The only thing this article has made me do was realize that outlook doesn't have threads. I guess I got so accustomed to almost ALL OTHER EMAIL CLIENTS out there having this feature. I mean really am I missing something here? Is there some kind of real innovation/invention there? Isn't this the default everywhere now? How can anyone even imagine that this is something new. Please someone tell me I'm wrong and this is a revolutionary idea, because otherwise this is probably the silliest announcement ever.
Coming Up Next...Man discovers fire, forsees revolution in industry, technology and food preparation!!!!
Re:Strength and respect are not the same.
on
Saddam Hussein Arrested
·
· Score: 4, Insightful
When Stalin died those hundreds of thousands of people on the streets weren't there by force, the country was so brainwashed that people cried truthfully. You can still find WW2 veterans who see him as a God, even after seeing their own friends and family killed or iomprisoned for life. If you want a nice English explanation of the real horror of the Soviet regime, read the last part of "1984" where the difference between the Inquisition, the fascists and communists is explained.
And with regard to America it is not about respect now, it's about other countries not having the same clout and failing even after starting a huge public relations battle against the US. It's interesting to note that the countries leading the anti-American/anti-Bush crusade are the ones who are most threatened by a strong US presence in various parts of the world. France isn't exactly falling over itself to go against America because of high moral values, rather it has to appear nice to it's large muslim population as well as making sure that it's not completely powerless in the new century.
As for Russia well I think anyone can see the huge insult that ignoring the wishes of an ex-world power would be to them. Not to mention that the presence of large amounts of American troops in areas which they historically had a lot of influence in and which they had always supported and strategically valued is just something they have to control if they wish to keep any kind of status or power in the region.
There are very few countries opposing Bush for humanitarian reason, though they'd like the world to think so. They want to do the same exact thing America does, to have the military power to push their own interests and the economic power to control all the emerging countries. I mean everyone calls the US imperialistic and bent of waging illegal wars yet no one remembers French atrocities against Algerians who wanted their freedom. Or what exactly the French Foreign legion does in Africa or what the Russians do in Chechnya. In the end every government only thinks strategically, and anyone who thinks otherwise is either naive or a fool. While president's might spout great humanistic speaches or make up excuses about WMDs it's all about strategy. For the US is ideal strategy to be able to have a controlling circle of countries around Iran and to make sure potential terrorist bases are taken out where possible. It's strategically important to have a successfull non-Jewish democratic state in the region to act as an example, and it's strategically important to have army bases that are in well controlled countries instead of Turkey and Saudi Arabia. The other countries want the same things but don't have the clout, either military or financial to achieve them and that's why they are so against American dominance in the most energetically important region in the world. If I were Putin I'd be pissing in my pants about Bush or a Free Iraq throwing cheap Iraqi oil on the market, in one fell swoop killing the nascent Russian economy. If I were Chirac I'd be deathly afraid of my huge Arab population making trouble or of loosing hundreds of lucrative deals with embargoed governments in that region, I mean who would they supply nuclear reactors to, other then unstable maniacal leaders.
seem to be responsible for this breakin. The information has already been posted to Bugtraq by a gentoo team member.
Here is the post text:
Background
The rsync team has received evidence that a vulnerability in rsync was
recently used in combination with a Linux kernel vulnerability to
compromise the security of a public rsync server. While the forensic
evidence we have is incomplete, we have pieced together the most
likely way that this attack was conducted and we are releasing this
advisory as a result of our investigations to date.
Our conclusions are that:
- rsync version 2.5.6 contains a heap overflow vulnerability that can
be used to remotely run arbitrary code.
- While this heap overflow vulnerability could not be used by itself
to obtain root access on a rsync server, it could be used in
combination with the recently announced brk vulnerability in the
Linux kernel to produce a full remote compromise.
- The server that was compromised was using a non-default rsyncd.conf
option use chroot = no. The use of this option made the attack on
the compromised server considerably easier. A successful attack is
almost certainly still possible without this option, but it would
be much more difficult.
Please note that this vulnerability only affects the use of rsync as a
rsync server. To see if you are running a rsync server you should
use the netstat command to see if you are listening on TCP port
873. If you are not listening on TCP port 873 then you are not running
a rsync server.
New rsync release
-----------------
In response we have released a new version of rsync, version
2.5.7. This is based on the current stable 2.5.6 release with only the
changes necessary to prevent this heap overflow vulnerability. There
are no new features in this release.
We recommend that anyone running a rsync server take the following
steps:
1) update to rsync version 2.5.7 immediately
2) if you are running a Linux kernel prior to version 2.4.23 then
you should upgrade your kernel immediately. Note that some
distribution vendors may have patched versions of the 2.4.x
series kernel that fix the brk vulnerability in versions before
2.4.23. Check with your vendor security site to ensure that you
are not vulnerable to the brk problem.
3) review your/etc/rsyncd.conf configuration file. If you are
using the option use chroot = no then remove that line or
change it to use chroot = yes. If you find that you need that
option for your rsync service then you should disable your rsync
service until you have discussed a workaround with the rsync
maintainers on the rsync mailing list. The disabling of the
chroot option should not be needed for any normal rsync server.
The patches and full source for rsync version 2.5.7 are available from
http://rsync.samba.org/ and mirror sites. We expect that vendors will
produce updated packages for their distributions shortly.
Credits
-------
The rsync team would like to thank the following individuals for their
assistance in investigating this vulnerability and producing this
response:
Timo Sirainen <tss iki.fi>
Mike Warfield <mhw wittsend.com>
Paul Russell <rusty samba.org>
Andrea Barisani <lcars gentoo.org>
Regards,
Can't argue with that. Having a glossy, day-glo orange card with half naked girls on them and a designed by versace stamp is definitely going to eat into your budget.
A regular white stock with a two color logo and the requisite information should go around $50 for printing 250-500 depending on the deal you get of course. The design might be a small problem if you're completly untalented in that area. I guess we were lucky in that at least one of the founders of the company is a pretty good designer:)
I have to say that business cards are a necessary expense. You wouldn't believe how many times I've been talking to someone about my business and realizing that I don't have a business card with me after they've asked for one. If you want people to remember you, don't rely on their memories, make sure they have all of your info on paper.
Better yet, how does everyone handle printouts? Thousands of pages of printouts. With the abundance of manuals, how-tos and books online for everything from MySQL and Zope to Python to anything from Safari how does anyone organize the huge stacks of printouts that can accumulate if one has the audacity to print these out instead of destroying their eyes trying to read them on the screen?
Wouldn't increasing the intelligence of routing hardware enough to limit DoS emanating from single home machines also give the ISPs a lot more insentive to block home run servers, p2p clients, check for NAT and make sure you don't visit "unsavory" locations on the net?
Well seeing how MicroFocus makes a version of COBOL to run on basically PCs and migrating the big iron COBOL to MicroFocus COBOL is not that hard, this does seem to be an interesting migration path.
"... I read that Linux has issued 25 patches so far this year, so what is to be gained by switching?..."
The fact that people are still confusing the conglomeration of multiple vendor, developer and enthusiast provided packages we call Linux and the single source, no other choice, Windows product is just another sign that most higher leve executives are not well informed of the basic differences between Linux/Open Source type software and the Microsoft provided products.
The simple fact that you are free to choose from *multiple* desktops, or software management, or userspace software solutions to your problems is incredibly different from getting a system stuck full of software that probably 80% of users or even developers have no idea of how it works. The vulnerabilities in "Linux" are of course various software package problems. Lumping them all together as Linux is the same as comparing the vulnerability rates of ALL the Windows software out there. It's preposterous to compare the systems without the users being informed oif what is really being compared.
"...An even cuter comparison is with this, a $50,000+ system built using 70 PlayStation2 units. Not only does KASY0 have a vastly superior network and significantly higher floating point performance per node (8 GFLOPS vs. 6.5 GFLOPS for the PS2), but we get LOTS more nodes!..."
emerge -upD world will do the same exact thing as installing from this cd. ie it will rebuild all software to the latest version available in portage.
Whether you would really want to do this and ruin your beautifull, stable system is, of course, up to you:)
Yeah this would be a great computer, except that for the same price{-monitor} you can build a nice athlonxp machine. Motherboard $100, HD 40GB $100, athlon xp 2400 $100[with sink+fan], case $50, cdrw 48x $50, 512MB ram $100, $100 geforce 4. total ~$600 for good kit and I can play games on it:)
but it's interesting that there doesn't seem be an easy way for Linux to also offer this kind of file system. Sure you might say it's useless and what we have is good enough but say it was a good and usefull system (having it in a database seems to offer a large potential for interesting metadata/application interfaces to files) how would Linux developers go about implementing this in Linux? I mean no one company controls the kernel and a large database project like MySQL, and it seems that there would have to be pretty tight integration between those two parts for this kind of FS. Well this is just a thought, but theres no need to flame away at the actual idea but assuming it is valid how would we go about doing it on Linux?
I mean common, the suggestions were clearly chosen by a bunch of people who had to make sure nothing radical or anti-CRIA was proposed and instead fell back on completely unrealistic(if not idiotic-fill the net with hacked mp3s that destroy your computer? what are we hunting replicants here?)proposals. This last chance to save an industry that isn't dying but does need to change to fit the times. I mean look at China, they don't even think about major cd releases there. Whatever, in 10 years this won't matter at all, either the mus industry changes itself, or it changes the laws. Either way I'm sure they'll still be around.
The markup is around $200US considering that it costs an equivalent of ~$460 in Japan and $700 from dynamism. The modification to Enlish doesn't matter if you plan on running OpenZaurus and if you don't for most Qtopia applications there's one file to change in the home dir. The one year warranty is great but not for $200. Now I'm not knocking on Dynamism which does bring a lot of technology from overseas that US buyers wouldn't have access to otherwise, but for this particular product I'd rather wait for a US release. Or maybe get a Japanese friend to plan a trip back home:)
Sure hit Linux users where it hurts the most...games!!!
Now theres less and less chance for Linux compatible games. Its gonna be Linux for office/technical stuff and Windows for gaming...ohh wait:)
Linux is great and all but did anyone take a look at the tank/apc/mobile rocket launcher platforms at the bottom. Either those are some kind of hovercraft or armored treads. I think everyone can agree that having a tank look like it was designed by anime artists is way cooler then any of this Linux stuff:)
Not undervaluing the human tragedy in this disaster, which is horrible. IF it doesn't land safely which it most likely won't, American space exploration could be set back for a decade or more. With the proposed scrapping/freezing of the ISS the only country going into manned space missions will be China.
This article illustrates the biggest rift in ideas between the former Soviet Union and Eastern Block science fiction and Western and in particular science fiction. Soviet sci-fi was the only medium for a somewhat freer expression of ideas and critisizm then most other literary channels and so veiled in otherworldly travels the reader in fact finds very deep commentary on society and technology. Unlike American sci-fi classic Soviet sci-fi rarely goes into the technology or alien biology but instead is much more preocuppied by its effect on people and it's representation of other types of societal order. I would suggest to anyone who would care about this to read Arkady and Boris Strugatski's books such as "Inhabitted Island", "Hard to be a god" and "Picnic by the roadside" the last of which was filmed by Tarkovsky as "Stalker". These are the books which are the most understandable by Western readers and with a good translation are incredibly interesting to read.
is a good HOW-TO on getting those nifty AOL tin cases. I'd receive ten thousand AOL cds a day if only they sent them in tins...on second thought they can keep the cds:)
Wine doesn't actually change the resolution. It does the same thing you can do by pressing Alt Ctrl -/+, except that it captures the mouse and keyboard and doesn't let you scroll out of the window that your game is running in.
A mythical bird that brought peace and calmness to the sea. Staying with the mythical bird naming I think this would be a pretty nice name for a browser that could bring peace and calmness to the browser world:):):). Maybe not peace....
Slashdot Mirror
The only thing this article has made me do was realize that outlook doesn't have threads. I guess I got so accustomed to almost ALL OTHER EMAIL CLIENTS out there having this feature. I mean really am I missing something here? Is there some kind of real innovation/invention there? Isn't this the default everywhere now? How can anyone even imagine that this is something new. Please someone tell me I'm wrong and this is a revolutionary idea, because otherwise this is probably the silliest announcement ever.
Coming Up Next...Man discovers fire, forsees revolution in industry, technology and food preparation!!!!
When Stalin died those hundreds of thousands of people on the streets weren't there by force, the country was so brainwashed that people cried truthfully. You can still find WW2 veterans who see him as a God, even after seeing their own friends and family killed or iomprisoned for life. If you want a nice English explanation of the real horror of the Soviet regime, read the last part of "1984" where the difference between the Inquisition, the fascists and communists is explained.
And with regard to America it is not about respect now, it's about other countries not having the same clout and failing even after starting a huge public relations battle against the US. It's interesting to note that the countries leading the anti-American/anti-Bush crusade are the ones who are most threatened by a strong US presence in various parts of the world. France isn't exactly falling over itself to go against America because of high moral values, rather it has to appear nice to it's large muslim population as well as making sure that it's not completely powerless in the new century.
As for Russia well I think anyone can see the huge insult that ignoring the wishes of an ex-world power would be to them. Not to mention that the presence of large amounts of American troops in areas which they historically had a lot of influence in and which they had always supported and strategically valued is just something they have to control if they wish to keep any kind of status or power in the region.
There are very few countries opposing Bush for humanitarian reason, though they'd like the world to think so. They want to do the same exact thing America does, to have the military power to push their own interests and the economic power to control all the emerging countries. I mean everyone calls the US imperialistic and bent of waging illegal wars yet no one remembers French atrocities against Algerians who wanted their freedom. Or what exactly the French Foreign legion does in Africa or what the Russians do in Chechnya. In the end every government only thinks strategically, and anyone who thinks otherwise is either naive or a fool. While president's might spout great humanistic speaches or make up excuses about WMDs it's all about strategy. For the US is ideal strategy to be able to have a controlling circle of countries around Iran and to make sure potential terrorist bases are taken out where possible. It's strategically important to have a successfull non-Jewish democratic state in the region to act as an example, and it's strategically important to have army bases that are in well controlled countries instead of Turkey and Saudi Arabia. The other countries want the same things but don't have the clout, either military or financial to achieve them and that's why they are so against American dominance in the most energetically important region in the world. If I were Putin I'd be pissing in my pants about Bush or a Free Iraq throwing cheap Iraqi oil on the market, in one fell swoop killing the nascent Russian economy. If I were Chirac I'd be deathly afraid of my huge Arab population making trouble or of loosing hundreds of lucrative deals with embargoed governments in that region, I mean who would they supply nuclear reactors to, other then unstable maniacal leaders.
seem to be responsible for this breakin. The information has already been posted to Bugtraq by a gentoo team member. Here is the post text:
/etc/rsyncd.conf configuration file. If you are
using the option use chroot = no then remove that line or
change it to use chroot = yes. If you find that you need that
option for your rsync service then you should disable your rsync
service until you have discussed a workaround with the rsync
maintainers on the rsync mailing list. The disabling of the
chroot option should not be needed for any normal rsync server.
Background
The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the forensic evidence we have is incomplete, we have pieced together the most likely way that this attack was conducted and we are releasing this advisory as a result of our investigations to date.
Our conclusions are that:
- rsync version 2.5.6 contains a heap overflow vulnerability that can be used to remotely run arbitrary code.
- While this heap overflow vulnerability could not be used by itself to obtain root access on a rsync server, it could be used in combination with the recently announced brk vulnerability in the Linux kernel to produce a full remote compromise.
- The server that was compromised was using a non-default rsyncd.conf option use chroot = no. The use of this option made the attack on the compromised server considerably easier. A successful attack is almost certainly still possible without this option, but it would be much more difficult.
Please note that this vulnerability only affects the use of rsync as a rsync server. To see if you are running a rsync server you should use the netstat command to see if you are listening on TCP port 873. If you are not listening on TCP port 873 then you are not running a rsync server.
New rsync release
-----------------
In response we have released a new version of rsync, version 2.5.7. This is based on the current stable 2.5.6 release with only the changes necessary to prevent this heap overflow vulnerability. There are no new features in this release.
We recommend that anyone running a rsync server take the following steps:
1) update to rsync version 2.5.7 immediately
2) if you are running a Linux kernel prior to version 2.4.23 then you should upgrade your kernel immediately. Note that some distribution vendors may have patched versions of the 2.4.x series kernel that fix the brk vulnerability in versions before 2.4.23. Check with your vendor security site to ensure that you are not vulnerable to the brk problem.
3) review your
The patches and full source for rsync version 2.5.7 are available from http://rsync.samba.org/ and mirror sites. We expect that vendors will produce updated packages for their distributions shortly.
Credits
-------
The rsync team would like to thank the following individuals for their assistance in investigating this vulnerability and producing this response:
Timo Sirainen <tss iki.fi>
Mike Warfield <mhw wittsend.com>
Paul Russell <rusty samba.org>
Andrea Barisani <lcars gentoo.org>
Regards,
The rsync team
Can't argue with that. Having a glossy, day-glo orange card with half naked girls on them and a designed by versace stamp is definitely going to eat into your budget.
:)
A regular white stock with a two color logo and the requisite information should go around $50 for printing 250-500 depending on the deal you get of course. The design might be a small problem if you're completly untalented in that area. I guess we were lucky in that at least one of the founders of the company is a pretty good designer
I have to say that business cards are a necessary expense. You wouldn't believe how many times I've been talking to someone about my business and realizing that I don't have a business card with me after they've asked for one. If you want people to remember you, don't rely on their memories, make sure they have all of your info on paper.
Better yet, how does everyone handle printouts? Thousands of pages of printouts. With the abundance of manuals, how-tos and books online for everything from MySQL and Zope to Python to anything from Safari how does anyone organize the huge stacks of printouts that can accumulate if one has the audacity to print these out instead of destroying their eyes trying to read them on the screen?
Wouldn't increasing the intelligence of routing hardware enough to limit DoS emanating from single home machines also give the ISPs a lot more insentive to block home run servers, p2p clients, check for NAT and make sure you don't visit "unsavory" locations on the net?
Well seeing how MicroFocus makes a version of COBOL to run on basically PCs and migrating the big iron COBOL to MicroFocus COBOL is not that hard, this does seem to be an interesting migration path.
"... I read that Linux has issued 25 patches so far this year, so what is to be gained by switching?..."
The fact that people are still confusing the conglomeration of multiple vendor, developer and enthusiast provided packages we call Linux and the single source, no other choice, Windows product is just another sign that most higher leve executives are not well informed of the basic differences between Linux/Open Source type software and the Microsoft provided products.
The simple fact that you are free to choose from *multiple* desktops, or software management, or userspace software solutions to your problems is incredibly different from getting a system stuck full of software that probably 80% of users or even developers have no idea of how it works. The vulnerabilities in "Linux" are of course various software package problems. Lumping them all together as Linux is the same as comparing the vulnerability rates of ALL the Windows software out there. It's preposterous to compare the systems without the users being informed oif what is really being compared.
The article does address this if you read it.
"...An even cuter comparison is with this, a $50,000+ system built using 70 PlayStation2 units. Not only does KASY0 have a vastly superior network and significantly higher floating point performance per node (8 GFLOPS vs. 6.5 GFLOPS for the PS2), but we get LOTS more nodes!..."
emerge -upD world will do the same exact thing as installing from this cd. ie it will rebuild all software to the latest version available in portage. Whether you would really want to do this and ruin your beautifull, stable system is, of course, up to you :)
Yeah this would be a great computer, except that for the same price{-monitor} you can build a nice athlonxp machine. Motherboard $100, HD 40GB $100, athlon xp 2400 $100[with sink+fan], case $50, cdrw 48x $50, 512MB ram $100, $100 geforce 4. total ~$600 for good kit and I can play games on it :)
but it's interesting that there doesn't seem be an easy way for Linux to also offer this kind of file system. Sure you might say it's useless and what we have is good enough but say it was a good and usefull system (having it in a database seems to offer a large potential for interesting metadata/application interfaces to files) how would Linux developers go about implementing this in Linux? I mean no one company controls the kernel and a large database project like MySQL, and it seems that there would have to be pretty tight integration between those two parts for this kind of FS. Well this is just a thought, but theres no need to flame away at the actual idea but assuming it is valid how would we go about doing it on Linux?
I mean common, the suggestions were clearly chosen by a bunch of people who had to make sure nothing radical or anti-CRIA was proposed and instead fell back on completely unrealistic(if not idiotic-fill the net with hacked mp3s that destroy your computer? what are we hunting replicants here?)proposals. This last chance to save an industry that isn't dying but does need to change to fit the times. I mean look at China, they don't even think about major cd releases there. Whatever, in 10 years this won't matter at all, either the mus industry changes itself, or it changes the laws. Either way I'm sure they'll still be around.
correct link
The markup is around $200US considering that it costs an equivalent of ~$460 in Japan and $700 from dynamism. The modification to Enlish doesn't matter if you plan on running OpenZaurus and if you don't for most Qtopia applications there's one file to change in the home dir. The one year warranty is great but not for $200. Now I'm not knocking on Dynamism which does bring a lot of technology from overseas that US buyers wouldn't have access to otherwise, but for this particular product I'd rather wait for a US release. Or maybe get a Japanese friend to plan a trip back home:)
Heard that the C700 was coming in late 2003 to North America. At least thats what techtv said at some point in January.
Sure hit Linux users where it hurts the most...games!!! Now theres less and less chance for Linux compatible games. Its gonna be Linux for office/technical stuff and Windows for gaming...ohh wait:)
Linux is great and all but did anyone take a look at the tank/apc/mobile rocket launcher platforms at the bottom. Either those are some kind of hovercraft or armored treads. I think everyone can agree that having a tank look like it was designed by anime artists is way cooler then any of this Linux stuff:)
Not undervaluing the human tragedy in this disaster, which is horrible. IF it doesn't land safely which it most likely won't, American space exploration could be set back for a decade or more. With the proposed scrapping/freezing of the ISS the only country going into manned space missions will be China.
This article illustrates the biggest rift in ideas between the former Soviet Union and Eastern Block science fiction and Western and in particular science fiction. Soviet sci-fi was the only medium for a somewhat freer expression of ideas and critisizm then most other literary channels and so veiled in otherworldly travels the reader in fact finds very deep commentary on society and technology. Unlike American sci-fi classic Soviet sci-fi rarely goes into the technology or alien biology but instead is much more preocuppied by its effect on people and it's representation of other types of societal order. I would suggest to anyone who would care about this to read Arkady and Boris Strugatski's books such as "Inhabitted Island", "Hard to be a god" and "Picnic by the roadside" the last of which was filmed by Tarkovsky as "Stalker". These are the books which are the most understandable by Western readers and with a good translation are incredibly interesting to read.
is a good HOW-TO on getting those nifty AOL tin cases. I'd receive ten thousand AOL cds a day if only they sent them in tins...on second thought they can keep the cds :)
Wine doesn't actually change the resolution. It does the same thing you can do by pressing Alt Ctrl -/+, except that it captures the mouse and keyboard and doesn't let you scroll out of the window that your game is running in.
Yeah because I really want to pay additional/any money to play a game I already bought/warezed.
A mythical bird that brought peace and calmness to the sea. Staying with the mythical bird naming I think this would be a pretty nice name for a browser that could bring peace and calmness to the browser world :):):). Maybe not peace....