And, equally important, why is their (and your) vision still limited to copying Microsoft? Are they (and you) simply not familiar with the past 40+ years of systems research, or the state of the art?
I think that when a good idea shows itself (like.NET in this case), the open source community is by far the best at imitating it and making it better. At least that is what I strongly believe. It is not limited to Microsoft but since they have such a huge footprint on the market, they may have more ideas that get known than others; I'll give you that.
Between us, I do not have the pretention to being familiar with the past 40+ years of systems research in itselft and/or the state of the art in all subjects. I suggest you elaborate a bit, it is a little confusing.
I was waiting for someone like you. You give me the opportunity to make my point. Thank you for that.
In the O'Reilly article, the author says that Miguel is open minded. I suggest we all seat back, relax and try to do the same exact thing. Let's be open minded if only for 5 minutes.
So I'm sitting at my desk, open minded and stuff, reading Dale Dougherty's article. First of all, I would like to say that I found it very interesting. Here are my comments on it.
Open Source developer Miguel de Icaza, leader of the GNOME project and founder of Ximian, has been exploring Microsoft's.NET platform with an open mind
The open mind thing, remember?
he was only beginning to think about the implications of Microsoft.NET
That's exactly what it's about. The implications. Read on.
.NET provides developers with a state-of-the-art development environment, one that leaps ahead of open source alternatives.
Here we go. The first of many comparaisons. Some of you slashdotters are aiming their guns at him for making such a comparaison. Don't! Keep an open mind. With an open mind you realize that vi and Emacs don't come even close to a fully integrated development environment. Again, keep an open mind and think about it for at least a minute before you shoot.
"It's a new development environment for the next twenty years."
Let me be honest: when I read that piece, I thought he was being paid by Microsoft. I mean come on! That's a pretty bold statement right there. Let's see what he has to say about that.
Five years ago, we [open source developers] had the high ground in technical tools," said de Icaza. "We had better tools and a better development environment than Windows developers had. Now, with.NET, I see that the roles have changed and Windows developers have much better tools than we have.
(NOTE TO SELF: Don't quote that much in one piece)
Wow! Is that really so?... Ok then. I have my open mind and all that but still, that's sounds like marketing to me. Now hold on. What if... I don't know... do you think... is it really... True?
What if it's true? Let's see what he has to say.
.NET is a good platform to innovate from
Cool! This time, the roles would be reversed. Please understand. This time, it is us who have a chance to copy, to mimic, to "innovate". Schweeeeet.
Microsoft might port the runtime to Linux
Now why the hell would they do that? The only thing AFAIK they ever did on Linux was those f***ed up Front Page Extensions! Do you really think they would do that? Why? To extend.NET of course, just like Unix embraced multiple platforms back in the days (This is indeed a very good analogy). About a year ago I think, I read someone saying that the Desktop OS should be at the user's service, not the opposite. Microsoft understood that believe it or not. You (and I) may not like it but the main reason why they are what they are on the desktop market is because they offer what the vast majority of users want. They also know that the OS is not the end all of all things. They understand the market (heck, they control the damn thing) and they expand like a wasp colony in my back yard by controling the rest with.NET.
What I mean to say by that is that Miguel has a point..NET is probably the most important technology/invention for the years to come. Just like Unix kicked Multix's ass back in the days,.NET will be the next development environment for the years to come. (open mind everyone)
"I personally want to see the.NET runtime on Linux", [...] seeming to commit himself to building it if it doesn't emerge from current efforts.
Thank you! It would be terrible to be left at the mercy of Microsoft for having something that important not available on our favorite OS. Could you imagine? Maybe not. Let me help, imagine that there was no TCP/IP stack available for Linux. That's the kind of situation we could find ourselves in if major tools like.NET are not available for Linux. (NOTE TO SELF: That was a "Bad analogy").
Later on, Miguel explains briefly why he likes.NET so much. He makes his points when he says (and I quote)
"With.NET, MS has figured out the next generation of development software"
Now that does not come from some AC waiting for a good troll. This guy wrote a whole lot of code. I think I can safely say that he knows what he is talking about when it comes to developing software. (Open mind again).
.NET was not targeted for a single language.
Just like Unix was not targetted as a single platform. You have it right here, in front of you. If you can see further than your nose, it's obvious that this is why.NET will (wether you like it or not) take over. He even says It's a programmer's dream come true. He's right, at least admit it.
So he goes on and on explaining what the Unix world did wrong and what.NET does right. Good. He wants to see.NET under Linux. Great, count me in.
Now remember what happened with Unix in the early 2000's... it got taken over by a Free (as in speech) OS based on the Linux kernel. This is what is going to happen with.NET. If Microsoft think they are ahead, wait until they see how good the open source community is at rebuilding a good idea from scratch and make it a wonderful one..NET is a fantastic concept..ORG (or whatever we chose to call our open source alternative) will be to.NET what GNU/Linux is to Unix. Mark my words.
What sort of tools exist to prevent this sort of thing (aside from simply using OpenBSD)?
That's not right! You don't get protected from viruses just by installing Norton Antivirus, you have to constently update it, make sure you run the newest version, etc.
Securing a system requires deep knowledge about that said system. I don't know shit about OpenBSD. Do you really think I will be more secure if I were to use OpenBSD tomorrow rather than Debian that I know pretty well? I don't think so either.
Any Gibsonian Black Ice? The TCP/IP equivalents of radar and surface-to-air missiles? Are any of them open sourced, and what is the state of their development?
Snort, logcheck and the like do help, as long as you stay up to date with BugTraq and you keep you head cold. The minute you think you are secure, you get screwed. All the tools in the world won't help you if you don't know how to use them.
So what can we do? Well here is my humble opinion:
Before you get owned
Knowledge is gold but documentation is golden.
Get a working backup solution in place
Once you realize you're owned
Unplug the box
Get the hot spare and restore the data on it (you do have a hot spare I hope)
"Only" journalling capability is akin to complaining about Oracle's "only" advantage over MySQL etc. being rollback/atomicity/transaction consistency. Gee, what a "tiny" thing.
Watch out man, you're eyes are turning brown. Oracle has transactions but that's not all. You forget a bunch of stuff (quotas, speed, scalabity, fail-over, dictionnary etc etc). Let's not compare apples to oranges. While I am a big MySQL fan, there are places where that type of software just doesn't cut it.
The initial poster, the guy you were replying to obviously doesn't have a clue of the value a journaling file system can bring. Make sure you don't loose your point by loosing your credibility.
Just for the record, I installed Linux today on a VA Linux 3500. 3 scsi cards, 1 RAID controller. You know how long this beast takes to boot? A while! If you add to that the time to fsck 26 gig of data, I kill myself. I agree with you, journaling is the shit!
You said "We're the premier source for support on Linux."
As an active member of the South Florida Linux User Exchange, and several LUGs before that, allow to tell you : Bullshit!
Linux and all Open Source products have their premier source of support in the community. That's why it works so well for the rest of us. No contract, no fee, just trust and the love of the game. Do not disregard that kind of support just because your brain has been washed up by your paycheck provider.
Foreword : I make the assumption that you are within the 60% of the people using Apache as your web server.
If you use PHP as a module, the php engine is embeded in the apache process. If you use PHP as a cgi, that's another story.
If you use JSP's or servlets, you still have to communicate with tomcat over a socket. Tomcat does all the work.
The author shows some examples in perl as a CGI but does not mention mod_perl, I am amazed! For those of you who don't know, the perl interpreter is embedded in the perl binary (/usr/bin/perl). What Doug MacEachern and others did was to embed the perl interpreter in Apache. Not only perl scripts run 100 times faster (really!) but you have access to very nifty things like a pool of Database connection (statefull), you have access to all 14 steps a request goes through in the Apache process, etc.
One of the byproducts of the Linux 2.5 Kernel Summit
http://lwn.net/2001/features/KernelSummit/ was the notion of an
enhancement of the loadable kernel module interface to facilitate
security-oriented kernel modules. The purpose is to ease the tension
between folks (such as Immunix and SELinux) who want to add substantial
security capabilities to the kernel, and other folks who want to
minimize kernel bloat & have no use for such security extensions.
Modules that can be loaded, or not, are the obvious solution, but the
current LKM does not export sufficient hooks to support many security
mechanisms. Thus many current security enhancements end up existing as
kernel patches, which marginalizes their utility by making distribution
problematic. The proposed solution is to enhance the LKM with a variety
of new kernel elements exported to the module interface, so as to
support a reasonable variety of security enhancements.
We have started a new mailing list called linux-security-module. The
charter is to design, implement, and maintain suitable enhancements to
the LKM to support a reasonable set of security enhancement packages.
The prototypical module to be produced would be to port the POSIX Privs
code out of the kernel and make it a module. An essential part of this
project will be that the resulting work is acceptable for the mainline
Linux kernel.
Rasterman, the creator of enlightenment, has been working on Imlib 2 and EFM. From what I can see, it looks very impressive. I don't have access to the source code for Efm but from the screenshots, I can imagine.
My question is : doesn't imlib2 has some sort of mechanism to do exactly what I saw on gnotices?
One of the biggest problems with massively multiplayer games is the cheaters
You are perfectly correct. There was an excellent article on/. talking about just that. You can find the article here. You seem concerned that this phenomenon will increase if everyone has the source code for both the client and the server. The concept of security through obscurity doesn't work. This situation applies IMHO.
Take a look at IRC. Everyone has access to the specifications. That means that anyone can write a client and a server. Only certain people actually run active servers, but nothing can stop me from writing a client that will take advantage of some poorly written server. In theory, I would then be able to get a * next to my nick (server operator), an @ (channel operator) and who knows what. The trick is that there is a community. Everyone has access to the source => anyone can submit a patch that will prevent me from running my exploit.
This situation applies to all Free client-server models. Apache, Bind, etc. As a system admin, I consider security breakins as you, as a gamer, consider online cheating. The fact of the matter is, I have a huge open source community of developers next to me (I mean an email away) to help me. I can read - modify - distribute patches and do whatever the hell I want with the source.
If someone is caught cheating (and it's not very hard to know who is cheating), someone can patch the server. Since it will bne released under GPL, this someone has to distribute the modifications. Isn't it nice? I think it is.
Trust me, you are better off playing on that type of environment. At least, you know exactly what you are connecting to.
I have been following the threads on bugtrq very closely and here are my thoughts on this whole thing. In order for this whole idea to work, you should consider the following 2 points:
What would happen if a black hat gets the information sent to the members-only-mailing-list? Everyone gets screwed.
What would happen if a bug is discovered by someone else than P. Vixie or his friends? Let me explain this one in detail. There has been a lot of discussion on Bugtraq about "How much time do I give the vendor to fix his bug(s)?". The answers are different depending on who you talk to about it but that's not the point. The point is that a lot of bug-trackers send their discovery to bugtraq FIRST without notifying the vendor at all. Sometimes, an exploit is right around the corner...
Even if we send our discoveries to the vendor (or the author directly), it might take them too long to fix the problem. Remember Cisco and their DSL routers? It took them 11 months! It can get really f*cked up. In the case of Bind, this situation can happen. I find a bug, I send it to P. Vixie. He takes his sweet little time to :
Make sure there is a problem
Create a patch
Release the new version to the member of this new list
Release the new Official Bind Version.
Believe it or not, it can take quite some time, especially if the vendor / author is under the (wrong) impression that the bug isn't well known yet. In that time, all the users of the product are vulnerable. When frustration comes at it's peak, there is no better way to tell the vendor to hurry up then posting the bug to a good security mailing list. I am not making that stuff up, it happens every week on Bugtraq.
Considering all this, I think P. Vixie has made a wrong move. I understand 100% why he wants to do what he is planning on doing but I just don't believe it will work. Take my word for it.
The module loader is still broken. I don't know about you guys but I have to put all my modules in/lib/modules/2.4.x/misc - then run depmod -a in order for the stupid thing to see the modules.
Is it fixed in 2.4.1? I use 2.4.0-test12 and it doesn't work.
you are not going to use this piece of software. That is plain stupid. Allow me to make 2 points
You have been put in charge of creating a live streaming audio/video solution for a website. The important thing here that you are in charge. I am making the assumption that someone pays you to deliver a solution, puts this project in your hands and expects the best. Under those condition, you should not reject a product just because the company who makes it has a certain conduct. Just like you shouldn't refuse to hire someone just because he is French, black, jewish or whatever.
Next, allow me to make another assumption : that you are a Geek or at least have some interests in technology (I mean come on... you ask/.) As a technology enthusiast, geek, computer specialist, etc, you should look beyond the fact that a software is made by someone you don't like or trust. Look at the software before you talk. I have never used Windows Media Server, because I never had the chance to look at that technology. There are a lot of technologies out there that I have never seen but guess what:I would like to see them all! I don't give a shit if it's MS, IBM, Java, Black, Jewish or even French.
Don't be closed minded. Yes Microsoft makes crappy ass shit from time to time, but not ALL THE TIME. Now let's start the flame...
I have been following the story on Bugtraq and it's a little bit different than what the article suggests. Allow me to clear that up a bit.
Microsoft changed the format in which they send their advisories. Before, they use to send their emails with the full advisory in plain text included in the email. For example, consider this one sent by them on Thu, 16 Nov 2000: here
Then came advisories sent in a different format. Instead of including the full text including a description of the bug, workarounds, etc, Microsoft decided to include only a couple of URL's and that's it. You can see an example of this here. As you can see, it a pain in the ass to read and getting the information becomes really hard.
What happens next (on Tue Dec 05), is that Elias Levy (a.k.a. Aleph1, Bugtraq moderator) decides that he will not accept advisories in this new format. You can read what he wrote here but allow me to quote:
I will no longer be approving any advisories with little or no
content that point you to some other place for information.
Pretty isn't it.
What happened NEXT is where the/. story starts. On the same day, Elias took a Microsoft's advisory and copy-and-pasted it plain text in an email sent to Bugtraq. You can read the message here. Please note that this email has been sent from Elias Levy (aleph1@securityfocus.com) and not from the usual Microsoft address. This is where Microsoft got pissy.
It seems Microsoft was not very amused at my posting of their advisory to the list the other day.
And now we can start talking about Microsoft actions but I guess that if you read my post, you understand better what really happened. As a last note, let me repeat what has been said on Bugtraq. A email address has been created by Microsoft for us to give them feedback about their new format. This email is secfdbck@microsoft.com. Please tell them what you think about their new format.
It's not funny, it's a choice. I don't want to make people pay because I don't want them to think that I owe them something. I give the class for free, out of my own free time... something like free as in beer.
But I also want people to understand the concept behind Free Software. The first class my students didn't undertstand why some programmers would do stuff for free. I said "look at me, I am teaching this class for free! I do it because I love it, because I want to do it and because I do not want money to corrupt the spirit". They understood Crystal Clear.
You pull $175/Hour. I usually don't pull money, I earn it. As of the figure, you'd be surprise what you can charge when you know your stuff:-)
I am a student at AIU. It's by far the worst experience I will ever be able to live.
The first few months were the worst, I was bitching all the time about the fact that the teachers didn't know shit, that they were teaching us stupid Microsoft stuff (VBscript instead of JavaScript, MS OSI Model, etc). I got really pissed.
One day, I realized that I wasn't learning anything and that I had to get my degree. To make my experience at that #@$#%!@ school enjoyable, I decided to start teaching Linux. And that's exactly what I did. I teach Linux for FREE, I have a server where students have an account.
It's every saturday afternoon. Today I am teaching apache.
the ballot was that way because the old folks complained in the first place that they couldn't read the standard font
It makes sense, but do you have proof on that statement?
The loser has to do what Nixon did with Kennedy
You mean Kill the winner?
Do we REALLY want to go through this becuase some old folks did not take the proper time and effort in the voting booth to verify their selection??
Do you really want to have a president in the white house that has zero legitimacy? The popular votes are for Gore. There is fraud all over the place in a state governed by Bush's brother. It doesn't make any sense.
Even stupid people have the right to vote. It's being a Nazi to say that stupid people should note be voting in the first place. Don't get me wrong, you said: they would still figure out a way to mess it up!
When you say:
For the good of the country and the world, DROP THE IDIOCY!
Are you realizing what coutry you are living in? Do you know what the average education level is in the US? So you realize that it's because of these "stupid" (understand old retirees without 20/20 vision) people that you are a free man?
Slashdot Mirror
I think that when a good idea shows itself (like .NET in this case), the open source community is by far the best at imitating it and making it better. At least that is what I strongly believe. It is not limited to Microsoft but since they have such a huge footprint on the market, they may have more ideas that get known than others; I'll give you that.
Between us, I do not have the pretention to being familiar with the past 40+ years of systems research in itselft and/or the state of the art in all subjects. I suggest you elaborate a bit, it is a little confusing.
No offense but you understood the exact opposite of what I was saying.
Read again.
In the O'Reilly article, the author says that Miguel is open minded. I suggest we all seat back, relax and try to do the same exact thing. Let's be open minded if only for 5 minutes.
So I'm sitting at my desk, open minded and stuff, reading Dale Dougherty's article. First of all, I would like to say that I found it very interesting. Here are my comments on it.
Open Source developer Miguel de Icaza, leader of the GNOME project and founder of Ximian, has been exploring Microsoft's .NET platform with an open mind
The open mind thing, remember?
he was only beginning to think about the implications of Microsoft.NET
That's exactly what it's about. The implications. Read on.
Here we go. The first of many comparaisons. Some of you slashdotters are aiming their guns at him for making such a comparaison. Don't! Keep an open mind. With an open mind you realize that vi and Emacs don't come even close to a fully integrated development environment. Again, keep an open mind and think about it for at least a minute before you shoot.
"It's a new development environment for the next twenty years."
Let me be honest: when I read that piece, I thought he was being paid by Microsoft. I mean come on! That's a pretty bold statement right there. Let's see what he has to say about that.
Five years ago, we [open source developers] had the high ground in technical tools," said de Icaza. "We had better tools and a better development environment than Windows developers had. Now, with .NET, I see that the roles have changed and Windows developers have much better tools than we have.
(NOTE TO SELF: Don't quote that much in one piece) ... Ok then. I have my open mind and all that but still, that's sounds like marketing to me. Now hold on. What if ... I don't know ... do you think ... is it really ... True?
Wow! Is that really so?
What if it's true? Let's see what he has to say.
Cool! This time, the roles would be reversed. Please understand. This time, it is us who have a chance to copy, to mimic, to "innovate". Schweeeeet.
Microsoft might port the runtime to Linux
Now why the hell would they do that? The only thing AFAIK they ever did on Linux was those f***ed up Front Page Extensions! Do you really think they would do that? Why? To extend .NET of course, just like Unix embraced multiple platforms back in the days (This is indeed a very good analogy). About a year ago I think, I read someone saying that the Desktop OS should be at the user's service, not the opposite. Microsoft understood that believe it or not. You (and I) may not like it but the main reason why they are what they are on the desktop market is because they offer what the vast majority of users want. They also know that the OS is not the end all of all things. They understand the market (heck, they control the damn thing) and they expand like a wasp colony in my back yard by controling the rest with .NET.
What I mean to say by that is that Miguel has a point. .NET is probably the most important technology/invention for the years to come. Just like Unix kicked Multix's ass back in the days, .NET will be the next development environment for the years to come. (open mind everyone)
"I personally want to see the .NET runtime on Linux", [...] seeming to commit himself to building it if it doesn't emerge from current efforts.
Thank you! It would be terrible to be left at the mercy of Microsoft for having something that important not available on our favorite OS. Could you imagine? Maybe not. Let me help, imagine that there was no TCP/IP stack available for Linux. That's the kind of situation we could find ourselves in if major tools like .NET are not available for Linux. (NOTE TO SELF: That was a "Bad analogy").
Later on, Miguel explains briefly why he likes .NET so much. He makes his points when he says (and I quote)
"With .NET, MS has figured out the next generation of development software"
Now that does not come from some AC waiting for a good troll. This guy wrote a whole lot of code. I think I can safely say that he knows what he is talking about when it comes to developing software. (Open mind again).
Just like Unix was not targetted as a single platform. You have it right here, in front of you. If you can see further than your nose, it's obvious that this is why .NET will (wether you like it or not) take over. He even says It's a programmer's dream come true. He's right, at least admit it.
So he goes on and on explaining what the Unix world did wrong and what .NET does right. Good. He wants to see .NET under Linux. Great, count me in.
Now remember what happened with Unix in the early 2000's ... it got taken over by a Free (as in speech) OS based on the Linux kernel. This is what is going to happen with .NET. If Microsoft think they are ahead, wait until they see how good the open source community is at rebuilding a good idea from scratch and make it a wonderful one. .NET is a fantastic concept. .ORG (or whatever we chose to call our open source alternative) will be to .NET what GNU/Linux is to Unix. Mark my words.
Good night and thank you for reading.
I use 1.5.3. The -U option is not available with that one.
wget --dot-style=mega --header="User-Agent:Download Manager" http://svmsftwxp.conxion.com/download/wxp_pro_rc1. iso
H.
That's not right! You don't get protected from viruses just by installing Norton Antivirus, you have to constently update it, make sure you run the newest version, etc.
Securing a system requires deep knowledge about that said system. I don't know shit about OpenBSD. Do you really think I will be more secure if I were to use OpenBSD tomorrow rather than Debian that I know pretty well? I don't think so either.
Any Gibsonian Black Ice? The TCP/IP equivalents of radar and surface-to-air missiles? Are any of them open sourced, and what is the state of their development?
Snort, logcheck and the like do help, as long as you stay up to date with BugTraq and you keep you head cold. The minute you think you are secure, you get screwed. All the tools in the world won't help you if you don't know how to use them.
So what can we do? Well here is my humble opinion:
Before you get owned
Once you realize you're owned
- Unplug the box
- Get the hot spare and restore the data on it (you do have a hot spare I hope)
- Analyse the system in a post-mortem mode
- Reinstall the compromised system from scratch
Good Luck.Watch out man, you're eyes are turning brown. Oracle has transactions but that's not all. You forget a bunch of stuff (quotas, speed, scalabity, fail-over, dictionnary etc etc). Let's not compare apples to oranges. While I am a big MySQL fan, there are places where that type of software just doesn't cut it.
The initial poster, the guy you were replying to obviously doesn't have a clue of the value a journaling file system can bring. Make sure you don't loose your point by loosing your credibility.
Just for the record, I installed Linux today on a VA Linux 3500. 3 scsi cards, 1 RAID controller. You know how long this beast takes to boot? A while! If you add to that the time to fsck 26 gig of data, I kill myself. I agree with you, journaling is the shit!
They do have a point. If you ever installed Redhat you know what I am talking about.
Please moderate as flame since you don't agree with me.
You said "We're the premier source for support on Linux."
As an active member of the South Florida Linux User Exchange, and several LUGs before that, allow to tell you : Bullshit!
Linux and all Open Source products have their premier source of support in the community. That's why it works so well for the rest of us. No contract, no fee, just trust and the love of the game. Do not disregard that kind of support just because your brain has been washed up by your paycheck provider.
If you use PHP as a module, the php engine is embeded in the apache process. If you use PHP as a cgi, that's another story.
If you use JSP's or servlets, you still have to communicate with tomcat over a socket. Tomcat does all the work.
The author shows some examples in perl as a CGI but does not mention mod_perl, I am amazed! For those of you who don't know, the perl interpreter is embedded in the perl binary (/usr/bin/perl). What Doug MacEachern and others did was to embed the perl interpreter in Apache. Not only perl scripts run 100 times faster (really!) but you have access to very nifty things like a pool of Database connection (statefull), you have access to all 14 steps a request goes through in the Apache process, etc.
just my $0.02
Modules that can be loaded, or not, are the obvious solution, but the current LKM does not export sufficient hooks to support many security mechanisms. Thus many current security enhancements end up existing as kernel patches, which marginalizes their utility by making distribution problematic. The proposed solution is to enhance the LKM with a variety of new kernel elements exported to the module interface, so as to support a reasonable variety of security enhancements.
We have started a new mailing list called linux-security-module. The charter is to design, implement, and maintain suitable enhancements to the LKM to support a reasonable set of security enhancement packages. The prototypical module to be produced would be to port the POSIX Privs code out of the kernel and make it a module. An essential part of this project will be that the resulting work is acceptable for the mainline Linux kernel.
The list is open to all. You can subscribe here http://mail.wirex.com/mailman/listinfo/linux-secur ity-module or by
sending e-mail to linux-security-module-request@wirex.com with a subject
of subscribe.
Crispin
It that the guy who was at the Apache Conference back in Octoboer 2000 in London ?
Dudle
My question is : doesn't imlib2 has some sort of mechanism to do exactly what I saw on gnotices?
You are perfectly correct. There was an excellent article on /. talking about just that. You can find the article here. You seem concerned that this phenomenon will increase if everyone has the source code for both the client and the server. The concept of security through obscurity doesn't work. This situation applies IMHO.
Take a look at IRC. Everyone has access to the specifications. That means that anyone can write a client and a server. Only certain people actually run active servers, but nothing can stop me from writing a client that will take advantage of some poorly written server. In theory, I would then be able to get a * next to my nick (server operator), an @ (channel operator) and who knows what. The trick is that there is a community. Everyone has access to the source => anyone can submit a patch that will prevent me from running my exploit.
This situation applies to all Free client-server models. Apache, Bind, etc. As a system admin, I consider security breakins as you, as a gamer, consider online cheating. The fact of the matter is, I have a huge open source community of developers next to me (I mean an email away) to help me. I can read - modify - distribute patches and do whatever the hell I want with the source.
If someone is caught cheating (and it's not very hard to know who is cheating), someone can patch the server. Since it will bne released under GPL, this someone has to distribute the modifications. Isn't it nice? I think it is.
Trust me, you are better off playing on that type of environment. At least, you know exactly what you are connecting to.
Timmy!
There has been a lot of discussion on Bugtraq about "How much time do I give the vendor to fix his bug(s)?". The answers are different depending on who you talk to about it but that's not the point. The point is that a lot of bug-trackers send their discovery to bugtraq FIRST without notifying the vendor at all. Sometimes, an exploit is right around the corner
Believe it or not, it can take quite some time, especially if the vendor / author is under the (wrong) impression that the bug isn't well known yet. In that time, all the users of the product are vulnerable. When frustration comes at it's peak, there is no better way to tell the vendor to hurry up then posting the bug to a good security mailing list. I am not making that stuff up, it happens every week on Bugtraq.
Considering all this, I think P. Vixie has made a wrong move. I understand 100% why he wants to do what he is planning on doing but I just don't believe it will work. Take my word for it.
Dood
The module loader is still broken. I don't know about you guys but I have to put all my modules in /lib/modules/2.4.x/misc - then run depmod -a in order for the stupid thing to see the modules.
Is it fixed in 2.4.1? I use 2.4.0-test12 and it doesn't work.
Thx
Don't be closed minded. Yes Microsoft makes crappy ass shit from time to time, but not ALL THE TIME. Now let's start the flame ...
dudle
Microsoft changed the format in which they send their advisories. Before, they use to send their emails with the full advisory in plain text included in the email. For example, consider this one sent by them on Thu, 16 Nov 2000: here
Then came advisories sent in a different format. Instead of including the full text including a description of the bug, workarounds, etc, Microsoft decided to include only a couple of URL's and that's it. You can see an example of this here. As you can see, it a pain in the ass to read and getting the information becomes really hard.
What happens next (on Tue Dec 05), is that Elias Levy (a.k.a. Aleph1, Bugtraq moderator) decides that he will not accept advisories in this new format. You can read what he wrote here but allow me to quote:
I will no longer be approving any advisories with little or no content that point you to some other place for information.
Pretty isn't it.
What happened NEXT is where the /. story starts. On the same day, Elias took a Microsoft's advisory and copy-and-pasted it plain text in an email sent to Bugtraq. You can read the message here. Please note that this email has been sent from Elias Levy (aleph1@securityfocus.com) and not from the usual Microsoft address. This is where Microsoft got pissy.
In this email, Elias give the tone and I quote:
It seems Microsoft was not very amused at my posting of their advisory to the list the other day.
And now we can start talking about Microsoft actions but I guess that if you read my post, you understand better what really happened. As a last note, let me repeat what has been said on Bugtraq. A email address has been created by Microsoft for us to give them feedback about their new format. This email is secfdbck@microsoft.com. Please tell them what you think about their new format.
I teach Linux, Perl, Apache and some other cool stuff to newbies.
I suggest you visit http://aiu.linuxroot.org and look at the FAQ
I can't believe they are working on that sort of shit instead of getting the PS2 released on time for the hollydays.
Sometime you just see so much shit in this world
dudle
It's not funny, it's a choice. I don't want to make people pay because I don't want them to think that I owe them something. I give the class for free, out of my own free time ... something like free as in beer.
:-)
But I also want people to understand the concept behind Free Software. The first class my students didn't undertstand why some programmers would do stuff for free. I said "look at me, I am teaching this class for free! I do it because I love it, because I want to do it and because I do not want money to corrupt the spirit". They understood Crystal Clear.
You pull $175/Hour. I usually don't pull money, I earn it. As of the figure, you'd be surprise what you can charge when you know your stuff
dudle
The first few months were the worst, I was bitching all the time about the fact that the teachers didn't know shit, that they were teaching us stupid Microsoft stuff (VBscript instead of JavaScript, MS OSI Model, etc). I got really pissed.
One day, I realized that I wasn't learning anything and that I had to get my degree. To make my experience at that #@$#%!@ school enjoyable, I decided to start teaching Linux. And that's exactly what I did. I teach Linux for FREE, I have a server where students have an account.
It's every saturday afternoon. Today I am teaching apache.
Linux classes
Apache for today
the ballot was that way because the old folks complained in the first place that they couldn't read the standard font
It makes sense, but do you have proof on that statement?
The loser has to do what Nixon did with Kennedy
You mean Kill the winner?
Do we REALLY want to go through this becuase some old folks did not take the proper time and effort in the voting booth to verify their selection??
Do you really want to have a president in the white house that has zero legitimacy? The popular votes are for Gore. There is fraud all over the place in a state governed by Bush's brother. It doesn't make any sense. :
Even stupid people have the right to vote. It's being a Nazi to say that stupid people should note be voting in the first place. Don't get me wrong, you said
they would still figure out a way to mess it up!
When you say:
For the good of the country and the world, DROP THE IDIOCY!
Are you realizing what coutry you are living in? Do you know what the average education level is in the US? So you realize that it's because of these "stupid" (understand old retirees without 20/20 vision) people that you are a free man?I feel sorry for you.
It's called practical training.
You are allowed to work part time (20 hours a week) and for experience only. It's not meant to be your main source of revenue.
You are allowed to do your practical training for 1 year. You can start your practical training after 9 month of full time study.
Of course, IANAL