Screw this "disable the unneccessary services". Leave everything running, and (this applies to Linux) use the built-in kernel firewall to block everything that tries to establish a TCP connection with your machine. Block all UDP except DNS, and block all ICMP packets. And then block all outgoing traffic, except what you absolutely need. For example, if this machine is a web server, it doesn't need outgoing access to port 80 of external machines.
Anything you need to access as an admin for the machine can be secured fairly painlessly using SSH tunnelling. Look into that as well, it'll save tons of time trying to figure out a secure way to transfer files and use telnet.
The problem is that this method of reporting doesn't force the company to do shit. Imagine Joe send a new vulnerability he's uncovered to Company X. They acknowledge the bug, thank him and promise a fix in 60 days. Sounds like a long time? Take a quick look at the track record of Microsoft, er, Company X for their promptness in releasing patches.
Given that amount of time, a thousand other people like Joe have found the exploit. If 1% of them are the bad guys then they'll end up taking down or DOSing systems all over the place.
Another scenario is that Joe is one of very few idiots that reports the bug and keeps his mouth shut. After all, who wants to piss around and waste time documenting a bug in someone else's product, and then hoping you'll get a response from bugs@microsoft? Meanwhile, the aforementioned bad guys don't report it and continue to exploit the security hole. The company, under the impression that so few people have discovered this bug, continually delays fixing the problem.
The only way that the average Joe (ha ha) can ensure that his proprietary commercial software is secure is by posting the exact methodology of any exploits he happens across in the software he owns, thereby forcing the corporations hand. Take Code Red, Blue or Pink as an example. That forced Microsoft into releasing several patches and making them much more available.
As for the 30 day grace period, are you high? What kind of patch needs 30 days for a competent sysadmin to implement? Yeah yeah, large company, testing environment first, then production. But 30 days? Come on. That's as dumb as beliving it takes over a month to fix an overflow in a call to strcpy! Oh wait...
I'm running the 2.4.13-ac7 with NO preemptive patch, doing pretty much the same stuff as you - except I'm running KDE 2 with the resource draining Mosfet Liquid theme, and Oracle running crap in the background. XMMS doesn't skip a beat here either.
Oh yeah, and it's on a P2-300 with 256 megs of RAM. I've never tried the pre. patch - it may be that the VM in the Alan Cox series is a hell of a lot better. Just my two cents.
xmldiff does for XML what diff does to text, and the generated output is less space then doing a textual diff on the XML. Just FYI.
Re:Military solutions don't do well with civilians
on
Peer-to-Peer Cellular
·
· Score: 1
Yeah, military solutions never really fly with "civvies". Hell, I remember this thing called ARPAnet a few years back - I wonder whatever happened to that overengineered piece of crap?
Not enough RAM my ass. I have a PS2 and it contains 32 megabytes of RAM. I've been playing Gran Turismo 3 a hell of a lot lately, it's addictive as heroin. Get this; when you do a 20 lap race, there are 5 other cars with real-time reflection mapping on the windsheilds, the body, and so on. There are windmills turning in the background. You can actually watch your tires turn according to the controls and bounce up and down in the wheel well during a bumpy road in a rally coarse.
Now for the grand finale; all twenty laps (in this example) are stored in less than a meg of RAM! Every car on the track has this level of detail stored in the replay, and it takes up (on average) 100-400 kilobytes on your memory stick. The console programmers know how to squeeze everything they need out of the "small" amount of memory in their systems.
As for rendering images, I highly recommend that you walk into a Futureshop or Sony store and try out this game (or any others) to see how badly this system gives computers a thrashing. Besides, it also has a DVD player and an incredible Dolby digital sound chip. I was a massive PC gaming buff until I picked up this bad-ass machine - and I still haven't looked back.
But they're not releasing that DVD; at least, not to North America. I certainly can't purchase it due to the fact that they don't export it. Even if I could somehow get a Japanese PS2 I can't aquire the source code, which the GPL insists must be available.
How the hell is this off-topic? I want to develop games for the PS2 without shelling out 28,500 US dollars for a development kit; Sony so far has no plans to release the Linux kit in North America. Just because he works at a reputable company doesn't exempt him or Sony from the GPL's restrictions.
If Sony is distributing a bootable version of the Linux kernel to people outside their organization, don't they have to make their modifications available to everyone under the GPL license? When I first heard about Linux on the PS2, I was excited (I have one) but apparently when I last checked they weren't selling it yet. Now with them sending you a copy, they're clearly distributing the kernel (plus the compiler and other utilities) in a closed format. What gives??
Take a look at the GConf library. It uses a standard API for programs to access their configuration data and stores this individual conf files using XML, and is already in use by Nautilus and Evolution. It probably wouldn't be too hard to extend this program to work under Windows or whatever OS you like.
What the hell are you talking about? I do full time Java development under the Linux kernel 2.4 (test 12), and everything works perfectly. Just grab the JDK from the Sun site and it should function out of the box.
When I'm using Java, I find that every class having the Object as it's highest super-parent makes templates really unneccessary. The Collections framework is extremely well-designed and based on this fact. Linked lists, queues, stacks and so on contain Object references which can be used to hold pointers to any type of data due to the common inheritance.
I also find that templates add a hell of a lot of overhead in compiled code and source code since a lot of compilers have minor differences in implementation of them (g++, Intel, MSVC) leading to rewriting code when switching development platforms. A lot of complex C++ template classes and functions I've written (that adhere to the C++ specs) work on one compiler and cause unknown errors on another.
The file layout of the OpenBSD CD is copyrighted by Theo (the creator/packager of the OS) which makes copying, downloading and burning the CD illegal. This allows the group to support the project. If you really want it you gotta pay for it.
Christ, I have a new personal hero. I read your post, thought it was amusing and decided for the hell of it to click on User Info. My God, you actually did it. I couldn't stop laughing! Keep it up!:-)
You're right, HURD development is extremely slow right now. The mailing list generates like a total of 5 messages per day, and no one there really knows how to get their patches submitted into the kernel. Maybe they feel like it's kinda hopeless to pursue the HURD with Linux gaining so much more popularity. Just my two cents.
You have total agreement from me. Sony has pulled so many marketing stunts just to get the PS2 in every media format possible. The amount of computers in this room is exponentially greater than in a bunch of video game consoles, because they're still just that: consoles. They are designed with one purpose in mind, to play awesome games with killer graphics. Maybe a bit of the 3D rendering mathematics could be used in a guidance system, but hell, there's way better open source physics modelling programs for munitions guidance. K, I'm done ranting.
So everyone just sit back, keep your mind open to Slashdot and follow the media carrot.:-)
I've seen this behaviour on my Windows box. You don't have to reboot, Netscape screws up some data and when you close the window it doesn't actually unload the executable from memory. Hit Ctrl-Alt-Delete and force the task to end, then restart Netscape. It's great what we have to do to avoid using IE.:-)
Slashdot Mirror
I've seen the analogy of "putting all your eggs in one basket" applied to globalism a few times. What exactly do you mean by that? Thanks.
Screw this "disable the unneccessary services". Leave everything running, and (this applies to Linux) use the built-in kernel firewall to block everything that tries to establish a TCP connection with your machine. Block all UDP except DNS, and block all ICMP packets. And then block all outgoing traffic, except what you absolutely need. For example, if this machine is a web server, it doesn't need outgoing access to port 80 of external machines.
Anything you need to access as an admin for the machine can be secured fairly painlessly using SSH tunnelling. Look into that as well, it'll save tons of time trying to figure out a secure way to transfer files and use telnet.
The problem is that this method of reporting doesn't force the company to do shit. Imagine Joe send a new vulnerability he's uncovered to Company X. They acknowledge the bug, thank him and promise a fix in 60 days. Sounds like a long time? Take a quick look at the track record of Microsoft, er, Company X for their promptness in releasing patches.
Given that amount of time, a thousand other people like Joe have found the exploit. If 1% of them are the bad guys then they'll end up taking down or DOSing systems all over the place.
Another scenario is that Joe is one of very few idiots that reports the bug and keeps his mouth shut. After all, who wants to piss around and waste time documenting a bug in someone else's product, and then hoping you'll get a response from bugs@microsoft? Meanwhile, the aforementioned bad guys don't report it and continue to exploit the security hole. The company, under the impression that so few people have discovered this bug, continually delays fixing the problem.
The only way that the average Joe (ha ha) can ensure that his proprietary commercial software is secure is by posting the exact methodology of any exploits he happens across in the software he owns, thereby forcing the corporations hand. Take Code Red, Blue or Pink as an example. That forced Microsoft into releasing several patches and making them much more available.
As for the 30 day grace period, are you high? What kind of patch needs 30 days for a competent sysadmin to implement? Yeah yeah, large company, testing environment first, then production. But 30 days? Come on. That's as dumb as beliving it takes over a month to fix an overflow in a call to strcpy! Oh wait...
Sorry, I'm done.
I'm running the 2.4.13-ac7 with NO preemptive patch, doing pretty much the same stuff as you - except I'm running KDE 2 with the resource draining Mosfet Liquid theme, and Oracle running crap in the background. XMMS doesn't skip a beat here either.
Oh yeah, and it's on a P2-300 with 256 megs of RAM. I've never tried the pre. patch - it may be that the VM in the Alan Cox series is a hell of a lot better. Just my two cents.
xmldiff does for XML what diff does to text, and the generated output is less space then doing a textual diff on the XML. Just FYI.
Yeah, military solutions never really fly with "civvies". Hell, I remember this thing called ARPAnet a few years back - I wonder whatever happened to that overengineered piece of crap?
Not enough RAM my ass. I have a PS2 and it contains 32 megabytes of RAM. I've been playing Gran Turismo 3 a hell of a lot lately, it's addictive as heroin. Get this; when you do a 20 lap race, there are 5 other cars with real-time reflection mapping on the windsheilds, the body, and so on. There are windmills turning in the background. You can actually watch your tires turn according to the controls and bounce up and down in the wheel well during a bumpy road in a rally coarse.
Now for the grand finale; all twenty laps (in this example) are stored in less than a meg of RAM! Every car on the track has this level of detail stored in the replay, and it takes up (on average) 100-400 kilobytes on your memory stick. The console programmers know how to squeeze everything they need out of the "small" amount of memory in their systems.
As for rendering images, I highly recommend that you walk into a Futureshop or Sony store and try out this game (or any others) to see how badly this system gives computers a thrashing. Besides, it also has a DVD player and an incredible Dolby digital sound chip. I was a massive PC gaming buff until I picked up this bad-ass machine - and I still haven't looked back.
But they're not releasing that DVD; at least, not to North America. I certainly can't purchase it due to the fact that they don't export it. Even if I could somehow get a Japanese PS2 I can't aquire the source code, which the GPL insists must be available.
How the hell is this off-topic? I want to develop games for the PS2 without shelling out 28,500 US dollars for a development kit; Sony so far has no plans to release the Linux kit in North America. Just because he works at a reputable company doesn't exempt him or Sony from the GPL's restrictions.
If Sony is distributing a bootable version of the Linux kernel to people outside their organization, don't they have to make their modifications available to everyone under the GPL license? When I first heard about Linux on the PS2, I was excited (I have one) but apparently when I last checked they weren't selling it yet. Now with them sending you a copy, they're clearly distributing the kernel (plus the compiler and other utilities) in a closed format. What gives??
Take a look at the GConf library. It uses a standard API for programs to access their configuration data and stores this individual conf files using XML, and is already in use by Nautilus and Evolution. It probably wouldn't be too hard to extend this program to work under Windows or whatever OS you like.
What the hell are you talking about? I do full time Java development under the Linux kernel 2.4 (test 12), and everything works perfectly. Just grab the JDK from the Sun site and it should function out of the box.
When I'm using Java, I find that every class having the Object as it's highest super-parent makes templates really unneccessary. The Collections framework is extremely well-designed and based on this fact. Linked lists, queues, stacks and so on contain Object references which can be used to hold pointers to any type of data due to the common inheritance.
I also find that templates add a hell of a lot of overhead in compiled code and source code since a lot of compilers have minor differences in implementation of them (g++, Intel, MSVC) leading to rewriting code when switching development platforms. A lot of complex C++ template classes and functions I've written (that adhere to the C++ specs) work on one compiler and cause unknown errors on another.
Or they could have named it Herbivore, saying it gets to the root of the problem.
What the hell are you talking about? I use autohide panels with Netscape (KDE 1.2) and it works fine.
The file layout of the OpenBSD CD is copyrighted by Theo (the creator/packager of the OS) which makes copying, downloading and burning the CD illegal. This allows the group to support the project. If you really want it you gotta pay for it.
Christ, I have a new personal hero. I read your post, thought it was amusing and decided for the hell of it to click on User Info. My God, you actually did it. I couldn't stop laughing! Keep it up! :-)
You're right, HURD development is extremely slow right now. The mailing list generates like a total of 5 messages per day, and no one there really knows how to get their patches submitted into the kernel. Maybe they feel like it's kinda hopeless to pursue the HURD with Linux gaining so much more popularity. Just my two cents.
You have total agreement from me. Sony has pulled so many marketing stunts just to get the PS2 in every media format possible. The amount of computers in this room is exponentially greater than in a bunch of video game consoles, because they're still just that: consoles. They are designed with one purpose in mind, to play awesome games with killer graphics. Maybe a bit of the 3D rendering mathematics could be used in a guidance system, but hell, there's way better open source physics modelling programs for munitions guidance. K, I'm done ranting.
So everyone just sit back, keep your mind open to Slashdot and follow the media carrot. :-)
I've seen this behaviour on my Windows box. You don't have to reboot, Netscape screws up some data and when you close the window it doesn't actually unload the executable from memory. Hit Ctrl-Alt-Delete and force the task to end, then restart Netscape. It's great what we have to do to avoid using IE. :-)