Eventually, corporate America is going to realize that bittorrent protocols are useful. NBC will start bunding their shows, with advertisments and DRM, via bittorrent streams.
Just as you need a chauffeur's license to drive a complicated vehicle, you should be required to demonstrate that you can use upstream bandwidth responsibly.
All outbound traffic on port 25 is or will be blocked. Outbound email must be routed through their authenticated SMTP agent.
I ordered SBC DSL basic service and was considering a switch from cable modem (mediacom). I requested that the port 25 block not be applied to my account and was refused (they advised me to upgrade to the more expensive service).
Remember that there was a recent court decision allowing ISPs to read your email when it touches their hard drive.
I dumped them, and I told them exactly why. You should too.
OpenBSD's spamd will initially reject all mail from previously unknown sources. It will only permit access to sendmail after an attempt at redelivery. This has brought my spam load down to about zero.
Unless a spammer using the above trick attempted redelivery (which is unlikely), it would not cause a DNS flood.
spamd is only one of a great many reasons to consider OpenBSD on your critical servers.
Back in the day, I was charged with getting data off a CP/M system running dBase with 8" floppies. I ended up connecting a null modem cable to the serial port and printing the database into a PC running PROCOM.
There has got to be a way to get data off a TRS-80. Heck, you don't even need to worry about EBCDIC conversion.
...can be 0wn3d if the OS has a major hole. For example, just imagine a buffer overflow in inetd. Tell me how you have a prayer of surviving that on a standard UNIX system.
Without competent systems programmers, competent admins are superfluous.
What we found was about 72% of them felt that Microsoft is the top of all vendors in supporting their major interoperability concerns... So that's another proof point where we both want to make sure that it's easy to manage and operate our stuff, so to speak, within our stack as well as Microsoft and Windows applications on top of our stack, but then also working across with heterogeneous technologies as well.
Do you seriously expect us to believe you? If so, then I will anxiously be awaiting:
MS SQL Server clients for Linux, Solaris, and others (produced or endorsed by M$)
Exchange clients for the same
Simple HOWTOs for LDAP integration with ActiveDirectory, published by M$, focusing on the above-mentioned distributions
M$ puts an option for POSIX/UNIX in the base installer for XP (like Apple does)
M$ contributes to and supports Samba
M$ publishes full, open standards for TDS, MAPI, TAPI, SMB, and all other closed protocols
M$ never funds a SCO-like attack again
M$ stops funding biased TCO studies
When the decision is made to place enterprise data in M$ products, it is hard to avoid the Jim Jones analogy of "drinking the M$ cool-aid" - there is no backing out once it's done.
The M$ attitude on competing platforms has always been slash and burn. The above is slash and burn with lipstick.
p.s. Start using strlcpy and friends, and do so publicly and thank the developers. What is it, 10,000+ unsafe string calls in the base Win32?
I was thinking of using Poptop over a Netgear WiFi router. This gives me pause.
I am thinking that it may be better to simply leave the router wide open, then put only an OpenBSD system with routing disabled on the other side of the router.
I'll allow only SSH into the OpenBSD system, then set up an HTTP proxy that only accepts connections from localhost. I'll then use PUTTY port forwarding on the clients, then proxy off localhost port 80.
IPSEC looks like the only other option, and it looks a lot harder.
Face it, the GNU toolchain will never be as secure as OpenBSD. Yes, you have Openwall, PaX, and SELinux floating around, but what major distribution uses them right now? W^X was released in 3.3.
Theo & Co. have had a number of good security patches rejected by various GPL maintainers (and yes, some have been accepted). However, can you blame them for jumping the gun on a CVS replacement? It's core to the OS.
OpenBSD is developed for a variety of reasons, some which I agree with entirely, and some that give me pause (I just read criticism of OpenNTPd that makes me want to turn it off). I also wish that certain players in the industry could be bound by the GPL when working with OpenBSD code, but this is not to be.
OpenBSD is developed and licensed for Theo's reasons. I use it for my reasons. If you don't like it, don't use it. Should people not be free to do what they want with their time?
I am not a fanatic about BSD vs. GPL, but let me count the ways...
Anything under BSD license is much more free than GPL free software. Hey, it doesn't change my life much, but there are a lot of people who care about this. More BSD free software is good for everybody.
Is it your right to ask OpenBSD developers to GPL their code, when they would prefer to apply a BSD license to it? It certainly isn't mine.
It is unlikely that the current CVS uses strlcpy/strlcat. Would retrofitting this functionality be accepted by the CVS people, especially as the GNU libc people have already rejected it? (Boy, that was a great step forward in security there.)
OpenBSD has been slowly stripping/replacing GPL software wherever they can. Recent fatalities include gzip and gawk. It's their distribution, and they can do what they want.
But I for one am glad for OpenBSD. It fits me like a glove. I just wish that Microsoft couldn't copy so much of it.
The fusion process stops releasing energy when you hit iron. All higher elements on the periodic table consume energy in their production; they do not yeild energy.
I read once that Helium naturally bleeds out of the atmosphere and into space. The only reason that we have measurable quantities of Helium is alpha particle decay within the earth's mantle.
From what I understand, natural gas is the main source of Helium replentishment.
...is for western civilization to guarantee food, clothing, and shelter (and possibly health care) to all of our citizens/residents.
We must continue to encourage upward mobility, while limiting the extent that people can fail. While an individual may not be useful to society in the present, the same person could be invaluable 20 years in the future. A truly conservative view is to protect human capital when possible.
...at least where I've worked. An admin who can recreate a lost device file, write efficent awk/perl/korn scripts, hack some C on occasion, and properly utilize/capitalize on network connectivity is something that I've never seen except in myself.
I hate to sound pretentious, but I've seen/removed an awful lot of ugly hacks (but yes, I've been guilty of a few myself in retrospect).
If you are just graduating, and you think that your experience is lackluster, then take a few tests from major IT corporations to add resume window dressing. Ones you might consider:
HP-UX (the old 3HO-002 exam) - at only $100, it is 1/3 the cost of full Solaris certification*
IBM DB2 - was free when I took the starter exam, but the subject coverage is weak, might lead your career in ways that you don't want to go*
Oracle - OCP is a lot more expensive than it used to be, but OCA might still be a good value, and is not too hard*
Checkpoint firewall - best known security certification (also read nmap author's advice on security careers in previous interview)
Thus, the fabrication technology used for the PowerPC 970 was designed to eke out higher performance by trading away reliability; for these markets, the trade-off between reliability and performance is different.
This is what Apple is putting in their servers? And they are expecting market traction?
Windows NT is mostly written in C and C++, both Bell Labs innovations, and
IE/Mediaplayer integration has turned the Windows NT codebase into a security disaster
How would you respond to Cutler's assertions, and how would you rate the code quality of the NT kernel (assuming that you might have perused the recent leaked NT4 source)?
While UNIX-like operating systems are growing in popularity, actual Bell Labs code is rarely encountered in free operating systems because of licensing issues (with a few notible exceptions).
This is a frustrating situation for all of us. Do you see any possibility that major portions of UNIX and Plan 9 source being released under licensing that major distributions would find acceptable?
Please also accept my personal thanks for your work in the field of computer science. The influence of the community of researchers at Bell Labs will be felt for many generations to come.
Slashdot Mirror
Eventually, corporate America is going to realize that bittorrent protocols are useful. NBC will start bunding their shows, with advertisments and DRM, via bittorrent streams.
Upstream will become critical at that time.
...which would solve the botnet situation nicely.
Just as you need a chauffeur's license to drive a complicated vehicle, you should be required to demonstrate that you can use upstream bandwidth responsibly.
All outbound traffic on port 25 is or will be blocked. Outbound email must be routed through their authenticated SMTP agent.
I ordered SBC DSL basic service and was considering a switch from cable modem (mediacom). I requested that the port 25 block not be applied to my account and was refused (they advised me to upgrade to the more expensive service).
Remember that there was a recent court decision allowing ISPs to read your email when it touches their hard drive.
I dumped them, and I told them exactly why. You should too.
OpenBSD's spamd will initially reject all mail from previously unknown sources. It will only permit access to sendmail after an attempt at redelivery. This has brought my spam load down to about zero.
Unless a spammer using the above trick attempted redelivery (which is unlikely), it would not cause a DNS flood.
spamd is only one of a great many reasons to consider OpenBSD on your critical servers.
OpenBSD's default install is with the firewall disabled, and you can feel comfortable deploying it in a hostile environment.
Microsoft should open-source everything that opens server ports in Windows (especially ports 137-139). XP wouldn't need a firewall if they did this.
Of course, running on an architecture that helps out with security (NX) will also reduce intrusions.
Back in the day, I was charged with getting data off a CP/M system running dBase with 8" floppies. I ended up connecting a null modem cable to the serial port and printing the database into a PC running PROCOM.
There has got to be a way to get data off a TRS-80. Heck, you don't even need to worry about EBCDIC conversion.
Use great care in leveling attacks at your users, be they security researchers or no.
How many will never buy another Adobe product? I certainly tell everyone that I know.
Now I add Tegam to the list (not that I'd ever heard of you before).
...can be 0wn3d if the OS has a major hole. For example, just imagine a buffer overflow in inetd. Tell me how you have a prayer of surviving that on a standard UNIX system.
Without competent systems programmers, competent admins are superfluous.
I am looking for a really profound text, on the order of the K&R book on C, focus on micro as outlined in the article.
Do you seriously expect us to believe you? If so, then I will anxiously be awaiting:
When the decision is made to place enterprise data in M$ products, it is hard to avoid the Jim Jones analogy of "drinking the M$ cool-aid" - there is no backing out once it's done.
The M$ attitude on competing platforms has always been slash and burn. The above is slash and burn with lipstick.
p.s. Start using strlcpy and friends, and do so publicly and thank the developers. What is it, 10,000+ unsafe string calls in the base Win32?
And there are no free win32 clients.
I was thinking of using Poptop over a Netgear WiFi router. This gives me pause.
I am thinking that it may be better to simply leave the router wide open, then put only an OpenBSD system with routing disabled on the other side of the router.
I'll allow only SSH into the OpenBSD system, then set up an HTTP proxy that only accepts connections from localhost. I'll then use PUTTY port forwarding on the clients, then proxy off localhost port 80.
IPSEC looks like the only other option, and it looks a lot harder.
Face it, the GNU toolchain will never be as secure as OpenBSD. Yes, you have Openwall, PaX, and SELinux floating around, but what major distribution uses them right now? W^X was released in 3.3.
Theo & Co. have had a number of good security patches rejected by various GPL maintainers (and yes, some have been accepted). However, can you blame them for jumping the gun on a CVS replacement? It's core to the OS.
OpenBSD is developed for a variety of reasons, some which I agree with entirely, and some that give me pause (I just read criticism of OpenNTPd that makes me want to turn it off). I also wish that certain players in the industry could be bound by the GPL when working with OpenBSD code, but this is not to be.
OpenBSD is developed and licensed for Theo's reasons. I use it for my reasons. If you don't like it, don't use it. Should people not be free to do what they want with their time?
Who made you God?
I am not a fanatic about BSD vs. GPL, but let me count the ways...
OpenBSD has been slowly stripping/replacing GPL software wherever they can. Recent fatalities include gzip and gawk. It's their distribution, and they can do what they want.
But I for one am glad for OpenBSD. It fits me like a glove. I just wish that Microsoft couldn't copy so much of it.
...with advances in materials science and computer power, a dollar spent on fusion now will outperform a dollar that was spent on fusion 10 years ago.
A sustained effort is better than impulse funding.
The fusion process stops releasing energy when you hit iron. All higher elements on the periodic table consume energy in their production; they do not yeild energy.
I read once that Helium naturally bleeds out of the atmosphere and into space. The only reason that we have measurable quantities of Helium is alpha particle decay within the earth's mantle.
From what I understand, natural gas is the main source of Helium replentishment.
...is for western civilization to guarantee food, clothing, and shelter (and possibly health care) to all of our citizens/residents.
We must continue to encourage upward mobility, while limiting the extent that people can fail. While an individual may not be useful to society in the present, the same person could be invaluable 20 years in the future. A truly conservative view is to protect human capital when possible.
...at least where I've worked. An admin who can recreate a lost device file, write efficent awk/perl/korn scripts, hack some C on occasion, and properly utilize/capitalize on network connectivity is something that I've never seen except in myself.
I hate to sound pretentious, but I've seen/removed an awful lot of ugly hacks (but yes, I've been guilty of a few myself in retrospect).
But maybe hiring practices are just bad.
If you are just graduating, and you think that your experience is lackluster, then take a few tests from major IT corporations to add resume window dressing. Ones you might consider:
* I have this credential.
This is what Apple is putting in their servers? And they are expecting market traction?
If this is the case, then why aren't more commercial OSX applications appearing on the free UNIXen with GNUStep libraries?
If it is so easy to port, then why don't I see Photoshop for Red Hat Linux? This is a big market.
Anything serious use of Objective-C appears to be confined to the Mac platform.
some discussion
Two questions:
Given two important facts:
- Windows NT is mostly written in C and C++, both Bell Labs innovations, and
- IE/Mediaplayer integration has turned the Windows NT codebase into a security disaster
How would you respond to Cutler's assertions, and how would you rate the code quality of the NT kernel (assuming that you might have perused the recent leaked NT4 source)?This is a frustrating situation for all of us. Do you see any possibility that major portions of UNIX and Plan 9 source being released under licensing that major distributions would find acceptable?
Please also accept my personal thanks for your work in the field of computer science. The influence of the community of researchers at Bell Labs will be felt for many generations to come.
Will Red Hat dump the Apache webserver over the new noxious licensing?
OpenBSD has done so (by halting with an old release).