GENTOO LINUX does have problems, like the first one is that when you emerge things it does actually compile them into binaries (YUCK!) but luckily it turns on optimizations so it'll still run with reasonable speed. Until a decent C interpreter shows up we are going to be forever stuck using compiled binaries made by GCC
I can't tell you how many times a package upgrade has broken something like a mail server
Why not? Can you not count?:P
Been running gentoo for ~a year, server and desktop, and I've had nowhere near as many packaging problems as I had with mandrake and suse... The only time I had problems was when I updated the base system and used the new fstab instead of keeping the current one:/
The bug is like so (or I may be talking about a different bug, I'm not quite sure...): The page is loaded, the layout set in stone, and then any images that weren't quite ready get drawn on top. The problem is when the images that get drawn in the last stage are larger or smaller than expected, and they don't affect the layout. Hence images used for padding (a Very Bad Idea to begin with) sometimes mess up the layout if they don't load fast enough.
I've found that the average technical distro user tends to know a lot more than a user distro user, but there are always exceptions - I use gentoo because I know what I'm doing*, but the skript kiddies tend to think they know what they're doing because they use gentoo...
* and yes, I know. part of knowing what I'm doing is knowing how time wasting and inefficient compiling from source is; but in my case I've found that the side effects of compiling from source outweight the compile time - I'm not just being a stereotypical gentoo fanboy;)
But on topic, the fact that I user gentoo has little to do with my point - I was just saying how I expect a compiler as standard (and maybe the exploit author did too, hence the requirement of one), but that a regular user wouldn't; No elitism was intended.
And as far as I know,/all/ linux systems are vulnerable to clueless users downloading & running things they shouldn't...
WTF? I said "being a gentoo user, I'm used to having a compiler handy", NOT "being a gentoo user, me > *". The distro and myself have nothing to do with this, other than to point out the need for a compiler.
As to there being no user-oriented distros, I have a feeling you were just disargeeing with me because you were angry at my first comment; But to make things clear, I class distros like so:
User distros: Red Hat, Mandrake, Suse, etc
Dev distros: Gentoo, Slack, LFS, etc
The user distros, aimed at joe average (as is this type of attack), tend not to install gcc by default, and so this attack fails. The dev distros, aimed at those with a clue (not the target of this kind of attack) are the ones likely to have gcc, and hence are vulnerable to it.
Being a gentoo user, having a compiler is just something I expect to always be there; but then I remembered that this is a user-oriented distro.
What normal user has a compiler, sshd, and a terminal app installed, and the knowledge of how to use the command prompt, and then doesn't have the sense to avoid obviously bogus security updates?
a webservice for updates, akin to windowsupdate.com?
Nearly all of them do; and unlike windows update, the linux updates are for/all/ the software on the PC, not just the company's own stuff. They also tend to allow you to search through lists of heirachially organised trees of software, and install / uninstall at the check of a box, with dependancies and the like accounted for automatically.
Claiming to be sentient isn't necesarily being sentient; but how we can tell when something is is beyond me - how do we know that we're sentient ourselves, and we aren't just programs that are programmed to think that we are?
There seems to be a gradient from mechanical to sentient, so that no specific line can be drawn at an exact point between them; and yet I can't really comprehend someting being half-sentient. Thinking in some weird abstract trigonometery, the only explanation I can see is that both points are one, but that doesn't make much sense either...
If so are we no more than complex machines or is there something else?:-)
Until we can prove that there is a soul (or the more vague "something else"), I would think that we are indeed merely complex machines. I'm quite happy to be a complex machine, but many people aren't, and I don't know why:(
Reading all the replies about universal healthcare (everyone gets treated for free, with huge waiting lists) vs privatised (those who can pay get treated immediately) - why not just have both? I'm quite sure we have private healthcare in addition to the public stuff here in the UK, and it all seems to work quite well*...
* Works well compared to either system on it's own - our public health is a horribly under-funded mess, but it's better than nothing...
I'd like to see mac/pre/ osx compared - from what I heard (on slashdot, so I don't entirely trust it), the mac's use of safe strings (pascal style rather than null terminated) gave it no buffer overflows in the software, and thus a total of ~0 r00tings.
We have to do pascal, but having done a load of other languages I just can't stand it; all the excess verboseness like begin and end rather than {} puts me off - whereas most of the class spend a lesson doing 30-50 lines of pascal for a program, I just use 2 minutes of perl and have a 5-10 line script that does the same thing (normally better, and more readable; but then I have the advantage of having been programming for years and they're in their first weeks...)
And look at something else interesting: The mac made heavy use of a language that didn't allow buffer overflows. And how many buffer overflows were there? None.
We should learn from this
It really is time for someone to come up with a language as powerful as C, but with array bounds checking...
So encourages my teacher, but why? if you want to add a line afterwards, you'll need to add in a semicolon or face unexpected error messages - why not just put it there in the first place?
Also, sometimes I actually shock myself by writing code for an entire day and then having it compile w/o errors the first time!
Either you write simple code or you're a liar and/or a troll. Because the chances of that being true is (IMO) very small.
Actually, I've done that - ~2000 lines of stub code (empty functions, classes that contained nothing but the empty functions; one or two functions called the empty functions, etc) - I did the entire overview of the program in a single coding session, and then spent the next ~3 weeks filling in the actual code part of it.
Being very simple code-wise (ie, there was none), I could keep the overall design in mind at all times - that kept the logic bugs out too. With there being no functional code, and the logic being a single brainfull, the only bugs left were ~20 typos.
I would guess that coral only caches images and such, the html is always pulled from the site itself to make sute that it's always up-to-date. The down side of being up to date is that when it's slashdotted you get the most up-to-date error message. If people use the coral cache/before/ it gets slashdotted, it all works fine.
I would think that the point is downloading one copy for your own private use isn't as bad as taking a copy with the intent of spreading it to millions of other people; which seems to make sense to me at least...
Slashdot Mirror
TinyCC. Hurrah \o/
Why not? Can you not count? :P
Been running gentoo for ~a year, server and desktop, and I've had nowhere near as many packaging problems as I had with mandrake and suse... The only time I had problems was when I updated the base system and used the new fstab instead of keeping the current one :/
And gentoo is like that, how?
(Why do I get the feeling we shouldn't be giving advertisers ideas like this?)
The bug is like so (or I may be talking about a different bug, I'm not quite sure...): The page is loaded, the layout set in stone, and then any images that weren't quite ready get drawn on top. The problem is when the images that get drawn in the last stage are larger or smaller than expected, and they don't affect the layout. Hence images used for padding (a Very Bad Idea to begin with) sometimes mess up the layout if they don't load fast enough.
This doesn't use onmouseover; it still works with scripting turned off entirely
* and yes, I know. part of knowing what I'm doing is knowing how time wasting and inefficient compiling from source is; but in my case I've found that the side effects of compiling from source outweight the compile time - I'm not just being a stereotypical gentoo fanboy ;)
But on topic, the fact that I user gentoo has little to do with my point - I was just saying how I expect a compiler as standard (and maybe the exploit author did too, hence the requirement of one), but that a regular user wouldn't; No elitism was intended.
And as far as I know, /all/ linux systems are vulnerable to clueless users downloading & running things they shouldn't...
As to there being no user-oriented distros, I have a feeling you were just disargeeing with me because you were angry at my first comment; But to make things clear, I class distros like so:
User distros: Red Hat, Mandrake, Suse, etc
Dev distros: Gentoo, Slack, LFS, etc
The user distros, aimed at joe average (as is this type of attack), tend not to install gcc by default, and so this attack fails. The dev distros, aimed at those with a clue (not the target of this kind of attack) are the ones likely to have gcc, and hence are vulnerable to it.
What normal user has a compiler, sshd, and a terminal app installed, and the knowledge of how to use the command prompt, and then doesn't have the sense to avoid obviously bogus security updates?
Nearly all of them do; and unlike windows update, the linux updates are for /all/ the software on the PC, not just the company's own stuff. They also tend to allow you to search through lists of heirachially organised trees of software, and install / uninstall at the check of a box, with dependancies and the like accounted for automatically.
There seems to be a gradient from mechanical to sentient, so that no specific line can be drawn at an exact point between them; and yet I can't really comprehend someting being half-sentient. Thinking in some weird abstract trigonometery, the only explanation I can see is that both points are one, but that doesn't make much sense either...
How long until we can make a brain capable of operating EMACS?
Until we can prove that there is a soul (or the more vague "something else"), I would think that we are indeed merely complex machines. I'm quite happy to be a complex machine, but many people aren't, and I don't know why :(
Why yes, I am.
I think a far better moral dividing line is self-awareness; If you don't know that you exist, would you really have a problem with dying?
A petri dish of neurons is as much a concious being as a chip of transistors; so I vote neither.
* Works well compared to either system on it's own - our public health is a horribly under-funded mess, but it's better than nothing...
I'd like to see mac /pre/ osx compared - from what I heard (on slashdot, so I don't entirely trust it), the mac's use of safe strings (pascal style rather than null terminated) gave it no buffer overflows in the software, and thus a total of ~0 r00tings.
We have to do pascal, but having done a load of other languages I just can't stand it; all the excess verboseness like begin and end rather than {} puts me off - whereas most of the class spend a lesson doing 30-50 lines of pascal for a program, I just use 2 minutes of perl and have a 5-10 line script that does the same thing (normally better, and more readable; but then I have the advantage of having been programming for years and they're in their first weeks...)
We should learn from this
It really is time for someone to come up with a language as powerful as C, but with array bounds checking...
So encourages my teacher, but why? if you want to add a line afterwards, you'll need to add in a semicolon or face unexpected error messages - why not just put it there in the first place?
Either you write simple code or you're a liar and/or a troll. Because the chances of that being true is (IMO) very small.
Actually, I've done that - ~2000 lines of stub code (empty functions, classes that contained nothing but the empty functions; one or two functions called the empty functions, etc) - I did the entire overview of the program in a single coding session, and then spent the next ~3 weeks filling in the actual code part of it.
Being very simple code-wise (ie, there was none), I could keep the overall design in mind at all times - that kept the logic bugs out too. With there being no functional code, and the logic being a single brainfull, the only bugs left were ~20 typos.
I would guess that coral only caches images and such, the html is always pulled from the site itself to make sute that it's always up-to-date. The down side of being up to date is that when it's slashdotted you get the most up-to-date error message. If people use the coral cache /before/ it gets slashdotted, it all works fine.
How hard does a lawyer work? How hard does someone who's a waiter, a shop attendant and a garbage dude in 3 part time jobs work?
"To be or to be? Not zero."?
#include <stdio.h>
void main() {printf("0x%X\n", 0x2B | ~0x2B);}
I would think that the point is downloading one copy for your own private use isn't as bad as taking a copy with the intent of spreading it to millions of other people; which seems to make sense to me at least...