There is an extreme amount of hatred towards Jack Thompson. Having read through some of the correspondence (already listed as links on other posts) it is very clear how this came about.
It is fine to have people of different persuasion or a different ideological bent. If you treat people you disagree with in a courteous & professional manner, they will most often respond in a civil manner.
However, if you take a juvenile approach towards your opponents, belittle them, and insult them, they will respond in kind.
The #opensolaris channel on irc.freenode.net has 116 people in it right now (6 AM EST). While the majority are AFK it shows there are people interested in it.
My past beef with Sun was the shoddy x86 support (remember Solaris 8 x86 that aptly deserved the moniker slowaris?) and negative approach to Linux. Since their recent adoption of AMD X86-64, less doublespeak on Linux, and OSS-ing of Solaris though, I'm willing to take another look.
Maybe they are starting to wake up and smell the coffee......java perhaps?:)
I take a more dialectic approach, instead of one based on censorship or herd mentality.
Re: there are more tools available for MS SQL
on
PostgreSQL 8.1 Available
·
· Score: 3, Informative
(Note - some content cross posted from the recent MSSQL2005 posting I made)
I take issue with the number of tools.
Postgresql has a great variety of tools, both OSS and commercial that work great. I've been working on an updated list of all the tools. Here are a few of the most popular admin tools:
I haven't been using Erwin myself, I just know that the community in #postgresql irc.freenode.net listed it as one of the higher end tools.
In the future, I hope to create a comprehensive, unbiased review of the different administration tools for PG, so potential adopters can identfy tools that meet their requirements best.
Postgresql has a great variety of tools, both OSS and commercial that work great. I've been working on an updated list of all the tools. Here are a few of the most popular admin tools:
I know the UNIX security record relating to symlinks is not unblemished.
I can't help but be curious - Will this be a new avenue by which to exploit Windows systems? I'm not saying this to troll, or to jump on the "MS security sux fanboi wagon" but rather as a concern.
This new development has definitely piqued my interest.
I don't like the idea of switching to Oracle because it is not open source.
I can't sweet talk Oracle devs into including some new feature I want, not without going through loads of bureacracy. I can't submit patches to the Oracle code base. I have to worry about rampant security flaws. I have to pay way too much if my DB gets bigger. I have to put up with mediocre performance.
No thanks.
I am sticking with PostgreSQL. I can hop into #postgresql on irc.freenode.net and talk to bruce momjian about features and coding for postgresql. I can submit patches. I can review the PG codebase, and I know how fast the PG devs fix flaws. I don't have to pay anything if my DB gets bigger. I have great performance. Shoot, I'll even have multi-master replication (slony II) for free in the future.
I don't know about intelligent design (ID) as a theory, or the numerous flaws in evolution.. Most ID proponents have been attacking darwinian evolution on the irreduceable complexity theory which seems a flawed route to attack. To me what is troubling is the defense of darwinian evolution by the removal of ID or Creationism proponents
If the arena of ideas is open, why then the need to purge anyone from a dissenting base?
Why can't scientists yet perform abiogenesis (creating living material from nonliving matter) with all of our scientific knowledge?
I'd like to see some type of scientific dating of the alien spacecraft at area 51.
I read over the article, as if there would be some deep secrets unveiled. Talk about a disappointment.
Here is a sample from it
Some of the case details provide a rare peek into the world of FBI counterintelligence. In 2002, for example, the Pittsburgh field office opened a preliminary inquiry on a person to "determine his/her suitability as an asset for foreign counterintelligence matters" -- in other words, to become an informant. The violation occurred when the agent failed to extend the inquiry while maintaining contact with the potential asset, the documents show.
Translation: The FBI started an investigation into a potential informant. They started to use the informant while the investigation was not completed. OMG!!!!!!! The sky is falling!
More juicy was the details that much of it were mere "technical violations". So someone did what they were authorized to do, but neglected on little tidbit.
I am skeptical of EPIC. This is one of the many organizations that has gone out of their way to oppose a national ID card system and scared people with propaganda.
If we had a federated national ID card system with biometric identifiers, could that better alert our govt about criminals, terrorists, illegal aliens, etc? What about the billions of dollars in fraud happening each year? I think so. Isn't our drivers licenses/SSN/*extensive_patchwork_of_ID_sources/ our de facto ID card these days? An ID card that any illegal can get?
Maybe I am off the subject. Maybe not. EPIC scares me more than some FBI guys going overboard. In fact, I think I would like the ideas of FBI agents going overboard in order to accomplish their missions.
The problem is too much duplicate effort, and the wrong people in charge of things.
NIST, part of commerce, has come out with good documentation on information security. They have also created guides on host OS security duplicating NSA & DISA efforts.
DISA, an agency within DOD, is the proponent for the Security Technical Implementation Guides (STIGs). These STIGs are the best, most updated guides on technical security within the US govt, and mandatory for DOD components.
NSA, an agency within DOD, is the proponent for the Security Recommendation Guides (SRGs).
DHS has created???????? They fund stuff from other agencies essentially.
Until one agency within the fed that has the power to disconnect all agencies, reviews everyone's C&A documentation, standardizes security efforts, controls funding, then we'll have a woeful state within the US govt. It is just too balkanized.
I think many of us in the security community have always had the feeling that Tenable was less than forthcoming about their plans. I can remember many a security colleague mentioning things to me about the people behind Nessus. It was that sort of hushed tones, something is wrong kind of thing. Being the skeptic, I initially discounted those conversations.
Later on, Tenable started to make commercial only modifications. The truth started to come out.
Lets get this straight - the only reason why many of us chose Nessus was because it was Free & OSS. We could have just as easily chosen other tools to use instead. The commercial vulnerability scanners of the earlier era were far better at that time.
Now they want to change? Good luck.
I'm looking forward to whatever OSS tool takes the place of Nessus.
Oh and another thing too, on setting the record straight. Tenable might be the sole authors of the core scanning engine, but they definitely benefited *GREATLY* from external plugin authors.
Re:To Dictionary Head : Income vs Potential income
on
RIAA Sues a Child
·
· Score: 1
Identity theft deprives someone of real income, penalizes their income, and destroys their credit. If someone steals your identity, they take out loans against your name, which means you become liable oftentimes. Therefore, your comparison is not only improper, it is also illogical.
Our entire economic system is not based on potential income. Parts of our economic system are based upon it. Show me a blanket statement, and I'll show you ignorance.
Your comments about assault weapons are likewise moronic. Had the Russians that were to be executed by Stalin, or the Cambodians by Pol Pot, known in advance of their fate and had access to assault weapons, would history have been the same? The purpose behind the right to bear arms is quite simply the control of *unjust* government.
If you fix all the problems of software security (meaning bugs) you still won't fix all the problems in security as a whole.
Why?
Complexity/ignorance
You can remediate every vulnerability in existence and a mis-configuration will lead to a compromise. One wrong ruleset on an access control device and *BAM*. Owned.
To date, in all my security work, I have never seen a host that was hardened, lacking vulnerabilities, with proper permissions for everything, proper usage of least privilege, etc. It doesn't happen so often.
I think there is a vast amount of misunderstanding exemplified in this post.
I do security fulltime. I often see flaws where an organization has a stated policy, and administrators have contravened that, or joe-user has. Or the infamous MS patch reversed a security update and reopened an old vulnerability.
Now, if the CIO of a cabinet level agency dictates that vulnerability XYZ will be remediated across his entire infrastructure and it does not happen by date X, his engineered worm can identify the host, patch it, report the patch, and look for other hosts that are unpatched.
The article was quite clear on the fact that this would be used *internally*.
When are slashdot readers going to actually read, instead of making ignorant posts?
I ask those questions, because various Postgres GUI tools have problems with malformed SQL. Rather than immediately error out, the query will appear to be running, but it won't be. It will continue to run forever basically, until you have an epiphany and realize your malformed SQL caused that initial problem.
These SQL problems are found in various tools, and are not a problem within the database itself.
I'd advise you to check out #postgresql on irc.freenode.net . The Postgres people are great and will help you troubleshoot your problem(s).
While I would prefer to use Linux as my x86 gaming OS, I can't because many titles I play are unavailable, and WINE compatibility isn't there yet. I could use VMware and totally kill performance for some of these titles, but I am not that much of a masochist.
Calling someone a newb when talking about OS choices gaming system is somewhat ignorant to say the least. My servers may run Linux/freebsd, but my gaming system will be Windows (until popular titles start shipping on Linux). Yes, I am aware of OSX and I have no plans to switch.
Slashdot Mirror
I noticed a general trend.
There is an extreme amount of hatred towards Jack Thompson. Having read through some of the correspondence (already listed as links on other posts) it is very clear how this came about.
It is fine to have people of different persuasion or a different ideological bent. If you treat people you disagree with in a courteous & professional manner, they will most often respond in a civil manner.
However, if you take a juvenile approach towards your opponents, belittle them, and insult them, they will respond in kind.
Mr Thompson is only receiving what he has sown.
GG
The #opensolaris channel on irc.freenode.net has 116 people in it right now (6 AM EST). While the majority are AFK it shows there are people interested in it.
:)
My past beef with Sun was the shoddy x86 support (remember Solaris 8 x86 that aptly deserved the moniker slowaris?) and negative approach to Linux. Since their recent adoption of AMD X86-64, less doublespeak on Linux, and OSS-ing of Solaris though, I'm willing to take another look.
Maybe they are starting to wake up and smell the coffee......java perhaps?
If you say anything critical of darwinian evolution around on /. - you'll oft be modded a troll, for example linking the fossils that appear to challenge the darwinian evolution timelinei nosaurs.asp
0 05/05/01/evolutionary_war/
c le/2005/08/18/AR2005081801680.html
l e_id=4761
http://www.answersingenesis.org/creation/v18/i4/d
http://www.bible.ca/tracks/tracks.htm
Darwinian evolution is supposed to be a well grounded theory on origin, not a philosophy.
http://www.boston.com/news/globe/ideas/articles/2
The rise of ID or creationism, can be seen as a challenge to the humanist/atheist adoption of darwinian evolution.
Merely giving a voice to ID supporters, can be dangerous to your career in the scientific community.
http://www.rsternberg.net/
http://www.washingtonpost.com/wp-dyn/content/arti
http://www.opinionjournal.com/taste/?id=110006220
There are arguements to be made in favor of teaching ID
http://www.americanthinker.com/articles.php?artic
I take a more dialectic approach, instead of one based on censorship or herd mentality.
(Note - some content cross posted from the recent MSSQL2005 posting I made)
a ger [sqlmanager.net]
a ger [sqlmanager.net]
/ powerdesigner [sybase.com]
Q L%20GUI%20Tools/document_view [postgresql.org]
I take issue with the number of tools.
Postgresql has a great variety of tools, both OSS and commercial that work great. I've been working on an updated list of all the tools. Here are a few of the most popular admin tools:
PGadminIII
http://www.sqlmanager.net/products/postgresql/man
DBvisualizer
http://www.minq.se/products/dbvis/ [www.minq.se]
EMS Postgresql Manager
http://www.sqlmanager.net/products/postgresql/man
PHPpgadmin
http://sourceforge.net/projects/phppgadmin [sourceforge.net]
Sybase Power Designer
http://www.sybase.com/products/enterprisemodeling
ERWIN data modeller
http://www3.ca.com/Solutions/Product.asp?ID=260 [ca.com]
CASE Studio 2
http://www.casestudio.com/enu/default.aspx [casestudio.com]
Postgresql has a vibrant tool community. If you want more info on Postgresql tools see
http://techdocs.postgresql.org/v2/Guides/PostgreS
I haven't been using Erwin myself, I just know that the community in #postgresql irc.freenode.net listed it as one of the higher end tools.
In the future, I hope to create a comprehensive, unbiased review of the different administration tools for PG, so potential adopters can identfy tools that meet their requirements best.
This must be in satire, or ignorance.
a ger
a ger
/ powerdesigner
Q L%20GUI%20Tools/document_view
Postgresql has a great variety of tools, both OSS and commercial that work great. I've been working on an updated list of all the tools. Here are a few of the most popular admin tools:
PGadminIII
http://www.sqlmanager.net/products/postgresql/man
DBvisualizer
http://www.minq.se/products/dbvis/
EMS Postgresql Manager
http://www.sqlmanager.net/products/postgresql/man
PHPpgadmin
http://sourceforge.net/projects/phppgadmin
Sybase Power Designer
http://www.sybase.com/products/enterprisemodeling
ERWIN data modeller
http://www3.ca.com/Solutions/Product.asp?ID=260
CASE Studio 2
http://www.casestudio.com/enu/default.aspx
Postgresql has a vibrant tool community. If you want more info on Postgresql tools see
http://techdocs.postgresql.org/v2/Guides/PostgreS
I know the UNIX security record relating to symlinks is not unblemished.
I can't help but be curious - Will this be a new avenue by which to exploit Windows systems? I'm not saying this to troll, or to jump on the "MS security sux fanboi wagon" but rather as a concern.
This new development has definitely piqued my interest.
I don't like the idea of switching to Oracle because it is not open source.
I can't sweet talk Oracle devs into including some new feature I want, not without going through loads of bureacracy. I can't submit patches to the Oracle code base. I have to worry about rampant security flaws. I have to pay way too much if my DB gets bigger. I have to put up with mediocre performance.
No thanks.
I am sticking with PostgreSQL. I can hop into #postgresql on irc.freenode.net and talk to bruce momjian about features and coding for postgresql. I can submit patches. I can review the PG codebase, and I know how fast the PG devs fix flaws. I don't have to pay anything if my DB gets bigger. I have great performance. Shoot, I'll even have multi-master replication (slony II) for free in the future.
Well then, it seems the IDers in academia, are the "atheist[s] in a bible thumping town".
I don't know about intelligent design (ID) as a theory, or the numerous flaws in evolution.. Most ID proponents have been attacking darwinian evolution on the irreduceable complexity theory which seems a flawed route to attack. To me what is troubling is the defense of darwinian evolution by the removal of ID or Creationism proponents
If the arena of ideas is open, why then the need to purge anyone from a dissenting base?
Why can't scientists yet perform abiogenesis (creating living material from nonliving matter) with all of our scientific knowledge?
I'd like to see some type of scientific dating of the alien spacecraft at area 51.
I read over the article, as if there would be some deep secrets unveiled. Talk about a disappointment.
Here is a sample from it
Some of the case details provide a rare peek into the world of FBI counterintelligence. In 2002, for example, the Pittsburgh field office opened a preliminary inquiry on a person to "determine his/her suitability as an asset for foreign counterintelligence matters" -- in other words, to become an informant. The violation occurred when the agent failed to extend the inquiry while maintaining contact with the potential asset, the documents show.
Translation: The FBI started an investigation into a potential informant. They started to use the informant while the investigation was not completed. OMG!!!!!!! The sky is falling!
More juicy was the details that much of it were mere "technical violations". So someone did what they were authorized to do, but neglected on little tidbit.
I am skeptical of EPIC. This is one of the many organizations that has gone out of their way to oppose a national ID card system and scared people with propaganda.
If we had a federated national ID card system with biometric identifiers, could that better alert our govt about criminals, terrorists, illegal aliens, etc? What about the billions of dollars in fraud happening each year? I think so. Isn't our drivers licenses/SSN/*extensive_patchwork_of_ID_sources/ our de facto ID card these days? An ID card that any illegal can get?
Maybe I am off the subject. Maybe not. EPIC scares me more than some FBI guys going overboard. In fact, I think I would like the ideas of FBI agents going overboard in order to accomplish their missions.
We are going to support a company that has made a direct attack on the OSS community because it is profitable for us.
We don't really care about OSS as development paradigm and a philosopy which is truly superior to closed source.
We are money grubbing corporate types that will do whatever is expedient in order to make a buck.
We are in this for the money.
Kitsch
The problem is too much duplicate effort, and the wrong people in charge of things.
NIST, part of commerce, has come out with good documentation on information security. They have also created guides on host OS security duplicating NSA & DISA efforts.
DISA, an agency within DOD, is the proponent for the Security Technical Implementation Guides (STIGs). These STIGs are the best, most updated guides on technical security within the US govt, and mandatory for DOD components.
NSA, an agency within DOD, is the proponent for the Security Recommendation Guides (SRGs).
DHS has created???????? They fund stuff from other agencies essentially.
Until one agency within the fed that has the power to disconnect all agencies, reviews everyone's C&A documentation, standardizes security efforts, controls funding, then we'll have a woeful state within the US govt. It is just too balkanized.
I think many of us in the security community have always had the feeling that Tenable was less than forthcoming about their plans. I can remember many a security colleague mentioning things to me about the people behind Nessus. It was that sort of hushed tones, something is wrong kind of thing. Being the skeptic, I initially discounted those conversations.
Later on, Tenable started to make commercial only modifications. The truth started to come out.
Lets get this straight - the only reason why many of us chose Nessus was because it was Free & OSS. We could have just as easily chosen other tools to use instead. The commercial vulnerability scanners of the earlier era were far better at that time.
Now they want to change? Good luck.
I'm looking forward to whatever OSS tool takes the place of Nessus.
Oh and another thing too, on setting the record straight. Tenable might be the sole authors of the core scanning engine, but they definitely benefited *GREATLY* from external plugin authors.
Identity theft deprives someone of real income, penalizes their income, and destroys their credit. If someone steals your identity, they take out loans against your name, which means you become liable oftentimes. Therefore, your comparison is not only improper, it is also illogical.
1 83748
s
Our entire economic system is not based on potential income. Parts of our economic system are based upon it. Show me a blanket statement, and I'll show you ignorance.
Your comments about assault weapons are likewise moronic. Had the Russians that were to be executed by Stalin, or the Cambodians by Pol Pot, known in advance of their fate and had access to assault weapons, would history have been the same? The purpose behind the right to bear arms is quite simply the control of *unjust* government.
It is funny, you argue for Israeli Defense in one post http://slashdot.org/comments.pl?sid=157186&cid=13
Then try to push Gun control?
How do you think Israel can muster such a large military force?
*hint* http://en.wikipedia.org/wiki/Israel_Defense_Force
Basically every adult male will carry weapons, if needed. (national survival).
Now what were you saying again?
Does the word hypocrisy ring a bell?
If you fix all the problems of software security (meaning bugs) you still won't fix all the problems in security as a whole.
:)
Why?
Complexity/ignorance
You can remediate every vulnerability in existence and a mis-configuration will lead to a compromise. One wrong ruleset on an access control device and *BAM*. Owned.
To date, in all my security work, I have never seen a host that was hardened, lacking vulnerabilities, with proper permissions for everything, proper usage of least privilege, etc. It doesn't happen so often.
It also keeps me employed
Most update tools are not cross-platform to the degree that a "smart" worm can be.
Smart worm = a framework. Think of an exploitation framework as merely a component of this worm framework.
Scanning - identify hosts within allowed networks.
Reporting - Hey, we found vulnerabilities XXXX
Exploiting - compromising those hosts
Reporting - Hey, we exploited vulnerabilities XXXX
Patching - Remediating the vulnerabilities on each host
Reporting - Hey, we patched vulnerabilities XXXX
Cleanup - Cleaning up everything
Scanmode - looking for other vulnerable hosts
What you said does not work for extremely large organizations.
Example: DoD.
I think there is a vast amount of misunderstanding exemplified in this post.
I do security fulltime. I often see flaws where an organization has a stated policy, and administrators have contravened that, or joe-user has. Or the infamous MS patch reversed a security update and reopened an old vulnerability.
Now, if the CIO of a cabinet level agency dictates that vulnerability XYZ will be remediated across his entire infrastructure and it does not happen by date X, his engineered worm can identify the host, patch it, report the patch, and look for other hosts that are unpatched.
The article was quite clear on the fact that this would be used *internally*.
When are slashdot readers going to actually read, instead of making ignorant posts?
I just listened to all of this album. I've never listened to them before.
They do have talent. I liked it.
Diminishing Returns appealed to me most, and I think they would sound far better live.
The same does not hold true when discussing a Gentoo install, esp if it is a stage 1 install :)
Saw this.
s /20021205.php
http://www.cspri.seas.gwu.edu/library/current_new
Here it says he started working at GW's Cyber Security Policy and Research Institute (CSPRI) in 2002.
He also has a long background in Unix internals. There aren't many people that know Unix internals and are totally clueless about security.
I would respond with 2 questions
1. Are you sure your SQL is correct?
2. Are you using a GUI tool to perform queries?
I ask those questions, because various Postgres GUI tools have problems with malformed SQL. Rather than immediately error out, the query will appear to be running, but it won't be. It will continue to run forever basically, until you have an epiphany and realize your malformed SQL caused that initial problem.
These SQL problems are found in various tools, and are not a problem within the database itself.
I'd advise you to check out #postgresql on irc.freenode.net . The Postgres people are great and will help you troubleshoot your problem(s).
This article covers whois. Nothing more exciting right? *rolls eyes*
It is nothing new or particularly insightful. This does bring up 3 questions though
1 - Is the slashdot crowd so amazed by something so old as whois?
2 - How much will IP geolocation amaze then?
3 - Who let this even get posted?
While I would prefer to use Linux as my x86 gaming OS, I can't because many titles I play are unavailable, and WINE compatibility isn't there yet. I could use VMware and totally kill performance for some of these titles, but I am not that much of a masochist.
Calling someone a newb when talking about OS choices gaming system is somewhat ignorant to say the least. My servers may run Linux/freebsd, but my gaming system will be Windows (until popular titles start shipping on Linux). Yes, I am aware of OSX and I have no plans to switch.