ok, i may be missing something, so if i am, please correct me... but, even if you connect to a malicous LAN, that gives you a evil dhcp server that tries to exploit this thing, how are they gonna do anything? ssh is off by default, so they can't login...
so why the hell are you running a mission critical server via dhcp? give it a static address to negate even the possibility of the exploit you are talking about here.
because, unlike MS, apple has turned off services that aren't needed, by default.
Who cares that an exploit can create a new user, if ssh and remote login is turned off anyway? The Answer: well, not many people. this is somewhat of a bug/potential hole, that should be fixed, but NOT panicked about.
yes, but once they get a complete map, couldn't they just run the spider (or whatever) software and rsync the difference nightly? with moore's law, optimization, and maybe even a distributed approach, they could start covering a majority of the internet in less than 24 hours, and all changes are rsynced to a new map... how sweet would that be?
actually, i have always thought(not to be rude, this is honest) that to have a secure box, you do not plug it into a network. This is how windows 2000 got one of its high-end security clearences(wether it is required for any OS, or if it was just for win2k, i don't know) and it is also a running joke on how DOS has had the fewest remote exploits of any Microsoft OS (none, because it was such a pain to get it on the network...
But honestly, this idea seems to be overlooked, when in actuallity, it is worth using... It would have saved Valve's ass if their code wasn't on a conmputer that was connected to the internet. If it was on only the LAN, and inaccessible to the internet, then their code wouldn't have been able to be leeked.
well, yum is a port of the package management software used by Yellow Dog Linux. it uses all rpms, and in pretty handy. may want to try it on a spare and see how it works, but it is deffinetly an optiton for upgrades. it also does dependency checking and all that jazz: YUM
and your other point about fedora... ya, it had a slow (buggy) start, but don't give up on it, give it some time and see how it does. personally, i think it is going to be a huge success in a year's time.
just as a slightly off-topic question... if i had hp=4, and you hit me, knock me down six, and i would have hp=-2, then you couldn't hit me, since i am dead.... but how do you differentiate between a dead player(me) or you(who also has -2, but is suppose to be immortal?
but ssh and all services are turned off by default, so even if you get an IP from a malicious DHCP server, and they use the exploit, they can't login remotely to do anything. So unless the services have been turned on by the user, the security whole is, to an extent, moot. and should be fixed, but not panicked about.
the other half of the problem is that ssh, etc. are turned off by default, so even if you can use this rogue DHCP server to create a root account(which is also removed, by default) how are you going to login remotely?
And if you get physical access to a machine, your security is compromised anyway. It is albut impossible to secure a machine if a hacker has physical access to it. regardless of OS flavor.
that is all well and good that Flash is clearly a better system, but does flash come installed on all machines? WVG will, ofcourse. will developers ignore cross platform compatability code in MS-only tech, because it is there? yes.
Why o why does this company get to do this to the populous? An open standard, taken, broken in compatability, bundled into an already integrated browser in the most widespread desktop OS on the planet, to compete with a company with an existing product...
I thought MS couldn't leverage their monopoly on the desktop to compete with other technologies... and bundling WVG, to compete with flash, is clearly copetition.
i would suggest encryption... somewhere between freenet and kazaa lies a nice medium, of a funtional yet secure p2p network...
one other cool thing about freenet, that is interesting is that it has 'freesites' or basicly, webpages that are distributed over the network... imagine a bittorrent world wide web, over an encrypted connection. Fast, distributed, secure. SWEET.
kazaa and others have a 'fasttrack' network, but they are not secure(and not anonymous, for that matter). The problem with 1 network is that you are limited to the features of that network... give it some time, and then lets look at a unified p2p network
ya, this sounds like a way to replace the 'please use a mirror site [insert 30 urls]' tag on all the big downloads... which is fine, but that reaches a different audience than bittorrent's.
someone hack together a quick bot to auto download some of that stuff... heck, lets do weekly themes... or daily. what if there was a 500% increase of disco music on monday, but only monday(and every monday for 2 months?) tuesday could be gangsta rap. wed could be, i duno, techno.
Heh, why not, if you download, and then delete at 12:01 the next day, who cares? and it would screw the numbers up bad!
sounds like IIP, Freenet, or just a wireless p2p protocol in general. This is a good idea, and one i have had for a while now. i wonder if porting freenet to a palm would work? and if coding the software, could the palmos start chatting to other palms without a problem? or are they hardcoded, somehow, to need an WAP?
o god. find away to turn all news into a pro-debian spin, aye? Two points:
*everyone hates MS here, but for some reason refuse to actually financially support a linux vendor who competes against MS. You want your cake and eat it too. Support redhat by buying a packaged version, so they can stay profitable and further Open Source their software to the community(like they always have).
*if you want to support the redhat distro, but feel like you want to contribute time to the community, choose fedora... I mean really, that is what it is there for, so that it is easier for YOU to help the community out! God, redhat moves from a corp run distro, to a community-based distro, and everyone is mad that they don't get 'redhat' isos anymore? PLEASE! the 'redhat' isos have just changed name to 'fedora'.
*look into a nice laptop-style sony clie or a sharp zaurus.
*You can go wi-fi, or buy an expansion card nic/modem for on the road... consider getting a cheapo dialup account so you can use a modem and find the local number...
*you could also setup a web interface... something like webmin, with some security. ssl, password protected, have apache use htaccess and what not for keep bad guys out.
*setup cron jobs. make basic management done automaticly whenever possible.
Slashdot Mirror
ok, i may be missing something, so if i am, please correct me... but, even if you connect to a malicous LAN, that gives you a evil dhcp server that tries to exploit this thing, how are they gonna do anything? ssh is off by default, so they can't login...
again, maybe i am missing something.
so why the hell are you running a mission critical server via dhcp? give it a static address to negate even the possibility of the exploit you are talking about here.
because, unlike MS, apple has turned off services that aren't needed, by default.
Who cares that an exploit can create a new user, if ssh and remote login is turned off anyway? The Answer: well, not many people. this is somewhat of a bug/potential hole, that should be fixed, but NOT panicked about.
yes, but once they get a complete map, couldn't they just run the spider (or whatever) software and rsync the difference nightly? with moore's law, optimization, and maybe even a distributed approach, they could start covering a majority of the internet in less than 24 hours, and all changes are rsynced to a new map... how sweet would that be?
actually, i have always thought(not to be rude, this is honest) that to have a secure box, you do not plug it into a network. This is how windows 2000 got one of its high-end security clearences(wether it is required for any OS, or if it was just for win2k, i don't know) and it is also a running joke on how DOS has had the fewest remote exploits of any Microsoft OS (none, because it was such a pain to get it on the network...
But honestly, this idea seems to be overlooked, when in actuallity, it is worth using... It would have saved Valve's ass if their code wasn't on a conmputer that was connected to the internet. If it was on only the LAN, and inaccessible to the internet, then their code wouldn't have been able to be leeked.
and your other point about fedora... ya, it had a slow (buggy) start, but don't give up on it, give it some time and see how it does. personally, i think it is going to be a huge success in a year's time.
just as a slightly off-topic question... if i had hp=4, and you hit me, knock me down six, and i would have hp=-2, then you couldn't hit me, since i am dead.... but how do you differentiate between a dead player(me) or you(who also has -2, but is suppose to be immortal?
but ssh and all services are turned off by default, so even if you get an IP from a malicious DHCP server, and they use the exploit, they can't login remotely to do anything. So unless the services have been turned on by the user, the security whole is, to an extent, moot. and should be fixed, but not panicked about.
the other half of the problem is that ssh, etc. are turned off by default, so even if you can use this rogue DHCP server to create a root account(which is also removed, by default) how are you going to login remotely?
And if you get physical access to a machine, your security is compromised anyway. It is albut impossible to secure a machine if a hacker has physical access to it. regardless of OS flavor.
why not just use 'yum update' in a cron job? Fedora is moving it's repository to use yum and apt for upgrades, and it works great for me.
that is all well and good that Flash is clearly a better system, but does flash come installed on all machines? WVG will, ofcourse. will developers ignore cross platform compatability code in MS-only tech, because it is there? yes.
Why o why does this company get to do this to the populous? An open standard, taken, broken in compatability, bundled into an already integrated browser in the most widespread desktop OS on the planet, to compete with a company with an existing product...
I thought MS couldn't leverage their monopoly on the desktop to compete with other technologies... and bundling WVG, to compete with flash, is clearly copetition.
i would suggest encryption... somewhere between freenet and kazaa lies a nice medium, of a funtional yet secure p2p network...
one other cool thing about freenet, that is interesting is that it has 'freesites' or basicly, webpages that are distributed over the network... imagine a bittorrent world wide web, over an encrypted connection. Fast, distributed, secure. SWEET.
no master blaster? That was one of the coolest, and hardest games i ever played on the NES!
yes, you create AI, i will tell said AI to design a better p2p network....
isn't it more of a shock that a 'portable' computer weighs 9 pounds? that is quite a lot.
kazaa and others have a 'fasttrack' network, but they are not secure(and not anonymous, for that matter). The problem with 1 network is that you are limited to the features of that network... give it some time, and then lets look at a unified p2p network
what you should do is run a 10-100 gig web proxy, and have a crawler/updater to keep the newest versions of slashdot etc available...
ya, this sounds like a way to replace the 'please use a mirror site [insert 30 urls]' tag on all the big downloads... which is fine, but that reaches a different audience than bittorrent's.
does that mean the Linux Torvalds is the Architect?
now remember, when you cheat, only cheat so that MOST of the answers are right, if you get 100% on all your tests, you will look suspicious!
someone hack together a quick bot to auto download some of that stuff... heck, lets do weekly themes... or daily. what if there was a 500% increase of disco music on monday, but only monday(and every monday for 2 months?) tuesday could be gangsta rap. wed could be, i duno, techno.
Heh, why not, if you download, and then delete at 12:01 the next day, who cares? and it would screw the numbers up bad!
so lets get rid of phone calls during dinner advertising crap we don't want, and just get built in ads every time we pick up the phone! woo!
sounds like IIP, Freenet, or just a wireless p2p protocol in general. This is a good idea, and one i have had for a while now. i wonder if porting freenet to a palm would work? and if coding the software, could the palmos start chatting to other palms without a problem? or are they hardcoded, somehow, to need an WAP?
any ideas?
o god. find away to turn all news into a pro-debian spin, aye? Two points:
*everyone hates MS here, but for some reason refuse to actually financially support a linux vendor who competes against MS. You want your cake and eat it too. Support redhat by buying a packaged version, so they can stay profitable and further Open Source their software to the community(like they always have).
*if you want to support the redhat distro, but feel like you want to contribute time to the community, choose fedora... I mean really, that is what it is there for, so that it is easier for YOU to help the community out! God, redhat moves from a corp run distro, to a community-based distro, and everyone is mad that they don't get 'redhat' isos anymore? PLEASE! the 'redhat' isos have just changed name to 'fedora'.
*look into a nice laptop-style sony clie or a sharp zaurus.
*You can go wi-fi, or buy an expansion card nic/modem for on the road... consider getting a cheapo dialup account so you can use a modem and find the local number...
*you could also setup a web interface... something like webmin, with some security. ssl, password protected, have apache use htaccess and what not for keep bad guys out.
*setup cron jobs. make basic management done automaticly whenever possible.