Actually, I don't want to use proprietary software. is rapidly becoming the only convincing reason why you refuse to run Windows on your computers.
Most non-textual content is only accessible to Windows users (this includes DVD video, if you don't want to meddle with trade secrets). Microsoft is giving the impression that they are doing something about security, while the competition (proprietary or not) merely ridicules these efforts and bets its future on the unlikely outcome that Microsoft fails completely. And have you already seen that new time warp feature in Windows 2003 file servers?
On my own machines, I only run free software. But there's a price: I'm no longer at the bleeding edge of technology. I can't play with the newest hardware, or even visit hip web sites.
If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.
Do you think that somewhat indepedent review is unnecessary, especially in the area of security? And who decides where required security features are implemented? Just to give an example: Sometimes, it's not cost-effective to provide the required protection level entirely on the network layer, but it can be implemented on the application layer (or by using operating system features) in a straightforward way.
By closely controlling the OS core, Microsoft will be able to better ensure that Longhorn will arrive on time and meet its quality and security objectives, Enderle said.
(Emphasis mine.)
It looks that they still need to learn a bit more from Linux (on the other hand, they were pretty good in this respect even before Linux hit mainstream).
Why is it that the SYN flood did not take out the network at the router level, as opposed to a specific server on the Ethernet backbone?
The attack was not significant enough to have that effect. As SCO didn't enable SYN cookies, a very low-bandwidth attack was sufficient to push the server off the net.
I regularly see DoS attacks which just take out a single host and not the entire surrounding network. It's actually the second-most desired scenario (after withstanding the attack completely).
Why on Earth would the attacker(s) suddenly decided to also attack the FTP server?
Why did they decide to attack the web server in the first place?
Maybe thy thought that www.sco.com was the only server SCO had on the net, and learnt about ftp.sco.com only after reading the GrokLaw article? This is not as ridiculous as it might seem because even moderately skilled people don't carry out DoS attacks for fun these days, but sell their DDoS botnets for profit. Others use them for blackmail. (As far as I know, these incidents are real and not the fabrication of "security experts", although I haven't witnessed one personally.)
I'm just plain against trademarks like this, nobody should be able to trademark a dictionary word
Of course, and there are rules to prevent that in Germany. Unfortunately, "explorer" wasn't a word you could find in German dictionaries when the trademark was filed.
In other news, Ford has recently demanded that Microsoft stop using the name "Explorer", as in Windows Explorer and Internet Explorer. Ford cites the 1990 introduction of the Explorer as evidence that they had the name first.
In Germany, Microsoft has allegedly licensed the Explorer trademark from a relatively unknown software company. At some time, this software company was rigorously protecting its trademark against those who offered or recommended software such as "FTP Explorer".
CAIDA has published their observations regarding the recent attacks.
What is interesting, is that people on GrokLaw has been in contact with XO.net, which says they haven't seen any spikes in traffic or anything they would consider strange (and they are SCO's upstream provider).
The 34 kpps attack (cf. the CAIDA estimate) should have been visible on the customer link. I can't believe that XO (semi-)officially claimed that there were no attacks. You don't contradict your customer in such ways.
If you have any evidence, please feel free to submit it, as the comment as it stands is proof of nothing.
At my university, we keep such statistics. Would you believe us if we published them? Such Netflow data can be forged pretty easily.
Groklaw's statement that SCO is obviously lying because DoS via TCP SYN flood can't be a problem for them since Linux and Cisco routers have built-in protection against SYN floods is far more credible, of course.
(Just for the record: it's simply wrong. Even high-end Linux boxen cannot handle the high packet rates you experience during DoS attacks, and the high-end Cisco routers that can do not support TCP Intercept completely in the hardware-accelerated forwarding path--if you turn it on, it's likely that the attack toasts your router instead of your host, which is not really an improvement.)
Security is only as good as how often the users patch.
The focus on patch management starts becoming embarrassing. Not too long ago, the mantra was, "Security is only as good as how often you update your antivirus scanner", or "Security is only as good as your firewall".
It's sad that so few people realize that patch management is part of the problem, and not a solution. It's only a question of time that the patching process fails in a blatantly obvious way (in part it already did for Slammer and the Blasters, but you could blame the users, so few people questioned the basic idea).
Don't get me wrong, being alert about patches (and applying them when necessary) is a good thing, but the current fuzz about it is beginning to blind users and admins. Patching is not the final answer to our security problems, just a workaround that appears to work (mostly from a software vendor perspective, it's a nice way of shifting responsibility).
It's astonishing that rumors spread like wildfire if the facts are so easy to check.
If you monitor a few tens of thousands of unused IPv4 addresses, you can observe most DoS attacks involving randomly spoofed addresses. You just listen for backscatter ((sorry, no better resource appears to be available). These packets are created by the victim server when it tries to answer to requests that have been spoofed from your address space. Some people even keep statistics of that noise.
And guess what? Yesterday and today, there was plenty of backscatter from 216.250.128.12. Why was ftp.sco.com suddenly offline today? Well, beginning around 2003-12-11 10:49 UTC, you could observe backscatter from 216.250.128.13, too. Unless SCO is deliberately forging backscatter (and if they are, they are doing a pretty good job at it, it looks very much like the real thing), they were under attack, yesterday and today.
THE INTERNET IS GROWING TOO FAST, AND WILL COLLAPSE UPON ITSELF PRESENTLY.
Today, I had to reconfigure a (recently bought!) Cisco router because the Internet routing table plus some internal routes no longer fits into the TCAM used for hardware-accelerated CEF. Fortunately, I hadn't looked too closely at the error messages, otherwise I would have assumed that something else was broken (the joy of Cisco networking).
The Internet is certainly growing too fast for me.
If OSS people can fix the bugs in less than half a day
The time from notification to patch publication has to be measured in weeks, not in houre, even for free software. Have a look at some of the published disclosure timelines.
The data they present indicates that the blackout had a severe regional impact. I see nothing that shows that there was a significant global impact (meaning that I can't get data from AS 12374 to AS 553, for example).
The WTC collapse probably had more impact on global routing (some large carriers had primary and backup equipment in both basements).
That's the nice part about Debian: If someone complains about the outdated software (which often doesn't run on current hardware), you refer them to unstable. If unstable breaks (or lacks a critical security update), you tell them that they should use stable on production systems.
I think what they are 'trying' to say is the the router itself will scan your machine in a nmap way to see if it can find problems.
From what I've heard, it's some kind of 802.1x extension which takes the patch status of the system into account. It requires a fair deal of cooperation from the host, and we'll see if it makes a difference. I'm sure malware will be adapted accordingly if there's widespread use of this functionality.
The "scan before connect" idea has already been implemented by the NetReg project and its contributors.
If all protocols were blocked, he wouldn't see that 404 error, right? I don't really understand why the Verio/Noos connection should matter. I'd probably imagine that Verio's blocking would have a global affect, not just on their peerings/downstream customers.
Most of them have a preference for serial execution (at least at the machine code level, not in terms of implementation in silicon), and text comes quite close.
The Guardian article neglects the power of spreadsheets which have served millions of users as a non-serial programming environment. Some impressive applications have been created using them. Their creators might not understand any general-purpose programming language, but they aren't dumb users, either.
I'm not sure how detailed knowledge of technology will be required in a few dozen years before you can consider yourself as an informed citizen. Currently, some simple activities (like the decision whether to open an email attachment or not) require lots of knowledge, but other important ones (such as shaping legislation on technology) does not. I don't how things will turn out. I could image it both ways: you will strand if you can't shape technology, or you will become an obscure outsider if you try to shape technology (unless you work in the R&D department of one of the three remaining information megacorps).
Had this code come in through proper channels, I wouldn't be so sure that it would've been spotted.
I doubt it, too. For example, in 1998, the CORE SDI put a backdoor into most SSH 1 implementations, which was included in their CRC32 attack decompensator. Of course, they didn't do it on purpose, but it happened nevertheless, and peer review didn't catch it.
Not true, BitMover infrastructure has been compromised. We don't know how this was done. If it was done through CVS, it's BitMover's fault anyway (CVS is notoriously insecure, especially in pserver mode).
The NRA sites, as stated, are in the weapons category. What the heck do you expect to get censored in that area?
I agree, it's actually pretty clear. Symantec is probably targeting the international markets which typically don't have this "shoot them before they shoot you" attitude, and whose people usually feel that they are too dangerous for kids.
Other categories are far harder to understand correctly. For example, SmartFilter's "Criminal Activity" category used to include many computer security sites, and some were actually listed. Formally, this was correct because the definition was not based on crime, but on the type of activity ("password cracking" instead of "preparing steps for gaining illegal access"). But you wouldn't expect this based solely on the category name.
Slashdot Mirror
Actually, I don't want to use proprietary software. is rapidly becoming the only convincing reason why you refuse to run Windows on your computers.
Most non-textual content is only accessible to Windows users (this includes DVD video, if you don't want to meddle with trade secrets). Microsoft is giving the impression that they are doing something about security, while the competition (proprietary or not) merely ridicules these efforts and bets its future on the unlikely outcome that Microsoft fails completely. And have you already seen that new time warp feature in Windows 2003 file servers?
On my own machines, I only run free software. But there's a price: I'm no longer at the bleeding edge of technology. I can't play with the newest hardware, or even visit hip web sites.
If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.
Do you think that somewhat indepedent review is unnecessary, especially in the area of security? And who decides where required security features are implemented? Just to give an example: Sometimes, it's not cost-effective to provide the required protection level entirely on the network layer, but it can be implemented on the application layer (or by using operating system features) in a straightforward way.
By closely controlling the OS core, Microsoft will be able to better ensure that Longhorn will arrive on time and meet its quality and security objectives, Enderle said.
(Emphasis mine.)
It looks that they still need to learn a bit more from Linux (on the other hand, they were pretty good in this respect even before Linux hit mainstream).
Why is it that the SYN flood did not take out the network at the router level, as opposed to a specific server on the Ethernet backbone?
The attack was not significant enough to have that effect. As SCO didn't enable SYN cookies, a very low-bandwidth attack was sufficient to push the server off the net.
I regularly see DoS attacks which just take out a single host and not the entire surrounding network. It's actually the second-most desired scenario (after withstanding the attack completely).
Why on Earth would the attacker(s) suddenly decided to also attack the FTP server?
Why did they decide to attack the web server in the first place?
Maybe thy thought that www.sco.com was the only server SCO had on the net, and learnt about ftp.sco.com only after reading the GrokLaw article? This is not as ridiculous as it might seem because even moderately skilled people don't carry out DoS attacks for fun these days, but sell their DDoS botnets for profit. Others use them for blackmail. (As far as I know, these incidents are real and not the fabrication of "security experts", although I haven't witnessed one personally.)
I'm just plain against trademarks like this, nobody should be able to trademark a dictionary word
Of course, and there are rules to prevent that in Germany. Unfortunately, "explorer" wasn't a word you could find in German dictionaries when the trademark was filed.
In other news, Ford has recently demanded that Microsoft stop using the name "Explorer", as in Windows Explorer and Internet Explorer. Ford cites the 1990 introduction of the Explorer as evidence that they had the name first.
In Germany, Microsoft has allegedly licensed the Explorer trademark from a relatively unknown software company. At some time, this software company was rigorously protecting its trademark against those who offered or recommended software such as "FTP Explorer".
CAIDA has published their observations regarding the recent attacks.
What is interesting, is that people on GrokLaw has been in contact with XO.net, which says they haven't seen any spikes in traffic or anything they would consider strange (and they are SCO's upstream provider).
The 34 kpps attack (cf. the CAIDA estimate) should have been visible on the customer link. I can't believe that XO (semi-)officially claimed that there were no attacks. You don't contradict your customer in such ways.
If you have any evidence, please feel free to submit it, as the comment as it stands is proof of nothing.
At my university, we keep such statistics. Would you believe us if we published them? Such Netflow data can be forged pretty easily.
Groklaw's statement that SCO is obviously lying because DoS via TCP SYN flood can't be a problem for them since Linux and Cisco routers have built-in protection against SYN floods is far more credible, of course.
(Just for the record: it's simply wrong. Even high-end Linux boxen cannot handle the high packet rates you experience during DoS attacks, and the high-end Cisco routers that can do not support TCP Intercept completely in the hardware-accelerated forwarding path--if you turn it on, it's likely that the attack toasts your router instead of your host, which is not really an improvement.)
Security is only as good as how often the users patch.
The focus on patch management starts becoming embarrassing. Not too long ago, the mantra was, "Security is only as good as how often you update your antivirus scanner", or "Security is only as good as your firewall".
It's sad that so few people realize that patch management is part of the problem, and not a solution. It's only a question of time that the patching process fails in a blatantly obvious way (in part it already did for Slammer and the Blasters, but you could blame the users, so few people questioned the basic idea).
Don't get me wrong, being alert about patches (and applying them when necessary) is a good thing, but the current fuzz about it is beginning to blind users and admins. Patching is not the final answer to our security problems, just a workaround that appears to work (mostly from a software vendor perspective, it's a nice way of shifting responsibility).
It's astonishing that rumors spread like wildfire if the facts are so easy to check.
If you monitor a few tens of thousands of unused IPv4 addresses, you can observe most DoS attacks involving randomly spoofed addresses. You just listen for backscatter ((sorry, no better resource appears to be available). These packets are created by the victim server when it tries to answer to requests that have been spoofed from your address space. Some people even keep statistics of that noise.
And guess what? Yesterday and today, there was plenty of backscatter from 216.250.128.12. Why was ftp.sco.com suddenly offline today? Well, beginning around 2003-12-11 10:49 UTC, you could observe backscatter from 216.250.128.13, too. Unless SCO is deliberately forging backscatter (and if they are, they are doing a pretty good job at it, it looks very much like the real thing), they were under attack, yesterday and today.
If you keep this info in mind, you can apply most of what's in the Stevens book under Win32 nearly as easily as you can under Linux/*BSD/whatever.
Actually, Microsoft documentation used to recommend reading "UNIX Network Programming" if you wanted to write TCP/IP programms on Windows.
THE INTERNET IS GROWING TOO FAST, AND WILL COLLAPSE UPON ITSELF PRESENTLY.
Today, I had to reconfigure a (recently bought!) Cisco router because the Internet routing table plus some internal routes no longer fits into the TCAM used for hardware-accelerated CEF. Fortunately, I hadn't looked too closely at the error messages, otherwise I would have assumed that something else was broken (the joy of Cisco networking).
The Internet is certainly growing too fast for me.
If OSS people can fix the bugs in less than half a day
The time from notification to patch publication has to be measured in weeks, not in houre, even for free software. Have a look at some of the published disclosure timelines.
For example, the messenger service isn't used by anyone by spam senders
It's ofen used to singal print job completion in a heterogenous environment.
The data they present indicates that the blackout had a severe regional impact. I see nothing that shows that there was a significant global impact (meaning that I can't get data from AS 12374 to AS 553, for example).
The WTC collapse probably had more impact on global routing (some large carriers had primary and backup equipment in both basements).
I never have a problem with sid (unless I type apt-get remove libc6), but testing is usually a good compromise
If you run testing, you receive no timely security update. This is certainly not an option for production systems.
Qt: 3.1.1
KDE: 3.1.3
Konqueror: 3.1.3
That's the nice part about Debian: If someone complains about the outdated software (which often doesn't run on current hardware), you refer them to unstable. If unstable breaks (or lacks a critical security update), you tell them that they should use stable on production systems.
Trademarks are only valid for a limited set of things
Both projects are software and are therefore very similar (at least that's how the situation is interpreted over here).
I think what they are 'trying' to say is the the router itself will scan your machine in a nmap way to see if it can find problems.
From what I've heard, it's some kind of 802.1x extension which takes the patch status of the system into account. It requires a fair deal of cooperation from the host, and we'll see if it makes a difference. I'm sure malware will be adapted accordingly if there's widespread use of this functionality.
The "scan before connect" idea has already been implemented by the NetReg project and its contributors.
If all protocols were blocked, he wouldn't see that 404 error, right? I don't really understand why the Verio/Noos connection should matter. I'd probably imagine that Verio's blocking would have a global affect, not just on their peerings/downstream customers.
Computers have no preference for text.
Most of them have a preference for serial execution (at least at the machine code level, not in terms of implementation in silicon), and text comes quite close.
The Guardian article neglects the power of spreadsheets which have served millions of users as a non-serial programming environment. Some impressive applications have been created using them. Their creators might not understand any general-purpose programming language, but they aren't dumb users, either.
I'm not sure how detailed knowledge of technology will be required in a few dozen years before you can consider yourself as an informed citizen. Currently, some simple activities (like the decision whether to open an email attachment or not) require lots of knowledge, but other important ones (such as shaping legislation on technology) does not. I don't how things will turn out. I could image it both ways: you will strand if you can't shape technology, or you will become an obscure outsider if you try to shape technology (unless you work in the R&D department of one of the three remaining information megacorps).
No BitMover infrastructure was compromised, the machine in question is a public machine maintained by the kernel developers.
Oh, then I'm sorry for the false statement. So the kernel developers are unable to guard their own sources. Still scary, but in a different way.
Had this code come in through proper channels, I wouldn't be so sure that it would've been spotted.
I doubt it, too. For example, in 1998, the CORE SDI put a backdoor into most SSH 1 implementations, which was included in their CRC32 attack decompensator. Of course, they didn't do it on purpose, but it happened nevertheless, and peer review didn't catch it.
The problem is that CVS was exploited.
Not true, BitMover infrastructure has been compromised. We don't know how this was done. If it was done through CVS, it's BitMover's fault anyway (CVS is notoriously insecure, especially in pserver mode).
The NRA sites, as stated, are in the weapons category. What the heck do you expect to get censored in that area?
I agree, it's actually pretty clear. Symantec is probably targeting the international markets which typically don't have this "shoot them before they shoot you" attitude, and whose people usually feel that they are too dangerous for kids.
Other categories are far harder to understand correctly. For example, SmartFilter's "Criminal Activity" category used to include many computer security sites, and some were actually listed. Formally, this was correct because the definition was not based on crime, but on the type of activity ("password cracking" instead of "preparing steps for gaining illegal access"). But you wouldn't expect this based solely on the category name.