Naah, CVE 2009-3547 traces on the RH Bugzilla as Bug 530490, "kernel: fs: pipe.c null pointer dereference". Nothing in there about mmapping to page 0. (Pipe filesystem pointer dereferences?)
OTOH, CVE 2009-2695 also googles to a RH bugzilla page, Bug 517830, " kernel: SELinux and mmap_min_addr". The description on that page sounds suspiciously like the subject of current discussion. This page also has RH patches, in this case in two different RH Security Advisory links.
There appear to be another bugzilla pages about this issue: Bug 532938, which is a member of the RH security team saying that vm.mmap_min_addr should default safe (nonzero), turning on page 0 protection by default.
Well, there's always MITRE Common Vulnerabilities and Exposures, which is a good pretty much dupe-free index of reported vulns. Most professional discussions of vulnerabilities tend to use CVE references.
For instance, this particular vuln looks like CVE 2009-2695. The one discussed in the July/. article appears to be CVE 2009-1897.
The CVE pages are pretty good, complete with cross references to discussions and some pretty detailed analysis of the vulnerability.
According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'
Amazing. Did anyone notice whether there may have been an alien tentacle wrapped around the VP's throat manipulating his voice and his jaw?
That's such a turnabout (at least in publicly-stated position) that I may get whiplash trying to track.
Of course, words are cheap. We shall see how deeply this new-found wisdom is held.
Comprehensively and fairly open the subject source code for unfiltered public inspection, without explicit or implicit coercion against criticism, and respecting reasonable fair-use rights to quote and comment, and you will get full credit for your Damascus road conversion. Take one step towards intimidation, chilling of discourse, or SLAPP, and we will know that your glib sound-bite was just cheap empty talk.
And for as much or little as Nerd Rage counts, you will experience it.
Unless "FOIA" specifically means "Freedom of Information Act" in Canada (and it shouldn't, since the Canadian law is Access to Information Act 1983), it's pretty clear GP was referring to an American town set on an American 55 Mile per hour highway. Probably a state highway. So crying BS because it doesn't happen in Canada is mistaken, I assure you.
It is impossible to get ticket for going 50 in 50 zone in Canada.
True of America, too, although the "50" would mean something different. However, 50 indicated on my speedometer may not be 50 indicated on the nice policeman's radar. Calibration error (speedometer or radar) may put you over the limit as measured. In most jurisdictions, that means law enforcement has an unstated error margin. In a few annoying jurisdictions, that means that they ticket strictly and take their chances with court challenges to measurement accuracy. Since the fine structure for speeding makes "just a few over the limit" comparatively cheap, many folks won't fight it.
Agreed. Let's just say I'm specifying a best-case scenario.
Another pretty good one is the "Apple as White Knight" playbook. Apple patents this technological obscenity for the sole purpose of locking it away, never to be implemented by their own operating systems, never to be licensed to another operating system, for 20 years.
I find this story less convincing to me, given my beliefs in Apple's corporate behavioral tendencies. But I concede that it is a plausible, if unlikely, alternate outcome.
The other obvious ending for this story: Apple gets the patent, licenses it to everyone who can afford it, and the cackles insanely over the piles of money it's making over the misery of everyone who uses such an OS. In which case, my primary escape is Open Source, just like now. But it would suck to be, for instance, a Microsoft user.
Seriously. I hope Jobs all the best in this patent pursuit. If Apple succeeds, then I can avoid occurrences of this amazingly offensive idea by the simple expedient of avoiding Apple operating systems, a course of action I'm already pretty much committed to for ample reasons of Apple's corporate citizenship and customer relations.
As far as I'm concerned, this patent will be the legal equivalent of encysting a noxious parasite for 20 years.
Apple advocates may not want to play the popularity card. By that standard, MacOS must suck, cuz Windows derivatives are 18 times more popular.
C'mon, I don't even like Apple, and I know better than to try to equate market share with superiority. In both cases, there must be some other explanation.
I think it's safe to say that there's a substantial percentage of readers who are wondering: what is wrong with you?
Then a substantial percentage of the readership doesn't recognize "playing hard to get", AKA "coy". It can be a good strategy when applied appropriately. In this case, as long as the mood is right, and the apology isn't particularly sincere. And accompanying a sly smile.
OTOH, if the apology is breathlessly panicky and flop-sweatingly sincere, then "what is wrong with you" is entirely apropos.
kissing is not sex.
In the immortal words of lolcat, "ur doin it rong"
Because Oracle doesn't already offer a competing product in the same market space as Java, raising concerns about anticompetitive squashing or stifling of Java.
OTOH, MySQL runs the perceived risk of being the fifth wheel in the "Oracle RDBMS über alles" mindset that much of the community fears (wrongly or rightly).
On a slightly offtopic note: I wonder if this comment will preserve the umlaut-u I put into the quoted phrase there.
"Well, it appears that DNA analysis proves that you are actually a Streptococcus mutans bacterium. I recommend against antibiotics or toothbrushing in order to extend your lifespan."
is "wisdom".
The opposite of "foolish" is not "smart". The opposite of "foolish" is "wise".
See also "book-smart" v. "street-smart", INT v. WIS (in D&D et al.), and the role of irrational thinking in decision processes.
Naah, CVE 2009-3547 traces on the RH Bugzilla as Bug 530490, "kernel: fs: pipe.c null pointer dereference". Nothing in there about mmapping to page 0. (Pipe filesystem pointer dereferences?)
OTOH, CVE 2009-2695 also googles to a RH bugzilla page, Bug 517830, " kernel: SELinux and mmap_min_addr". The description on that page sounds suspiciously like the subject of current discussion. This page also has RH patches, in this case in two different RH Security Advisory links.
There appear to be another bugzilla pages about this issue: Bug 532938, which is a member of the RH security team saying that vm.mmap_min_addr should default safe (nonzero), turning on page 0 protection by default.
I haven't looked on my household server yet, but since CentOS is a direct clone of RHEL, I assume it's also vulnerable to this by default.
Well, there's always MITRE Common Vulnerabilities and Exposures, which is a good pretty much dupe-free index of reported vulns. Most professional discussions of vulnerabilities tend to use CVE references.
For instance, this particular vuln looks like CVE 2009-2695. The one discussed in the July /. article appears to be CVE 2009-1897.
The CVE pages are pretty good, complete with cross references to discussions and some pretty detailed analysis of the vulnerability.
I guess that explains how we take off every zig for great justice.
I'm afraid a little bit of red dye and alcohol (evaporating away rapidly) a Superfund site don't make.
Cuckoo for cocotokamak? Who knew!
According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'
Amazing. Did anyone notice whether there may have been an alien tentacle wrapped around the VP's throat manipulating his voice and his jaw?
That's such a turnabout (at least in publicly-stated position) that I may get whiplash trying to track.
Of course, words are cheap. We shall see how deeply this new-found wisdom is held.
Comprehensively and fairly open the subject source code for unfiltered public inspection, without explicit or implicit coercion against criticism, and respecting reasonable fair-use rights to quote and comment, and you will get full credit for your Damascus road conversion. Take one step towards intimidation, chilling of discourse, or SLAPP, and we will know that your glib sound-bite was just cheap empty talk.
And for as much or little as Nerd Rage counts, you will experience it.
the words of Robert E. Lee:
Unless "FOIA" specifically means "Freedom of Information Act" in Canada (and it shouldn't, since the Canadian law is Access to Information Act 1983), it's pretty clear GP was referring to an American town set on an American 55 Mile per hour highway. Probably a state highway. So crying BS because it doesn't happen in Canada is mistaken, I assure you.
It is impossible to get ticket for going 50 in 50 zone in Canada.
True of America, too, although the "50" would mean something different. However, 50 indicated on my speedometer may not be 50 indicated on the nice policeman's radar. Calibration error (speedometer or radar) may put you over the limit as measured. In most jurisdictions, that means law enforcement has an unstated error margin. In a few annoying jurisdictions, that means that they ticket strictly and take their chances with court challenges to measurement accuracy. Since the fine structure for speeding makes "just a few over the limit" comparatively cheap, many folks won't fight it.
delayed rental could potentially increase profits for everyone."
Hmm... wait a minute. This sounds familiar.
Oh, yeah, "anti-competitive collusion"
This.
No one expects the French Inquisition!
No, really. No one at all. Complete surprise.
.
They misspelled "Please" on the cake. Pitiful.
Maybe Cogent is just holding out for a peer that can spell at the 3rd-grade level.
Yes, I think we can all be glad we got that out of our systems.
By the way, did I hear someone say that the IPv6 peering agreement was moist and delicious?
Agreed. Let's just say I'm specifying a best-case scenario.
Another pretty good one is the "Apple as White Knight" playbook. Apple patents this technological obscenity for the sole purpose of locking it away, never to be implemented by their own operating systems, never to be licensed to another operating system, for 20 years.
I find this story less convincing to me, given my beliefs in Apple's corporate behavioral tendencies. But I concede that it is a plausible, if unlikely, alternate outcome.
The other obvious ending for this story: Apple gets the patent, licenses it to everyone who can afford it, and the cackles insanely over the piles of money it's making over the misery of everyone who uses such an OS. In which case, my primary escape is Open Source, just like now. But it would suck to be, for instance, a Microsoft user.
welcome our advertising-patenting overlords.
Seriously. I hope Jobs all the best in this patent pursuit. If Apple succeeds, then I can avoid occurrences of this amazingly offensive idea by the simple expedient of avoiding Apple operating systems, a course of action I'm already pretty much committed to for ample reasons of Apple's corporate citizenship and customer relations.
As far as I'm concerned, this patent will be the legal equivalent of encysting a noxious parasite for 20 years.
xkcd concurs.
BTW, xkcd's implementation of this particular attack is superior to yours, because not all laptop owners have scroti.
(Is that even a word? High school Latin didn't discuss that. Stupid Bible belt.)
Prostitution is one of the few crimes that make a person a criminal if he/she sells something that is normally "free".
Spoken like someone who's never been married.
Apple advocates may not want to play the popularity card. By that standard, MacOS must suck, cuz Windows derivatives are 18 times more popular.
C'mon, I don't even like Apple, and I know better than to try to equate market share with superiority. In both cases, there must be some other explanation.
Oh, yeah, marketing.
I think it's safe to say that there's a substantial percentage of readers who are wondering: what is wrong with you?
Then a substantial percentage of the readership doesn't recognize "playing hard to get", AKA "coy". It can be a good strategy when applied appropriately. In this case, as long as the mood is right, and the apology isn't particularly sincere. And accompanying a sly smile.
OTOH, if the apology is breathlessly panicky and flop-sweatingly sincere, then "what is wrong with you" is entirely apropos.
kissing is not sex.
In the immortal words of lolcat, "ur doin it rong"
Because Oracle doesn't already offer a competing product in the same market space as Java, raising concerns about anticompetitive squashing or stifling of Java.
OTOH, MySQL runs the perceived risk of being the fifth wheel in the "Oracle RDBMS über alles" mindset that much of the community fears (wrongly or rightly).
On a slightly offtopic note: I wonder if this comment will preserve the umlaut-u I put into the quoted phrase there.
"Well, it appears that DNA analysis proves that you are actually a Streptococcus mutans bacterium. I recommend against antibiotics or toothbrushing in order to extend your lifespan."
The only thing it really has going for it is... it's a Mac, running an official server OS.
For myself, I prefer a server I can't accidentally sweep off the desk.
All things considered, it's a nice, compact, drop-in home/SOHO server solution, particularly if the rest of the inhouse environment is also Mac.
Just don't use a Time Capsule to back it up.