A major element of security (IMHO) would be not sending the password in plaintext over the wire. I use APOP, which uses an MD5 challenge/response based system (and is covienetly supported by fetchmail). IIRC some IMAP versions also support encrypted or challenge/response authentication (and maybe even encryption the data itself?).
Eudora also supports APOP, IIRC. And with a PGP plugin you're not doing too bad.
My users better thank me every time they even think about using the machines, or bad things will happen (due to, um, solar flares. Yeah, that's what deleted their account).
The only significant obstacle I can think of is the graphics toolkit; with that in mind, I think it'd be interesting to begin a project to provide compatibility layers for all the common graphics toolkits - GTK, Qt, Tk (as in Tcl/ or Perl/), and so on - under OSX.
I hear GTK+ 1.4 is going to be pretty portable - specifically, a Mac port is in progress (along with X11, Win32, and BeOS. (And remember - Tk is for Python too!). So that one should be pretty easy (hopefully).
I have no doubt that should I have chosen Gnome, the out-of-the-box experience would have been the same.
For some reason, FreeBSD 4 doesn't have enlightenment. At least the ISO I got from ftp5.freebsd.org, didn't. Nor, IIRC, does it have sawfish.:( [Which is confusing because the installer gave GNOME/enligthenment as an option!]
if you can insert a cdrom and read english, you can install openbsd in a few minutes.
True true. I actually found OpenBSD easier to install than FreeBSD. My main complaint with FreeBSD (besides the fact that my CD doesn't have E on it <g>) is that the kernel was quite complicated to build. I keep switching back and forth between my config and LINT trying to figure out which options I needed, whereas with menuconfig I can just hit the help option and (most of the time) it will explain what's going on. Also all of the options in menuconfig are visible, which means I know what's there and what's not. Also the hardware detection at install time wasn't nearly as smooth as that on a recent RH on my machine (I didn't have to do anything for RH to set itself up, whereas FreeBSD needed a lot of info about my ethernet card, and couldn't set up the sound card at all).
OK, not trying to start a flamewar here (though I think that for this story, that may be an impossiblity). But was anyone really expecting *BSD to just roll over and die in the face of Linux? BSD has one badass TCP/IP stack, and it can't be much of a suprise that it did well. Keep in mind, readers and moderators, that I mostly use Linux. I'm not trying to be a BSD evangelist. I feel that FreeBSD 4s user-friendlyness is fairly low comared to, say, RH 6.2. But OTOH the *BSDs, especially FreeBSD, seem to really try and make their networking fast as hell (and the succeed).
Simliarly, the fact that Solaris cleaned up in the SQL test shouldn't be suprising.
BTW, some of those graphs were really hard to read, but in some didn't 2.2 wildly outperform 2.4? Specifically Seite 34, parellel compiling, real time. I'm confused!
Our school district bought us brand new pentium(when that was impressive) systems, and (because the budget wasn't there to pay someone to set them up) put them in a warehouse for a year and a half. Our CS class would have been happy to set up the machines for free anything to get off the decrepit old machines we were using.
Sounds like my high school. Hah. Glad to be out of there. At least in the 'real world' (wherever that is), when you get a new machine you can use the damned thing.
They were probably scared you might learn or something. Seriously, the school board prohibited my high school from teaching programming, on the basis that we would all become 'hackers' (which we would, but they didn't mean it like that). People don't like to feel dumb, especially by people that _they're_ supposed to be teaching.
You just can't assume the ISP is going to do it right. If you're really concerned (which you should be if you're on DSL or cable), get a 486 or Pentium or 68K or whatever, put Linux or *BSD on it, and set it up as a firewall between your bridge and your internal network. That way you can _know_ it's safe, not to mention the fact that you can prevent your ISP from scanning you.:)
Where and what is the CPU that Linux is running on? The military surplus chips are OK for the actually modeling (though AFAIK you'd need to heavily hack the SETI clients so they'd use them properly), but Linux would need ARM or something like that to run off, right? I guess you can power a Pentium off a PCI bus (they do it on a bunch of Ultra 5s at work anyway), but I'm curious what they're actually using, esp. since those other chips probably suck a lot of power as well. 6 APICs + a general purpose CPU is a lot of power and heat! The FAQ doesn't mention anything about it.
Still, Slashdot did post a "benchmark comparison" study a couple months ago, which found that text parsing "as written by experienced, competent programmers" in C didn't hold up against Perl's text parsing.
That would depend on whether or not Perl's regex code is as good as / better than the POSIX regex(3) functions. And if glibc's regex(3) isn't as good as Perls code, they (they being the GNU folks) need to steal it from Perl ASAP.
I agree that it's a little weird to benchmark something against its parent. Maybe what they meant is "PERL handles text better than YOU."
Given the correct modules, Perl also programs Perl better than I do.:)
I'm wondering how long and how well a virus could survive and spread if those were its only goals.
If it really has no purpose, who cares? Except for curiously, which IMHO is not worth the trouble of risking jail time (after all, you are probably still violating any virus-writing laws). And if they tried to communicate with each other I'm sure they would be found out quickly, as that matches the pattern of a DDOS system.
Nice to see that we have the first ever 100% bug-free piece of non-trivial software: it's EROS! I guess you just install that once and then forget about it? No security updates or anything like that?
Calm down guy. It's just a research OS.:)
Not to knock you completely. Capabilities make for a very nice security system, but if you think that it will *ever* be completely secure, or completely impervious to malicious code, which is what the OP was asking, you're kidding yourself.
Obviously not. OTOH, cap-based systems are more likely to be secure than uid/gid/ACL based systems. Which certainly is a start.
The best strategy would be to lie low, staying as much out of sight as possible, and continue reproducing when possible.
And, if the writer was of malicious intent, wait a month (or whatever), then do a low level format of all local disks on a Sunday at 4 in the morning. Be interesting to wake up one morning and find out a third or half of all computers worldwide got wiped. Especially if it spread via multiple methods (ie, Outlook bugs, trojaned EXEs [little games or whatever], etc, and each method knew how to spread the others) - ie, someone downloads a trojan, and then when the next time they run Outlook it starts spreading itself through that, mailing itself to others. And polymorphic behaviour (ie, choosing from a few dozen different subjects/messages, not just "I LOVE YOU") would reduce the chance of discovery, giving it a chance to spread before detonating.
And if the writer took a few psych classes (or has a gift for social engineering), oh, man, we'd be _so_ fscked.:)
Remember, they intentionally went for a PG-13 rating to get the kids in there (yes, some comic book fans are children).
True, but:
A) Late teens/early 20s types tend to be the most rabid comic book/cartoon fans. To the level that some of my friends will start screaming in rage at anyone who tries to tell them Beast Wars is bad (OK, I do that too). Of course pleasing them could be harder too, particularly people who read the comic a lot.
B) Aforementioned late teens/early 20s people will have more money than a 12 year old (hopefully!). I'm not too sure I'm going to go, especially when I can go rent some good anime down at the local video place (cheaper too). OTOH, maybe I would go if it looked like it was going to be really good (more depth, etc).
just as many ADULTS that got pissed that Battlefield Earth was so crummy
Oh, come on, you were suprised? I never saw it (or read the book), but the plot summaries I read sounded like it was one of the worst plots ever created. I guess I didn't expect it to be _that_ bad, but expecting the next Star Wars (even episode 1) from a book that only sold copies because it was written by you-know-who is a little excessive, if you see what I mean.
Hopefully they'll do Lord of the Rings much better.
When i visit my parents in CT, however, you can't do a thing without a car. Now, of course, people outside of cities *could* constrcut decent mass transit, but they don't, and that's fine
I've love it if I could catch a bus or train from my old house to Eugene or Portland (OR) [I'm living in Baltimore now]. However, living in [actually 4 miles away from] a town with ~600 people, that quite simply is not happening. It's not a choice, it's economic reality. The large cost [garages, busses, you need a whole infrastructure] wouldn't justify the relatively few people who would use it (unless the entire town took off for Portland every weekend, which of course is not likely).
That isn't true for a lot of places (suburbs, for instance, where I think they should have public transit), but don't generalize so much. s/outside of cities/in suburbs/, and I'll agree with what your saying, but it's not the case that people live in either a city or a suburb.
I don't know if Windows has a similar feature or not.
Hopefully any Windows machines that are actually pingable on a normal basis (ie LAN, DSL, etc) are running behind a Linux or *BSD based firewall (not necessarily to block ping [IMHO it has too many legit uses to block], but to block all the other crap that's out there). In fact that ought to be the case for any small network, no matter what OS it's running. I know when my roomates and I get a DSL line a 486 with a pair of NICs and OpenBSD is going to go between the bridge and the switch.
BTW, DOS-ish based Windows (95/98/ME, etc) can't block anything without third party tools AFAIK. I think NT may be in that group as well (not real sure either way about that). I'm pretty sure 2000 has basic filtering abilites for ICMP as wells as TCP/UDP built in.
On the Linux side you might have (for instance) an S390 with a terabyte or two of RAM. Then just start loading them down with network clients until they start to stagger.
LOL. Or maybe one of those 32 way Wildfire clusters.:)
Know a guy who works there, says they have these little rackmounts with the CPU/etc, a UPS, and satellite hookup all in one thing. The only plugs in the back are 2 RJ45s and 2 power cables. I want one.:)
Slashdot Mirror
A major element of security (IMHO) would be not sending the password in plaintext over the wire. I use APOP, which uses an MD5 challenge/response based system (and is covienetly supported by fetchmail). IIRC some IMAP versions also support encrypted or challenge/response authentication (and maybe even encryption the data itself?).
Eudora also supports APOP, IIRC. And with a PGP plugin you're not doing too bad.
o GCC 2.96
How's this? gcc.gnu.org says:
GCC 2.95.2 is the current release.
And the snapshots have been 2.95.3-somedate, not 2.96. I know you guys own Cygnus which is a major player in gcc development, but what's going on?
My users better thank me every time they even think about using the machines, or bad things will happen (due to, um, solar flares. Yeah, that's what deleted their account).
:)
Hehe, I like being a BOFH.
GNOME is pretty cool, but you need a stable window manager to run with it, E and sawmill don't even come close.
I've never had problems with either. (BTW, it's called sawfish now).
The only significant obstacle I can think of is the graphics toolkit; with that in mind, I think it'd be interesting to begin a project to provide compatibility layers for all the common graphics toolkits - GTK, Qt, Tk (as in Tcl/ or Perl/), and so on - under OSX.
I hear GTK+ 1.4 is going to be pretty portable - specifically, a Mac port is in progress (along with X11, Win32, and BeOS. (And remember - Tk is for Python too!). So that one should be pretty easy (hopefully).
I wish they would not release anything for atleast 60 days after I buy it/install it/upgrade it!
:( That always seems to happen. I bought a OpenBSD 2.5 CD once, and 2.6 came out the next week.
Really, I installed 4.0 last week!
Unlike Linux distributions, FreeBSD can be installed over the net. No need to buy or burn stupid installation CDs.
Dumass. You can install Redhat over NFS, FTP, or HTTP, and probably most other distros are the same.
I have no doubt that should I have chosen Gnome, the out-of-the-box experience would have been the same.
:( [Which is confusing because the installer gave GNOME/enligthenment as an option!]
For some reason, FreeBSD 4 doesn't have enlightenment. At least the ISO I got from ftp5.freebsd.org, didn't. Nor, IIRC, does it have sawfish.
Hopefully that got fixed in 4.1
if you can insert a cdrom and read english, you can install openbsd in a few minutes.
True true. I actually found OpenBSD easier to install than FreeBSD. My main complaint with FreeBSD (besides the fact that my CD doesn't have E on it <g>) is that the kernel was quite complicated to build. I keep switching back and forth between my config and LINT trying to figure out which options I needed, whereas with menuconfig I can just hit the help option and (most of the time) it will explain what's going on. Also all of the options in menuconfig are visible, which means I know what's there and what's not. Also the hardware detection at install time wasn't nearly as smooth as that on a recent RH on my machine (I didn't have to do anything for RH to set itself up, whereas FreeBSD needed a lot of info about my ethernet card, and couldn't set up the sound card at all).
OK, not trying to start a flamewar here (though I think that for this story, that may be an impossiblity). But was anyone really expecting *BSD to just roll over and die in the face of Linux? BSD has one badass TCP/IP stack, and it can't be much of a suprise that it did well. Keep in mind, readers and moderators, that I mostly use Linux. I'm not trying to be a BSD evangelist. I feel that FreeBSD 4s user-friendlyness is fairly low comared to, say, RH 6.2. But OTOH the *BSDs, especially FreeBSD, seem to really try and make their networking fast as hell (and the succeed).
Simliarly, the fact that Solaris cleaned up in the SQL test shouldn't be suprising.
BTW, some of those graphs were really hard to read, but in some didn't 2.2 wildly outperform 2.4? Specifically Seite 34, parellel compiling, real time. I'm confused!
Our school district bought us brand new pentium(when that was impressive) systems, and (because the budget wasn't there to pay someone to set them up) put them in a warehouse for a year and a half. Our CS class would have been happy to set up the machines for free anything to get off the decrepit old machines we were using.
Sounds like my high school. Hah. Glad to be out of there. At least in the 'real world' (wherever that is), when you get a new machine you can use the damned thing.
They were probably scared you might learn or something. Seriously, the school board prohibited my high school from teaching programming, on the basis that we would all become 'hackers' (which we would, but they didn't mean it like that). People don't like to feel dumb, especially by people that _they're_ supposed to be teaching.
You just can't assume the ISP is going to do it right. If you're really concerned (which you should be if you're on DSL or cable), get a 486 or Pentium or 68K or whatever, put Linux or *BSD on it, and set it up as a firewall between your bridge and your internal network. That way you can _know_ it's safe, not to mention the fact that you can prevent your ISP from scanning you. :)
wonderfully stable, efficient, inexpensive and highly secure operating systems as Windows 2000.
:)
I'm not sure whether to laugh hysterically or cry at the thought of someone trying to install 2000 on a SGI box.
Where and what is the CPU that Linux is running on? The military surplus chips are OK for the actually modeling (though AFAIK you'd need to heavily hack the SETI clients so they'd use them properly), but Linux would need ARM or something like that to run off, right? I guess you can power a Pentium off a PCI bus (they do it on a bunch of Ultra 5s at work anyway), but I'm curious what they're actually using, esp. since those other chips probably suck a lot of power as well. 6 APICs + a general purpose CPU is a lot of power and heat! The FAQ doesn't mention anything about it.
maybe I'll just load the SETI client at work on our Sun E-10000 production box....
:)
Yeah, I've been tempted to install distrbuted.net clients on all the machines at work. 10000 kkeys, here I come!
Still, Slashdot did post a "benchmark comparison" study a couple months ago, which found that text parsing "as written by experienced, competent programmers" in C didn't hold up against Perl's text parsing.
:)
That would depend on whether or not Perl's regex code is as good as / better than the POSIX regex(3) functions. And if glibc's regex(3) isn't as good as Perls code, they (they being the GNU folks) need to steal it from Perl ASAP.
I agree that it's a little weird to benchmark something against its parent. Maybe what they meant is "PERL handles text better than YOU."
Given the correct modules, Perl also programs Perl better than I do.
I'm wondering how long and how well a virus could survive and spread if those were its only goals.
If it really has no purpose, who cares? Except for curiously, which IMHO is not worth the trouble of risking jail time (after all, you are probably still violating any virus-writing laws). And if they tried to communicate with each other I'm sure they would be found out quickly, as that matches the pattern of a DDOS system.
Nice to see that we have the first ever 100% bug-free piece of non-trivial software: it's EROS! I guess you just install that once and then forget about it? No security updates or anything like that?
:)
Calm down guy. It's just a research OS.
Not to knock you completely. Capabilities make for a very nice security system, but if you think that it will *ever* be completely secure, or completely impervious to malicious code, which is what the OP was asking, you're kidding yourself.
Obviously not. OTOH, cap-based systems are more likely to be secure than uid/gid/ACL based systems. Which certainly is a start.
The best strategy would be to lie low, staying as much out of sight as possible, and continue reproducing when possible.
:)
And, if the writer was of malicious intent, wait a month (or whatever), then do a low level format of all local disks on a Sunday at 4 in the morning. Be interesting to wake up one morning and find out a third or half of all computers worldwide got wiped. Especially if it spread via multiple methods (ie, Outlook bugs, trojaned EXEs [little games or whatever], etc, and each method knew how to spread the others) - ie, someone downloads a trojan, and then when the next time they run Outlook it starts spreading itself through that, mailing itself to others. And polymorphic behaviour (ie, choosing from a few dozen different subjects/messages, not just "I LOVE YOU") would reduce the chance of discovery, giving it a chance to spread before detonating.
And if the writer took a few psych classes (or has a gift for social engineering), oh, man, we'd be _so_ fscked.
Remember, they intentionally went for a PG-13 rating to get the kids in there (yes, some comic book fans are children).
True, but:
A) Late teens/early 20s types tend to be the most rabid comic book/cartoon fans. To the level that some of my friends will start screaming in rage at anyone who tries to tell them Beast Wars is bad (OK, I do that too). Of course pleasing them could be harder too, particularly people who read the comic a lot.
B) Aforementioned late teens/early 20s people will have more money than a 12 year old (hopefully!). I'm not too sure I'm going to go, especially when I can go rent some good anime down at the local video place (cheaper too). OTOH, maybe I would go if it looked like it was going to be really good (more depth, etc).
just as many ADULTS that got pissed that Battlefield Earth was so crummy
Oh, come on, you were suprised? I never saw it (or read the book), but the plot summaries I read sounded like it was one of the worst plots ever created. I guess I didn't expect it to be _that_ bad, but expecting the next Star Wars (even episode 1) from a book that only sold copies because it was written by you-know-who is a little excessive, if you see what I mean.
Hopefully they'll do Lord of the Rings much better.
Amen.
When i visit my parents in CT, however, you can't do a thing without a car. Now, of course, people outside of cities *could* constrcut decent mass transit, but they don't, and that's fine
I've love it if I could catch a bus or train from my old house to Eugene or Portland (OR) [I'm living in Baltimore now]. However, living in [actually 4 miles away from] a town with ~600 people, that quite simply is not happening. It's not a choice, it's economic reality. The large cost [garages, busses, you need a whole infrastructure] wouldn't justify the relatively few people who would use it (unless the entire town took off for Portland every weekend, which of course is not likely).
That isn't true for a lot of places (suburbs, for instance, where I think they should have public transit), but don't generalize so much. s/outside of cities/in suburbs/, and I'll agree with what your saying, but it's not the case that people live in either a city or a suburb.
I don't know if Windows has a similar feature or not.
Hopefully any Windows machines that are actually pingable on a normal basis (ie LAN, DSL, etc) are running behind a Linux or *BSD based firewall (not necessarily to block ping [IMHO it has too many legit uses to block], but to block all the other crap that's out there). In fact that ought to be the case for any small network, no matter what OS it's running. I know when my roomates and I get a DSL line a 486 with a pair of NICs and OpenBSD is going to go between the bridge and the switch.
BTW, DOS-ish based Windows (95/98/ME, etc) can't block anything without third party tools AFAIK. I think NT may be in that group as well (not real sure either way about that). I'm pretty sure 2000 has basic filtering abilites for ICMP as wells as TCP/UDP built in.
On the Linux side you might have (for instance) an S390 with a terabyte or two of RAM. Then just start loading them down with network clients until they start to stagger.
:)
LOL. Or maybe one of those 32 way Wildfire clusters.
(cidera skycache rocks my world)
:)
Know a guy who works there, says they have these little rackmounts with the CPU/etc, a UPS, and satellite hookup all in one thing. The only plugs in the back are 2 RJ45s and 2 power cables. I want one.