Not only that, but holy bejeezus, there isn't a single link to the pertinent information in the submitter's italicized text. Timothy had to pull the story link out of some other submission. Come on people, I don't care about your freaking thread on Slashdot in the last 8 articles that mentioned Nvidia or SIGGRAPH or Squaresoft, I want to see the story.
Like Gregoyle said, those of us that ended up in AT&T as a result of them buying MediaOne RoadRunner have a different ToS/AUP than the rest of the Extire@Home people.
For example, if you go to theit help site (help.broadband.att.com) and enter 32202 (downtown Jacksonville), you will get the set of documents that reflect the MediaOne user agreements. No where in those documents does it say we are not allowed to run servers, and in fact, says that if we run servers, AT&T will not be held responsible.
However, their level 1 tech support is stupid, and told me that if you enter Server in the search window, there's documentation that says "you may not run servers".
The local Franchise Board is going to get a call from me next week - AT&T is already under investigation here in Jacksonville for crap Cable TV service and support, if they are slamming my original ToS with a new one, and not giving my ample notification, then they are going to have more problems.
Actually, the legalese says you can't copy it to a server for public use. I know, I forgot that my copies weren't unavailable from my public side, and got a letter from the O'Reilly legal department when the UNIX and Perl Bookshelves started showing up on spider searches of my site.
It does indicate that copying it for your own personal use is OK/
I think you got it backward....
Jack would be paying the 10 bucks to get it off of the net so his girlfriend doesn't dump his sorry ass for taking the pictures in the first place:)
Explain to someone that having a computer and the internet is like having a TV. You paid For the TV (computer) and you have access to some content (installed software).
Pay a little more for basic cable (internet), and there's a lot more out there, but for the most part, it's not very good or very original, and is really just filler.
Pay even more, and you get premium channels (pay-for contect), where there is original work, new shows, and a better presentation.
And if it interests you, you can pay one-time fees for Pay-per-view shows (micropayments) fo content which is one-of-a-kind, short-term type viewing.
Ask the people you're talking about if they deserve to have HBO and Pay-per-view services for free just becuase they bought a TV and pay for basic cable. The ones that say yes are hopeless cheapskates. Most rational people understand how services break down, they just need to be educated on how that service layer model translates to the internet.
Run _your_ site to keep a list of who is running servers. Add code to the server to connect back to a central location to report that it is running version X.Y.Z. Netrek runs the same way, though they may actually run one of their own servers, too..
Environment varioables are also edited with VI, in your.profile,.login, or.cshrc file. Unless you're testing, you never log in and have to type things like "export HOME=/home/tbone".
Environment variable are dumped in whatever order they were pushed into the environment stack. Unless the shell reorders your environment for you, most shells do not alphabetize your vars. Besides, if you're going to use the environment to store variables in, you should be using a syntax like PREFIX_VARIABLE=value. Then you can 'set | grep PREFIX' | mail -s "Environment problems" suport@company.com" and get an answer back.
You mean you had to edit your PATH variables? God forbid you actually do sysadmin work and set up your paths for your software....
Comments are for weenies:)
In all seriousness, Env variables should be part of a larger scope of things. Parsing configurables should work like this:
Set up the defaults for your configurables.
Read the global config file, reset anything that's changed
Read the user config file, reset anything that's changed
Opent he environment, read in any variables that are set there, and reset andthing that's changed
It's not exactly efficient (4 config passes), but it's not like you're reading the Windows Registry 4 times or anything.
You don't need to hack the server in order to hack the access controls on the data available to the server. Is it immensely easier? Usually. But not necessary.
If I have the admin password for whatever app you're running, then I can see all the data, and never have hacked the webserver system.
Is running in the kernel necessarily safe? No, probably not. However, the Linux kernel is intrinsically safer than the NT kernel. Add the patched CAP functions to the kernel, and limit what the web server has access to. Besides which, if your data is that important to your company, you shouldn't be hosting anything on your web server BUT your web server pages. There shouldn't be any other logins or user accounts, the server should be in a extranet, and the only access allowed from it to other boxes should be from it to your backend database servers or such. Those connnections should be limited to some dumbed-down user equivalent in the DB. So if the machien gets hacked, the hacker can see all the web pages that he would have been able to see through the web server anyway, and can connect to your database to see data that he would have been able to see anyway.
Even in NT, this should be the case. Your web server being hacked, while problematic, should not be cause to call in the National Guard while S'Kiddies make havoc on your network. There's nothing wrong with Kernel-space applications when the box is set up correctly to account for the possibility of it being hacked.
In addition, Apache itself is marginally attackable by hackers anymore. Most hack attempts come through poorly configures applications on the backside that yield access to the server.
However, Compaq ported Linux to the iPaq. This is the corporate support that everyone complains about there not being for such-and-such hardware everywhere. Compaq has essentially not only "released the drivers", but the source code for the drivers, and the optimized OS to go with the drivers.
See above - I'm a UNIX admin, and would rather have UNIX tools available, since that's what I do for a living. Not only that, but Compaq is gettting right up there with IBM in corporate supprot for Linux, and I feel that if I am going to spend the money, then I want to spend it on a company that supports the things I use. Besides, the iPaq has all the other features I wanted, too (Color, sound, PCMCIA expandability). The Linux thing is just a bonus.
So you use your Palm jsut as it came out of the box, with no additional software or hardware? I doubt it.
And using Linux, for some people, is a matter of having something more useful for them, not a matter of showing off. I'm a UNIX admin. I'd much rather have a portable platform on which I can do some semblance of my normal work than have to deal with half-assed implementations of tools that kind of do what the real UNIX tools do.
Much more useful than an iPAQ which seems to be very hardly supported under Linux
Much not very informed opinion, since Compaq, until recently, maintained the "hh" reference port of Linux for the iPaq, and more recently changed the reference port to one of the community ports (Freedom?) since they were a little farther along. Everything in the iPaq is supported under Linux. The sound is supported, the handwriting recognition is supported. There are ports of things like Perl and Python, and it all runs under X.
You're talking about communication tools for the Palm on Linux. Big freaking deal. We're talking about running Linux on the iPaq. Natively. Who needs comm tools to transfer software downloaded from who-knows-where when you can fire up the TCP stack and telnet to your main box where your cross-compiler is to FTP up new programs?
Compaq supports Linux to the extent that they will replace your iPaq if you turn it into a brik while trying to flash the Linux update onto it. They, of course, would rather you didn't do this, but the option is there. And there are just as many apps for Linux as there are for Palm.
...but why are you running remote desktops on all of your systems anyway? I beat down my users who feel they absolutely HAVE to run a remote desktop instead of just running remote windows. The performance hit on the remote machines is noticable - expecially when I kill all dtremote sessions on some of my Solaris boxes at work.
X transcends the desktop. Set yourself up a workspace dedicated to a machine or group of machines. Configure buttons to launch things on certain OS's, and only put them on certain desktops. Any user who tells me that he needs to run in a virtual desktop finds shortly after I disable his remote desktop that he does his work just fine without the remote desktop and just remote X windows.
A port scan can be defined as any exploration, brute-force or directed, of the available services on a computer not belonging to you with the intent of utilizing those services is a manner not intended by the provider of those services.
If you run nmap over my computer from port 1 to port 2047 to see what's there, you're port scanning
If you scan your subnet for open port 25's, you're port scanning
If you're trying to connect to my FTP server when I have never advertised an FTP server for public availability, you're port scanning.
If you're wget'ing my entire web server, you're not port scanning, because I've provided the web service. If I didn't want you robot'ing my site, I would have set up robots.txt.
In a single FTP session, you can end up using any free port on the machine to do the file transfer.
But that conversation is part of the FTP session, and is (or can be) logged as such. You wouldn't connect to a random port without requesting a file transfer from ann FTP server, assuming I even have an FTP server running on my computer, which I don't.
The list the guy mentions isn't meant to be an exhaustive list of services which are considered "public". Replace the list with the phrase "commonly provided services". And interpret the names of the services, instead of the ports for the names. If you want to run your telnet port on 23000 instead of 23 to avoid a firewall somewhere, more power to you. And no company would provide a service without also providing a direct way to the service, unless they intend for that service to remain undetected, in which case it's probably not a service that should be running anyway (like the telnet port at 23000 to avoid the firewall).
Absolutely. I don't mean to say that there is anything wrong with IDE...I have a SCSI controller sitting around in my compuer room because I have nothing to plug into it - all my drives are IDE. However, the guy would be better off spending the money to get a native IDE controller rather than spending monty on hacks to make his IDE drives work on his SCSI controller.
TiVo may, at its discretion, from time to time change, add or remove features of the TiVo Service or change the terms and conditions of this agreement. (page 76)
It says that the service can be changed. But if I am not a subscriber, I don't use the service. In this case, they are changing my hardware. That I purchased. They can completely rewrite the service, and it should never effect someone who is not subscribed.
You want to use a moped to pull an RV. Use the correct tool for the job.
IDE is an end-user driven and targeted technology. It's cheap, as you see in the proce difference between IDE and SCSI drives. However it's also cheap. The protocol is not as robust, or expandable, or bulletproof. IDE is meant for home users who need lots of space but aren't as concerned about reliability.
SCSI is a business, server-targeted technology. It's a stronger, faster, more expandable technology. It's meant for stacking ridiculous abouts of space into small areas. It's intended for corporate applications where you need wide data paths to move lots of data very quickly, or need redundant pathing, or lots of other motivations that 99% of your home users don't need. Regardless of how much data you THINK you move, you have not moved data until you start running systems that load 2G datafiles into a Data Warehouse multiple times a day.
Get an IDE controller that supports the 3rd/4th channel, and quit screwing around with silly adaptors that are a hack to a problem that's trivial to fix if you use the right tools.
And if the only UNIX flavor you run at your company is Linux, then you will be fine. However, crypt() is still the default method on most other unixes out there.
Yeah, but cracking a 5-word DiceWare passphrase on any UNIX system is no more difficult than cracking an 8-character password on UNIX - crypt() uses 8 characters at most. That's it. The following 'passwords' are equivalent.
"Where there's smoke there's fire"
"Where the hell is the phone?"
"Where thee going sire"
"Where th"
Strong passwords by themselves are useless, as someone pointed out, against anything but a dictionary attack. Which is nearly impossible to run without getting access to the system in some other way to get something to crack against - the/etc/shadow file, or the like.
I posted this below on it's own thread, but it's important, so I wanted it to get some instant visibility
before you donate, check your HR benefits if you work at a decent company. Many companies have policies of matching employee donations to charitable organizations up to a certain dollar amount. My last company would match up to, IIRC, $500, and my (hopefully) next will match $150.
It doesn't cost you anything more, and hey, it gives them another write-off. Make sure you get the forms you need and check to see how you have to make the donation to get the extra money to your causes.
For those of you who work for big companies, look into your benefits you may find that your company will, up to a certain dollar amount, match any donations you yourself make to qualifying charitable organizations. I would suspect that the EFF would qualify.
If you want to donate, make sure you get the paperwork or forms you need to get your company to match your donation. My last company would match, IIRC, $500 of my donation. That's $1K to EFF for the $500 you might have given them anyway.
Just as any research you do while at school is the property of the University you attend, I will bet you that _anything_ you create with school resources at school belongs to the school
Does this suck? Yes. Is there much you can do about it? Not likely. You need to look into the school bylaws on research and work produced. You may find out that your term papers, computer programs, and murals on the walls of the dorms all belong to the school.
I sympathize with you, but you should have looked more into the school's rules regarding such things before you tried to take a stance and made promises that it now looks like you can not keep. Good luck in extricating yourself fromt his mess. I hope it doesn't bring you down too much.
Slashdot Mirror
Not only that, but holy bejeezus, there isn't a single link to the pertinent information in the submitter's italicized text. Timothy had to pull the story link out of some other submission. Come on people, I don't care about your freaking thread on Slashdot in the last 8 articles that mentioned Nvidia or SIGGRAPH or Squaresoft, I want to see the story.
Like Gregoyle said, those of us that ended up in AT&T as a result of them buying MediaOne RoadRunner have a different ToS/AUP than the rest of the Extire@Home people. For example, if you go to theit help site (help.broadband.att.com) and enter 32202 (downtown Jacksonville), you will get the set of documents that reflect the MediaOne user agreements. No where in those documents does it say we are not allowed to run servers, and in fact, says that if we run servers, AT&T will not be held responsible. However, their level 1 tech support is stupid, and told me that if you enter Server in the search window, there's documentation that says "you may not run servers". The local Franchise Board is going to get a call from me next week - AT&T is already under investigation here in Jacksonville for crap Cable TV service and support, if they are slamming my original ToS with a new one, and not giving my ample notification, then they are going to have more problems.
Actually, the legalese says you can't copy it to a server for public use. I know, I forgot that my copies weren't unavailable from my public side, and got a letter from the O'Reilly legal department when the UNIX and Perl Bookshelves started showing up on spider searches of my site.
It does indicate that copying it for your own personal use is OK/
This space for rent. Call 1-800-STEAK4U
This space for rent. Call 1-800-STEAK4U
"But I'm stupid and don't think through my ideas"
Explain to someone that having a computer and the internet is like having a TV. You paid For the TV (computer) and you have access to some content (installed software).
Pay a little more for basic cable (internet), and there's a lot more out there, but for the most part, it's not very good or very original, and is really just filler.
Pay even more, and you get premium channels (pay-for contect), where there is original work, new shows, and a better presentation.
And if it interests you, you can pay one-time fees for Pay-per-view shows (micropayments) fo content which is one-of-a-kind, short-term type viewing.
Ask the people you're talking about if they deserve to have HBO and Pay-per-view services for free just becuase they bought a TV and pay for basic cable. The ones that say yes are hopeless cheapskates. Most rational people understand how services break down, they just need to be educated on how that service layer model translates to the internet.
This space for rent. Call 1-800-STEAK4U
Run _your_ site to keep a list of who is running servers. Add code to the server to connect back to a central location to report that it is running version X.Y.Z. Netrek runs the same way, though they may actually run one of their own servers, too..
This space for rent. Call 1-800-STEAK4U
Environment varioables are also edited with VI, in your .profile, .login, or .cshrc file. Unless you're testing, you never log in and have to type things like "export HOME=/home/tbone".
Environment variable are dumped in whatever order they were pushed into the environment stack. Unless the shell reorders your environment for you, most shells do not alphabetize your vars. Besides, if you're going to use the environment to store variables in, you should be using a syntax like PREFIX_VARIABLE=value. Then you can 'set | grep PREFIX' | mail -s "Environment problems" suport@company.com" and get an answer back.
You mean you had to edit your PATH variables? God forbid you actually do sysadmin work and set up your paths for your software....
Comments are for weenies :)
In all seriousness, Env variables should be part of a larger scope of things. Parsing configurables should work like this:It's not exactly efficient (4 config passes), but it's not like you're reading the Windows Registry 4 times or anything.
This space for rent. Call 1-800-STEAK4U
You don't need to hack the server in order to hack the access controls on the data available to the server. Is it immensely easier? Usually. But not necessary.
If I have the admin password for whatever app you're running, then I can see all the data, and never have hacked the webserver system.
This space for rent. Call 1-800-STEAK4U
Is running in the kernel necessarily safe? No, probably not. However, the Linux kernel is intrinsically safer than the NT kernel. Add the patched CAP functions to the kernel, and limit what the web server has access to. Besides which, if your data is that important to your company, you shouldn't be hosting anything on your web server BUT your web server pages. There shouldn't be any other logins or user accounts, the server should be in a extranet, and the only access allowed from it to other boxes should be from it to your backend database servers or such. Those connnections should be limited to some dumbed-down user equivalent in the DB. So if the machien gets hacked, the hacker can see all the web pages that he would have been able to see through the web server anyway, and can connect to your database to see data that he would have been able to see anyway.
Even in NT, this should be the case. Your web server being hacked, while problematic, should not be cause to call in the National Guard while S'Kiddies make havoc on your network. There's nothing wrong with Kernel-space applications when the box is set up correctly to account for the possibility of it being hacked.
In addition, Apache itself is marginally attackable by hackers anymore. Most hack attempts come through poorly configures applications on the backside that yield access to the server.
This space for rent. Call 1-800-STEAK4U
Yes, someone ported Linux to the Palm.
However, Compaq ported Linux to the iPaq. This is the corporate support that everyone complains about there not being for such-and-such hardware everywhere. Compaq has essentially not only "released the drivers", but the source code for the drivers, and the optimized OS to go with the drivers.
See above - I'm a UNIX admin, and would rather have UNIX tools available, since that's what I do for a living. Not only that, but Compaq is gettting right up there with IBM in corporate supprot for Linux, and I feel that if I am going to spend the money, then I want to spend it on a company that supports the things I use. Besides, the iPaq has all the other features I wanted, too (Color, sound, PCMCIA expandability). The Linux thing is just a bonus.
This space for rent. Call 1-800-STEAK4U
So you use your Palm jsut as it came out of the box, with no additional software or hardware? I doubt it.
And using Linux, for some people, is a matter of having something more useful for them, not a matter of showing off. I'm a UNIX admin. I'd much rather have a portable platform on which I can do some semblance of my normal work than have to deal with half-assed implementations of tools that kind of do what the real UNIX tools do.
This space for rent. Call 1-800-STEAK4U
Much more useful than an iPAQ which seems to be very hardly supported under Linux
Much not very informed opinion, since Compaq, until recently, maintained the "hh" reference port of Linux for the iPaq, and more recently changed the reference port to one of the community ports (Freedom?) since they were a little farther along. Everything in the iPaq is supported under Linux. The sound is supported, the handwriting recognition is supported. There are ports of things like Perl and Python, and it all runs under X.
You're talking about communication tools for the Palm on Linux. Big freaking deal. We're talking about running Linux on the iPaq. Natively. Who needs comm tools to transfer software downloaded from who-knows-where when you can fire up the TCP stack and telnet to your main box where your cross-compiler is to FTP up new programs?
Compaq supports Linux to the extent that they will replace your iPaq if you turn it into a brik while trying to flash the Linux update onto it. They, of course, would rather you didn't do this, but the option is there. And there are just as many apps for Linux as there are for Palm.
This space for rent. Call 1-800-STEAK4U
...but why are you running remote desktops on all of your systems anyway? I beat down my users who feel they absolutely HAVE to run a remote desktop instead of just running remote windows. The performance hit on the remote machines is noticable - expecially when I kill all dtremote sessions on some of my Solaris boxes at work.
X transcends the desktop. Set yourself up a workspace dedicated to a machine or group of machines. Configure buttons to launch things on certain OS's, and only put them on certain desktops. Any user who tells me that he needs to run in a virtual desktop finds shortly after I disable his remote desktop that he does his work just fine without the remote desktop and just remote X windows.
This space for rent. Call 1-800-STEAK4U
...the "iff" used in a gramatically correct manner, too.
No one should ever use "iff" in speech unless you're talking about flying fighter planes.
This space for rent. Call 1-800-STEAK4U
A port scan can be defined as any exploration, brute-force or directed, of the available services on a computer not belonging to you with the intent of utilizing those services is a manner not intended by the provider of those services.
Does that make sense?
This space for rent. Call 1-800-STEAK4U
In a single FTP session, you can end up using any free port on the machine to do the file transfer.
But that conversation is part of the FTP session, and is (or can be) logged as such. You wouldn't connect to a random port without requesting a file transfer from ann FTP server, assuming I even have an FTP server running on my computer, which I don't.
The list the guy mentions isn't meant to be an exhaustive list of services which are considered "public". Replace the list with the phrase "commonly provided services". And interpret the names of the services, instead of the ports for the names. If you want to run your telnet port on 23000 instead of 23 to avoid a firewall somewhere, more power to you. And no company would provide a service without also providing a direct way to the service, unless they intend for that service to remain undetected, in which case it's probably not a service that should be running anyway (like the telnet port at 23000 to avoid the firewall).
This space for rent. Call 1-800-STEAK4U
This space for rent. Call 1-800-STEAK4U
Absolutely. I don't mean to say that there is anything wrong with IDE...I have a SCSI controller sitting around in my compuer room because I have nothing to plug into it - all my drives are IDE. However, the guy would be better off spending the money to get a native IDE controller rather than spending monty on hacks to make his IDE drives work on his SCSI controller.
This space for rent. Call 1-800-STEAK4U
So the manual says:
It says that the service can be changed. But if I am not a subscriber, I don't use the service. In this case, they are changing my hardware. That I purchased. They can completely rewrite the service, and it should never effect someone who is not subscribed.This space for rent. Call 1-800-STEAK4U
You want to use a moped to pull an RV. Use the correct tool for the job.
IDE is an end-user driven and targeted technology. It's cheap, as you see in the proce difference between IDE and SCSI drives. However it's also cheap. The protocol is not as robust, or expandable, or bulletproof. IDE is meant for home users who need lots of space but aren't as concerned about reliability.
SCSI is a business, server-targeted technology. It's a stronger, faster, more expandable technology. It's meant for stacking ridiculous abouts of space into small areas. It's intended for corporate applications where you need wide data paths to move lots of data very quickly, or need redundant pathing, or lots of other motivations that 99% of your home users don't need. Regardless of how much data you THINK you move, you have not moved data until you start running systems that load 2G datafiles into a Data Warehouse multiple times a day.
Get an IDE controller that supports the 3rd/4th channel, and quit screwing around with silly adaptors that are a hack to a problem that's trivial to fix if you use the right tools.
This space for rent. Call 1-800-STEAK4U
And if the only UNIX flavor you run at your company is Linux, then you will be fine. However, crypt() is still the default method on most other unixes out there.
This space for rent. Call 1-800-STEAK4U
Yeah, but cracking a 5-word DiceWare passphrase on any UNIX system is no more difficult than cracking an 8-character password on UNIX - crypt() uses 8 characters at most. That's it. The following 'passwords' are equivalent.
- "Where there's smoke there's fire"
- "Where the hell is the phone?"
- "Where thee going sire"
- "Where th"
Strong passwords by themselves are useless, as someone pointed out, against anything but a dictionary attack. Which is nearly impossible to run without getting access to the system in some other way to get something to crack against - theThis space for rent. Call 1-800-STEAK4U
I posted this below on it's own thread, but it's important, so I wanted it to get some instant visibility
before you donate, check your HR benefits if you work at a decent company. Many companies have policies of matching employee donations to charitable organizations up to a certain dollar amount. My last company would match up to, IIRC, $500, and my (hopefully) next will match $150.
It doesn't cost you anything more, and hey, it gives them another write-off. Make sure you get the forms you need and check to see how you have to make the donation to get the extra money to your causes.
This space for rent. Call 1-800-STEAK4U
For those of you who work for big companies, look into your benefits you may find that your company will, up to a certain dollar amount, match any donations you yourself make to qualifying charitable organizations. I would suspect that the EFF would qualify.
If you want to donate, make sure you get the paperwork or forms you need to get your company to match your donation. My last company would match, IIRC, $500 of my donation. That's $1K to EFF for the $500 you might have given them anyway.
This space for rent. Call 1-800-STEAK4U
As usual....IANAL, etc etc etc
Just as any research you do while at school is the property of the University you attend, I will bet you that _anything_ you create with school resources at school belongs to the school
Does this suck? Yes. Is there much you can do about it? Not likely. You need to look into the school bylaws on research and work produced. You may find out that your term papers, computer programs, and murals on the walls of the dorms all belong to the school.
I sympathize with you, but you should have looked more into the school's rules regarding such things before you tried to take a stance and made promises that it now looks like you can not keep. Good luck in extricating yourself fromt his mess. I hope it doesn't bring you down too much.
This space for rent. Call 1-800-STEAK4U