I ripped out the Checkpoint f/w on Solaris where I am, and replaced it with some carefully crafted iptables scripts on an Gentoo+grsec x86 box. People immediately noticed it was more responsive. Oh, and no stupid 100 client licence restriction.
The shitty documentation didn't help Checkpoint. And the remote admin tools were pants too.
No it doesn't. Pretty much every country in the world says the Lin in Linus like the Fin in Finland. It's just the US had Snoopy for a while, and hey, if it's on TV it must be right. Right?
So do what I do and never buy hardware before you've checked that Linux supports it. If it's not supported, go elsewhere.
Manufacturers will soon learn the power of the penguin wallet.
That is the way I would do it, seriously. If they needed anything else installing, a quick SSH in and emerge would sort them out. And in an emergency, they could always be talked though linux init=/bin/bash, followed by mount / -oremount,rw
If my Mum ever wanted a computer, I'd set her up with NT4 (SP1), IIS running, no virus scanner or firewall, and her logged in as Administrator.
I've mentioned Linux, and how nice it is, and once she became frustrated with Windows, I'm sure she'd agree:)
Don't people read any more, you mean. I thank my Mum for deciding never to have a TV in the house*. I haven't turned into some reptilian monster, indoors, staring at a screen goggle-eyed for hours.
Errr.... What went wrong there then?
* Nope, I've never seen Star Wars. It doesn't appeal to me, and I don't want to.
Re:But who likes CIFS?
on
Implementing CIFS
·
· Score: 2, Informative
I hate NFS. You have to have the same user ID on all boxes, and have the same group IDs on all the boxes. Pfffft. Far too much trouble. Samba - well, if you log in to Samba as foobar, then your smbd process runs as foobar, and hence has all the right IDs and group memberships that foobar has on the box running smbd. Samba has got tonnes of options. Bah. NFS? Do away with it, I say
Before we jump on the bandwagon and start shouting "But I can burn audio CDs really easily" - we should remember that the people reviewing this are our target audience. Sure, **we** can do it, but they had problems with it, and hence it's these problems that we should be addressing.
I rather wish I didn't need it, but I've got some old video in real format and no way to convert them.
I'm sure mencoder will help you out there. There's a Windows version available if you're hobbled.
Re:Real's problem
on
Real's Reality
·
· Score: 2, Interesting
Don't forget that Real only has the one method to make money - so it's not surprising if they tried to make it do a lot. Microsoft already has billions, and owns the desktop, so it's much easier for them to make their software simpler, without adverts, etc.
grsec is excellent - I really really like it. I know that just because it foils this current exploit doesn't mean that I'm safe and sound - but it does mean that any of the users on that box can't just grab that exploit and root it, and they're not likely to write their own exploits.
By the way, it seems that grsec has been superceded with selinux in 2.6 kernels - it seems a shame to me - and there don't seem to be any 2.6 grsec packages. Not that I'd upgrade that server to 2.6 - if it's not broken, right? - but do you know what's happening on that front?
Re:The Internet becomes more like the real world..
on
ICQ Universe
·
· Score: 1
Yeah, I already give a bonus to my friends. But for example, direct friends of mine could score 10, friends of friends could score 6, friends of friends of friends 4, etc, and likewise for foes. Then, simply set the the score that they need to be seen as 9 for example.
I've tried that exploit on all of my boxes the first time I read about it. However, it always fails, and never works. I am wondering if some of the grsecurity patches are disabling it.
Mar 7 18:49:38 xxx kernel: grsec: From xxx.xxx.xxx.xxx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (mremap_pte:7672) UID(1000) EUID(1000), parent (bash:26711) UID(1000) EUID(1000)
Anyone know if the grsec stuff is saving me?
Re:The Internet becomes more like the real world..
on
ICQ Universe
·
· Score: 1
On a similar note - I've often wondered why Slashdot doesn't make use of its "social network" of Friends, and Freaks to determine moderation levels. For example, if one person has lots of fans, surely what they say will be fairly good. Obviously, trolls could all register, and add their other troll accounts to their Friends list, but it would be very easy to get rid of them all, no?
How about an SMS interface so you can program your box remotely? How about live on-demand encoding over GPRS to your phone handset? The next step is all about using your phone to program it, and watch it if you're away.
Truthfully, I've never used Gentoo (I don't desire to compile every piece of software by hand)
Yawn. That's not what it's about. A little program like ufed lets you set flags saying that you'll never need ldap support for any programs that you install. Then, next time you "emerge mod_php", it will leave out ldap support. (I know, that's a bad example because you have to specifically enable ldap support in it, but hey.) And you don't compile by hand. emerge package does it all for you. Try it out. It's good. Why do you think so many people go on about it? Here's a clue: It's not because we're brainwashed Gentoo-ites.
Who was the guy, way back when, that refused to have a password on his computer, saying that he shouldn't need one? Someone kindly telnetted in, deleted his emails, and then he changed his mind.
Me and a friend discovered that if I forwarded my calls to him, and he forwarded them to me, that we got the "network error" sound when anyone tried to call either of us. Pretty handy for making yourself unavailable:)
I'm going to write a worm that sends ppl emails that say "I am a worm. Don't open my attachment."
I did something like this. There was a proggie in the Win2K resource kit that slowly and gracefully shuts down all your programs, and reboots. I renamed it to do_not_run_this.exe. I sent it to the company mailing list, with a subject of VIRUS ATTACHED - DO NOT RUN. I put all over the email warnings about not running. A few minutes later, I got hassled by people: "Blah, I was working on something" "Blah, I was in the middle of a download". Unbelievable. You can see pics of the IT team that I was in here, just out of interest.
Slashdot Mirror
I ripped out the Checkpoint f/w on Solaris where I am, and replaced it with some carefully crafted iptables scripts on an Gentoo+grsec x86 box. People immediately noticed it was more responsive. Oh, and no stupid 100 client licence restriction.
The shitty documentation didn't help Checkpoint. And the remote admin tools were pants too.
No it doesn't. Pretty much every country in the world says the Lin in Linus like the Fin in Finland. It's just the US had Snoopy for a while, and hey, if it's on TV it must be right. Right?
I will probably get modded right up straight away, but I'm just trying a theory here.
So do what I do and never buy hardware before you've checked that Linux supports it. If it's not supported, go elsewhere.
Manufacturers will soon learn the power of the penguin wallet.
Why not just tattoo Spammer on their forehead?
That is the way I would do it, seriously. If they needed anything else installing, a quick SSH in and emerge would sort them out. And in an emergency, they could always be talked though linux init=/bin/bash, followed by mount / -oremount,rw
Be nice to your kids - remember, they choose your old-age home.
Ain't payback a bitch?
If my Mum ever wanted a computer, I'd set her up with NT4 (SP1), IIS running, no virus scanner or firewall, and her logged in as Administrator. :)
I've mentioned Linux, and how nice it is, and once she became frustrated with Windows, I'm sure she'd agree
I demand by the great Lord God Gnu that you release the code! Oh, you didn't distribute it. Damn, foiled again.
Don't people read any more, you mean. I thank my Mum for deciding never to have a TV in the house*. I haven't turned into some reptilian monster, indoors, staring at a screen goggle-eyed for hours.
Errr.... What went wrong there then?
* Nope, I've never seen Star Wars. It doesn't appeal to me, and I don't want to.
I hate NFS. You have to have the same user ID on all boxes, and have the same group IDs on all the boxes. Pfffft. Far too much trouble. Samba - well, if you log in to Samba as foobar, then your smbd process runs as foobar, and hence has all the right IDs and group memberships that foobar has on the box running smbd. Samba has got tonnes of options. Bah. NFS? Do away with it, I say
Before we jump on the bandwagon and start shouting "But I can burn audio CDs really easily" - we should remember that the people reviewing this are our target audience. Sure, **we** can do it, but they had problems with it, and hence it's these problems that we should be addressing.
I'm sure mencoder will help you out there. There's a Windows version available if you're hobbled.
Don't forget that Real only has the one method to make money - so it's not surprising if they tried to make it do a lot. Microsoft already has billions, and owns the desktop, so it's much easier for them to make their software simpler, without adverts, etc.
grsec is excellent - I really really like it. I know that just because it foils this current exploit doesn't mean that I'm safe and sound - but it does mean that any of the users on that box can't just grab that exploit and root it, and they're not likely to write their own exploits.
By the way, it seems that grsec has been superceded with selinux in 2.6 kernels - it seems a shame to me - and there don't seem to be any 2.6 grsec packages. Not that I'd upgrade that server to 2.6 - if it's not broken, right? - but do you know what's happening on that front?
Yeah, I already give a bonus to my friends. But for example, direct friends of mine could score 10, friends of friends could score 6, friends of friends of friends 4, etc, and likewise for foes. Then, simply set the the score that they need to be seen as 9 for example.
I've tried that exploit on all of my boxes the first time I read about it. However, it always fails, and never works. I am wondering if some of the grsecurity patches are disabling it.
./mremap_pte
calum@xxx calum $
[+] kernel 2.4.20-gentoo-r9 vulnerable: YES exploitable YES
MMAP #9216 0x43000000 - 0x43001000Segmentation fault
Mar 7 18:49:38 xxx kernel: grsec: From xxx.xxx.xxx.xxx: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (mremap_pte:7672) UID(1000) EUID(1000), parent (bash:26711) UID(1000) EUID(1000)
Anyone know if the grsec stuff is saving me?
On a similar note - I've often wondered why Slashdot doesn't make use of its "social network" of Friends, and Freaks to determine moderation levels. For example, if one person has lots of fans, surely what they say will be fairly good. Obviously, trolls could all register, and add their other troll accounts to their Friends list, but it would be very easy to get rid of them all, no?
Comment 1004
How about an SMS interface so you can program your box remotely? How about live on-demand encoding over GPRS to your phone handset? The next step is all about using your phone to program it, and watch it if you're away.
By some amazing coincedence you both managed to spell coincidence wrong :)
Commment 1003
Yawn. That's not what it's about. A little program like ufed lets you set flags saying that you'll never need ldap support for any programs that you install. Then, next time you "emerge mod_php", it will leave out ldap support. (I know, that's a bad example because you have to specifically enable ldap support in it, but hey.) And you don't compile by hand. emerge package does it all for you. Try it out. It's good. Why do you think so many people go on about it? Here's a clue: It's not because we're brainwashed Gentoo-ites.
Comment 1002.
My 1000th post. What do I get?
Me and a friend discovered that if I forwarded my calls to him, and he forwarded them to me, that we got the "network error" sound when anyone tried to call either of us. Pretty handy for making yourself unavailable :)
I did something like this. There was a proggie in the Win2K resource kit that slowly and gracefully shuts down all your programs, and reboots. I renamed it to do_not_run_this.exe. I sent it to the company mailing list, with a subject of VIRUS ATTACHED - DO NOT RUN. I put all over the email warnings about not running. A few minutes later, I got hassled by people: "Blah, I was working on something" "Blah, I was in the middle of a download". Unbelievable. You can see pics of the IT team that I was in here, just out of interest.
Damn. How do I become as insightful as you?!