Personally, I like Debian. I find the package management pretty slick, and quite easy. The packages available are MOSTLY up to date, as long as you run the unstable dist (which sometimes leaves you with buggy apps, but usually nothing that an update in a few days wont fix). Basically, in Debian, you install the basic stuff off floppy or CD... then you log on to the net, and download all of the rest of the stuff (you pick what you want, and it takes care of almost everything to get it installed). Then every once in a while, you update your list of packages, run an update, and there you are all up to date. Your efficiency is limited mostly by your bandwidth.
Otherwise, Debian is fairly nice and raw. You get to configure X yourself, you're free to hack conf files (there is no gui that you're encouraged to use, but you can use one if you wana). Debian provides mechanisms to make kernel building easy, but it wont die if you chose not to use it.
It's quick on bug/security fixes, and if you use the stable dist, it's pretty rock solid.
Debian has served me well for the past few years:)
Well, this is sort of interesting. In a way, it will force motherboard and software manufacturers to build in more modular fassions, so that supporting different chips wont be so hard. What this means, is that hopefully new chips will be able to be more liberal in their design, hopefully speeding advancements. Other companies (hopefully) should forced not to copy intel, and to come up with some new stuff. Now, if mobo manufacturers dont start modularizing to be able to support different sorts of cpus, it may be hard to use non intel chips, even if they exist, because the other hardware that they would need to co-exist with wouldnt exist.
That end quote is sort of misleading. From what it sounds, this attack is nothing new - and it didnt first happen at the top. What's more interesting, and accurate, is that even with so much experience in worm vulnerability, Microsoft was not able to protect themselves from the threat.
Sorry, but openBSD doesnt magically fix all security holes in all software. If you install an MTA or something that openBSD team hasnt audited, then you're in the same boat as everyone else. Even if they have audited it, there's no proof that it doesnt contain ANY undiscovered holes. Then there's ip spoofing and trust based attacks, civil engineering, insider attacks, privacy based attacks, etc etc. Remember that nothing fixes everything - and there's no such thing as a totally secure system (ie anything that you can be sure that only you control TOTALLY).
I am not an astronomer/astrophysicist, but, maybe its this, or other large asteroids that gives pluto/neptune (i dont remember which) it's weird orbit. Perhaps one of these big asteroids struck one of the planets as the large asteroids moved around?
Obviously, users shouldnt be adding software without IT getting a chance to test possible behavior in a network... but if your users feel that they can be more productive with a different tool, IT depts shouldn't be stopping them. An IT managers job is to keep users productive and to manage the tools that they use. It's sort of disappointing that the 'you\'re on your own' view pervades so many managers. If your users want to use Linux more than Windows, it suggests that your users know more about it than you do. If that's true, then you're probably not doing the best job as an IT manager. Why should users have to support their IT tools when you're being paid to do it for them? Come on! The only problem is not that users are adding untested software to production environments; its that IT departments are forcing them to do it without testing.
If someone is to see everything on the web, they need to have access to watch over every insertion point to the internet. Also, to trace the PATH through the internet, they need to have access to every router that gets used. Somehow, I dont think that any company has this sort of access - except for maybe Cisco. (they seem to be everywhere);)
Many frogs will survive below freezing temperatures (during the winter). They can do this because their blood contains a lot of glucose and it can help to lower the freezing point of their flesh and fluids. These techniques have also been used to try to stop larger pieces of mammel tissue, like a rat's, from being damaged during freezing.
I dont have time to check, but perhaps MAPS can threaten to add them. Last that I heard, the main requirement is that the spammer wont stop even after being asked. http://maps.vix.com/rbl/reporting.html talks about how to report spammers. Give it a shot, I'm sure that they'd be in trouble to get blackholed. heh. Of course, I'm also sure that MAPS doesnt wana get sued again:)
I would rather see an 'intellectual property licensee's rights' bill. That way, a person can move the data around no matter what it is. Also, this bill still doesnt fix what the DMCA breaks.
As someone starting to get serious about programming (moving on from scripting languages like TCL, PHP, etc) I've been looking around at languages deciding what to learn. Something that I found that looks sort of neat is Eiffel. It's a statically typed, dynamically bound, object oriented language with multiple inheritance and all of that jazz. It does pre/post conditions and throws exceptions when conditions are not met. Although it doesnt have a very large following, I thought that it looked neat. It has unix based compilers, is fairly open source (smalleiffel a compiler is under the GPL) and, it's apparently used for MS's evil.NET stuff in some sense. It can compile to java. God this sounds like an ad - I just thought that I'd share - after all this article is really just an ad for internet c++.
I was in an nt lab recently, and I've found that NT kernel panics in responce to a large number of large, fragmented pings. (something like 3 boxes on a 10mb network transmitting solid pings of 65000 bytes). Just ping it to death.:)
Well, it's not so clear cut as that. Didn't NASDAQ just get hax0red through IIS? Everything has holes... apache HELPS you find holes, so that they can be fixed. IIS hides the holes to make you feel more secure. It doesnt mean that it's actually secure. When a hole IS found, who knows if the details get to microsoft for fixing? There are more whitehat linux hackers than whitehat windows hackers.
Neither IIS nor Apache are perfect, but I feel less evil running Apache - if you want amazing performance, run that kernel server that was on slashdot a while back. Apache fills my needs, IIS seems okay, but I dont have a windows box around, so it's useless to me.
Well, I'm not a security/software engineer (yet) but I would think that by keeping the data, seperate from the other parts of the site - as in on another box. The data IN a database should be treated as data, and as long as it is treated as such, it wont be executed, and it shouldnt be able to open any doors. So, they should be able to keep the hacked box up as read only, dump the database, move it to a fresh box with the fix on it, and load the data, start it up and they should be alright. Of course we dont know the specific attack, so maybe I'm looking at this from the wrong way - but it sounds as if someone hacked the database and got access to it so that they could post a story. At this point there's no indication of getting outside of the database and onto the system, in which case there's less need to fully reinstall. Again, I'm no expert, and there's hardly enough info out to make an educated guess.
You may know the guy, but I doubt that the slashdot admins do... I doubt that they know you either. A tiny bit of trust is not something to risk a business on:) Thats the thing about hacking. Even if you hack in, but dont even touch a thing, the admin still has to wipe the box and start over, because if they don't, there is not PROOF that the hacker didnt touch anything.
Tripwire is good for identifying a breakin. However, to rely on it is dangerous. The most secure way of checking is to take the drive out of the box that's using the drive, install it in another box that's standalone, mount it, run tripwire, and write the file to CD/readonly floppy. Then you've gota do it every time that you want to check. But things can get complicated as a hacker could put things in a home dir, or some other writable part of the filesystem that wont get checked by tripwire since that stuff changes so often. It's brutal. Tripwire is good for identifying change, but not so great for making sure that there are no reminants. There's always room for error. Better safe than sorry.
They claim to be good guys, but there's no proof of it. If you use the same passwords for slashdot as you do for other systems, change them. I realize that it's unlikely that any hacker would pick you out of the hundreds of thousands of accounts on slashdot, but they might. I hope that the admins have stuck a fresh slashdot up online (new box, new install, installed patch for the problem, etc) or are doing that now. If you're hacked, the only ways to know that no trojans are around are to wipe clean and start over, or make sure that you were running the box off of a cdrom disk and you've replaced writable areas. Even doing file digest scans are not trickyness-proof.
I'm a geek - I spend a good piece of my free time infront of a computer, or reading about them. I have about 5 years of good experience (I started 8 years ago, but learned slowly at first) but I have little actual working experience. I find myself getting certified so that I can tell employers "hey look I'm not lying to you, I do have some experience here". It's unfortunate. Unlike stuff like medicine, it's easy to learn all of the same stuff as you would in university/college from books - you dont actually need college or university. The only advantage that I really see comming out of my paying for tuition, is access to big computer labs to fool around in.
So many things are distributed as kernel patches that it doesnt really matter. Anyone with that kind of hardware will obviously have the expertise and the money to install an appropriate kernel patch. No box that big is going to run an out-of-the-box kernel anyway, if you're using that sort of hardware, you're going to want to tweak it. As long as there is not a division in the majority of users' needs, there is not likely to be a major fork.
i accept the correction. I just checked it, and you're right, it wont do @ipnumber. However, the rest of my arguement that running pgp should make others seeing the message largely irrelevant. that's the point of it.
Slashdot Mirror
so run stable and only do it once a month, or pick the apps that you wana upgrade and hold the rest of them. (dselect lets you put packages on hold)
You're starting a distribution war. heh.
:)
Personally, I like Debian. I find the package management pretty slick, and quite easy. The packages available are MOSTLY up to date, as long as you run the unstable dist (which sometimes leaves you with buggy apps, but usually nothing that an update in a few days wont fix). Basically, in Debian, you install the basic stuff off floppy or CD... then you log on to the net, and download all of the rest of the stuff (you pick what you want, and it takes care of almost everything to get it installed). Then every once in a while, you update your list of packages, run an update, and there you are all up to date. Your efficiency is limited mostly by your bandwidth.
Otherwise, Debian is fairly nice and raw. You get to configure X yourself, you're free to hack conf files (there is no gui that you're encouraged to use, but you can use one if you wana). Debian provides mechanisms to make kernel building easy, but it wont die if you chose not to use it.
It's quick on bug/security fixes, and if you use the stable dist, it's pretty rock solid.
Debian has served me well for the past few years
Well, this is sort of interesting. In a way, it will force motherboard and software manufacturers to build in more modular fassions, so that supporting different chips wont be so hard. What this means, is that hopefully new chips will be able to be more liberal in their design, hopefully speeding advancements. Other companies (hopefully) should forced not to copy intel, and to come up with some new stuff. Now, if mobo manufacturers dont start modularizing to be able to support different sorts of cpus, it may be hard to use non intel chips, even if they exist, because the other hardware that they would need to co-exist with wouldnt exist.
That end quote is sort of misleading. From what it sounds, this attack is nothing new - and it didnt first happen at the top. What's more interesting, and accurate, is that even with so much experience in worm vulnerability, Microsoft was not able to protect themselves from the threat.
oops hehe. I meant social :)
Sorry, but openBSD doesnt magically fix all security holes in all software. If you install an MTA or something that openBSD team hasnt audited, then you're in the same boat as everyone else. Even if they have audited it, there's no proof that it doesnt contain ANY undiscovered holes. Then there's ip spoofing and trust based attacks, civil engineering, insider attacks, privacy based attacks, etc etc. Remember that nothing fixes everything - and there's no such thing as a totally secure system (ie anything that you can be sure that only you control TOTALLY).
I am not an astronomer/astrophysicist, but, maybe its this, or other large asteroids that gives pluto/neptune (i dont remember which) it's weird orbit. Perhaps one of these big asteroids struck one of the planets as the large asteroids moved around?
My bank, Canada Trust, which recently merged with TD, offers web banking. It works fine in Netscape as long as you have 128bit encryption.
Obviously, users shouldnt be adding software without IT getting a chance to test possible behavior in a network... but if your users feel that they can be more productive with a different tool, IT depts shouldn't be stopping them. An IT managers job is to keep users productive and to manage the tools that they use. It's sort of disappointing that the 'you\'re on your own' view pervades so many managers. If your users want to use Linux more than Windows, it suggests that your users know more about it than you do. If that's true, then you're probably not doing the best job as an IT manager. Why should users have to support their IT tools when you're being paid to do it for them? Come on! The only problem is not that users are adding untested software to production environments; its that IT departments are forcing them to do it without testing.
If someone is to see everything on the web, they need to have access to watch over every insertion point to the internet. Also, to trace the PATH through the internet, they need to have access to every router that gets used. Somehow, I dont think that any company has this sort of access - except for maybe Cisco. (they seem to be everywhere) ;)
Many frogs will survive below freezing temperatures (during the winter). They can do this because their blood contains a lot of glucose and it can help to lower the freezing point of their flesh and fluids. These techniques have also been used to try to stop larger pieces of mammel tissue, like a rat's, from being damaged during freezing.
I dont have time to check, but perhaps MAPS can threaten to add them. Last that I heard, the main requirement is that the spammer wont stop even after being asked. http://maps.vix.com/rbl/reporting.html talks about how to report spammers. Give it a shot, I'm sure that they'd be in trouble to get blackholed. heh. Of course, I'm also sure that MAPS doesnt wana get sued again :)
I would rather see an 'intellectual property licensee's rights' bill. That way, a person can move the data around no matter what it is. Also, this bill still doesnt fix what the DMCA breaks.
As someone starting to get serious about programming (moving on from scripting languages like TCL, PHP, etc) I've been looking around at languages deciding what to learn. Something that I found that looks sort of neat is Eiffel. It's a statically typed, dynamically bound, object oriented language with multiple inheritance and all of that jazz. It does pre/post conditions and throws exceptions when conditions are not met. Although it doesnt have a very large following, I thought that it looked neat. It has unix based compilers, is fairly open source (smalleiffel a compiler is under the GPL) and, it's apparently used for MS's evil .NET stuff in some sense. It can compile to java. God this sounds like an ad - I just thought that I'd share - after all this article is really just an ad for internet c++.
I was in an nt lab recently, and I've found that NT kernel panics in responce to a large number of large, fragmented pings. (something like 3 boxes on a 10mb network transmitting solid pings of 65000 bytes). Just ping it to death. :)
Well, it's not so clear cut as that. Didn't NASDAQ just get hax0red through IIS? Everything has holes... apache HELPS you find holes, so that they can be fixed. IIS hides the holes to make you feel more secure. It doesnt mean that it's actually secure. When a hole IS found, who knows if the details get to microsoft for fixing? There are more whitehat linux hackers than whitehat windows hackers.
Neither IIS nor Apache are perfect, but I feel less evil running Apache - if you want amazing performance, run that kernel server that was on slashdot a while back. Apache fills my needs, IIS seems okay, but I dont have a windows box around, so it's useless to me.
Well, I'm not a security/software engineer (yet) but I would think that by keeping the data, seperate from the other parts of the site - as in on another box. The data IN a database should be treated as data, and as long as it is treated as such, it wont be executed, and it shouldnt be able to open any doors. So, they should be able to keep the hacked box up as read only, dump the database, move it to a fresh box with the fix on it, and load the data, start it up and they should be alright. Of course we dont know the specific attack, so maybe I'm looking at this from the wrong way - but it sounds as if someone hacked the database and got access to it so that they could post a story. At this point there's no indication of getting outside of the database and onto the system, in which case there's less need to fully reinstall. Again, I'm no expert, and there's hardly enough info out to make an educated guess.
actually, the only way to make SUUURE that no trojans are installed is to take all input devices out of the computer :) including the bios :)
You may know the guy, but I doubt that the slashdot admins do... I doubt that they know you either. A tiny bit of trust is not something to risk a business on :) Thats the thing about hacking. Even if you hack in, but dont even touch a thing, the admin still has to wipe the box and start over, because if they don't, there is not PROOF that the hacker didnt touch anything.
Tripwire is good for identifying a breakin. However, to rely on it is dangerous. The most secure way of checking is to take the drive out of the box that's using the drive, install it in another box that's standalone, mount it, run tripwire, and write the file to CD/readonly floppy. Then you've gota do it every time that you want to check. But things can get complicated as a hacker could put things in a home dir, or some other writable part of the filesystem that wont get checked by tripwire since that stuff changes so often. It's brutal. Tripwire is good for identifying change, but not so great for making sure that there are no reminants. There's always room for error. Better safe than sorry.
never did I say that I used the same passwords, I however do realize that other people do.
They claim to be good guys, but there's no proof of it. If you use the same passwords for slashdot as you do for other systems, change them. I realize that it's unlikely that any hacker would pick you out of the hundreds of thousands of accounts on slashdot, but they might. I hope that the admins have stuck a fresh slashdot up online (new box, new install, installed patch for the problem, etc) or are doing that now. If you're hacked, the only ways to know that no trojans are around are to wipe clean and start over, or make sure that you were running the box off of a cdrom disk and you've replaced writable areas. Even doing file digest scans are not trickyness-proof.
I'm a geek - I spend a good piece of my free time infront of a computer, or reading about them. I have about 5 years of good experience (I started 8 years ago, but learned slowly at first) but I have little actual working experience. I find myself getting certified so that I can tell employers "hey look I'm not lying to you, I do have some experience here". It's unfortunate. Unlike stuff like medicine, it's easy to learn all of the same stuff as you would in university/college from books - you dont actually need college or university. The only advantage that I really see comming out of my paying for tuition, is access to big computer labs to fool around in.
So many things are distributed as kernel patches that it doesnt really matter. Anyone with that kind of hardware will obviously have the expertise and the money to install an appropriate kernel patch. No box that big is going to run an out-of-the-box kernel anyway, if you're using that sort of hardware, you're going to want to tweak it. As long as there is not a division in the majority of users' needs, there is not likely to be a major fork.
i accept the correction. I just checked it, and you're right, it wont do @ipnumber. However, the rest of my arguement that running pgp should make others seeing the message largely irrelevant. that's the point of it.