Slashdot Mirror


User: jonadab

jonadab's activity in the archive.

Stories
0
Comments
5,933
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,933

  1. Re:Lucky windows users??? Re:Huh? on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 1

    > wu-ftpd comes to mind...

    ftp in general is something you should keep turned off unless you
    actually need it, moreso even than is true for services in general,
    not because it's more vulnerable than other services so much as
    because it gains you unwanted extra attention from the script
    kiddies. That goes triple for anonymous ftp.

    We do have one system that has to have ftp. I chose proftpd for it,
    and yes, I updated it after the recent announcement. And it doesn't
    permit anonymous login, because we don't need that.

  2. Re:Hmph... on New Anti-Swap CDs Hit Shelves · · Score: 1

    Except, computer programs are smarter than grammophones, and can be
    designed with logic that recognises such invalid or troublesome input
    and responds in some fashion (e.g., spits an error message at you).
    That way, the troublesome input doesn't destroy the record player.
    (It still can't be played, of course...)

    Why does this thread remind me of the current poll on Perlmonks?

  3. Emacs/w3 on Better Browsers for Text & Form Handling? · · Score: 1

    If a text-based browsers is an acceptable option, no browser has a
    better built-in text editor than Emacs/w3. It's fully extensible,
    fully scriptable, and closer to fully featured than any other editor
    available today. The more advanced features do have a learning curve,
    but what fully-featured thing doesn't?

  4. Re:Huh? on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 1

    > Don't open email in a reader that will automagicly execute whatever
    > it opens (ie: unpatched outlook)

    They say Outlook is patched for this. Yeah, whatever; a specific
    case has been patched. It's been patched many times before, and it
    will be patched again, and still it will automatically execute
    certain types of attachments and *hope* the authors have now finally
    thought of all the bad things such content could do and specifically
    prevented each of them. Only, they obviously haven't yet because
    the rate at which new ones are discovered has not diminished in the
    slightest.

    Bah. Save yourself a lot of trouble: don't use Outlook at all.

  5. Re:Learn First, Post Second on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 1

    All of the above. Turn off the services you don't use, put all your
    systems behind a firewall based on a different OS (e.g., Windows
    behind Linux, Linux behind BSD, or whatever), do NAT on the firewall
    and only forward through existing and related traffic plus any
    specific ports you actually need, and keep up-to-date on security
    patches. Doing all of the above will cost you less time per year
    than *one* serious infection.

    Oh, and: don't use Outlook. Ever.

  6. Re:Lucky windows users??? Re:Huh? on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 1

    > 1) pull the ethernet cable
    > 2) enable XP's built-in firewall
    > 3) download patch

    Yes, I always pull the ethernet cables before downloading things...
    (Ahem. I know what you meant, though.)

    RPC is a service you don't need. Turn it off. Not that turning on
    the firewall is a bad thing, but turn RPC off. Also, unbind File
    and Print Sharing from the TCP/IP on your internet connection. Also,
    turn off Windows Messenger Service and any other services you don't
    need. This is the same advice *nix people give eachother: turn off
    any services you don't intend to actually use. Then, when you read
    the slashdot story next week about the new worm, you can glance it
    over, determine that the worm comes in through IIS, remember that you
    turned IIS off, and relax.

    Oh, and: don't use Outlook. Ever. Get Pegasus Mail, or something.

  7. Re:Huh? on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 1

    > Gee, since I've never been infected by a virus or worm, and I've
    > been using Windows since forever (both client and server side),
    > I don't feel I have that much to worry about.

    Well, 99% of all Windows worms aren't Windows worms per se, but worms
    that impact software that only runs on Windows (usually Outlook, IIS,
    or MS SQL Server, but sometimes it's something else). There are the
    occasional worms that really do attack Windows itself, like the one a
    couple weeks back (that attacked around the same time as SoBig; I
    forget what it was called), but many of these can't infect you if you
    are up-to-date on your security updates, and most of the rest will be
    stopped by any half-decent firewall. So yeah, with safe computing
    practices you can run a secure network with Windows systems. That
    said, at work I just finished putting all the Windows systems behind
    an IP Masq gateway, because it seemed easier than keeping track of all
    the security measures I would have to take otherwise. (The NAT of
    course does not protect against client vulnerabilities, but I don't
    permit Outlook on my network, which helps a LOT; there are easily
    ten times as many Outlook malwares as there are security exploits
    for Windows itself. This latest is just the most recent.)

  8. Re:Special Knoppix Boot CD needed on Microsoft "Swen" Worm Squiggles Into Sight · · Score: 2, Interesting

    > NTFS, which has readonly support

    Indeed. IMO, read/write support for NTFS is one of the top three most
    overdue features the Linux kernel needs. A versioned filesystem (a la
    what VMS has, but built from the ground up for Linux) is another. I'm
    sure there's a third feature as long overdue as these two, but I don't
    know what it is.

  9. Re:Itanium? on Is Prescott 64-bit? · · Score: 1

    > Itanium is NOT a late-comer to the 64-bit desktop 64-bit market.

    You did say desktop, right? Then, you're right, as near as I can
    determine: Itanium isn't a latecomer; it's a no-show. Unfortunately,
    thus far so is x86-64; everything I've seen so far is rackmount stuff.
    I'm hoping this will change soon; when I buy my next desktop, I'm
    going to want one that can handle more than 4GB of RAM, but I won't
    be ready to give up extant applications.

  10. Re:Hrmm on Is Prescott 64-bit? · · Score: 2, Informative

    You don't upgrade to get a faster CPU. Not these days. You upgrade
    for other reasons -- your old motherboard is maxed out for RAM, and
    you need more. Your old motherboard is USB1.1 and you want 2.0. You
    could get an expansion card, but you've only got one slot left and you
    really wanted to add IEEEwhateverthenumberisforthattrademarkedbus.
    The new board supports SATA RAID, which will give you a performance
    boost for disk-intensive applications. And so on and so forth.

    Do you go for a faster CPU while you're upgrading? Well, sure.
    Nobody wants to buy a new computer with the same MHz number as the
    old one, for psychological reasons if nothing else. But unless you
    raytrace animations for a living or something, it's probably not the
    thing driving you to upgrade.

  11. Re:Hotmail. on Where Is Spam When You Want It? · · Score: 2, Informative

    > Maybe I'm paranoid, but I can't stop thinking that's MS fault!

    It's been a couple of years, and their EULA has probably changed two
    dozen times ad interim, but when I actually read Microsoft's privacy
    policy, it essentially said, in heavy verbiage, "we will sell your
    address to whomever will pay for it". By heavy verbiage, I mean
    something of the form, "may share said contact information with
    select business partners in order to provide value-added services"
    or some such rot. If your eyes glaze over at the first hint of
    weaselese, you wouldn't catch it, but it seemed pretty clear to me
    that they were saying they would sell my address. Maybe I'm just
    paranoid, though. After all, Microsoft is a very reputable company,
    as everyone here knows, and so maybe I'm just not giving them enough
    benefit of the doubt in my poor understanding of EULA verbiage.

  12. This is the last one, honest! on Buffer Overflow in Sendmail · · Score: 1

    This is it! If you patch this one, sendmail will be secure! Really!
    Of course, they said that the last twenty times, but this time for
    real, because sendmail is focused on security, just like Microsoft!

    Ahem. I won't let sendmail anywhere near any network I administrate,
    ever. Argue the relative merits of the other options -- qmail,
    postfix, exim, or Net::Server::Mail, but pick one of them, because
    letting sendmail listen for incoming connections from the internet,
    given its (in)security record, is about as smart as using Outlook
    to get your mail. It hasn't been six months since the last sendmail
    remote root exploit, and it won't be six months until the next one.
    Some things never change.

  13. Re:I fail to see.... on New ssh Exploit in the Wild · · Score: 1

    > fail to see what Burt Reynolds has to do with it.

    Nothing. He was talking about Jim Carey.

  14. Re:How is still possible? on Buffer Overflow in MySQL · · Score: 1

    > Buffer overflows have been known for decades, why are these
    > buffer overflows still so prevalent?

    In a large program like MySQL, religiously checking each and every
    buffer, each and every time anything is stored in it, without missing
    any, is *hard*, because there are *lots* of buffers and they get
    things stored in them by *lots* of different parts of the code.

    The real solution is to use a langauge with builtin memory management.
    Until recently this was impractical for performance reasons, but with
    VHLL technology improving and hardware improving, it won't be too long
    now before it's practical to write almost everything (save the boot
    loader and scheduler and a few other lowlevel tidbits) in VHLLs. It
    will then take more than twenty years to cycle out all the existing
    legacy software and replace it with newer stuff, but hey.

  15. Re:should not be permitted to use the word 'engine on Alternative To Windows Desktops · · Score: 1

    > It just sucked before to have a masters degree along with several
    > years of experience and have an official title of "Software
    > Practitioner." Bleh!

    'Practitioner' is too bland, but there are plenty of interesting
    words in the English language, words with positive connotations,
    besides 'Engineer'. Try some of these on for size: Software Systems
    Coordinator, Software Architect, Software Management Expert, Software
    Consultant, Software Wizard, Software Technician, Software Remediation
    Advisor, Software Selection Counselor, Software Coordination Leader,
    Software Developer, Software Design Coordinator, Software Implementor,
    Software Department Head, Software Overlord, Regional Software Arch
    Policymaker, Software Incident Investigation Captain, Software
    Design Committee Chairman, Software Implementation Partner, Software
    Quality Control Sherrif, Software Usability Research Coordinator,
    Software Antidefenestration Agent, Software Security Bosun, Software
    Emergency Response Marshal, Software Planning Team Leader, ...

    Personally, I rather favour the job title 'The Computer Guy'. It
    abbreviates nicely to TCG, which sounds vaguely important, and it's
    what everybody calls me anyway.

  16. Re:Games on GNOPPIX: Bootable GNOME CD · · Score: 1

    > It was common in the early 1980s that PC Games were bootable.

    Yes, but this was abandoned when two things happened:

    1) Due to advances in computer technology, most computers had
    these cool new things called "hard drives", many of which
    would hold up to ten megabytes or more.

    2) Due to advances in game technology, driven by consumer
    demand for graphics, some of the games were starting to
    have a little trouble fitting on a single 360K floppy.
    If the game were designed to be installed onto the hard
    drive, you could put it on *two* floppies, which allowed
    more than twice as many graphics.

  17. Re:Troubleshooting Potential on GNOPPIX: Bootable GNOME CD · · Score: 1

    All of the above are quite garish by default, but with some tweaking
    of the settings you can get them looking pretty decent... though
    I'm still waiting for the thEmacs theme to get ported to Gnome2.

  18. Games on GNOPPIX: Bootable GNOME CD · · Score: 1

    Don't want to support N operating sytem versions, but want anyone
    with a CD to be able to play your game? Distribute your game on a
    LiveCD with the OS included; you get full control over the exact
    version of every piece of software -- the only variables are the
    hardware, then, and anyone with a PC can play your game.

    Of course, for speed reasons you want to offer an option to install
    to a disk image on the hard drive, and for that to be practical it
    would be really nice to have read/write NTFS support. Hopefully
    we'll get that Real Soon Now.

    But the idea is solid.

  19. Re:Why is this useful? on GNOPPIX: Bootable GNOME CD · · Score: 1

    You can get Knoppix 3.2 from cheapbytes.com, though they don't seem
    to have Gnoppix yet for some reason. Their CDs don't have what I
    would call eye candy (no fancy logos or anything), but they are
    labelled in a passably-nice font, and the label (apart from the
    black letters) is at a glance invisible, not one of those ugly white
    labels you sometimes see on cheapies. For what they charge, it's
    a pretty decent option.

    I agree that I would like to get one with some nice eye candy, though,
    maybe (part of) that Knoppix image of the eye that shows while it's
    starting, or something.

  20. Re:4.7 GB CDs on GNOPPIX: Bootable GNOME CD · · Score: 1

    > but a 17GB live cd would take quite a lot longer... day or two...
    > Hey, I only get 5GB a month. Make that 3 1/2 months for me!

    cheapbytes.com -- never underestimate the bandwidth of Priority Mail.

  21. Re:Help me with the math here on Linux Most Attacked Server? · · Score: 1

    > No offense, but aren't you trying to manipulate the data to
    > arive at your preconscived notion?

    Not deliberately; perhaps I'm biased toward certain conclusions, but
    the raw number of compromised servers isn't a particularly important
    thing anyway. If you asked my to speculate about *why* there are
    so many compromised Windows systems, I'd say it's because there are
    a lot of complete idiots maintaining Windows systems, who would do
    no better if they were maintaining Linux. Like I said, I see *lots*
    of traffic from compromised IIS servers, but I'm pretty sure a great
    deal of it is the same few servers over and over and over again,
    because the admins simply refuse to learn about patches. We have
    a number of Windows systems at work (no Windows _servers_, though...),
    and to date the most alarming security incident I've encountered was
    when NAV on two WinXP Pro systems found a virus in a file in the
    'Shared Documents' folder (from whence it would not have been
    executed any time soon, but nevertheless...); I traced the issue to
    having NetBIOS over TCP/IP enabled (which is the default), and so
    for the moment I switched NetBIOS to only route over IPX/SPX, which
    the router won't pass over the T1. (At some point I intend to put
    all the Windows systems behind an IP Masquerade gateway, which will
    help somewhat more.) And, frankly, I don't spend a great deal of
    time on security. So Windows isn't really a security nightmare, if
    you have some idea what you're doing. It's just that there are some
    people out there who don't have that ounce of clue, and most of them
    are running Microsoft software (probably because they (almost) can).

  22. Equivalents on Helping the Apple Web Community w/o an Apple Computer? · · Score: 3, Informative

    If you test in Konqueror, it should do fine in Safari as well. If
    you test in Mozilla (either Navigator or Firebird), you've got Camino
    covered also. Didn't OmniWeb recently switch to one of those two
    rendering engines also? That of course leaves out MSIE, the mac
    version of which has very different rendering quirks from the Windows
    version, but Safari will hopefully phase out the Mac version of MSIE
    within a couple of years.

    My problem is MSIE for Windows. Even assuming I'm willing to boot
    into Windows for testing, how can I test in both IE5 and IE6? I
    am *not* going through the uninstall/reinstall process every time
    I want to test a web page. Currently I'm just writing to specs and
    *hoping* it will do mostly okay in MSIE, but in practice I know that
    there will be times when it doesn't. I recently discovered, for
    example, that MSIE5.5 does not support applying CSS attributes to
    child elements (e.g., ".sidebar > div { padding: 0.5em; }"). I
    haven't tested that in IE6... do I really have to get VMWare just
    to test my web pages?

  23. Re:Help me with the math here on Linux Most Attacked Server? · · Score: 3, Interesting

    Here's some help with the math: according to my estimates, based
    on the network traffic that the (as yet unexploited, though I don't
    take this for granted) Linux-based CGI server at work logs, the
    _average_ Windows server is exploited by script kiddies, worms, or
    viruses several times per year. Now, some of that is the same
    servers being hit over and over again because the admins simply
    refuse to learn about patches, so a well-maintained Windows server
    will not be exploited that often. Still...

    If there are more attacks on Linux servers, it's because there are
    more Linux servers, or because attacks on Linux servers get noticed,
    or something -- not because Linux is more likely to be targeted.
    Either that, or we're only counting attacks that were conducted
    against an individual server by an individual attacker with more
    skills than just the ability to run prefab breakin tools.

  24. Re:Cyrus IMAP for sure.. on Recommendations for the Right IMAP Server? · · Score: 1

    > No, I can't see any problems with your files...

    Files? You have files? Where? No, I think you must have been
    imagining them, because there obviously aren't any there.

  25. Re:Cyrus IMAP for sure.. on Recommendations for the Right IMAP Server? · · Score: 1

    > I have to agree with the 'no gentoo on servers'.

    I would qualify that a bit more: no gentoo on mission-critical
    production servers seems like a good rule of thumb.

    I'm currently in the process of getting a gentoo server ready to
    colocate, but the purpose of this system is to provide a server I
    can *experiment* on (for learning purposes). I do intend to put
    some real content on it, of course, but nothing that will cause
    the world to end if it becomes unavailable for a couple of weeks.
    Because, I intend to use this server for things like...

    * trying out new versions of Apache that I'm not sufficiently
    confident to put on the cgi server at work

    * trying out other server technologies that I don't have a need
    for at work, but want to get familiar with

    * testing out server code that I write myself in Perl. (Have
    desire to write my own mailserver software? Check. Intend
    to put it on a production server right away? Heckno.)

    Gentoo is an excellent choice for this sort of thing, IMO.