I am so glad that my ISP doesn't (currently) inplement anything like this.
20+ mails over 10 minutes?
Well I can't remember the exact number I have to send my Anime Club's (fortnightly) bulletins out to, but if it's not over 20, it's pretty close. (And that' not counting when I have to re-mail something, if I've forgotten to list the date, or something equally daft)
The idea is good in theory, but it does fall down as they've not catered for teh fact that there are some people with legitimate reasons for having to do the occasional mass-mail.
Now I've got a job, I might get that UPS I've been promising myself for a year.
Between last December and February, I never managed more than a 14-day uptime on my Linux box.
Electrician doing tests - house turned off.
Electrician making recommended improvements - house turned off.
Electrician installing new extractor fan upstairs. Main power circuit turned off.
(by this time I was a little pissed off with electricians and stuff.)
Lights blew when I was out of house. Mother flipped wrong switch in circuit-breaker cupboard in dark.
(i.e. she flipped the house master switch... - I was not happy)
Shorting kettle blew main circuit. I was about ready to commit assault at this time...
Of course, I was totally broke at the time. But I'm not now. Damn! There go my (fledgling) savings!
The timing is a little suspect. But I do think it's all timing/coincidence.
I don't really think that Microsoft (or any other legitimate company) would go around purposefully trying to compromise OSS servers.
I think it's something we'd like to belive they were capable of doing. But, dishonest as I think some of Microsoft's business practices are, I don't think they'd resort to attacks like this.
I do, however, have my own personal suspicions of the origin of these recent attacks. A bit too coincidental to be a Bragging/Boredom crack. But a bit too sneaky for a legitimate company". But what about Spammers?
They've been getting a lot more aggressive recently - what with DDoSing blacklists and the like. What with anti-spam techniques desperatly trying to play catchup, the spammers might be trying to get some sort of backdoor/trojan into the newer kernels.
And, unlike Microsoft, the Spammers don't have anything even remotely passing ethical practices.
OK. For anyone else who, like me, still has gaps in their knowledge and is trying to fill them, what exactly is an "oops", and where is a good site explaining about these - and other ways of monitoring your system?
(Hey, just 'cos I'm clueless at some things doesn't mean I don't want to remedy the situation =^.^=)
A product not meeting your exacting needs means that its not meeting your exacting needs, not that its "flawed".
I still think the grandparent raised a valid point about the batteries though.
Ok, maybe not a flaw in the true sense of the word, but it does get annoying when so many products only use their proprietary battery type. Sure, maybe they last longer or whatever, but AA/AAA batteries are so ubiquitous these days that most people have spares lying around - or if not, they're cheap to acquire.
Sure, the "official" abtteries are probably better, but being able to use AA or AAA batteries as a stop-gap until you can afford/find/order the special batteries can be a godsend.
Once again, it all comes down to the advertising revenues - usually of crap you don't want to buy.
I gues it's yet another occurrance of new technology making Traditional Business methods obsolete.
Money from subscriptions, OK.
Money from License, OK.
Money from advertising, OK.
But choose one, dammit. Otherwise of course people are going to start either skipping the adverts, or using them for comfort breaks!
When paying for the "privelege" of getting content, it gets annoying when not only do they bombard you with adverts, but they complain when you don't want them.
Gods, earlier this year there was a program. I forget which, but have a suspicion it might have been the MTV VMAs. Every damn commercial break they ran the same damn advert for sanitary protection. Important product, perhaps. But, as a (single) man, it's hardly a product line that I really need (or want) to be persuaded to buy.
And it doesn't stop there!
I'm not quite sure why - possibly to do with a legal crackdown on toy advertising durings kids TV shows - but the kids channels here in the UK are often full of adverts for Financial Assistance (Loans, car credit, etc) or Charity Donations.
The former are bad enough. That kind of stuff just has no relevance at all to the target audience.
And the latter? Well I'm sorry, but I don't think a hard push of charity concerns to children (in the form of adverts) are appropriate.
Teaching them at school/church/home/etc, fine. Guilt-tripping young kids halfway through an episode of Power Rangers or Digimon? I don't think so.
I understand the importance of advertising. but you should at least play to your target audience. (Though, as I said, I think there's a UK law about toy adverts aimed at kids)
It's like the banner ads on websites. Some are offering noting to do with the site, or stuff I couldn't care less about. but other sites (including/.) at least have banner ads relevant to the theme of the site. Like Webhosting and Geek Toys.:-)
Now if only the advertisers/TV-execs would realise that the reason people ignore the adverts is 'cos they don't want what's being sold!
You want advertising revenue? Advertise something your viewers actually want to buy.
"Due to the unique way the BBC is funded by the Television License..."
...you, too, are lgally forced to pay 100+ per year just to watch a TV set. Even if you're also paying a yearly subscritption to Cable TV to get the shows that you want to watch but the BBC don't want to show.
I don't live in a dorm, but my "computer room" at home was just as bad - originally.
There was a room far too small be be of use as a real bedroom, so my parents let me use it as a computer/office room. But it also only had one double-socket available. I was having to daisy-chain my power-strips - much against my better judgement.
I was eventually able to get more sockets put in. but it wasn't as easy as it oculd have been. Not only do I not (yet) know how to (safely) do the job myself, but we don't own our house. The church does (my dad's a minister).
Finally my dad bullied the property-guy to get an electrician in. The room now has about 8 wall-sockets. Much better.
OK, I still have to uise power-strips, but I can run them a lot safer now by...
Plugging the strips into the wall, not other strips.
Plugging the computers/monitors directly into the wall, using the strips for other items.
Not perfect, but a whole lot better.
It also freed up my 10-gang power-strip, which now sits in my bedroom meaning that I didn't have to daisy-chain the strips in there, either.
Of course, when I finally get a place of my own, I'll make sure they all have enough sockets, and teh circuits are balanced well.
And seeing that i might not still know enough myself by then, I'll defintely be getting advice from someone who does. (And that's usually how I start learning)
It's not even just the "average user" that has problems with passwords.
I'm a techie. I fully understand the need for secure, regularly-changed, unique-per-account passwords.
I also have a hideously short memory retention span. If a password is sufficiently hard to crack, I'll forget it next login.
Of course, these days I do log out/in a couple times when I've changed a password, so I can commit it to memory that way. But I used to get caught out quite a few times, changing a password and forgetting it later the same day.
I guess the real problem is that there's no easy way to secure a system.
Passwords:
Easy to change. Easy to crack. People with short memory spans (Whether Joe Average or Jim Geek) will either forget them, make them too simple, or write them down.
Enforced regularly-changed complex passwords:
Theoretically a damn site more secure. In practice, the number of "I've forgotten my new password" calls will increase. People with problems remember passwords are more likely to write them down.
Biometrics:
A lot harder to crack/duplicate. But, as many others have already pointed out, you can't change them. One compromised, it stayscompromised.
Also, these are more useful for physical-location security, but perhaps not so useful for remote security.
I guess what it all boils down to is that there's no such thing as 100% security.[*] As soon as you let anyone in, there's the chance that someone else will be able to do so unauthorised.
If anything, this Debian episode has served as a good reminder about this. Also showing that even if you can't prevent such exploits, closely monitoring your servers can at least allow you to notice when something has been compromised.
[*]Not a reason for complaceny. Just because you can never acheive eliminate vulnerabilities entirely doesn't mean you can't/shouldn't do as much as you can to reduce the likelihood of them occurring.
On their own, any one of those does jusr sound like anti-MS zealotry or paranoia. But with all three happening fairly close together, it means one of three things...
[1] Extreme paranoia. [2] An extremely large coincidence.
And, seeing that paranoia can sometimes be justified, apparent "coincidences" often aren't...
[3] it's a valid path of speculation.
Actually, if it wasn't for the SCO situation, two major hack attempts could just be an attack on Open-Source by peoples unknown, or a deliberate attempt by crackers/virus-writers/spammers to get more vulnerabilities out there for them to use. The SCO involvement makes this a tad less likely. I get the feeling that SCO wouldn't do something that spamemrs would put them up to.
Maybe it is all just coincidence. But it's a bloody big one, ne?
However, our property and contract rights are important and valuable: not only to us, but to every individual and every company whose livelihood depends on the continued viability of intellectual and intangible property rights in a digital age.
I'm not sure I necessarily subscribe to the oft-mentioned ideas that "Intellectual/Intangible Property Rights are Inherantly Evil" school of thought.
But the idea that just because someone came up with the best/only way of doing something automatically excludes anyone else from ever doing things that way (without paying a shitload of money) just seems wrong to me.
On the other hand, I understand that if you put a lot of work into something you should have the right to profit from it, at least for a short while (measured maybe in years, certainly not in decades), if you so choose. Patents and Copyrights working the way they should, to protect someone's costs for a while, but then allowing other people to use/develop the ideas, makes sense to me.
But then allowing the information into the wild afterwards is only a good thing. It stops people from merely resting on their laurels. After all, surely innovation is increased if after a while you're forced to compete with your own ideas - if no-one else's.
That all said, SCO are just acting moronic. The idea that you can "buy an idea" from someone else just seems a bit off to me. And then SCO going off on one because they think (rightly or wrongly) that someone is profitting from an idea that they didn't even come up with in the first place?
I dunno. Just seems a bit OTT to me.
Well I, for one, appreciate the way that Debian are letting us know what they do know, and admitting that they don't have all the answers yet - whilst at the same time allowing people to at least be aware of the potential problems. (Whether or exploits, or of snifers and rootkits)
From the article, it appears that they're still working on that but.
But they are releasing what they know so far within a week of the incident. And were confirming the exploit within a day of it happening.
They might not have all the answers, but they seem to be telling us what they know, and updating us as they get further.
Hell, they know it'll appear on/. and similar places - and I've seen some Debian devs around on these comments. Meaning the news gets out to people (like me) who don't even use Debian.
Contrast with Microsoft, who don't always even let the Windows Users (or Admins for God's sake) have a good idea of what's happeneing and when things'll get fixed.
One of the first things that get wiped in an intrusion are the logs.
This, in itself, can be a giveaway. If the logs are either missing, or have gaps in them, then you know that something is up, and you can keep a close eye on what's going on. (Or just restore from a recent known-good backup, just in case)
It's not a difference between "Windows shoddy, Linux inherantly stable" - as all programs have potentionals for flaws and stuff.
The difference is how these flaws are treated by Windows compared to Linux.
I'm not the most security savvy geek here on/. - far from it. but even I know how to lock down my Linux box to be reasonable certain that it won't get compromised. But I also know that there's still the possibility of it happenning. but i also know what to look for, and where to check for workaround/patches/fixes.
I can't say the same about Windows. (There's a reason my Win2K box is inside the Firewall, and my Linux box is running the Firewall)
Plus on the whole development side, I'm pertty certain that teh varios Linux devs don't swear blind that their Distro is the most security-conscious one around. Linux zealots might be a different matter, but the devs don't.
Microsoft tends to get hit by exploit after virus after "patch which fixes the exploit but knackers the OS". And they still try to tell us that they're the most secure system going.
Debian seem to have handled themselves very well in this situation. They're not saying "we're still safe", rather they're going "We got compromised. Here's what we're doing abouit it, here's what we're asking other devs to do about it."
And as they think that it's due to an as-yet-unknown root exploit they're telling people to keep a look out. And they're also revealing exactly how they think they were compromised, along with how they noticed.
And I guess the most important thing is that it does remind us that Linux isn't invulnerable. We're so used to hearing about MS-related problems, we don't always notice the Linux ones. But this tells us all to be a little more vigilant.
I've been trying to stay out of this, as I don't know a great deal about Macs or BSD. (And/. gets enough clueless comments without me adding to them)
But the timeline given does seem to put Apple in a less-than-favourable light.
- They knew about the exploit, and intended to fix it. Good.
- They missed their first deadline. No-one's perfect.
- They released 10.3 (I assume this is a version upgrade) with the known vulnerability still in it.::DANGER::::DANGER::
The upgrade would have been a common-sense time/place to address the issue. Most people either install upgrades, or at least read up on what gets changed. (Alerting them to known issues with the current version) OK, some don't. But people who don't keep up to date with upgrades probably don't really pay attention to patches either.
From what I've read, the vulnerability might not be the most dangerous around. But it still seems like a hole that should be closed PDQ.
Yeah. The Matrix movies won't be everyone's cup of tea. And Reloaded and Revolutions won't necessarily appeal to all fans of the first film. But for so many people to keep describing it so negatively is just annoying.
Then again, many people didn't go to see M2 and M3 for the films that they were, they went to see them for the films they hoped they'd be. And if they didn't live up to their expectations then they sequels were (obviously) dreadful.
At least RoTK will be exempt from this exact "flavour" of hype. The trilogy almost has to end the way people expect it - as in this case the expectations are from the books which spawned the story. True, there'll always be the "but it didn't happen that way in the book" problem, but films will never please everybody.
Its ironically just like the matrix, the people we're trying to save (the sixpack families of the world) think we're terrorists.
The scary thing is that you're right.
We're trying to free people's minds from an all controlling system. Yet not only are we seen as the "Bad Guys", but a lot of the time we have to resort to less-than-legitimate methods to do so - which hardly helps us put ourselves in a good light.
"If you're not one of Us, you're one of Them."
A scary concept, when you realise that **AA types might be using the networks to try and find "pirates".
Yeah, but the way the author uses the words actually allows the right context to show through.
Plus, it's a little bit hard to avoid the term "Digital Right Management" in an article about DR mechanisms.
Besides, it's not what words are used, it's how they're used. And the articles uses it's words in a way that puts all of the same type of arguments that the/. crowd uses, but packaged in a way that "serious businesses" might actually sit though and read.
Slashdot Mirror
I am so glad that my ISP doesn't (currently) inplement anything like this.
20+ mails over 10 minutes?
Well I can't remember the exact number I have to send my Anime Club's (fortnightly) bulletins out to, but if it's not over 20, it's pretty close. (And that' not counting when I have to re-mail something, if I've forgotten to list the date, or something equally daft)
The idea is good in theory, but it does fall down as they've not catered for teh fact that there are some people with legitimate reasons for having to do the occasional mass-mail.
TiggsWouldn't need to copy it. At least, not to distribute, anyway.
Use the copy off the hard drive. Mount it in read-only using the normal way, copy it to the Knoppix ramdrive, and then run the driver from there.
Thanks. :)
Y'know, that puts a rather ironic slant on the whole thing.
Someone tries to crack a server using one bug, and gets caught doing so by another one.
Tiggs
Now I've got a job, I might get that UPS I've been promising myself for a year.
Between last December and February, I never managed more than a 14-day uptime on my Linux box.
- Electrician doing tests - house turned off.
- Electrician making recommended improvements - house turned off.
- Electrician installing new extractor fan upstairs. Main power circuit turned off.
- Lights blew when I was out of house. Mother flipped wrong switch in circuit-breaker cupboard in dark.
- Shorting kettle blew main circuit. I was about ready to commit assault at this time...
- Of course, I was totally broke at the time. But I'm not now. Damn! There go my (fledgling) savings!
Tiggs(by this time I was a little pissed off with electricians and stuff.)
(i.e. she flipped the house master switch... - I was not happy)
The timing is a little suspect. But I do think it's all timing/coincidence.
I don't really think that Microsoft (or any other legitimate company) would go around purposefully trying to compromise OSS servers.
I think it's something we'd like to belive they were capable of doing. But, dishonest as I think some of Microsoft's business practices are, I don't think they'd resort to attacks like this.
I do, however, have my own personal suspicions of the origin of these recent attacks. A bit too coincidental to be a Bragging/Boredom crack. But a bit too sneaky for a legitimate company".
But what about Spammers?
They've been getting a lot more aggressive recently - what with DDoSing blacklists and the like. What with anti-spam techniques desperatly trying to play catchup, the spammers might be trying to get some sort of backdoor/trojan into the newer kernels.
And, unlike Microsoft, the Spammers don't have anything even remotely passing ethical practices.
OK. For anyone else who, like me, still has gaps in their knowledge and is trying to fill them, what exactly is an "oops", and where is a good site explaining about these - and other ways of monitoring your system?
(Hey, just 'cos I'm clueless at some things doesn't mean I don't want to remedy the situation =^.^=)
Tiggs
More often than not, I do the same.
Ok, I've been caught out a few times...
1) Shift
2) Delete
3) Notice WHICH file got deleted...
4) Panic/swear
Tiggs
I still think the grandparent raised a valid point about the batteries though.
Ok, maybe not a flaw in the true sense of the word, but it does get annoying when so many products only use their proprietary battery type. Sure, maybe they last longer or whatever, but AA/AAA batteries are so ubiquitous these days that most people have spares lying around - or if not, they're cheap to acquire.
Sure, the "official" abtteries are probably better, but being able to use AA or AAA batteries as a stop-gap until you can afford/find/order the special batteries can be a godsend.
TiggsPeople wonder why I treat "The System" as a joke.
It's mainly 'cos, like this, this year's punchlines often becomes next year's MO.
Once again, it all comes down to the advertising revenues - usually of crap you don't want to buy.
I gues it's yet another occurrance of new technology making Traditional Business methods obsolete.
Money from subscriptions, OK.
Money from License, OK.
Money from advertising, OK. But choose one, dammit. Otherwise of course people are going to start either skipping the adverts, or using them for comfort breaks!
When paying for the "privelege" of getting content, it gets annoying when not only do they bombard you with adverts, but they complain when you don't want them.
Gods, earlier this year there was a program. I forget which, but have a suspicion it might have been the MTV VMAs. Every damn commercial break they ran the same damn advert for sanitary protection. Important product, perhaps. But, as a (single) man, it's hardly a product line that I really need (or want) to be persuaded to buy.
And it doesn't stop there!
I'm not quite sure why - possibly to do with a legal crackdown on toy advertising durings kids TV shows - but the kids channels here in the UK are often full of adverts for Financial Assistance (Loans, car credit, etc) or Charity Donations.
The former are bad enough. That kind of stuff just has no relevance at all to the target audience.
And the latter? Well I'm sorry, but I don't think a hard push of charity concerns to children (in the form of adverts) are appropriate.
Teaching them at school/church/home/etc, fine. Guilt-tripping young kids halfway through an episode of Power Rangers or Digimon? I don't think so.
I understand the importance of advertising. but you should at least play to your target audience. (Though, as I said, I think there's a UK law about toy adverts aimed at kids) /.) at least have banner ads relevant to the theme of the site. Like Webhosting and Geek Toys. :-)
It's like the banner ads on websites. Some are offering noting to do with the site, or stuff I couldn't care less about. but other sites (including
Now if only the advertisers/TV-execs would realise that the reason people ignore the adverts is 'cos they don't want what's being sold!
TiggsYou want advertising revenue? Advertise something your viewers actually want to buy.
"Due to the unique way the BBC is funded by the Television License..."
...you, too, are lgally forced to pay 100+ per year just to watch a TV set. Even if you're also paying a yearly subscritption to Cable TV to get the shows that you want to watch but the BBC don't want to show.
TiggsI don't live in a dorm, but my "computer room" at home was just as bad - originally.
There was a room far too small be be of use as a real bedroom, so my parents let me use it as a computer/office room. But it also only had one double-socket available. I was having to daisy-chain my power-strips - much against my better judgement.
I was eventually able to get more sockets put in. but it wasn't as easy as it oculd have been. Not only do I not (yet) know how to (safely) do the job myself, but we don't own our house. The church does (my dad's a minister).
Finally my dad bullied the property-guy to get an electrician in. The room now has about 8 wall-sockets. Much better.
OK, I still have to uise power-strips, but I can run them a lot safer now by...
- Plugging the strips into the wall, not other strips.
- Plugging the computers/monitors directly into the wall, using the strips for other items.
Not perfect, but a whole lot better.It also freed up my 10-gang power-strip, which now sits in my bedroom meaning that I didn't have to daisy-chain the strips in there, either.
Of course, when I finally get a place of my own, I'll make sure they all have enough sockets, and teh circuits are balanced well.
TiggsAnd seeing that i might not still know enough myself by then, I'll defintely be getting advice from someone who does. (And that's usually how I start learning)
It's not even just the "average user" that has problems with passwords.
I'm a techie. I fully understand the need for secure, regularly-changed, unique-per-account passwords.
I also have a hideously short memory retention span. If a password is sufficiently hard to crack, I'll forget it next login.
Of course, these days I do log out/in a couple times when I've changed a password, so I can commit it to memory that way. But I used to get caught out quite a few times, changing a password and forgetting it later the same day.
I guess the real problem is that there's no easy way to secure a system.
Easy to change. Easy to crack. People with short memory spans (Whether Joe Average or Jim Geek) will either forget them, make them too simple, or write them down.
Theoretically a damn site more secure. In practice, the number of "I've forgotten my new password" calls will increase. People with problems remember passwords are more likely to write them down.
A lot harder to crack/duplicate. But, as many others have already pointed out, you can't change them. One compromised, it stayscompromised.
Also, these are more useful for physical-location security, but perhaps not so useful for remote security.
I guess what it all boils down to is that there's no such thing as 100% security.[*] As soon as you let anyone in, there's the chance that someone else will be able to do so unauthorised.
If anything, this Debian episode has served as a good reminder about this. Also showing that even if you can't prevent such exploits, closely monitoring your servers can at least allow you to notice when something has been compromised.
[*]Not a reason for complaceny. Just because you can never acheive eliminate vulnerabilities entirely doesn't mean you can't/shouldn't do as much as you can to reduce the likelihood of them occurring.
TiggsThat does raise an intriguing point.
On their own, any one of those does jusr sound like anti-MS zealotry or paranoia. But with all three happening fairly close together, it means one of three things...
[1] Extreme paranoia.
[2] An extremely large coincidence.
And, seeing that paranoia can sometimes be justified, apparent "coincidences" often aren't...
[3] it's a valid path of speculation.
Actually, if it wasn't for the SCO situation, two major hack attempts could just be an attack on Open-Source by peoples unknown, or a deliberate attempt by crackers/virus-writers/spammers to get more vulnerabilities out there for them to use.
The SCO involvement makes this a tad less likely. I get the feeling that SCO wouldn't do something that spamemrs would put them up to.
Maybe it is all just coincidence. But it's a bloody big one, ne?
Tiggs
There is one sentence which worries me a little.
I'm not sure I necessarily subscribe to the oft-mentioned ideas that "Intellectual/Intangible Property Rights are Inherantly Evil" school of thought.
But the idea that just because someone came up with the best/only way of doing something automatically excludes anyone else from ever doing things that way (without paying a shitload of money) just seems wrong to me.
On the other hand, I understand that if you put a lot of work into something you should have the right to profit from it, at least for a short while (measured maybe in years, certainly not in decades), if you so choose. Patents and Copyrights working the way they should, to protect someone's costs for a while, but then allowing other people to use/develop the ideas, makes sense to me.
But then allowing the information into the wild afterwards is only a good thing. It stops people from merely resting on their laurels. After all, surely innovation is increased if after a while you're forced to compete with your own ideas - if no-one else's.
That all said, SCO are just acting moronic. The idea that you can "buy an idea" from someone else just seems a bit off to me. And then SCO going off on one because they think (rightly or wrongly) that someone is profitting from an idea that they didn't even come up with in the first place?
TiggsI dunno. Just seems a bit OTT to me.
Well I, for one, appreciate the way that Debian are letting us know what they do know, and admitting that they don't have all the answers yet - whilst at the same time allowing people to at least be aware of the potential problems. (Whether or exploits, or of snifers and rootkits)
From the article, it appears that they're still working on that but.
But they are releasing what they know so far within a week of the incident. And were confirming the exploit within a day of it happening.
They might not have all the answers, but they seem to be telling us what they know, and updating us as they get further.
Hell, they know it'll appear on /. and similar places - and I've seen some Debian devs around on these comments. Meaning the news gets out to people (like me) who don't even use Debian.
TiggsContrast with Microsoft, who don't always even let the Windows Users (or Admins for God's sake) have a good idea of what's happeneing and when things'll get fixed.
Okaaaaaaay. I'm sure I've now seen this exact same post at about 3 different points in this discussion. methinks someone is advertising...
This, in itself, can be a giveaway. If the logs are either missing, or have gaps in them, then you know that something is up, and you can keep a close eye on what's going on. (Or just restore from a recent known-good backup, just in case)
TiggsIt's not a difference between "Windows shoddy, Linux inherantly stable" - as all programs have potentionals for flaws and stuff.
The difference is how these flaws are treated by Windows compared to Linux.
I'm not the most security savvy geek here on /. - far from it. but even I know how to lock down my Linux box to be reasonable certain that it won't get compromised. But I also know that there's still the possibility of it happenning. but i also know what to look for, and where to check for workaround/patches/fixes.
I can't say the same about Windows. (There's a reason my Win2K box is inside the Firewall, and my Linux box is running the Firewall)
Plus on the whole development side, I'm pertty certain that teh varios Linux devs don't swear blind that their Distro is the most security-conscious one around. Linux zealots might be a different matter, but the devs don't.
Microsoft tends to get hit by exploit after virus after "patch which fixes the exploit but knackers the OS". And they still try to tell us that they're the most secure system going.
Debian seem to have handled themselves very well in this situation. They're not saying "we're still safe", rather they're going "We got compromised. Here's what we're doing abouit it, here's what we're asking other devs to do about it."
And as they think that it's due to an as-yet-unknown root exploit they're telling people to keep a look out. And they're also revealing exactly how they think they were compromised, along with how they noticed.
And I guess the most important thing is that it does remind us that Linux isn't invulnerable. We're so used to hearing about MS-related problems, we don't always notice the Linux ones. But this tells us all to be a little more vigilant.
TiggsI've been trying to stay out of this, as I don't know a great deal about Macs or BSD. (And /. gets enough clueless comments without me adding to them)
::DANGER:: ::DANGER::
But the timeline given does seem to put Apple in a less-than-favourable light.
- They knew about the exploit, and intended to fix it. Good.
- They missed their first deadline. No-one's perfect.
- They released 10.3 (I assume this is a version upgrade) with the known vulnerability still in it.
The upgrade would have been a common-sense time/place to address the issue. Most people either install upgrades, or at least read up on what gets changed. (Alerting them to known issues with the current version)
OK, some don't. But people who don't keep up to date with upgrades probably don't really pay attention to patches either.
From what I've read, the vulnerability might not be the most dangerous around. But it still seems like a hole that should be closed PDQ.
Tiggs
Nah, but you can waste your server that way though.
Yeah. The Matrix movies won't be everyone's cup of tea. And Reloaded and Revolutions won't necessarily appeal to all fans of the first film. But for so many people to keep describing it so negatively is just annoying.
Then again, many people didn't go to see M2 and M3 for the films that they were, they went to see them for the films they hoped they'd be. And if they didn't live up to their expectations then they sequels were (obviously) dreadful.
At least RoTK will be exempt from this exact "flavour" of hype. The trilogy almost has to end the way people expect it - as in this case the expectations are from the books which spawned the story.
True, there'll always be the "but it didn't happen that way in the book" problem, but films will never please everybody.
Tiggs - enjoyed the Matrix Trilogy
The scary thing is that you're right.
We're trying to free people's minds from an all controlling system. Yet not only are we seen as the "Bad Guys", but a lot of the time we have to resort to less-than-legitimate methods to do so - which hardly helps us put ourselves in a good light.
"If you're not one of Us, you're one of Them."
TiggsA scary concept, when you realise that **AA types might be using the networks to try and find "pirates".
Yeah, but the way the author uses the words actually allows the right context to show through.
Plus, it's a little bit hard to avoid the term "Digital Right Management" in an article about DR mechanisms.
Besides, it's not what words are used, it's how they're used. And the articles uses it's words in a way that puts all of the same type of arguments that the /. crowd uses, but packaged in a way that "serious businesses" might actually sit though and read.
Tiggs