You mean the large farming conglomerates are killing us. The small farmer is glad to take a subsidy to not plant anything and let the fields recover. Archer Daniels Midland wants money from products.
According to your middle link, the reading distance is 24 inches. If they are 2 feet from our car they can read the freaking vin number by your windshield if they want to. Put away the tin foil hat.
I think a nice big bold sign in man chroot is required, as well as removing all the advice that's currently around to chroot processes, if chroot isn't actually for security.
Did you even bother to read the OpenBSD man page?
"CAVEATS chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privleges."
chroot certainly can be used to add security, providing it is used correctly. As with most things, how good the tools works depend on the competency of the guy using the tool.
They have to do a lot more than knock on a door to get your stuff.
1) They have to phone up the ISP, and ask them who had IP address x.x.x. at 7:27pm two nights ago.
2) If the ISP is decent at all, they will ask them to see the warrant to get that information. They cops don't have it, so the good ISP tells them to go stuff themselves.
3) Cops have to go to judge, hope he understands what an IP address is, and get him to sign a warrant.
4) Go back to ISP which has already yanked their chain and ask for who had the IP again.
5) Now they find the suspected perp lives in another jurisdiction, so now you have to hand off the case to some other cops... who could then knock on the door...
You might wanna RTFA before giving us your great insights... One of the main points the OpenBSD folks are interested in it is because they can easily port it over to architectures that GCC has dropped, that the OpenBSD folks still use.
So you admit, you aren't a programmer, and aren't trained as a DBA either, yet you have taken upon yourself to decide that RDBMSs are all wrong, without really understanding them or their theory in detail.
Thank you for creating lots of work for the rest of us cleaning up the mess after you have trashed your clients data most thoroughly. That's lots of billable hours for us to clean it up and put it in a proper relational format.
"The beauty of the device is that it can produce the whole spectrum of colors, even ultraviolet and infrared light"
Sweet, now we can get a virus on our computers that gives us sunburn.
I wonder if Hawaiian Tropic will hire me as a blackhat to ensure they get increased sales from computer users. Maybe they'll introduce me to the girls.
I'm well aware why CVS is widely used. There was also a large migration from CVS to Subversion because of the few thing Subversion does better. Sure lots of folks are still using CVS, some because of a few issues with Subversion that would be harder for them, others because they are just used to using CVS and don't want to learn anything new, and other just aren't motivated to move their codebase. Never the less, there was a quite noticeable sized migration to Subversion for a few nicer features. Have you noticed any such to Git of other than Linux kernel developers? Shouldn't there have been one if it's markedly better than either CVS or Subversion?
Certainly some development projects have different requirements than others, but he doesn't couch his criticism in that frame. He says subversion is only 'good enough', while Git is great because it's real UNIX and has an idea behind it. That's not saying it's better for this type of project. It's just saying this is better.
It *may* work better for his type of project, but he likes it because he wrote it.
Yeah, Linux is right. Git is great and CVS and Subversion are crap. That's why everyone has migrated away from CVS and Subversion to Git, the fantastic new tool he wrote. Oh wait. They haven't? Wonder why.
He said he installed a fresh copy. If he did it from a copy he got from them, the package verifier could very well have been disabled so it wouldn't throw an error. If he trusts that install he's crazy.
I've seen exactly the same in many many companies where I've been called in to clean up the mess. Hiring of incompetent staff is by no means limited to government.
Did you not read the article at all? This had nothing to do with patching the system. It had to do with them hiring someone who never bothered to learn about SQL and security. It had nothing to do with the tools/system used. It had to do with incompetence of the person hired to set it up.
and it's possible to restore the computer from bare metal in short order.
No, not in my case it's not. I can drive to my sisters house 70 miles away and be back with the backup drive days and days before I could retrieve the backups over my DSL line.
I care how long it takes to retrieve the data as well as how long it takes to upload it. What works for you may not work for me.
Yup. It's the upload/download bandwidth that's the issue with a lot of storage. My low end DSL is pretty much worthless for uploading (and not that awful much better for downloading).
Personally I just buy a spare hard drive (you can 500GB for ~$100 now, it's insane), back up everything I need to, and drop off the spare drive at my sister's house (stored in her basement) the next time I go visit her, so I'm covered if my place gets robbed or burned down.
If we all had massive bandwidth available the online deals might be good, but for most of us, 500 GB would simply take way way too long to upload or download.
This is exactly why the OpenBSD folks have been fighting against binary blobs and demanding open source drivers for hardware. Too many other open source OS's will gladly take a closed binary blob so that they can run hardware. And that leads to possible exploits down the road.
Re:I don't think we'll ever see a solution...
on
Storm Worm Rising
·
· Score: 2, Insightful
I've seen numerous Apple users blindly type in the administrator username/password when prompted to by a program without having any idea why they needed to. If Apple's market share ever gets high enough to make it a juicy target, there are going to be Apple botnets as well.
Re:I don't think we'll ever see a solution...
on
Storm Worm Rising
·
· Score: 0
I believe what we have here is a free market. If you don't like the non-warranty offered by one company, don't buy their product. Buy the one product from a company that does give the warranty you want. But I think you will have a REAL tough time coming up with one that 's willing to do that though, be it closed or open source.
Also, imagine having to do some task on 50 webservers. Would you rather script it once, and feed in a list of IP addresses? Or VNC/Rdesktop in to each one, click, click, click, drag, click.
Which would be a good reason to run Apache wherever possible. IF I ran 50 webservers. I don't. Just a handful and they are on a variety of platforms.
That's like why ask me why I don't user Oracle as a database because it is the ultimate database if you are trying to do ERP and every other job in one big system that can do anything you'd ever need out of a database in a big fortune 500 company. The answer is I don't work for a big fortune 500 company and don't need all those features. PostgreSQL and MSSQL fit all the needs I have nicely with a lower learning curve. Telling someone they should only run Apache is as silly as telling them they should all run Emacs or vi.
Different people have different needs. Once size does not fit all. If you prefer Apache, great! Use it. For some of us IIS can work as well or better to meet our needs. It's good that we have choices.
Slashdot Mirror
Because your set of friends represent the whole spectrum of users and faithfully represents their percentage of the market eh?
Personally I have 3 machines that have every PCI/PCI-E slot in them filled, and I could use more.
Just because you and your friends don't use all slots available doesn't mean there aren't plenty of us out there who do.
You are a moron who didn't live through the gas crisis of the 70's.
You mean the large farming conglomerates are killing us. The small farmer is glad to take a subsidy to not plant anything and let the fields recover. Archer Daniels Midland wants money from products.
No, that's trademark.
Well, tires wear out. Just pay for your new ones with cash so "the man" can't track your every move.
According to your middle link, the reading distance is 24 inches. If they are 2 feet from our car they can read the freaking vin number by your windshield if they want to. Put away the tin foil hat.
I think a nice big bold sign in man chroot is required, as well as removing all the advice that's currently around to chroot processes, if chroot isn't actually for security.
Did you even bother to read the OpenBSD man page?
"CAVEATS
chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privleges."
chroot certainly can be used to add security, providing it is used correctly. As with most things, how good the tools works depend on the competency of the guy using the tool.
They have to do a lot more than knock on a door to get your stuff.
1) They have to phone up the ISP, and ask them who had IP address x.x.x. at 7:27pm two nights ago.
2) If the ISP is decent at all, they will ask them to see the warrant to get that information. They cops don't have it, so the good ISP tells them to go stuff themselves.
3) Cops have to go to judge, hope he understands what an IP address is, and get him to sign a warrant.
4) Go back to ISP which has already yanked their chain and ask for who had the IP again.
5) Now they find the suspected perp lives in another jurisdiction, so now you have to hand off the case to some other cops... who could then knock on the door...
You might wanna RTFA before giving us your great insights... One of the main points the OpenBSD folks are interested in it is because they can easily port it over to architectures that GCC has dropped, that the OpenBSD folks still use.
BeOS had a microkernel, and it was not slow.
So you admit, you aren't a programmer, and aren't trained as a DBA either, yet you have taken upon yourself to decide that RDBMSs are all wrong, without really understanding them or their theory in detail.
Thank you for creating lots of work for the rest of us cleaning up the mess after you have trashed your clients data most thoroughly. That's lots of billable hours for us to clean it up and put it in a proper relational format.
Why fund it? They already make and give out WSUS for free.
"The beauty of the device is that it can produce the whole spectrum of colors, even ultraviolet and infrared light"
Sweet, now we can get a virus on our computers that gives us sunburn.
I wonder if Hawaiian Tropic will hire me as a blackhat to ensure they get increased sales from computer users. Maybe they'll introduce me to the girls.
I'm well aware why CVS is widely used. There was also a large migration from CVS to Subversion because of the few thing Subversion does better. Sure lots of folks are still using CVS, some because of a few issues with Subversion that would be harder for them, others because they are just used to using CVS and don't want to learn anything new, and other just aren't motivated to move their codebase. Never the less, there was a quite noticeable sized migration to Subversion for a few nicer features. Have you noticed any such to Git of other than Linux kernel developers? Shouldn't there have been one if it's markedly better than either CVS or Subversion?
Certainly some development projects have different requirements than others, but he doesn't couch his criticism in that frame. He says subversion is only 'good enough', while Git is great because it's real UNIX and has an idea behind it. That's not saying it's better for this type of project. It's just saying this is better.
It *may* work better for his type of project, but he likes it because he wrote it.
Yeah, Linux is right. Git is great and CVS and Subversion are crap. That's why everyone has migrated away from CVS and Subversion to Git, the fantastic new tool he wrote. Oh wait. They haven't? Wonder why.
He said he installed a fresh copy. If he did it from a copy he got from them, the package verifier could very well have been disabled so it wouldn't throw an error.
If he trusts that install he's crazy.
I've seen exactly the same in many many companies where I've been called in to clean up the mess. Hiring of incompetent staff is by no means limited to government.
Did you not read the article at all? This had nothing to do with patching the system. It had to do with them hiring someone who never bothered to learn about SQL and security. It had nothing to do with the tools/system used. It had to do with incompetence of the person hired to set it up.
and it's possible to restore the computer from bare metal in short order.
No, not in my case it's not. I can drive to my sisters house 70 miles away and be back with the backup drive days and days before I could retrieve the backups over my DSL line.
I care how long it takes to retrieve the data as well as how long it takes to upload it. What works for you may not work for me.
who really cares?
I do.
Watch techbargains or slickdeals. You can often find 500 gig drives for $90 or less.
Yup. It's the upload/download bandwidth that's the issue with a lot of storage. My low end DSL is pretty much worthless for uploading (and not that awful much better for downloading).
Personally I just buy a spare hard drive (you can 500GB for ~$100 now, it's insane), back up everything I need to, and drop off the spare drive at my sister's house (stored in her basement) the next time I go visit her, so I'm covered if my place gets robbed or burned down.
If we all had massive bandwidth available the online deals might be good, but for most of us, 500 GB would simply take way way too long to upload or download.
This is exactly why the OpenBSD folks have been fighting against binary blobs and demanding open source drivers for hardware. Too many other open source OS's will gladly take a closed binary blob so that they can run hardware. And that leads to possible exploits down the road.
I've seen numerous Apple users blindly type in the administrator username/password when prompted to by a program without having any idea why they needed to. If Apple's market share ever gets high enough to make it a juicy target, there are going to be Apple botnets as well.
I believe what we have here is a free market. If you don't like the non-warranty offered by one company, don't buy their product. Buy the one product from a company that does give the warranty you want. But I think you will have a REAL tough time coming up with one that 's willing to do that though, be it closed or open source.
Also, imagine having to do some task on 50 webservers. Would you rather script it once, and feed in a list of IP addresses? Or VNC/Rdesktop in to each one, click, click, click, drag, click.
Which would be a good reason to run Apache wherever possible. IF I ran 50 webservers. I don't. Just a handful and they are on a variety of platforms.
That's like why ask me why I don't user Oracle as a database because it is the ultimate database if you are trying to do ERP and every other job in one big system that can do anything you'd ever need out of a database in a big fortune 500 company. The answer is I don't work for a big fortune 500 company and don't need all those features. PostgreSQL and MSSQL fit all the needs I have nicely with a lower learning curve. Telling someone they should only run Apache is as silly as telling them they should all run Emacs or vi.
Different people have different needs. Once size does not fit all. If you prefer Apache, great! Use it. For some of us IIS can work as well or better to meet our needs. It's good that we have choices.