Of course they show up in curl.. they go into cache after some spider/crawler looks for the link.. then they so up on the site. This is documented on the gitbilt bugs site.
And I CERTAINLY know how things work... and I am not afraid to post with my REAL ID there anonymous coward.
Dude, you must have taken your tin foil hat off.. I could see you for a second.
All those/// are coming from screwed up mirror/spider software (you probably wrote it) that is does not properly pay attention to robos.txt and does not properly query the tree. We didn't see it in testing becuase we queried the tree correctly. We are working with gitblit (the open source software git.centos.org is hosted with), to get this bug fixed and we will be rolling it in soon now that we have CentOS-7 released:
That is only partially true.. RHEL 7 does not have an i386 version. However, CentOS does plan to have one as a secondary arch... IF... we can get it to build:
http://lists.centos.org/piperm...
You would have to ask the people who did it. I suppose that they might think that people who pay for RHEL are more security savy that those who take the free route. I am a centos developer, so I do not appreciate the suggestion that the CentOS team did something. There is no issue that makes centos more or less secure than RHEL in this instance. They likely chose CentOS because it is more prevalent than any other distro in the world and they had a scanner to find it. The initial entry is almost certainly a brute force ssh root password break in. They also likely developed their "malicious code" using the CentOS distro (it is free and the most widely used distro... what would you pick to develop your code on?), so they likely know it works for sure on CentOS. Why take a chance it does not work on RHEL if they developed it on CentOS?
One of the issues in bding the most widely used distro and free is that bad guys use your stuff to build bad things.
You control the iptables on your machine, not the ISP. These guys are not hacking commodity shared servers they are hacking individual/coloacted servers.
You would use IPTABLES and limit the access to at least known networks. Why have your ssh port open to China and Russia if it is located in the UK and never accessed from those locations (for example).
Even if you don't have a single IP, you are on a specific network and you can allow only access from the "4" class B networks (as an example), etc.
Also, you should always disable password logins and use keys to access your servers via ssh. Certainly you should disable direct "root" logins.
This is totally incorrect. There are MANY different licenses in RHEL. In fact, there are 240 individual licenses in RHEL-6.1... including: AFL, Artistic, BSD, CC-BY, GPLv2, GPLv3, CPL, EPL, IBM, IPA, ISC, LGPL, MIT, W3C, and many others... including just Copyright Red Hat and NON-Distributable.
Red Hat did not write MySQL, the Apache Web Server, Gnome, KDE, OpenOffice, etc. They are USING / REBUILDING upstream code to create their distribution too. Granted, Red Hat pays people to help write some of that code... however, they (and SuSE, and Debian, and every other Linux distro) is using other people's code, they are building that code and redistributing it just like CentOS does.
you CAN NOT install RHEL on machines that you do not have support for. You wave that right when you have any RHEL licenses.
So, they can install RHEL if they have a valid license and they can not if they don't.
CentOS is installed on an estimated 2 million machines world wide because of this.
This issue is in RHEL and reproduced in CentOS, so it would not matter which one was installed.
we linux people are not very fond of you either... hopefully you are ready for retirement soon (if you work in the IT industry any way) since you will not be able to work in a datacenter or for a major company anymore.
BUT... how can you create a caching-nameserver without changing that file???
If you do not change that file, you do NOT have a caching-namesever... which was the whole point of installing that package.
I just pulled up the SRPM and looked, and bind-chroot has:
%ghost %config(noreplace) %prefix/etc/named.conf
%ghost %config(noreplace) %prefix/etc/named.caching-nameserver.conf
%ghost %config(noreplace) %prefix/etc/rndc.key
It should not replace that file with an.rpmsave file
it is not a bug to get a caching nameserver if you install caching-namesever... it would be a bug to install caching-nameserver and NOT GET a caching nameserver.
A caching name server IS one that does not have any zones and only looks up zones from the DNS root servers. It is a configuration error to install the caching-nameserver package on a machine that doing anything other being a caching name server.
Stupid admins have been complaining about this for 5 years... but the documentation and bug entries all make it clear NOT to install the caching-namesever packages on DNS servers that control zones.
The user has misconfigured their DNS and has installed a package called, SURPRISE, caching-nameserver along with the other bind packages.
caching-nameserver IS just that, a caching-nameserver. It SHOULD NEVER BE installed on a DNS server that is used for Primary or Secondary DNS control. The bind packages do not in any way modify named.conf, but if you want a caching nameserver and if you have installed the caching-nameserver package, then you would EXPECT that it would replace the named.conf file.
The real question is, how does crap like this get posted as a feature article on slashdot.
you are entitled to your opinion and me mine... however, nothing I said is factually incorrect.
It is my fault, and I will be voting McCain in 2008 too.
Lets see if that can get a few more expletives to come out of your mouth:D
Well... the Iraqi people elected him. We did not pick him, they did.
Sure, there are still bad guys there, which is why we are still there. BUT, what the President Bush said is what the TROOPS think. He is in touch with them. People make such a big deal about his approval rating... but it is highest among the people who are in the military. President Bush has a 60% approval rating among active duty military members.
They (the active duty military members) are very PROUD of what they are doing and see how it is helping the local populace.
If this war was so unpopular among the troops, then the would not be reenlisting in record numbers.
If it is OK with them, and if they are actually there seeing what is happening "on the ground", then that is what matters.
If we were wasting our time, believe me the military people over there would not be staying re-enlisting at this rate.
it IS those things for the people there. They see what is going on and for MOST of them, they are PROUD to help create a democracy where there was once an evil dictator.
That used to be the policy of the United states... Freedom around the world. Luckily for World Wars I and II, the anti-war liberals did not exist in their current numbers.
War is ugly... but freedom is worth it. It is worth it now, like it was in 1916 and 1942.
If one is a Christian, what does that mean. It means that you believe that the Bible is what it claims to be (inspired by God and useful to teach us what is true). It also means that you believe that God sent Jesus to the earth to pay for sins of the world (since that is what is written in the Bible).
If you really believe it, how could you not tell people about it?
Now, if you knew that a runaway truck was coming and you believed it would hit a pedestrian crossing the street what would you do? Hopefully you would tell them about the truck.
The first amendment to the constitution of the United States of America gives you the "Freedom of Religion" not the "Freedom from Religion".
Atheism is also a religious belief (in this case, the choice to believe there is no God). Why should this belief be given any special treatment when compared to Christianity or Islam or Hinduism?
There is no "State Religion", no "Church of the United States"... which is what the founders you refer to were trying to avoid.
One last point, Christians do not believe they are better than anyone. In fact, the Bible that you would say needs to be forever locked out of public view says COMPLETELY THE OPPOSITE. It says that everyone falls short and that no one is good enough... that no one of their own accord lives a life that is good enough to enter heaven. Not me, not you, not the Pope, not the Queen of England, not the Governor of Texas or the President of the United States.
No, Christianity does not make anyone better, it just means they have asked to be forgiven for NOT being good enough.
well... as one of the lead developers for CentOS, let me tell you that Dag is MUCH more CentOS friendly than EPEL.
Users are free to choose which repositories to use... BUT... don't confuse Red Hat's corporate interest with good policy. EPEL does not put conflicting packages in EPEL because Red Hat will not allow it and not for any other reason. This isn't bad, CentOS would not exist without Red Hat... you mischaracterize this issue. Also, RPMFOrge and ATRPMS existed for years before EPEL started, and in fact the reason Dag and other are not members are because EPEL demanded that all the current groups in this space stop what they were doing and instead do what Fedora determined was the proper course.
Also... there is a package called yum-priorities that allows you to prevent having core packages updated if you want to take that approach.
The CentOS Project supports Dag's (and ATRPMS as well) in their forming of a new 3rd party repo called rpmrepo .
Slashdot Mirror
Of course they show up in curl .. they go into cache after some spider/crawler looks for the link .. then they so up on the site. This is documented on the gitbilt bugs site.
And I CERTAINLY know how things work ... and I am not afraid to post with my REAL ID there anonymous coward.
Irrational and hateful ... WTF.
btrfs is a technology preview in RHEL7 and CentOS7 ... you can use it if you want.
Is SUSE also irrational and hateful for using XFS in SLES server?
Yes, but in older versions of CentOS, the system software was compiled using older versions and the 1.7.0 was avilable.
In this version, the system RPMs are compiled against 1.7.0 and 1.6.0 is available for compatibility.
Dude, you must have taken your tin foil hat off .. I could see you for a second.
All those /// are coming from screwed up mirror/spider software (you probably wrote it) that is does not properly pay attention to robos.txt and does not properly query the tree. We didn't see it in testing becuase we queried the tree correctly. We are working with gitblit (the open source software git.centos.org is hosted with), to get this bug fixed and we will be rolling it in soon now that we have CentOS-7 released:
http://code.google.com/p/gitbl...
If you do a dig for the ipaddress and look at the location, git.centos.org is not hosted in a Red Hat datacenter.
You also must not have seen the more than 500 mirrors wrldwide that host CentOS content:
http://www.centos.org/download...
So, other than every single point of your post being wrong, it was a very well and thought out piece of writing.
That is only partially true .. RHEL 7 does not have an i386 version. However, CentOS does plan to have one as a secondary arch ... IF ... we can get it to build:
http://lists.centos.org/piperm...
You would have to ask the people who did it. I suppose that they might think that people who pay for RHEL are more security savy that those who take the free route. I am a centos developer, so I do not appreciate the suggestion that the CentOS team did something. There is no issue that makes centos more or less secure than RHEL in this instance. They likely chose CentOS because it is more prevalent than any other distro in the world and they had a scanner to find it. The initial entry is almost certainly a brute force ssh root password break in. They also likely developed their "malicious code" using the CentOS distro (it is free and the most widely used distro ... what would you pick to develop your code on?), so they likely know it works for sure on CentOS. Why take a chance it does not work on RHEL if they developed it on CentOS?
One of the issues in bding the most widely used distro and free is that bad guys use your stuff to build bad things.
Because CentOS is used more than any other linux server on the Internet maybe:
w3techs web usage
It is set up that way because that is how RHEL is setup.
You control the iptables on your machine, not the ISP. These guys are not hacking commodity shared servers they are hacking individual/coloacted servers. You would use IPTABLES and limit the access to at least known networks. Why have your ssh port open to China and Russia if it is located in the UK and never accessed from those locations (for example). Even if you don't have a single IP, you are on a specific network and you can allow only access from the "4" class B networks (as an example), etc. Also, you should always disable password logins and use keys to access your servers via ssh. Certainly you should disable direct "root" logins.
This is totally incorrect. There are MANY different licenses in RHEL. In fact, there are 240 individual licenses in RHEL-6.1 ... including: AFL, Artistic, BSD, CC-BY, GPLv2, GPLv3, CPL, EPL, IBM, IPA, ISC, LGPL, MIT, W3C, and many others ... including just Copyright Red Hat and NON-Distributable.
Red Hat did not write MySQL, the Apache Web Server, Gnome, KDE, OpenOffice, etc. They are USING / REBUILDING upstream code to create their distribution too. Granted, Red Hat pays people to help write some of that code ... however, they (and SuSE, and Debian, and every other Linux distro) is using other people's code, they are building that code and redistributing it just like CentOS does.
you CAN NOT install RHEL on machines that you do not have support for. You wave that right when you have any RHEL licenses. So, they can install RHEL if they have a valid license and they can not if they don't. CentOS is installed on an estimated 2 million machines world wide because of this. This issue is in RHEL and reproduced in CentOS, so it would not matter which one was installed.
we linux people are not very fond of you either ... hopefully you are ready for retirement soon (if you work in the IT industry any way) since you will not be able to work in a datacenter or for a major company anymore.
well ... I built the OS for the 70 or so CentOS servers you are running ... and I am arrogant. What does that have to do with caching-nameserver :-D
BUT ... how can you create a caching-nameserver without changing that file??? ... which was the whole point of installing that package.
If you do not change that file, you do NOT have a caching-namesever
I just pulled up the SRPM and looked, and bind-chroot has: .rpmsave file
%ghost %config(noreplace) %prefix/etc/named.conf
%ghost %config(noreplace) %prefix/etc/named.caching-nameserver.conf
%ghost %config(noreplace) %prefix/etc/rndc.key
It should not replace that file with an
sure, if it was really a bug ... in this case, it is totally user error and the installing of a package called caching-nameserver.
it is not a bug to get a caching nameserver if you install caching-namesever ... it would be a bug to install caching-nameserver and NOT GET a caching nameserver.
... but the documentation and bug entries all make it clear NOT to install the caching-namesever packages on DNS servers that control zones.
A caching name server IS one that does not have any zones and only looks up zones from the DNS root servers. It is a configuration error to install the caching-nameserver package on a machine that doing anything other being a caching name server.
Stupid admins have been complaining about this for 5 years
This article is absolutely wrong.
The user has misconfigured their DNS and has installed a package called, SURPRISE, caching-nameserver along with the other bind packages.
caching-nameserver IS just that, a caching-nameserver. It SHOULD NEVER BE installed on a DNS server that is used for Primary or Secondary DNS control. The bind packages do not in any way modify named.conf, but if you want a caching nameserver and if you have installed the caching-nameserver package, then you would EXPECT that it would replace the named.conf file.
The real question is, how does crap like this get posted as a feature article on slashdot.
you are entitled to your opinion and me mine ... however, nothing I said is factually incorrect.
It is my fault, and I will be voting McCain in 2008 too.
Lets see if that can get a few more expletives to come out of your mouth :D
Well ... the Iraqi people elected him. We did not pick him, they did.
Sure, there are still bad guys there, which is why we are still there. BUT, what the President Bush said is what the TROOPS think. He is in touch with them. People make such a big deal about his approval rating ... but it is highest among the people who are in the military. President Bush has a 60% approval rating among active duty military members.
They (the active duty military members) are very PROUD of what they are doing and see how it is helping the local populace.
If this war was so unpopular among the troops, then the would not be reenlisting in record numbers.
If it is OK with them, and if they are actually there seeing what is happening "on the ground", then that is what matters.
If we were wasting our time, believe me the military people over there would not be staying re-enlisting at this rate.
it IS those things for the people there. They see what is going on and for MOST of them, they are PROUD to help create a democracy where there was once an evil dictator. That used to be the policy of the United states ... Freedom around the world. Luckily for World Wars I and II, the anti-war liberals did not exist in their current numbers.
War is ugly ... but freedom is worth it. It is worth it now, like it was in 1916 and 1942.
OK ... lets look at this objectively.
... which is what the founders you refer to were trying to avoid.
... that no one of their own accord lives a life that is good enough to enter heaven. Not me, not you, not the Pope, not the Queen of England, not the Governor of Texas or the President of the United States.
If one is a Christian, what does that mean. It means that you believe that the Bible is what it claims to be (inspired by God and useful to teach us what is true). It also means that you believe that God sent Jesus to the earth to pay for sins of the world (since that is what is written in the Bible).
If you really believe it, how could you not tell people about it?
Now, if you knew that a runaway truck was coming and you believed it would hit a pedestrian crossing the street what would you do? Hopefully you would tell them about the truck.
The first amendment to the constitution of the United States of America gives you the "Freedom of Religion" not the "Freedom from Religion".
Atheism is also a religious belief (in this case, the choice to believe there is no God). Why should this belief be given any special treatment when compared to Christianity or Islam or Hinduism?
There is no "State Religion", no "Church of the United States"
One last point, Christians do not believe they are better than anyone. In fact, the Bible that you would say needs to be forever locked out of public view says COMPLETELY THE OPPOSITE. It says that everyone falls short and that no one is good enough
No, Christianity does not make anyone better, it just means they have asked to be forgiven for NOT being good enough.
if everyone gets on the same page ... we can have one distro ... JUST LIKE WINDOWS. Bad idea
well ... as one of the lead developers for CentOS, let me tell you that Dag is MUCH more CentOS friendly than EPEL.
Users are free to choose which repositories to use ... BUT ... don't confuse Red Hat's corporate interest with good policy. EPEL does not put conflicting packages in EPEL because Red Hat will not allow it and not for any other reason. This isn't bad, CentOS would not exist without Red Hat ... you mischaracterize this issue. Also, RPMFOrge and ATRPMS existed for years before EPEL started, and in fact the reason Dag and other are not members are because EPEL demanded that all the current groups in this space stop what they were doing and instead do what Fedora determined was the proper course.
Also ... there is a package called yum-priorities that allows you to prevent having core packages updated if you want to take that approach.
The CentOS Project supports Dag's (and ATRPMS as well) in their forming of a new 3rd party repo called rpmrepo .