Which is why they shouldnt of gone with Lindows. Had this been a debian install, you could of forced an apt-get upgrade on first boot (and then maybe weekly).
Of course, this might be possible with whatever Lindows' package manager is, but I really dont know.
"And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."
Uh, No.
RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one. Most big name bandwidth providers are now rate limiting icmp.
Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.
I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?
Give us the choice and let the few abuse it and the many enjoy it.
Theo has a horrible track record, I wouldnt trust him to secure my porn collection. That openssh hole wasnt the first remote root on openbsd, just the first one that was too big for theo to deny and silently patch to keep his ego up. Compare old(vuln) talkd in openbsd to current. No security professional worth anything would honestly say they trust any code theo is at all responsible for.
For anyone looking for a good alternative: telnet over an ssl tunnel or vpn.
I do some webhosting, and we offer some of the most reliable service our customer has seen. Our machine uptime doesnt hit more than 6months usually (about how often something comes up that requires a reboot), but we dont care. Downtime is more important. Who cares how long you machines been up if it was only down for 4 minutes at 3am?
He doesnt have to, sendmail will do it for him. Of course, anyone masochistic enough to run sendmail is smart enough to give it its own uid, but if your kernel will give root to anyone that asks whats the point?
Of course no one actually runs sendmail in a secure enviroment, but theres always bugs in everything. Any remote command execution is remote root if you have a vuln kernel. And sometimes giving shell access is unavoidable (eg, hosting companies).
Even webhosting companies need to give shell access -- php has exec and cgi really is just a web based shell.
I remember a few of the details. It involved overwriting the kernel thats live in memory while its still running. I dont remember if it was linux or some bsd that it was done with, but I know its worked for some people. Its just a huge risk, and not really worth it -- reliability isn't uptime.
Stop asking for support in a non-support channels.
If someone asks for help in my chat channel, I have no obligations to help. If I'm in a good mood you're in luck, otherwise I might just point you to a consulting pricelist. This used to be more true back when my channel had more focus (official channel for the brained.org provider), less so now that I'm just suprised someones talking. Back then though, it was exactly as you described. I could ask anything and get a straight answer (and a few sarcastic ones for good measure), but if someone new joins they'd get an rtfm. You cant blame us though, we were on the same network as hackers.com's chat, so the inflow of people that just wanted to hack hotmail was scarey.
On the other hand, if someone asks a question I know while I'm in an official support channel (anywhere on freenode, basicly) I'll answer it.
You're vulnerable to the ptrace exploit, among others.
The key to reliability is not uptime but redunancy. I'd rather have an array of 10 servers with 20day uptimes each cycling their reboots than on server with a 200day uptime suffering from old vulnerabilities and other problems that come with age.
They have no MX record, so your mailserver should bounce it anyways. If on the off chance your mailserver is stupid enough to send it to an A record, their smtpd bounces it in a non-inteligent manner.
"What will replace IM?" A stack of kiddieporn mags? Thats about all IM is good for.
IRC is still the best chat tool, and fail that theres always ytalk. If anythings going to replace IRC, it would be a truely new system, but would probably end up a lot like irc is now.
All of those are peer to peer. All the server has to do is pass long the PRIVMSG from one client to the other announcing it. As for the free IRC server that can handle it, I have no doubt Hybrid7(ircd-hybrid.org) could handle it.
For anyone wondering why the name sounds familure, this is the format all games originating from Quake use. That covers q1, q2, q3, hl+mods, hl2, jk2, rtcw, and everything between.
I agree, and it's really sad to see Nintendo be the console that lived. I think Nintendo should of pulled a sega instead of releasing the gamecube, and sega should of put out another console. Segas always lead the game with hardware innovations (Online gaming, LCDs on memory cards that plug into your controller in a way that you can still see the lcd,etc). Its a shame they decieded to go software only instead of Nintendo.
" It pissed me off when Gamespot or IGN or someone named Gordon Freeman the coolest game character ever or something. Because he's not an actual character!"
The way halflife ends out forces him to be a cool character. You cant just go around killing scientists and win the game (well, some are expendable, but realisticly..) You cant hide in a corner until it all ends. You must get to the surface, you must save the scientists, you must save humanity.
Try 'renice -10 xmms' as root. A lot of what the schedualing stuff does relies on nice levels. man nice for a full description, but basicly a lower nice level is higher priority, max is -10.
The kernel also learns what tasks are interactive based on how often they sleep, but they should also respect nice level.
I generaly keep X at -5, mozilla at -5, and xmms at -10
" 2.4 never skips for me. How can skipping in the first thirty seconds be better than never skipping?" They're refering to skipping under load (think compiling a kernel, transcoding video, decompressing large data, etc).
In 2.6, it skips for the first 30secs before the schedualer can see that its an interactive task. In 2.4, it skips until the song is done because the kernel isnt much on caring about 'interactive tasks'.
" "Diablo", "Master of Magic", and to some extent "Age Of Wonders: Shadow Magic" are some other games that stand out in mind as having an excellent, enjoyable random level design. "
Offtopic, But check out diablo2 LOD 1.10 patch (probably still in public beta, I stopped following it).
Its mostly the same until you get to hell when they really upped the randomization. Now theres more random monsters that wernt even on the act before, each gaining some more random abilities. Really adds onto the randomly designed(well, randomly chosen in some parts) levels.
Twice the money? Try half. If they sell both than no one will buy CS:CZ because it looks like ass. CZ really is just 1.6 singleplayer, and cs is getting really old now. If they release it for free, It keeps gamers occupied for the rest of the month when they can buy hl2. (And by free, I include the possibility of requring a current hl cdkey)
" is it just me or are the player models fatter than the pc version. Or is it just the horrible screenshots that gamespot provides."
CS has always been insanely out of perportion. When you make all the textures look good the unrealisticness of it all shines through Take a look at this screenshot for example. So theres a ledge on the ground up to his knees(+2 points for whoever can think of something in real life that has a structure like that) and a flamible barrel bigger than he is.. with boxes that dwarf them also. It makes much better gameplay, but just looks silly with pretty textures. Hopefully the game will be fast paced enough that you dont notice, like current counterstrike. Take a look at de_cbble some time, the map is supposed to be a persons house yet the door way are atleast twice as tall and three times as wide as you are. again, better gameplay.
Theres something really odd. CS:CZ's release date is sometime this month. So is HalfLife2. Valve isnt/that/ stupid, so I think theyre bundling it. I'm thinking either condition zero will ship with hl2 or condition zero will be pushed over steam this wednesday. Theres no way valve will try to compete with their own game, It just wont work.
The CS:CZ models can be seen on here for comparison
A Gamespy article backs this up by saying "On the multiplayer side, Condition Zero will contain ten new Counter-Strike maps, available exclusively through the retail package. For current Counter-Strike players, a v1.6 patch should be released right around the same time the game hits shelves, ensuring online compatibility between the two games. When When we spoke with Valve a few weeks back, they mentioned that they would likely release some of these maps to the public, perhaps one very few weeks. The guys at Ritual confirmed that this was a possiblity, but nothing official has been decided yet. It's worth pointing out that Valve has historically been pretty generous with this kind of thing, and we be surprised if an official map or two wasn't released to the community within weeks of CZ hitting shelves. "
So I'm thinking they are going to push cs:cz over steam, Possibly for free or maybe just at a very low cost. Theres no way you can sell it retail with HL2 coming out in mere weeks.
(This post is mostly so come wednesday if I'm right I can link to this, heh)
Well, As a debian user I enjoy that a default debian netinstall is empty. Nothings enabled or even installed that I dont like. OpenBSD style (ship with everything, enable nothing) sort of works to, and I'd prefer it in windows actually.
The difference is these are all things you can change. Once an isp starts filtering, you're screwed. It would be like if microsoft patched the iloveyou worm by forcing everyone to uninstall outlook.
"And what's with all the negativity? Unless you try and frame things in a constructive mode, how's the world going to be improved by your comment?" Sorry, I neglected to explain my perspective/experience.
I used to admin a small free shell provider(BrainED.org for those keeping track at home). It ran off a roadrunner buisness line. When CodeRed came out they decieded they should kill everyones port 80, even the people paying the insane amount for a buisness line. We complained many times, even had a decent chunk of our customers complain, but nothing ever came from it. I think that was the first step of the downside to brained, so I'm still not fond of port filtering.
Thats not security, thats removing a feature. If you want 'secure by default' try filtering out all connections from windows machines -- Thats also secure by removing features, just a greater extent. Filtering ports is just another step to the path of 'ISP' meaning direct connection to the email they want you to see, the webpages their proxy allows, and the IM they want you to have. I'd much rather they just provide the service and let whats done with it be up to the users.
As for fixing the 'current state' -- Let users control firewall rules concerning their line. If someones being packeted with syns from random source with a static dest port of 113, they should be able to make their isp drop all of them.
People dont realise that when an isp filters a port, its NOT optional. You can call and complain all you like, good luck even finding someone that understands what you're complaining about let alone having it enabled for you.
You say that like they want you to. You can either sign up for their SDK and be tracked by a key and arbitrarily limited to 100 uses/day (really not much for some applications), or you can write something to try to pretend to be a browser. But they're activly trying to break that. You'll note anything with an LWP(popular header from a perl module) header gets a 403 forbidden. Why would a company who is based on bot use suddenly not like bots so much? It is of course easy as all hell to get around this, but we shouldnt have to. We, the tech sector, MADE google. They would be nowhere without our support. Now they're trying to backstab us slowly. Thanks google.
Slashdot Mirror
Which is why they shouldnt of gone with Lindows.
Had this been a debian install, you could of forced an apt-get upgrade on first boot (and then maybe weekly).
Of course, this might be possible with whatever Lindows' package manager is, but I really dont know.
"And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."
Uh, No.
RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one.
Most big name bandwidth providers are now rate limiting icmp.
Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.
I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?
Give us the choice and let the few abuse it and the many enjoy it.
Because security through denial is not security.
Theo has a horrible track record, I wouldnt trust him to secure my porn collection. That openssh hole wasnt the first remote root on openbsd, just the first one that was too big for theo to deny and silently patch to keep his ego up.
Compare old(vuln) talkd in openbsd to current.
No security professional worth anything would honestly say they trust any code theo is at all responsible for.
For anyone looking for a good alternative: telnet over an ssl tunnel or vpn.
But uptime still != reliability.
I do some webhosting, and we offer some of the most reliable service our customer has seen. Our machine uptime doesnt hit more than 6months usually (about how often something comes up that requires a reboot), but we dont care. Downtime is more important. Who cares how long you machines been up if it was only down for 4 minutes at 3am?
He doesnt have to, sendmail will do it for him. Of course, anyone masochistic enough to run sendmail is smart enough to give it its own uid, but if your kernel will give root to anyone that asks whats the point?
Of course no one actually runs sendmail in a secure enviroment, but theres always bugs in everything. Any remote command execution is remote root if you have a vuln kernel. And sometimes giving shell access is unavoidable (eg, hosting companies).
Even webhosting companies need to give shell access -- php has exec and cgi really is just a web based shell.
I remember a few of the details. It involved overwriting the kernel thats live in memory while its still running. I dont remember if it was linux or some bsd that it was done with, but I know its worked for some people. Its just a huge risk, and not really worth it -- reliability isn't uptime.
Stop asking for support in a non-support channels.
If someone asks for help in my chat channel, I have no obligations to help. If I'm in a good mood you're in luck, otherwise I might just point you to a consulting pricelist. This used to be more true back when my channel had more focus (official channel for the brained.org provider), less so now that I'm just suprised someones talking. Back then though, it was exactly as you described. I could ask anything and get a straight answer (and a few sarcastic ones for good measure), but if someone new joins they'd get an rtfm.
You cant blame us though, we were on the same network as hackers.com's chat, so the inflow of people that just wanted to hack hotmail was scarey.
On the other hand, if someone asks a question I know while I'm in an official support channel (anywhere on freenode, basicly) I'll answer it.
You're vulnerable to the ptrace exploit, among others.
The key to reliability is not uptime but redunancy. I'd rather have an array of 10 servers with 20day uptimes each cycling their reboots than on server with a 200day uptime suffering from old vulnerabilities and other problems that come with age.
They have no MX record, so your mailserver should bounce it anyways. If on the off chance your mailserver is stupid enough to send it to an A record, their smtpd bounces it in a non-inteligent manner.
"What will replace IM?"
A stack of kiddieporn mags? Thats about all IM is good for.
IRC is still the best chat tool, and fail that theres always ytalk. If anythings going to replace IRC, it would be a truely new system, but would probably end up a lot like irc is now.
All of those are peer to peer. All the server has to do is pass long the PRIVMSG from one client to the other announcing it.
As for the free IRC server that can handle it, I have no doubt Hybrid7(ircd-hybrid.org) could handle it.
wget http://incoming.debian.org/ssh_3.6.1p2-6.0_i386.de b
dpkg -i ssh_3.6.1p2-6.0_i386.deb
Might only work on sid.
For anyone wondering why the name sounds familure, this is the format all games originating from Quake use.
That covers q1, q2, q3, hl+mods, hl2, jk2, rtcw, and everything between.
I agree, and it's really sad to see Nintendo be the console that lived. I think Nintendo should of pulled a sega instead of releasing the gamecube, and sega should of put out another console. Segas always lead the game with hardware innovations (Online gaming, LCDs on memory cards that plug into your controller in a way that you can still see the lcd,etc). Its a shame they decieded to go software only instead of Nintendo.
"
It pissed me off when Gamespot or IGN or someone named Gordon Freeman the coolest game character ever or something. Because he's not an actual character!"
The way halflife ends out forces him to be a cool character. You cant just go around killing scientists and win the game (well, some are expendable, but realisticly..)
You cant hide in a corner until it all ends. You must get to the surface, you must save the scientists, you must save humanity.
Try 'renice -10 xmms' as root.
A lot of what the schedualing stuff does relies on nice levels.
man nice for a full description, but basicly a lower nice level is higher priority, max is -10.
The kernel also learns what tasks are interactive based on how often they sleep, but they should also respect nice level.
I generaly keep X at -5, mozilla at -5, and xmms at -10
" 2.4 never skips for me. How can skipping in the first thirty seconds be better than never skipping?"
They're refering to skipping under load (think compiling a kernel, transcoding video, decompressing large data, etc).
In 2.6, it skips for the first 30secs before the schedualer can see that its an interactive task.
In 2.4, it skips until the song is done because the kernel isnt much on caring about 'interactive tasks'.
" "Diablo", "Master of Magic", and to some extent "Age Of Wonders: Shadow Magic" are some other games that stand out in mind as having an excellent, enjoyable random level design. "
Offtopic, But check out diablo2 LOD 1.10 patch (probably still in public beta, I stopped following it).
Its mostly the same until you get to hell when they really upped the randomization. Now theres more random monsters that wernt even on the act before, each gaining some more random abilities.
Really adds onto the randomly designed(well, randomly chosen in some parts) levels.
Twice the money? Try half. If they sell both than no one will buy CS:CZ because it looks like ass. CZ really is just 1.6 singleplayer, and cs is getting really old now. If they release it for free, It keeps gamers occupied for the rest of the month when they can buy hl2. (And by free, I include the possibility of requring a current hl cdkey)
" is it just me or are the player models fatter than the pc version. Or is it just the horrible screenshots that gamespot provides."
CS has always been insanely out of perportion. When you make all the textures look good the unrealisticness of it all shines through
Take a look at this screenshot for example. So theres a ledge on the ground up to his knees(+2 points for whoever can think of something in real life that has a structure like that) and a flamible barrel bigger than he is.. with boxes that dwarf them also. It makes much better gameplay, but just looks silly with pretty textures.
Hopefully the game will be fast paced enough that you dont notice, like current counterstrike. Take a look at de_cbble some time, the map is supposed to be a persons house yet the door way are atleast twice as tall and three times as wide as you are. again, better gameplay.
Theres something really odd. /that/ stupid, so I think theyre bundling it. I'm thinking either condition zero will ship with hl2 or condition zero will be pushed over steam this wednesday. Theres no way valve will try to compete with their own game, It just wont work.
CS:CZ's release date is sometime this month. So is HalfLife2.
Valve isnt
These screenshots just further help my theory -- Those are condition zero models and maps, but with some multiplayer maps
de_prodigy
de_dust
de_chateau
de_chateau
de_aztec(with the 1.6 bridge)
The CS:CZ models can be seen on here for comparison
A Gamespy article backs this up by saying
"On the multiplayer side, Condition Zero will contain ten new Counter-Strike maps, available exclusively through the retail package. For current Counter-Strike players, a v1.6 patch should be released right around the same time the game hits shelves, ensuring online compatibility between the two games. When When we spoke with Valve a few weeks back, they mentioned that they would likely release some of these maps to the public, perhaps one very few weeks. The guys at Ritual confirmed that this was a possiblity, but nothing official has been decided yet. It's worth pointing out that Valve has historically been pretty generous with this kind of thing, and we be surprised if an official map or two wasn't released to the community within weeks of CZ hitting shelves. "
So I'm thinking they are going to push cs:cz over steam, Possibly for free or maybe just at a very low cost. Theres no way you can sell it retail with HL2 coming out in mere weeks.
(This post is mostly so come wednesday if I'm right I can link to this, heh)
Well, As a debian user I enjoy that a default debian netinstall is empty. Nothings enabled or even installed that I dont like. OpenBSD style (ship with everything, enable nothing) sort of works to, and I'd prefer it in windows actually.
The difference is these are all things you can change. Once an isp starts filtering, you're screwed. It would be like if microsoft patched the iloveyou worm by forcing everyone to uninstall outlook.
"And what's with all the negativity? Unless you try and frame things in a constructive mode, how's the world going to be improved by your comment?"
Sorry, I neglected to explain my perspective/experience.
I used to admin a small free shell provider(BrainED.org for those keeping track at home). It ran off a roadrunner buisness line. When CodeRed came out they decieded they should kill everyones port 80, even the people paying the insane amount for a buisness line. We complained many times, even had a decent chunk of our customers complain, but nothing ever came from it. I think that was the first step of the downside to brained, so I'm still not fond of port filtering.
Thats not security, thats removing a feature. If you want 'secure by default' try filtering out all connections from windows machines -- Thats also secure by removing features, just a greater extent.
Filtering ports is just another step to the path of 'ISP' meaning direct connection to the email they want you to see, the webpages their proxy allows, and the IM they want you to have. I'd much rather they just provide the service and let whats done with it be up to the users.
As for fixing the 'current state' -- Let users control firewall rules concerning their line. If someones being packeted with syns from random source with a static dest port of 113, they should be able to make their isp drop all of them.
People dont realise that when an isp filters a port, its NOT optional. You can call and complain all you like, good luck even finding someone that understands what you're complaining about let alone having it enabled for you.
You say that like they want you to.
You can either sign up for their SDK and be tracked by a key and arbitrarily limited to 100 uses/day (really not much for some applications), or you can write something to try to pretend to be a browser.
But they're activly trying to break that. You'll note anything with an LWP(popular header from a perl module) header gets a 403 forbidden. Why would a company who is based on bot use suddenly not like bots so much?
It is of course easy as all hell to get around this, but we shouldnt have to. We, the tech sector, MADE google. They would be nowhere without our support. Now they're trying to backstab us slowly. Thanks google.