) source.
Now if someone had compiled Thompson's cc source with a *different* C compiler, the resulting binary would have been clean. But at the time, his compiler was the only one available.
--
No, not any more than you could make an electronic copy of a copyrighted book and post it on your web site.
--
You can always "whitelist" any servers that you wish to receive mail from, despite their presence on ORBS, RSS, RBL, or DUL, by putting them into /etc/mail/access (assuming you're running sendmail, and have that feature enabled), e.g.
mail.wideopenrelay.com RELAY
This, of course, diminishes the punitive value of the list, but it's better than not using the list at all. IMHO, you don't even need to give a second thought to using the RBL (which only lists serious repeat offenders, IIRC) and the DUL (dialup users should use their ISP's mailserver. The only servers I've had to whitelist at a user's request have been on RSS, which is far more agressive than the RBL. (I don't use ORBS, since I find it too aggressive.)
--
Of course you can. The GPL makes no pretense of granting rights which are restricted by law. The GPL merely provides that the copyright holder(s) are not restricting use/distribution/modification of the code under copyright law: there may unfortunately be other laws that do restrict use/distribution/modification of the code, such as U.S. export laws, or patents.
That said, the existence of a patent can make software non-free (at least in the portions of the world where the patent is restricted) and free-software authors should use alternatives whenever possible (e.g. LZ instead of LZW compression).
The moral of the story: merely being GPLed (or BSDed, or in the public domain) does not make a piece of software free, but it's all the copyright holder can do. (Unless, of course, the copyright holder is also the patent holder.)
--
Think about it: what's the biggest gripe with the Unisys LZW patent? That they (1) published it without even saying it was patented, and (2) didn't bother enforcing patent licensing until it became ubiquitous. Now that GIF is a standard, they want their pound of flesh.
If Unisys had lost their patent for failing to enforce it, or had enforced it from the beginning, we would now have an image standard unemcumbered by an obnoxious patent.
The same thing applies to trademarks. If you let a trademark get so diluted that it's become part of the language, the law says you have no right to complain. And that's a Good Thing.
--
What you need to do is find a Linux User Group to join. Here's a helpful page. Don't worry if there's not one within driving distance, they almost all have mailing lists. Just pick one. Or pick two or three, ask a few questions, and see which list is the most helpful.
I'll take this as an opportunity to plug our local LUG, GOLUM. You're welcome to join our list, or if you're in the Memphis area, come to the meetings. Plus we have the coolest mascot of any LUG.
--
In addition to the technical reasons cited in the article, I believe there's a cultural reason that viruses won't proliferate under Linux and other Unixes. Unlike Windows users, Linux users don't email executable files, such as this past holiday season's "Elf Bowling" and "Frogapault", to one another. If people only get executables from safe sources, e.g. from the vendors or developers themselves, or from well-known sites like metalab, there's little danger of passing around malicious code.
(This is not to say, of course, that we shouldn't step up efforts to distribute code with digital signatures. If someone compromised metalab we could be seriously screwed.)
--
Legal question: Would escrowed source-code count as "prior art" for the pupose of defending against a patent law-suit? Would that count as "publishing", even if it weren't made public?
Practical question: Where would one go to escrow code? Or do you just need to make a paper printout and take it to your local notary public?
--
If you name a machine after its function, what happens when the machine no longer serves that function? E.g. We have a mail server here named "dns1" - it used to do DNS, but that's no longer its function.
The functional names (mail, dns, ftp, www) of the machines should be listed in DNS as CNAMEs.
For the record, at my former employer we used names of pagan deities. Where I am now we use animal names.
--
Issue 31, "Three Septembers and a January", the story of Joshua Norton, self-proclaimed Emperor of the United States.
"Ramadan" is also a close second in my book.
--
It was the summer of 1993, and she and I and her friend Jenne were all subscribed to this Sandman fanzine called "Dream Lovers", published by this guy who called himself "Fluffy". Jenne and I became pen-pals, and one week she invited me both and my future wife Janet to stay with her for a week in Onenonta, NY, halfway between where I lived (Rochester) and where Janet lived (Long Island).
Janet and I fell in love that week, and two years later were married. It's been four wonderful years.
Anyway, thanks Neil, for writing such a great comic book, and for playing your part in the chance or fated sequence of events that led to my marriage. I look forward to reading your new book.
Are there any other former "Dream Lovers" subscribers out reading Slashdot?
--
(1) There were two separate vulnerabilities in the CGI: insufficient checking on user input, and failure to check the return value of "rename."
These were very subtle programming errors, and it took a great deal of cleverness to exploit them.
(2) There was a serious bit of misconfiguration on the part of the server itself: jfs couldn't overwrite index.html as nobody, but he could overwrite advisory.cgi!
Sorry PC Week, but this is covered in Webmaster 101. Never, ever, have any web-accessible file or directory writable by the user that httpd runs as!
(3) There was the vixie-cron exploit. This is the only part that could blamed on Linux.
--
From /COPYRIGHT on a FreeBSD machine I have an account on:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
You still have to acknowledge UCB's copyright when you distribute the code in source or binary form, it just no longer has to be acknowleged in advertising.
When a piece of code is in the public domain, you do not have to acknowledge any copyright (because there is none).
--
I agree that the "setting an example" method of enforcing laws has generally failed for violent crime/ordinary property crime, but in that case the criminals on average (a) are not particularly intelligent, and (b) don't have a potentially bright future to contrast with a life of prison and probation.
:)
Script kiddies, on the other hand, are generally pretty intelligent kids with potentially bright futures. "Setting an example" may well work with them.
Oh, and the words "innocent" and "guilty" appear nowhere in the U.S. Constitution.
--
What nobody seems to understand is that trademarks are legally protected against misuse only in a limited area of business. Thus Steve and Steve were able to start a computer company and call it "Apple", and they weren't infringing on the trademark of Apple records.
There would be nothing legally wrong with my purchasing "ford.com" (if I could), as long as I didn't use it to sell cars.
But domain name squatters are still the third lowest form of scum on the net, after spammers and script kiddies. But there's nothing we can do about them, other than refusing to give in to their demands.
--
He said the raids have frightened some of the young hackers. [sic] ... "People are afraid," he said. "There is a lot of pressure to go legit."
Good. This means the FBI crackdown is working. I'm generally skeptical about the "get tough on crime" approach, but it seems likely to work in the case of computer crime, in which the criminals are intelligent people with a potentially bright future: people with a lot to lose, and who know it.
--
With spammers on the other hand, replying with "remove" in the subject line just verifies your email address.
--
Well, they used to be at archive.netscape.com (username archive, password oldies) last time I looked, about a month ago when I was digging for a 3.0 version for Solaris. But now there appears to be nothing there either. Anybody know what happened to them?
--
Particularly this paragraph:
So what do we see in this movie? Liam Neeson (Qui-Gon Jinn) gets separated from his nemesis, Darth Maul, by a force field. The adversaries pause and glare at each other before resuming the fight. What a great time for Maul to give his side of the story -- his seething need for revenge against the Jedi! Maybe some riveting mumbledy-jumble about the Jedi having crushed and suppressed one whole side of the Force for a thousand years, thus creating awful imbalance in the universe!
Although I was quite surprised that he didn't include Heinlein in the list (with A.E. Van Vogt, E.E. Smith, and L. Ron Hubbard) of authors whose "abiding contempt for the masses" he finds so "odious".
--
The only real way to prevent local DOS attacks is to keep a close eye on system resources and a cattle-prod at your desk.
--
Many of you seem to be forgetting that AT&T and TCI are corporations. And when corporations of a certain size wish to merge, the state has the right to refuse to allow that merger, or place conditions upon it, if that merger would harm the consumer.
Like corporate taxes, that's just part of the price that the owners of AT&T and TCI, the shareholders, pay for a very special privilege that the state has granted them: the privilege of limited liability. If I invest a thousand dollars in AT&T, then no matter what AT&T does, no matter how much debt it racks up and cannot pay, no matter how many fines it finds itself subjected to, I am at worst out a thousand dollars. I can never be held civilly or criminally liable for what AT&T has done with my thousand dollars.
The granting of limited liability is what enables the vast pooling of capital that makes the monopoly possible. Since this beast, the corporation, is a creation of the state, the state has both the right and the responsibility to impose whatever conditions it deems fit to keep it under control.
If you want to be a monopolist, try doing it without limited liability and see how far you get.
--
I don't know about the rest of you, but in the following snippet, I'm seeing apostrophes where there should be em-dashes:
Oz: "Guys'take a moment to deal with this'we survived."
Buffy: "It was a hell of a battle."
Oz: "Not the battle'high school."
Maybe we should get Jon to use Vim. There is a Macintosh port.
--
After a few hours of banging my head against the wall, I discover this little gem buried on p. 70 of the Camel Book:
If the PATTERN evaluates to a null string, the last successfully executed regular expression not hidden within an inner block ... is used instead.
D'oh!
--