If you have data backups: If linux, boot knoppix, mkfs.{fschoice} copy backups to new fs. If windows, boot dos disk, fdisk, partition, etc Copy backups into place.
Since the first time I was ever forced to put in an email to download software (since at least some generous souls will let you just, oh... USE IT) I've used whatever I could find on real.com's webpage as an email address.
Over the years, I've probably sent them hundreds of spam emails, and I'm proud of it.
Growl! This is idiotic. I'm not going to MS bash here, but the reason distros "get away" with it isnt a matter of choices, its a matter of choices that arent Debian-Excel, or RedHat-Word, or Gentoo-InternetExploiter.
This isnt a matter of lock in to one vendors solution, or just MS including more MS proprietary crap. This is a distro made of whatever they could put in for free.
Fundamentally, MS charges you for every item there. I used to work there, nothing is free. It's all about tie[lock] in.
If MS wants to throw in office for free, without making it so ingrained to the os that you cant use WordPerf. w/o difficulties (and if you dont believe me, open up mozilla and go to windowsupdate, or click on just about any link in MS software. Sure, some do just call your default browser, but most are lazily coded to just call iexplore.exe URL), then more power to em.
They wont though.
Linux's difference is that if I install KDE, and decide today I want to use gnome, then theres no problem. If I want to declare my default handler of docs to be openoffice, and then change my mind to abiword, then its a quick change to mailcap or/etc/alternatives, or whatever your distros magic of choice is.
If you install word, and then install WP, your dlls, your links, your default apps are going to get beaten, sloshed, and trashed by word, to the point where you can use word 90% of the time.
Whooptie frickin shit.
I think/. is kinda missing the boat. The point is to black list known bads.
So if I get an email w/ 1000 links to MS, but 1 to makemy(cock/boobs/sexdrive/credit card bills/wallet)bigger.com, its spam
Something legit, isnt going to link to makemy....com
Sure you have to make sure the list isnt coated, but a quick screen/checklist of URLs/domains can popup on new emails w/ new URI's when the message is auto-declared as spam...
Eh, not saying its perfect, but the whitelist isn't necessarily the killer, its the blacklist that has to be right.
"First, none of the first six claims is ripe because they all rest on the assumption that ICANN's interpretation of the contract is wrong. Because that is the issue presented by the seventh claim, and because if ICANN is right none of the first six claims has any merit, these claims should all be dismissed and be addressed only when and if VeriSign's interpretation of the contract is authoritatively established to be correct."
Basically, if I read it right: Well, they called us all these bad things, and then called us crazy. If they're right about crazy, we want to plead insanity to the rest...
I've always wondered, in television, they always bleep out the word God in the phrase "God Dammit" or they'll bleep out Damn if the phrase is simply "Damn it"
Now, I'm of a very lenient type, and I think it should be the PARENTS responsibility to, oh say, PARENT, since plenty adults rather enjoy free conversation in the expression of speech, but I have to ask, since the US constituation states:
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances"
I have to wonder, seeing as it not only says that congress may not abridge freedom of speech, AND that their laws cannot 'respect an establishment of religion' (and perhaps I'm just conveniently misinterpreting, but I know what it's supposed to [traditionally] be read as), but in all honesty, is it the right of the government to censor words related to religion, or the expression of one?
The government here, is clearly doing it to protect religious interests (and no I'm not trying to troll here), which, while special interests make the world go round, I find curious when while a majority of the populous may be indifferent to it, we have bonefid laws on the books that say roughly "Thou shalt not take thy lords name in vain"
IANAL, but if theres' one out there who happens to agree w/ me (and likes working for fame not fortune:-P) , drop me a line, I'd love to take the FCC to court over this, just because I think censorship in general should be left TO THE INDIVIDUAL.
Admittedly, having this stuff thrown at you (Janet's tit, or Fuck in the middle of an awards ceremony) may be out of line, but every TV station I know of now rates their own programming. Can't we simply say "If you don't wanna hear it, dont watch TV-MA"?
I mean really, every bloody TV out there has the VChip, and every parent _should_ know what their children are watching. As a child, I had great parents who both worked, but they still protected me from what they saw as indecent for their children. And that's their right, I grand them that, but I'm sick of someone elses parent, telling me as an adult what I can and cannot hear / see / whatever, ESPECIALLY IF I CAN DISABLE TUNING IT IN ON MY OWN TV. If I didn't want to see nudity, or hear swearing, those are _all_ options on my television, my cable box, AND my tivo.
*Sigh*
Let's face it, people like to believe that they are right at any cost, and that _their_ morality should be the morality that rules the world (country). But can we all just take a few feet back, and realize that just because you dont like it, you don't have to listen.
Same as the written word, or movies. You know the rating, you know the content from the back of the book, and you know what you're getting into. If you're going to be offended, censor yourself.
When I used to live near lake anna (middle-of-nowhere, yes fredericksburg IS nowhere except to civil war buffs), I took a tour once of VA power's site (nuclear plant).
They had there a large field of solar panels, that was _only_ enough to power a single operations building (not a mission critical one, I in fact believe it was essentially only used for tours, PR, etc), so to power an AC unit, I suspect you may well need an unmanageably large number of solar cells, since AC alone accounts for at least 20-40% of my usual electric bill (in the summer)...
Just my experience, ymmv, ianl, ioaaa (insert other acronym as appropriate)
I'm no MS fan, but essentially, you're looking for hardware authentication, if I read correctly, or some certification that the user is entitled to do what the code is asking to do...
While its _main_ point is not necessarily that, the paladium arch is designed essentially to ensure that..
on a less trenchcoat idea, 2.6 comes w/ a USB root key module, you might wanna check the source if palladium aint up your ally though
I use mozilla so that hardly bothers me, but a lot of people just assume that if a link (see AIM virii/trojans/"games" and the like) is sent to them, that the warning is part of the game?
Most activeX controls say 'I'd like to install something now...' and people just assume yes as the correct answer... They _do_ give consent, even if its kinda foolish to do so.
(Mods check if this is redundant but...)
As far as I read, its SCO unix licensees, not Linux IP licensees.. While i think sco is full of it on Linux IP, I doubt they'll hit the people that have paid for linux licensees, only those using SCO unix as well as linux in their operations...
Honestly tho, I have to agree w/ the earlier posts saying its very similar to RIAA suing the same bloody people that pay for their CD's..
Well, the reason this happens, is because no matter how badly you do, so long as you can say "I improved X", then it looks good on the resume.
Let's face it, if you have the gal to try and take over a losing company, but at least make a few good things, and once you've had the responsibility for management, you make a good candidate for another position, perhaps one not quite as bad as the previous one.
Which might bear well to be kept in mind for this gentleman, if he can at least make the project develop a bit, he might still have a place to go in the morning, and more to the point, if the company frowns on him, he just has to put on his resume his IMPROVEMENTS and not list that the project itself was a total flop
-1 Flamebait
Of course theres going to be someone thatll do something evil. It happens in proprietary software too!
People are evil, or at least have the capability of being so. Of course anywhere you have people, you have the potential to do damage. I COULD mod the code, or I could just as easily trogan a win2k/XP solution with an in house virus, that will never get out to see the light of Symantec, or any other AV scanner.
It's not open source thats the problem, but people.
At least w/ open source, you can try and spot it.
Now if we had machines writing code, there'd be no tendency for evil, just watch the Matrix:-D
Fundamental flaw
on
Linux and DRM?
·
· Score: 5, Insightful
DRM exists, with one fundamental flaw. It is, at least in every form currently explored, fundamentally impossible.
It relies on encryption of data, and for arguments sake, it doesn't matter how. Now the player must be able to decrypt this media some how. The choices are:
1) Universal key (DeCSS anyone?) As soon as it's exposed somewhere it shouldn't be, its taken, and used on any media you'd like
2) Licensing server: Will issue a license for some period of time, during which you can view in a registered player, Perhaps you can renew, perhaps you cant. Regardless though, the key used to decrypt the media for playing, has to be transmitted somehow. Lets imagine it is encrypted and somehow sent to the playing device. Regardless, said device has to be able to read that key, and if it can do that, so can somebody else. Should the device have a general pub/priv combo for talking to the server, those keys could be comprimised, or again, the real decryption key can be compromised from one of a million already demonstrated means.
3) Hardware solution, locked up device, unaccessible from software. This could work, so long as the hardware is such that it cannot be accessed, but as we have seen time and time again, people are willing to take apart their boxes to see what makes them tick (XBox + Linux, or any modchip solution to any system).
Regardless of what you do, even barring that "somehow" [;-) ] you dont just capture the output (VGA capture works well here, since they all output to monitors at some point), you have to decrypt the data. The data exists SOMEHOW.
And as strong as encryption is, the will for people to piss off the media conglomerates is too strong. End of the day, if the data can be decrypted, then your key is whats in jeopardy. If the key is encrypted somewhere, than it's decrypting key is the target. So on, and so forth.
You can make it difficult, but without (literally) an armed guard sitting there w/ a bucket of popcorn to "help" you watch the movie, there is a weak point.
(and to add to that, humans become a factor, armed guards can be bribed, just like anybody else).
I don't know, personally, I think the greatest part of.net was the Windows.Forms, and while there's work to port them, it's not there yet. I really would love being able to simply develop on linux and test on windows, my laptop just bugs out too much!!
Heres the bottom line. SSL is used to secure things that you dont want people to see, CC#'s, etc.
If your SSL machine is the same as your www host, then if the www host (a more likely target for random attacks) is compromised, the SSL is worthless, since they can replace your cert, access protected data etc, under the same permissions of the www daemon.
SO, if your SSL daemon is handling data that sensibly should not be on the most obvious target for first attack, then no, its not a good idea.
If on the other hand, your ssl daemon is simply mirroring the plaintext in an SSL form, then for all intents and purposes, it doesn't matter
I dont know about you, but I saw this in dozens of places across the country in summer 2000, with AND without wireless... Homestead Suites did it in their seattle place, and somehow I suspect the company that developed it did so previous to that.
Heck, I had done this on my OWN PERSONAL LAN for shits and giggles before that. I think that this one will suffer a pretty quick demise, but if not, I'll go dig up an old hard driver or two.
Slightly O/T, but what about a nice IDE for developing on (for) non-linux platforms? I know for my job I have to develop on the palm, which as any palm developer can tell you, is a poorly documented bitch to program for.
There are a couple of Windows IDE's (Falch.net, CodeWarrior) that all cost at least a reasonable chunk of change, and ironically all appear to use the PRC-Tool chain to do everything. You know, the same tools that we can all rpm -ivh, dpkg -i, apt-get install, emerge, whatever. The only difference is when I develop on a palm, debugging it in Linux is a pain in the arse, if only because of the lack of most of the nicer IDE's lacking an ability to alter the default compiler, debugging method, kick-starting an emulator, etc.
Not to criticize (and I am a Deb fanatic, so excuse if i get a little zealous), but the box wasn't gentoos'
Don't get me wrong, they did a _FANTASTIC_ job catching the break-in, but at the end of the day, there's a good chance the IDS was installed by the people who OWNED the box, and not Gentoo proper.
While I'd hope and expect the box was running gentoo, there's no evidence of this, nor of it having been Gentoo's work that caught on.
I fully believe in full disclosure of break-ins (though a delay on revealing vuln's is fair in some MAJOR cases, it should still be done), and they did everything they should have.
Debian caught it within 24 hours, GNU within a month, MS's last breakin that i can recall, took months.
It's not about what OS, but the administrators.
If your admin doesn't take proper precautions for a highly visible boxen, then these things will happen.
Sure the breakin likely could've been prevented had they been uuber up-to-date, but really, the problem is inherent with OSS
Again, I disclaim. OSS is a Very Good Thing, BUT, because of this, vuln's are posted far more often than with CSS (no, not style sheets).
Because of that, the patch-turnaround time is much smaller with OSS, and we as admin's who love our linux/bsd/OSX boxen MUST stay on top.
I dont have a regimented update schedule for my personal box, even though I should, but because vulns' are usually found and widely publicized very quickly in this world, the users do have to take more precautions.
If nothing else, this indicates a need for a clearing house (other than ones that tend to be used exclusively by those that seek to find vulns), with links to patches, packages, etc for various distros could be a very good thing.
Security.debian.org is a good example, but as recent times have shown, even debian isn't perfect (as much as I tell others it is:-D)
Love your distro, tend to your boxen, but admin like you could be hacked tomorrow. As gentoo/gnu/debian/MS/*BSD have demonstrated in the past, it can and WILL happen to your box.
I still see regular hist on apache for old IIS vulns. People wouldnt try it if there werent still vulnerable people, and the worms couldnt try it if they'd ever been cleaned properly.
It's not about OS. It's not about vulns. It's not even about the hackers. It's the admin's who defend these boxes.
So to the recent distros, Deb & Gentoo alike, I salute the admins who have done a great job keeping the public informed to potential problems. I only hope that when I finally get out of this bloody school, I'll be half the admin that these guys have working for them.
> Please put this in your sig if you think/. should stop posting NYTimes articles.
I know I shouldnt reply to a sigline, but in all honesty, discriminating against a news source (That publishes) for simply requiring you to log in?
Or maybe for their political views?
If its the logging in thing, just use one of a thousand that slashdotters have already set up. Try just about any common keyboard key-run (qwe123, asdf, etc).. odds are, youll hit one. And then, if nothing else, your screwing up their statistics, and you got your chance to "stick it to the man"!
If its the political views of the NYT, then realize that EVERY news source has its own spin. BBC, Wired, NYT, Wash/Post (which also requires an anonymous login of sorts... yet nobody complains), or pretty much any news source used here, at lovely old/.
Slashdot Mirror
If you have data backups:
If linux, boot knoppix, mkfs.{fschoice}
copy backups to new fs.
If windows, boot dos disk,
fdisk, partition, etc
Copy backups into place.
If it's IDE, SCSI or standard, whats the issue?
Well, if you want them to be able to connect to you, you're gonna need a routable IP. Period.
:-/
Your choices then are VPN (pptp, etc) or pseudo VPN (ssh, et al.)
Unless you know someone on the same ISP, who has a RealIP(tm), who can dnat to you, you'd be pretty much hosed
Perhaps, but I'd expect "our presses aren't printing" would be a commmon support call in this case :-)
Well, ok so that might not fly, but hey, it works when its true if you work for a modestly forgiving employer...
;-)
Now if the cause was insufficient testing, well then QA has to answer for it.
And if there's no QA, well that's managements fault...
Now if it all comes down to dumb circumstances, it's poor planning on the papers fault for not testing themselves
That said, fess up, worse comes to worse, you now have national infamy, and any fame is good fame, right??
Since the first time I was ever forced to put in an email to download software (since at least some generous souls will let you just, oh... USE IT) I've used whatever I could find on real.com's webpage as an email address.
Over the years, I've probably sent them hundreds of spam emails, and I'm proud of it.
Growl! This is idiotic. I'm not going to MS bash here, but the reason distros "get away" with it isnt a matter of choices, its a matter of choices that arent Debian-Excel, or RedHat-Word, or Gentoo-InternetExploiter. This isnt a matter of lock in to one vendors solution, or just MS including more MS proprietary crap. This is a distro made of whatever they could put in for free. Fundamentally, MS charges you for every item there. I used to work there, nothing is free. It's all about tie[lock] in. If MS wants to throw in office for free, without making it so ingrained to the os that you cant use WordPerf. w/o difficulties (and if you dont believe me, open up mozilla and go to windowsupdate, or click on just about any link in MS software. Sure, some do just call your default browser, but most are lazily coded to just call iexplore.exe URL), then more power to em. They wont though. Linux's difference is that if I install KDE, and decide today I want to use gnome, then theres no problem. If I want to declare my default handler of docs to be openoffice, and then change my mind to abiword, then its a quick change to mailcap or /etc/alternatives, or whatever your distros magic of choice is.
If you install word, and then install WP, your dlls, your links, your default apps are going to get beaten, sloshed, and trashed by word, to the point where you can use word 90% of the time.
Whooptie frickin shit.
I think /. is kinda missing the boat. The point is to black list known bads.
So if I get an email w/ 1000 links to MS, but 1 to makemy(cock/boobs/sexdrive/credit card bills/wallet)bigger.com, its spam
Something legit, isnt going to link to makemy....com
Sure you have to make sure the list isnt coated, but a quick screen/checklist of URLs/domains can popup on new emails w/ new URI's when the message is auto-declared as spam...
Eh, not saying its perfect, but the whitelist isn't necessarily the killer, its the blacklist that has to be right.
"First, none of the first six claims is ripe because they all rest on the assumption that ICANN's interpretation of the contract is wrong. Because that is the issue presented by the seventh claim, and because if ICANN is right none of the first six claims has any merit, these claims should all be dismissed and be addressed only when and if VeriSign's interpretation of the contract is authoritatively established to be correct." Basically, if I read it right: Well, they called us all these bad things, and then called us crazy. If they're right about crazy, we want to plead insanity to the rest...
I've always wondered, in television, they always bleep out the word God in the phrase "God Dammit" or they'll bleep out Damn if the phrase is simply "Damn it"
:-P) , drop me a line, I'd love to take the FCC to court over this, just because I think censorship in general should be left TO THE INDIVIDUAL.
Now, I'm of a very lenient type, and I think it should be the PARENTS responsibility to, oh say, PARENT, since plenty adults rather enjoy free conversation in the expression of speech, but I have to ask, since the US constituation states:
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances"
I have to wonder, seeing as it not only says that congress may not abridge freedom of speech, AND that their laws cannot 'respect an establishment of religion' (and perhaps I'm just conveniently misinterpreting, but I know what it's supposed to [traditionally] be read as), but in all honesty, is it the right of the government to censor words related to religion, or the expression of one?
The government here, is clearly doing it to protect religious interests (and no I'm not trying to troll here), which, while special interests make the world go round, I find curious when while a majority of the populous may be indifferent to it, we have bonefid laws on the books that say roughly "Thou shalt not take thy lords name in vain"
IANAL, but if theres' one out there who happens to agree w/ me (and likes working for fame not fortune
Admittedly, having this stuff thrown at you (Janet's tit, or Fuck in the middle of an awards ceremony) may be out of line, but every TV station I know of now rates their own programming. Can't we simply say "If you don't wanna hear it, dont watch TV-MA"?
I mean really, every bloody TV out there has the VChip, and every parent _should_ know what their children are watching. As a child, I had great parents who both worked, but they still protected me from what they saw as indecent for their children. And that's their right, I grand them that, but I'm sick of someone elses parent, telling me as an adult what I can and cannot hear / see / whatever, ESPECIALLY IF I CAN DISABLE TUNING IT IN ON MY OWN TV. If I didn't want to see nudity, or hear swearing, those are _all_ options on my television, my cable box, AND my tivo.
*Sigh*
Let's face it, people like to believe that they are right at any cost, and that _their_ morality should be the morality that rules the world (country). But can we all just take a few feet back, and realize that just because you dont like it, you don't have to listen.
Same as the written word, or movies. You know the rating, you know the content from the back of the book, and you know what you're getting into. If you're going to be offended, censor yourself.
Ok, I'm done now.
When I used to live near lake anna (middle-of-nowhere, yes fredericksburg IS nowhere except to civil war buffs), I took a tour once of VA power's site (nuclear plant).
They had there a large field of solar panels, that was _only_ enough to power a single operations building (not a mission critical one, I in fact believe it was essentially only used for tours, PR, etc), so to power an AC unit, I suspect you may well need an unmanageably large number of solar cells, since AC alone accounts for at least 20-40% of my usual electric bill (in the summer)...
Just my experience, ymmv, ianl, ioaaa (insert other acronym as appropriate)
I'm no MS fan, but essentially, you're looking for hardware authentication, if I read correctly, or some certification that the user is entitled to do what the code is asking to do...
While its _main_ point is not necessarily that, the paladium arch is designed essentially to ensure that..
on a less trenchcoat idea, 2.6 comes w/ a USB root key module, you might wanna check the source if palladium aint up your ally though
Do the ActiveX controls that ask Y/N in IE count?
I use mozilla so that hardly bothers me, but a lot of people just assume that if a link (see AIM virii/trojans/"games" and the like) is sent to them, that the warning is part of the game?
Most activeX controls say 'I'd like to install something now...' and people just assume yes as the correct answer... They _do_ give consent, even if its kinda foolish to do so.
(Mods check if this is redundant but...) As far as I read, its SCO unix licensees, not Linux IP licensees.. While i think sco is full of it on Linux IP, I doubt they'll hit the people that have paid for linux licensees, only those using SCO unix as well as linux in their operations... Honestly tho, I have to agree w/ the earlier posts saying its very similar to RIAA suing the same bloody people that pay for their CD's..
Well, the reason this happens, is because no matter how badly you do, so long as you can say "I improved X", then it looks good on the resume.
Let's face it, if you have the gal to try and take over a losing company, but at least make a few good things, and once you've had the responsibility for management, you make a good candidate for another position, perhaps one not quite as bad as the previous one.
Which might bear well to be kept in mind for this gentleman, if he can at least make the project develop a bit, he might still have a place to go in the morning, and more to the point, if the company frowns on him, he just has to put on his resume his IMPROVEMENTS and not list that the project itself was a total flop
-1 Flamebait Of course theres going to be someone thatll do something evil. It happens in proprietary software too! People are evil, or at least have the capability of being so. Of course anywhere you have people, you have the potential to do damage. I COULD mod the code, or I could just as easily trogan a win2k/XP solution with an in house virus, that will never get out to see the light of Symantec, or any other AV scanner. It's not open source thats the problem, but people. At least w/ open source, you can try and spot it. Now if we had machines writing code, there'd be no tendency for evil, just watch the Matrix :-D
DRM exists, with one fundamental flaw. It is, at least in every form currently explored, fundamentally impossible.
;-) ] you dont just capture the output (VGA capture works well here, since they all output to monitors at some point), you have to decrypt the data. The data exists SOMEHOW.
It relies on encryption of data, and for arguments sake, it doesn't matter how. Now the player must be able to decrypt this media some how. The choices are:
1) Universal key (DeCSS anyone?) As soon as it's exposed somewhere it shouldn't be, its taken, and used on any media you'd like
2) Licensing server: Will issue a license for some period of time, during which you can view in a registered player, Perhaps you can renew, perhaps you cant. Regardless though, the key used to decrypt the media for playing, has to be transmitted somehow. Lets imagine it is encrypted and somehow sent to the playing device. Regardless, said device has to be able to read that key, and if it can do that, so can somebody else. Should the device have a general pub/priv combo for talking to the server, those keys could be comprimised, or again, the real decryption key can be compromised from one of a million already demonstrated means.
3) Hardware solution, locked up device, unaccessible from software. This could work, so long as the hardware is such that it cannot be accessed, but as we have seen time and time again, people are willing to take apart their boxes to see what makes them tick (XBox + Linux, or any modchip solution to any system).
Regardless of what you do, even barring that "somehow" [
And as strong as encryption is, the will for people to piss off the media conglomerates is too strong. End of the day, if the data can be decrypted, then your key is whats in jeopardy. If the key is encrypted somewhere, than it's decrypting key is the target. So on, and so forth.
You can make it difficult, but without (literally) an armed guard sitting there w/ a bucket of popcorn to "help" you watch the movie, there is a weak point.
(and to add to that, humans become a factor, armed guards can be bribed, just like anybody else).
Just my 20 pesos.
Well, seeing as the entire town is iced over, I think my friday afternoon productivity will come back when the sun does
I don't know, personally, I think the greatest part of .net was the Windows.Forms, and while there's work to port them, it's not there yet. I really would love being able to simply develop on linux and test on windows, my laptop just bugs out too much!!
Heres the bottom line. SSL is used to secure things that you dont want people to see, CC#'s, etc.
If your SSL machine is the same as your www host, then if the www host (a more likely target for random attacks) is compromised, the SSL is worthless, since they can replace your cert, access protected data etc, under the same permissions of the www daemon.
SO, if your SSL daemon is handling data that sensibly should not be on the most obvious target for first attack, then no, its not a good idea.
If on the other hand, your ssl daemon is simply mirroring the plaintext in an SSL form, then for all intents and purposes, it doesn't matter
I'm not downloading till they have .debs of it...
I dont know about you, but I saw this in dozens of places across the country in summer 2000, with AND without wireless... Homestead Suites did it in their seattle place, and somehow I suspect the company that developed it did so previous to that.
Heck, I had done this on my OWN PERSONAL LAN for shits and giggles before that. I think that this one will suffer a pretty quick demise, but if not, I'll go dig up an old hard driver or two.
Slightly O/T, but what about a nice IDE for developing on (for) non-linux platforms? I know for my job I have to develop on the palm, which as any palm developer can tell you, is a poorly documented bitch to program for.
:-)
There are a couple of Windows IDE's (Falch.net, CodeWarrior) that all cost at least a reasonable chunk of change, and ironically all appear to use the PRC-Tool chain to do everything. You know, the same tools that we can all rpm -ivh, dpkg -i, apt-get install, emerge, whatever. The only difference is when I develop on a palm, debugging it in Linux is a pain in the arse, if only because of the lack of most of the nicer IDE's lacking an ability to alter the default compiler, debugging method, kick-starting an emulator, etc.
Speaking of which, I've gotta get back to work
Ciao S/D
Not to criticize (and I am a Deb fanatic, so excuse if i get a little zealous), but the box wasn't gentoos'
:-D)
Don't get me wrong, they did a _FANTASTIC_ job catching the break-in, but at the end of the day, there's a good chance the IDS was installed by the people who OWNED the box, and not Gentoo proper.
While I'd hope and expect the box was running gentoo, there's no evidence of this, nor of it having been Gentoo's work that caught on.
I fully believe in full disclosure of break-ins (though a delay on revealing vuln's is fair in some MAJOR cases, it should still be done), and they did everything they should have.
Debian caught it within 24 hours, GNU within a month, MS's last breakin that i can recall, took months.
It's not about what OS, but the administrators.
If your admin doesn't take proper precautions for a highly visible boxen, then these things will happen.
Sure the breakin likely could've been prevented had they been uuber up-to-date, but really, the problem is inherent with OSS
Again, I disclaim. OSS is a Very Good Thing, BUT, because of this, vuln's are posted far more often than with CSS (no, not style sheets).
Because of that, the patch-turnaround time is much smaller with OSS, and we as admin's who love our linux/bsd/OSX boxen MUST stay on top.
I dont have a regimented update schedule for my personal box, even though I should, but because vulns' are usually found and widely publicized very quickly in this world, the users do have to take more precautions.
If nothing else, this indicates a need for a clearing house (other than ones that tend to be used exclusively by those that seek to find vulns), with links to patches, packages, etc for various distros could be a very good thing.
Security.debian.org is a good example, but as recent times have shown, even debian isn't perfect (as much as I tell others it is
Love your distro, tend to your boxen, but admin like you could be hacked tomorrow. As gentoo/gnu/debian/MS/*BSD have demonstrated in the past, it can and WILL happen to your box.
I still see regular hist on apache for old IIS vulns. People wouldnt try it if there werent still vulnerable people, and the worms couldnt try it if they'd ever been cleaned properly.
It's not about OS.
It's not about vulns.
It's not even about the hackers.
It's the admin's who defend these boxes.
So to the recent distros, Deb & Gentoo alike, I salute the admins who have done a great job keeping the public informed to potential problems. I only hope that when I finally get out of this bloody school, I'll be half the admin that these guys have working for them.
Or does that simply mean you bailed at the right times? ;-)
> Please put this in your sig if you think /. should stop posting NYTimes articles.
/.
I know I shouldnt reply to a sigline, but in all honesty, discriminating against a news source (That publishes) for simply requiring you to log in?
Or maybe for their political views?
If its the logging in thing, just use one of a thousand that slashdotters have already set up. Try just about any common keyboard key-run (qwe123, asdf, etc).. odds are, youll hit one.
And then, if nothing else, your screwing up their statistics, and you got your chance to "stick it to the man"!
If its the political views of the NYT, then realize that EVERY news source has its own spin. BBC, Wired, NYT, Wash/Post (which also requires an anonymous login of sorts... yet nobody complains), or pretty much any news source used here, at lovely old
Eh