I doubt this will happen (maybe by accident or some "failed" update, though). The botnet is so "useful", why should he intentionally wipe it out?
My guess would be that we'll just be seeing more of the same. A lot more. Phishing will grow bigger as more clueless users get infected with keylogging bots that send their bank info home, the blackmailing crowd might move on to more high profile victims (ebay down for a day? 100k bots can do it) and the botnet/worm creators will ofcourse constantly get more creative with their payloads.
The only hope seems to be that one day people will put blame where it belongs and launch a huge lawsuit against MS, forcing them to fix their holes and close the playground. Then it's all over, maybe...
As I understand it, that figure was all botnets they monitored combined. Not a single one.
But as we all know, on the internet "size doesnt matter much". Switch your bots to a lightweight (UDP based?) protocol, partition up the botnet or make it P2P and you can handle any insane number of bots.
Remember, as soon as a new Windows vulnerability is discovered (the current rate seems to be about one serious remote exploit every 3 months) your malicious botnet-operator only needs to "plug in" the new exploit and have n bots dig through a pool of hundreds of thousands (probably millions) of vulnerable hosts just standing in line to join...
I would not really be surprised if such a large (single) botnet would come into existence in the near future. I guess we'll soon be reading about regular busts on botnet operators as we're reading nowadays about the arrestment of (usually minor) worm programmers.
And, on a different but related note, I want to repeat: microsoft is to blame! Sue them, leave the fuckin kids alone!
To cash in your bonus please load this URL: http://citibank.com|350893463463468.gnarf.na styred irects.ru
or what?
Anyone who needs to read the name of their bank off the paper while typing it in should *not* be in charge of their bank acccount (or a computer for that matter).
HA, Holy s$it! And I thought it was only me doing that. Definately time to come up with a better strategy...;)
I did it exactly the same way many times, because putty is hosted at this obscure long URL that I could never remember. It's just so quick to have google find it and hit the first link. It's always been the same "familar" page so I never got suspicious.
Well, at least I always make sure that the virus scanner is active and up to date before installing *anything* to a wintendo box. Not like that would a be a real defense, though...
I think stuff like putty should be hosted on a SSL-site. A click on the little lock to check that the names match up is just so much easier done than digging up a md5sum-bin or gnupg for windows...
We were talking about installation/maintenance of a large (>100) number of hosts. You are free to use whatever at home - so be it ubuntu, I heard it's good. I don't think FAI would work with ubuntu, though.
A machine installed today may look nothing like a machine installed tomorrow.
You may want to take a look at FAI (Fully Automatic Installation - google will find it). We've been using it quite successfully for that kind of maintenance.
You basically set up a local debian mirror (snapshot of the real tree) and use it to deploy your machines (FAI does it great) and as only apt-source for them. Whenever it's time to update a pkg you test it, then just drop it to your mirror where the clients can pick it up via apt-get upgrade.
so I can't personally vouch that it works properly
Ofcourse it works, why shouldn't it? There's no magic smoke in your distro. It's a kernel, a glibc and a bunch of software.
Only via LFS you can do funny things like compile everything static, really get rid of SysV init (in favor of e.g. minit), compile stuff against dietlibc instead of glibc (talk about >50% less bloat), choose the exact version and patches for all your system utils (ever hated distro X for including only broken version Y of Z?)...
So, yes, LFS is for people who REALLY care. And it works. Make a tarball and it even works for many machines;-)
Is there a livecd of xandros? I'd like to take a look at it but don't have a spare machine to do a real install.
Also I think the real "takeover"-linux gotta be a livecd (like knoppix). Because why should a computer novice be bothered with something like "installing" the OS?
Throw in the disc, boot, get work done. Personal data and config settings can go to the harddisk, on a special partition or, heck, into a file on an existing partition or better, a removable device like a memory stick.
Updates for software packages available? Fine, they are loaded to the harddisk (or mem-stick, whatever) via a shiny GUI and the OS cd will detect updated packages there during boot and use them instead of the cd version.
Want to make backups? Fine. Click the "backup"-icon, insert CDR, your data, settings and updated packages go to the backup CD.
Hard disk breaks? No problem. Replace drive, throw in the boot cd and be greeted with a shiny "Oops, this seems to be your first boot"-dialog. The dialog would ask you to enter your last backup CDR (if available) and restore the state (personal files, config, updated packages, everything!) from the last backup.
I, personally, know a lot of people who would *love* such a "computing made easy"-disc. They are sick of their PCs slowing down to a crawl after some months of "normal usage" (sounds familar?). They don't want to waste energy on figuring out why this or that broke and how to fix it. A boot-disc is perfect for these people because even if they find a way to break something bad, a simple reboot *will* fix it (unlike wintendo).
Linux softraid is fine (stick with raid1, though...) but ENB and LVM are a nono if you need it reliable. Do not try this on a prod. system unless you intend to go through hellfire, soon.
A good SCSI raid controller costs close to $1000 and a good SCSI hard drive can cost $400.
Depends on size and features. Our Adaptec U320 controllers cost $150. 36G fujitsu SCA drives cost $100 a shot. Speed, reliability and hot-swap capability are well worth the money when your server is actually doing something worthwhile...
Close but I think mine is more ergonomic. I rotate my hand further so my ring finger is on the left mouse button, index on the scrollwheel and thumb on the right button. Might sound wierd at first but it's a very comfortable setup for long coding sessions esp. when used in comb. with the logitech foot pedal (shift/alt/meta) and MS Nose Explorer (numpad + meta-keys at your nosetip).
I see. Well, if your hardware is good then my next guess would be the gfx card drivers. Does the X server crash (screen goes black, returns to login manager) or does it freeze? Does it say anything in the xserver log (usually/var/log/XFree86.log or Xorg.log)
Some xservers have memory leaks, does your box get slow and start to swap before it crashes? What GFX card/drivers are you using? Are you using XFree86 or X.org?
Funny you say you like XP but prefer gnome over KDE. Last time I looked KDE was much more similar to windows...;-)
Maybe check out this page. They have a nice overview of many available window managers (with screenshots), maybe you find another one that you like. At least XFCE, WindowMaker and blackbox/fluxbox are worth a look.
I understand that. So, let's go back to my question... What exactly can I accomplish by using the kernel itself? What can I do w/the kernel alone? The answer is, "not much".
Well, that's like asking "what can I do with a car-engine?". People can do quite a lot with it - provided they know what they're doing. Didn't you ever watch McGyver?
Is Internet Explorer Windows?
In fact Internet Explorer is tied very closely to the windows kernel which is the very reason for its many critical security problems. So, yes, Internet Explorer "is not windows" but it may very well, technically, be considered a part of the windows kernel. And windows is not considered insecure because of internet explorer. Windows is considered insecure because of major design flaws in core components that manifest themselves as inherent security problems that affect all win32 software one way or another (esp. when networking is involved).
I really cannot see what your problem is, just trying to stir shit?
He was arguing that the distro isn't Linux, but the core "engine" (kernel) is.
Yes, you got it. Linux is the kernel, named after Linus Torvalds. A linux-distro is just that; a distribution of the linux kernel with a lot of additional software.
Well, still no offense, but either your hardware has some serious issues or you're doing some seriously strange stuff.;)
The reason I went with Gentoo was a: to learn as much as possible without having to track down every package under the sun AND worry about dependencies myself.
Telling from your above statement I assume your "crashes" are more likely related to bad hardware than anything else.
Real servers often consist of not more than the kernel, the GNU toolchain and, sometimes, the application they're supposed to serve (whatever kind of beast that may be).
With *only* the kernel you can have, for example, a kernel-level webserver (e.g. tux), a router and well, other things people have hacked kernel modules for.
No offense but unless you know what you're doing you should be running a "newbie-friendly" distro like Fedora, SuSE or maybe Ubuntu (I keep hearing it's good, never tried it myself though!).
Gentoo is known for causing lots of trouble (it seems they don't do much regress-testing at all) so it's really no surprise your gnome is locking up. Have you checked the version numbers on the countless gnome components? Chance are that some of them are bleeding edge beta or testing versions.
If you're just on linux for the learning expirience and not really using it for productive work (yet) then you might want to dip a toe in the real cold water and try to get a LFS (Linux from scratch) up and running. It takes patience and time but there's lots of documentation. And after you're done you'll have learned many of the important details that actually make your system tick. Most importantly: When it freezes again you'll know where to look! That route is hard but I keep recommending it to newbies who are seriously interested in becoming a "guru". It takes work but you learn much more in a very condensed timespan (may very well take a week or longer, though!) than in a year of running some polished up distro and hardly ever touching the command line.
Again, this is not meant offensive, just trying to provide some advice:-)
What do you mean, "just a public key in a digital baggie"? Isn't that what all certs are?
You pay for avoiding the popup. Encryption can be had for free, SSL works just as well with selfsigned certs. IMHO the whole SSL thing as it is implemented today is not more than a bitter joke (or more bluntly: a license to print money for the so-called cert authorities).
The whole popup-box approach is the wrong way round. The warning box may stay for selfsigned/unknown certs but there should also be an info-box popping up for certs from "trusted" authorities that states clearly which measures were taken to verify that the cert-owner is the one he claims to be. E.g.: CC-Data verified, call-back on number xxx-xxx on 1st Apr 2004, copy of business license received by fax, etc... along these lines.
Then I (and joe average) can easily decide whether the measures taken justify my trust.
Today just anyone can get a cert that suppresses the browser warning with not much more than a stolen CC-number. Happy phishing, I guess...
Slashdot Mirror
I doubt this will happen (maybe by accident or some "failed" update, though).
The botnet is so "useful", why should he intentionally wipe it out?
My guess would be that we'll just be seeing more of the same. A lot more.
Phishing will grow bigger as more clueless users get infected with keylogging bots that send their bank info home, the blackmailing crowd might move on to more high profile victims (ebay down for a day? 100k bots can do it) and the botnet/worm creators will ofcourse constantly get more creative with their payloads.
The only hope seems to be that one day people will put blame where it belongs and launch a huge lawsuit against MS, forcing them to fix their holes and close the playground. Then it's all over, maybe...
just my 2c
As I understand it, that figure was all botnets they monitored combined.
Not a single one.
But as we all know, on the internet "size doesnt matter much".
Switch your bots to a lightweight (UDP based?) protocol, partition up the botnet or make it P2P and you can handle any insane number of bots.
Remember, as soon as a new Windows vulnerability is discovered (the current rate seems to be about one serious remote exploit every 3 months) your malicious botnet-operator only needs to "plug in" the new exploit and have n bots dig through a pool of hundreds of thousands (probably millions) of vulnerable hosts just standing in line to join...
I would not really be surprised if such a large (single) botnet would come into existence in the near future. I guess we'll soon be reading about regular busts on botnet operators as we're reading nowadays about the arrestment of (usually minor) worm programmers.
And, on a different but related note, I want to repeat: microsoft is to blame! Sue them, leave the fuckin kids alone!
Yea what then?
a styred irects.ru
Will it read:
To cash in your bonus please load this URL:
http://citibank.com|350893463463468.gnarf.n
or what?
Anyone who needs to read the name of their bank off the paper while typing it in should *not* be in charge of their bank acccount (or a computer for that matter).
HA, Holy s$it! And I thought it was only me doing that. Definately time to come up with a better strategy... ;)
I did it exactly the same way many times, because putty is hosted at this obscure long URL that I could never remember. It's just so quick to have google find it and hit the first link. It's always been the same "familar" page so I never got suspicious.
Well, at least I always make sure that the virus scanner is active and up to date before installing *anything* to a wintendo box. Not like that would a be a real defense, though...
I think stuff like putty should be hosted on a SSL-site.
A click on the little lock to check that the names match up is just so much easier done than digging up a md5sum-bin or gnupg for windows...
We were talking about installation/maintenance of a large (>100) number of hosts. You are free to use whatever at home - so be it ubuntu, I heard it's good. I don't think FAI would work with ubuntu, though.
A machine installed today may look nothing like a machine installed tomorrow.
You may want to take a look at FAI (Fully Automatic Installation - google will find it). We've been using it quite successfully for that kind of maintenance.
You basically set up a local debian mirror (snapshot of the real tree) and use it to deploy your machines (FAI does it great) and as only apt-source for them. Whenever it's time to update a pkg you test it, then just drop it to your mirror where the clients can pick it up via apt-get upgrade.
so I can't personally vouch that it works properly
;-)
Ofcourse it works, why shouldn't it?
There's no magic smoke in your distro. It's a kernel, a glibc and a bunch of software.
Only via LFS you can do funny things like compile everything static, really get rid of SysV init (in favor of e.g. minit), compile stuff against dietlibc instead of glibc (talk about >50% less bloat), choose the exact version and patches for all your system utils (ever hated distro X for including only broken version Y of Z?)...
So, yes, LFS is for people who REALLY care. And it works.
Make a tarball and it even works for many machines
Is there a livecd of xandros?
I'd like to take a look at it but don't have a spare machine to do a real install.
Also I think the real "takeover"-linux gotta be a livecd (like knoppix). Because why should a computer novice be bothered with something like "installing" the OS?
Throw in the disc, boot, get work done.
Personal data and config settings can go to the harddisk, on a special partition or, heck, into a file on an existing partition or better, a removable device like a memory stick.
Updates for software packages available?
Fine, they are loaded to the harddisk (or mem-stick, whatever) via a shiny GUI and the OS cd will detect updated packages there during boot and use them instead of the cd version.
Want to make backups? Fine. Click the "backup"-icon, insert CDR, your data, settings and updated packages go to the backup CD.
Hard disk breaks? No problem. Replace drive, throw in the boot cd and be greeted with a shiny "Oops, this seems to be your first boot"-dialog.
The dialog would ask you to enter your last backup CDR (if available) and restore the state (personal files, config, updated packages, everything!) from the last backup.
I, personally, know a lot of people who would *love* such a "computing made easy"-disc. They are sick of their PCs slowing down to a crawl after some months of "normal usage" (sounds familar?). They don't want to waste energy on figuring out why this or that broke and how to fix it.
A boot-disc is perfect for these people because even if they find a way to break something bad, a simple reboot *will* fix it (unlike wintendo).
What is Linux? 70 million lines??
/usr/src/linux/ -name "*.c" -or -name "*.h" -exec cat {} \; | wc -l
$ find
1165052
Did I miss something?
Linux softraid is fine (stick with raid1, though...) but ENB and LVM are a nono if you need it reliable. Do not try this on a prod. system unless you intend to go through hellfire, soon.
A good SCSI raid controller costs close to $1000 and a good SCSI hard drive can cost $400.
Depends on size and features. Our Adaptec U320 controllers cost $150. 36G fujitsu SCA drives cost $100 a shot. Speed, reliability and hot-swap capability are well worth the money when your server is actually doing something worthwhile...
Close but I think mine is more ergonomic. I rotate my hand further so my ring finger is on the left mouse button, index on the scrollwheel and thumb on the right button. Might sound wierd at first but it's a very comfortable setup for long coding sessions esp. when used in comb. with the logitech foot pedal (shift/alt/meta) and MS Nose Explorer (numpad + meta-keys at your nosetip).
NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOoooooooooooooooo ooooooooooooo!!!!!!!!
*jumps off the cliff, still screaming...*
because there simply isn't any major system that needs a rewrite.
Maybe there isn't one right now but I bet in a year from now some core stuff will probably need some upgrading.
In technology "the next big thing" is always just right around the corner...
XFS sucks. Good enough? ;-)
I see. Well, if your hardware is good then my next guess would be the gfx card drivers. /var/log/XFree86.log or Xorg.log)
;-)
Does the X server crash (screen goes black, returns to login manager) or does it freeze? Does it say anything in the xserver log (usually
Some xservers have memory leaks, does your box get slow and start to swap before it crashes? What GFX card/drivers are you using?
Are you using XFree86 or X.org?
Funny you say you like XP but prefer gnome over KDE.
Last time I looked KDE was much more similar to windows...
Maybe check out this page.
They have a nice overview of many available window managers (with screenshots), maybe you find another one that you like. At least XFCE, WindowMaker and blackbox/fluxbox are worth a look.
Good luck!
Oh gee, and I actually wasted time trying to explain stuff to you.
Nevermind and grow up...
I understand that. So, let's go back to my question... What exactly can I accomplish by using the kernel itself? What can I do w/the kernel alone? The answer is, "not much".
Well, that's like asking "what can I do with a car-engine?".
People can do quite a lot with it - provided they know what they're doing.
Didn't you ever watch McGyver?
Is Internet Explorer Windows?
In fact Internet Explorer is tied very closely to the windows kernel which is the very reason for its many critical security problems. So, yes, Internet Explorer "is not windows" but it may very well, technically, be considered a part of the windows kernel.
And windows is not considered insecure because of internet explorer.
Windows is considered insecure because of major design flaws in core components that manifest themselves as inherent security problems that affect all win32 software one way or another (esp. when networking is involved).
I really cannot see what your problem is, just trying to stir shit?
He was arguing that the distro isn't Linux, but the core "engine" (kernel) is.
Yes, you got it. Linux is the kernel, named after Linus Torvalds.
A linux-distro is just that; a distribution of the linux kernel with a lot of additional software.
I've had issues with all of them crashing on me :]
;)
Well, still no offense, but either your hardware has some serious issues or you're doing some seriously strange stuff.
The reason I went with Gentoo was a: to learn as much as possible without having to track down every package under the sun AND worry about dependencies myself.
Telling from your above statement I assume your "crashes" are more likely related to bad hardware than anything else.
I mean, isn't that like me saying the car has issues and him arguing how the car is separate from the engine?
No, it's more like you saying that ford has issues and him arguing that your ford may have issues but other models are fine.
Real servers often consist of not more than the kernel, the GNU toolchain and, sometimes, the application they're supposed to serve (whatever kind of beast that may be).
With *only* the kernel you can have, for example, a kernel-level webserver (e.g. tux), a router and well, other things people have hacked kernel modules for.
Your question is unspecific.
No offense but unless you know what you're doing you should be running a "newbie-friendly" distro like Fedora, SuSE or maybe Ubuntu (I keep hearing it's good, never tried it myself though!).
:-)
Gentoo is known for causing lots of trouble (it seems they don't do much regress-testing at all) so it's really no surprise your gnome is locking up.
Have you checked the version numbers on the countless gnome components? Chance are that some of them are bleeding edge beta or testing versions.
If you're just on linux for the learning expirience and not really using it for productive work (yet) then you might want to dip a toe in the real cold water and try to get a LFS (Linux from scratch) up and running.
It takes patience and time but there's lots of documentation. And after you're done you'll have learned many of the important details that actually make your system tick. Most importantly: When it freezes again you'll know where to look!
That route is hard but I keep recommending it to newbies who are seriously interested in becoming a "guru". It takes work but you learn much more in a very condensed timespan (may very well take a week or longer, though!) than in a year of running some polished up distro and hardly ever touching the command line.
Again, this is not meant offensive, just trying to provide some advice
Worst??
I loved that! Made me feel all guru meditation.
What do you mean, "just a public key in a digital baggie"?
Isn't that what all certs are?
You pay for avoiding the popup. Encryption can be had for free, SSL works just as well with selfsigned certs. IMHO the whole SSL thing as it is implemented today is not more than a bitter joke (or more bluntly: a license to print money for the so-called cert authorities).
The whole popup-box approach is the wrong way round.
The warning box may stay for selfsigned/unknown certs but there should also be an info-box popping up for certs from "trusted" authorities that states clearly which measures were taken to verify that the cert-owner is the one he claims to be. E.g.: CC-Data verified, call-back on number xxx-xxx on 1st Apr 2004, copy of business license received by fax, etc... along these lines.
Then I (and joe average) can easily decide whether the measures taken justify my trust.
Today just anyone can get a cert that suppresses the browser warning with
not much more than a stolen CC-number. Happy phishing, I guess...