> Microsoft is working to educate users and developers about these security issues
Yep. We know all about Microsoft's education*:
In no event shall microsoft or its suppliers be liable for any special, incidental, punitive, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure to meet any duty including of good faith or of reasonable care, for negligence, and for any other pecuniary or other loss whatsoever)
> Just the fact that a couple of young kids can change a mobo in a laptop
Umm, actually I didn't see them pull the mainboard out. They pulled out a lot of screws while an adult supervised, and I didn't see them actually get it back together and functional. It looked like as much of a pain in the ass as disassembling a regular laptop. Taking it apart is the easy step, getting everything back in working order is a much larger one. I think the kids looked interested enough to do it though.
I think it's a great idea to design a product with that in mind. The open-endedness of the OLPC will add to the entire educational benefit. I wonder what kind of FUD Wintel and Asus will cook up now regarding the open design.
Live concerts are the only way your going to get the "true" music, and even then, acoustics can suck and gear can turn crappy. Stuff you buy on CD can be fruity-looped, multitracked, or "digitally enchanced" which again, is not the "true" sound. If the drummer screws up, and throws the guitarist off and the vocalist stumbles, that's how it's supposed to sound. People have taken "True Sound" to mean something between the ideological and personal taste of how the music *should* sound, rather than what it really sounds like. Digital monkeying-around allows the idealism to become reality while the "True Sound" remains unheard. I myself cannot tell the difference between a song on the radio and one from an MP3. I'm just not that demanding. I can tell you if the beat is too fast or too slow (as opposed to what I'm used to hearing) or if the key is different (than what I'm used to hearing), but other than that MP3s sound great to me.
"Even personal reproductive history will be included, for enforcement of China's controversial "one child" policy."
This is creepy. In that documentary called China Blue, it was stated by one of the factory owners that most of it's workforce is ignorant and too stupid to think for themselves. They really regard people there as illiterate simpletons. I don't know how well educated the population is, but it's a pretty crappy attitude and kind of epitomizes the human rights problems in China.
I wonder how long the chinese people will put up with this. I wonder how long the rest of the world will put up with it when it comes comes to their back yard under the guise of "Think of the Children" or "War on Terror"
The defaults are no longer what they were in 199x
on
Hardening Linux
·
· Score: 4, Informative
Seems to me the article is just pimping bastille Linux. Years and years ago, most distros did indeed ship with some pretty crack-worthy options enabled by default. It took a small amount of prodding by the community, but most distros, these days, lean towards a default disable policy:
- [KU]buntu
All services off by default. netfilter rules are default allow however, but there is
nothing to connect to.
- Fedora/RHEL/CentOS
Choose during install what services you want enabled/open/firewalled.
SELinux enabled by default.
- Knoppix 5.1.1
Only Port 68 for dhcp client listener./etc/hosts.deny ALL:PARANOID
- Mandriva 2007 Bootable CD
Port 6000 is all that's open (X server. Ok this is dumb, why?)
Other distros follow similar suit. You can find out what's running on your linux box with:
- netstat -tuna (all tcp/udp sockets, dont resolve names, all listening/non-listening sockets)
- locate iptables; sudo iptables -nvL (show iptables chains for netfilter)
Chances are, if you've not mucked around with the default services things are pretty tight. TFA is a bit inaccurate for linux systems these days.
"I live in a good-sized house, with a nice yard, with deer occasionally showing up and eating the roses (my wife likes the roses more, I like the deer more, so we don't really mind). I've got three kids, and I know I can pay for their education. What more do I need?"
...What more do I need?
In a culture dominated by the words "I need more", this question looks erroneously out of place. Greed is so commonplace that to see such an authentic lack of it is refreshing.
Microsoft is not about sharing. Microsoft is not about community. Microsoft's interests are completely and strictly, monetary. What MS cannot invent it buys. What it cannot innovate, it steals. What it cannot steal it smothers in judicial and legal methods. The Microsoft mentality runs 180 degrees opposite to everything Open Source is about, and history is, unfortunately, a very good indicator of future behaviour.
Linux foundation or not, the idea simply cannot work. There is very little trust of Microsoft in their own customer base let alone any in the Open Source projects (besides Novell and that's likely questionable). The Lying, paid for FUD'ing (Yankee Group), and monetarily sponsored legal campaigns (SCO, RBC) and lobbying has done little to improve that.
There have been way too many bridges burned by Microsoft over the last 20 some years (starting with Apple) for anyone to seriously consider any kind of reckoning, partnership or trust based relationship. Even if MS was to attempt to mend those bridges, it would take a very long time for anyone to trust them enough to be led down them.
This article is simply fanciful, farcicle and whimsical at best.
You must be new here, so I'll try and enlighten you.
You see, Microsoft is a lot like the smelly kid in 3rd grade that used to drop a load in his shorts and not say anything while everyone wandered around trying to figure out what died, where.
After a few of these episodes, whenever there was a strange smell, it would come to pass that the smelly kid dropped another load.
Now, to make matters worse for the smelly kid, imagine him running around telling everyone that he has solved the problem*. People are relieved for a while until, guess what? The smelly kid drops another load. How can this happen, isn't this supposed to be fixed?
This insane cycle of disappointment/re-assurance causes people to get cynical very quickly and as a result, causes people to start complaining very quickly.
> Seriously, here's a phone. Call someone who cares. Or at least isn't surprised. Or at least thinks it's newsworthy.
Attitudes like this are why computer security is in such a dismal state. Crashing an application from a remote system means that application is not filtering it's input correctly and is subject to a remote compromise. Just because IE goes bu-bye and starts right up again doesn't mean everything is peaches. By the time you've restarted the app or rebooted windows, you may have already been compromised with the software of choice by the remote. This cold be a backdoor, keylogger, trojan whatever - and you won't even know it other than "my computer is slow". People need to wise-up because malware is getting sneakier and more cost effective for the people that write it.
Articles like this are news worthy because it brings light to the fact that something is amiss and needs fixing. Unfortunately, other than negative PR, there's little incentive for proprietary software to fix these things. That's one of the reasons IE has been, and still is, such a security nightmare. Firefox is only about 2/3 better (3 pages vs. 8 pages) judging by number of CVEs*. Still, security is about lessening risk. It's foolish to use IE these days with much better options available.
"The concept of penalizing for poor health is not well accepted, and a lot of employees would react badly to it,"
You know, this sounds like another attempt to squeeze less out of benefits while still paying a higher premium. Health care is in poor shape in the US, and although a witch hunt against "offenders" (smoking, fat, whatever) sounds like a logical step, all it's going to do is breed contempt and garner hate. People who are fat, know they're fat. A lot have tried to slim down only to find it all comes back all too quickly. Some people are fat because of depression and/or genetics; pretty complex problem. Nicotine is addictive just like coke and alcohol and some people are more susceptible to it than others. I think they should look to positive reinforcement in the form of sponsoring programs for good mental heath, hygiene and life skills. If people choose to participate, they get a break on their premiums. If they do not choose to participate, their insurance rates stay the same. In the long run, you'll have a majority of healthier, happier people that are a lot more fun to work who are on less medication, and less likely to indulge in things that are not in the interest of good self care. Hopefully, people learn how to take better care of themselves and this results in fewer claims. Sadly, a witch hunt will be much easier and appealing to people.
> While it was a really bad plan life pretty much kept on living.
Sometimes it takes a while for bad decisions to catch up with you. Sometimes 20 years* is only the beginning. You need to pay more attention to history, not Hollywood.
Until society looses it's gender (AND racial) sterotypes, things will never change. Articles that point out the obvious are just perpetuating the stereotype.
A lot of people spoof the apache banner with a IIS banner. It's a pretty old trick and doesn't fake out savvy crackers than can fingerprint the ip stack, but makes people feel better.
In reality, I find it very hard to believe that anyone would *want* to run IIS. Vendor lockin aside, if your running IIS, you're asking to be cracked. Windows security is laughable at best, and if you've built marble empires on top of that foundation, you need to re-assess the cost and value of your assets.
Not for securing a fortress. Surveillance with active IDS is a better deterrent
eg: armed guards patrol premises and monitor video stations vs. a medico lock.
1) Donated Time A lot of OSS is donated time; there isn't a strict corporate deadline to meet where things get duct-taped just to keep PHB happy and get the project done.
2) Peer review If something sucks, it is noted. Even when something doesn't suck, people will say it sucks and many eyes will be on it.
3) Source code You get full access to the source code to PROVE how it is handling your company's assets. If you don't like it, you can presumably change it, when you want it changed.
4) Robust development base Typically, people working on OSS software do it because they love the work - not the pay. This equates to a system where people have a vested interest in how well the system works.
Slashdot Mirror
> Microsoft is working to educate users and developers about these security issues
Yep. We know all about Microsoft's education*:
In no event shall microsoft or its suppliers be liable for any special, incidental, punitive, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure to meet any duty including of good faith or of reasonable care, for negligence, and for any other pecuniary or other loss whatsoever)
[*] - http://www.microsoft.com/windowsxp/home/eula.mspx
It's all the same. You can lock up a system tighter than a dolphins ass, but no security in the world can mitigate pebkac.
> Just the fact that a couple of young kids can change a mobo in a laptop
Umm, actually I didn't see them pull the mainboard out. They pulled out a lot of screws while an adult supervised, and I didn't see them actually get it back together and functional. It looked like as much of a pain in the ass as disassembling a regular laptop. Taking it apart is the easy step, getting everything back in working order is a much larger one. I think the kids looked interested enough to do it though.
I think it's a great idea to design a product with that in mind. The open-endedness of the OLPC will add to the entire educational benefit. I wonder what kind of FUD Wintel and Asus will cook up now regarding the open design.
vodka.
Live concerts are the only way your going to get the "true" music, and even then, acoustics can suck and gear can turn crappy. Stuff you buy on CD can be fruity-looped, multitracked, or "digitally enchanced" which again, is not the "true" sound. If the drummer screws up, and throws the guitarist off and the vocalist stumbles, that's how it's supposed to sound. People have taken "True Sound" to mean something between the ideological and personal taste of how the music *should* sound, rather than what it really sounds like. Digital monkeying-around allows the idealism to become reality while the "True Sound" remains unheard. I myself cannot tell the difference between a song on the radio and one from an MP3. I'm just not that demanding. I can tell you if the beat is too fast or too slow (as opposed to what I'm used to hearing) or if the key is different (than what I'm used to hearing), but other than that MP3s sound great to me.
"Even personal reproductive history will be included, for enforcement of China's controversial "one child" policy."
This is creepy. In that documentary called China Blue, it was stated by one of the factory owners that most of it's workforce is ignorant and too stupid to think for themselves. They really regard people there as illiterate simpletons. I don't know how well educated the population is, but it's a pretty crappy attitude and kind of epitomizes the human rights problems in China.
I wonder how long the chinese people will put up with this. I wonder how long the rest of the world will put up with it when it comes comes to their back yard under the guise of "Think of the Children" or "War on Terror"
Seems to me the article is just pimping bastille Linux. Years and years ago, most distros did indeed ship with some pretty crack-worthy options enabled by default. It took a small amount of prodding by the community, but most distros, these days, lean towards a default disable policy:
/etc/hosts.deny ALL:PARANOID
- [KU]buntu
All services off by default. netfilter rules are default allow however, but there is
nothing to connect to.
- Fedora/RHEL/CentOS
Choose during install what services you want enabled/open/firewalled.
SELinux enabled by default.
- Knoppix 5.1.1
Only Port 68 for dhcp client listener.
- Mandriva 2007 Bootable CD
Port 6000 is all that's open (X server. Ok this is dumb, why?)
Other distros follow similar suit. You can find out what's running on your linux box with:
- netstat -tuna (all tcp/udp sockets, dont resolve names, all listening/non-listening sockets)
- locate iptables; sudo iptables -nvL (show iptables chains for netfilter)
Chances are, if you've not mucked around with the default services things are pretty tight.
TFA is a bit inaccurate for linux systems these days.
"I live in a good-sized house, with a nice yard, with deer occasionally showing up and eating the roses (my wife likes the roses more, I like the deer more, so we don't really mind). I've got three kids, and I know I can pay for their education. What more do I need?"
...What more do I need?
In a culture dominated by the words "I need more", this question looks erroneously out of place. Greed is so commonplace that to see such an authentic lack of it is refreshing.
Microsoft is not about sharing. Microsoft is not about community. Microsoft's interests are completely and strictly, monetary. What MS cannot invent it buys. What it cannot innovate, it steals. What it cannot steal it smothers in judicial and legal methods. The Microsoft mentality runs 180 degrees opposite to everything Open Source is about, and history is, unfortunately, a very good indicator of future behaviour.
Linux foundation or not, the idea simply cannot work. There is very little trust of Microsoft in their own customer base let alone any in the Open Source projects (besides Novell and that's likely questionable). The Lying, paid for FUD'ing (Yankee Group), and monetarily sponsored legal campaigns (SCO, RBC) and lobbying has done little to improve that.
There have been way too many bridges burned by Microsoft over the last 20 some years (starting with Apple) for anyone to seriously consider any kind of reckoning, partnership or trust based relationship. Even if MS was to attempt to mend those bridges, it would take a very long time for anyone to trust them enough to be led down them.
This article is simply fanciful, farcicle and whimsical at best.
They'll fix it. It's most likely not as big a deal as the media is hoping for. The surprises you *don't* catch are the ones that usually kill you.
Very quickly.
u rity/2100-1012_3-6032344.html
You must be new here, so I'll try and enlighten you.
You see, Microsoft is a lot like the smelly kid in 3rd grade that
used to drop a load in his shorts and not say anything while
everyone wandered around trying to figure out what died, where.
After a few of these episodes, whenever there was a strange smell,
it would come to pass that the smelly kid dropped another load.
Now, to make matters worse for the smelly kid, imagine him running
around telling everyone that he has solved the problem*. People are
relieved for a while until, guess what? The smelly kid drops another
load. How can this happen, isn't this supposed to be fixed?
This insane cycle of disappointment/re-assurance causes people to
get cynical very quickly and as a result, causes people to start complaining
very quickly.
[*] - http://news.com.com/Allchin+Buy+Vista+for+the+sec
use a web-cam to work on it and watch the monitor with your eyes, not the laser.
Thank God! A user that finally gets security! Look at those pigs wizzin by...
"One of the things that many users worry about is whether they're getting an
2 5
inferior version of MySQL by using the Community version."
They already have SCO, how much more inferior can they get.
http://slashdot.org/article.pl?sid=05/09/04/17302
Bad way to start out an article on lasers.
> Seriously, here's a phone. Call someone who cares. Or at least isn't surprised. Or at least thinks it's newsworthy.
Attitudes like this are why computer security is in such a dismal state. Crashing an application from a remote system means that application is not filtering it's input correctly and is subject to a remote compromise. Just because IE goes bu-bye and starts right up again doesn't mean everything is peaches. By the time you've restarted the app or rebooted windows, you may have already been compromised with the software of choice by the remote. This cold be a backdoor, keylogger, trojan whatever - and you won't even know it other than "my computer is slow". People need to wise-up because malware is getting sneakier and more cost effective for the people that write it.
Articles like this are news worthy because it brings light to the fact that something is amiss and needs fixing. Unfortunately, other than negative PR, there's little incentive for proprietary software to fix these things. That's one of the reasons IE has been, and still is, such a security nightmare. Firefox is only about 2/3 better (3 pages vs. 8 pages) judging by number of CVEs*. Still, security is about lessening risk. It's foolish to use IE these days with much better options available.
[*] - https://www.kb.cert.org/vuls/html/search
In 48 slashdot comments or less.
> We should be grateful that the only major player to take the Microsoft pill was Novell
Lets not forget Linspire and Xandros. No, not major, but let's give credit it's due.
"The concept of penalizing for poor health is not well accepted, and a lot of employees would react badly to it,"
You know, this sounds like another attempt to squeeze less out of benefits while still paying a higher premium. Health care is in poor shape in the US, and although a witch hunt against "offenders" (smoking, fat, whatever) sounds like a logical step, all it's going to do is breed contempt and garner hate. People who are fat, know they're fat. A lot have tried to slim down only to find it all comes back all too quickly. Some people are fat because of depression and/or genetics; pretty complex problem. Nicotine is addictive just like coke and alcohol and some people are more susceptible to it than others. I think they should look to positive reinforcement in the form of sponsoring programs for good mental heath, hygiene and life skills. If people choose to participate, they get a break on their premiums. If they do not choose to participate, their insurance rates stay the same. In the long run, you'll have a majority of healthier, happier people that are a lot more fun to work who are on less medication, and less likely to indulge in things that are not in the interest of good self care. Hopefully, people learn how to take better care of themselves and this results in fewer claims. Sadly, a witch hunt will be much easier and appealing to people.
> While it was a really bad plan life pretty much kept on living.
8 ,411056,00.html
Sometimes it takes a while for bad decisions to catch up with you. Sometimes 20 years* is only the beginning. You need to pay more attention to history, not Hollywood.
[*] - http://www.spiegel.de/international/spiegel/0,151
Until society looses it's gender (AND racial) sterotypes, things will never change. Articles that point out the obvious are just perpetuating the stereotype.
A lot of people spoof the apache banner with a IIS banner. It's a pretty old trick and doesn't fake out savvy crackers than can fingerprint the ip stack, but makes people feel better.
In reality, I find it very hard to believe that anyone would *want* to run IIS. Vendor lockin aside, if your running IIS, you're asking to be cracked. Windows security is laughable at best, and if you've built marble empires on top of that foundation, you need to re-assess the cost and value of your assets.
Not for securing a fortress. Surveillance with active IDS is a better deterrent eg: armed guards patrol premises and monitor video stations vs. a medico lock.
1) Donated Time
A lot of OSS is donated time; there isn't a strict corporate deadline to meet where things get duct-taped just to keep PHB happy and get the project done.
2) Peer review
If something sucks, it is noted. Even when something doesn't suck, people will say it sucks and many eyes will be on it.
3) Source code
You get full access to the source code to PROVE how it is handling your company's assets. If you don't like it, you can presumably change it, when you want it changed.
4) Robust development base
Typically, people working on OSS software do it because they love the work - not the pay. This equates to a system where people have a vested interest in how well the system works.
They should have taken a vote on what people wanted.