"The worm may also attempt to determine the presence of an Apache 1.3.26 web server and relay this information to an external email address."
I would be very concerned if I had any worms on my system. However, a worm that reports presence of an Apache 1.3.26 web server does not make that worm more of a problem.
Why not?
My webserver and webserver version are public information. That information is available to any person who uses a webbrowser, or any person who uses a spidering tool like 'wget'. Simply use the tool on a zillion sites, parse the host string, and you have a list of webservers that use Apache 1.3.26.
As an added security step, I suppose I could change the host string to return something more obscure, like "Apache" instead of "Apache 1.3.26", but I'm not a big believer in security through obscurity...
As I understand it, Thawte mostly deals with customers outside of the US (which has been their domain for years). Verisign mostly deals with customers inside the US and Canada.
I they they are mostly two distinct entities, with 2 different sets of managers (A few managers probably work both sides of the fence). The profits from both entities drop in the same bucket.
Thawte's support used to be much, much better then Verisign's support. Let's hope they spread the Thawte philosophy among the Verisignites...
(At home, I'm also using it to test svn . svn has alot of potential.)
It's partially the modules (We use ATG Dynamo, and they have not yet updated their connection module to work with 2.0).
It also has alot to do with my belief that the numbering system is a representation of maturity, and mature products have better performance, stability then the younger branches. Recent releases have more bugs then mature releases.
Our production system needs to be rock solid, we don't want to use these systems to test some newfangled Apache feature. Our Apache 1.3.26 servers never, ever crash.
It's my belief that the Apache 2.0 branch will have more bugs and performance issues then the 1.3.x branch. I don't have alot of hard data to support this belief,
Apache 1.3.26 is way more stable then Apache 1.0.
Remember how unstable Gnome 1.0 or linux-kernel 2.0 was? Over time, the bugs present in 1.0 or kernel 2.0 have been resolved, and as a result, we have Gnome 1.4 and kernel 2.4, two very good products.
For instance, look at Gnome 1.0 vs Gnome 1.2+ ; or linux-kernel 2.0 vs 2.4.
Likewise, Apache 2.1.0 will be faster, more stable and will have more useful features then the 2.0 branch.
As a side effect of the new features, 2.1.0 will introduce some bugs which were not present in the 2.0.43 series. Most of those bugs will be resolved once the developers, users and bug stompers have had sufficient time to find and patch bugs, around 2.1.5 or so.
Not trying to insult the Apache folks. 2.0 looks to be a great product, and I'm experimenting with it at home. But 2.0 lacks sufficient maturity (in some areas) for me to use it on our production environment right now. I'll probably wait until 2.1.x.
Yes, all software has bugs, even the mature Apache 1.3 branch. But 2.0 has potentially more bugs...
But those countries would still be shitholes even if europe had disappeared in a poof of smoke 500 years ago.
In 1500, Europe was a shithole. It would still be a shithole today if Europeans didn't colonize the rest of the world, steal the resources, and bring the resources back to Europe.
Tell me, what were the 5 biggest and most prosperous cities in the year 1500 ? Hint, London and Paris aren't in the list. In fact, the 5 biggest cities of 1500 weren't even in Europe.
In otherwords without the western world those countries would still be shit, they just wouldn't know it.
Possibly, but they would be shitholes without petroleum byproducts coming out of the town well...
1. UCSD is a public institution. We (taxpayers in California and the US generally) own the domain and servers that are, by proxy, "owned" by UCSD. This, in addition to the mandate that public institutions shall not restrict protected speech, invalidates your suggestion that "they own it, so they can do what they want." This is valid for private institutions but not public.
I partially agree with you, but public institutions can regulate free speech. I can't post kiddie porn or bomb-making instructions on a University website... those are speech too.
If I worked for the California DMV, which is a public instution; and the DMV allowed employees to host a website using DMV resources, such as 'www.dmv.ca.us/~employee" , and I posted a link to FARC on my employee website, would the DMV have the right to order me to take the link down?
They said "as we interpret the USA Patriot act, the act of linking to that.org is a federal offense, so you must stop
The implication is that it would be illegal even if it was done from your own private webserver.
I don't agree.
The University has juristiction over their own computers, just like LMCBoy has the right to regulate content on LMCBoy's computer, the California DMV can regulate content on DMV computers, Johnson & Johnson can regulate content on JnJ computers. I don't see how UCSD is different (not that I agree with their decision).
I think the letter is pretty clear that the University wants the content removed from University resources. The letter doesn't say "Hey! BURN is a University Sponsored group, remove the Content from your 'www.ucsd_students_on_a_non-university_computer.or g/BURN" site. They said "Remove the content from UCSD servers".
From the letter, it's pretty clear that the University is saying "We own the building, we own the network connection, we own the computer, we own ucsd.edu. Remove the Content from the things that we own."
this letter will serve to inform you that the Che Café is in violation of UCSD policies and Federal law by maintaining the burn.ucsd.edu web site and using UCSD computer network resources to provide access to a terrorist organization.
...
Federal law also specifies that providing material support to support terrorists not only includes money and training but also includes communications equipment, personnel, and facilities. In this case, communications equipment is the use of the UCSD computer network resources, personnel are the Che Café members who maintain the server with burn web site, and facilities include the Che facility where the server is housed.
...
I am hereby instructing you to immediately remove the FARC from listing on the burn.ucsd.edu web site or any other web site that is uses the "ucsd.edu" domain name or any computer or other communications equipment or other resources or facilities used by the Che Café that are owned, leased or operated by UCSD. Your are further hereby instructed to immediately disconnect the link on burn.ucsd.edu to the FARC web site.
I think I'm just jealous, because when I went to school (at a UC), we weren't allowed to use the University's domain name for our organizational websites, and we couldn't host them under "www.ucsc.edu/~stefanlasiewski" or such. Granted this was back in 1992-1995, when the web was new...
But it is a nice perk... and I'm glad that most Universities allow this sort of relationship. Still asking for trouble, but a good perk...
Because they're not saying to take the link down due to school policy.. They're telling people to take it down do the the patriot act.
Yes, but the Patriot Act is probably part of the School Policy, as is every other Federal and State law. UCSD's school policy probably says something like:
"Blah blah blah... We also follow all federal and state laws."
When I was an office worker at UC Santa Cruz, I had to sign a contract that said something like "You will obey the University Policy. You will obey State Law. You will obey Federal Law. You will not attempt to overthrow the Government. If this country comes under attack, you will defend the country."
Note that I'm purposely excluding County and City laws in the above examples... most UC Universities aren't necessarily under the juristiction of their County or Cities, and don't necessarily have to obey the local laws.
You'll see contriversy come to light whenever a UC Campus decides to build a new building or otherwise perform some BIG activity, and a Citizens Group or the City Councel tries to stop the action.
* Launch preemptive strike against government troops massing near Betania. * Kidnap foreigners and hold for ransom to raise capital. * Buy more stinger missiles on the black market. * Bombmaking training with assistance of IRA experts. * Implement Slashdot filter on website
FARC kidnaps and kills Columbian civilians, has bombed public places, burned down villages, and killed American activists who were working with the U'wa indiginous people to prevent large Oil Companies from drilling on U'wa land.
FARC is one of the most disgusting revolutionary groups in S. America.
Unfortunately, the Columbian Government has also kidnapped and killed civilians, and has bombed public places... so by what defination is the Columbian Government not a terrorist group...
If I understand the story correctly, the Contraversal Website resides on a UC-owned computer, and uses a UC-owned domain. UC has the right to restrict content on it's own computers... for years, they've maintained the right to restrict content on student flyers on the campus. This is similar...
Solution? Get your own computer, and get your own domain name.
Or am I missing something...
Now, another question I have is: Why does UC San Diego allow student organizations use a subdomain under ucsd.edu ? It's asking for trouble...
A viral disease, often caused by respiratory syncytial virus (RSV), which results upper respiratory symptoms such as a runny nose and a barky (seal-like) cough. Episodic difficulty in breathing can be quite dramatic in some cases.
Funny, that's how I feel when using Outlook. So maybe the name IS appropriate...
Reminds me of some primitive societies on our own planet, where they burn witches, medicine-men, doctors, anyone-with-specialized-knowledge-who-challenges-a uthority...
Smart people, regardless of their intentions, have always been feared...
Creationism crashed my system too often, so I switched to evolution, and have been pretty happy ever since.
Still has some annoying and outstanding bugs (Mostly "Missing Link"-type bugs), the documentation is only partially finished, and the interface is more complex then Creationism, but it still works pretty well...
TV Network owners: We won't upgrade our equipment to digital, because it's too damn expensive, and people won't switch the new TV's because they're too damn expensive
Government: Well, what if we added this new copyright protection scheme as a comprimise. Would you upgrade your equipment if we included copyright protection?
Slashdot Mirror
Gee whiz guys, it's not really a mod until you install a fishtank inside $1.3 million in hardware...
Now THAT would be impressive...
Why do cable providers monitor your traffic, but not DSL providers?
From the analysis:
.
"The worm may also attempt to determine the presence of an Apache 1.3.26 web server and relay this information to an external email address."
I would be very concerned if I had any worms on my system. However, a worm that reports presence of an Apache 1.3.26 web server does not make that worm more of a problem.
Why not?
My webserver and webserver version are public information. That information is available to any person who uses a webbrowser, or any person who uses a spidering tool like 'wget'. Simply use the tool on a zillion sites, parse the host string, and you have a list of webservers that use Apache 1.3.26
As an added security step, I suppose I could change the host string to return something more obscure, like "Apache" instead of "Apache 1.3.26", but I'm not a big believer in security through obscurity...
Oh yes, it was horrible I tell you. By the end I thought I was a hummingbird of some kind.
In a few minutes, I tried to drink nectar out of Sanjay's head.
Bah! But then you had to go and post something unfunny!
That's so... Flanders!
(/humor)
Verisign bought Thawte about 2 years ago.
As I understand it, Thawte mostly deals with customers outside of the US (which has been their domain for years). Verisign mostly deals with customers inside the US and Canada.
I they they are mostly two distinct entities, with 2 different sets of managers (A few managers probably work both sides of the fence). The profits from both entities drop in the same bucket.
Thawte's support used to be much, much better then Verisign's support. Let's hope they spread the Thawte philosophy among the Verisignites...
(At home, I'm also using it to test svn . svn has alot of potential.)
It's partially the modules (We use ATG Dynamo, and they have not yet updated their connection module to work with 2.0).
It also has alot to do with my belief that the numbering system is a representation of maturity, and mature products have better performance, stability then the younger branches. Recent releases have more bugs then mature releases.
Our production system needs to be rock solid, we don't want to use these systems to test some newfangled Apache feature. Our Apache 1.3.26 servers never, ever crash.
It's my belief that the Apache 2.0 branch will have more bugs and performance issues then the 1.3.x branch. I don't have alot of hard data to support this belief,
Apache 1.3.26 is way more stable then Apache 1.0.
Remember how unstable Gnome 1.0 or linux-kernel 2.0 was? Over time, the bugs present in 1.0 or kernel 2.0 have been resolved, and as a result, we have Gnome 1.4 and kernel 2.4, two very good products.
For instance, look at Gnome 1.0 vs Gnome 1.2+ ; or linux-kernel 2.0 vs 2.4.
Likewise, Apache 2.1.0 will be faster, more stable and will have more useful features then the 2.0 branch.
As a side effect of the new features, 2.1.0 will introduce some bugs which were not present in the 2.0.43 series. Most of those bugs will be resolved once the developers, users and bug stompers have had sufficient time to find and patch bugs, around 2.1.5 or so.
This is why I am holding off on upgrading to 2.0.
.
Not trying to insult the Apache folks. 2.0 looks to be a great product, and I'm experimenting with it at home. But 2.0 lacks sufficient maturity (in some areas) for me to use it on our production environment right now. I'll probably wait until 2.1.x
Yes, all software has bugs, even the mature Apache 1.3 branch. But 2.0 has potentially more bugs...
But those countries would still be shitholes even if europe had disappeared in a poof of smoke 500 years ago.
In 1500, Europe was a shithole. It would still be a shithole today if Europeans didn't colonize the rest of the world, steal the resources, and bring the resources back to Europe.
Tell me, what were the 5 biggest and most prosperous cities in the year 1500 ? Hint, London and Paris aren't in the list. In fact, the 5 biggest cities of 1500 weren't even in Europe.
In otherwords without the western world those countries would still be shit, they just wouldn't know it.
Possibly, but they would be shitholes without petroleum byproducts coming out of the town well...
Don't forget about the HUGE 'racing' fin...
Because your Honda Accord is in danger of flipping over if you drive too fast, just like them Formula 1 racecars!
For a trip down memory lane (ok, I'm lying, my memory lane begins at Windows 3.0), here's a set of Windows screenshots, starting at 1.0 up to Win XP.
0 1w indowshistory_screenshots.html
http://www.infosatellite.com/news/2001/10/a2510
Interesting how similar Windows 2.0 looks to Windows XP, and many other GUI environments...
Yes, but if your 2.5 year old had velcro mittens today, she could REALLY be climbing the walls...
If someone posted a flyer of a naked child having sex on a University billboard, would the University take it down?
1. UCSD is a public institution. We (taxpayers in California and the US generally) own the domain and servers that are, by proxy, "owned" by UCSD. This, in addition to the mandate that public institutions shall not restrict protected speech, invalidates your suggestion that "they own it, so they can do what they want." This is valid for private institutions but not public.
I partially agree with you, but public institutions can regulate free speech. I can't post kiddie porn or bomb-making instructions on a University website... those are speech too.
If I worked for the California DMV, which is a public instution; and the DMV allowed employees to host a website using DMV resources, such as 'www.dmv.ca.us/~employee" , and I posted a link to FARC on my employee website, would the DMV have the right to order me to take the link down?
The implication is that it would be illegal even if it was done from your own private webserver.
I don't agree.
The University has juristiction over their own computers, just like LMCBoy has the right to regulate content on LMCBoy's computer, the California DMV can regulate content on DMV computers, Johnson & Johnson can regulate content on JnJ computers. I don't see how UCSD is different (not that I agree with their decision).
I think the letter is pretty clear that the University wants the content removed from University resources. The letter doesn't say "Hey! BURN is a University Sponsored group, remove the Content from your 'www.ucsd_students_on_a_non-university_computer.o
From the letter, it's pretty clear that the University is saying "We own the building, we own the network connection, we own the computer, we own ucsd.edu. Remove the Content from the things that we own."
this letter will serve to inform you that the Che Café is in violation of UCSD policies and Federal law by maintaining the burn.ucsd.edu web site and using UCSD computer network resources to provide access to a terrorist organization.
...
Federal law also specifies that providing material support to support terrorists not only includes money and training but also includes communications equipment, personnel, and facilities. In this case, communications equipment is the use of the UCSD computer network resources, personnel are the Che Café members who maintain the server with burn web site, and facilities include the Che facility where the server is housed.
...
I am hereby instructing you to immediately remove the FARC from listing on the burn.ucsd.edu web site or any other web site that is uses the "ucsd.edu" domain name or any computer or other communications equipment or other resources or facilities used by the Che Café that are owned, leased or operated by UCSD. Your are further hereby instructed to immediately disconnect the link on burn.ucsd.edu to the FARC web site.
I think I'm just jealous, because when I went to school (at a UC), we weren't allowed to use the University's domain name for our organizational websites, and we couldn't host them under "www.ucsc.edu/~stefanlasiewski" or such. Granted this was back in 1992-1995, when the web was new...
But it is a nice perk... and I'm glad that most Universities allow this sort of relationship. Still asking for trouble, but a good perk...
Because they're not saying to take the link down due to school policy.. They're telling people to take it down do the the patriot act.
Yes, but the Patriot Act is probably part of the School Policy, as is every other Federal and State law. UCSD's school policy probably says something like:
"Blah blah blah...
We also follow all federal and state laws."
When I was an office worker at UC Santa Cruz, I had to sign a contract that said something like "You will obey the University Policy. You will obey State Law. You will obey Federal Law. You will not attempt to overthrow the Government. If this country comes under attack, you will defend the country."
Note that I'm purposely excluding County and City laws in the above examples... most UC Universities aren't necessarily under the juristiction of their County or Cities, and don't necessarily have to obey the local laws.
You'll see contriversy come to light whenever a UC Campus decides to build a new building or otherwise perform some BIG activity, and a Citizens Group or the City Councel tries to stop the action.
FARC Agenda for the Week:
* Launch preemptive strike against government troops massing near Betania.
* Kidnap foreigners and hold for ransom to raise capital.
* Buy more stinger missiles on the black market.
* Bombmaking training with assistance of IRA experts.
* Implement Slashdot filter on website
* PROFIT!!!!
FARC kidnaps and kills Columbian civilians, has bombed public places, burned down villages, and killed American activists who were working with the U'wa indiginous people to prevent large Oil Companies from drilling on U'wa land.
... so by what defination is the Columbian Government not a terrorist group...
FARC is one of the most disgusting revolutionary groups in S. America.
Unfortunately, the Columbian Government has also kidnapped and killed civilians, and has bombed public places
If I understand the story correctly, the Contraversal Website resides on a UC-owned computer, and uses a UC-owned domain. UC has the right to restrict content on it's own computers... for years, they've maintained the right to restrict content on student flyers on the campus. This is similar...
Solution? Get your own computer, and get your own domain name.
Or am I missing something...
Now, another question I have is: Why does UC San Diego allow student organizations use a subdomain under ucsd.edu ? It's asking for trouble...
0croup
A viral disease, often caused by respiratory syncytial virus (RSV), which results upper respiratory symptoms such as a runny nose and a barky (seal-like) cough. Episodic difficulty in breathing can be quite dramatic in some cases.
Funny, that's how I feel when using Outlook. So maybe the name IS appropriate...
Dragonlance, heck...
a uthority...
Reminds me of some primitive societies on our own planet, where they burn witches, medicine-men, doctors, anyone-with-specialized-knowledge-who-challenges-
Smart people, regardless of their intentions, have always been feared...
Creationism crashed my system too often, so I switched to evolution, and have been pretty happy ever since.
Still has some annoying and outstanding bugs (Mostly "Missing Link"-type bugs), the documentation is only partially finished, and the interface is more complex then Creationism, but it still works pretty well...
(... sometime in the last 5 years ...)
TV Network owners: We won't upgrade our equipment to digital, because it's too damn expensive, and people won't switch the new TV's because they're too damn expensive
Government: Well, what if we added this new copyright protection scheme as a comprimise. Would you upgrade your equipment if we included copyright protection?
TV Network: Deal!
Actually, I was hoping to use the 'spinning head' energy to spin my burner at record-breaking speeds.