Unless their OS vendor produces patches without incrementing to a new version of SSL.
Why would they do this? 'cause the OpenSSL apis keep changing and the vendor saw that patching an older ssl version was easier than rebuilding and pushing errata for every freaking package that uses SSL.
0.9.5a is still updated by Red Hat, for example, on 7.0 because it is required for python 1.5.2, which is required for more packages than i care to list here. (including up2date, which gets you such fancy updates from Red Hat)
However, 0.9.5a is patchable to a safe level, it's most recent build date for 7.0 being August 1.
Now, if they're not running vendor-provided patches on a production server, then they have a lot of faith in their sysadmin to have a lot of time to sit and compile new software everytime a patch becomes available. Which, being that netcraft also says they're running a BSD, maybe they are just that crazy.:)
So yeah, that probably puts it right in there with "Ya Ya Sisterhood 2" or maybe even "XXX^2".
I don't really think WB has anything to fear for their pocketbook on this one getting leaked. Maybe they should fear that JK Rowling will want to renegotiate the contract for the rest of the series based on the outrageous popularity of the initial and sophomore releases.
yeah. don't forget those long-lost flashy-lights-and-sounds you-do-this-now games.
like simon.
of course, the Japanese have an attention span of about 9 months for technology, so simon is like ancient history.
but yeah, the weird "i just peed myself over this game that i've been waiting months and months and months for" post is odd, even for a saturday night.
I'm going back to my install. nothing to see here.
Al Qa'ida is going to start the next wave of e-business.
Introducing T2T!
Terrorist-to-Terrorist is the way to consolidate your efforts with terror cells around the world!! Get the inside line on what raw materials and services are available from organizations like yours worldwide! Make contacts in explosives, nuclear devices, communications services, and smuggling rings! Offer your services on our boards! Sign up your group today!!
...not everyone one is an introverted self hating geeek
No, they're a bunch of self-loathing sinners.
They were one-hit wonders. Their great work was called "The Holy Bible".
Maybe between Virgin Birth, Immaculate Conception, Ressurection, Eternal Life, "the body of christ", in addition to the magical transformation of "one who has disagreed" to "the most supreme evil being in the universe" ala Lucifer, they've said all they wanted to say. You've still got all the sex, rape, genocide, and talking to other-wordly beings, too.
To get a common criteria certification, in addition to the thousands of dollars (>$40,000) you have to spend, you have to specify what your system does and then prove that it does it.
So, as I have not seen the specifics of Microsoft's CC case (which I doubt we'll see the full report), a certain company could say "Product X is a workstation operating system that does not allow UserA to see UserB's documents" and then Product X would be certified as having accomplished that.
There are different guidelines for different products, including firewalls and network management equipment and software.
You get a CC cert when your product DOES WHAT YOU CLAIMED IT WOULD DO IN THE APPLICATION.
There is NO third-party security guidelines for the products, as in the SANS guidelines or anything else.
You write up the application, make your security-related feature claims, and pay your fee. The product is given to a lab for testing.
The point of the CC is to get gov't and contractors to look at products based on what jobs and specific requirements those products can fill in their IT solutions. It's not really a security cert in the way "Windows is secure" would make you think. It's "Here's the list of security-related requirements you can fill with this product".
--mandi
Now back to your carrying on. Yes, I worked on a product that was to be CC'd.
I have a VW Beetle TDI. 45mpg city (i live outside washington dc). For some reason, drivers of large diesel trucks see a need to point out that i'm putting diesel in my car, not gas. Yes, thanks, I know.
New small diesel engines are noticibly quieter and cleaner than those from the early 80's. My previous vehicle being a 1981 VW Rabbit diesel, the change to the new TDI engine was fantastic. And I don't have a plug hanging out of the front grill anymore, like I did on the Rabbit. And the lack of the black soot on the body is nice, too.
Most modern (under 7 years old, i think) diesel engines will also run biodiesel, which is part bio-byproduct, the french-fry grease fuel. They'll also run a mixture of gas and diesel.
I don't know if the same is true for gas, having never owned a gas car, but my car runs noticibly better on the fuel from some companies compared to others. Being that Texaco and Exxon/Mobil have the only diesel pumps in my area, the Texaco fuel gives me an extra 3-5 mpg over the Exxon.
VW produces most, if not all, of their models as diesels for import to the US. You may have to order them (I had to order mine).
Why'd it take an attack on the US by Japan, if the US was really just in the war to free the people (Jews, gypsies, homosexuals) being persecuted by the Nazis? Hilter's reich started long before the bombing of perl harbor.
I'd be willing to bet you could incite Pat Robertson or Billy Graham into saying the US should have stayed out of the European Theatre until all those social subversive types were eradicated....
-1 Flamebait.
--mandi
Re:Funny, I saw this years ago
on
Airborne Mouse
·
· Score: 2
I forget the details, but we saw them in like '97 at the Pittsburgh conference for analytical chemistry and applied spectroscopy, i think in atlanta.
someone, bruker or hp, had them attached to some huge piece of machinery, like an nmr or a big spectrometer. That system, inertial mouse, was actually patented in 1988.
I think the new thing they're trying to hype here is that they're wireless and consumer grade (cheap).
hopefully, that gets us one step closer to the ui on minority report.
Sadly, it infinite loops, as of last week's build (my form was due friday...). It's also so advanced that it can't translate between two different forms, even though most of the information is the same.
Hello bootlegged copy of win95B. sick, sick, sick.
Weirdly enough, it creates a zip file, that when you unzip it, has a bunch of applescript files in addition to the info. Livin on the edge!
(I'll try to leave my usual Debian-disparaging comments out of here. You can check my past comments for some of those)
But I will say the
Libranet GNU/Linux 2.7 does NOT use X Windows for the graphic installation routine. Instead, Libranet uses easy to follow ncurses-based text menus for its install method is disturbing. After having walked 17 new-to-UNIX students through an ncurses-based ftp install of Red Hat, I will tell you that ncurses is not the way to go for new users.
Why? Because there is NO work-alike in the Windows world. What do I mean by that? Well, occasionally, you'll end up with a new-to-UNIX user who remembers DOS, or has used a terminal-based app before at work. What have they probably never seen before? ncurses. You are throwing them right into the fire, and giving them nothing that looks familiar to work with.
Talk about pain. And misunderstanding. And confusion about what the icons really represent and the cursor-flow mechanisms.
GUI install is where it's at. It's the best way to get a new-to-UNIX person onto a UNIX-alike system from install on, because you're building on something they are already familiar with - clicky clicky buttons and menus.
Add to this that you can put together a Linux-based cluster of x86 machines that Windows will no longer even run on, and where is Microsoft? Hmm...
Some of the libraries that are used to parallelize code for use on Beowulf's is already available for Winderz. But who the hell wants to spend $$$ to outfit a cluster of machines with M$ operating systems?
It's as much a price point problem as it is a technical problem. Reverse the licensing/manpower costs. With M$, you pay a little for the admin, 'cause they've become a dime a dozen. Pay a whole helluva lot for the licensing. Linux, pay more for the admin (cause I'm worth it) and save $$$$ on the licensing, plus have the added bonus of being able to substitute old hardware into places where Windows would have required more processing power than a Cray.
See F-Secure for the current infection of the slapper worm, 5 days after discovery. Infected servers: < 14,000 total, according to them.
Now. this report from Sep. 21, 2001 reports 1.3 million infected NIMDA servers.
Help me out here.
Where is the comparison? I'm still wading through NIMDA/Code Red requests on my webservers, looking for any sign that those servers have been poked by slapper infected servers. No dice so far.
Slapper is generating panic because it's got a peer to peer network on the backend, not because it's actually been able to infect a lot of servers. can you imagine what would happen if someone wanted to start a p2p network on the NIMDA/Code Red infected servers that are still online now? to say NOTHING of the 1.3 million and up that were infected originally.
slapper is a silly excuse for some "Open Source Sucks" journalism, not a reason to head for the hills and unplug the router.
So here you go:
[chastise]
Oh, you lazy stupid 14,000 linux/apache admins! patch your servers!
[/chastise]
[screaming rant]
it's been a year! get that "guy who knows computers" who put that shiatty NT server on the net for you to get back in your office and put some patches on it! give him a beer for pete's sake!
[/screaming rant]
Essentially, google for "aids immunity africa prostitutes" for more stuff. basically, they found these pockets of women who worked as prostitutes, were repeatedly exposed to the virus, and have never developed HIV. In the Nairobi study, many of them were related.
Of course, there are a couple articles running around that state that these prostitutes were chosen by some diety to be immune to HIV because they live a "natural" life, and aren't pagans. How the rest of Africa is susceptible to HIV/AIDS, then, is unanswerable. Aaah, logic... yummy.
Oh, wait. If you're a Debian user, you're probably at least three years behind, so you may have to upgrade some python packages, get the rhn packages, stuff like that. Here is a place to start if you're still running 6.2.
and you can rpm with http:// as the source. or ftp if you prefer. that may require you to rtfm, though....ouch!
HP is going with Debian because they hired Bruce Perens. While you're busy slamming commercial linux distributions, it is important to remember that the tools you count on every day have developers, and many of those developers need to eat, house, and clothe themselves, among other things. As someone mentioned in another post, HP has hired some of the Debian people. Certain other commercial linux vendors also have hired people. Kernel people, gcc people, Apache people, etc, etc, etc.
:P
Has Debian bothered signing their packages yet? Or has gpg not made it into their distro?
Slashdot Mirror
You send me your notes, I'll compile the docs.
Think the ldp would post it? I have hosting space, though, if necessary.
--mandi
ps. I do not want you to send me porn. or spam. notes on how to set up software you use for multimedia viewing on non-luser platforms only.
And sorority web cam initiation spam!
Oh yeah! Clicky clicky!!!
Why would they do this? 'cause the OpenSSL apis keep changing and the vendor saw that patching an older ssl version was easier than rebuilding and pushing errata for every freaking package that uses SSL.
0.9.5a is still updated by Red Hat, for example, on 7.0 because it is required for python 1.5.2, which is required for more packages than i care to list here. (including up2date, which gets you such fancy updates from Red Hat)
However, 0.9.5a is patchable to a safe level, it's most recent build date for 7.0 being August 1.
Now, if they're not running vendor-provided patches on a production server, then they have a lot of faith in their sysadmin to have a lot of time to sit and compile new software everytime a patch becomes available. Which, being that netcraft also says they're running a BSD, maybe they are just that crazy. :)
--mandi
Sorcerer's Stone was the second-highest box-office take worldwide, after Titanic, which ran twice.
CoS is going to make money hand over fist, and is poised to break box office records in Britain.
So yeah, that probably puts it right in there with "Ya Ya Sisterhood 2" or maybe even "XXX^2".
I don't really think WB has anything to fear for their pocketbook on this one getting leaked. Maybe they should fear that JK Rowling will want to renegotiate the contract for the rest of the series based on the outrageous popularity of the initial and sophomore releases.
--mandi
like simon.
of course, the Japanese have an attention span of about 9 months for technology, so simon is like ancient history.
but yeah, the weird "i just peed myself over this game that i've been waiting months and months and months for" post is odd, even for a saturday night.
I'm going back to my install. nothing to see here.
--mandi
Introducing T2T!
Terrorist-to-Terrorist is the way to consolidate your efforts with terror cells around the world!! Get the inside line on what raw materials and services are available from organizations like yours worldwide! Make contacts in explosives, nuclear devices, communications services, and smuggling rings! Offer your services on our boards! Sign up your group today!!
'sa joke. really.
--mandi
i recommend grepping for the IP of an Anime-addicted graphics artist's machine in the logs...
cause, ah, he needs to have web access so he can get, ah, ideas...and, ah, source images! yeah! that's it!
No, they're a bunch of self-loathing sinners.
They were one-hit wonders. Their great work was called "The Holy Bible".
Maybe between Virgin Birth, Immaculate Conception, Ressurection, Eternal Life, "the body of christ", in addition to the magical transformation of "one who has disagreed" to "the most supreme evil being in the universe" ala Lucifer, they've said all they wanted to say. You've still got all the sex, rape, genocide, and talking to other-wordly beings, too.
--mandi
To get a common criteria certification, in addition to the thousands of dollars (>$40,000) you have to spend, you have to specify what your system does and then prove that it does it.
So, as I have not seen the specifics of Microsoft's CC case (which I doubt we'll see the full report), a certain company could say "Product X is a workstation operating system that does not allow UserA to see UserB's documents" and then Product X would be certified as having accomplished that.
There are different guidelines for different products, including firewalls and network management equipment and software.
You get a CC cert when your product DOES WHAT YOU CLAIMED IT WOULD DO IN THE APPLICATION.
There is NO third-party security guidelines for the products, as in the SANS guidelines or anything else.
You write up the application, make your security-related feature claims, and pay your fee. The product is given to a lab for testing.
The point of the CC is to get gov't and contractors to look at products based on what jobs and specific requirements those products can fill in their IT solutions. It's not really a security cert in the way "Windows is secure" would make you think. It's "Here's the list of security-related requirements you can fill with this product".
--mandi
Now back to your carrying on. Yes, I worked on a product that was to be CC'd.
New small diesel engines are noticibly quieter and cleaner than those from the early 80's. My previous vehicle being a 1981 VW Rabbit diesel, the change to the new TDI engine was fantastic. And I don't have a plug hanging out of the front grill anymore, like I did on the Rabbit. And the lack of the black soot on the body is nice, too.
Most modern (under 7 years old, i think) diesel engines will also run biodiesel, which is part bio-byproduct, the french-fry grease fuel. They'll also run a mixture of gas and diesel.
I don't know if the same is true for gas, having never owned a gas car, but my car runs noticibly better on the fuel from some companies compared to others. Being that Texaco and Exxon/Mobil have the only diesel pumps in my area, the Texaco fuel gives me an extra 3-5 mpg over the Exxon.
VW produces most, if not all, of their models as diesels for import to the US. You may have to order them (I had to order mine).
--mandi
8 years of diesel so far.
mass hysteria!!!!!!!
as if the US went into WWII to free the Jews.
Why'd it take an attack on the US by Japan, if the US was really just in the war to free the people (Jews, gypsies, homosexuals) being persecuted by the Nazis? Hilter's reich started long before the bombing of perl harbor.
I'd be willing to bet you could incite Pat Robertson or Billy Graham into saying the US should have stayed out of the European Theatre until all those social subversive types were eradicated....
-1 Flamebait.
--mandi
someone, bruker or hp, had them attached to some huge piece of machinery, like an nmr or a big spectrometer. That system, inertial mouse, was actually patented in 1988.
I think the new thing they're trying to hype here is that they're wireless and consumer grade (cheap).
hopefully, that gets us one step closer to the ui on minority report.
--mandi
Sadly, it infinite loops, as of last week's build (my form was due friday...). It's also so advanced that it can't translate between two different forms, even though most of the information is the same.
Hello bootlegged copy of win95B. sick, sick, sick.
Weirdly enough, it creates a zip file, that when you unzip it, has a bunch of applescript files in addition to the info. Livin on the edge!
--mandi
Not Linus Torvalds, the original creator of Linux.
See their about page
--mandi
But I will say the Libranet GNU/Linux 2.7 does NOT use X Windows for the graphic installation routine. Instead, Libranet uses easy to follow ncurses-based text menus for its install method is disturbing. After having walked 17 new-to-UNIX students through an ncurses-based ftp install of Red Hat, I will tell you that ncurses is not the way to go for new users.
Why? Because there is NO work-alike in the Windows world. What do I mean by that? Well, occasionally, you'll end up with a new-to-UNIX user who remembers DOS, or has used a terminal-based app before at work. What have they probably never seen before? ncurses. You are throwing them right into the fire, and giving them nothing that looks familiar to work with.
Talk about pain. And misunderstanding. And confusion about what the icons really represent and the cursor-flow mechanisms.
GUI install is where it's at. It's the best way to get a new-to-UNIX person onto a UNIX-alike system from install on, because you're building on something they are already familiar with - clicky clicky buttons and menus.
But you can ignore me. I just teach this stuff. :)
--mandi
Damn hardcopy!
--mandi
Well, you're just lost.
Check their graphics guy's site here.
You will notice that he's also the guy who gave linux.com their logos, as well as VA Linux.
In addition to being one hell of a graphic artist, he's also a very talented photographer. Somehow I don't think he needs any inspiration from OBOS.
now go soak your head.
--mandi
Add to this that you can put together a Linux-based cluster of x86 machines that Windows will no longer even run on, and where is Microsoft? Hmm...
Some of the libraries that are used to parallelize code for use on Beowulf's is already available for Winderz. But who the hell wants to spend $$$ to outfit a cluster of machines with M$ operating systems?
It's as much a price point problem as it is a technical problem. Reverse the licensing/manpower costs. With M$, you pay a little for the admin, 'cause they've become a dime a dozen. Pay a whole helluva lot for the licensing. Linux, pay more for the admin (cause I'm worth it) and save $$$$ on the licensing, plus have the added bonus of being able to substitute old hardware into places where Windows would have required more processing power than a Cray.
Or something.
--mandi
I get 1 or 1.5 day turnaround.
now you're jealous, i know.
--mandi
They don't have any jobs for you there, anyway.
well, unless you're in medicine and can take care of old boomers.
--mandi
Now. this report from Sep. 21, 2001 reports 1.3 million infected NIMDA servers.
Help me out here.
Where is the comparison? I'm still wading through NIMDA/Code Red requests on my webservers, looking for any sign that those servers have been poked by slapper infected servers. No dice so far.
Slapper is generating panic because it's got a peer to peer network on the backend, not because it's actually been able to infect a lot of servers. can you imagine what would happen if someone wanted to start a p2p network on the NIMDA/Code Red infected servers that are still online now? to say NOTHING of the 1.3 million and up that were infected originally.
slapper is a silly excuse for some "Open Source Sucks" journalism, not a reason to head for the hills and unplug the router.
So here you go:
[chastise]
Oh, you lazy stupid 14,000 linux/apache admins! patch your servers!
[/chastise]
[screaming rant]
it's been a year! get that "guy who knows computers" who put that shiatty NT server on the net for you to get back in your office and put some patches on it! give him a beer for pete's sake!
[/screaming rant]
Thank you.
--mandi
Why?
Because the fewer than 14,000 servers infected with slapper are nothing compared to the infection of NIMDA and its derivatives.
duh.
Then, an update about a vaccine built on a study in kenya.
Essentially, google for "aids immunity africa prostitutes" for more stuff. basically, they found these pockets of women who worked as prostitutes, were repeatedly exposed to the virus, and have never developed HIV. In the Nairobi study, many of them were related.
Of course, there are a couple articles running around that state that these prostitutes were chosen by some diety to be immune to HIV because they live a "natural" life, and aren't pagans. How the rest of Africa is susceptible to HIV/AIDS, then, is unanswerable. Aaah, logic... yummy.
--mandi
Oh, wait. If you're a Debian user, you're probably at least three years behind, so you may have to upgrade some python packages, get the rhn packages, stuff like that. Here is a place to start if you're still running 6.2.
and you can rpm with http:// as the source. or ftp if you prefer. that may require you to rtfm, though....ouch!
HP is going with Debian because they hired Bruce Perens. While you're busy slamming commercial linux distributions, it is important to remember that the tools you count on every day have developers, and many of those developers need to eat, house, and clothe themselves, among other things. As someone mentioned in another post, HP has hired some of the Debian people. Certain other commercial linux vendors also have hired people. Kernel people, gcc people, Apache people, etc, etc, etc.
Has Debian bothered signing their packages yet? Or has gpg not made it into their distro?