No, because ESR's point still stands. It's not the fact whether there was a backdoor or not, what is important is the fact that that dll had been around for 4 years and Microsoft didn't even know what the hell was going on inside it. (And they have the source code!) It demonstrates just how easy it is for backdoors to live in closed source software. ESR's point was that that can't happen with OSS.
> Yet again, Slashdot spews out anti-Microsoft FUD with as much fervor and skill as Microsoft spews out anti-Linux FUD.
I don't know who or what you are responding to, but I've read almost all of this discussion and I haven't seen anyone 'spewing' anti-MS FUD or claiming that these servers were 'cracked'.
The article also said that the::$DATA problem had been patched ages ago.
A ball-tearingly obvious way to dramatically reduce computer breakins and cracks would be for people to actually bother securing thier systems and applying security fixes. Wow!! what a radical idea!
At the end of 98 a group did a bulk scan of most of the internet for 18 common remotely exploitable security vulnerabilities. Here is a summary:
BEGIN TIME: 02:00, Dec 01, 1998 GMT
END TIME: 08:00, Dec 21 1998 GMT
Scanning nodes: 5 Jobs Per Minute: 250 Scan time: 20.24 days
Vulnerabilities tested: 18
Domain count: 7 three letter domains, 214 national domains (see suffix item 3) Host count: 36,431,374 Vulnerability count: 730,213 Vulnerable host count: 450,000
That's at least 450,000 vulnerable (read: r00table) hosts. Also remember that one vulnerable host if often enough to allow compromise of a whole network of machines. There is no reason for any machines to show up in this scan. Fixes are available.
I leave it as an exercise for the reader to work out what people should be doing before setting up a "global, round-the-clock anti-cybercrime network". I fear that it might take a few more CDuniverses to shock business into taking security seriously.
Details are here: The Internet Auditing Project - It's actually quite an interesting read. Also features details on how one of thier highly secure linux boxes was cracked with an amazing super-crack. This is a good example of how one cracked host and bring down other secure machines.
I don't want to be a partypooper but first doesn't necessarily mean best. Even for normal 2D window stuff X is sluggish compared to Windows or BeOS.
Does anyone know if there is a way to speed up X by removing the network support bottleneck and uses more direct calls straight through to the server? I think that X is one of the biggest obstacles to getting Linux to the desktop.
I can sort of see where this is going. I imagine the first walk on mars will go something like this:
Lander craft settles down onto a huge Coke logo, other billboards are featured in the background, most of the mars landscape is obscured. The first astronaut steps of the craft onto the surface, gets half way through something like "One small step for man..." etc before being cut off by some CGI babe running into the screen handing him/her a can of Coke(tm) say "After a 2 year flight, I bet you could use the refreshing taste of Coke(tm)."
One last thing:
CBS News' internal standards prohibit digital manipulation or other faking of news footage, but Genelius said this new technology was not yet covered by the guidelines.
...
"There is nothing specific in CBS News standards," she explained. "We're just beginning to use this."
errr... wouldn't the existing guidelines prohibit this, or do these people always need to have things made 'specific' and spelt out for them. I can't help but think that some people are just a bit thick.
This is probably going to sound like an ad, but...
Have a look at SecurEpayment for an idea of how credit cards should be handled. Through the use of an applet only the bank gets to see the customer's credit card number. The card number never goes to the merchant site.
I'm interested to know what people here think about this system. I've been developing PHP3 code that uses this system.
-- Simon
Re:corporations and individuals
on
The Timekeeper
·
· Score: 1
I just want to quick post some of my observations about businesses. I think the big problem with corporations is that they are made up of people who feel powerless. Do any of these attitudes sound familar:
* "That's the way things are, you can't change them." * "If I don't do it then someone else will anyway." * "If it's for money, then it's ok, that's capitalism." * "I'm just doing my job."
Another reason why I don't expect corporations to start acting in an ethical way any time soon is the Drone Mentality that most people apply to thier job. The Drone Mentality is basically the philosophy that when you are on the job your employer 'owns' you. Between 9 and 5 you do what your boss says while the 'you' is turned off and put on hold for that time. What happens then is that people distance themselves, become diviorced from, thier work and accept no responsibility for what they do. You can't expect people working in big businesses to act ethically when they don't even accept any responsibility for thier actions. ("it's company policy").
When you've got a civilisation based on greed what do you expect.
Although the judge doesn't say it exactly, the way the defendants "falsely claiming advances over previous discoveries" was probably done by ignoring or fudging the prior art section of thier patent application. At least that seems to be the most obvious way to me.
Anyone know how/why this patent was dragged into court? under what circumstances?
Hopefully in the future we will see more patents over turned in court.
-- Simon Melbourne, Australia Vote 1 Australia for most backward IT policies of 1999.
I'm in Australia too and have bought a few APCs for that reason. (The Redhat little red book looked cool, but quickly went out of date...pity). Some publisher is putting out CDROMs of mainly Windows shareware on a regular basis into newsagents. (They come in kind of a cardboard envelope in a primary colour with the list of file names on the front. Maybe you have seen them). Maybe they would be interested in doing a Linux/*BSD/Unix CDROM each week. I don't know their name or address though. Anyone in Australia got more info? (or at least know what I'm talking about)
A Freshmeat of the week disk would have to be pressed locally though. There would be no point in importing something like that from the states.
just a side comment, but the only reason I've bought a magazine lately is just for what ever is on the coverdisk. (Last time one had windows StarOffice 5.2a on it). It's been years since I've bought a mag for the articles...
<OFFTOPIC> What I would like to see everything that has appeared on Freshmeat in the last week stuck on a CDROM and sold at my local newsagent each week. I would buy that. </OFFTOPIC>
Can I now just delete my SSH installation(s) and replace them with OpenSSH/Psst/LSH? Will OpenSSH etc work transparently with commercial SSH? What impact does not having support for the patented algos have?
Also can someone compare SSH, OpenSSH, Psst and LSH. What state is each of them at WRT each other?
Is it just me or does ASP rarely give a useful error message when it barfs? It's often something like:
"Error 8000AFDZ" ???
WTF
I'm using ASP with JScript. Decent error messages are enough to win me over to PHP. (Not too mention the fact that PHP has docs which are not "a complete work of fiction", and the fact that you don't need to cough up money for 3rd party plugins to do the most simple stuff.)
Go PHP!
ok I'll stop ranting now. -- Simon Who is busting for PHP4.
I think your complaints are unfair. PHP lets you write bad code, just like every other language. But it also allows you to write good code too. I've got hundreds of lines of PHP at work that are still very maintainable. Although it took some planning and OO design to do it, but that would be the same story if I had used any other comparable language.
Good programmers produce good code. Bad programmers produce bad code. It's as simple as that.
Go to the projects section on www.php.net and look for "PHP Base Lib" and phpDB. Both solve the "database independent interface" problem. PHP Base Lib handles this fine. I'm using it at work.
>> The performance bottleneck is bandwidth, not >> performance. Usually, it's the speed of >> someone's modem, or the crowded internet >> backbones that slow down a web-page's >> performance. Using a faster language isn't >> going to help that, so typically web-folk go >> for the easiest solution.
> I've had people tell me this before. This > assumption can be an illusion. While it's true > that you are limited on a per connection basis > in many cases, it's also true that the number > of requests that can be processed at a given > instant in time is also a bottleneck at that > instant. So, if you expect to be > processing large volumes of hits in a finite > window, it's important to have an optimal > solution. This point seems to be frequently > ignored or forgotten. What does this mean? >>...... >> Well, assuming you have the bandwidth,
I see what you are trying to get at but the point is that you *rarely* have the bandwidth yourself. Once you have maxed out your connection that's it. You can't go any faster by saving CPU cycles. Servers still have much more CPU power than bandwidth. The original poster's arguement still holds true.
Another point I want to make is that things like DB speed can also have a big impact on DB centric CGIs. This reduces any gain from coding in a lower level language too.
Slashdot Mirror
When you connect with Napster you get one of about 40 odd servers. So you only see the other people on that server...
;-) no sense of netiquette.. sheesh..
(That's what I heard).
What I would like to know if Metallica got kicked for using a bot...
--
Simon
My money is on PHP4, it's currently up to a Release Candidate. The Gimp team is in bug fix mode mostly too.
Anyone know what the story is with Apache?
--
Simon
Can anyone comment on whether those rpm to fix Netscape will also work on RedHat/Mandrake?
:-(
I'm almost frigging jack of Netscape lately.
--
Simon
True, but ESR's main point w.r.t the Weenie issue is that it is very very hard for someone to sneek a backdoor into OSS.
--
Simon
No, because ESR's point still stands. It's not the fact whether there was a backdoor or not, what is important is the fact that that dll had been around for 4 years and Microsoft didn't even know what the hell was going on inside it. (And they have the source code!) It demonstrates just how easy it is for backdoors to live in closed source software. ESR's point was that that can't happen with OSS.
--
Simon.
I was about to post and say:
"What the hell takes 5 hours to compile!?!. My PII-450 (64Mb ram) does not take anywhere near that much time to compile the whole kernel."
THEN you mentioned NT and C++. All's explained now. sorry.
--
Simon
LinuxOne Inc
This Alzza linux appears to be RedHat 6.1 with Korean font support:
Alzza
Can anyone explain what these are?
--
Simon
Is that based on an earlier book called "Maximum Security" also published by SAMS and written by anon?
If so, then what are the differences? I've got a copy of "Maximum Security" and it's great.
--
Simon
I highly recommend:
"Maximum Security: A Hacker's Guide to Protecting your Internet Site and Network" by Anonymous, published by SAMS, ISBN 0-672-31341-3
It's a real crackers/hackers point of view book, with heaps of refs to web sources/sites/RFCs etc.
Very good.
--
Simon
> Yet again, Slashdot spews out anti-Microsoft FUD with as much fervor and skill as Microsoft spews out anti-Linux FUD.
::$DATA problem had been patched ages ago.
I don't know who or what you are responding to, but I've read almost all of this discussion and I haven't seen anyone 'spewing' anti-MS FUD or claiming that these servers were 'cracked'.
The article also said that the
--
Simon
Didn't I see SCO on that list? Now, unless I'm going nuts they produce SCO Unix which is under attack from Linux.
What are SCO up to? What's their little plan?
--
Simon
>> For example???
> FreeBSD, OpenBSD, NetBSD, and family. Dumbass.
Well derr... He was asking for examples of Linux instability. dickwit.
At the end of 98 a group did a bulk scan of most of the internet for 18 common remotely exploitable security vulnerabilities. Here is a summary:
That's at least 450,000 vulnerable (read: r00table) hosts. Also remember that one vulnerable host if often enough to allow compromise of a whole network of machines. There is no reason for any machines to show up in this scan. Fixes are available.I leave it as an exercise for the reader to work out what people should be doing before setting up a "global, round-the-clock anti-cybercrime network". I fear that it might take a few more CDuniverses to shock business into taking security seriously.
Details are here: The Internet Auditing Project - It's actually quite an interesting read. Also features details on how one of thier highly secure linux boxes was cracked with an amazing super-crack. This is a good example of how one cracked host and bring down other secure machines.
--
Simon
I don't want to be a partypooper but first doesn't necessarily mean best. Even for normal 2D window stuff X is sluggish compared to Windows or BeOS.
Does anyone know if there is a way to speed up X by removing the network support bottleneck and uses more direct calls straight through to the server? I think that X is one of the biggest obstacles to getting Linux to the desktop.
--
Simon
Lander craft settles down onto a huge Coke logo, other billboards are featured in the background, most of the mars landscape is obscured. The first astronaut steps of the craft onto the surface, gets half way through something like "One small step for man..." etc before being cut off by some CGI babe running into the screen handing him/her a can of Coke(tm) say "After a 2 year flight, I bet you could use the refreshing taste of Coke(tm)."
One last thing:
errr... wouldn't the existing guidelines prohibit this, or do these people always need to have things made 'specific' and spelt out for them. I can't help but think that some people are just a bit thick.--
Simon
Have a look at SecurEpayment for an idea of how credit cards should be handled. Through the use of an applet only the bank gets to see the customer's credit card number. The card number never goes to the merchant site.
I'm interested to know what people here think about this system. I've been developing PHP3 code that uses this system.
--
Simon
I just want to quick post some of my observations about businesses. I think the big problem with corporations is that they are made up of people who feel powerless. Do any of these attitudes sound familar:
* "That's the way things are, you can't change them."
* "If I don't do it then someone else will anyway."
* "If it's for money, then it's ok, that's capitalism."
* "I'm just doing my job."
Another reason why I don't expect corporations to start acting in an ethical way any time soon is the Drone Mentality that most people apply to thier job. The Drone Mentality is basically the philosophy that when you are on the job your employer 'owns' you. Between 9 and 5 you do what your boss says while the 'you' is turned off and put on hold for that time. What happens then is that people distance themselves, become diviorced from, thier work and accept no responsibility for what they do. You can't expect people working in big businesses to act ethically when they don't even accept any responsibility for thier actions. ("it's company policy").
When you've got a civilisation based on greed what do you expect.
--
Simon
Although the judge doesn't say it exactly, the way the defendants "falsely claiming advances over previous discoveries" was probably done by ignoring or fudging the prior art section of thier patent application. At least that seems to be the most obvious way to me.
Anyone know how/why this patent was dragged into court? under what circumstances?
Hopefully in the future we will see more patents over turned in court.
--
Simon
Melbourne, Australia
Vote 1 Australia for most backward IT policies of 1999.
I'm in Australia too and have bought a few APCs for that reason. (The Redhat little red book looked cool, but quickly went out of date...pity). Some publisher is putting out CDROMs of mainly Windows shareware on a regular basis into newsagents. (They come in kind of a cardboard envelope in a primary colour with the list of file names on the front. Maybe you have seen them). Maybe they would be interested in doing a Linux/*BSD/Unix CDROM each week. I don't know their name or address though. Anyone in Australia got more info? (or at least know what I'm talking about)
A Freshmeat of the week disk would have to be pressed locally though. There would be no point in importing something like that from the states.
--
Simon
just a side comment, but the only reason I've bought a magazine lately is just for what ever is on the coverdisk. (Last time one had windows StarOffice 5.2a on it). It's been years since I've bought a mag for the articles...
<OFFTOPIC>
What I would like to see everything that has appeared on Freshmeat in the last week stuck on a CDROM and sold at my local newsagent each week. I would buy that.
</OFFTOPIC>
--
Simon.
Can I now just delete my SSH installation(s) and replace them with OpenSSH/Psst/LSH? Will OpenSSH etc work transparently with commercial SSH? What impact does not having support for the patented algos have?
Also can someone compare SSH, OpenSSH, Psst and LSH. What state is each of them at WRT each other?
TIA,
--
Simon.
Is it just me or does ASP rarely give a useful error message when it barfs? It's often something like:
"Error 8000AFDZ"
???
WTF
I'm using ASP with JScript. Decent error messages are enough to win me over to PHP. (Not too mention the fact that PHP has docs which are not "a complete work of fiction", and the fact that you don't need to cough up money for 3rd party plugins to do the most simple stuff.)
Go PHP!
ok I'll stop ranting now.
--
Simon
Who is busting for PHP4.
I think your complaints are unfair. PHP lets you write bad code, just like every other language. But it also allows you to write good code too. I've got hundreds of lines of PHP at work that are still very maintainable. Although it took some planning and OO design to do it, but that would be the same story if I had used any other comparable language.
Good programmers produce good code. Bad programmers produce bad code. It's as simple as that.
--
Simon.
Go to the projects section on www.php.net and look for "PHP Base Lib" and phpDB. Both solve the "database independent interface" problem. PHP Base Lib handles this fine. I'm using it at work.
--
Simon
>> The performance bottleneck is bandwidth, not
......
>> performance. Usually, it's the speed of
>> someone's modem, or the crowded internet
>> backbones that slow down a web-page's
>> performance. Using a faster language isn't
>> going to help that, so typically web-folk go
>> for the easiest solution.
> I've had people tell me this before. This
> assumption can be an illusion. While it's true
> that you are limited on a per connection basis
> in many cases, it's also true that the number
> of requests that can be processed at a given
> instant in time is also a bottleneck at that
> instant. So, if you expect to be
> processing large volumes of hits in a finite
> window, it's important to have an optimal
> solution. This point seems to be frequently
> ignored or forgotten. What does this mean?
>>
>> Well, assuming you have the bandwidth,
I see what you are trying to get at but the point is that you *rarely* have the bandwidth yourself. Once you have maxed out your connection that's it. You can't go any faster by saving CPU cycles. Servers still have much more CPU power than bandwidth. The original poster's arguement still holds true.
Another point I want to make is that things like DB speed can also have a big impact on DB centric CGIs. This reduces any gain from coding in a lower level language too.
--
Simon.