An interestingly enough, that 1% of the people drive the continual development of those advanced tools.
I don't think it's that 99% of people don't use them, I think it's that 99% of documents don't use them, but for the ones that do, they're very important.
Ignoring the possibility that by the time we have space battles, we won't be able to eliminate our exposed profile by hiding in a convenient dimension somewhere
I just watched a news report talking about a golf course here in residential New Jersey that's having their own private hunters come in and thin the population. They've got three weeks scheduled a few weeks apart, and they have optional dates scheduled after that.
Needless to say, the people who previously paid high prices for course-side houses are a bit nervous;-)
Frankly, I find it amazing that Usenet is still on anyone's radar. Even the alt.binaries groups. It's been a long time since I've found an ISP that includes a free usenet server. The reliable ones are the ones that you have to pay for, and honestly, if you're going to pay to pirate things, you're probably doing it wrong.
My only wish is that eSATA was supported on more servers. Sometimes the best way to transfer data between two places that don't have a lot of bandwidth is sneakernet. USB2 is much better than USB1.1, but eSATA across the board would be great.
USB3 is welcome. It'll probably be forever before it's standard on servers, though.
Yes, it can be a PITA. It can also allow you to authenticate against a centralized...well, pretty much anything....I use Active Directory.
The "dangers" are far outweighed by the advantages. I quit using slackware once I got to around 30 servers; I wasn't willing to continue to administer users the way I had been. I switched to CentOS and have been very happy since then. I miss the simplicity of Slackware, but that same simplicity precluded it from my network.
If you've got an idea for a book you want to write, what's the recommended method? Apply to an array of publishers at once, or work your way down the line in order of preference?
Yeah, I know, I nearly cancelled the post after I wrote it.
Desktop Windows/is/ Windows, but Windows Servers are far more inherently secure than Windows Desktops, simply by the way that they're operated. It was a bad comment.
------------------- Mitigation ----------------------- Recent kernels with mmap_min_addr support may prevent exploitation if the sysctl vm.mmap_min_addr is set above zero. However, administrators should be aware that LSM based mandatory access control systems, such as SELinux, may alter this functionality. It should also be noted that all kernels up to 2.6.30.2 are vulnerable to published attacks against mmap_min_addr.
I have checked my default Ubuntu and CentOS/RHEL boxes, and both of them are set well above 0:
------------------- Mitigation ----------------------- Recent kernels with mmap_min_addr support may prevent exploitation if the sysctl vm.mmap_min_addr is set above zero. However, administrators should be aware that LSM based mandatory access control systems, such as SELinux, may alter this functionality. It should also be noted that all kernels up to 2.6.30.2 are vulnerable to published attacks against mmap_min_addr.
From reading the docs, it sounds like it would be difficult to exploit via web browser, since it requires a local account.
Now, if you compromised the web server using a vulnerability, and used the web server's account, you could have escalated yourself to root and done what you wanted then.
Slashdot Mirror
An interestingly enough, that 1% of the people drive the continual development of those advanced tools.
I don't think it's that 99% of people don't use them, I think it's that 99% of documents don't use them, but for the ones that do, they're very important.
Would you like to know more?
I'm pretty sure that's what happened in starship troopers, the movie if not the book.
Ignoring the possibility that by the time we have space battles, we won't be able to eliminate our exposed profile by hiding in a convenient dimension somewhere
it'll definitely blow that Diet Coke / Mentos video out of the water...
I would guess that most hard core Linux users are out of the scope of this discussion, since there's no chance they'd buy Microsoft wares anyway.
I just watched a news report talking about a golf course here in residential New Jersey that's having their own private hunters come in and thin the population. They've got three weeks scheduled a few weeks apart, and they have optional dates scheduled after that.
Needless to say, the people who previously paid high prices for course-side houses are a bit nervous ;-)
The laws of thermodynamics disagree with you.
Frankly, I find it amazing that Usenet is still on anyone's radar. Even the alt.binaries groups. It's been a long time since I've found an ISP that includes a free usenet server. The reliable ones are the ones that you have to pay for, and honestly, if you're going to pay to pirate things, you're probably doing it wrong.
Until what point? You can't consistently say "increase the temperature to decrease the MTBF".
You'll end up with molten slag.
You know, very technically speaking, solar power IS nuclear power...
"maybe there's water"
I"we think there's water"
"we're pretty sure there's ice"
"the ice is probably water"
"there's definitely water in the ice"
"this ice is entirely water"
"this ice is Disani"
"Evian. '72, I suspect"
My only wish is that eSATA was supported on more servers. Sometimes the best way to transfer data between two places that don't have a lot of bandwidth is sneakernet. USB2 is much better than USB1.1, but eSATA across the board would be great.
USB3 is welcome. It'll probably be forever before it's standard on servers, though.
Yes, it can be a PITA. It can also allow you to authenticate against a centralized...well, pretty much anything....I use Active Directory.
The "dangers" are far outweighed by the advantages. I quit using slackware once I got to around 30 servers; I wasn't willing to continue to administer users the way I had been. I switched to CentOS and have been very happy since then. I miss the simplicity of Slackware, but that same simplicity precluded it from my network.
I'm pretty sure I would stab that keyboard in short order. Unless it knows unix commands, of course.
t.im
?
If you've got an idea for a book you want to write, what's the recommended method? Apply to an array of publishers at once, or work your way down the line in order of preference?
No *true* scotsman would use a Windows machine without an NT kernel.
Ducktails the movie.
I remember that. It was a good one.
Yeah, I know, I nearly cancelled the post after I wrote it.
Desktop Windows /is/ Windows, but Windows Servers are far more inherently secure than Windows Desktops, simply by the way that they're operated. It was a bad comment.
From http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html:
-------------------
Mitigation
-----------------------
Recent kernels with mmap_min_addr support may prevent exploitation if
the sysctl vm.mmap_min_addr is set above zero. However, administrators
should be aware that LSM based mandatory access control systems, such
as SELinux, may alter this functionality.
It should also be noted that all kernels up to 2.6.30.2 are vulnerable to
published attacks against mmap_min_addr.
I have checked my default Ubuntu and CentOS/RHEL boxes, and both of them are set well above 0:
root@Ubuntu:/proc/sys/vm# cat mmap_min_addr
65536
[root@CentOS /proc/sys/vm] cat mmap_min_addr
65536
[root@RHEL /proc/sys/vm] cat mmap_min_addr
65536
From http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html:
-------------------
Mitigation
-----------------------
Recent kernels with mmap_min_addr support may prevent exploitation if
the sysctl vm.mmap_min_addr is set above zero. However, administrators
should be aware that LSM based mandatory access control systems, such
as SELinux, may alter this functionality.
It should also be noted that all kernels up to 2.6.30.2 are vulnerable to
published attacks against mmap_min_addr.
From reading the docs, it sounds like it would be difficult to exploit via web browser, since it requires a local account.
Now, if you compromised the web server using a vulnerability, and used the web server's account, you could have escalated yourself to root and done what you wanted then.
Yeah, I can't buy this, and neither should you.
Really, just because they're not common knowledge doesn't mean that no one has found them.
Excellent. My old 2.2-based Slack 8 boxes should be fine, too.
Can't trust that new-fangled 2.4 stuff. USB support? Who needs it!