Responsible software vendors release security advisories coordinating with other vendors.
But it is common for irresponsible vendors *cough*redhat*cough*debian*cough to fsck everyone else when they are invited to this groups.
Remember some vendors have multiple versions to update, and a lot of testing before releasing. At least a whole day of work.
Sure, full disclosure ppl would argue that, but maybe there's a middle chance... for example telling ppl some workarounds (if there are) just after knowing the patch, but way before releasing the advisories/patches.
Anyway, I hate here on/. ppl claim stuff like crazy. And instead of blaming the vendor arseholes who shoot others in the back for nothing, blame responsible and respected agents (be it a vendor or someone like Theo)
The system uses a unique approach to detecting malicious software by looking at traffic flowing to Internet addresses that aren't assigned to specific computers, trying to isolate computers on a network that attempt to infect others.
and then
IBM says its prototype combines the strength of analyzing traffic directed at IP addresses assigned to computers on a network with the ability to look at the unassigned addresses worms also target.
Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)
A google search of a project I am involved as developer shows (in this order) Debian package, Freshmeat entry, Sourceforge project page, (several other sites follow).
Sourceforge bug tracking service is good, but you have to activate everywhere to have it send you an email for submissions/changes.
An awful lot of sites have forums misleading users that the developers actually read them! (we sometimes find bug reports several months old, including Freshmeat). We tired of submitting where should the users ask for help.
It'd be nice to have all major bug/help trackking sites merge or cooperate. And that would also probably push all those idiotic webmasters away from their forum addiction.
IMHO you are missing the point. This is a branding game betwen one of the giant corp advertising based marketing, and a new competitor.
For example, they don't even mention some of the BSDs even though they are at least as good as linux on almost every situation. But BSD was not pushed as a brand as Linux was.
there are lot's of security changes all around over the code.
for example select() overflows and unsafe signal handlers. nobody cares about this, but the OpenBSD developers. since this work is preventive, nobody on the media reflects it (only exploitable vulnerabilities get to the media). you should track source-changes for a while to notice the difference.
They can sue them because they "ban" people. What if there is the REVERSE, and instead of giving a Black Hole list, they give a Star list. This list having domains wich are NOT spammers.
Of course this would take a LOT more effort on hardware, but given todays cheapo steroid-pcs (ie athlon 1.4 at $350) it is possible.
Being there something of 100 million domains registered (please correct this), and using a hash of it ti store a valid domain, it would take 400MB, adding some cpu nice sorting stuff say it takes 1GB.
Main prob would be validation, but with a report based similarly to whatever MAPS uses now, it is most likely already done.
Even though IANAL, I guess they don't have so much background to sue MAPS with this schema.
Comments?
The world is with the victims
on
More WTC News
·
· Score: 1
There is a nice photo and discussion on ArsTechnica if you haven't seen it already.
What happened there, was too sad. Please don't fall in hate. If that happens, the terrosist have won.
Re:*PLEASE* read this before posting
on
More On Tragedy
·
· Score: 1
Nice too have that kind of feedback! Well, here we have CNN only, and it's international transmission did a lot anti-muslim showings. Media manipulation is very scary. BBC instead showed palestinians expressing sadness and just a few shooting guns. I just pray for the US not unsing any kind of nukes. Terror cannot be fought with terror.
Slashdot Mirror
But it is common for irresponsible vendors *cough*redhat*cough*debian*cough to fsck everyone else when they are invited to this groups.
Remember some vendors have multiple versions to update, and a lot of testing before releasing. At least a whole day of work.
Sure, full disclosure ppl would argue that, but maybe there's a middle chance... for example telling ppl some workarounds (if there are) just after knowing the patch, but way before releasing the advisories/patches.
Anyway, I hate here on /. ppl claim stuff like crazy. And instead of blaming the vendor arseholes who shoot others in the back for nothing, blame responsible and respected agents (be it a vendor or someone like Theo)
the fbi idea is great...
and then
Doesn't this sound like honeyd?
high speed. i've seen this article like a week ago.
Now I get the lyrics... (this is the "chicks on speed" song)
It's a matter of salary. Younger ppl cang be paid pennies with the excuse of lack of experience. And of course, never hire somebody experienced.
cheech & chong smoke Maui Wawi with some labrador. I'd like to try that some day.
It would be interesting to learn who actually benefits from this move.
Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)
funniest comment in a while
Remember skylarov!
we use YSM with AES encryption.
A google search of a project I am involved as developer shows (in this order) Debian package, Freshmeat entry, Sourceforge project page, (several other sites follow).
Sourceforge bug tracking service is good, but you have to activate everywhere to have it send you an email for submissions/changes.
An awful lot of sites have forums misleading users that the developers actually read them! (we sometimes find bug reports several months old, including Freshmeat). We tired of submitting where should the users ask for help.
It'd be nice to have all major bug/help trackking sites merge or cooperate. And that would also probably push all those idiotic webmasters away from their forum addiction.
Is this damn pr0n referer.
they barely escaped the CD shooting from the AOL building. damn!
sure, it is not clear about patents and stuff... hmm. but if DN can trust them, i sure can.
It's not as fancy as looking for Darth Vader, but I'm sure most of you had somebody close with cancer, alzheimer, diabetes, etc.
For example, they don't even mention some of the BSDs even though they are at least as good as linux on almost every situation. But BSD was not pushed as a brand as Linux was.
attacks on AES
there are lot's of security changes all around over the code.
for example select() overflows and unsafe signal handlers. nobody cares about this, but the OpenBSD developers. since this work is preventive, nobody on the media reflects it (only exploitable vulnerabilities get to the media). you should track source-changes for a while to notice the difference.
They are missing what new technologies can give a modern civilized society.
Of course this would take a LOT more effort on hardware, but given todays cheapo steroid-pcs (ie athlon 1.4 at $350) it is possible.
Being there something of 100 million domains registered (please correct this), and using a hash of it ti store a valid domain, it would take 400MB, adding some cpu nice sorting stuff say it takes 1GB.
Main prob would be validation, but with a report based similarly to whatever MAPS uses now, it is most likely already done.
Even though IANAL, I guess they don't have so much background to sue MAPS with this schema.
Comments?
What happened there, was too sad. Please don't fall in hate. If that happens, the terrosist have won.
Nice too have that kind of feedback! Well, here we have CNN only, and it's international transmission did a lot anti-muslim showings. Media manipulation is very scary. BBC instead showed palestinians expressing sadness and just a few shooting guns. I just pray for the US not unsing any kind of nukes. Terror cannot be fought with terror.