Not sure how easily clearable the hurdle is. The Windows Update site requires ActiveX. Last I checked rc.local, the line:
#/usr/sbin/ActiveXd &
Was commented out... Wait, there is no ActiveX on *n*x. You get the point. I'm sure there's some of that requirement for msn.com, too.
MSN.com is about useless. There's always CNN.com, which I doubt will shut out non-M$ OSes.
However, there is the question of windowsupdate.microsoft.com, which I would imagine actually gets higher traffic due to the frequency of updates sent to such a huge client-base. When SP2 came out for Win2k I used Konqueror to access the site; downloaded the patch to my (rather large) Windows-Patches share on my Samba server so I could update the one machine, and distribute via CD to my less DSL-equipped friends.
It appears the windowsupdate.microsoft.com site no longer allows non-M$ browsers to access the site. Konqueror throws sporadic "Cannot connect to site" errors, consumes massive CPU (23.00+), Mozilla just stares at you blankly, telling you page is done (page source shows the upgrade recommendation), and NS 4.7x tells you to go get a M$ OS and browser. This bodes pretty poorly for those shops who have more than 1 server, but less than 5 (probably ~50%, or so of M$'s small business market), if current security and bug updates can't be retrieved once by a machine that isn't capable of processing it directly and must save the patch to a local/LAN filesystem.
I cannot help but wonder how effective throwing barriers in front of your customers in every possible direction will be at instilling their loyalty in the long run. Hopefully, their customers are getting a little smarter and a lot pissed!
Look, I'll pay when it's worthwhile, but since we don't even have pricing, I'll do my part. Post them banner ads as big as you like. Not even a problem.
I'll just filter it out (mentally, or some other way), and those who can't can pay the fee.... once we know what that fee will be...
Here are Just a Few Arguments Against Using OSS
on
Opposing Open Source?
·
· Score: 1
"There is some value for having details in the advisories, but not exploit code. " said Chris Wysopal, director of research and development for security firm @Stake,
Once you have the details of what's vulnerable you're less than an hour away from an exploit, even if you're a VB programmer. The message that needs to get out to Culp and others looking to sweep their flaws under the carpet is that once the flaw is published, the exploit is on it's way! Putting the exploit out there forces unwary admins to patch before they get hit. And, if they don't stay on top of security for their system and they get owned; fine. Find a different admin.
The other thing that bothers me about the article is the uncharacteristicly congenial tone Wysopal took WRT M$. Weren't the guys who formed @Stake the same ones slinging shit at them back before they founded @Stake? (Inclusion of an example with an exploit purely intentional.) Takes my opinion of them down a notch.
Qwest will continue to provide Business customers with Internet Service Provider (ISP) services, such as:
* Qwest.net OfficeWorksSM
* Qwest.net OfficeWorksSM LAN
This is a business customer service. In the agreement you are entitled to run any service you wish. If you have facts that indicate MSN's got it's eyes on that offering, please substantiate.
Upgrade to OfficeWorks and run your own mail server. Problem solved. How long does it take anyone around here to set up a simple mail/name server so they can manage their own mail. Think about it.... you want your mail based at an ISP anyway?
It's a great! thing that interest in Linux/UNIX for gaming continues to build. That's what Joe Six-Pack needs in place before switching to Linux or resorting to a PS2.
What does concern me is the involvement of an emulator to run those games. Those APIs will continue to change, anyway, and if the porting of these apps would prioritize direct interfaces to the OS's graphics software, rather than through emulating windows it would achieve broader goals.
Better performance -- more marketable;
Larger effort for the development community to strive for an API under *n*x that's superior to DirectX;
Less dependence on windows technologies during development; eventually, independence.
I'm sure there are some technically sound reasons for developing DirectX under Wine, and support any development in *n*x gaming, regardless. I'd just think an OpenGL that kicks the snot out of DirectX would send a much more productive and telling message....
Sec. 3286. Terrorism offenses
(a) An indictment may be found or an information instituted at any time without limitation for any Federal terrorism offense or any of the following offenses:
(1)
(2)
(3)
(4) Section 46502 (relating to aircraft piracy) of title 49.
(b) An indictment may be found or an information instituted within 15 years after the offense was committed for any of the following offenses:
(1) Section 175b... or 1030(a)(7) (relating to protection of computers), 1362 (relating to destruction of communication lines, stations, or systems)
If/when this legislation passes, what will be the real ramifications on your typical system administrator who spends much of his/her time implementing/exploring technologies? Specifically, what types of computer activities would qualify as an act of terrorism? How competent are current investigators in properly classifying such activities? Examples follow:
Sending UCE
Port Scanning
Web Page Defacement (Gov't/Private Sector)
Violations of SSSCA, DMCA
Patent Infringements
Use of Encryption (esp. if backdoors are mandated)
One of the biggest concerns we should have is that system activities are often misclassified due to ignorance, misconfigured services, or compromise by 3rd parties. Will this legislation potentially put innocent admins in prison for life given any of the above scenarios?
(The parent has not been modded high enough yet as of this post)
Regardless of the legal dispute, MAPS should have their implementation for filtering spammers removed from all MTAs. This is a frustrating problem, and is a major time-eater for diligent admins and an even bigger one for end-users on networks not overseen by such admins. Sendmail has removed MAPS support, reaffirming my commitment to stick with it since Sendmail's security record as been much improved over the past 3 years and it is great free software. A bitch to configure, but hey; when you run Slackware you know what you're getting into. I found it very alarming and frustrating when I decided to put a stop to what appears to be a significant increase in spam lately by finally getting around to implementing MAPS, only to discover the new fee-based implementation of MAPS. This pricing/policy change is completely antithetical to what anti-spam software should stand for! They started out as this "crusader" organization making software to rid the 'Net of the filth that proliferates as spam, then stick you with a fee? Quite unsamaritan and anti-community for a service that purports to assist the community, only to later suck you into payments once they've garnered enough of a following. Exploitative in the vilest sense.
ORDB is a godsend! I put this on my servers 2 days ago and spam has all but ceased. 10 trickled through the first day and were added to the list. ORDB's policy is effective, efficient and fair and it doesn't bog down the server or the network in any noticeable way. It's a quick 30 minute configure for a moderate sendmail admin, and yields immediate results. Granted it doesn't provide known spammer protections, but how can you do that?
The onus on stopping spammers is on ISPs through their AUPs. Once they make it crystal clear that using their network services for stupid things like Spam, port scanning, and defacing web-pages is going to immediately ban them from that service, the Spam and other useless 'Net activities will stop and these idiots will quietly go back to the middle-high school where they once worked and pick up their green weenies, Mr. Clean, and get those toilets clean and those hallway tiles shiny again, where their skills/socialization are most appropriate.
"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer."
I believe the note was made by Michael when he posted the story. As you can see, it most certainly is there...
While client market share for Windows is undisputed, Apache has close to 60% of the web server market. I haven't received a single readme.exe attachment.
Current Nimda stats are:
26900 attempts on 2 servers.
Apache (on *n*x, anyway) is not vulnerable to worms in the same way IIS is since it runs as notroot.somegroup. The only thing an Apache web server worm (on *n*x) could do is muck up the web server.
*n*x mail clients don't (at least yet) do a
file this_attachment
if file is ELF, or a.out
chmod +x this_attachment
execve this_attachment.
This isn't to say *n*x is immune. Just why Win* is not. Not because of market share.
"...how would/does the government know wether a bitstream is random bits, or encrypted data?"
Audio data looks random. MP3 data looks random. What's to stop someone from recording an analogue message in the high or low frequency range of a music recording, then bladeenc it to mp3 and transmit it in the clear? Still looks random.
The use of Oracle as an example was arbitrary. Had I used MSSQL, I'm sure you're rather harsh response would have been even more so.
I don't expect you'll respond any more rationally to this post, so just don't bother.
This was not a "knee-jerk" response. It's verbiage was compiled specifically for your original post with the tone of that post in mind. I did my best to stay objective and not get personal. Perhaps you're capable of the same.
So, you're suggesting Oracle could do better on the same hardware? Perhaps you could provide a more compelling argument if you showed similar stats to what these 6 little servers produced over the past couple days running on an Oracle setup.
MySQL is the fastest database on the planet. It lacks features: not speed. If you outgrow this database, you switch to which one?...
Step 1: Legislation is passed unanimously in both the house and senate and signed by the President requiring all domestic encryption software to include a backdoor.
Step 2: SSSCA is passed unanimously, modified to include all current encryption software passed in Step 1.
Step 3: All non-government information security experts are rounded up and imprisoned for 5 years for using non-backdoored encryption technologies.
No one is left to assist in deterring the next terrorist attack: the one on our information infrastructure by those who have no concern for U.S. Law.
I hope the message can get through to our lawmakers and it's non-technical citizens, at this difficult time.
Everyone seems to be blaming Osama bin Laden. I hope people do their research completely before resolving to that conclusion. Just imagine we get him extradited to the U.S., try him, convict him, and summarily inject him; only to have the Sears Tower impaled by a Concorde the following day.
It could be anyone. This thing sucks, but justice is only sweet when it's 100% confirmed to be imposed on those who instigated the original offense.
Slashdot Mirror
...provide another easily cleared hurdle?
Not sure how easily clearable the hurdle is. The Windows Update site requires ActiveX. Last I checked rc.local, the line:
#
Was commented out... Wait, there is no ActiveX on *n*x. You get the point. I'm sure there's some of that requirement for msn.com, too.
MSN.com is about useless. There's always CNN.com, which I doubt will shut out non-M$ OSes.
However, there is the question of windowsupdate.microsoft.com, which I would imagine actually gets higher traffic due to the frequency of updates sent to such a huge client-base. When SP2 came out for Win2k I used Konqueror to access the site; downloaded the patch to my (rather large) Windows-Patches share on my Samba server so I could update the one machine, and distribute via CD to my less DSL-equipped friends.
It appears the windowsupdate.microsoft.com site no longer allows non-M$ browsers to access the site. Konqueror throws sporadic "Cannot connect to site" errors, consumes massive CPU (23.00+), Mozilla just stares at you blankly, telling you page is done (page source shows the upgrade recommendation), and NS 4.7x tells you to go get a M$ OS and browser. This bodes pretty poorly for those shops who have more than 1 server, but less than 5 (probably ~50%, or so of M$'s small business market), if current security and bug updates can't be retrieved once by a machine that isn't capable of processing it directly and must save the patch to a local/LAN filesystem.
I cannot help but wonder how effective throwing barriers in front of your customers in every possible direction will be at instilling their loyalty in the long run. Hopefully, their customers are getting a little smarter and a lot pissed!
Look, I'll pay when it's worthwhile, but since we don't even have pricing, I'll do my part. Post them banner ads as big as you like. Not even a problem.
I'll just filter it out (mentally, or some other way), and those who can't can pay the fee.... once we know what that fee will be...
- DMCA
- Passport
- Office
- Traditional Support Means
- Patents
- W3C: RAND
That should get you started.The security fix for the kernel root exploit bug have been available for over a week.
Pretty much dead, actually. Except for these 9 weirdos with their clocks set wrong.
"There is some value for having details in the advisories, but not exploit code. " said Chris Wysopal, director of research and development for security firm @Stake,
Once you have the details of what's vulnerable you're less than an hour away from an exploit, even if you're a VB programmer. The message that needs to get out to Culp and others looking to sweep their flaws under the carpet is that once the flaw is published, the exploit is on it's way! Putting the exploit out there forces unwary admins to patch before they get hit. And, if they don't stay on top of security for their system and they get owned; fine. Find a different admin.
The other thing that bothers me about the article is the uncharacteristicly congenial tone Wysopal took WRT M$. Weren't the guys who formed @Stake the same ones slinging shit at them back before they founded @Stake? (Inclusion of an example with an exploit purely intentional.) Takes my opinion of them down a notch.
You forgot:
"I think if they put a crypto provision in this bill, it would have passed," Froomkin said. "Look at what the administration got."
You really gotta pay attention these days...
Qwest will continue to provide Business customers with Internet Service Provider (ISP) services, such as:
* Qwest.net OfficeWorksSM
* Qwest.net OfficeWorksSM LAN
This is a business customer service. In the agreement you are entitled to run any service you wish. If you have facts that indicate MSN's got it's eyes on that offering, please substantiate.
Upgrade to OfficeWorks and run your own mail server. Problem solved. How long does it take anyone around here to set up a simple mail/name server so they can manage their own mail. Think about it.... you want your mail based at an ISP anyway?
It's a great! thing that interest in Linux/UNIX for gaming continues to build. That's what Joe Six-Pack needs in place before switching to Linux or resorting to a PS2.
What does concern me is the involvement of an emulator to run those games. Those APIs will continue to change, anyway, and if the porting of these apps would prioritize direct interfaces to the OS's graphics software, rather than through emulating windows it would achieve broader goals.
I'm sure there are some technically sound reasons for developing DirectX under Wine, and support any development in *n*x gaming, regardless. I'd just think an OpenGL that kicks the snot out of DirectX would send a much more productive and telling message....
Sec. 3286. Terrorism offenses
(a) An indictment may be found or an information instituted at any time without limitation for any Federal terrorism offense or any of the following offenses:
(1)
(2)
(3)
(4) Section 46502 (relating to aircraft piracy) of title 49.
(b) An indictment may be found or an information instituted within 15 years after the offense was committed for any of the following offenses:
(1) Section 175b
You can read all the stuff here.
If/when this legislation passes, what will be the real ramifications on your typical system administrator who spends much of his/her time implementing/exploring technologies? Specifically, what types of computer activities would qualify as an act of terrorism? How competent are current investigators in properly classifying such activities? Examples follow:
One of the biggest concerns we should have is that system activities are often misclassified due to ignorance, misconfigured services, or compromise by 3rd parties. Will this legislation potentially put innocent admins in prison for life given any of the above scenarios?
(The parent has not been modded high enough yet as of this post)
Regardless of the legal dispute, MAPS should have their implementation for filtering spammers removed from all MTAs. This is a frustrating problem, and is a major time-eater for diligent admins and an even bigger one for end-users on networks not overseen by such admins. Sendmail has removed MAPS support, reaffirming my commitment to stick with it since Sendmail's security record as been much improved over the past 3 years and it is great free software. A bitch to configure, but hey; when you run Slackware you know what you're getting into. I found it very alarming and frustrating when I decided to put a stop to what appears to be a significant increase in spam lately by finally getting around to implementing MAPS, only to discover the new fee-based implementation of MAPS. This pricing/policy change is completely antithetical to what anti-spam software should stand for! They started out as this "crusader" organization making software to rid the 'Net of the filth that proliferates as spam, then stick you with a fee? Quite unsamaritan and anti-community for a service that purports to assist the community, only to later suck you into payments once they've garnered enough of a following. Exploitative in the vilest sense.
ORDB is a godsend! I put this on my servers 2 days ago and spam has all but ceased. 10 trickled through the first day and were added to the list. ORDB's policy is effective, efficient and fair and it doesn't bog down the server or the network in any noticeable way. It's a quick 30 minute configure for a moderate sendmail admin, and yields immediate results. Granted it doesn't provide known spammer protections, but how can you do that?
The onus on stopping spammers is on ISPs through their AUPs. Once they make it crystal clear that using their network services for stupid things like Spam, port scanning, and defacing web-pages is going to immediately ban them from that service, the Spam and other useless 'Net activities will stop and these idiots will quietly go back to the middle-high school where they once worked and pick up their green weenies, Mr. Clean, and get those toilets clean and those hallway tiles shiny again, where their skills/socialization are most appropriate.
Clearly, we can't count on our Congress to improve the Spam sitation...
Whoever hosts that site is a terrorist.
[OT, but hit the link first...]
"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer."
I believe the note was made by Michael when he posted the story. As you can see, it most certainly is there...
While client market share for Windows is undisputed, Apache has close to 60% of the web server market. I haven't received a single readme.exe attachment.
Current Nimda stats are:
26900 attempts on 2 servers.
Apache (on *n*x, anyway) is not vulnerable to worms in the same way IIS is since it runs as notroot.somegroup. The only thing an Apache web server worm (on *n*x) could do is muck up the web server.
*n*x mail clients don't (at least yet) do a
file this_attachment
if file is ELF, or a.out
chmod +x this_attachment
execve this_attachment.
This isn't to say *n*x is immune. Just why Win* is not. Not because of market share.
"...how would/does the government know wether a bitstream is random bits, or encrypted data?"
Audio data looks random. MP3 data looks random. What's to stop someone from recording an analogue message in the high or low frequency range of a music recording, then bladeenc it to mp3 and transmit it in the clear? Still looks random.
How much mp3 traffic flows across the 'Net? >:)
That's a lot of random-looking bits.
"...what's so bad about the government having a backdoor on crypto? "
It's not the government having one that's the biggest problem. It's that there is one. Someone will find it. Possibly not the government.
Don't post letters in here. We pretty much know what we need to say to them. Letters are better, but perhaps some e-mail actually gets read.
The use of Oracle as an example was arbitrary. Had I used MSSQL, I'm sure you're rather harsh response would have been even more so.
I don't expect you'll respond any more rationally to this post, so just don't bother.
This was not a "knee-jerk" response. It's verbiage was compiled specifically for your original post with the tone of that post in mind. I did my best to stay objective and not get personal. Perhaps you're capable of the same.
So, you're suggesting Oracle could do better on the same hardware? Perhaps you could provide a more compelling argument if you showed similar stats to what these 6 little servers produced over the past couple days running on an Oracle setup.
MySQL is the fastest database on the planet. It lacks features: not speed. If you outgrow this database, you switch to which one?...
Step 1: Legislation is passed unanimously in both the house and senate and signed by the President requiring all domestic encryption software to include a backdoor.
Step 2: SSSCA is passed unanimously, modified to include all current encryption software passed in Step 1.
Step 3: All non-government information security experts are rounded up and imprisoned for 5 years for using non-backdoored encryption technologies.
No one is left to assist in deterring the next terrorist attack: the one on our information infrastructure by those who have no concern for U.S. Law.
I hope the message can get through to our lawmakers and it's non-technical citizens, at this difficult time.
How in Hell did you find this? Thank you!!!
Mod this up!!!
Picked up this list of potentially involved organizations from some dude on IRC.
Everyone seems to be blaming Osama bin Laden. I hope people do their research completely before resolving to that conclusion. Just imagine we get him extradited to the U.S., try him, convict him, and summarily inject him; only to have the Sears Tower impaled by a Concorde the following day.
It could be anyone. This thing sucks, but justice is only sweet when it's 100% confirmed to be imposed on those who instigated the original offense.