First point, about replacing. Same as with windowsupdate, they got crypto checking things.
Second point, about placing malware:
1. Just about every software is delivered in source code format, and then compiled by the package maintainer, which also tweak the code to work fine with the distribution.
2. To be a package maintainer you need to get thru quite a few steps, and the last part require meeting in person. You can read more about the process at http://www.ubuntu.com/community/processes/newdev
So, I see quite a few reasons for why it's much safer than plain old download.
From the blog:
But the real start will be the first week of February. Only then real decisions will be made on game concept, game design and other targets, although we do know it'll be derived from Project Peach, furry & crazy characters in a forest. So it seems like the final type of game haven't been decided yet.
Maybe we should have a system that keeps all installed software updated, and notifies you when there is a new update avaliable. We could create packages for the programs, and let some program.. lets call it a package manager.. control installation, uninstallation, and updating. In fact you could make huge repositories on the internet with tons of packages, that the package manager could then download from and install with just a few clicks from the user.
Some kind of system like that would rock, but would just be too complicated, I'm afraid.
On a serious note, is there a system like that for win? I have seen some halfhearthed attempts, but nothing really useful.
Thats almost exactly the same setup I have at home, and I'm freakisly happy with it:)
The only difference is that the raid is 2.7 TB and that it is mounted at/home for ease of use.
It's cheap, flexible, and fast. Raw DD read from raid to/dev/null shows just a hair over 100 MB/s read. Network read is a bit worse, but still pretty fast (20-40 mb/s, might be the cable).
"At the moment we know of no way to abuse this bug without already having obtained Administrative access."
I will almost bet money that there is a smart bugger out there which find a way to abuse this. That we don't know of a fearsible attack right now is no excuse not to fix the bug IMHO.
Laziness means doing a job good enough that you dont have to fix it later, and so its easy to modify later in case you do have to fix it, or add something.
Laziness is why we still have exploitable buffer-overflow bugs in newly-written code.
Cut / paste:
SYMPTOMS When you try to copy files from a Windows Vista-based computer to another computer by using Windows Explorer, you may receive the following error message: Out of memory There is not enough memory to complete this operation. This problem occurs if the following conditions are true:
The files include extended attributes.
You copy lots of files in a single operation.
CAUSE This problem occurs because of a memory leak in the Windows OLE component. This memory leak is triggered by the way that Windows Explorer deals with the extended attributes of the files. So Microsoft have gone so completey loopey as to start FUD'ing their own operating systems?
That's what I did:) I also set the bios to boot from hdd and require password to change that. And the bios password on a modern laptop can be a real bitch to reset, so I guess most people will try it first, boot it up, and go on to one of the non-admin accounts (which are not password protected). And *ping* I have their IP address.
As for resetting the bios password, here's a hint : many of them have to be sent to the manufacturer of the laptop to get it reset, removing battery (even if you can get to it) aint enough, and there is no jumper for it.
I imagine most thieves will try the pc with the software installed, since replacing that means doing some real work.
And here I was looking on the new iPod's just a few hours ago wondering if I had the money to buy one. I was quite tempted, and since older iPod's work fine on linux, the ipod looked like a sweet upgrade to my current player (creative zen nano plus).
As I use linux quite a lot, often abandoning windows for several months (until a new game I just have to try pops out), this basically made my desicion for me. Seems like I am forced away from the ipod if I want to continue having my freedom to use the system I prefer.
Oh well, one less customer for Apple, then, I guess. I'm sure one of the other music player companies will be happy to take my cash away.
Our company hit a bug with thompson routers and IE7 when it comes to http authentication. Apparently there was some small change in the digest info sent from the browser, and the router can't understand it. If you telnet in and remove digest auth, or remove the default user's password, it works fine, tho.
Since all other webservers in the world seem to have no problems, and thompson have given out a new firmware to fix it, that puts the fault on thompson in my eyes.
Note that all three have their use cases. First is programs from repositories (default shipped with ubuntu contains a lot of programs, but you can add your own), and all software installed from this will be automatically updated. The second is for single programs packaged for ubuntu, which contains a compressed file with all the software (similar to windows, except the package manager keeps VERY good control over the files the program adds, and is much more painless to remove). And the last one, if you target multiple distros with one installer.
There's also the traditional source code packages, and some more.. special systems, like this.
All in all, there is no reason why an ubuntu user should not find it just as easy or even easier to install/manage programs than a windows user. And we all know the standard windows installer. Trust us, we know what we're doing! Really!
I tried taking a closer look at this bot thing, but couldn't find out how it worked.
I set up a test system with a vmware'd winxp, running process monitor on the xp and wireshark on the host, wireshark only showing packets to and from the vmware xp's ip address.
So I snapshot'ed it, ran the exe from the links, and.. nothing happened. It did some write to a few files,
which looks scary enough. But apart from that, nothing seem to have happened. Nothing in wireshark, and nothing on the machine. I rebooted the vmware xp and let it stand for a few hours. Still nothing at all. Only traffic in wireshark was smb announces, and nothing happened at the vmware. So, if this is a bot and/or a spam sender. How does it communicate? How does it send spam? How does it work?
I can only imagine countries where they pay half our price for 30mbps or more are laughing at this debacle. Here in norway it's 20000 kbps in for around 80 usd per month, no limitations on bandwidth.
If I recall correctly, that is done by custom repositories in linux. You can have one internal repository that all machines connect to, a few test machines to test all the updates, and then move it to the internal repo if it pass the testing.
Installing of new apps (in contrast to updating existing ones) could be done in a variety of ways, for example by ssh (and there is several ways to send one command to many computers), or by using a metapackage that depends on new packages as needed (something like company-tech metapackage and/or company-designer metapackage for example). Generally, very flexible.
SUS have a small advantage, I think, I havent actually used it myself, only know from what ive heard from others and seen, but the linux way is not far off (providing you standardize on one distro, of course).
I have had a pretty good success ratio on the www.snapfiles.com (was called webattack earlier) freeware section.
The ratings seem to be pretty accurate of the quality of the software, and combined with good description, screenshots and direct download links, its the first place i search for random windows software.
Slashdot Mirror
He meant hack as in "quick and simple fix", not "omg haxxor gold nubs"
First point, about replacing. Same as with windowsupdate, they got crypto checking things.
Second point, about placing malware:
1. Just about every software is delivered in source code format, and then compiled by the package maintainer, which also tweak the code to work fine with the distribution.
2. To be a package maintainer you need to get thru quite a few steps, and the last part require meeting in person. You can read more about the process at http://www.ubuntu.com/community/processes/newdev
So, I see quite a few reasons for why it's much safer than plain old download.
Maybe we should have a system that keeps all installed software updated, and notifies you when there is a new update avaliable. We could create packages for the programs, and let some program .. lets call it a package manager .. control installation, uninstallation, and updating. In fact you could make huge repositories on the internet with tons of packages, that the package manager could then download from and install with just a few clicks from the user.
Some kind of system like that would rock, but would just be too complicated, I'm afraid.
On a serious note, is there a system like that for win? I have seen some halfhearthed attempts, but nothing really useful.
Thats almost exactly the same setup I have at home, and I'm freakisly happy with it :)
/home for ease of use.
/dev/null shows just a hair over 100 MB/s read.
The only difference is that the raid is 2.7 TB and that it is mounted at
It's cheap, flexible, and fast. Raw DD read from raid to
Network read is a bit worse, but still pretty fast (20-40 mb/s, might be the cable).
This is how I read it :
"At the moment we know of no way to abuse this bug without already having obtained Administrative access."
I will almost bet money that there is a smart bugger out there which find a way to abuse this.
That we don't know of a fearsible attack right now is no excuse not to fix the bug IMHO.
Tabula Rasa review ;)
I've personally tried the beta, and I didn't like it. It felt.. as if it combines the bad parts of mmog like wow with the bad parts of fps shooters.
Basically, the feeling I get : by trying to grab both, it fails at both.
It went the other way for me.
;)
When I started, I liked more tinkering than gaming, now its the other way. Probably gotten lazy with age
You misunderestimate laziness ;)
Laziness means doing a job good enough that you dont have to fix it later, and so its easy to modify later in case you do have to fix it, or add something.
Laziness is why we still have exploitable buffer-overflow bugs in newly-written code.
No, that's ignorant / sloppy programmers.
Because it's so bad, we have to pay people to work on it ;)
When will creationists realize that you can't prove divine intervention any more than you can prove flying purple unicorns?
;)
You were saying?
(image found here)
Cut / paste: SYMPTOMS
When you try to copy files from a Windows Vista-based computer to another computer by using Windows Explorer, you may receive the following error message:
Out of memory
There is not enough memory to complete this operation.
This problem occurs if the following conditions are true:
The files include extended attributes.
You copy lots of files in a single operation.
CAUSE
This problem occurs because of a memory leak in the Windows OLE component. This memory leak is triggered by the way that Windows Explorer deals with the extended attributes of the files. So Microsoft have gone so completey loopey as to start FUD'ing their own operating systems?
I think it is this you're having in mind: http://www.newscientist.com/article.ns?id=dn2732
I found a bit more info at http://dir.salon.com/story/tech/feature/2004/08/12/evolvable_hardware/index.html?pn=2 - including some info about antenna design using this technique.
But.. Wouldn't seeing it with one eye be considered pirate-viewing?
It's been a while since last time I used it, but I think Winpooch can be set to work on a whitelist principle.
Microsoft has not authorized this. Continue? No / Cancel
That's what I did :) I also set the bios to boot from hdd and require password to change that. And the bios password on a modern laptop can be a real bitch to reset, so I guess most people will try it first, boot it up, and go on to one of the non-admin accounts (which are not password protected). And *ping* I have their IP address.
As for resetting the bios password, here's a hint : many of them have to be sent to the manufacturer of the laptop to get it reset, removing battery (even if you can get to it) aint enough, and there is no jumper for it.
I imagine most thieves will try the pc with the software installed, since replacing that means doing some real work.
And here I was looking on the new iPod's just a few hours ago wondering if I had the money to buy one. I was quite tempted, and since older iPod's work fine on linux, the ipod looked like a sweet upgrade to my current player (creative zen nano plus).
As I use linux quite a lot, often abandoning windows for several months (until a new game I just have to try pops out), this basically made my desicion for me. Seems like I am forced away from the ipod if I want to continue having my freedom to use the system I prefer.
Oh well, one less customer for Apple, then, I guess. I'm sure one of the other music player companies will be happy to take my cash away.
Was it with Thompson routers maybe?
Our company hit a bug with thompson routers and IE7 when it comes to http authentication. Apparently there was some small change in the digest info sent from the browser, and the router can't understand it. If you telnet in and remove digest auth, or remove the default user's password, it works fine, tho.
Since all other webservers in the world seem to have no problems, and thompson have given out a new firmware to fix it, that puts the fault on thompson in my eyes.
You mean something like .. i dunno .. like this?
.. special systems, like this.
Oooor... like this?
Or maybe like this?
Note that all three have their use cases.
First is programs from repositories (default shipped with ubuntu contains a lot of programs, but you can add your own), and all software installed from this will be automatically updated.
The second is for single programs packaged for ubuntu, which contains a compressed file with all the software (similar to windows, except the package manager keeps VERY good control over the files the program adds, and is much more painless to remove).
And the last one, if you target multiple distros with one installer.
There's also the traditional source code packages, and some more
All in all, there is no reason why an ubuntu user should not find it just as easy or even easier to install/manage programs than a windows user.
And we all know the standard windows installer. Trust us, we know what we're doing! Really!
I tried taking a closer look at this bot thing, but couldn't find out how it worked.
.. nothing happened. It did some write to a few files,
I set up a test system with a vmware'd winxp, running process monitor on the xp and wireshark on the host, wireshark only showing packets to and from the vmware xp's ip address.
So I snapshot'ed it, ran the exe from the links, and
C:\WINDOWS\spooldr.exe
C:\WINDOWS\system32\spooldr.sys
C:\WINDOWS\system32\drivers\tcpip.sys
which looks scary enough. But apart from that, nothing seem to have happened. Nothing in wireshark, and nothing on the machine.
I rebooted the vmware xp and let it stand for a few hours. Still nothing at all. Only traffic in wireshark was smb announces, and nothing happened at the vmware. So, if this is a bot and/or a spam sender. How does it communicate? How does it send spam? How does it work?
No problem, we have the source, we'll just write one on the spot!
And yes, we are laughing
If I recall correctly, that is done by custom repositories in linux.
You can have one internal repository that all machines connect to, a few test machines to test all the updates, and then move it to the internal repo if it pass the testing.
Installing of new apps (in contrast to updating existing ones) could be done in a variety of ways, for example by ssh (and there is several ways to send one command to many computers), or by using a metapackage that depends on new packages as needed (something like company-tech metapackage and/or company-designer metapackage for example). Generally, very flexible.
SUS have a small advantage, I think, I havent actually used it myself, only know from what ive heard from others and seen, but the linux way is not far off (providing you standardize on one distro, of course).
I have had a pretty good success ratio on the www.snapfiles.com (was called webattack earlier) freeware section.
The ratings seem to be pretty accurate of the quality of the software, and combined with good description, screenshots and direct download links, its the first place i search for random windows software.