I agree with you - I was just wondering about the specifics. What would you see on a system that would give you just a slight suspicion it had been compromised, rather than knowledge outright? Suspicious activities in the logs? (and what would they be, exactly?) Maybe the sysadmin saved the root password somewhere on his laptop and then left it on the train? That sort of thing...
From TFA: (By the way, yes, I own a tiny handful of Apple stock. Do I need to advocate for Mac? Hardly. I'm already happy as can be thanks to the success of the brilliant, world-altering iPod.)
Do any of you get the feeling that this article should have been published on MacWorld?
For the most part and for all intents and purposes, Macs are immune. Period.
And we've all been through this argument before. Perfect security only comes when you unplug the network cable (and that's when it's not an insider job). Talking like this will just make people complacent. Although I personally use Fedora, Windows PCs can be pretty good to use, provided you are behind NAT or a firewall and you don't use IE or Outlook Express...
Sending out press releases designed to provoke your suspect is a tried and tested method in law enforcement. What if they had a mission-critical email server that had been hacked but had to stay online no matter what? (Think of secure intelligence channels.) This press release could be to try and prevent him from coming back...
It would also explain how they were able to send the email;)
According to the BetaNews Article Officials said the actual risk of a system compromise was fairly low. So the question is, what did the sysadmin see that prompted him to shut the system down?
On a side note, I switched to a different bank in 2002, one with no monthly fees. I was amazed at how easy it was to do, and now I must be their most vocal evangelist. I'm constantly reassuring people that they, too, can stop paying monthly services charges to their bank. I think I have six converts so far:)
As far as I am aware, there are no banks in the UK that charge either a setting-up fee or a monthly fee for personal accounts. They make money off the money we let them look after, so why put people off giving you money by charging you to do it? When people I know have heard about countries where there is a monthly fee, they go "WHAT?!?"
The iPod has the best user interface and best looks of any hard disc player out there. Sure, it doesn't have ogg vorbis support and it is a little expensive, but it still beats all the competition that I'm aware of. It's got tonnes of geek appeal - of course every programmer is going to want one!
If Bill doesn't like it then Microsoft should bring out their own product. It worked with the XBox...
Most of the comments I've read so far seem to be missing the point. The idea of this security team is to make sure that there aren't any publicly known exploits in the kernel without a patch being available; at the moment this is inevitable if a bug is reported directly to the kernel guys, due to the policy of immediate disclosure.
This move is primarily to stop companies running linux from going to commercial vendors to patch their kernel for them, and thus keeping linux security centralised.
The decision to use blacklists with ActiveX is an unfortunate one. In an environment as fluid as the internet scam industry, there will be vastly more new sites set up than human-controlled blacklisting can stop, especially if web servers are set up on botnets of unsuspecting home XP users. Let's just hope the default rendering engine will be Gecko.
Having said that, there are a few javascript phishing techniques that work perfectly well in Firefox with Gecko...
Let us all hope that Massachusetts doesn't accept Microsoft's formats if they aren't completely open when it undertakes its review of the decision. If Microsoft are seen to have open office formats in the eye of the public when they are not really open, it can only be a bad thing for OpenDocument and other truly open efforts.
Everyone who lives in MA, go and write to your appropriate representative now!
You're right - I probably shouldn't have lumped the two words together so much, even though they have the same linguistic origin. "Lively" was the best compromise fit for both alegre and allegro, and it's how alegre's present meaning is derived - first it became something like "merry" and now it's more like "happy"...
If you're interested in that sort of thing check out the Indo-European Roots Index . It continues to amaze me how much the same word can change over time.
Multimap has it as Porto Alegre. Besides, both alegre and allegro translate to something like "lively", but the former is Portuguese and the latter Italian. Portuguese would seem to be the relevant choice here as it's the main language spoken in Brazil.
Hopefully this will lead to reduced spending on translation by governments and other such organisations - just think how much conducting a meeting of the U.N. must cost in terms of proprietary software. Also you could have simultaneous meetings in different parts of the world both being translated and relayed to each other. The U.N. in New York and Geneva perhaps? Maybe there's a way to do something similar without it descending into chaos:)
Well, it's been two or three years now since it started. It's cleared up a lot, but never really gone completely away. I think I could play the violin seriously again if I wanted to, but it's been too long and I have a different (but not too different!) career path now. Plus it would be a lot of work getting myself into the habit of good posture...
RandomPerson: Hi there.
Me: Hello. What is your name?
RandomPerson: Uh, Jeff. What's yours?
Me: ERROR: TRACEBACK CALL IN ^^^^^
Me: ERROR: NO SIGNAL CARRIER DETECTED
I've tried quite a few Linuces in the last year or so, in the quest of finding that "perfect distro". The most important piece of advice I'd give is *don't* try and update a distro with a source that isn't specifically designed for updating that particular distro. There are just too many things that can go wrong.
For example, I installed a couple of RPMs on my first ever Linux distro, Mandrake 9.2, that I downloaded from an RPM search engine. This worked fine, but after about a month I tried to install some normal Mandrake packages and the package manager kept telling me that I needed to uninstall X, along with a couple of dozen other packages, and then reinstall them, in order to get it working.
Example 2: I installed Knoppix 3.4 on my hard disk and updated it to the latest version using the Vanilla Debian tree. This increased the startup time by about five or ten minutes while some service was busy timing out. I could have probably fixed it myself, but that's not exactly a warm and fuzzy feeling right?
Example 3: I installed Ubuntu Warty Warthog and tried to install Mplayer on it using Debian Marillat. *Nothing* I tried could get it to work. Apt-get just kept failing in a loop of unresolved dependencies.
Out of these failures I have learned that it is best to stick to what is guaranteed to work, and to make backups just in case that fails too!
Of course, a good package manager is necessary as well. Out of the package managers I've tried I like Debian and apt-get, Fedora Core (and I assume Red Hat Enterprise Linux) and Yum (Apt-get also works well for these), and Mandrake and Urpmi. I've tried Gentoo and Emerge, but I don't like the way it (doesn't) handle config files. I hope this changes in an Emerge version soon...
Of these, the easiest to install are Mandrake and Fedora (and presumably RHEL), which gives them +2 fuzzy karma straight away. And if you're into security, Fedora has firewall and SELinux setup built into the installer...
I have tendonitis in the little finger of my left hand as a result of playing the violin. I used to play the violin for two or three hours each day, and some of the music was very strenuous. Like some of the previous posts have said, if you do anything too much you can get tendonitis. However, some things are definitely worse than others in this regard. I once heard the leader of the Lindsay String Quartet say that if the violin was a modern invention, then it would probably be forbidden by an E.U. directive - to play it properly you have to twist your left wrist through 180 degrees, almost.
Despite its reputation, many people play the violin for a living, and many of those never have any problems with tendonitis. This is because in spite of the risks involved with playing, there are plenty of people who find a position that's comfortable to play in; it is the people who twist their wrists *right* round, and press their fingers down *really* hard that get into trouble (like me). So the people arguing that there is no problem and the people arguing that some devices are unsafe to use are really both partially right - it is both the device and your posture that affects your likelihood of developing tendonitis.
If you start to have pain from using your blackberry/keyboard/mouse/whatever, you should immediately rest it. And I'm talking about days, not minutes. Also, whatever happens, even acute tendonitis clears up after a year, so don't worry too much, although I always think my little finger is a bit stiffer than it used to be...
I'm intrigued that a cement company is the most well-known brand in Latin America - it seems unusual that such an industrial commodity has managed to become a household name even though most people will have never bought any of their products directly. Maybe this reflects the amount of construction occurring in these nations at the moment?
While it may not be legally binding, I'd say it's enough permisssion for the layman, and I think it could be argued in court
Even if Microsoft suddenly backtracks on their position, open source developers will still be able to write modules that can encode and decode these formats for at least one or two years (until Longhorn?) as Microsoft can't change their standards that often. If this does happen to be the case, then users will still be able to install these modules on their Linux boxen using repositories like the Penguin Liberation Front, Livna, FreshRpms, Dag Wieers, and Debian Marillat, as these do not worry about patent infringements as much as companies like Red Hat and Mandrake. So Linux is theoretically guaranteed to have perfect compatability with MS Office at the very time when Microsoft won't be releasing new products, hopefully giving Linux the edge when it comes to businesses looking to choose a new OS before the release of Longhorn.
Slashdot Mirror
Uh-oh! Moderators armed with Macs!
;)
Disclaimer - that was a joke
I agree with you - I was just wondering about the specifics. What would you see on a system that would give you just a slight suspicion it had been compromised, rather than knowledge outright? Suspicious activities in the logs? (and what would they be, exactly?) Maybe the sysadmin saved the root password somewhere on his laptop and then left it on the train? That sort of thing...
From TFA:
(By the way, yes, I own a tiny handful of Apple stock. Do I need to advocate for Mac? Hardly. I'm already happy as can be thanks to the success of the brilliant, world-altering iPod.)
Do any of you get the feeling that this article should have been published on MacWorld?
For the most part and for all intents and purposes, Macs are immune. Period.
And we've all been through this argument before. Perfect security only comes when you unplug the network cable (and that's when it's not an insider job). Talking like this will just make people complacent. Although I personally use Fedora, Windows PCs can be pretty good to use, provided you are behind NAT or a firewall and you don't use IE or Outlook Express...
Sending out press releases designed to provoke your suspect is a tried and tested method in law enforcement. What if they had a mission-critical email server that had been hacked but had to stay online no matter what? (Think of secure intelligence channels.) This press release could be to try and prevent him from coming back...
;)
It would also explain how they were able to send the email
According to the BetaNews Article Officials said the actual risk of a system compromise was fairly low. So the question is, what did the sysadmin see that prompted him to shut the system down?
On a side note, I switched to a different bank in 2002, one with no monthly fees. I was amazed at how easy it was to do, and now I must be their most vocal evangelist. I'm constantly reassuring people that they, too, can stop paying monthly services charges to their bank. I think I have six converts so far :)
:D
As far as I am aware, there are no banks in the UK that charge either a setting-up fee or a monthly fee for personal accounts. They make money off the money we let them look after, so why put people off giving you money by charging you to do it? When people I know have heard about countries where there is a monthly fee, they go "WHAT?!?"
Go Blighty!
To clarify, my original post *was* actually meant to be funny. Sheesh! ;)
The iPod has the best user interface and best looks of any hard disc player out there. Sure, it doesn't have ogg vorbis support and it is a little expensive, but it still beats all the competition that I'm aware of. It's got tonnes of geek appeal - of course every programmer is going to want one!
If Bill doesn't like it then Microsoft should bring out their own product. It worked with the XBox...
Who will standardise the standardisation of the standards groups?
Most of the comments I've read so far seem to be missing the point. The idea of this security team is to make sure that there aren't any publicly known exploits in the kernel without a patch being available; at the moment this is inevitable if a bug is reported directly to the kernel guys, due to the policy of immediate disclosure.
This move is primarily to stop companies running linux from going to commercial vendors to patch their kernel for them, and thus keeping linux security centralised.
The decision to use blacklists with ActiveX is an unfortunate one. In an environment as fluid as the internet scam industry, there will be vastly more new sites set up than human-controlled blacklisting can stop, especially if web servers are set up on botnets of unsuspecting home XP users. Let's just hope the default rendering engine will be Gecko.
Having said that, there are a few javascript phishing techniques that work perfectly well in Firefox with Gecko...
Let us all hope that Massachusetts doesn't accept Microsoft's formats if they aren't completely open when it undertakes its review of the decision. If Microsoft are seen to have open office formats in the eye of the public when they are not really open, it can only be a bad thing for OpenDocument and other truly open efforts.
Everyone who lives in MA, go and write to your appropriate representative now!
You're right - I probably shouldn't have lumped the two words together so much, even though they have the same linguistic origin. "Lively" was the best compromise fit for both alegre and allegro, and it's how alegre's present meaning is derived - first it became something like "merry" and now it's more like "happy"...
If you're interested in that sort of thing check out the Indo-European Roots Index . It continues to amaze me how much the same word can change over time.
Multimap has it as Porto Alegre. Besides, both alegre and allegro translate to something like "lively", but the former is Portuguese and the latter Italian. Portuguese would seem to be the relevant choice here as it's the main language spoken in Brazil.
Hopefully this will lead to reduced spending on translation by governments and other such organisations - just think how much conducting a meeting of the U.N. must cost in terms of proprietary software. Also you could have simultaneous meetings in different parts of the world both being translated and relayed to each other. The U.N. in New York and Geneva perhaps? Maybe there's a way to do something similar without it descending into chaos :)
Well, it's been two or three years now since it started. It's cleared up a lot, but never really gone completely away. I think I could play the violin seriously again if I wanted to, but it's been too long and I have a different (but not too different!) career path now. Plus it would be a lot of work getting myself into the habit of good posture...
RandomPerson: Hi there.
Me: Hello. What is your name?
RandomPerson: Uh, Jeff. What's yours?
Me: ERROR: TRACEBACK CALL IN ^^^^^
Me: ERROR: NO SIGNAL CARRIER DETECTED
I've tried quite a few Linuces in the last year or so, in the quest of finding that "perfect distro". The most important piece of advice I'd give is *don't* try and update a distro with a source that isn't specifically designed for updating that particular distro. There are just too many things that can go wrong.
:)
For example, I installed a couple of RPMs on my first ever Linux distro, Mandrake 9.2, that I downloaded from an RPM search engine. This worked fine, but after about a month I tried to install some normal Mandrake packages and the package manager kept telling me that I needed to uninstall X, along with a couple of dozen other packages, and then reinstall them, in order to get it working.
Example 2: I installed Knoppix 3.4 on my hard disk and updated it to the latest version using the Vanilla Debian tree. This increased the startup time by about five or ten minutes while some service was busy timing out. I could have probably fixed it myself, but that's not exactly a warm and fuzzy feeling right?
Example 3: I installed Ubuntu Warty Warthog and tried to install Mplayer on it using Debian Marillat. *Nothing* I tried could get it to work. Apt-get just kept failing in a loop of unresolved dependencies.
Out of these failures I have learned that it is best to stick to what is guaranteed to work, and to make backups just in case that fails too!
Of course, a good package manager is necessary as well. Out of the package managers I've tried I like Debian and apt-get, Fedora Core (and I assume Red Hat Enterprise Linux) and Yum (Apt-get also works well for these), and Mandrake and Urpmi. I've tried Gentoo and Emerge, but I don't like the way it (doesn't) handle config files. I hope this changes in an Emerge version soon...
Of these, the easiest to install are Mandrake and Fedora (and presumably RHEL), which gives them +2 fuzzy karma straight away. And if you're into security, Fedora has firewall and SELinux setup built into the installer...
I've never tried SuSE though
I have tendonitis in the little finger of my left hand as a result of playing the violin. I used to play the violin for two or three hours each day, and some of the music was very strenuous. Like some of the previous posts have said, if you do anything too much you can get tendonitis. However, some things are definitely worse than others in this regard. I once heard the leader of the Lindsay String Quartet say that if the violin was a modern invention, then it would probably be forbidden by an E.U. directive - to play it properly you have to twist your left wrist through 180 degrees, almost.
Despite its reputation, many people play the violin for a living, and many of those never have any problems with tendonitis. This is because in spite of the risks involved with playing, there are plenty of people who find a position that's comfortable to play in; it is the people who twist their wrists *right* round, and press their fingers down *really* hard that get into trouble (like me). So the people arguing that there is no problem and the people arguing that some devices are unsafe to use are really both partially right - it is both the device and your posture that affects your likelihood of developing tendonitis.
If you start to have pain from using your blackberry/keyboard/mouse/whatever, you should immediately rest it. And I'm talking about days, not minutes. Also, whatever happens, even acute tendonitis clears up after a year, so don't worry too much, although I always think my little finger is a bit stiffer than it used to be...
I'm intrigued that a cement company is the most well-known brand in Latin America - it seems unusual that such an industrial commodity has managed to become a household name even though most people will have never bought any of their products directly. Maybe this reflects the amount of construction occurring in these nations at the moment?
While it may not be legally binding, I'd say it's enough permisssion for the layman, and I think it could be argued in court
Even if Microsoft suddenly backtracks on their position, open source developers will still be able to write modules that can encode and decode these formats for at least one or two years (until Longhorn?) as Microsoft can't change their standards that often. If this does happen to be the case, then users will still be able to install these modules on their Linux boxen using repositories like the Penguin Liberation Front, Livna, FreshRpms, Dag Wieers, and Debian Marillat, as these do not worry about patent infringements as much as companies like Red Hat and Mandrake. So Linux is theoretically guaranteed to have perfect compatability with MS Office at the very time when Microsoft won't be releasing new products, hopefully giving Linux the edge when it comes to businesses looking to choose a new OS before the release of Longhorn.
It may interest you to know that one of my family once bought a personal alarm (which has never actually been used), advertised as:
"Squeeze Alarm with Lite"
The "Lite" refers to a flashlight on the front...
"Don't try to control your user's behaviour if you don't need to."
...because this often makes him annoyed.
Extract from "The LotusNotes Single-user Software Deployment Guide".