One of the places I worked also went with the heavenly bodies. However, after Charon (mis-pronounced by everyone as Sharon) we suddenly acquired a Tracey!
As an aside, I've worked at 6 places since, and in none of the places can I remember what a single server did. I still know exactly what Pluto, Arcturus, Jupiter, Altair, Siriius etc all did. It may have been a PITA for new people to work out where a server was, but once you had it, you knew exactly what each server did, and where it was in a memory aided way, not just a "work it out in my head from the name" way. LDNPSDB001 may be clearly(!) a London Production Server with a Database on it, but Arcturus was a DB server for Marketing running DB2, and key to month end campaigns.
I would suggest, given the comments about your sig above my reply, that you may want to insert the missing comma. Unless you have been Linux free for over 10 years.
I am assuming you really meant: Linux, free for over 10 years.
Apologies if I'm wrong and you really don't like Linux.:)
Re:Easy upgrade from Dapper
on
Ubuntu 6.10 is Out
·
· Score: 3, Informative
Also available is kubuntu (for those that like their desktop KDE.
Automatic update procedure is as follows:
1.In Konqueror go to/etc/apt, right click on sources.list and choose Actions -> Edit as Root
2.Change all instances of dapper to edgy
3.Launch a console with K-Menu -> System -> Konsole
4.In the console run: sudo apt-get update
5.In the console run: sudo apt-get dist-upgrade and follow the prompts to upgrade
6.In the console run: sudo apt-get install kubuntu-desktop python-qt3 python-kde3 ubuntu-minimal and follow the prompts to install
7.Reboot your computer
If gnash would allow me to go to video.google.com and view the content then fine and great. But it doesn't, so it isn't. Alternatives and moral viewpoints are fine, but when they don't cut the mustard they aren't alternatives.
As for flash 7 performing flawlessly, try going to the above google site, and see how long it takes you to get annoyed with the out of sync audio.
Yes, yes, yes, to all of the above, but there is one question over software remaining. Video editing. This is the one thing stopping me moving my final system (and my Dad's system) to linux. Pinnacle are not too bad at supplying drivers (or at least they weren't last time I checked) but not software. I've never found anything that could take it's place.
Good idea, tax on petrol. How about you come to UK levels. Quick conversion based on the price I paid this morning would give you levels of $6.28 a gallon. Sound good? Excellent. Lets see GM and Ford sell cars that do 20 mpg with prices that high!
Another statistic suggests that more than 80% of the SSH servers on the
Internet run OpenSSH. I'm wondering if you have ever verified which version
they are running, and what is the average behaviour of an OpenSSH
administrator. Does people update the server as soon as a new release is
available?
Damien Miller:
Funny you mention this, we just completed another version survey with the
assistance of Mark Uemura from OpenBSD Support Japan. The results of this
should be going up on OpenSSH.com soon.
I don't have detailed OpenSSH version histories for usage surveys before
last year's. Certainly the use of paleolithic versions (such as 2.x) is
very infrequent, but beyond this it is difficult to tell how quickly users
update - many vendors will keep relatively ancient versions (such as
3.1p1) on life-support with spot security fixes. This will avoid known
security problems, but it doesn't give their users the benefit of any of
the proactive work that we do, nor any of the new features.
It is worth noting that OpenBSD, which has a very conservative policy on
its stable trees, typically updates supported OpenBSD releases to the
latest OpenSSH version when it is released.
Being very popular means also being a good platform for a worm. Did you
adopt any specific measures to fight automated attacks?
Damien Miller:
Privilege separation alone probably makes a worm targeting a bug in sshd
impractical. An attacker would need to break into the unprivileged sshd
process that deals with network communications and, because this just
gives them access to an unprivileged and chrooted account, then exploit
a second vulnerability to either break the privileged monitor sshd or
escalate privilege via a kernel bug. This would add a fair amount of
complexity, fragility and size to a worm - it would probably need to
implement a fair chunk of the SSH protocol just to propagate.
We also implemented self re-execution at the c2k4 Hackathon. This
changes sshd so that instead of forking to accept a new connection, it
executes a separate sshd process to handle it. This ensures that any
run-time randomizations are reapplied to each new connection, including
ProPolice/SSP stack canary values, shared library randomizations, malloc
randomizations, stack gap randomizations, etc.
Without re-exec, all sshd child processes would share the same
randomizations. This would allow an attacker to exhaustively search for
the right offsets and values for their exploit by making many
connections (millions probably) to the server. With re-exec, each time
they connect the values will all be different so there is no guarantee
that they will ever stumble upon the right combination.
Another security improvement, just introduced in openssh-4.2 was the
"zlib@openssh.com" compression method. This was an idea that Markus
Friedl had after the last zlib vulnerability was published.
The SSH protocol has supported zlib compression for a long time, but the
standard "zlib" protocol method requires this to be started early in the
protocol: after key exchange, but (critically) before user
authentication successfully completed. This exposes the compression code
to unauthenticated users.
Our solution is to define a new compression method that still performs
zlib compression, but delays its start until after user authentication
has finished, so only authenticated users get to see it. This is another
significant reduction in attack surface with effectively zero
performance impact. This also makes the writing of a worm that targets
the zlib code in OpenSSH impossible.
Did you develop any measure to fight timing based attacks?
Damien Miller:
There are two classes of timing attacks, one of which matters and the
other is not so important.
The not so important timing attacks allow active detection of which
usernames are valid by differing timings i
In issue 74 of Linux Format, on the shelves now, we have an interview with kernel 2.6 maintainer Andrew Morton. Here are a few of the questions we asked Andrew, along with his answers
If you ran out and bought the magazine in question you would have the whole interview. The posted article is a taster. A teaser if you will. The actual interview is much broader, and the first question reprinted here is a follow on question to the whole bitkeeper/ cvs/ git topic.
From TFA:
Some analysts who have been following the saga have already predicted a winner. Ted Schadler, vice president at Forrester Research, released a report that proclaimed, "Blu-ray Will Win a Pyrrhic Victory Over HD-DVD."
Schadler says he's long believed that Blu-ray held the edge due to its superior capacity and the fact that Sony's PlayStation 3 will play Blu-ray movie discs.
Oh really, and MS support via the 360 for HD-DVD won't have a cancelling effect on this?
Oh and Warner will release content on both formats? Well, there's a surprise! Did anyone expect them to pick a side and alienate a potential market?
Hmm, slightly cynical today methinks!!
Any large corporation would / should search before they use a name. Given that the German company had a TM registration application in 2000 and the UK company has been providing service under that name since 99 then opportunism does not come into it.
It is likely that they raised objections as soon as Google launched their service but it has only just come to a head and been made public.
Maybe if Google had used a well known search engine before launch it would have shown the name already in use.
I just can't see large compaines buying into this. A commercial closed source DRM has more "credibility" behind it from a corporation point of view. How do you get something that is supposed to be secret pushed if you have everyone knowing how it works.
I know these arguments don't hold up but they will get voiced.
More worryingly is the prospect of DRM that actually works!!!
It's not so much the DRM that bothers me (although it does) it's the formats they put it in. DRM me a lossless format and away we go.
Obviously, I realise the DRM would be cracked in minutes, and we would all have perfect copies of tracks we could do what we liked with, but don't tell me this has occured to the *AAs!?
He's still trying to clear the line. Next we get to the part where he requests a service, this gets passed to BT to check his line (again) then back to the ISP with the results, then back to BT with the request for service, then back to the user with the activation date. Then the modem doesn't turn up, then the microfilters don't work.
Finally, he gets a connection. It connects at something completely stupid like 30k over a 2MB line. Fault process gets raised with the ISP, passed to BT, passed to ISP, passed to user for (really stupid) checks over their system. Passed back to BT, closed, opened, closed, re-filed, and finally, one day, it starts working. No explanation will ever be forthcoming. In reality, you don't want to ask.
Then comes the fun of trying to work out what the daft ISP has blocked port wise, and which bloody stupid MTU they are using (sticking to the standard for ethernet would be *WAY* too easy.
After all that, 3 months down the line they start capping your download limits, and charging you for more on a per byte level (slight exaggeration).
And yet, after all that, we thank them and pray to them because they are the gods, and we have no where else to go.
Slashdot Mirror
Opera 10 final was announced on twitter over 6 hours ago. http://twitter.com/opera
There it is! The most intelligent 1st post ever created.
Although the analogy of the consequences of using a, admittedly daft, word is a little over the top.
One of the places I worked also went with the heavenly bodies. However, after Charon (mis-pronounced by everyone as Sharon) we suddenly acquired a Tracey!
As an aside, I've worked at 6 places since, and in none of the places can I remember what a single server did. I still know exactly what Pluto, Arcturus, Jupiter, Altair, Siriius etc all did. It may have been a PITA for new people to work out where a server was, but once you had it, you knew exactly what each server did, and where it was in a memory aided way, not just a "work it out in my head from the name" way. LDNPSDB001 may be clearly(!) a London Production Server with a Database on it, but Arcturus was a DB server for Marketing running DB2, and key to month end campaigns.
Aye I did it too. However, the yahoo search also brings up its second search box if you search for MSN search.
Now, how many people are just going to yahoo to search for other search engines to see what happens??
I would suggest, given the comments about your sig above my reply, that you may want to insert the missing comma. Unless you have been Linux free for over 10 years.
:)
I am assuming you really meant: Linux, free for over 10 years.
Apologies if I'm wrong and you really don't like Linux.
Also available is kubuntu (for those that like their desktop KDE.
/etc/apt, right click on sources.list and choose Actions -> Edit as Root
Links to the CDs / Torrents here:
http://www.kubuntu.org/download.php
Automatic update procedure is as follows:
1.In Konqueror go to
2.Change all instances of dapper to edgy
3.Launch a console with K-Menu -> System -> Konsole
4.In the console run: sudo apt-get update
5.In the console run: sudo apt-get dist-upgrade and follow the prompts to upgrade
6.In the console run: sudo apt-get install kubuntu-desktop python-qt3 python-kde3 ubuntu-minimal and follow the prompts to install
7.Reboot your computer
You need to run a second dist-upgrade to update the new usplash. Other than that you should be ok.
So the IE team prove that firefox can have their cake and eat it!
If gnash would allow me to go to video.google.com and view the content then fine and great. But it doesn't, so it isn't. Alternatives and moral viewpoints are fine, but when they don't cut the mustard they aren't alternatives.
As for flash 7 performing flawlessly, try going to the above google site, and see how long it takes you to get annoyed with the out of sync audio.
Aye, there's no way I'm working without my porn site access. Can't get a single thing done without it!
That and all the chat channels, the streaming music videos, and all those flash sites.
As I sit here, reading this, I am drinking a nice cold can of coke. On the side of said can is a nice circular symbol with alu in the middle of it.
It is quite some time since the UK had steel cans. Can't speak for the rest of Europe however...
They must be driving Vauxhall Corsas!
Yes, yes, yes, to all of the above, but there is one question over software remaining. Video editing. This is the one thing stopping me moving my final system (and my Dad's system) to linux. Pinnacle are not too bad at supplying drivers (or at least they weren't last time I checked) but not software. I've never found anything that could take it's place.
I welcome any suggestions.
Good idea, tax on petrol. How about you come to UK levels. Quick conversion based on the price I paid this morning would give you levels of $6.28 a gallon. Sound good? Excellent. Lets see GM and Ford sell cars that do 20 mpg with prices that high!
Another statistic suggests that more than 80% of the SSH servers on the Internet run OpenSSH. I'm wondering if you have ever verified which version they are running, and what is the average behaviour of an OpenSSH administrator. Does people update the server as soon as a new release is available?
Damien Miller: Funny you mention this, we just completed another version survey with the assistance of Mark Uemura from OpenBSD Support Japan. The results of this should be going up on OpenSSH.com soon.
I don't have detailed OpenSSH version histories for usage surveys before last year's. Certainly the use of paleolithic versions (such as 2.x) is very infrequent, but beyond this it is difficult to tell how quickly users update - many vendors will keep relatively ancient versions (such as 3.1p1) on life-support with spot security fixes. This will avoid known security problems, but it doesn't give their users the benefit of any of the proactive work that we do, nor any of the new features.
It is worth noting that OpenBSD, which has a very conservative policy on its stable trees, typically updates supported OpenBSD releases to the latest OpenSSH version when it is released.
Being very popular means also being a good platform for a worm. Did you adopt any specific measures to fight automated attacks?
Damien Miller: Privilege separation alone probably makes a worm targeting a bug in sshd impractical. An attacker would need to break into the unprivileged sshd process that deals with network communications and, because this just gives them access to an unprivileged and chrooted account, then exploit a second vulnerability to either break the privileged monitor sshd or escalate privilege via a kernel bug. This would add a fair amount of complexity, fragility and size to a worm - it would probably need to implement a fair chunk of the SSH protocol just to propagate.
We also implemented self re-execution at the c2k4 Hackathon. This changes sshd so that instead of forking to accept a new connection, it executes a separate sshd process to handle it. This ensures that any run-time randomizations are reapplied to each new connection, including ProPolice/SSP stack canary values, shared library randomizations, malloc randomizations, stack gap randomizations, etc.
Without re-exec, all sshd child processes would share the same randomizations. This would allow an attacker to exhaustively search for the right offsets and values for their exploit by making many connections (millions probably) to the server. With re-exec, each time they connect the values will all be different so there is no guarantee that they will ever stumble upon the right combination.
Another security improvement, just introduced in openssh-4.2 was the "zlib@openssh.com" compression method. This was an idea that Markus Friedl had after the last zlib vulnerability was published.
The SSH protocol has supported zlib compression for a long time, but the standard "zlib" protocol method requires this to be started early in the protocol: after key exchange, but (critically) before user authentication successfully completed. This exposes the compression code to unauthenticated users.
Our solution is to define a new compression method that still performs zlib compression, but delays its start until after user authentication has finished, so only authenticated users get to see it. This is another significant reduction in attack surface with effectively zero performance impact. This also makes the writing of a worm that targets the zlib code in OpenSSH impossible.
Did you develop any measure to fight timing based attacks?
Damien Miller: There are two classes of timing attacks, one of which matters and the other is not so important.
The not so important timing attacks allow active detection of which usernames are valid by differing timings i
From TFA
In issue 74 of Linux Format, on the shelves now, we have an interview with kernel 2.6 maintainer Andrew Morton. Here are a few of the questions we asked Andrew, along with his answers
If you ran out and bought the magazine in question you would have the whole interview. The posted article is a taster. A teaser if you will. The actual interview is much broader, and the first question reprinted here is a follow on question to the whole bitkeeper/ cvs/ git topic.
From TFA: Some analysts who have been following the saga have already predicted a winner. Ted Schadler, vice president at Forrester Research, released a report that proclaimed, "Blu-ray Will Win a Pyrrhic Victory Over HD-DVD." Schadler says he's long believed that Blu-ray held the edge due to its superior capacity and the fact that Sony's PlayStation 3 will play Blu-ray movie discs. Oh really, and MS support via the 360 for HD-DVD won't have a cancelling effect on this? Oh and Warner will release content on both formats? Well, there's a surprise! Did anyone expect them to pick a side and alienate a potential market? Hmm, slightly cynical today methinks!!
Domesday, http://en.wikipedia.org/wiki/Domesday is the middle English spelling of Doomsday.
Any large corporation would / should search before they use a name. Given that the German company had a TM registration application in 2000 and the UK company has been providing service under that name since 99 then opportunism does not come into it. It is likely that they raised objections as soon as Google launched their service but it has only just come to a head and been made public. Maybe if Google had used a well known search engine before launch it would have shown the name already in use.
Come on, own up! Which bit of the parent was informative? Surely they were more Insightful?
That is, without doubt, the geekiest post I've seen in a long time! Well done that man. Nerdy on almost every level.
I just can't see large compaines buying into this. A commercial closed source DRM has more "credibility" behind it from a corporation point of view. How do you get something that is supposed to be secret pushed if you have everyone knowing how it works. I know these arguments don't hold up but they will get voiced. More worryingly is the prospect of DRM that actually works!!!
It's not so much the DRM that bothers me (although it does) it's the formats they put it in. DRM me a lossless format and away we go.
Obviously, I realise the DRM would be cracked in minutes, and we would all have perfect copies of tracks we could do what we liked with, but don't tell me this has occured to the *AAs!?
pointless DRM based lossy music service. Just what we all need. When will "they" realise that this isn't going to cut the mustard?
He's still trying to clear the line. Next we get to the part where he requests a service, this gets passed to BT to check his line (again) then back to the ISP with the results, then back to BT with the request for service, then back to the user with the activation date. Then the modem doesn't turn up, then the microfilters don't work.
Finally, he gets a connection. It connects at something completely stupid like 30k over a 2MB line. Fault process gets raised with the ISP, passed to BT, passed to ISP, passed to user for (really stupid) checks over their system. Passed back to BT, closed, opened, closed, re-filed, and finally, one day, it starts working. No explanation will ever be forthcoming. In reality, you don't want to ask.
Then comes the fun of trying to work out what the daft ISP has blocked port wise, and which bloody stupid MTU they are using (sticking to the standard for ethernet would be *WAY* too easy.
After all that, 3 months down the line they start capping your download limits, and charging you for more on a per byte level (slight exaggeration).
And yet, after all that, we thank them and pray to them because they are the gods, and we have no where else to go.