you use rsa keys to authenticate, that in and of itself is a security hole.
and a keystroke logger installed on any system poses a security issue, and is a hole that is pretty much un-fixable, unless you plan on somehow encrypting keyboard input. its the same with physical access.
there is no such thing as perfect security. but there are ways to make it better than not having any at all.
We got these things late last year where i am. (Rochester, NY) and i Love mine but i have had several nagging issues with it since i got mine in december.
some of the smaller issues are lag in remote-terminal response, it can be upto 15 seconds at times. and also the long time it takes to save things into the scheduled recordings.
but the funniest thing i have ever had happen was i was recording jay and silent bob strike back, and for about the first forty minutes of the movie the video was fine, but the audio was first classical music, then rap music, then german talk radio. it was really amusing because when the classical music was playing it almost PREFECTLY fit the movie scene for scene...... hilarious.
i recomend the unit because it is just $9.95/month which is pretty cheap. the record feture has a bug in it that i called TW about but hasnt been fixed yet AFAIK. it happens when you set the box to record all the episodes of one show (say CSI) and the network changes the time slot or day that the show was scheduled to start/play at, the box will record the prior spot. no matter what unless you go through and erase all of the scheduled recordings of that show.it will even change the name of the recording to show the new show title.
the only other knock i have on it is that the "record all showings of this show" feature is basically a "record all showings of this show on this channel only". which is a PITA for me since i tried recording CSI on TNN and CBS but it only catches one. you can add a second recording for the other channel, but its a minor annoyance.
its possible to break into any networked computer. but you have to have some really kick ass skills to get into solidly secured networks. which i can say this guy wasnt running if someone had the ability to install linux without his knowing right away.
the princaple of security is to make something as secure as possible while still allowing it to work without much hinderance. not to prevent all intrusians, that is impossible.
Sounds more like he knows his job, is happy to have people using Linux, but just wants to make sure his network is protected.
im not talking about the person who posted the article im talking about the parent.
most windows sys-admins dont have any clue. just look at the most recent worms/virus's. its mostly crap that has patches available but not applied. because usually the image they use to do their daily restores is also out of date. and they dont run updates immediately.
its not only making sure to limit what runs as root. its not that simple. but one virus writen before firewalls or IDS's were evern close to common occurance is not exactly proof of a damn thing.
and to be more exact there were two virus's in the 80's that affected unix, one of which actually repaired a hole in ftp (IIRC) but left a backdoor onto the system.
the point is simple, in order to do real damage to unix you need to have root access, thats typically another step in the penetration of the system. that one step can make a big difference.
i run apache and sendmail in chroot'd jails. simply because with the new GrSecurity in the kernel its WAY outside of the skillset of the kiddies to get out of a chroot'd jail. and yes believe me kiddies are the ones who write virus's and root kits. no real hacker or even a cracker would bother. its like painting a target on your chest and taunting the FBI, or whomever to catch you. and they will.
no im assuming that people installing linux on a corporate network, without help from the IT team have some moderate clue.
if they do not then quite frankly re-image the damn thing as windows and lock-down their media access so they cannot *install anything*, let alone a new OS.
" People who hold the above attitude are very BAD admins.... our role in general is to make people happy as best we can without going over-board."
and my setting a "No" policy on unsupported software is different from a policy of "acceptable" software how ? someone is still saying no, i am not a hard ass, but i also have no reason to get some half shit mail client to work when evolution already does so.
My entire post was based on the thought of "rather than being a flaming asshole perhaps you should work WITH the users to make linux work." because if they are installing linux their is obviously a reason for it. your job as a sys-admin is to make shit work, what if linux works better for XYZ marketing crap than windows ? then what ?
you install a specific set of programs, same as on windows. thereby limiting the "variables" involved. you seem to think that Linux must have 3G worth of unused crap installed. you know what "NEEDS" to be installed in most cases is rather simple: X, gnome, evolution, mozilla, gaim, vim, ssh. thats it, if they need openoffice then stick that on there. just because kde is included as an install OPTION doesnt mean its needed. The job of the sysadmin is to get shit to work, but no sysadmin can support everything, and as such the realm of what is supported must be limited. simple as that.
As to your "no" policy... i seriously laugh at you. If your in the buisness of shooting down your users... your not a very good sysadmin. While you most certainly shouldn't encourage or offer active support for non-approved SW... Users are users, and simply want their shit to work. The more you can facilitate that with ease the better the admin you are. thats "support".
you just completely missed the boat. my job is to make the shit that is neccasary work. sorry they by and large dont need to see the latest homestar cartoon. go away. some half shit un-needed third party crap is not my job, and them even trying to install it when their is already a working alternative is a waste of company time.
now that i can see the point of, but perhaps instead of viewing linux has a second teir "problem" he should talk to the people who installed it and find out what they can do.
i have a local gentoo build server with 2 python scripts, and some cron jobs my systems are updated daily on my home network (14 machines. varying from athlons, to mips, to alpha) (not running gentoo on the mips, that runs irix [octane])
>> Last time I checked, there weren't any imminent linux virus threats.
> That attitude works up until the world gets surprised by the first real nasty one.
should i even bother explaining why it is damn near the most unlikely thing to happen in IT ? or should i just point out that _if_ a virus ever hits a unix there would be open source anti-virus software within a few days ? (few months max) or point out that the unix type of OS is about 30 years old. and to date there havent been any virus's in the "wild". (and dont give me that "not attractive target" for virus writers crap either, unix still runs mainframes, bank computers, ATM's etc.... and linux and BSD run about 50% of the mid-range servers....)
se the wonderful thing about linux is you dont have to run a damn thing as root, and the few things you do have to run as root can be chroot'd so the virus/worm can't do diddley. some linux distros come like this by default.
>> Desktop license management? I thought linux was free.
> Perhaps, if your time is worthless. But anyhow, he was refering to license management for any potential commercial software they may have > illicitly installed.
oh please. take your gartner studies (microsoft funded BTW) and shove em'. the amount of time it takes to install and optimally config a std. linux system is in the hours worth of time. admining that same install MIGHT take 30minutes per month. windows ? yeah friggin right, pick one of their OS's if you spend less than two hours per month admining that box its vulnerable. this argument is moot. since anyone who is going to install linux by choice obviously wasnt bugging the IT guys and hence didnt need to be trained, so there is no time lost their.
Linux is FREE to any person who knows what they are doing, simply because spending the few hours it takes to install free's them of the years of misery that lies behind them, and the years that would have laid ahead of them if they had still been running windows.
firstly you wouldnt have to worry about them installing a rogue DHCP server if you didnt give them root. As a matter of fact dont even install KDE if you dont need it. you really must have no experience with modern desktop linux installs, otherwise you would have known that: "Id also be thankfull not to be asked how to make packages work correctly between KDE, gnome, X, or whatever else joe moron decides to use" is rather retarded since most apps work fine nowadays, Redhat has a unified desktop which makes the "visual" differance between kde and gnome moot, and redhat would support any other issues you have if you bought a support contract. same as with any other OS.
as for streamlined management well you could simply run a local up2date server with cronjobs as neccasary, and run ssh locally on the clients so that when (and this will be very rare) there is an issue you can just ssh into the box and fix it.
i personally work at an outsourcing company, 3500 employees and we have about a 20% linux desktop install, growing slowly. why ? ease of administration. you have a policy that states what IT supports (evolution, mozilla, gaim etc) and whenever somebody asks for help with something not supported you point and say "No". And the best part is you dont have to have someone running around constantly re-imaging all of those windows boxes....
and i highly doubt they were "unsecured", if these people went through the trouble of installing linux on a work machine they probably have moderate clue.
and im not going to point out that no matter how "secure" your personal workstations are, that once a cracker penetrates that far into your network your screwed.
this guy sounds like he is getting overly paraniod about something he more than likely doesnt understand.
I really find it amusing that they are targeting Rap/hip-hop/r&b more so than anything else. when typically the urban areas that generate that music have less money than the people who generate punk/emo/rock.
I also love the fact that they aren't targeting the lesser known bands. in which case I'll crop the nirvana, NIN, and QOTSA out of my collection and continue to share the small time stuff.....
as far as dealing with the nvidia drivers there are no "stable" solutions that include using it. you basically have two choices;
1. use the unaccelerated 'nv' driver from the X install/kernel build.
2. forget nvidia and use ATI. i did, and i dont regret it for a second. i get 130fps in quake3 (running in linux, natively) on my athlon 1600+ with a radeon 9000. not much of a gamer, but the few i do play haul ass......
i think the problem with nvidias drivers is that they wrote them on their own. the ATI drivers were co-written by Xfree and ATI. hell ATI even has drivers available for the Fire series.
NOTE: the only pain i have with the ATI drivers is that everytime i upgrade my kernel i have to re-build the module, which is tedius.
NOTE2: if you run gentoo you can install the x 4.3 drivers for the ATI's via 'emerge ati-drivers'.
yeah i caught that. but i was actually refering to the article, which IIRC said crashed the OS as well. and most windows crashes that i have experienced (been a few years...) have been of the "WTF" variety. like when the kernel removes the running kernel from memory to conserve RAM. or when it drops the network stack. or when IE (MS: the browser is the OS) crashes and takes EVERYTHING with it.
most of any crashes *should* be caused by bad drivers. (i think its funny how us "low-rent" OSS developers actually write stabler drivers than the big corps. or at least thats been my experience)(READ: nvidia drivers)(ati's drivers work great IMO)
When I bought my car, the guy offered to knock off $1000 if I didn't take the warranty
i dont know where you are but in most places that is illegal, as is "bundling" a warranty charge, however proving the charge was bundled is damn near impossible.
i never said people should get upgrades for free. but if the honda breaks under warranty you get a new honda or it gets fixed(if it broke badly enough to warrant a new car) and there are also lemon laws in place to protect consumers of faulty purchases, another thing software doesnt have.
and yeah industrial software has a warranty, as do indutrial goods like back hoes and dump trucks. but so do commercial goods like TV's and stereo's. or even computer hardware.
customers should pay for upgrades. but updates (not feature add's) (especially security) should to be made available for free to the customer for at least 3 years. not doing so is like honda not fixing a leaking fuel rail, broken tie rods or a fscked tranny.
Slashdot Mirror
i doubt they will ever turn them on. to them that would be allowing us to "steal" programming. or some other silly shiite.
i haven't had the occasion to have the thing over heat, of course i dont watch to much tv either.
no stinkin problem homie time any you need it !
you use rsa keys to authenticate, that in and of itself is a security hole.
and a keystroke logger installed on any system poses a security issue, and is a hole that is pretty much un-fixable, unless you plan on somehow encrypting keyboard input. its the same with physical access.
there is no such thing as perfect security. but there are ways to make it better than not having any at all.
Yeah there are quite a few of us.
..... not that i could ever make it, i work way past 8pm .....
#28 on the meetup list.
pain in the ass for the user ? yes. but theres a large differance between your homedir, or mail spool and a production website or database.
We got these things late last year where i am. (Rochester, NY) and i Love mine but i have had several nagging issues with it since i got mine in december.
...... hilarious.
some of the smaller issues are lag in remote-terminal response, it can be upto 15 seconds at times. and also the long time it takes to save things into the scheduled recordings.
but the funniest thing i have ever had happen was i was recording jay and silent bob strike back, and for about the first forty minutes of the movie the video was fine, but the audio was first classical music, then rap music, then german talk radio. it was really amusing because when the classical music was playing it almost PREFECTLY fit the movie scene for scene
i recomend the unit because it is just $9.95/month which is pretty cheap. the record feture has a bug in it that i called TW about but hasnt been fixed yet AFAIK. it happens when you set the box to record all the episodes of one show (say CSI) and the network changes the time slot or day that the show was scheduled to start/play at, the box will record the prior spot. no matter what unless you go through and erase all of the scheduled recordings of that show.it will even change the name of the recording to show the new show title.
the only other knock i have on it is that the "record all showings of this show" feature is basically a "record all showings of this show on this channel only". which is a PITA for me since i tried recording CSI on TNN and CBS but it only catches one. you can add a second recording for the other channel, but its a minor annoyance.
YMMV
not new at all. im in rochester NY and have had mine since last year.
its possible to break into any networked computer. but you have to have some really kick ass skills to get into solidly secured networks. which i can say this guy wasnt running if someone had the ability to install linux without his knowing right away.
.... i really suck at spelling.
the princaple of security is to make something as secure as possible while still allowing it to work without much hinderance. not to prevent all intrusians, that is impossible.
as a side note
just a small post to point out that i ain't given a damn about your grammerar nazi crap.
as is assuming that an admin who would shoot off about it has any more clue than the average user.
a SMART admin wouldnt need to post to slashdot about the damn problem, he would ask if they were updated and asses their ability to stay updated.
remember it takes on to know one, and an admin assuming everyone is clueless is probably clueless himself.
Sounds more like he knows his job, is happy to have people using Linux, but just wants to make sure his network is protected.
im not talking about the person who posted the article im talking about the parent.
most windows sys-admins dont have any clue. just look at the most recent worms/virus's. its mostly crap that has patches available but not applied. because usually the image they use to do their daily restores is also out of date. and they dont run updates immediately.
its not only making sure to limit what runs as root. its not that simple. but one virus writen before firewalls or IDS's were evern close to common occurance is not exactly proof of a damn thing.
and to be more exact there were two virus's in the 80's that affected unix, one of which actually repaired a hole in ftp (IIRC) but left a backdoor onto the system.
the point is simple, in order to do real damage to unix you need to have root access, thats typically another step in the penetration of the system. that one step can make a big difference.
i run apache and sendmail in chroot'd jails. simply because with the new GrSecurity in the kernel its WAY outside of the skillset of the kiddies to get out of a chroot'd jail. and yes believe me kiddies are the ones who write virus's and root kits. no real hacker or even a cracker would bother. its like painting a target on your chest and taunting the FBI, or whomever to catch you. and they will.
no im assuming that people installing linux on a corporate network, without help from the IT team have some moderate clue.
if they do not then quite frankly re-image the damn thing as windows and lock-down their media access so they cannot *install anything*, let alone a new OS.
why are you comparing a four year old version of linux to the current version of windows ?
but a standard desktop install of 9 is one HELL of alot more secure by default than any windows version i have seen.
NOTE: desktop implies no server services.
" People who hold the above attitude are very BAD admins.... our role in general is to make people happy as best we can without going over-board."
... your not a very good sysadmin. While you most certainly shouldn't encourage or offer active support for non-approved SW... Users are users, and simply want their shit to work. The more you can facilitate that with ease the better the admin you are. thats "support".
and my setting a "No" policy on unsupported software is different from a policy of "acceptable" software how ? someone is still saying no, i am not a hard ass, but i also have no reason to get some half shit mail client to work when evolution already does so.
My entire post was based on the thought of "rather than being a flaming asshole perhaps you should work WITH the users to make linux work." because if they are installing linux their is obviously a reason for it. your job as a sys-admin is to make shit work, what if linux works better for XYZ marketing crap than windows ? then what ?
you install a specific set of programs, same as on windows. thereby limiting the "variables" involved. you seem to think that Linux must have 3G worth of unused crap installed. you know what "NEEDS" to be installed in most cases is rather simple: X, gnome, evolution, mozilla, gaim, vim, ssh. thats it, if they need openoffice then stick that on there. just because kde is included as an install OPTION doesnt mean its needed. The job of the sysadmin is to get shit to work, but no sysadmin can support everything, and as such the realm of what is supported must be limited. simple as that.
As to your "no" policy... i seriously laugh at you. If your in the buisness of shooting down your users
you just completely missed the boat. my job is to make the shit that is neccasary work. sorry they by and large dont need to see the latest homestar cartoon. go away. some half shit un-needed third party crap is not my job, and them even trying to install it when their is already a working alternative is a waste of company time.
now that i can see the point of, but perhaps instead of viewing linux has a second teir "problem" he should talk to the people who installed it and find out what they can do.
i have a local gentoo build server with 2 python scripts, and some cron jobs my systems are updated daily on my home network (14 machines. varying from athlons, to mips, to alpha) (not running gentoo on the mips, that runs irix [octane])
>> Last time I checked, there weren't any imminent linux virus threats.
.... and linux and BSD run about 50% of the mid-range servers....)
> That attitude works up until the world gets surprised by the first real nasty one.
should i even bother explaining why it is damn near the most unlikely thing to happen in IT ? or should i just point out that _if_ a virus ever hits a unix there would be open source anti-virus software within a few days ? (few months max) or point out that the unix type of OS is about 30 years old. and to date there havent been any virus's in the "wild". (and dont give me that "not attractive target" for virus writers crap either, unix still runs mainframes, bank computers, ATM's etc
se the wonderful thing about linux is you dont have to run a damn thing as root, and the few things you do have to run as root can be chroot'd so the virus/worm can't do diddley. some linux distros come like this by default.
>> Desktop license management? I thought linux was free.
> Perhaps, if your time is worthless. But anyhow, he was refering to license management for any potential commercial software they may have
> illicitly installed.
oh please. take your gartner studies (microsoft funded BTW) and shove em'. the amount of time it takes to install and optimally config a std. linux system is in the hours worth of time. admining that same install MIGHT take 30minutes per month. windows ? yeah friggin right, pick one of their OS's if you spend less than two hours per month admining that box its vulnerable. this argument is moot. since anyone who is going to install linux by choice obviously wasnt bugging the IT guys and hence didnt need to be trained, so there is no time lost their.
Linux is FREE to any person who knows what they are doing, simply because spending the few hours it takes to install free's them of the years of misery that lies behind them, and the years that would have laid ahead of them if they had still been running windows.
actually your post is pretty much just FUD.
firstly you wouldnt have to worry about them installing a rogue DHCP server if you didnt give them root. As a matter of fact dont even install KDE if you dont need it. you really must have no experience with modern desktop linux installs, otherwise you would have known that: "Id also be thankfull not to be asked how to make packages work correctly between KDE, gnome, X, or whatever else joe moron decides to use" is rather retarded since most apps work fine nowadays, Redhat has a unified desktop which makes the "visual" differance between kde and gnome moot, and redhat would support any other issues you have if you bought a support contract. same as with any other OS.
as for streamlined management well you could simply run a local up2date server with cronjobs as neccasary, and run ssh locally on the clients so that when (and this will be very rare) there is an issue you can just ssh into the box and fix it.
i personally work at an outsourcing company, 3500 employees and we have about a 20% linux desktop install, growing slowly. why ? ease of administration. you have a policy that states what IT supports (evolution, mozilla, gaim etc) and whenever somebody asks for help with something not supported you point and say "No". And the best part is you dont have to have someone running around constantly re-imaging all of those windows boxes....
mod parent up as funny.
......
I'm hoping that was one heavy dose of sarcasm, otherwise
no worse than the average NT/2000/XP install.
and i highly doubt they were "unsecured", if these people went through the trouble of installing linux on a work machine they probably have moderate clue.
and im not going to point out that no matter how "secure" your personal workstations are, that once a cracker penetrates that far into your network your screwed.
this guy sounds like he is getting overly paraniod about something he more than likely doesnt understand.
and next on the "sad but true" list .....
I really find it amusing that they are targeting Rap/hip-hop/r&b more so than anything else. when typically the urban areas that generate that music have less money than the people who generate punk/emo/rock.
.....
I also love the fact that they aren't targeting the lesser known bands. in which case I'll crop the nirvana, NIN, and QOTSA out of my collection and continue to share the small time stuff
Works for me.
as far as dealing with the nvidia drivers there are no "stable" solutions that include using it. you basically have two choices;
1. use the unaccelerated 'nv' driver from the X install/kernel build.
2. forget nvidia and use ATI. i did, and i dont regret it for a second. i get 130fps in quake3 (running in linux, natively) on my athlon 1600+ with a radeon 9000. not much of a gamer, but the few i do play haul ass......
i think the problem with nvidias drivers is that they wrote them on their own. the ATI drivers were co-written by Xfree and ATI. hell ATI even has drivers available for the Fire series.
NOTE: the only pain i have with the ATI drivers is that everytime i upgrade my kernel i have to re-build the module, which is tedius.
NOTE2: if you run gentoo you can install the x 4.3 drivers for the ATI's via 'emerge ati-drivers'.
yeah i caught that. but i was actually refering to the article, which IIRC said crashed the OS as well. and most windows crashes that i have experienced (been a few years...) have been of the "WTF" variety. like when the kernel removes the running kernel from memory to conserve RAM. or when it drops the network stack. or when IE (MS: the browser is the OS) crashes and takes EVERYTHING with it.
most of any crashes *should* be caused by bad drivers. (i think its funny how us "low-rent" OSS developers actually write stabler drivers than the big corps. or at least thats been my experience)(READ: nvidia drivers)(ati's drivers work great IMO)
When I bought my car, the guy offered to knock off $1000 if I didn't take the warranty
i dont know where you are but in most places that is illegal, as is "bundling" a warranty charge, however proving the charge was bundled is damn near impossible.
i never said people should get upgrades for free. but if the honda breaks under warranty you get a new honda or it gets fixed(if it broke badly enough to warrant a new car) and there are also lemon laws in place to protect consumers of faulty purchases, another thing software doesnt have.
and yeah industrial software has a warranty, as do indutrial goods like back hoes and dump trucks. but so do commercial goods like TV's and stereo's. or even computer hardware.
customers should pay for upgrades. but updates (not feature add's) (especially security) should to be made available for free to the customer for at least 3 years. not doing so is like honda not fixing a leaking fuel rail, broken tie rods or a fscked tranny.