Recalling recent security flaws ranging from malicious sendmail source code insertion to FSF FTP server root compromise I now read about OpenSSH holes.
Obviously the *NIX side of the world isn't bulletproof either. Now perhaps we might be spared (at least for a day or two) about the anti-M$ rants about insecure M$ code. It can happen, and it can happen regardless of OS platform.
You know an original post, the review, and the book itself must be pretty lame when the most interesting comments are from the troll gallery. In honor of John Ritter I think I'll do a comedic pratfall on top of my cubicle.
Even with spoofing the true originating IP address can still be sniffed if the party doing the sleuthing knows what they are doing. The anonymity you are talking about is within the P2P client software. But the raw data on the wire has to carry IP address information, apart from the Gnutella protocol or whatever P2P protocol is being used by the P2P app.
If a host didn't have an IP address they wouldn't be able to send/receive data on the Internet after all. And these true IP addresses are what is being harvested and brought to the ISP's. Whether or not the ISP's oblige with divulging account details is another matter...
First of all, it's "glean" not "gleam." As for how the RIAA is obtaining the information, I would imagine that they are using captured IP addresses to trace back to the ISP's. Any reverse DNS lookup would give them that information. Then some of the ISP's must be releasing account data regarding who is using these IP addresses during the timeframes in question.
This would mean that even DHCP clients could be synched using ISP logfiles. I thought that the ISP's were fighting the RIAA's request for account information, but apparently some are giving in. That's the only way I can figure that customers are getting pulled in.
Figures that somewhere a Micro$loth blast would come around. God knows it's not like the Asian kiddies couldn't have tried an A"patch"e or Debian exploit. Where did the Apache name come from?
But nice post though. It's not like Hu Flung Pu couldn't have downloaded the damn M$ patches that have been out there from months. Epic take on things.
Much props to Michael for posting another article that has lukewarm response and next-to-no reader interest. Maybe I can pull out some old Decartes book and submit a spin on it...
Actually a lot of the air traffic control systems are still running on antiquated equipment. We're talking about vacuum tubes. Perhaps someone with a high pitched falsetto making a prank call could send thousands of airplanes spinning out of control with just the right frequency.
No doubt. Do you recall back around 1998 or 1999 when every dumbass bozo threw the catch phrase "Information Superhighway" out there? Really trendy stuff. Very bleeding edge.
... or the Micro$loth Small Business Server 2003 ads? There's a well-placed piece of work. Who the freak would be interested in that product that participates on this board? I laugh out loud every time this ad comes up.
Consolidate services and reduce costs. Newly coded software built from the ground up with security in mind. Each line of code strictly peer reviewed. BWAHAHAHAHAHAHAHAHA!!!
As for the China v Taiwan propaganda this article tries to create, I would hope perhaps any worm or trojan could eliminate all of the damn APIC spammers and all of the substandard generic electronics being generated with illegible English user docs!
I have been an avid Linux user since late 1996. There are definite merits to using it, but unfortunately since the powers that be recently purchased M$ licensing and software, converting over would *look* foolish politically.
Even Linux gets me frustrated as well. Certain tasks and apps are ready for prime time, while most others are still not mature products. Apache/PHP, MySQL, and a few other apps are where they should be. The rest are lacking in being fully developed. I have toyed with having Linux being everything from a Windoze Domain Controller to a Netware emulated server back in the day. I have a Sharp Zaurus SL-5500 that runs Samba, VNC, Apache/PHP, WLAN, WVoIP, MySQL, GCC, etc. and can see how superior the potential is. It definitely has limitless capabilities. But as of this point and time the majority of it is still unrealized. I know the attractiveness of an open source user community all pitching in and raising the bar too. I prefer this side of the fence to M$ for sure.
But all of that being said, most companies that have already laid out capital for software from Micro$loth would be hesitant to pitch it all and go with something else. IMHO it would take the equivalent of a straight week's worth of downtime due to unpatched exploits for most to abandon their product line. I don't agree with this mentality, but am taking the stance of typical PHB'es.
I *might* be in luck. Apparently there's yeat another KB article about upgrading just the VBA support files. Perhaps this might be the hookup I'm looking for. If this can address the root cause of the issue then maybe I can put down my CD case!
They always have some half-assed spin to put on things to make them seem intentional or under control. Here's another KB article about their DirectX 9.0b upgrade. Besides the litany of prerequsites, which was likewise a pain in the ass to deploy, there are no custom setup switches like in the past.
That means no silent installs and no removing the mandatory reboot prompt. This was presented as being intentional since they supposedly wanted users to be forced to view/accept the EULA. Here's a quote... Because of EULA acceptance requirements, DirectX 9.0b cannot be installed silently. Volume license customers may obtain a modified package that supports silent installation by contacting DirectX@Microsoft.com.
Sounds convincing, but seeing that this was their only recent software update with this feature makes me believe that it was more like whomever put the package together forgot to compile in the options. Posting on the MSDN boards really made this apparent.
But I had a workaround. I just extracted the files, used the previous (DirectX 9.0a) setup executable, and was able to silently deploy things and not require a reboot. Not bad for a non-Enterprise, non-Volume customer. The only feature missing in not using the 9.0b setup executable was some.NET options that we don't even need.
I wished I did that. Typically I have admin installation points for software like Orifice. But with the PC's at my current company they were all direcly from a manufacturer bundled with Orifice installed locally. I have tried to copy the.MSI file from the CD out to the network, point the source media out there, only to have the installation fail because I reportedly don't have the Enterprise version of Orifice.
I will shed a few pounds walking around with CD's in hand like the old days. At least I'm not installing Windoze NT 3.51 Server from two dozen 3.5" diskettes like back then!
Makes sense to me. All of the stuff is linked. Outlook can have Word as the default e-mail editor, which in turn can contain VBA coding, which means with improper security lockdown (or this patch I guess?) even opening an e-mail without an attachment could leave one vulnerable.
Not being in Oliver Stone-land I'm not losing my mind, but am definitely placing this VBA patch as a high priority.
The source media request is a known bug in their software, as posted on their knowledgebase. A real shame it's been around for a couple of Windoze Installer versions.
I am looking at compiling installation packages for all of my workstations now. Updating the MSI, dozens upon dozens of megs of service packs, etc. plus the annoying source media requests. Really great for productivity. There's no way in hell I want to manually go around with CD's to all of my workstations. But even a common network installation point would have to be coded into the Windoze registry to get it to skip the MSI prompts.
Since I routinely deploy software as part of the logon script there will be lots of folks sitting around twiddling their thumbs and rebooting if I can't streamline these installs. God I hate Micro$loth!
These patches will absolutely suck to deploy on a larger-scale corporate network. Case in point...the VBA patch.
Right now I'm looking at silently packaging things together for a mix of Windoze 98 SE clients running Orifice 2K/XP and Windoze 2K clients running Orifice XP. Every month I deliver at least a half dozen of their damn security patches and typically can comprehend the proper command line switches (usu. Microsoft's setup.exe or hotfix.exe format) to make these deployments *NOT* require a mandatory reboot and *NOT* require a lot of user input.
What drives me crazy about the VBA patches is that they require:
Upgrading to Windoze Installer 2.0.
Applying all subsequent Service Packs (SP1a and SP3 for Orifice 2K; SP1 and SP2 for Orifice XP).
Finally applying the VBA patches to either Orifice 2K or Orifice XP.
So all in all it will take at least a week to code, test, and deploy in the least intrusive manner possible. But the Windoze Installer keeps on requiring installation media (CD or file share). Not exactly automated. So I guess I'll dig through the MSI docs to determine how to disable this known flaw (Q268800).
For a one-man show I'm really looking forward to all of the lost productivity. Almost as bad as figuring out a way to silently install the DirectX 9.0b upgrade since Microsoft left out the command-line switches. That one took me two days to workaround.
When will people get fed up with all of this crap? I have worked with computers since 1981 and am practically ready to abandon them and go back to damn typewriters and daytimers!
True that. I hate many things about Micro$loth, but I don't think they're as insidious as the slant the post on this original article insinuates. I know that Windows Media Player, DirectX, etc. are starting to take the DRM angle, and I keep an eye on anything from reading the EULA's in great detail to actually thinking for myself. In the event I find M$ overstepping the final line in the sand I have contingency plans to dump them from our corporate environment.
That being said...what some of the pinheads on this board are assuming Office2K3 will do is pure idiocy. RTFA couldn't apply more. I guess it makes some people's lives easier with a pure black-and-white conflict and scapegoat to hold up. From M$ to SCO it seems as if some/. morons have their patron whipping boys to focus on.
Slashdot Mirror
since there have been the obligatory anti-M$, anti-RIAA, and anti-SCO articles. The evil trinity has appeared so I can go back to work now...
Obviously the *NIX side of the world isn't bulletproof either. Now perhaps we might be spared (at least for a day or two) about the anti-M$ rants about insecure M$ code. It can happen, and it can happen regardless of OS platform.
The Victorian Era did *NOT* product the slowest novels of all time.
Sincerely,
Marcel Proust
We may hate proper HTML tagging but at least we hit the 'Preview' button!
Maybe Lampson will collect all of the abandoned double wides and fashion a launchable space station.
You know an original post, the review, and the book itself must be pretty lame when the most interesting comments are from the troll gallery. In honor of John Ritter I think I'll do a comedic pratfall on top of my cubicle.
If a host didn't have an IP address they wouldn't be able to send/receive data on the Internet after all. And these true IP addresses are what is being harvested and brought to the ISP's. Whether or not the ISP's oblige with divulging account details is another matter...
This would mean that even DHCP clients could be synched using ISP logfiles. I thought that the ISP's were fighting the RIAA's request for account information, but apparently some are giving in. That's the only way I can figure that customers are getting pulled in.
Great take. This is my personal credo as well.
Sincerely,
Michael Jackson
Germans love David Hasselhoff.
But nice post though. It's not like Hu Flung Pu couldn't have downloaded the damn M$ patches that have been out there from months. Epic take on things.
Much props to Michael for posting another article that has lukewarm response and next-to-no reader interest. Maybe I can pull out some old Decartes book and submit a spin on it...
Actually a lot of the air traffic control systems are still running on antiquated equipment. We're talking about vacuum tubes. Perhaps someone with a high pitched falsetto making a prank call could send thousands of airplanes spinning out of control with just the right frequency.
Some days the trolls are actually better than the real posts. I haven't had my daily fix of SCO bashing yet...
No doubt. Do you recall back around 1998 or 1999 when every dumbass bozo threw the catch phrase "Information Superhighway" out there? Really trendy stuff. Very bleeding edge.
Consolidate services and reduce costs. Newly coded software built from the ground up with security in mind. Each line of code strictly peer reviewed. BWAHAHAHAHAHAHAHAHA!!!
As for the China v Taiwan propaganda this article tries to create, I would hope perhaps any worm or trojan could eliminate all of the damn APIC spammers and all of the substandard generic electronics being generated with illegible English user docs!
Even Linux gets me frustrated as well. Certain tasks and apps are ready for prime time, while most others are still not mature products. Apache/PHP, MySQL, and a few other apps are where they should be. The rest are lacking in being fully developed. I have toyed with having Linux being everything from a Windoze Domain Controller to a Netware emulated server back in the day. I have a Sharp Zaurus SL-5500 that runs Samba, VNC, Apache/PHP, WLAN, WVoIP, MySQL, GCC, etc. and can see how superior the potential is. It definitely has limitless capabilities. But as of this point and time the majority of it is still unrealized. I know the attractiveness of an open source user community all pitching in and raising the bar too. I prefer this side of the fence to M$ for sure.
But all of that being said, most companies that have already laid out capital for software from Micro$loth would be hesitant to pitch it all and go with something else. IMHO it would take the equivalent of a straight week's worth of downtime due to unpatched exploits for most to abandon their product line. I don't agree with this mentality, but am taking the stance of typical PHB'es.
I *might* be in luck. Apparently there's yeat another KB article about upgrading just the VBA support files. Perhaps this might be the hookup I'm looking for. If this can address the root cause of the issue then maybe I can put down my CD case!
That means no silent installs and no removing the mandatory reboot prompt. This was presented as being intentional since they supposedly wanted users to be forced to view/accept the EULA. Here's a quote ... Because of EULA acceptance requirements, DirectX 9.0b cannot be installed silently. Volume license customers may obtain a modified package that supports silent installation by contacting DirectX@Microsoft.com.
Sounds convincing, but seeing that this was their only recent software update with this feature makes me believe that it was more like whomever put the package together forgot to compile in the options. Posting on the MSDN boards really made this apparent.
But I had a workaround. I just extracted the files, used the previous (DirectX 9.0a) setup executable, and was able to silently deploy things and not require a reboot. Not bad for a non-Enterprise, non-Volume customer. The only feature missing in not using the 9.0b setup executable was some .NET options that we don't even need.
I will shed a few pounds walking around with CD's in hand like the old days. At least I'm not installing Windoze NT 3.51 Server from two dozen 3.5" diskettes like back then!
Not being in Oliver Stone-land I'm not losing my mind, but am definitely placing this VBA patch as a high priority.
I am looking at compiling installation packages for all of my workstations now. Updating the MSI, dozens upon dozens of megs of service packs, etc. plus the annoying source media requests. Really great for productivity. There's no way in hell I want to manually go around with CD's to all of my workstations. But even a common network installation point would have to be coded into the Windoze registry to get it to skip the MSI prompts.
Since I routinely deploy software as part of the logon script there will be lots of folks sitting around twiddling their thumbs and rebooting if I can't streamline these installs. God I hate Micro$loth!
Right now I'm looking at silently packaging things together for a mix of Windoze 98 SE clients running Orifice 2K/XP and Windoze 2K clients running Orifice XP. Every month I deliver at least a half dozen of their damn security patches and typically can comprehend the proper command line switches (usu. Microsoft's setup.exe or hotfix.exe format) to make these deployments *NOT* require a mandatory reboot and *NOT* require a lot of user input.
What drives me crazy about the VBA patches is that they require:
Upgrading to Windoze Installer 2.0.
Applying all subsequent Service Packs (SP1a and SP3 for Orifice 2K; SP1 and SP2 for Orifice XP).
Finally applying the VBA patches to either Orifice 2K or Orifice XP.
So all in all it will take at least a week to code, test, and deploy in the least intrusive manner possible. But the Windoze Installer keeps on requiring installation media (CD or file share). Not exactly automated. So I guess I'll dig through the MSI docs to determine how to disable this known flaw (Q268800).
For a one-man show I'm really looking forward to all of the lost productivity. Almost as bad as figuring out a way to silently install the DirectX 9.0b upgrade since Microsoft left out the command-line switches. That one took me two days to workaround.
When will people get fed up with all of this crap? I have worked with computers since 1981 and am practically ready to abandon them and go back to damn typewriters and daytimers!
That being said...what some of the pinheads on this board are assuming Office2K3 will do is pure idiocy. RTFA couldn't apply more. I guess it makes some people's lives easier with a pure black-and-white conflict and scapegoat to hold up. From M$ to SCO it seems as if some /. morons have their patron whipping boys to focus on.
Where's my daily fix of Micro$loth and SCO bashing? Starting to get the jones...