Backports are actually safer than version upgrades. Version upgrades introduce new features, and it is likely that this introduces new bugs as well. If you have a working system, it's better to backport security fixes, because it reduces the likelihood that you'll break something.
I hope that the Fedora folks will continue to do backports in addition to doing new releases.
The most puzzling god that was almost completely missing from American Gods was the big one... you know, the guy that most midwesterners really worship. I'm not a Christian myself, but when reading the book I kept expecting this to be addressed somehow: what happened to Jehovah?
Or, rather, what happened to Jehovah's worshippers?
But the OpenSSH security bug should have been discovered by a code audit. The bug is entirely localized to a small section of code, so a careful reading should have found it. Of course no one's perfect, but the OpenBSD folks might want to look at their procedures and figure out how this bug was missed before. I'm not saying this to take a shot at them, but so that their auditing procedures can be improved.
Thanks to the fact that George Bush is scaring the world to death, you'll increasingly see Europe working with Russia and China to limit our influence.
In particular, the US reserves the best GPS data for the military, and openly says that it will turn GPS signals off at any time if this is militarily useful. In the past, people generally expected the US to be reasonable, so they didn't much care. But in today's climate, with leading American opinionmakers openly calling for war on France, the Europeans and Chinese would have to be idiots to rely on the US-controlled GPS. The Galileo system is a vote of no confidence in the US.
Actually, I read it the other way around: it's an attack on Oracle. Larry Ellison says that Linux is great, and everyone will be running Oracle on top of Linux. Linux still has the odd problem or two, but Larry's confident that they will be fixed.
But if Linux can displace Unix and Windows, why can't MySQL displace Oracle? If you ask Oracle for why, their reasons sound pretty much exactly the same as the stuff McNealy will tell you about Solaris.
Well, we could require one of two policies: permit others to fix your bug (by open source licensing), or bear responsibility for fixing the bug yourself in a timely manner (if you prefer to ship binaries only).
While everyone should quickly update their ssh, I haven't seen any evidence so far that there is an exploit "in the wild" as the article states (that is, it appears that script kiddies don't have a 'sploit yet, though they might have one by tomorrow).
Well, what if, when you use a CDR to make a Debian CD, your $0.77 CDN were divided between the Free Software Foundation, SPI (the nonprofit that handles donations to Debian), Linux International, etc. instead of going to the RIAA?
The idea would be that random surveys are done once in a while to figure out how CDRs are being used. If a lot of them are being used to copy free software, then some of the tax would go to the copyright holders.
To divide up the money, there would be a rating system that would include not only music but software and data. Copying proprietary software (other than making a backup copy, which is blessed in the US as well as in some other countries) would remain illegal.
This was actually one of the ideas that Stallman proposed back in the 80s as one alternative to fund software development if all software is to be free.
I know, I know, you want free beer. But if a tax on digital media will stop the copyright cartels from destroying the net, I'll take it.
You have done something stupid. You've installed a broken, inferior implementation of ssh (namely lsh), rather than installing OpenSSH 3.7. Given the lack of maturity of lsh, there is no particular reason to expect that it doesn't have security holes. And the
only reason people know about the heap overrun bug is because the OpenSSH team released a fix.
It appears that the OpenSSH people found this bug first, and released a fix in version 3.7. People who studied this fix then found the exploit. So it's stupid for this guy to tell people "upgrade to lsh", since the whole reason his buds know about this bug is because 3.7 fixes it.
Oh, crap. My Prius has no difficulty maintaining speed on hills, and I regularly drive up a 2500 climb to get from Silicon Valley up to Skyline in the Santa Cruz mountains.
The reason that you see the hybrid drivers going under the speed limit is that so many of them seem to be going for the high score on their running miles-per-gallon display.:-)
I chose the Toyota Prius precisely because it has had a few years to mature (Toyota's been shipping since 2000, so I bought the 4th year car in 2003).
That's why I didn't get the (first year) hybrid Civic; I figured Toyota's had time to get the bugs out. So far it's been a great car, though to be fair I've only had it since April.
I've been driving a 2003 Toyota Prius since April. I'm very happy with it.
It has decent acceleration, about the same as other cars I've driven. It's comfortable, quite roomy for a small car, the back seat has decent leg room. I get 45-48 miles per gallon, closer to 45 during hot periods when I use the A/C a lot.
I paid about $21K, including options (I didn't get the GPS system). There's also a tax credit for hybrid vehicles that you should look into.
The acceleration from a standing start is quite good because both engines (electric and gasoline) pull. The gasoline engine cuts off at stops, and in slow stop-and-go traffic only the electric motor runs, which is why the Prius gets better fuel efficiency in city driving than on the highway (the EPA rating is 52 city, 47 highway).
The 2004 Prius appears to be a substantial improvement: it's larger, but gets even better fuel efficiency.
It's a documented proprietary standard, like Adobe's PDF, and OpenOffice can now write Flash format.
The stuff is not going away, so the free software community should concentrate on writing free tools for it.
It appeared to me that the virus companies were using their bounce messages to advertise their services. But since the virus companies know full well that all SoBigF viruses have a fake return address, isn't this false advertising?
But as a Dutch citizen you can follow your job to Germany or the UK or Italy, because within the EU there is free trade for both labor and for capital. "Free trade" advocates these days want free movement of capital and goods, but not workers.
In WTO-world, corporations can move their jobs across borders but workers cannot follow. This one-sidedness pushes salaries down everywhere, as companies seek the cheapest available labor.
That appears to be Adrian Lamo's plan. He wants to be the next Kevin, and has been trying to get people to arrest him (in a way that will make him look like a misunderstood white hat and great hacker martyr) for a year.
It appears that this guy has been trying to get arrested for the last year, so that he can be the next world-famous hacker martyr, like Kevin Mitnick was. A close friend of his registered FreeAdrian.com over a year ago, though it now forwards to freelamo.com.
Read all about it and beware of giving publicity to publicity hounds. This guy's ambition in life appears to be that hackers
everywhere will deface web sites and put his name on them, like people did for Kevin. If he hadn't
been busted by the New York Times, he would have
kept on going until he did get busted.
Actually, radio played a huge role in the Rwanda genocide, with many talk radio broadcasters not only urging that people be killed, but telling people where and when to meet, and where large groups of refugees were hiding.
Slashdot Mirror
Backports are actually safer than version upgrades. Version upgrades introduce new features, and it is likely that this introduces new bugs as well. If you have a working system, it's better to backport security fixes, because it reduces the likelihood that you'll break something.
I hope that the Fedora folks will continue to do backports in addition to doing new releases.
The most puzzling god that was almost completely missing from American Gods was the big one ... you know, the guy that most midwesterners really worship. I'm not a Christian myself, but when reading the book I kept expecting this to be addressed somehow: what happened to Jehovah?
Or, rather, what happened to Jehovah's worshippers?
Fedora currently distributes packages like xmms-mp3, mplayer and ogle, which violate US patents, as well as the DMCA. Will those packages now go away?
But the OpenSSH security bug should have been discovered by a code audit. The bug is entirely localized to a small section of code, so a careful reading should have found it. Of course no one's perfect, but the OpenBSD folks might want to look at their procedures and figure out how this bug was missed before. I'm not saying this to take a shot at them, but so that their auditing procedures can be improved.
If Microsoft prevents Google from seeing their sites, it will decrease traffic to those sites and therefore decrease ad revenue for Microsoft.
Thanks to the fact that George Bush is scaring the world to death, you'll increasingly see Europe working with Russia and China to limit our influence.
In particular, the US reserves the best GPS data for the military, and openly says that it will turn GPS signals off at any time if this is militarily useful. In the past, people generally expected the US to be reasonable, so they didn't much care. But in today's climate, with leading American opinionmakers openly calling for war on France, the Europeans and Chinese would have to be idiots to rely on the US-controlled GPS. The Galileo system is a vote of no confidence in the US.
Actually, I read it the other way around: it's an attack on Oracle. Larry Ellison says that Linux is great, and everyone will be running Oracle on top of Linux. Linux still has the odd problem or two, but Larry's confident that they will be fixed.
But if Linux can displace Unix and Windows, why can't MySQL displace Oracle? If you ask Oracle for why, their reasons sound pretty much exactly the same as the stuff McNealy will tell you about Solaris.
Well, we could require one of two policies: permit others to fix your bug (by open source licensing), or bear responsibility for fixing the bug yourself in a timely manner (if you prefer to ship binaries only).
While everyone should quickly update their ssh, I haven't seen any evidence so far that there is an exploit "in the wild" as the article states (that is, it appears that script kiddies don't have a 'sploit yet, though they might have one by tomorrow).
Well, what if, when you use a CDR to make a Debian CD, your $0.77 CDN were divided between the Free Software Foundation, SPI (the nonprofit that handles donations to Debian), Linux International, etc. instead of going to the RIAA?
The idea would be that random surveys are done once in a while to figure out how CDRs are being used. If a lot of them are being used to copy free software, then some of the tax would go to the copyright holders.
To divide up the money, there would be a rating system that would include not only music but software and data. Copying proprietary software (other than making a backup copy, which is blessed in the US as well as in some other countries) would remain illegal.
This was actually one of the ideas that Stallman proposed back in the 80s as one alternative to fund software development if all software is to be free.
I know, I know, you want free beer. But if a tax on digital media will stop the copyright cartels from destroying the net, I'll take it.
You have done something stupid. You've installed a broken, inferior implementation of ssh (namely lsh), rather than installing OpenSSH 3.7. Given the lack of maturity of lsh, there is no particular reason to expect that it doesn't have security holes. And the only reason people know about the heap overrun bug is because the OpenSSH team released a fix.
lsh is not an "upgrade".
The suggestion to "upgrade" to lsh is stupid. This bug is only public knowledge because the OpenSSH people have already fixed it.
It appears that the OpenSSH people found this bug first, and released a fix in version 3.7. People who studied this fix then found the exploit. So it's stupid for this guy to tell people "upgrade to lsh", since the whole reason his buds know about this bug is because 3.7 fixes it.
Oh, crap. My Prius has no difficulty maintaining speed on hills, and I regularly drive up a 2500 climb to get from Silicon Valley up to Skyline in the Santa Cruz mountains.
The reason that you see the hybrid drivers going under the speed limit is that so many of them seem to be going for the high score on their running miles-per-gallon display. :-)
Let's not oversell: the Prius doesn't get 55 MPG. (Though the 2004 Prius might).
I chose the Toyota Prius precisely because it has had a few years to mature (Toyota's been shipping since 2000, so I bought the 4th year car in 2003). That's why I didn't get the (first year) hybrid Civic; I figured Toyota's had time to get the bugs out. So far it's been a great car, though to be fair I've only had it since April.
Which hyrid does he have? Some have worse pickup than others.
I've been driving a 2003 Toyota Prius since April. I'm very happy with it.
It has decent acceleration, about the same as other cars I've driven. It's comfortable, quite roomy for a small car, the back seat has decent leg room. I get 45-48 miles per gallon, closer to 45 during hot periods when I use the A/C a lot. I paid about $21K, including options (I didn't get the GPS system). There's also a tax credit for hybrid vehicles that you should look into.
The acceleration from a standing start is quite good because both engines (electric and gasoline) pull. The gasoline engine cuts off at stops, and in slow stop-and-go traffic only the electric motor runs, which is why the Prius gets better fuel efficiency in city driving than on the highway (the EPA rating is 52 city, 47 highway).
The 2004 Prius appears to be a substantial improvement: it's larger, but gets even better fuel efficiency.
It's a documented proprietary standard, like Adobe's PDF, and OpenOffice can now write Flash format. The stuff is not going away, so the free software community should concentrate on writing free tools for it.
My 5-year-old daughter would be very upset if the Flash games on the Nick Junior site disappeared. They all run fine with Mozilla and GNU/Linux.
It appeared to me that the virus companies were using their bounce messages to advertise their services. But since the virus companies know full well that all SoBigF viruses have a fake return address, isn't this false advertising?
But as a Dutch citizen you can follow your job to Germany or the UK or Italy, because within the EU there is free trade for both labor and for capital. "Free trade" advocates these days want free movement of capital and goods, but not workers.
In WTO-world, corporations can move their jobs across borders but workers cannot follow. This one-sidedness pushes salaries down everywhere, as companies seek the cheapest available labor.
That appears to be Adrian Lamo's plan. He wants to be the next Kevin, and has been trying to get people to arrest him (in a way that will make him look like a misunderstood white hat and great hacker martyr) for a year.
It appears that this guy has been trying to get arrested for the last year, so that he can be the next world-famous hacker martyr, like Kevin Mitnick was. A close friend of his registered FreeAdrian.com over a year ago, though it now forwards to freelamo.com.
Read all about it and beware of giving publicity to publicity hounds. This guy's ambition in life appears to be that hackers everywhere will deface web sites and put his name on them, like people did for Kevin. If he hadn't been busted by the New York Times, he would have kept on going until he did get busted.
Actually, radio played a huge role in the Rwanda genocide, with many talk radio broadcasters not only urging that people be killed, but telling people where and when to meet, and where large groups of refugees were hiding.