You could {and BTW, there are actually two L's in "tunnelling"} but it wouldn't solve the problem here. The problem here is that people are using FTP to upload material {such as phishing site backends} to servers. The solution is actually to disable mod_userdir in Apache -- because then the phishing site can't be downloaded by recipients of the phishing e-mails.
My company got hit by this. Basically, someone found a username / password combination on a web server and FTP'ed up a phishing website. This user didn't have a valid login shell {it was set to/bin/false} but that didn't matter here because they didn't need to run shell commands {and in any case, if they needed to, they had a perfectly good cgi-bin directory they could use}.
Obviously you have to have FTP and web servers on the same machine, otherwise your hosting customers can't upload their pages. To limit the potential damage, disable mod_userdir -- all your users should already have their own domain names anyway. And if you have any "email only" users {usually, these will be secondary mailbox accounts, i.e. when you have things like fred@freds-shed.org.uk going into one mailbox and charlie@freds-shed.org.uk going into another} whose only way of accessing files is by POP3 or IMAP, use a different shell for them. {I recommend/bin/true for FTP-enabled users without shell access -- this needs to be mentioned in/etc/shells, of course, for FTP access to work -- and/bin/false for non-FTP users. This should not be in/etc/shells.}
If you have users who want to use scp or fish to upload stuff, they'll have to have a Bourne-like shell such as/bin/bash or/bin/ash. In which case, as a bare minimum you should disable password-based logins. There are better solutions involving chroot and per-user bin folders.
I'm already highly aggressive with blocking all advertising and user-tracking anyway, so it won't affect me personally. One of these days, I even plan to start reselling ADSL with a transparent proxy configured my own special way, so other people can also enjoy the same advertisement-free Internet experience (and I can make a few quid as a secondary consideration).
Do you mean to say that calls to the same destination number are charged differently depending upon whether they were dialled by pulse or tone? Because that would just be mucked-up. Or does LD mean something else besides "Loop Disconnect"?
Except that isn't how Google work. Google only like software being Open Source when it has been written by other people.
Google wouldn't release so much as a single byte of Source Code, if it wasn't for the GPL making them do so. (Where's the Source Code for Picasa? Or Google Earth? Or any of the other "free" [as in, "this dog is free from lice"] software they give away?) In fact, I'm even surprised they're basing Android on Linux and not one of the BSDs. I guess it could just be an image thing, because Linux is much better known.
If Google ever sponsor a GPL project from the ground up, it is only because they want to be able to claim copyright on the code and therefore release it as Caged Software.
Whilst the PIN is the weak point in the system (or to be more exact the human is), one would imagine the chip is more secure than the magnetic strip.
Which is more secure:
Putting a £1 padlock on a tent?
Putting a £50 padlock on a tent?
It hardly matters whether the data on the card is held in a magstripe (which is easy to clone) or a chip (which is hard to clone right now, but just wait.....) when it's so easy to get hold of the PIN. You don't even need to clone the card, or have a dodgy reader -- if you know the PIN, all you need to do is lift the card and pass it through a real reader before the victim notifies the authorities. A HITW machine might be a bit dangerous, but most supermarkets and main post offices will give you cash with a chip-and-PIN card. They're busy places, and staff are highly unlikely to notice that the person presenting the card is not the person named upon the card. And the transaction is not dodgy, because the correct PIN was used. If you can return the card, you can even pull this scam more than once per victim.
A PIN (a 4-digit number with a search space of 10 000) is much, much less secure than a signature (complex hand gesture with near-infinite search space). It takes even an experienced person at least an hour to learn to forge a signature convincingly. (The hard part is not giving yourself away with body language: you have to make the whole act of signing your name look like a casual, throwaway act, something you do all the time, not like you're auditioning before a panel of silent, stone-faced judges for a leading part in a West End production.) A PIN can be obtained under threat of violence in seconds. An accomplice can then verify the PIN in a nearby store, and use what was until very recently the victim's own phone to report the success or otherwise to the robber.
The only reason why the number of fraudulent transactions is less on chip-and-PIN systems, is because every transaction is assumed legitimate by default -- unlike signature-backed systems, where a human being intervenes to judge the legitimacy of every transaction.
Chip-and-PIN has a couple of purposes. Most obviously, to transfer liability from banks and merchants to cardholders -- but that's just a fringe benefit. The real, long-term purpose is to acclimatise people to the concept of inserting a card into a reader and keying in a number. Soon, you won't have a separate bank card for each account; they'll all be accessible via your Biometric National Identity card, which will also open the doors to your workplace -- and eventually, your home.
There is only one thing that all sane governments can do: Create a brand-new international treaty condemning autonomous armed robots and unstaffed mobile weapons under remote control of a human operator as equivalent to land mines; and forbidding their manufacture, import or use on any territory within their nominal control.
I am sorry in your delusional thinking but how exactly would the EU get these licenses for 2008 already and as usual the socialist around here come out with their fantasy thinking. EU still has to pay for the license renewals and if I were MS I would raise the price for the EU.
The only reason why European governments need licences to run Microsoft software in the first place, is that the EU make them get licences for all the software they run. The EU have the power to change this, by bestowing the privilege to use Microsoft software directly; and Microsoft can't do a blind thing about it if they do.
IF MS followed standards, it might also drive them into bankruptcy. They depend on the ubiquity of their proprietary formats (like with Office) to survive. If they went to standardized formats, any yahoo or his brother could just clone or even top any of their products (as Firefox did with IE). It would essentially make their IP worthless, which would, in turn, make their stock worthless (since their IP *is* their company).
Tough titty for Microsoft.
The world does not owe anybody a living. If you think you can make a viable business out of siting 50p-a-piss, £1-a-shit pay toilets in forests, you are free to go ahead and try. But when people start going behind the nearest tree instead, don't start crying.
Depending on proprietary anything for your competitive advantage is generally suicidal; unless you can plan so that the entire lifecycle of your product, from conception to ultimate demise, is within the duration of legal protection. Then you make something everyone has to have, sell a shitload of them quickly and retire. (Or, if you're the RIAA/MPAA, you ensure that the duration of legal protection extends beyond the lifecycle of your product.....)
Yes; but only if and when Apple achieve a de facto monopoly in one space.
For instance, if Apple became the dominant supplier of desktop computers, then it would be quite reasonable to block them from selling software.
This is why BT weren't allowed to sell cable TV services until their market share in the telecommunications space dropped below a certain point (notwithstanding that at the time, it wasn't technologically feasible for them to deliver television pictures over the telephone cables that existed then. There were still clicky-clicky exchanges, for crying out loud; the last manual telephone exchange in the UK was replaced in 1976. By a clicky-clicky one). Other telecommunications companies weren't so restricted, and so were allowed to offer telephony and television services.
How does it make sense for Office to have to be compatible? Microsoft Office is a Microsoft Program. If they want it to be proprietary, it's their right.
No it isn't: it's blatant anti-competitive behaviour.
If you have a large CD collection, you aren't stuck to one make of CD player. You can buy a Philips or a Sony or a Panasonic or a Daewoo or any number of no-name brands. Your investment in CDs is protected by there being more than one manufacturer of CD players. They all take the same discs, they all run from the same power supply, they all have the same analogue outputs. The only thing on which they compete is merit.
But if you have a large collection of saved Microsoft Office documents, the situation is a little different. You can't get a perfect drop-in replacement for MS Office precisely because Microsoft are withholding details of file formats and protocols. Therefore, Microsoft customers are forced to keep paying licence fees to Microsoft just to keep the ability to access their old saved documents.
Some third-party office suite could cane Microsoft on every other feature going (and indeed, the latest KOffice does); but it could never gain serious consideration as a replacement for MS, as long as it lacked the ability to import old documents saved by Microsoft Office. (The possible exception would be in the case of a brand-new company setting up shop from nowhere, with absolutely no legacy documents whatsoever and enough clout to persuade customers not to e-mail them.doc and.xls files.)
Next thing you know, the EU is going to rule that the Wii, due to its dominant market position, has to run XBox 360 and PS3 games.
Don't laugh, it could happen. But what's more likely is that games console manufacturers will be forbidden to use measures to prevent third-party developed games running on their system (the venerable Atari 2600 depended on the existence of 3rd party games to keep it going beyond 1981..... Atari's own offerings were pretty christian in comparison to titles by the likes of Activision) and/or preventing games developed by them running on other people's systems.
Anyway, it's not the 1980s anymore..... games released on more than one system are compiled from the same Source Code. There's no real reason why, if processor power per pound keeps increasing, games couldn't be run through an interpreter..... which would be the only platform-specific bit.
Del Amitri's words from nearly 20 years back still ring true:
Nothing ever happens
Nothing happens at all
The needle returns to the start of the song
And we all sing along like before
Microsoft will pay some token portion of the fine and continue to get away with exactly the same misbehaviour for which they were fined in the first place. Nobody even realises they're being eaten alive, until they haven't enough bits left to do anything about it anyway.
You don't have to know the entire codebase personally. It's enough to know that other people, independent of the original vendor and with nothing to lose irrespective of how much anything they might say could embarrass said vendor, also have access to it.
So they have gone for a more modular way of operating and even abstracted the GUI out of the core OS functionality allowing a "headless" server. That's good!
Next you know, they'll be letting people poke about inside the Source Code.....
As opposed to Postgres, which is £0 irrespective of how many processors are in the machine you install it on (or indeed, for that matter, how many machines you install it on) and comes with full, annotated Source Code. Or there was that array persistence layer that Sun bought..... even that might be OK for a simple database-like application with a high SELECT to INSERT ratio.
Does this mean that I can give users shell access, by placing (hard links to) a stripped-down busybox and ash in $HOME/bin, and they won't be able to access anything outside the chroot environment? That could be sweet.
where m = mass (in kg), g = acceleration due to gravity = 10 ms-2 (on earth) and h = height (in metres).
If you lift a mass of 1 kg up by 1 metre, you will have to do 10J of work on the way up, and it will do 10J of work on the way down. What it's driving doesn't make a difference, because energy is just energy and it's all going to end up as heat in the end anyway. The power (rate at which energy is converted from one form to another) is m * g * h / t, where t is the time taken (in seconds) for all the energy to be converted.
In a clock, all of the energy stored in the weights is used up overcoming friction in the bearings (you're lifting the hands against gravity for half the time, but the other half, gravity is actually helping them). A small amount of energy is imparted to the pendulum each time it swings, but that too is ultimately expended overcoming friction in the pendulum bearing.
And that's why, in the real world, people use real measuring units. We have 22.7kg falling through 1.47m under an acceleration of 10ms-2, giving 333.69J of energy. Over 4 hours, that is 23.2 milliwatts.
IAAE, and how long the weights take to fall doesn't make a blind bit of difference to the total energy liberated -- only to the power.
The potential energy stored = mass * g * height
= 22.7 kg * 10 m/s2 * 1.47 m
= 333.69 J.
If it takes 4 hours for the weights to fall, that is 14400 seconds, giving a power of 0.0232 W. For a single white LED with a forward voltage of about 3V, that equates to a current of just shy of 8mA. Which will light it up..... but not very brightly, and certainly nowhere near as bright as a 40W filament bulb.
Slashdot Mirror
Please explain how to upload pages to a shared webserver in co-lo using BitTorrent.
You could {and BTW, there are actually two L's in "tunnelling"} but it wouldn't solve the problem here. The problem here is that people are using FTP to upload material {such as phishing site backends} to servers. The solution is actually to disable mod_userdir in Apache -- because then the phishing site can't be downloaded by recipients of the phishing e-mails.
My company got hit by this. Basically, someone found a username / password combination on a web server and FTP'ed up a phishing website. This user didn't have a valid login shell {it was set to /bin/false} but that didn't matter here because they didn't need to run shell commands {and in any case, if they needed to, they had a perfectly good cgi-bin directory they could use}.
/bin/true for FTP-enabled users without shell access -- this needs to be mentioned in /etc/shells, of course, for FTP access to work -- and /bin/false for non-FTP users. This should not be in /etc/shells.}
/bin/bash or /bin/ash. In which case, as a bare minimum you should disable password-based logins. There are better solutions involving chroot and per-user bin folders.
Obviously you have to have FTP and web servers on the same machine, otherwise your hosting customers can't upload their pages. To limit the potential damage, disable mod_userdir -- all your users should already have their own domain names anyway. And if you have any "email only" users {usually, these will be secondary mailbox accounts, i.e. when you have things like fred@freds-shed.org.uk going into one mailbox and charlie@freds-shed.org.uk going into another} whose only way of accessing files is by POP3 or IMAP, use a different shell for them. {I recommend
If you have users who want to use scp or fish to upload stuff, they'll have to have a Bourne-like shell such as
Yeah, if they want.
I'm already highly aggressive with blocking all advertising and user-tracking anyway, so it won't affect me personally. One of these days, I even plan to start reselling ADSL with a transparent proxy configured my own special way, so other people can also enjoy the same advertisement-free Internet experience (and I can make a few quid as a secondary consideration).
Do you mean to say that calls to the same destination number are charged differently depending upon whether they were dialled by pulse or tone? Because that would just be mucked-up. Or does LD mean something else besides "Loop Disconnect"?
Except that isn't how Google work. Google only like software being Open Source when it has been written by other people.
Google wouldn't release so much as a single byte of Source Code, if it wasn't for the GPL making them do so. (Where's the Source Code for Picasa? Or Google Earth? Or any of the other "free" [as in, "this dog is free from lice"] software they give away?) In fact, I'm even surprised they're basing Android on Linux and not one of the BSDs. I guess it could just be an image thing, because Linux is much better known.
If Google ever sponsor a GPL project from the ground up, it is only because they want to be able to claim copyright on the code and therefore release it as Caged Software.
- Putting a £1 padlock on a tent?
- Putting a £50 padlock on a tent?
It hardly matters whether the data on the card is held in a magstripe (which is easy to clone) or a chip (which is hard to clone right now, but just waitChip and PIN has nothing to do with security.
A PIN (a 4-digit number with a search space of 10 000) is much, much less secure than a signature (complex hand gesture with near-infinite search space). It takes even an experienced person at least an hour to learn to forge a signature convincingly. (The hard part is not giving yourself away with body language: you have to make the whole act of signing your name look like a casual, throwaway act, something you do all the time, not like you're auditioning before a panel of silent, stone-faced judges for a leading part in a West End production.) A PIN can be obtained under threat of violence in seconds. An accomplice can then verify the PIN in a nearby store, and use what was until very recently the victim's own phone to report the success or otherwise to the robber.
The only reason why the number of fraudulent transactions is less on chip-and-PIN systems, is because every transaction is assumed legitimate by default -- unlike signature-backed systems, where a human being intervenes to judge the legitimacy of every transaction.
Chip-and-PIN has a couple of purposes. Most obviously, to transfer liability from banks and merchants to cardholders -- but that's just a fringe benefit. The real, long-term purpose is to acclimatise people to the concept of inserting a card into a reader and keying in a number. Soon, you won't have a separate bank card for each account; they'll all be accessible via your Biometric National Identity card, which will also open the doors to your workplace -- and eventually, your home.
On your what?
.....)
(Anything with a line-in jack, I guess
There is only one thing that all sane governments can do: Create a brand-new international treaty condemning autonomous armed robots and unstaffed mobile weapons under remote control of a human operator as equivalent to land mines; and forbidding their manufacture, import or use on any territory within their nominal control.
Anything else is simply barbaric.
The world does not owe anybody a living. If you think you can make a viable business out of siting 50p-a-piss, £1-a-shit pay toilets in forests, you are free to go ahead and try. But when people start going behind the nearest tree instead, don't start crying.
Depending on proprietary anything for your competitive advantage is generally suicidal; unless you can plan so that the entire lifecycle of your product, from conception to ultimate demise, is within the duration of legal protection. Then you make something everyone has to have, sell a shitload of them quickly and retire. (Or, if you're the RIAA/MPAA, you ensure that the duration of legal protection extends beyond the lifecycle of your product
Yes; but only if and when Apple achieve a de facto monopoly in one space.
For instance, if Apple became the dominant supplier of desktop computers, then it would be quite reasonable to block them from selling software.
This is why BT weren't allowed to sell cable TV services until their market share in the telecommunications space dropped below a certain point (notwithstanding that at the time, it wasn't technologically feasible for them to deliver television pictures over the telephone cables that existed then. There were still clicky-clicky exchanges, for crying out loud; the last manual telephone exchange in the UK was replaced in 1976. By a clicky-clicky one). Other telecommunications companies weren't so restricted, and so were allowed to offer telephony and television services.
If you have a large CD collection, you aren't stuck to one make of CD player. You can buy a Philips or a Sony or a Panasonic or a Daewoo or any number of no-name brands. Your investment in CDs is protected by there being more than one manufacturer of CD players. They all take the same discs, they all run from the same power supply, they all have the same analogue outputs. The only thing on which they compete is merit.
But if you have a large collection of saved Microsoft Office documents, the situation is a little different. You can't get a perfect drop-in replacement for MS Office precisely because Microsoft are withholding details of file formats and protocols. Therefore, Microsoft customers are forced to keep paying licence fees to Microsoft just to keep the ability to access their old saved documents.
Some third-party office suite could cane Microsoft on every other feature going (and indeed, the latest KOffice does); but it could never gain serious consideration as a replacement for MS, as long as it lacked the ability to import old documents saved by Microsoft Office. (The possible exception would be in the case of a brand-new company setting up shop from nowhere, with absolutely no legacy documents whatsoever and enough clout to persuade customers not to e-mail them
Anyway, it's not the 1980s anymore
You don't have to know the entire codebase personally. It's enough to know that other people, independent of the original vendor and with nothing to lose irrespective of how much anything they might say could embarrass said vendor, also have access to it.
So they have gone for a more modular way of operating and even abstracted the GUI out of the core OS functionality allowing a "headless" server. That's good!
.....
Next you know, they'll be letting people poke about inside the Source Code
So, £13000 per processor and no source code?
..... even that might be OK for a simple database-like application with a high SELECT to INSERT ratio.
As opposed to Postgres, which is £0 irrespective of how many processors are in the machine you install it on (or indeed, for that matter, how many machines you install it on) and comes with full, annotated Source Code. Or there was that array persistence layer that Sun bought
Tough decision to make. Not!
Does this mean that I can give users shell access, by placing (hard links to) a stripped-down busybox and ash in $HOME/bin, and they won't be able to access anything outside the chroot environment? That could be sweet.
That is the formula: PE = m * g * h
where m = mass (in kg), g = acceleration due to gravity = 10 ms-2 (on earth) and h = height (in metres).
If you lift a mass of 1 kg up by 1 metre, you will have to do 10J of work on the way up, and it will do 10J of work on the way down. What it's driving doesn't make a difference, because energy is just energy and it's all going to end up as heat in the end anyway. The power (rate at which energy is converted from one form to another) is m * g * h / t, where t is the time taken (in seconds) for all the energy to be converted.
In a clock, all of the energy stored in the weights is used up overcoming friction in the bearings (you're lifting the hands against gravity for half the time, but the other half, gravity is actually helping them). A small amount of energy is imparted to the pendulum each time it swings, but that too is ultimately expended overcoming friction in the pendulum bearing.
And that's why, in the real world, people use real measuring units. We have 22.7kg falling through 1.47m under an acceleration of 10ms-2, giving 333.69J of energy. Over 4 hours, that is 23.2 milliwatts.
The guy hasn't done his figures. Real scientists and engineers measure things in metres and kilogrammes. That should be your first clue.
IAAE, and how long the weights take to fall doesn't make a blind bit of difference to the total energy liberated -- only to the power.
..... but not very brightly, and certainly nowhere near as bright as a 40W filament bulb.
The potential energy stored = mass * g * height
= 22.7 kg * 10 m/s2 * 1.47 m
= 333.69 J.
If it takes 4 hours for the weights to fall, that is 14400 seconds, giving a power of 0.0232 W. For a single white LED with a forward voltage of about 3V, that equates to a current of just shy of 8mA. Which will light it up