Especially, since there's no denying the greatest allure for corporate IT for the Free OS's is price. Seems this type of propaganda just leads people further in that direction.
Listened to the broadcast, too and agree that the EFF rep's counterargument to the RIAA lawyer was ineffective. Although, it's a nice ideal that the SDMI goal isn't to force the device player manufacturers to require SDMI, that will happen on the RIAA's initiative. So, independent artists will be back at square one. If we can't get our demos through the talent scouts at our own personal expense, we're not going to be able to produce our own works on devices that will allow their playback.
Creating MIDI on a Commodore with Dr. T's Sequencer was creative and fun. Cakewalk 2.0 on Win3.1 wasn't so bad. Win95 came along and couldn't stop changing the MIDI interface into a joystick, and, it stopped being fun. MP3s on xmms under Linux is awesome! No confused device drivers. SDMI-enablement will undoubtedly halt our ability to play "industry-compliant" music on anything but a Windows box again. It will stop being fun..... unless of course some brave soul wants to reverse-engineer it after Phillips, Sony, and the rest of them have forced the standard onto all devices in order to play music.
I don't see any choice but to boycott. Unless you really like running Windows. In that case, why bother. They'll write your SDMI MP3 player for you. And, you're used to paying for stuff, anyway, right? Why not music, as well? And, the artists will continue to get 7%, at best.
Maybe my mind isn't working today, (again), but, I don't understand how this exploit could be used..... You're firewalled, right? You don't give shell access to your machine, anyway. You don't have anyone else developing content on your web-server. FTP is patched against format string vulnerabilities. You don't enable NLS. You don't run daemons as root, except for the firewalled ones....
Anyone know how this can be exploited from a foreign non-trusted host?
There's no excuse for ignoring your systems once they're up, and, some basic detection software should be mandated for future distros of any *n*x. Admins should read up on services that want to launch on start-up, as well, and, I'd also love to see a linux box come with a good set of firewall rules in the startup scripts by default.
I've had quite a few servers scanned over the past month for the rpc services, and the machines have acted appropriately. Including responding to the AC who "owns me" and who proceeded to scan 3 of my boxes. He/she may be correct and own my box. Truth is, I haven't heard from him/her since the scans. And, before anyone mentions it: I get CERT alerts; Security Focus is a daily stop.
Interestingly, on reviewing the Wired article, I ran across a suggested link there that discussed a recent FrontPage Extensions security problem I wasn't aware of. Still haven't researched whether it affects the UNIX FP extensions, yet, but, I doubt it. Has to do with including standard DOS reserved commands in the URL to shtml.
What struck me as relevant was the tactic Micro$oft took when alerted by Sozni of Xato Network Security, in asking for a delay in disclosing the flaw until a patch was available. While that position on dealing with the reporting vendor isn't so noteworthy, what is curious is that the patch was available a over a week ago, and, I had never heard of it. It was quietly bundled into a service pack for the Server extensions and not well publicized.
I follow this stuff closely, and, am sure I would have been aware of it, had it been better disclosed by Micro$oft once the patch was available.
In an open product, disclosure is inevitable. Seems people might be considering this model to make better business sense.
I actually find Office as a productivity tool to be more convenient than StarOffice in several ways, too. My point is that while more convenient, there is still nothing I need to do in Office, that I can't just as easily do in StarOffice. StarOffice 3.0 is the only (bar none) application that has exhausted all virtual memory on Linux for me, and, the kernel kindly killed all processes and rebooted.
So, in over 5 years, I've had one software incident that crashed my system.
In 10 years of using Micro$oft technologies on Mac and Win3.x/9x/NTX, I couldn't count them all. Which is why I'll prefer StarOffice over Office, and, would prefer it didn't get ported to *n*x.
I stick to my original assertion: Office is Irrelevant.
Having used Excel since version 2.3 on the Mac, and FoxPro since FoxBase (also on the Mac), I've never really had much use for anything in Office short of the Excel spreadsheet functions. Notepad is fine for typing things.
There really is no compelling reason to wait for IE, or Office for Linux. Star Office isn't the greatest, but, it gets the job done.
It would probably be a step backward to have Access run under Linux, since there are already many far superior ways to develop web applications natively. You have a browser, a web server and a database server. All free, and, all work stably. If someone tries to start using Access under Linux to replicate these tasks, we'll just be diverting talent away from where they're pushing Linux forward so quickly, now.
I say let this rumor about Micro$oft porting their apps to Linux die. It keeps coming up, and, once it reaches enough people and becomes a discussion, MickeySoft rears it's ugly PR gavel and stamps it down again. Always they ironically confirm they're porting to Solaris, and/or HP-UX. It's technically trivial to port an HP-UX application to Linux. I know, because I have. So why not Linux?
Clearly, I don't need to expound greatly on Mr. Moody's article. I wouldn't bother at all had it not crossed my field of view on the MySQL Users Group. By concluding, that based on one distribution of Linux and ignoring other more security-conscious versions of Linux, and by accentuating a number pertenant to one defect measurement of an OS, and concluding that characteristic to designate the OS as "...arguably the worst operating-system product in history...", can't be interpreted as anything more than a marketing statement. I'm actually encouraged by the article, since it alludes to the growing fear Micro$oft is beginning to demonstrate. They market. That's what they're good at. Moody's a spokesperson, of sorts. He's doing his job. His remarks hint at his qualifications to do this well. Many pointy hairs will buy it. Many profit-minded business people will weigh it along with all other marketing propaganda and qualified intel on how to choose their servers for making money over the next decade++.
That aside, I'll agree the vulnerabilities in Linux are more visible than in the past due to deployments, but, most of us who've been doing it for several years, have enjoyed some key features that have helped us make this Operating System and it's applications the treasure to administer that it is today and has been for quite some time:
Source Code;...that's 2 different links, people...
The list goes on. This is why I have 40 different servers out there in the wild supporting several thousand end-users in education, business, and, of course, entertainment.
I'm chalking this one up to a victory. I suggest all others do the same and keep at it. I still believe this is the greatest Operating System that ever existed. And, I do love my AIX and other UNIXes. But, there's really one word that makes the difference: free >:).
For the past 2+ decades I have written lots of songs. I've played with MIDI since 1984 to subvert the problems associated with incorporating flaky musicians' efforts in producing tracks. I've written around 200 songs. They may be terrible.
For the past ++decade, I've attempted soliciting the Music Industry through conventional means spending thousands on tapes, postage, and packaging to submit them to RIAA execs who threw them into the trash. They may have been terrible.
For the past 5 years I've published these same songs at Ded Serius Music because it doesn't cost me anything. I haven't made a dime. I don't care. They may be terrible.
I hope Napster can get through this ordeal. I do have some objections to the variances between their PR philosophy and their software policy. It seems a little inconsistent to demand exclusion to music copyrights while maintaining exclusivity on software copyrights. Napster doesn't run on Linux. I don't do windows. If you're bored enough to go to my site you'll learn why that is, too. It's not due to superior MIDI composition software under Linux. I wish such software existed. Napster for Linux doesn't and they've been quite clear on their direction for it.
But, the moral most significant for me in this whole debacle is elicited by the RIAA. Napster, vile though it may be, is a valid exchange for people to sample music they ultimately may purchase. Either way, more purchases will be made than if you merely deleted this distribution mechanism. And, this distribution mechanism can't be deleted, since there are other workable ways to do this without Napster. It will just be harder to leverage by the RIAA. But, the RIAA has rendered a stealthy effort to quelch this and tipped their hat on what disturbs them most: control of the distribution of artistic content; especially as it pertains to the revenue model.
Perhaps, this signals a turning point when the artist will be able to offer their creations freely to John/Jane Q. Public without the intervention of these discerning and qualified brokers of artistic content. Likely many original creations will flow more freely and possibly gain popularity in absence of content from the established bands/artists and control by the discerning ears and wallets of the delegees of RIAA. Likely much of this content will be really, really terrible. Most of it will be weeded out by the denizens of this new unpublished media.
But, the proceeds will go to the artists.... If their creations are not really, really terrible.
I think this is the best possible outcome: much of what we listen to has been endorsed by the RIAA through it's qualification process. Much of it is terrible. Much more that wasn't has been excluded due to this process.
My 2 cents. And, yes, you can laugh at some of it. I certainly did.
I agree with the following response to this. We should be unreligious and objective when engaging in M$/Linux discourse. My use of the all-too-familiar acronym for the Redmond Corporation may color me a hypocrite, but, the undertones of it's usage speak very accurately to it's use. Plus: less typing and everyone knows to whom I refer.
There is an out-of-the-box feature in Linux that has existed longer than I can recall in it's various forms. Currently, it's a simple matter of following these simple precautions:
in/etc/rc.d/rc.M {if running Slackware} add the following: if [ -x/etc/rc.d/rc.firewall ]; then ./etc/rc.d/rc.firewall fi
Have the following file named/etc/rc.d/rc.firewall that includes: /sbin/modprobe ip_masq_portfw /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_irc echo 1 >/proc/sys/net/ipv4/ip_forward /sbin/ipchains -F /sbin/ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY -l At this point you are secure... If you're not running a server, do nothing further
Do not run your system as root;
Do not install binary packages unless their source can be authenticated;
You can now read mail, edit documents, send mail, and surf the web securely. No programs that come in, even JavaScripts will be able to trash your system, or even erase files in your user directory. If you're even more paranoid, don't surf the web as your normal user account. Create one for this express purpose.
If you need to do Word and Excel documents, get StarOffice 5.2. If you think the 90MBytes memory hit is expensive, add 64 MBytes to the 64 MBytes you need already to run Win98 with Office97/2000. It's less expensive to buy 60 bucks worth of memory than it is to buy anti-virus software that slows down your machine and takes hours of maintenance every month, plus the additional money it costs to put in ZoneAlarm, or some other firewall. The vendor should lock down their stupid OS and all it's little macro crap, period. If you need dancing pigs; then use Windoze. Consider yourself the ultimate risk-taker.
The poster should have posted facts; not inflammatory remarks. Since I feel I'm headed in a similar direction, I'll post my 2 cents.
Readability: Please use better judgment on color. Red on black is useful to set the mood for a Quake download, but, I question it's use in a "journal;"
Availability: Several sever busy and page not found errors, and, I'm quite certain it's your use of server platform and not the wire. The connection refused dialog popped up quite responsively;
Accuracy: This story was submitted almost apologetically as an obligation to attend a Micro$oft trade show, but, clearly, you've committed to use IIS as your web-serving platform, or your site wouldn't be running on it. Please represent your submissions more accurately in the future.
This is outrageous. The FBI admits this is nothing more than a glorified sniffer. And, we all know a sniffer grabs plaintext passwords which many systems/services use. Looks like it's time to start watching my login records a little more closely.
The analogy used was "It's the electronic equivalent of listening to everybody's phone calls to see if it's the phone call you should be monitoring." Actually, I'd say it's more analogous to having a bug in every home that uses that network. Considering that e-mail communications originating from one private residence destined for another private residence would qualify for some privacy protection, I would offer that placement of the "Carnivore" on a public wire steps way over the bounds of legitimate surveillance jurisdiction.
I guess what shocks me the most is that they actually demonstrated this technology. They expect buy-in?
Having used MySQL for over 3 years to manage web statistics and personal databases, I can't speak highly enough about it. Haven't used PostgreSQL probably because MySQL did the job early and still does, so why bother. Given that PostgreSQL has more features that make front-end programming easier, I'd say it's just a matter of where you feal comfortable spending your coding time. If it's on the back-end, MSSQL will do just as well, plus you don't get the issues with running an open source OS for the database (although, MySQL runs just fine on Win32).
Where MySQL truly excels is in the level of technical ability in the user group. It's an accumulation of some of the most qualified technical insights you'll probably ever find. Take a look at the List Archives to search for virtually anything database related.
That's pretty incredible. The page states "...We reboot three-four times each day depending upon how many new domains we are registering..." Huh? For changes in DNS? Hmmmmmmmmmm. So, apparently ndc reload doesn't work. That's fairly telling.
Now, I've never done this, nor, would I ever do this, but, know that it's possible to determine the boot-time necessary for a name-server after just a couple reboots and, since this machine reboots pretty much as a service, it seems fairly trivial that the attacker could have determined at what moment in time the machine was beginning one of it's "scheduled reboots" and entered the machine prior to full launch of all services. We all know how this works. And, if anyone doesn't it's a matter of the sequence of services starting up and if network starts before firewall, then, there are windows of opportunity. Not too big on *n*x-es, but, on NT services can take a really long time to start.
The quote: "...we have taken the steps necessary to ensure that this kind of thing does not happen again..." is a precursor for exactly this same thing happening again. Poor guy's doomed.
What's tragic is the complete ignorance he elicits and that he received this much media-attention, to begin with. Clearly, he feels he knows what he's doing. He appears to realize he's been owned. Too bad he doesn't consider he might still be.
I've loaded it on a couple systems, but, there's little compelling reason to upgrade if you're at 7.0. Anything <= 4.0, though, go for it.
Couple gotchas that may save people some hair-pulling, is the scsi support. Not, just scsi, but, also ide-scsi appears to be broken in kernel 2.2.15-2.2.17. I tried it on a dual with 3 different Adaptec Ultra-Wide cards (aic7xxx.s) and, none would boot/install correctly. Ended up having to load Slackware 7.0 to get it installed.
Bottom line: On a generic ide-based system, it's probably a streamlined way to implement the security fixes of gpm, fdmount, et. al., but, then, if it's just a workstation, these aren't gonna open up any gaping holes, anyway.
That is of course, unless you have some port-forwarding enabled to your workstation through your firewall. But, then, again.... who would do that? >:)
Another useful app under Linux is IPTraf, which will let you log these communications, including bytes sent and received from the respective destinations/sources.
A great tool for further locking down your firewall.
While I agree the labeling of this article is slightly skewed, I don't think anyone's being paranoid by running these types of activities through the microscope. Better to send a message to software vendors to back off on surreptitious exchanges of information from the consumer than further the proliferation of legislation to do this for us.
Now, This Root Prompt article is the best read I've had since I can remember. Yes, it was mentioned above, but, re-iterating the link does no disservice to anyone who truly cares about security.
Seriusly? I'm very curious. I don't use Windows as a rule. Did your really get a warning? I'm familiar with the process. That would be wicked ominous......
You said it yourself: "they have done some very illegal things"
If you kill someone do you think your rights will be diminished?
I would hope they would.
We have in our hands the power on the PC to "innovate" ourselves. Yes, it might have been somewhat fostered by the products from Redmond.
But, we can create, and have had the power for a decade.
We can now do it with anything.
And, I'm not dancing in the street. I'm just glad I can offer other choices to people. The decision is marginal in influence, at best, now. But, doors will soon open for providers of more reliable stuff.
That's my only interest. MIDI devices that don't become gameport joystick controllers on the next controlset reload.
Seriusly. I could give a shit about any of this shit if M$ had kept MIDI functioning as well as in Win3.1.
I'm no zealot. I just wanna right music. And, I've never killed anyone.
Slashdot Mirror
Especially, since there's no denying the greatest allure for corporate IT for the Free OS's is price. Seems this type of propaganda just leads people further in that direction.
Linux rocks!!! www.dedserius.com
Someone mod that up...
Listened to the broadcast, too and agree that the EFF rep's counterargument to the RIAA lawyer was ineffective. Although, it's a nice ideal that the SDMI goal isn't to force the device player manufacturers to require SDMI, that will happen on the RIAA's initiative. So, independent artists will be back at square one. If we can't get our demos through the talent scouts at our own personal expense, we're not going to be able to produce our own works on devices that will allow their playback.
Creating MIDI on a Commodore with Dr. T's Sequencer was creative and fun. Cakewalk 2.0 on Win3.1 wasn't so bad. Win95 came along and couldn't stop changing the MIDI interface into a joystick, and, it stopped being fun. MP3s on xmms under Linux is awesome! No confused device drivers. SDMI-enablement will undoubtedly halt our ability to play "industry-compliant" music on anything but a Windows box again. It will stop being fun..... unless of course some brave soul wants to reverse-engineer it after Phillips, Sony, and the rest of them have forced the standard onto all devices in order to play music.
I don't see any choice but to boycott. Unless you really like running Windows. In that case, why bother. They'll write your SDMI MP3 player for you. And, you're used to paying for stuff, anyway, right? Why not music, as well? And, the artists will continue to get 7%, at best.
Linux rocks!!! www.dedserius.com
I got 7, and, then, I couldn't see the scrollbar anymore. At 1280 X 1024 on a 17".
Guess it really is under construction. >:)
Linux rocks!!! www.dedserius.com
Maybe my mind isn't working today, (again), but, I don't understand how this exploit could be used..... You're firewalled, right? You don't give shell access to your machine, anyway. You don't have anyone else developing content on your web-server. FTP is patched against format string vulnerabilities. You don't enable NLS. You don't run daemons as root, except for the firewalled ones....
Anyone know how this can be exploited from a foreign non-trusted host?
I'd love to see some examples.
Linux rocks!!! www.dedserius.com
About a week ago, I had received a couple interesting replies from ACs on a post I made on the Microsoft ApacheFP vulnerability. Apparently, my machine is owned. Perhaps...
There's no excuse for ignoring your systems once they're up, and, some basic detection software should be mandated for future distros of any *n*x. Admins should read up on services that want to launch on start-up, as well, and, I'd also love to see a linux box come with a good set of firewall rules in the startup scripts by default.
I've had quite a few servers scanned over the past month for the rpc services, and the machines have acted appropriately. Including responding to the AC who "owns me" and who proceeded to scan 3 of my boxes. He/she may be correct and own my box. Truth is, I haven't heard from him/her since the scans. And, before anyone mentions it: I get CERT alerts; Security Focus is a daily stop.
Might seem off-topic. But, they're getting in through the rpc services. Firewall them. Then we won't hear a bunch of FUD about how insecure Linux is.....
Linux rocks!!! www.dedserius.com
Interestingly, on reviewing the Wired article, I ran across a suggested link there that discussed a recent FrontPage Extensions security problem I wasn't aware of. Still haven't researched whether it affects the UNIX FP extensions, yet, but, I doubt it. Has to do with including standard DOS reserved commands in the URL to shtml.
What struck me as relevant was the tactic Micro$oft took when alerted by Sozni of Xato Network Security, in asking for a delay in disclosing the flaw until a patch was available. While that position on dealing with the reporting vendor isn't so noteworthy, what is curious is that the patch was available a over a week ago, and, I had never heard of it. It was quietly bundled into a service pack for the Server extensions and not well publicized.
I follow this stuff closely, and, am sure I would have been aware of it, had it been better disclosed by Micro$oft once the patch was available.
In an open product, disclosure is inevitable. Seems people might be considering this model to make better business sense.
Linux rocks!!! www.dedserius.com
I actually find Office as a productivity tool to be more convenient than StarOffice in several ways, too. My point is that while more convenient, there is still nothing I need to do in Office, that I can't just as easily do in StarOffice. StarOffice 3.0 is the only (bar none) application that has exhausted all virtual memory on Linux for me, and, the kernel kindly killed all processes and rebooted.
So, in over 5 years, I've had one software incident that crashed my system.
In 10 years of using Micro$oft technologies on Mac and Win3.x/9x/NTX, I couldn't count them all. Which is why I'll prefer StarOffice over Office, and, would prefer it didn't get ported to *n*x.
I stick to my original assertion: Office is Irrelevant.
Linux rocks!!! www.dedserius.com
Having used Excel since version 2.3 on the Mac, and FoxPro since FoxBase (also on the Mac), I've never really had much use for anything in Office short of the Excel spreadsheet functions. Notepad is fine for typing things.
There really is no compelling reason to wait for IE, or Office for Linux. Star Office isn't the greatest, but, it gets the job done.
It would probably be a step backward to have Access run under Linux, since there are already many far superior ways to develop web applications natively. You have a browser, a web server and a database server. All free, and, all work stably. If someone tries to start using Access under Linux to replicate these tasks, we'll just be diverting talent away from where they're pushing Linux forward so quickly, now.
I say let this rumor about Micro$oft porting their apps to Linux die. It keeps coming up, and, once it reaches enough people and becomes a discussion, MickeySoft rears it's ugly PR gavel and stamps it down again. Always they ironically confirm they're porting to Solaris, and/or HP-UX. It's technically trivial to port an HP-UX application to Linux. I know, because I have. So why not Linux?
Again.... who cares. Leave it alone.
Linux rocks!!! www.dedserius.com
Albin:
Great post. Let's get back to work.
Unfortunately, mine is in SQL7.0 Server crap, tonight.
Linux rocks!!! www.dedserius.com
That aside, I'll agree the vulnerabilities in Linux are more visible than in the past due to deployments, but, most of us who've been doing it for several years, have enjoyed some key features that have helped us make this Operating System and it's applications the treasure to administer that it is today and has been for quite some time:
The list goes on. This is why I have 40 different servers out there in the wild supporting several thousand end-users in education, business, and, of course, entertainment.
I'm chalking this one up to a victory. I suggest all others do the same and keep at it. I still believe this is the greatest Operating System that ever existed. And, I do love my AIX and other UNIXes. But, there's really one word that makes the difference: free >:).
Linux rocks!!! www.dedserius.com
For the past 2+ decades I have written lots of songs. I've played with MIDI since 1984 to subvert the problems associated with incorporating flaky musicians' efforts in producing tracks. I've written around 200 songs. They may be terrible.
For the past ++decade, I've attempted soliciting the Music Industry through conventional means spending thousands on tapes, postage, and packaging to submit them to RIAA execs who threw them into the trash. They may have been terrible.
For the past 5 years I've published these same songs at Ded Serius Music because it doesn't cost me anything. I haven't made a dime. I don't care. They may be terrible.
I hope Napster can get through this ordeal. I do have some objections to the variances between their PR philosophy and their software policy. It seems a little inconsistent to demand exclusion to music copyrights while maintaining exclusivity on software copyrights. Napster doesn't run on Linux. I don't do windows. If you're bored enough to go to my site you'll learn why that is, too. It's not due to superior MIDI composition software under Linux. I wish such software existed. Napster for Linux doesn't and they've been quite clear on their direction for it.
But, the moral most significant for me in this whole debacle is elicited by the RIAA. Napster, vile though it may be, is a valid exchange for people to sample music they ultimately may purchase. Either way, more purchases will be made than if you merely deleted this distribution mechanism. And, this distribution mechanism can't be deleted, since there are other workable ways to do this without Napster. It will just be harder to leverage by the RIAA. But, the RIAA has rendered a stealthy effort to quelch this and tipped their hat on what disturbs them most: control of the distribution of artistic content; especially as it pertains to the revenue model.
Perhaps, this signals a turning point when the artist will be able to offer their creations freely to John/Jane Q. Public without the intervention of these discerning and qualified brokers of artistic content. Likely many original creations will flow more freely and possibly gain popularity in absence of content from the established bands/artists and control by the discerning ears and wallets of the delegees of RIAA. Likely much of this content will be really, really terrible. Most of it will be weeded out by the denizens of this new unpublished media.
But, the proceeds will go to the artists.... If their creations are not really, really terrible.
I think this is the best possible outcome: much of what we listen to has been endorsed by the RIAA through it's qualification process. Much of it is terrible. Much more that wasn't has been excluded due to this process.
My 2 cents. And, yes, you can laugh at some of it. I certainly did.
Linux rocks!!! www.dedserius.com
There is an out-of-the-box feature in Linux that has existed longer than I can recall in it's various forms. Currently, it's a simple matter of following these simple precautions:
if [ -x
.
fi
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
echo 1 >
/sbin/ipchains -F
/sbin/ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY -l
At this point you are secure...
If you're not running a server, do nothing further
You can now read mail, edit documents, send mail, and surf the web securely. No programs that come in, even JavaScripts will be able to trash your system, or even erase files in your user directory. If you're even more paranoid, don't surf the web as your normal user account. Create one for this express purpose.
If you need to do Word and Excel documents, get StarOffice 5.2. If you think the 90MBytes memory hit is expensive, add 64 MBytes to the 64 MBytes you need already to run Win98 with Office97/2000. It's less expensive to buy 60 bucks worth of memory than it is to buy anti-virus software that slows down your machine and takes hours of maintenance every month, plus the additional money it costs to put in ZoneAlarm, or some other firewall. The vendor should lock down their stupid OS and all it's little macro crap, period. If you need dancing pigs; then use Windoze. Consider yourself the ultimate risk-taker.
The poster should have posted facts; not inflammatory remarks. Since I feel I'm headed in a similar direction, I'll post my 2 cents.
Linux rocks!!! www.dedserius.com
Nope, not all the Feds are evil. I've worked with a couple.
Only takes one.....
Linux rocks!!! www.dedserius.com
I couldn't get to it from any of my servers. Nice job, guys.
Linux rocks!!! www.dedserius.com
Not sure how this story got accepted for posting.
Not a worthy read.
Linux rocks!!! www.dedserius.com
This is outrageous. The FBI admits this is nothing more than a glorified sniffer. And, we all know a sniffer grabs plaintext passwords which many systems/services use. Looks like it's time to start watching my login records a little more closely.
The analogy used was "It's the electronic equivalent of listening to everybody's phone calls to see if it's the phone call you should be monitoring." Actually, I'd say it's more analogous to having a bug in every home that uses that network. Considering that e-mail communications originating from one private residence destined for another private residence would qualify for some privacy protection, I would offer that placement of the "Carnivore" on a public wire steps way over the bounds of legitimate surveillance jurisdiction.
I guess what shocks me the most is that they actually demonstrated this technology. They expect buy-in?
Of course, there's always encryption....
Linux rocks!!! www.dedserius.com
Having used MySQL for over 3 years to manage web statistics and personal databases, I can't speak highly enough about it. Haven't used PostgreSQL probably because MySQL did the job early and still does, so why bother. Given that PostgreSQL has more features that make front-end programming easier, I'd say it's just a matter of where you feal comfortable spending your coding time. If it's on the back-end, MSSQL will do just as well, plus you don't get the issues with running an open source OS for the database (although, MySQL runs just fine on Win32).
Where MySQL truly excels is in the level of technical ability in the user group. It's an accumulation of some of the most qualified technical insights you'll probably ever find. Take a look at the List Archives to search for virtually anything database related.
My $.02
Linux rocks!!! www.dedserius.com
That's pretty incredible. The page states "...We reboot three-four times each day depending upon how many new domains we are registering..." Huh? For changes in DNS? Hmmmmmmmmmm. So, apparently ndc reload doesn't work. That's fairly telling.
Now, I've never done this, nor, would I ever do this, but, know that it's possible to determine the boot-time necessary for a name-server after just a couple reboots and, since this machine reboots pretty much as a service, it seems fairly trivial that the attacker could have determined at what moment in time the machine was beginning one of it's "scheduled reboots" and entered the machine prior to full launch of all services. We all know how this works. And, if anyone doesn't it's a matter of the sequence of services starting up and if network starts before firewall, then, there are windows of opportunity. Not too big on *n*x-es, but, on NT services can take a really long time to start.
The quote: "...we have taken the steps necessary to ensure that this kind of thing does not happen again..." is a precursor for exactly this same thing happening again. Poor guy's doomed.
What's tragic is the complete ignorance he elicits and that he received this much media-attention, to begin with. Clearly, he feels he knows what he's doing. He appears to realize he's been owned. Too bad he doesn't consider he might still be.
Linux rocks!!! www.dedserius.com
I've loaded it on a couple systems, but, there's little compelling reason to upgrade if you're at 7.0. Anything <= 4.0, though, go for it.
Couple gotchas that may save people some hair-pulling, is the scsi support. Not, just scsi, but, also ide-scsi appears to be broken in kernel 2.2.15-2.2.17. I tried it on a dual with 3 different Adaptec Ultra-Wide cards (aic7xxx.s) and, none would boot/install correctly. Ended up having to load Slackware 7.0 to get it installed.
I checked Deja and found I wasn't the only one. I would have written it off, but, I upgraded my Athlon over the weekend (with 10 Gbytes drive) and, it was the smoothest upgrade I've ever done. It's very slick. No changes of init scripts, whatsoever. It just worked out of the box (or, off the ISO, whichever way you wanna put it). However, my Goldstart RW wouldn't read the CD, so had to do an NFS install from my Dual Celey, and, turns out this is likely related to the ide-scsi issue. In order to see my CD-RW after the load, I had to revert to kernel 2.2.13, and, all's well.
Bottom line: On a generic ide-based system, it's probably a streamlined way to implement the security fixes of gpm, fdmount, et. al., but, then, if it's just a workstation, these aren't gonna open up any gaping holes, anyway.
That is of course, unless you have some port-forwarding enabled to your workstation through your firewall. But, then, again.... who would do that? >:)
Linux rocks!!! www.dedserius.com
Another useful app under Linux is IPTraf, which will let you log these communications, including bytes sent and received from the respective destinations/sources.
A great tool for further locking down your firewall.
While I agree the labeling of this article is slightly skewed, I don't think anyone's being paranoid by running these types of activities through the microscope. Better to send a message to software vendors to back off on surreptitious exchanges of information from the consumer than further the proliferation of legislation to do this for us.
My 2
Linux rocks!!! www.dedserius.com
Now, This Root Prompt article is the best read I've had since I can remember. Yes, it was mentioned above, but, re-iterating the link does no disservice to anyone who truly cares about security.
Take 10 and go read it.
Linux rocks!!! www.dedserius.com
Neat. So, I had to kill one of my netscape windows. Doesn't prove a thing.
Linux rocks!!! www.dedserius.com
Chris:
You're pretty passionate about this. Probably extends to things you think about more heavily.
I think I agree with you on several points, including the jailing of felons thing.
It's funny when I think about the past 5 years of time I coulda been writing songs. Perhaps you're intuitive enough to know why I haven't been.
Loud thoughts, but, all valid.
Linux rocks!!! www.dedserius.com
HRunting:
Seriusly? I'm very curious. I don't use Windows as a rule. Did your really get a warning? I'm familiar with the process. That would be wicked ominous......
Linux rocks!!! www.dedserius.com
Jonathan:
You said it yourself: "they have done some very illegal things"
If you kill someone do you think your rights will be diminished?
I would hope they would.
We have in our hands the power on the PC to "innovate" ourselves. Yes, it might have been somewhat fostered by the products from Redmond.
But, we can create, and have had the power for a decade.
We can now do it with anything.
And, I'm not dancing in the street. I'm just glad I can offer other choices to people. The decision is marginal in influence, at best, now. But, doors will soon open for providers of more reliable stuff.
That's my only interest. MIDI devices that don't become gameport joystick controllers on the next controlset reload.
Seriusly. I could give a shit about any of this shit if M$ had kept MIDI functioning as well as in Win3.1.
I'm no zealot. I just wanna right music. And, I've never killed anyone.
Peace....
Linux rocks!!! www.dedserius.com