But computers are complicated things. Your users wouldn't expect to be able to tune their cars, would they? At the very least, if they did want to try to do it, they'd learn a lot about tuning cars before they tried it.
People with laptops, running IIS, and putting them in suspend mode, bringing them in and plugging them in can still infected an internal network with worms.
The best April Fools that got me was one published in a little local magazine. I used to live quite close to Stonehenge (20 miles or so), and the leading page in this magazine was: Stonehenge to be returned to Wales.
Apparently, the English National Trust had agreed it, and it was only fair that the Welsh should have it, and the stones had originally been "taken" from Wales etc.
I was like, "They can't do that! It's a national treasure." etc.
As was pointed out, it's very easy to want to do stuff like www.mysite.com/page.php?page=bio.php. That in itself isn't unsafe...
So why not do/page.php?page=bio
Then in page.php you can include("/home/site/$page.php"); after pulling in the $_GET["page"] variable, as of course register_global_variables is off, isn't it?:)
Then any files they want to read have to end in.php. Unless they get very cunning, and start trying %00 stuff, which I'm not sure works anyway.
Imagine for a moment that you have a/19, and some pinhead decides to scan all of those to see who's alive on port 445. You either block it after a few connection attempts, or you suffer with 8192 log entries - one for each host.
That's why you use rate limiting for logging, like this:
$fw -A FORWARD -p icmp -m limit --limit 10/min -j LOG --log-prefix="NEW RAPID ICMP " will only log 10 outbound ICMPs per minute. Adjust to suit your personal preferences/requirements.
I much prefer it the way it is. Take Apache/ IIS as examples. If you're running 1.3.26, you're safe, and you know it. With IIS, if you're running IIS5, but with patch X, and patch y, and patch z applied before patch q, unless you have the MSSql patch r installed in which case you need patch f for IIS, and patch k for MSSql...
They should do it the other way. Make it simple. If you're running IIS 5.0.185 then you're OK. Anything else, and you've got problems.
Patches and stuff were OK during floppy disk days, and 28.8k modems. I'd much rather not have to worry about incrememental patches.
The thing needed in P2P is not encryption, but anonymity. I am working on a version of P2P that utilises UDP, and spoofs the source addresses. You never know who is sending you the file you asked for.
I agree with what you say, but I do firewall everything, and only let in what I want. However, I do also open pinholes for portsentry to listen on.
I either move SSH to another port, and put portsentry listening on tcp/22, or just open some commonly used service port that isn't running on my machine. (imap, pop3, ftp, telnet, snmp - you get the idea).
I get the firewalling, plus it dumps an IPtables rule in for any idiot scripts, portscanners, kiddies. Not infalible, but it makes it a little more awkward.
Slashdot Mirror
Or a slow old PC. ;(
There isn't a recursive option to mv - no need really. But other than that, 10 out of 10. ;)
Money. You can't take it with you when you die.
But computers are complicated things. Your users wouldn't expect to be able to tune their cars, would they? At the very least, if they did want to try to do it, they'd learn a lot about tuning cars before they tried it.
Weird. Why not mktime() a timestamp for 0:00:00 on that day, and another one for 23:59:59 on that day and run:
select * from cal where timestamp > $daybegin AND timestamp < $dayend
My advice - use timestamps - all the time. Between mktime(), and date(), it's all you ever need.
Samba shares are available anywhere you want them to be available. It's just a case of opening up the right ports to the right hosts.
People with laptops, running IIS, and putting them in suspend mode, bringing them in and plugging them in can still infected an internal network with worms.
If every 10th man is fired, it's not very random, is it?
This is Slashdot in the year 2003. Everyone here runs Windows now. They keep a Linux box somewhere so they can be cool and say they're "into Linux".
Apparently, the English National Trust had agreed it, and it was only fair that the Welsh should have it, and the stones had originally been "taken" from Wales etc.
I was like, "They can't do that! It's a national treasure." etc.
But seriously, I wonder what weird pics people have uploaded :)
So why not do /page.php?page=bio :) .php. Unless they get very cunning, and start trying %00 stuff, which I'm not sure works anyway.
Then in page.php you can include("/home/site/$page.php"); after pulling in the $_GET["page"] variable, as of course register_global_variables is off, isn't it?
Then any files they want to read have to end in
That's why you use rate limiting for logging, like this:
$fw -A FORWARD -p icmp -m limit --limit 10/min -j LOG --log-prefix="NEW RAPID ICMP "
will only log 10 outbound ICMPs per minute. Adjust to suit your personal preferences/requirements.
Go down the OSPF.
;)
The Open Source Path First.
Flamebait2: That's because you don't get so much stuff.
At least they use a format that has vendor supplied players for Windows - and some unixes.
I suppose you'd like to use Windows Media or something, and to hell with the 5, 10, however many percent use something else?
I want to see orders - orders, credit card number, email addresses, home addresses, before I believe that ;) Oh, and expiry dates!
If you think that, you've never had to manage more than 5 Linux machines.
I have to keep Linux boxes up to date - and do other stuff too. RPMs are a godsend.
I would disagree.
I much prefer it the way it is. Take Apache/ IIS as examples.
If you're running 1.3.26, you're safe, and you know it.
With IIS, if you're running IIS5, but with patch X, and patch y, and patch z applied before patch q, unless you have the MSSql patch r installed in which case you need patch f for IIS, and patch k for MSSql...
They should do it the other way. Make it simple.
If you're running IIS 5.0.185 then you're OK. Anything else, and you've got problems.
Patches and stuff were OK during floppy disk days, and 28.8k modems. I'd much rather not have to worry about incrememental patches.
If you don't have the ptrace prog on your systems, or you make it not setuid (if it is anyway) does that make a temporary fix?
You just spoof them to within /16 or /20 or /24 or whatever ranges they do have.
The thing needed in P2P is not encryption, but anonymity. I am working on a version of P2P that utilises UDP, and spoofs the source addresses. You never know who is sending you the file you asked for.
;)
ACKs, and things are tricky though.
Hello Tim ;)
I agree with what you say, but I do firewall everything, and only let in what I want. However, I do also open pinholes for portsentry to listen on.
I either move SSH to another port, and put portsentry listening on tcp/22, or just open some commonly used service port that isn't running on my machine. (imap, pop3, ftp, telnet, snmp - you get the idea).
I get the firewalling, plus it dumps an IPtables rule in for any idiot scripts, portscanners, kiddies. Not infalible, but it makes it a little more awkward.
Simply put, the base system installed and configured itself, including a rather complex ethernet router link to the internet.
That's the easiest possible way to connect a Linux box to the net. Or am I missing something?
Gaaaad. I knew it didn't look right. Apoc_a_lypse. Apoc_a_lypse.