No, what I meant was admins of important sites certainly could have incorporated the patch. No need to wait for 'official' updates. For that matter, anyone COULD have patched their machines.
This does seem like one of those niggling bugs that come up yet don't seem important enough to pay attention to until they bite.
My point was the default install is useless as a system, as in to get it doing useful work, you're going to have to add software, open some services, etc. All of which potentially open security problems, if not done with care.
I agree that for the purposes of installation, there should be a means to get a minimal OS running that could update on a naked Net connection with relative safety, unlike say Windows XP. But then, Debian and Gentoo already fall into this category.
I prefer to install behind at least a firewall myself!
The question remains, who is targetting Open Source? With this being the latest in several high-profile attacks, the evidence would suggest a determined effort is under way to put egg on the Open Source face.
Who's complaining? I'd rather not have moochers and leeches using the OS, thanks. Especially if they want to waste time asking stupid questions rather than doing a little reading.
BTW, on a personal note, your characterazation is way off. Take a look at the Gentoo docs, you do them a severe disservice.
Hmmm. And what are they buying? What are they actually risking?
If you make decisions based on having to do it RIGHT NOW, you certainly run the risk of making the wrong decision, no matter what that decision might be.
This is not a one size fits all situation, each distro has specific goals and targets, if you don't know what those are you'd better find out before making a choice. Might even learn something in the process.
I read the article and found both sides weak. Turner's weak arguments answered with weak rebuttals, which though sufficient, didn't really address anything.
Who's complaining? I haven't read any developer comments, but I sure have seen a lot of articles how "Linux needs to do this", "Linux needs to do that".
Sounds like you don't understand who's complaining and why.
For one, OSS is moving along just fine, though maybe not where YOU would particularly want it to go. But then, that's the point, OSS ends up being a mind of its own.
I don't go out of my way to preach about Linux to anyone, yet am suprised by how many times I hear "You run Linux? I've heard of that and wanted to check it out".
The OSS community needs to do nothing other than what has always been done, write the code and write it well.
So, the key is free tech support as well as free software, and make sure there's a smile with that?
A lot of the kind folks that act as resources on mailing lists around the Net have put in a lot of brain sweat figuring out how things work. It is understandable that they might get a little short when someone joins a mailing list and starts shot gunning questions that are covered by a FAQ.
There's free as in beer, free as in speech, I never heard of free as in effort!
In the words of the Jedi Master, "...that is why you fail".
RHEL hasn't been around long enough to get good word of mouth. There are still plenty of issues that many companies have yet to experience:
1. Vendor support of RHEL, especially older releases. Just because Redhat will support the relesase for 5 years doesn't mean all the third party vendors will. Which means a forced upgrade if your vendor chooses to drop support for the version of RHEL you're on. How is this different from RHL? IT'S NOT and that's the point.
2. Third party software, open source even. How many projects are going to be willing to jump through hoops to put RPMs for RHEL out there? How many will continue that support for 5 years? Time will tell, but at this point there is no way to tell.
3. With Redhat being the primary fixer of bugs, what impact will the RHEL have on fixes? More and quicker? Slower and less? Again, only time will tell.
For years I've used Redhat, yet never paid a dime for the distro itself. However, I have gone out of my way to supply others with Redhat CDs, help if them when needed it and recommeded Redhat to customers looking for an alternative to Windows.
I've also spent a lot of time on the Redhat mailing list, answering questions for the most part as well as getting some answers myself.
In my mind, Redhat got to be the distro of choice not because it's rock solid (there have been plenty of bumps on the road), but partly because there is a large community of people using Redhat who are willing to share their time to help anyone get Redhat working for them.
How is Redhat losing money by pissing on us "non-money" folks? Do you have any idea how much GOOD word of mouth is worth?
Redhat has yet to answer the SOHO masses who are wailing "What about us?". These folks certainly can't afford $1000 per cpu, yet they are willing to pay something for services they perceive as valuable.
I'm a perfect example. I have 10+ servers, I don't need hand holding, I have never called Redhat support, but I certainly do appreciate security updates. Am I going to pay $1000 per machine for that? No way!! What's my option, Redhat? *sound of crickets*
Redhat, whose history of comminication is poor at best, seems to think doing all the work, making a plan and then making a press release of the latest licensing options is enough.
NOTE TO REDHAT: STOP IGNORING FOLKS. TAKE A PAGE FROM GENTOO AND ANSWER THE DAMN QUESTIONS.
Industry is more than willing to "bolster the internet up to where it needs to be for reliability standards", it's called Spend the Money. You want 5 9's connectivity, you gotta pay. The government get involved? I thought you were looking for MORE reliable?:)
The proper conclusion from the data would be that many businesses in the blackout area, despite handling large sums of money daily, did not have sufficient redundant power or connectivity.
Whether anyone could have anticipate such a large scale blackout (and prepare accordingly) is another topic.
Get yourself some 1/2" Spiral wrap. Cut off pieces of 1" - 3". Use these to tie bundles of cable together. They're reusable, easy to take off without tools, and hold well enough without binding.
You should be able to get 10' of the stuff for $5 or less, in black or clear.
Web publications are rarely given the same strict editorial process as most journal articles.
Which is both bad and good. Bad, in the sense that the source may not be up to snuff, as you point out. However, how many instances are there in history of important discoveries being delayed or buried due to "respectable" journals refusing to publish articles for one reason or another?
One always should keep ones critical reading filters on, whether reading a research journal or a handbill obtained on the local street corner.
Slashdot Mirror
Perhaps you'd like to read their side of the story?
NOTE: BOTH stories are from SSC's side.
Neither reflects the other side of the coin.
See http://linuxgazette.net/ for the traditional Linux Gazette. Ah, feel at home? Good.
http://linuxgazette.net/issue96/reborn.html is part of their side of the story.
Personally, I think the CMS site sucks and goes against the spirit of what Linux Gazette has been for years.
No, what I meant was admins of important sites certainly could have incorporated the patch. No need to wait for 'official' updates. For that matter, anyone COULD have patched their machines.
This does seem like one of those niggling bugs that come up yet don't seem important enough to pay attention to until they bite.
Who mentioned anyone in particular? Not I.
That this would be a script kiddie, no I don't think so, but thanks for playing.
Oh I'm sure someone out there can find a reason to twist this to Redhat/SuSE being evil.
Sad, but true.
My point was the default install is useless as a system, as in to get it doing useful work, you're going to have to add software, open some services, etc. All of which potentially open security problems, if not done with care.
I agree that for the purposes of installation, there should be a means to get a minimal OS running that could update on a naked Net connection with relative safety, unlike say Windows XP. But then, Debian and Gentoo already fall into this category.
I prefer to install behind at least a firewall myself!
Any word on the parties behind the attack?
The question remains, who is targetting Open Source? With this being the latest in several high-profile attacks, the evidence would suggest a determined effort is under way to put egg on the Open Source face.
Who? Why?
I'm assuming (haven't checked) that the corrective patch was small, so one would have back ported the fix to 2.4.22 safely.
A lot of work, granted, but not out of the realm of possibility.
Perhaps you should check www.openbsd.org:
"Only one remote hole in the default install, in more than 7 years!"
Never mind that the default install is basically useless.
Who's complaining? I'd rather not have moochers and leeches using the OS, thanks. Especially if they want to waste time asking stupid questions rather than doing a little reading.
BTW, on a personal note, your characterazation is way off. Take a look at the Gentoo docs, you do them a severe disservice.
Or don't take a look, I don't care.
Hmmm. And what are they buying? What are they actually risking?
If you make decisions based on having to do it RIGHT NOW, you certainly run the risk of making the wrong decision, no matter what that decision might be.
This is not a one size fits all situation, each distro has specific goals and targets, if you don't know what those are you'd better find out before making a choice. Might even learn something in the process.
I read the article and found both sides weak. Turner's weak arguments answered with weak rebuttals, which though sufficient, didn't really address anything.
Who's complaining? I haven't read any developer comments, but I sure have seen a lot of articles how "Linux needs to do this", "Linux needs to do that".
Sounds like you don't understand who's complaining and why.
For one, OSS is moving along just fine, though maybe not where YOU would particularly want it to go. But then, that's the point, OSS ends up being a mind of its own.
I don't go out of my way to preach about Linux to anyone, yet am suprised by how many times I hear "You run Linux? I've heard of that and wanted to check it out".
The OSS community needs to do nothing other than what has always been done, write the code and write it well.
So, the key is free tech support as well as free software, and make sure there's a smile with that?
A lot of the kind folks that act as resources on mailing lists around the Net have put in a lot of brain sweat figuring out how things work. It is understandable that they might get a little short when someone joins a mailing list and starts shot gunning questions that are covered by a FAQ.
There's free as in beer, free as in speech, I never heard of free as in effort!
How about why should they?
Why should developers do anything other than what they have an incentive to do?
You want polished apps, you have a couple of options:
1. Pay for them.
2. Pay someone to create them.
3. Make them yourself.
and I suppose your preferred option
4. Complain until someone else does it for you.
An important point is that developers in general are not interested in ruling the world, deposing Microsoft or bringing Linux to the desktop.
Ah! But the fact that end users don't care about the legal reasons is exactly WHY the legal problems exist.
"Good word of mouth doesn't pay the bills."
In the words of the Jedi Master, "...that is why you fail".
RHEL hasn't been around long enough to get good word of mouth. There are still plenty of issues that many companies have yet to experience:
1. Vendor support of RHEL, especially older releases. Just because Redhat will support the relesase for 5 years doesn't mean all the third party vendors will. Which means a forced upgrade if your vendor chooses to drop support for the version of RHEL you're on. How is this different from RHL? IT'S NOT and that's the point.
2. Third party software, open source even. How many projects are going to be willing to jump through hoops to put RPMs for RHEL out there? How many will continue that support for 5 years? Time will tell, but at this point there is no way to tell.
3. With Redhat being the primary fixer of bugs, what impact will the RHEL have on fixes? More and quicker? Slower and less? Again, only time will tell.
That depends on what you consider payment.
For years I've used Redhat, yet never paid a dime for the distro itself. However, I have gone out of my way to supply others with Redhat CDs, help if them when needed it and recommeded Redhat to customers looking for an alternative to Windows.
I've also spent a lot of time on the Redhat mailing list, answering questions for the most part as well as getting some answers myself.
In my mind, Redhat got to be the distro of choice not because it's rock solid (there have been plenty of bumps on the road), but partly because there is a large community of people using Redhat who are willing to share their time to help anyone get Redhat working for them.
How is Redhat losing money by pissing on us "non-money" folks? Do you have any idea how much GOOD word of mouth is worth?
An AC on target, will wonders never cease.
Redhat has yet to answer the SOHO masses who are wailing "What about us?". These folks certainly can't afford $1000 per cpu, yet they are willing to pay something for services they perceive as valuable.
I'm a perfect example. I have 10+ servers, I don't need hand holding, I have never called Redhat support, but I certainly do appreciate security updates. Am I going to pay $1000 per machine for that? No way!! What's my option, Redhat?
*sound of crickets*
Redhat, whose history of comminication is poor at best, seems to think doing all the work, making a plan and then making a press release of the latest licensing options is enough.
NOTE TO REDHAT: STOP IGNORING FOLKS. TAKE A PAGE FROM GENTOO AND ANSWER THE DAMN QUESTIONS.
Rat Shack, Milestek, just about any automotive supply store.
You are free to express whatever you want. You are NOT free, however, to avoid the responsibility for what you express.
Industry is more than willing to "bolster the internet up to where it needs to be for reliability standards", it's called Spend the Money. You want 5 9's connectivity, you gotta pay. The government get involved? I thought you were looking for MORE reliable? :)
The proper conclusion from the data would be that many businesses in the blackout area, despite handling large sums of money daily, did not have sufficient redundant power or connectivity.
Whether anyone could have anticipate such a large scale blackout (and prepare accordingly) is another topic.
Better than zip ties:
Get yourself some 1/2" Spiral wrap. Cut off pieces of 1" - 3". Use these to tie bundles of cable together. They're reusable, easy to take off without tools, and hold well enough without binding.
You should be able to get 10' of the stuff for $5 or less, in black or clear.
Which is both bad and good. Bad, in the sense that the source may not be up to snuff, as you point out. However, how many instances are there in history of important discoveries being delayed or buried due to "respectable" journals refusing to publish articles for one reason or another?
One always should keep ones critical reading filters on, whether reading a research journal or a handbill obtained on the local street corner.