PGP won't provide you security either if you have a crummy password.
From a signature on Buqtraq: Security isn't a program, it's a process.
But even open source software can't totally save you.
OpenSSH didn't suffer from the same short password problem commercial SSH Secure Shell did. They have different licenses yes, but those aren't the only differences.:-)
Nonsense, it just takes one step out of the process. Have you read eEye's Analysis of Code Red? He didn't have the source, but he accurately predicted what it did and what would happen.
And look, IIS is closed sores, and they still managed to get into a bundle of crap.
Linus said: Given enough eyeballs, any bug is shallow.
Hiding the source just cuts down the number of eyeballs.
Indeed, it isn't as bad as it appears. Only a fraction of the inspected places got shut down. It could only be for faulty wiring on the appliances I hope.;-)
I gotta say that using POP to send mail is a daft idea. (Which is what your last paragraph seems to imply.)
There are ways of authenticating SMTP sessions using various bits and bobs, so why not use that? Then include some sort of header saying what the ACTUAL source was, beside the ENVELOPE source (which is fairly arbitary).
Mistake number 5. The "We'll Ship It When It's Ready" syndrome. Which reminds me. What the hell is going on with Mozilla? I made fun of them more than a year ago because three years had passed and the damn thing was still not out the door.
I made fun of them, too. Until it turned out that its function at AOL was to serve as a bargaining chip with Microsoft. It did its job. And I don't think you can fault them for not releasing those horrific 0.9 versions as 1.0. You can fault them for taking so long to make it usable.
I think Mozilla is doing the right thing. They are telling people to hold onto their hats until the finished version comes along. They could alternatively release version 5.0, then patch it multiple times with Service Packs and eventually get to 5.50.4xxx - but that is what MS does.
For those daring people (that would include myself) it's all class to download a new Mozilla every two months and use it daily. I'm doing that right now. It's stable, it's good.
BTW, I haven't got any complains about Mozilla 0.9.2. I've been using it since its release, and it's all class. I don't know why they don't bump the version number up.:-) Must be all my Bugzilla reports...
If you're using that beauty of web-browsing 'Lynx', just hit 'z' to stop loading, then 'BACK' or 'qq' to run away.
If you have Mozilla or IE on Windows, then 'ALT'+'F4' does the trick. Using 'F11' on a full-screened IE, or 'ALT'+'SPACE','R' will also work wonders. (Replace 'R' with 'C' to Close instead of Restore the window.)
There is also a settings trick in Mozilla that stops pop-up windows.
This brings up an even larger issue: if there is something that can only be accomplished one way, and people are likely to find the solution independently, should such a thing even be copyrightable (if that's a word)?
If the implementations are exactly the same, right down to the symbols, then that would definately warrant a raised eyebrow. It should still be licensable of course. Otherwise someone could write a similiar implementation to, lets say a method of sharing files between windows machines, and then because their fresh implementation resembled the preexisting item, the preexisting developers would be forced to give their code away.
That might be hard to understand. I'll try saying it again.:-) If I write a program B that performs the same as program A, does the author of A have to give his code away because A & B are so similiar? See, it doesn't make sense like that.
BTW, I once thought I'd lost some code, so I reimplemented it a few weeks later. When I did find my original code, the original and the reimplementation were near identical, right down to the variable names.:-)
It takes over your damn computer and is way too bulky.
That was a popular 1999/2000 mindrot.
During that time every website was attempting to be the be-all end-all do-all mega-portal. And every install wanted to be on your desktop, on your quicklaunch, on your start menu (in multiple places), in your taskbar, in your favourite, AND IN YOUR FACE DAMMIT.
Probably the only place they didn't end up in was the list of applications to uninstall.
Installation was not too bad (changing all my file associations), but uninstallation was filled with dire warnings about the consequences of uninstalling (including global warming if you remove ozone.dll).
Basically applications bloated. RealPlayer has 1000 features too many. It only has 1015 features, so hmmm, bit bloated there. No I don't want channels, no I don't want news alerts, and no I don't want your advertising.
Have you seen Quicktime 5 now plays MP3s?
Unix's philosophy is to have smaller discrete applications doing small bites in the command chain. How often do you see a command:
[user@unixhost]$ ps auxww | grep user | grep 142.. | sort | less
See, four small applications to do one thing, and they do that well.
On the other hand, if that was done by a Windows engineer, it would be similiar to:
And that same mind rot is the reason why one application will attempt to do the task of 50 programs, change all your file associations, make its ugly icons appear in 20 different hidey holes, and attempt to do everything from what it is intended to, to making you a cup of coffee and juicing your oranges!
(Especially bad when you don't have any oranges, and you don't like instant coffee.)
1.5 minutes for you. How long do you think it'll take my Grandma to do the same? My Mum? My Dad?
Na it ain't going to happen for them.
They'll stick with the defaults the all-knowing MS serves up and won't fiddle with them. Although I did nearly catch Dad downgrading to Navigator 4 at the suggestion of a website he was visiting.
And if the parents don't teach them this stuff, well tough.
Down here in.nz there was a fussy back in '99 I think where the government attempted to introduce some "social responsibility" garbage.
I'll put it simply: The goverment thinks we are morons. They think they need to step in to help save us from ourselves.
No, adding beaurecracy doesn't solve the problems. It just causes more paper work. There is a place for kids to be taught by their parents, and shovelling more and more responsiblity onto already overworked school teachers doesn't solve anything.
Of only this sort of thing happened to the annoying teeny boppers in skimpy clothing. I might venture out into the big room with the blue ceiling more often. (R18 clubs are acceptable - kinda.)
I give each of my friends an address exclusively for their use, and have my filters in mutt setup to change my From: line for each message I send.
If I do eventually get spam on an email address, it isn't too difficult to trace down who that forwarded on to me that message that was forwarded on to an unscrupulous person.
MySQL spawns another child process for each connection to the database. If you use one mysql_connect() in your code, then you'll be communicating with only one mysqld.
While I don't have a tipping jar on my website, I get a fair number of visitors, and their are opportunities for people to rate any of my pages at the bottom of the page.
Something in the vast number of resources "out there" has lead people to take each resource fairly much for granted. If I find a one stop shop for all my humour needs (Suck and uComics... er, that's two stops) then I'll be willing to split my money between them.
I enjoyed reading Citizen Dog on uComics so much that I went out and bought the books and will buy the third book when I get the money. Total will come to a tad under $NZ60. $60 for one comic strip, no worries.
But with 50 sites pandering to my humour needs: Red Meat, Dilbert, Suck, Adam @ Home, User Friendly, Calvin & Hobbes, Dick Tracy, Boondocks, that Max comics strip thingy, etc, I am not going to split my humour budget 50 ways.
In the section called 'Exclude Stories from Homepage' select all the items you wish to exclude. I'd recommend ticking 'JonKatz' in the authors column. If you dislike spam, you can find that in the 'topics' column.
At the bottom of the page click 'Save Home'
And presto! Just like that you've filtered the content on the front page. There aren't any advanced filters, eg, filtering out spurious stories, repeats, or April Troll's day messages. But those require quite a bit of computing power.
The other alternative is to shut up and stop reading Slashdot! Comment on the story, don't comment on the comments on the comments, or the commentary on the story, or the comments on the commentary on the story.
P.S. Thank you Motorola. You do a great job. I'd also like to applaud Motorola's web team. When I sent a complaint regarding javascript dependance I was cc'd in a bit of inter-staff communication on the topic as they worked to resolve it. Props to ya guys!:-)
Go tell that to all the people running 'net cafes out there.
Go anywhere in New Zealand - even the tiny little out-of-the-way towns - and you'll be able to purchase Internet access at very reasonable rates. Even if it is a side room on a dial-up line at a local information center.
It's cheap, it's everywhere, and it's now.
Must remember to take my server SSH key fingerprint with me on a piece of paper...
Slashdot Mirror
From a signature on Buqtraq: Security isn't a program, it's a process.
OpenSSH didn't suffer from the same short password problem commercial SSH Secure Shell did. They have different licenses yes, but those aren't the only differences. :-)
Nonsense, it just takes one step out of the process. Have you read eEye's Analysis of Code Red? He didn't have the source, but he accurately predicted what it did and what would happen.
And look, IIS is closed sores, and they still managed to get into a bundle of crap.
Linus said: Given enough eyeballs, any bug is shallow.
Hiding the source just cuts down the number of eyeballs.
Indeed, it isn't as bad as it appears. Only a fraction of the inspected places got shut down. It could only be for faulty wiring on the appliances I hope. ;-)
What RFC describes XTEND and XMIT?
I gotta say that using POP to send mail is a daft idea. (Which is what your last paragraph seems to imply.)
There are ways of authenticating SMTP sessions using various bits and bobs, so why not use that? Then include some sort of header saying what the ACTUAL source was, beside the ENVELOPE source (which is fairly arbitary).
Pure guinness! (er, genius)
It's due to their configuration. Same host name, but it is a different physical server.
http://uptime.netcraft.com/up/graph/?mode_u=off&mo de_w=on&site=windowsupdate.microsoft.com
You'll notice different uptimes - see? Different physical machines.
I think Mozilla is doing the right thing. They are telling people to hold onto their hats until the finished version comes along. They could alternatively release version 5.0, then patch it multiple times with Service Packs and eventually get to 5.50.4xxx - but that is what MS does.
For those daring people (that would include myself) it's all class to download a new Mozilla every two months and use it daily. I'm doing that right now. It's stable, it's good.
BTW, I haven't got any complains about Mozilla 0.9.2. I've been using it since its release, and it's all class. I don't know why they don't bump the version number up. :-) Must be all my Bugzilla reports ...
If you're using that beauty of web-browsing 'Lynx', just hit 'z' to stop loading, then 'BACK' or 'qq' to run away.
If you have Mozilla or IE on Windows, then 'ALT'+'F4' does the trick. Using 'F11' on a full-screened IE, or 'ALT'+'SPACE','R' will also work wonders. (Replace 'R' with 'C' to Close instead of Restore the window.)
There is also a settings trick in Mozilla that stops pop-up windows.
Oh baby, my favourite rant. Nested tables. Lack of ALT tags. Mmmm mmm. Go dob them in to the WAI!
If the implementations are exactly the same, right down to the symbols, then that would definately warrant a raised eyebrow. It should still be licensable of course. Otherwise someone could write a similiar implementation to, lets say a method of sharing files between windows machines, and then because their fresh implementation resembled the preexisting item, the preexisting developers would be forced to give their code away.
That might be hard to understand. I'll try saying it again. :-) If I write a program B that performs the same as program A, does the author of A have to give his code away because A & B are so similiar? See, it doesn't make sense like that.
BTW, I once thought I'd lost some code, so I reimplemented it a few weeks later. When I did find my original code, the original and the reimplementation were near identical, right down to the variable names. :-)
That was a popular 1999/2000 mindrot.
During that time every website was attempting to be the be-all end-all do-all mega-portal. And every install wanted to be on your desktop, on your quicklaunch, on your start menu (in multiple places), in your taskbar, in your favourite, AND IN YOUR FACE DAMMIT.
Probably the only place they didn't end up in was the list of applications to uninstall.
Installation was not too bad (changing all my file associations), but uninstallation was filled with dire warnings about the consequences of uninstalling (including global warming if you remove ozone.dll).
Basically applications bloated. RealPlayer has 1000 features too many. It only has 1015 features, so hmmm, bit bloated there. No I don't want channels, no I don't want news alerts, and no I don't want your advertising.
Have you seen Quicktime 5 now plays MP3s?
Unix's philosophy is to have smaller discrete applications doing small bites in the command chain. How often do you see a command:
[user@unixhost]$ ps auxww | grep user | grep 142.. | sort | less
See, four small applications to do one thing, and they do that well.
On the other hand, if that was done by a Windows engineer, it would be similiar to:
C:\> processlist /a /u /x /ww /user=user /filter=pid:142* /sort /p
And that same mind rot is the reason why one application will attempt to do the task of 50 programs, change all your file associations, make its ugly icons appear in 20 different hidey holes, and attempt to do everything from what it is intended to, to making you a cup of coffee and juicing your oranges!
(Especially bad when you don't have any oranges, and you don't like instant coffee.)
1.5 minutes for you. How long do you think it'll take my Grandma to do the same? My Mum? My Dad?
Na it ain't going to happen for them.
They'll stick with the defaults the all-knowing MS serves up and won't fiddle with them. Although I did nearly catch Dad downgrading to Navigator 4 at the suggestion of a website he was visiting.
Down here in .nz there was a fussy back in '99 I think where the government attempted to introduce some "social responsibility" garbage.
I'll put it simply: The goverment thinks we are morons. They think they need to step in to help save us from ourselves.
No, adding beaurecracy doesn't solve the problems. It just causes more paper work. There is a place for kids to be taught by their parents, and shovelling more and more responsiblity onto already overworked school teachers doesn't solve anything.
Of only this sort of thing happened to the annoying teeny boppers in skimpy clothing. I might venture out into the big room with the blue ceiling more often. (R18 clubs are acceptable - kinda.)
I give each of my friends an address exclusively for their use, and have my filters in mutt setup to change my From: line for each message I send.
If I do eventually get spam on an email address, it isn't too difficult to trace down who that forwarded on to me that message that was forwarded on to an unscrupulous person.
With music? Possibly. If I could get all my music from mp3.com or junior.co.nz, I'd be keen to give it a shot. But the problem is I can't.
I get my music from all over the show - not quite 50 labels, but a fair number of independant as well as more mainstream places.
I think I'd instead tend to pay a reseller, eg, a local music retailer.
My server logs are rotated daily and analysed within an hour of being rotated.
I think I'd better go delete them. They go back to November 2000 and take over a hundred MB at the moment (even with gzipping).
MySQL spawns another child process for each connection to the database. If you use one mysql_connect() in your code, then you'll be communicating with only one mysqld.
While I don't have a tipping jar on my website, I get a fair number of visitors, and their are opportunities for people to rate any of my pages at the bottom of the page.
Something in the vast number of resources "out there" has lead people to take each resource fairly much for granted. If I find a one stop shop for all my humour needs (Suck and uComics ... er, that's two stops) then I'll be willing to split my money between them.
I enjoyed reading Citizen Dog on uComics so much that I went out and bought the books and will buy the third book when I get the money. Total will come to a tad under $NZ60. $60 for one comic strip, no worries.
But with 50 sites pandering to my humour needs: Red Meat, Dilbert, Suck, Adam @ Home, User Friendly, Calvin & Hobbes, Dick Tracy, Boondocks, that Max comics strip thingy, etc, I am not going to split my humour budget 50 ways.
2 ways yes, 50 ways no.
Here's how to filter the content on the Slashdot front page ...
And presto! Just like that you've filtered the content on the front page. There aren't any advanced filters, eg, filtering out spurious stories, repeats, or April Troll's day messages. But those require quite a bit of computing power.
The other alternative is to shut up and stop reading Slashdot! Comment on the story, don't comment on the comments on the comments, or the commentary on the story, or the comments on the commentary on the story.
P.S. Thank you Motorola. You do a great job. I'd also like to applaud Motorola's web team. When I sent a complaint regarding javascript dependance I was cc'd in a bit of inter-staff communication on the topic as they worked to resolve it. Props to ya guys! :-)
No way in heck is the handful of searches I performed yesterday going to be linked to me. What, with millions of queries performed daily?
Indeed it does! However that stops everything that attempts to pop up a window. Including Mozilla's very own bug helper form.
The solution is to disable Javascript then use: this one I believe.
Any website that depends on Javascript should be spurned.
Telecom provides me with a wire to my door. Xtra, Telecom's subsidiary that was blacklisted, has nothing to do with me.
It does seem like a twisted world. Never thought of it like that. :-)
Go tell that to all the people running 'net cafes out there.
Go anywhere in New Zealand - even the tiny little out-of-the-way towns - and you'll be able to purchase Internet access at very reasonable rates. Even if it is a side room on a dial-up line at a local information center.
It's cheap, it's everywhere, and it's now.
Must remember to take my server SSH key fingerprint with me on a piece of paper ...