I think they have a bit of a valid point (flameproof suite on). NT is up to Service Pack 5 at the moment, but it is still a lot easier to download and install those; one 'trusted' source instead of having to track down 21 security fixes from different sources, which in some cases might require recompiling. That requires more work and a knowledgable systems administrator.
The LinuxToday article has some very strong arguments though; Linux fixes are less prone to break other services because they just patch the affected code, not dump a lot of new code that can not be tested fully on all systems. Most service packs have introduced new bugs that have to be fixed in the next. Etc. Etc.
One argument I couldn't find in the article though was the fact that Linux does only require a service restart for most fixes - fix crond, restart crond, no one will notice - while NT requires a total reboot for almost everything. Not exactly a platform to build critical services on.
That's why, although they may have a bit of a valid point in their argument, it's a very weak one. ZDNet's director, John Taschek deserves a spanking for saying:
[The test] was designed and put together by PC Week for the purpose of testing security implementation. We don't care which operating system (if any) is broken into first. We want to establish the basis for a story on the best practices for implementing security.
And not acting on it. In this case it would require downloading a few K's as opposed to five multi-megabyte service packs to fix the crond hole and make it a lot harder for those trying to break in. Without a total reboot:)
"Of course, this laissez-faire attitude has its costs. Mudge says: "Full disclosure is something we had to grapple with for a long time. The flip side is that critics say, 'You're giving people tools that can actually do bad things.' That is absolutely true. It's got a lot of nasty side effects."
"So why didn't L0pht contact Allaire, the small Cambridge, Mass., software firm that makes Cold Fusion, before releasing an advisory? The reason, say Weld and the other L0phties, is that vendors usually sweep tips from hackers under the rug. Vendors, claims L0pht, don't want customers to think software has flaws. "We were trained by the vendors to go public," says Mudge, "to give them a black eye."
They realize the damages it might do, but don't try to warn a company because they are a vendor that probably won't listen anyway. That's a policy I don't like. Warn them, give 'm a week or so and only then publish it.
I'd hate to be on the company side of an advisory, especially smaller companies will suffer of even go out of business because of such an attitude.
Hacking is not white or grey anymore when people suffer - customers, employees - because someone found a hole and didn't give them time to fix it.
I think they are doing some very cool stuff though, wouldn't mind having a similarly equipped warehouse. Like the one in 'Sneakers'. Or paying L0pht a visit:)
Can't make it work with contacts outside the US of A. All the last names that work are from people that live inside the US. Guess I am lucky after all;)
We probably are reacting a bit over the top, but the scary part is that at least three of the 'lastname' and 'lastnamensi' get me into someone elses e-mail account.
You're right about there not being a real security at the moment. Only people who used their Dot Com Mail address as their contact's e-mail address will be at risk of losing control of their domain, since most of them use 'MAIL-FROM' as their authentication method for authorizing changes to their domain registration.
It does make me think about advertising ourselves as a 'Network Solutions Partner' though. But then again, I doubt that you'd be really better off with any of the other TLD registrars.
"Total Impact's transparent software interface, Total Freedom, eliminates complicated and expensive re-coding of software applications developed for the Macintosh in order to offer an acceleration solution. Virtually any software application that runs on a Power Macintosh can easily be modified to take advantage of the Total Power MP accelerator boards, whether it is written in C, C++, FORTRAN or PASCAL."
So that's different from existing Daystar systems. The current (or upcoming) version of MacOS also has SMP built-in if I am not mistaken.
So they did it with G3 CPUs under MacOS. If they can get that running, they shouldn't have too hard a time getting it going under Linux...
Fezbox uses the Kickstart feature that has been available in RedHat for a while now. Sadly it doesn't support FTP yet, see the Kickstart readme file, it should be in the 'docs' directory I think. So if you want FTP support, bug RedHat with it, or write it yourself:)
Cool thing about FezBox is that it creates the ks.cfg file and then includes it in the image file. Neat.
Slashdot Mirror
The LinuxToday article has some very strong arguments though; Linux fixes are less prone to break other services because they just patch the affected code, not dump a lot of new code that can not be tested fully on all systems. Most service packs have introduced new bugs that have to be fixed in the next. Etc. Etc.
One argument I couldn't find in the article though was the fact that Linux does only require a service restart for most fixes - fix crond, restart crond, no one will notice - while NT requires a total reboot for almost everything. Not exactly a platform to build critical services on.
That's why, although they may have a bit of a valid point in their argument, it's a very weak one. ZDNet's director, John Taschek deserves a spanking for saying:
[The test] was designed and put together by PC Week for the purpose of testing security implementation. We don't care which operating system (if any) is broken into first. We want to establish the basis for a story on the best practices for implementing security.
And not acting on it. In this case it would require downloading a few K's as opposed to five multi-megabyte service packs to fix the crond hole and make it a lot harder for those trying to break in. Without a total reboot :)
Cya barbaBob
"So why didn't L0pht contact Allaire, the small Cambridge, Mass., software firm that makes Cold Fusion, before releasing an advisory? The reason, say Weld and the other L0phties, is that vendors usually sweep tips from hackers under the rug. Vendors, claims L0pht, don't want customers to think software has flaws. "We were trained by the vendors to go public," says Mudge, "to give them a black eye."
They realize the damages it might do, but don't try to warn a company because they are a vendor that probably won't listen anyway. That's a policy I don't like. Warn them, give 'm a week or so and only then publish it.
I'd hate to be on the company side of an advisory, especially smaller companies will suffer of even go out of business because of such an attitude.
Hacking is not white or grey anymore when people suffer - customers, employees - because someone found a hole and didn't give them time to fix it.
I think they are doing some very cool stuff though, wouldn't mind having a similarly equipped warehouse. Like the one in 'Sneakers'. Or paying L0pht a visit :)
Can't believe this. 'webmaster' is wide open as well. There's e-mail from 'clinton', 'elvis' and a few others.
I changed the password. I'll mail it to postmaster@netsol.com later on. Jeez....
Can't make it work with contacts outside the US of A. All the last names that work are from people that live inside the US. Guess I am lucky after all ;)
barbaBob
We probably are reacting a bit over the top, but the scary part is that at least three of the 'lastname' and 'lastnamensi' get me into someone elses e-mail account.
You're right about there not being a real security at the moment. Only people who used their Dot Com Mail address as their contact's e-mail address will be at risk of losing control of their domain, since most of them use 'MAIL-FROM' as their authentication method for authorizing changes to their domain registration.
It does make me think about advertising ourselves as a 'Network Solutions Partner' though. But then again, I doubt that you'd be really better off with any of the other TLD registrars.
Cya
barbaBob
If it works like that; what's the domain id for 'etrade.net' or 'etrade.org'?
:(
More likely is indeed the last name of the administrative contact. I've already found several that work that way
Good luck...
barbaBob
Quoted from the website:
"Total Impact's transparent software interface, Total Freedom, eliminates complicated and expensive re-coding of software applications developed for the Macintosh in order to offer an acceleration solution. Virtually any software application that runs on a Power Macintosh can easily be modified to take advantage of the Total Power MP accelerator boards, whether it is written in C, C++, FORTRAN or PASCAL."
So that's different from existing Daystar systems. The current (or upcoming) version of MacOS also has SMP built-in if I am not mistaken.
So they did it with G3 CPUs under MacOS. If they can get that running, they shouldn't have too hard a time getting it going under Linux...
Rendering... Compiling... *drool*
barbabob
Fezbox uses the Kickstart feature that has been available in RedHat for a while now. Sadly it doesn't support FTP yet, see the Kickstart readme file, it should be in the 'docs' directory I think. So if you want FTP support, bug RedHat with it, or write it yourself :)
Cool thing about FezBox is that it creates the ks.cfg file and then includes it in the image file. Neat.