Like MS Office support for MacOS, multi-language suupport, or like the web client for MS Exchange. I'm sure it will be missiing features that even casual users will notice, and that the IT staff supporting the environments will have to deal with.
Oh? You think not? If you don't have chroot cages, or some other more complex and thus more likely to trash your system tools to isolate SCP or SFTP users, a pernicious user can overwhelm just about any writable directory on the system. This includes/tmp,/usr/tmp, and/var/tmp (which are often symlinked togetyer). Alternatively, any log files or system applicaitons which were not carefully secured will be vulnerable. Jabber servers installed by default in/usr/local with their passwords in cleartext, MySQL databases installed manually with unwise permissions, even home directories of users who want to "share their workspace" and have have reset their home directory to global read permissions, with their HTTPS Subversion passwords in the clear-text local storage that the Subversion clients insist on, all become vulnerable. Or if the server is running autofs, the SFTP user can go into any local NFS server he wants by poking around in/net/[hostname]/.
While you may be careful to have a properly secured system for these services, far too many casual users andn busy admins just use the available tools without thinking about the repercussions.
And simple vandlism like swamping/tmp or/var/tmp will make your system unusable to ordinary people, because even if you've got them on an isolated partition or two, various utilities will casually attempt to write there and fail when they can't. It's very difficult to predict what will fail in such circumstances. And if they're not on a separate partition, they can overflow/. That leads to very, very expensive downtime in an industrial use, or a lot of frustration cleaning up the debris for a casually built server.
Even setting up the chroot cages for contemporary versions of OpenSSH is awkward. It's a manual process, and the OpenSSH chroot cage puts all such users in the __same__ chroot cage, rather than allowing different cages for different users. There were better versions of that all the way back with ssh.com's ssh-1.x, before OpenSSH was even invented, that would allow different chroot cages for different users.
Tools like Apache allow one to trivially configure something nearly the equal of a full-blown chroot cage, in a commonly used and easily configured fashion with no add-on software which requires updating anytime a system tool updates. It's a much cleaner approach. Even FTP servers and rsync have learned how to do this properly andn keep the/etc and/bin and/lib directories out of the effectively chrooted space.
It's not technically a chroot cage in those instances, but it's a well-isolated upload/download location, and quite effective at keeping users out of the rest of the OS.
Really! Then the corporate VPN sservers between remote installations and the dedicated VPN gateways between them are also super-n00btastic? It's a common approach for companies with shared resources in remote locations, it allows access between the networks for simple devices or legacy systems that cannot handle installing a VPN client, and saves a lot of time and manpower setting up the clients on their individual machines. The laptop VPN clients are for travel and home use, and there, I'd agree that connecting a local subnet to theh VPN is unwie. But I've seen 4 corporate setups like this in the last 2 years, 2 of them in internatioinal setups. It's fairly common.
And don't forget the better dialog, even if you can't read Greek. Maybe we could improve Star Wars by having it translated to Greek, and disabling subtitles?
I hope your scp setup has chroot cages set up, because otherwise, your clients can go poking around the rest of your SCP server and potentially do all sorts of damage. Keeping them from overfilling/tmp and/var/tmp on the server is difficult enough. Keeping them out of/etc/passwd to find account names is even more awkard: a secured SCP server is fairly awkward.
I've been seeing a few recommendations to instead use WebDAV over HTTPS. There are plenty of Java based clients, chroot cages are built in, and Windows has direct access to it over a browser for download, and using hte 'Network Connections' for upload. I also understand that is supports SSL keys quite well, for public/private key access.
The unencrypted FTP traffic on the far side of the VPN connection can be sniffed. Passwords should never, never, never be sent in the clear, even over a local network, because people are awful about change passwords and will use the same one in multiple locations. And if the VPN is between two networks, rather than between your machine and a remote network, the FTP traffic an be sniffed inside your own network.
It only takes one compromised laptop in most networks to engage in quite a bit of useful packet sniffing of exactly this kind of traffic. Unless that VPN is between your desktopo and the VPN server itself, it's hazardous.
Your reasoning is good. It's important to remember that what are now major religions have engaged in the sins of cults, and are not automatically innocent.
The isolation of cults, and the trust in a single charismatic leader, can let crimes by that leader and his chief followers fester and become a matter of policy. That's exactly what happened to Scientology, with their Guardian's Office and bomb threates forged by Mrs. Hubbard and her cronies, and that's what continues with their fraudulent claims of guiding people through past lives and scraping the souls of space aliens off of you with auditing and the 'e-meter' detecting them. It's hypnotism and plain old exorcism, with a pseudo-scientific label on it.
Good point. But as the cradle of civilization, I rather thought the idea of a state religion propagated from the Golden Crescent outwards, leaving the political ramifications in their wake. I could be mistaken on this.
I agree that arguing about dogma gets pretty silly pretty fast.
But to claim that Scientology is *more* harmful is misleading. Tell that to the victims of the Crusades, the citizens of Iraq right now, the Jews of the Inquisition and the Holocaust, those slaughtered by colonits bringing Christianity to their un-civilized countries, etc.
Christianity has gotten better, but it stall has a lot to make up for.
It's a good question. Perhaps a lot less monotheism would be a good idea? Done well, polytheism encourages courtesy to other gods, and priests acknowledging that their way is not the only way to happiness and may not be right for all people. It can match people to gods, and vice versa, at its best. Perhaps we could have even avoided this concept of the 'divine right of kings', and kept the idea that kings are selected because they're good at it, not because God somehow endowed their bloodlines with the right to rule?
We'd still have local conflicts, but perhaps we could do without the War of the Roses, the Crusades, the Holocaust, the rape of Africa andn the Americas fulfilling the white man's burden, etc?
No, a man called Steve Hassan wrote some good guidelines for the destructive behavior of cults, at http://www.freedomofmind.com/resourcecenter/faq/. One key is the control over thoughts on members, insisting that they not only behave but that they think in certain ways. Scientology has this one down pat with their lie-detectors and 'auditing'. Another key factor is the pyramid scheme: Each level reports only to the upper levels, all data is centralized in thehands of a few, and any attempt to question leaders or shift dogma is met with harsh controls and even destruction of the questioning person.
Take a look at factnet.org for some history of this cult, and take a look at Susan Meister's case and her book, 'Scandal of Scientology', or hte old Time magazine article. They claim they shut down the internal security group that harassed Susan, but they seem to have simply transferred the leading personnel to other groups, and some of them are still active. This includes Kendrick Moxon, the attorney who successfully destroyed Cult Awareness Network.
Thousandths of a second? I'll admit that a light impulse of short duration will deposit enough quanta on the relevant photosensitive dyes in your optical cells to provide a usable bit of information. After all, light quanta are discrete, and so are neural signals, and individual quanta are apparently detectable in extremely low light conditions. But the photoreceptors, and the nerves they are connected to, do a lot of signal combining and time smearing. So any kind of temporal resolution for distinct events at temporal separations of less than a millisecond seems a bit awkward.
So are you referring to being able to notice short, bright flashes of light, which fits what I just mentioned, or something else?
That's one approach. Another approach is when the other person is within reach and can answer questions or you can each delegate small chunks in real-time, as occurs in many physical tasks with experienced partners. Experience with a coding partner is invaluable this way, and won't be solved by an editor. But the editor can cooperate by easing whitespace discrepancies, encouraging consistent formatting for legibility and easy comparison, using sane 'commit' and 'save' policies, etc.
> his is hardly surprising. Look at the multitude of MMOs that have started development, and been left by the roadside due to/* lack of funding for */ the craptastic product.
Fixed that for you. And I'm quite serious: many of the exciting new products in many fields are proposed by people who have no idea of what the market will actually support, misled by their own hopes and the VC marketer who took the commission for finding them the money and is long gone by the time the product finishes failing. Far too many companies are producing far, far too many big projects to create a new future, rather than filling a real need. And it's easy to poison such a project with a single mistake from a single developer or manager, or a market change.
You seem to be confusing popularity with 'a business that pays our salaries and makes money for our stockholders'. It's a different model: RedHat is in a good position to incorporate new features from ubuntu developers into their Fedora, then their RHEL releases, in a managable and tested way.
This helps avoid exactly the OpenSSL/OpenSSH key craziness that just happened to Debian and Ubuntu, because someone got careless migrating the code and commented out an important piece. And avoiding that craziness is exactly what you pay companies like RedHat for.
No one else uses vtwm? It's not included in default distributiions for various reasons, but it's still available at the 'Penguin Liberaton Front'. And it's extremely lightweight, with good virtual window handling.
I find your point confusing. This was not to replace a helicopter rotor, it was to replace a jet engine on a flying winged jetpack, for reasons of expense and safety from burning jet exhaust for the pilot. If a jet engine fails, you're equally doomed to fall.
There was an article I remember reading, in roughly 1974, about a man building jet wings with VTOL capability from a pair of surplus Navy jet engines. It was the cover story. The device was heavy, but feasible for a single person to take out of a storage space and put on by themself, fly, and restore to storage without help. He was planning to switch to ducted fans due to the expense of the jet engines, and that seemed feasible. It had a cruising veolocity of about 110 MPH, and got something like 30 miles to the gallon with a 5 gallon tank, and it could lift about a 300 pound maximum load. He hoped to get the price down to $10,000 (in 1970's dollors!), and had pointed out that it would legally be an 'ultru-light' aircraft, which only required a driver's license to fly.
So it's nice to see someone recapturing the technology, and it would be very exciting to see this attempt become more commercially available, but the idea is hardly new.
Have you tried to write cross-platform GUI's and document access tools? It's tricky, and leads to an awful waste of programming time. It also multiplies necessary Q/A testing. Features that are easy and graceful to provide in one environment become difficult, or even orphaned in another environment.
Like MS Office support for MacOS, multi-language suupport, or like the web client for MS Exchange. I'm sure it will be missiing features that even casual users will notice, and that the IT staff supporting the environments will have to deal with.
Oh? You think not? If you don't have chroot cages, or some other more complex and thus more likely to trash your system tools to isolate SCP or SFTP users, a pernicious user can overwhelm just about any writable directory on the system. This includes /tmp, /usr/tmp, and /var/tmp (which are often symlinked togetyer). Alternatively, any log files or system applicaitons which were not carefully secured will be vulnerable. Jabber servers installed by default in /usr/local with their passwords in cleartext, MySQL databases installed manually with unwise permissions, even home directories of users who want to "share their workspace" and have have reset their home directory to global read permissions, with their HTTPS Subversion passwords in the clear-text local storage that the Subversion clients insist on, all become vulnerable. Or if the server is running autofs, the SFTP user can go into any local NFS server he wants by poking around in /net/[hostname]/.
/tmp or /var/tmp will make your system unusable to ordinary people, because even if you've got them on an isolated partition or two, various utilities will casually attempt to write there and fail when they can't. It's very difficult to predict what will fail in such circumstances. And if they're not on a separate partition, they can overflow /. That leads to very, very expensive downtime in an industrial use, or a lot of frustration cleaning up the debris for a casually built server.
/etc and /bin and /lib directories out of the effectively chrooted space.
While you may be careful to have a properly secured system for these services, far too many casual users andn busy admins just use the available tools without thinking about the repercussions.
And simple vandlism like swamping
Even setting up the chroot cages for contemporary versions of OpenSSH is awkward. It's a manual process, and the OpenSSH chroot cage puts all such users in the __same__ chroot cage, rather than allowing different cages for different users. There were better versions of that all the way back with ssh.com's ssh-1.x, before OpenSSH was even invented, that would allow different chroot cages for different users.
Tools like Apache allow one to trivially configure something nearly the equal of a full-blown chroot cage, in a commonly used and easily configured fashion with no add-on software which requires updating anytime a system tool updates. It's a much cleaner approach. Even FTP servers and rsync have learned how to do this properly andn keep the
It's not technically a chroot cage in those instances, but it's a well-isolated upload/download location, and quite effective at keeping users out of the rest of the OS.
Really! Then the corporate VPN sservers between remote installations and the dedicated VPN gateways between them are also super-n00btastic? It's a common approach for companies with shared resources in remote locations, it allows access between the networks for simple devices or legacy systems that cannot handle installing a VPN client, and saves a lot of time and manpower setting up the clients on their individual machines. The laptop VPN clients are for travel and home use, and there, I'd agree that connecting a local subnet to theh VPN is unwie. But I've seen 4 corporate setups like this in the last 2 years, 2 of them in internatioinal setups. It's fairly common.
And don't forget the better dialog, even if you can't read Greek. Maybe we could improve Star Wars by having it translated to Greek, and disabling subtitles?
Youngsters: I keep my console lit up to keep from being eaten by a grue, ever since that darned torch got wet.
I hope your scp setup has chroot cages set up, because otherwise, your clients can go poking around the rest of your SCP server and potentially do all sorts of damage. Keeping them from overfilling /tmp and /var/tmp on the server is difficult enough. Keeping them out of /etc/passwd to find account names is even more awkard: a secured SCP server is fairly awkward.
I've been seeing a few recommendations to instead use WebDAV over HTTPS. There are plenty of Java based clients, chroot cages are built in, and Windows has direct access to it over a browser for download, and using hte 'Network Connections' for upload. I also understand that is supports SSL keys quite well, for public/private key access.
The unencrypted FTP traffic on the far side of the VPN connection can be sniffed. Passwords should never, never, never be sent in the clear, even over a local network, because people are awful about change passwords and will use the same one in multiple locations. And if the VPN is between two networks, rather than between your machine and a remote network, the FTP traffic an be sniffed inside your own network.
It only takes one compromised laptop in most networks to engage in quite a bit of useful packet sniffing of exactly this kind of traffic. Unless that VPN is between your desktopo and the VPN server itself, it's hazardous.
Your reasoning is good. It's important to remember that what are now major religions have engaged in the sins of cults, and are not automatically innocent.
The isolation of cults, and the trust in a single charismatic leader, can let crimes by that leader and his chief followers fester and become a matter of policy. That's exactly what happened to Scientology, with their Guardian's Office and bomb threates forged by Mrs. Hubbard and her cronies, and that's what continues with their fraudulent claims of guiding people through past lives and scraping the souls of space aliens off of you with auditing and the 'e-meter' detecting them. It's hypnotism and plain old exorcism, with a pseudo-scientific label on it.
Church of Latter Day Saints, they have amusing undergarments.
No one can tell about Emacs zealots, because no one dares lift their beard to check. Especially on the women.
[ This is what I get for hitting Esc-x-insult-emacs ]
Good point. But as the cradle of civilization, I rather thought the idea of a state religion propagated from the Golden Crescent outwards, leaving the political ramifications in their wake. I could be mistaken on this.
I agree that arguing about dogma gets pretty silly pretty fast.
But to claim that Scientology is *more* harmful is misleading. Tell that to the victims of the Crusades, the citizens of Iraq right now, the Jews of the Inquisition and the Holocaust, those slaughtered by colonits bringing Christianity to their un-civilized countries, etc.
Christianity has gotten better, but it stall has a lot to make up for.
It's a good question. Perhaps a lot less monotheism would be a good idea? Done well, polytheism encourages courtesy to other gods, and priests acknowledging that their way is not the only way to happiness and may not be right for all people. It can match people to gods, and vice versa, at its best. Perhaps we could have even avoided this concept of the 'divine right of kings', and kept the idea that kings are selected because they're good at it, not because God somehow endowed their bloodlines with the right to rule?
We'd still have local conflicts, but perhaps we could do without the War of the Roses, the Crusades, the Holocaust, the rape of Africa andn the Americas fulfilling the white man's burden, etc?
No, a man called Steve Hassan wrote some good guidelines for the destructive behavior of cults, at http://www.freedomofmind.com/resourcecenter/faq/. One key is the control over thoughts on members, insisting that they not only behave but that they think in certain ways. Scientology has this one down pat with their lie-detectors and 'auditing'. Another key factor is the pyramid scheme: Each level reports only to the upper levels, all data is centralized in thehands of a few, and any attempt to question leaders or shift dogma is met with harsh controls and even destruction of the questioning person.
Take a look at factnet.org for some history of this cult, and take a look at Susan Meister's case and her book, 'Scandal of Scientology', or hte old Time magazine article. They claim they shut down the internal security group that harassed Susan, but they seem to have simply transferred the leading personnel to other groups, and some of them are still active. This includes Kendrick Moxon, the attorney who successfully destroyed Cult Awareness Network.
Thousandths of a second? I'll admit that a light impulse of short duration will deposit enough quanta on the relevant photosensitive dyes in your optical cells to provide a usable bit of information. After all, light quanta are discrete, and so are neural signals, and individual quanta are apparently detectable in extremely low light conditions. But the photoreceptors, and the nerves they are connected to, do a lot of signal combining and time smearing. So any kind of temporal resolution for distinct events at temporal separations of less than a millisecond seems a bit awkward.
So are you referring to being able to notice short, bright flashes of light, which fits what I just mentioned, or something else?
Is it a magnet that makes Counterstriker's say 'where's my bazooka'? http://www.youtube.com/watch?v=r7rkQwbY98s
That's one approach. Another approach is when the other person is within reach and can answer questions or you can each delegate small chunks in real-time, as occurs in many physical tasks with experienced partners. Experience with a coding partner is invaluable this way, and won't be solved by an editor. But the editor can cooperate by easing whitespace discrepancies, encouraging consistent formatting for legibility and easy comparison, using sane 'commit' and 'save' policies, etc.
Theo de Raadt.
> his is hardly surprising. Look at the multitude of MMOs that have started development, and been left by the roadside due to /* lack of funding for */ the craptastic product.
Fixed that for you. And I'm quite serious: many of the exciting new products in many fields are proposed by people who have no idea of what the market will actually support, misled by their own hopes and the VC marketer who took the commission for finding them the money and is long gone by the time the product finishes failing. Far too many companies are producing far, far too many big projects to create a new future, rather than filling a real need. And it's easy to poison such a project with a single mistake from a single developer or manager, or a market change.
You seem to be confusing popularity with 'a business that pays our salaries and makes money for our stockholders'. It's a different model: RedHat is in a good position to incorporate new features from ubuntu developers into their Fedora, then their RHEL releases, in a managable and tested way.
This helps avoid exactly the OpenSSL/OpenSSH key craziness that just happened to Debian and Ubuntu, because someone got careless migrating the code and commented out an important piece. And avoiding that craziness is exactly what you pay companies like RedHat for.
Or in line at any fast food restaurant, especially the way they feed any kids. Fries should be a treat, not a staple.
So people with glasses should not be allowed to compete at anything, either?
No one else uses vtwm? It's not included in default distributiions for various reasons, but it's still available at the 'Penguin Liberaton Front'. And it's extremely lightweight, with good virtual window handling.
I find your point confusing. This was not to replace a helicopter rotor, it was to replace a jet engine on a flying winged jetpack, for reasons of expense and safety from burning jet exhaust for the pilot. If a jet engine fails, you're equally doomed to fall.
There was an article I remember reading, in roughly 1974, about a man building jet wings with VTOL capability from a pair of surplus Navy jet engines. It was the cover story. The device was heavy, but feasible for a single person to take out of a storage space and put on by themself, fly, and restore to storage without help. He was planning to switch to ducted fans due to the expense of the jet engines, and that seemed feasible. It had a cruising veolocity of about 110 MPH, and got something like 30 miles to the gallon with a 5 gallon tank, and it could lift about a 300 pound maximum load. He hoped to get the price down to $10,000 (in 1970's dollors!), and had pointed out that it would legally be an 'ultru-light' aircraft, which only required a driver's license to fly.
So it's nice to see someone recapturing the technology, and it would be very exciting to see this attempt become more commercially available, but the idea is hardly new.
Have you tried to write cross-platform GUI's and document access tools? It's tricky, and leads to an awful waste of programming time. It also multiplies necessary Q/A testing. Features that are easy and graceful to provide in one environment become difficult, or even orphaned in another environment.