Well, I personally had just assume that the MySQL client libraries were LGPL or BSD.
The MySQL Client Libraries 3.x are LGPL. The MySQL Client Libraries 4.x are GPL. In order to talk to a 4.x server, you need 4.x client libraries. 4.x client libraries are downward compatible and can talk to 3.x servers.
The aim here is not to make the webmaster think that they are linked by that site, but to boost page rank.
Referer stats are often part of stats pages that are made available under the original URL of your site. For example, if your domain is http://example.com/, your stats may be made available to you from http://stats.example.com by your hoster. The hope is that your stats are available without password protection and are found by Google.
By showing up in your referer stats, the spammers are essentially creating a link from your stats domain to their site, boosting their general google page rank tremendously.
The standard way to get older RedHat boxen rooted is to put them on the internet with FTP services enabled. 45 seconds is actually quite long a time to last for such a machine.
In fact, the Lego Master Builder contest is over, and Lego did choose not one, but three new Master Builders. One of them is him, and he is currently moving from east coast to San Diego.
Absolutely nothing. However, just because you write something doesn't mean it's true. Can I sue slashdot for distributing this post?
No, you can't.
There are overruling guidelines in copyright law that allow slashdot to distribute your post if you posted it yourself - you posted it to slashdot, implicitly allowing slashdot to redistribute it, because that is the purpose of slashdot and it was the purpose of your post to have it redistributed.
Also, since you posted it to slashdot yourself, it can assumed that you know the ways of slashdot and implicitly gave consent to quote your posting in the context of a discussion and for the purpose of discussion.
Now, if your post was taken, and for example made part of a printed book, that would be a different thing and would be treated differently by copyright law.
Please see also my older posting to slashdot as referenced in my signature.
P2P started as a centrally managed network, Napster.
Companies attacked the central network management, P2P mutated into something that works decentrally, Gnutella.
Companies tried to poison P2P networks with damaged or crippled content. P2P mutated into something that managed checksums on files, and parts of files, inventing swarm loading on the way. Enter eDonkey and Bittorrent.
Companies are trying to identify uploaders by IP, and are trying to force the ISP to keep tabs on the content that customers are downloading or uploading. P2P will mutate into encrypting and MIXing anonymizing service, completly masking uploaders and downloaders, and completely distributing file storage (files will be stored in encrypted chunks of equal size on many servers, so that it will not be possible to tell which content is stored on which server even if you seize the servers hdd).
In such a scenario, in order to control P2P distribution of files, you'd have to completely prohibit peer to peer (mediatorless) communications. "Two nodes in the network may not communicate with each other at any time unless a trusted transaction supervisor listens in into the unencrypted communication between these two nodes checking them for the absence of copyright violations and inappropriate content violations."
Incidentally, this is exactly the type of application that is enabled with NGSCB (That is, NGSCB is necessary in order to write such an application. I don't claim that NGSCB is such an application).
The current H.323 flaw is based on bugs on the ASN.1 parser used in these products. The big bugs in almost all SNMP implementations a year ago or so also was based in ASN.1 parsing failures. Many openssl bugs are based in ASN.1 parsing failures.
The linux kernel 2.6 just got ASN.1 parsing INSIDE THE KERNEL in order to implement AUTH_KERB as part of the NFS/Kerberos client. Expect ASN.1 parsing based bugs inside the Linux kernel real soon now.
Re:when we're finished patting ourselves on the ba
on
2003: Year of Apache
·
· Score: 2, Informative
What is our argument to that? (we don't have one. We just ignore it and continue patting ourselves on the back.)
Actually, we have: If you do not count the number of websites, but the number of pages served, Apache comes out even more in front of IIS as by simply counting the number of servers. For example, where I work we are serving more than a billion web pages - per month. We are using Apache on Suse Linux.
Re:Always "a couple years away"
on
Linux in 2004?
·
· Score: 4, Interesting
It seems like Linux on the desktop for the masses is always a couple years away.
Depends on who you are looking at. For me and about 2/3 of my colleagues, Linux on the desktop has already happened several years ago. I, being a consultant, am running Suse Linux on my laptop, on my business desktop, and on all machines at home.
I own a copy of VMware, but reviewing my usage of it, I only use it with Win98 to program my PBX at home, and most of the time with Linux to simulate certain customer configurations and experiment with RAID and cluster setups. All office work, including text processing, presentation and calculation is being done on Linux natively, as is web browsing, other internet work, and of couse all security work.
Excuse me, but this is real bullshit. You don't pay the programmers, you only pay for somebody who takes open source projects and makes a nice compilation of programs. Plus you get the media, some handbook and installation support.
Suse happens to pay programmers that work on the Kernel, particularly the ISDN interface, the RAID drivers and many other areas. Suse also sponsors reiserfs, several KDE subprojects and a lot of other projects. That's you money at work.
By forcing Microsoft into the confines of a publicly mandated file format, the government stifles innovation and makes it impossible or more expensive for Microsoft to improve their software in a way that guarantees a richer and more satisfactory customer experience.
As many have noted, Sun have never formed a coherent strategy about linux. Their statements re. linux seem to be a mix of hostility, skepticism and euphoria.
Clear signs of multiple personality disorder at Sun's side. While they fear Linux instead of embracing it, they are with the Mozilla and OpenOffice.org projects, which are vitally important for the Open Source movement (and for Sun).
This position makes no sense, and it does not help Sun's case at all. Sun must learn to live with Linux and embrace it as an advantage instead of fearing it. It must learn to combine the power of Linux, of Mozilla and OpenOffice.org to have an offer that can compete in the Microsoft market as well as in the Open Source market.
1. A personal firewall in order to disable your Windows RPC ports. This is necessary or MS Blaster will kill you before you can say "Windows Update". 2. H+B Antivir, free edition (http://www.freeav.de), in order to learn if you are infected with any of the current pests. 3. XP Antispy, in order to disable all the phoning home functions of Windows XP. 4. Then you need to go online and use Windows Update until it stops. That will be between 100 and 150 MB of updates, thank you, Sir! 5. Then you need the MS Powertoys, and about 15 minutes of playing in order to set up Windows XP in a state where it can be actually used. 6. Then you need an alternate browser and mail reader such as mozilla. You can start to think about droping MSIE and Outlook Express, in order to prevent further virus infections. 7. Then you need OpenOffice, current version plus any addons you find worthwhile.
That will cover the bare essentials. You now still have 3 of 10 downloads for fun things.
milter-sender is a sendmail milter plugin that does similar things differently.
When you are receiving a SMTP mail, the sender claims to be somebody using a MAIL FROM statement within the SMTP dialogue. milter-sender will take the senders domain, look up the primary MX of that domain, connect to the senders mail server, and tries to deliver an error message to the sender ("MAIL FROM: ", "RCPT TO: ").
If the senders mailer says it cannot receive error messages ("550 user unknown" after the RCPT TO"), milter-sender will not accept the incoming mail for you.
milter-sender also detects dictionary scanning for mail addresses on your machine and disconnects dictionary spammers after a number of attempts.
http://www.amazon.com/exec/obidos/tg/detail/-/0812 536355/qid=1065428724 "A Deepness in the Sky"
In this prequel to "A Fire Upon the Deep", Vernor Vinge tells us the story of Pham Nuwen and what he did before his journey into the galactic core.
A big part of this story deals with the concept of nanosensor dust that is sprayed into the atmosphere of a space station to create an airborne sensor web for total control of all proceedings in that station. At least that is what the podmaster dictatorship believes. But Pham, who gave the secret of the sensor dust to the podmasters, has other plans.
If you want to read something about the possible or imagined consequences of a sensor web as part of the setting of a truly outstanding science fiction story, this book is for you.
Sun is a company that is developing excellent technology in what is considered now the high end of the technology. The problem Sun has is that they are doing it in a market where the low end is being commoditized. That is, there are no longer any volume sales that are able to support the large R&D that is necessary to continue to hold the technology lead.
Unlike IBM, Sun has chosen not to integrate their Unix knowledge with the commons that is the Linux source tree. That is, while IBM now develops their value added services on top of a Linux base which they get more or less for free (they chose how much money to donate to further the Linux effort), Sun must maintain their own baseline offer against something that comes at zero price on commodity hardware, and only THEN can add their own high end services on top of this.
Sun has only recently realized this. Up to and including Solaris 8 they have shipped kernels that have outrageous SMP capabilities, but also shipped an AWK that is unable to deal with more than 100 fields per line and a vi that cannot handle terminals wider than 132 characters.
And that is just the tip of the iceberg: The System V userland they licensed and inherited, is rotten from the inside, and Sun had not the developers to bring it up to the same level of excellence that their kernels show. You had to install several 100 MB of GNU stuff in/opt only to make Solaris useable.
Solaris 9 is the first release of Solaris where Sun started shipping current Unix utilities (and they chose the GNU ones, due to overwhelming popular demand). But that, too, is a half-hearted offer. They'd gain more if they ported their stuff over to Linux land and built their value-added services on top of the common and free pool of code that is shared by everybode except Sun and Microsoft (and, recently, SCO:-).
Not doing this essentially means that they are trying to outcode the entire rest of the world with their own developers. Which, brilliant or not, they cannot do.
The problem they are facing it how to pull an IBM so late in the development. That is, how do they sell their existing base that this is a soft migration when they no longer have the time to make it a soft migration, and how do they sell the existing Linux players that they are now a well-behaved member of the community when they have derided the Linux effort for so long.
But that's a marketing problem to be solved after the technology decisions have been made. Sun is not even at that point, yet.
There are badly designed services out there. Loads of them.
These are services that are using an end-to-end protocol approach without provisions for a concentrator and filtering server within your company, requiring connections from desktop to desktop across corporate firewalls. There are services that hide their payload in normal http or https requests, requiring you to parse HTTP and XML in order to select which requests you pass on and which you don't. There are services that require backward connects on variable port numbers.
Don't let your security model be eroded by these. Tempting as it may be to have them, these services simply have no place within the enterprise. Their design is simply not fit for such an environment, despite all the advantages that service may be offering - the risk your corporation is taking by deploying it is simply to high. Talk to the vendor, tell them you'd really like their service and you'd like to deploy it, but they aren't offering a security model that is up to it. Stare your requirements and see if they have ideas to match them. If they don't, they do not understand enterprise. Avoid them.
On another note, application level firewalls are funny things. They parse and understand the application protocol. That makes them pretty sophisticated as firewalls go. It also makes them vulnerable to many of the same types of attacks can hit the applications that they are protecting.
Think about it: An application level firewall parsing POP, IMAP or HTTP not only can block or allow the protocol as a whole, but deny or allow individual commands, or users, or directories or whatever. That's nifty. In order for the FW to do this, it must parse folder names, user names, or commands. It must manage buffers for that. It must decode character sets. It must deal with strings with illegal characters in them. It must do all the same stuff that your applications often fails to do properly.
Use what application level firewalls offer to you, if you need it. If you don't, don't use them. They are to complex internally to be really secure.
Slashdot Mirror
Well, I personally had just assume that the MySQL client libraries were LGPL or BSD.
The MySQL Client Libraries 3.x are LGPL. The MySQL Client Libraries 4.x are GPL. In order to talk to a 4.x server, you need 4.x client libraries. 4.x client libraries are downward compatible and can talk to 3.x servers.
A newspaper in Toronto, Canada is reporting about difficulties a Linux transition in Munich, Germany has. They are not even on the same continent.
I wonder what sources closer to the real thing have to say.
Yeah, right. Write self-modifying code and try to run that in a Palladium/NGSCB'ed environment where your code is checksummed as it runs.
The aim here is not to make the webmaster think that they are linked by that site, but to boost page rank.
Referer stats are often part of stats pages that are made available under the original URL of your site. For example, if your domain is http://example.com/, your stats may be made available to you from http://stats.example.com by your hoster. The hope is that your stats are available without password protection and are found by Google.
By showing up in your referer stats, the spammers are essentially creating a link from your stats domain to their site, boosting their general google page rank tremendously.
The standard way to get older RedHat boxen rooted is to put them on the internet with FTP services enabled. 45 seconds is actually quite long a time to last for such a machine.
In fact, the Lego Master Builder contest is over, and Lego did choose not one, but three new Master Builders. One of them is him, and he is currently moving from east coast to San Diego.
Well, gee, that's probably why this professor is making students submit the works to Turnitin.com themselves.
Yep. I think it simplifies the legal situation considerably. It is still wrong, though.
Absolutely nothing. However, just because you write something doesn't mean it's true. Can I sue slashdot for distributing this post?
No, you can't.
There are overruling guidelines in copyright law that allow slashdot to distribute your post if you posted it yourself - you posted it to slashdot, implicitly allowing slashdot to redistribute it, because that is the purpose of slashdot and it was the purpose of your post to have it redistributed.
Also, since you posted it to slashdot yourself, it can assumed that you know the ways of slashdot and implicitly gave consent to quote your posting in the context of a discussion and for the purpose of discussion.
Now, if your post was taken, and for example made part of a printed book, that would be a different thing and would be treated differently by copyright law.
Please see also my older posting to slashdot as referenced in my signature.
Well, a censor at the end based on NGSCB would not break the "dump in the middle, smart on the fringe" paradigm at all.
It would break so many other things, though.
P2P started as a centrally managed network, Napster.
Companies attacked the central network management, P2P mutated into something that works decentrally, Gnutella.
Companies tried to poison P2P networks with damaged or crippled content. P2P mutated into something that managed checksums on files, and parts of files, inventing swarm loading on the way. Enter eDonkey and Bittorrent.
Companies are trying to identify uploaders by IP, and are trying to force the ISP to keep tabs on the content that customers are downloading or uploading. P2P will mutate into encrypting and MIXing anonymizing service, completly masking uploaders and downloaders, and completely distributing file storage (files will be stored in encrypted chunks of equal size on many servers, so that it will not be possible to tell which content is stored on which server even if you seize the servers hdd).
In such a scenario, in order to control P2P distribution of files, you'd have to completely prohibit peer to peer (mediatorless) communications. "Two nodes in the network may not communicate with each other at any time unless a trusted transaction supervisor listens in into the unencrypted communication between these two nodes checking them for the absence of copyright violations and inappropriate content violations."
Incidentally, this is exactly the type of application that is enabled with NGSCB (That is, NGSCB is necessary in order to write such an application. I don't claim that NGSCB is such an application).
Kristian
The current H.323 flaw is based on bugs on the ASN.1 parser used in these products. The big bugs in almost all SNMP implementations a year ago or so also was based in ASN.1 parsing failures. Many openssl bugs are based in ASN.1 parsing failures.
The linux kernel 2.6 just got ASN.1 parsing INSIDE THE KERNEL in order to implement AUTH_KERB as part of the NFS/Kerberos client. Expect ASN.1 parsing based bugs inside the Linux kernel real soon now.
What is our argument to that? (we don't have one. We just ignore it and continue patting ourselves on the back.)
Actually, we have: If you do not count the number of websites, but the number of pages served, Apache comes out even more in front of IIS as by simply counting the number of servers. For example, where I work we are serving more than a billion web pages - per month. We are using Apache on Suse Linux.
It seems like Linux on the desktop for the masses is always a couple years away.
Depends on who you are looking at. For me and about 2/3 of my colleagues, Linux on the desktop has already happened several years ago. I, being a consultant, am running Suse Linux on my laptop, on my business desktop, and on all machines at home.
I own a copy of VMware, but reviewing my usage of it, I only use it with Win98 to program my PBX at home, and most of the time with Linux to simulate certain customer configurations and experiment with RAID and cluster setups. All office work, including text processing, presentation and calculation is being done on Linux natively, as is web browsing, other internet work, and of couse all security work.
Kristian
How is lawful access to protected email regulated in Office System 2003? Does Microsoft present any information on this?
Kristian
Excuse me, but this is real bullshit. You don't pay the programmers, you only pay for somebody who takes open source projects and makes a nice compilation of programs. Plus you get the media, some handbook and installation support.
Suse happens to pay programmers that work on the Kernel, particularly the ISDN interface, the RAID drivers and many other areas. Suse also sponsors reiserfs, several KDE subprojects and a lot of other projects. That's you money at work.
Kristian
Of course they can.
By forcing Microsoft into the confines of a publicly mandated file format, the government stifles innovation and makes it impossible or more expensive for Microsoft to improve their software in a way that guarantees a richer and more satisfactory customer experience.
See, I did not even grin when saying that.
Kristian
As many have noted, Sun have never formed a coherent strategy about linux. Their statements re. linux seem to be a mix of hostility, skepticism and euphoria.
Clear signs of multiple personality disorder at Sun's side. While they fear Linux instead of embracing it, they are with the Mozilla and OpenOffice.org projects, which are vitally important for the Open Source movement (and for Sun).
This position makes no sense, and it does not help Sun's case at all. Sun must learn to live with Linux and embrace it as an advantage instead of fearing it. It must learn to combine the power of Linux, of Mozilla and OpenOffice.org to have an offer that can compete in the Microsoft market as well as in the Open Source market.
Kristian
You need in this order
1. A personal firewall in order to disable your Windows RPC ports. This is necessary or MS Blaster will kill you before you can say "Windows Update".
2. H+B Antivir, free edition (http://www.freeav.de), in order to learn if you are infected with any of the current pests.
3. XP Antispy, in order to disable all the phoning home functions of Windows XP.
4. Then you need to go online and use Windows Update until it stops. That will be between 100 and 150 MB of updates, thank you, Sir!
5. Then you need the MS Powertoys, and about 15 minutes of playing in order to set up Windows XP in a state where it can be actually used.
6. Then you need an alternate browser and mail reader such as mozilla. You can start to think about droping MSIE and Outlook Express, in order to prevent further virus infections.
7. Then you need OpenOffice, current version plus any addons you find worthwhile.
That will cover the bare essentials. You now still have 3 of 10 downloads for fun things.
Kristian
milter-sender is a sendmail milter plugin that does similar things differently.
When you are receiving a SMTP mail, the sender claims to be somebody using a MAIL FROM statement within the SMTP dialogue. milter-sender will take the senders domain, look up the primary MX of that domain, connect to the senders mail server, and tries to deliver an error message to the sender ("MAIL FROM: ", "RCPT TO: ").
If the senders mailer says it cannot receive error messages ("550 user unknown" after the RCPT TO"), milter-sender will not accept the incoming mail for you.
milter-sender also detects dictionary scanning for mail addresses on your machine and disconnects dictionary spammers after a number of attempts.
Kristian
Wrote this: NetUSE workflow Manager.
Kristian
http://www.amazon.com/exec/obidos/tg/detail/-/0812 536355/qid=1065428724
"A Deepness in the Sky"
In this prequel to "A Fire Upon the Deep", Vernor Vinge tells us the story of Pham Nuwen and what he did before his journey into the galactic core.
A big part of this story deals with the concept of nanosensor dust that is sprayed into the atmosphere of a space station to create an airborne sensor web for total control of all proceedings in that station. At least that is what the podmaster dictatorship believes. But Pham, who gave the secret of the sensor dust to the podmasters, has other plans.
If you want to read something about the possible or imagined consequences of a sensor web as part of the setting of a truly outstanding science fiction story, this book is for you.
Kristian
Sun is a company that is developing excellent technology in what is considered now the high end of the technology. The problem Sun has is that they are doing it in a market where the low end is being commoditized. That is, there are no longer any volume sales that are able to support the large R&D that is necessary to continue to hold the technology lead.
/opt only to make Solaris useable.
:-).
Unlike IBM, Sun has chosen not to integrate their Unix knowledge with the commons that is the Linux source tree. That is, while IBM now develops their value added services on top of a Linux base which they get more or less for free (they chose how much money to donate to further the Linux effort), Sun must maintain their own baseline offer against something that comes at zero price on commodity hardware, and only THEN can add their own high end services on top of this.
Sun has only recently realized this. Up to and including Solaris 8 they have shipped kernels that have outrageous SMP capabilities, but also shipped an AWK that is unable to deal with more than 100 fields per line and a vi that cannot handle terminals wider than 132 characters.
And that is just the tip of the iceberg: The System V userland they licensed and inherited, is rotten from the inside, and Sun had not the developers to bring it up to the same level of excellence that their kernels show. You had to install several 100 MB of GNU stuff in
Solaris 9 is the first release of Solaris where Sun started shipping current Unix utilities (and they chose the GNU ones, due to overwhelming popular demand). But that, too, is a half-hearted offer. They'd gain more if they ported their stuff over to Linux land and built their value-added services on top of the common and free pool of code that is shared by everybode except Sun and Microsoft (and, recently, SCO
Not doing this essentially means that they are trying to outcode the entire rest of the world with their own developers. Which, brilliant or not, they cannot do.
The problem they are facing it how to pull an IBM so late in the development. That is, how do they sell their existing base that this is a soft migration when they no longer have the time to make it a soft migration, and how do they sell the existing Linux players that they are now a well-behaved member of the community when they have derided the Linux effort for so long.
But that's a marketing problem to be solved after the technology decisions have been made. Sun is not even at that point, yet.
Kristian
In fact he is the author of dietlibc, which he wrote precisely to successfully demonstrate that glibc is a bloated piece of shit.
Kristian
There are badly designed services out there. Loads of them.
These are services that are using an end-to-end protocol approach without provisions for a concentrator and filtering server within your company, requiring connections from desktop to desktop across corporate firewalls. There are services that hide their payload in normal http or https requests, requiring you to parse HTTP and XML in order to select which requests you pass on and which you don't. There are services that require backward connects on variable port numbers.
Don't let your security model be eroded by these. Tempting as it may be to have them, these services simply have no place within the enterprise. Their design is simply not fit for such an environment, despite all the advantages that service may be offering - the risk your corporation is taking by deploying it is simply to high. Talk to the vendor, tell them you'd really like their service and you'd like to deploy it, but they aren't offering a security model that is up to it. Stare your requirements and see if they have ideas to match them. If they don't, they do not understand enterprise. Avoid them.
On another note, application level firewalls are funny things. They parse and understand the application protocol. That makes them pretty sophisticated as firewalls go. It also makes them vulnerable to many of the same types of attacks can hit the applications that they are protecting.
Think about it: An application level firewall parsing POP, IMAP or HTTP not only can block or allow the protocol as a whole, but deny or allow individual commands, or users, or directories or whatever. That's nifty. In order for the FW to do this, it must parse folder names, user names, or commands. It must manage buffers for that. It must decode character sets. It must deal with strings with illegal characters in them. It must do all the same stuff that your applications often fails to do properly.
Use what application level firewalls offer to you, if you need it. If you don't, don't use them. They are to complex internally to be really secure.
Kristian
Go to http://lurhq.com/sobig-f.html, http://lurhq.com/sobig-e.html and http://lurhq.com/sobig.html.
Kristian