Meh? A Linux system you create yourself isn't going to be any more secure than a properly-configured RedHat box in the hands of someone who knows what they're doing. It's not like you're not going to be running the same software for the most part.
I, like most people, wish that the more mainstream distros didn't ship with everything but the kitchen sink on by default, but come on. If you've got the know-how to put together a Linux box from scratch there's no reason you can't properly lock down one you get from a mainstream distributor in much less time.
I realize it's good security practice to start from zero and enable only what you need rather than have everything on and disable what you don't, but UNIX isn't Windows. Unless a distro is shipped with a rootkit in it already it's quite easy to turn everything off. Once you've done that you can pretend you started from scratch if that makes you feel better.
Building "Linux From Scratch" is fun (for some people, myself included) and a great way to learn about how your system works. But if you do it on a regular basis for systems you deploy you're just wasting a lot of time and being masochistic.
On another note, I've never found it that much harder to admin or use an OpenBSD box than I have say, FreeBSD or even your average Linux box. I find that the difference in philosophy is the biggest hurdle (vi this file vs. use our badly-designed ncurses/GTK+ config tool). Once you get over that any of the above can be quite usable.
Age of code doesn't always directly relate to security of code. Yes, Sendmail is older. While that means the code has been around to be looked at by more people, it also means it was written before security was even close to the priority it is today.
Qmail, on the other hand (and Postfix, and others. Sorry if I don't mention everyone's favorite:P), was created from the start to be as secure as possible. It has the advantage of being able to build on many years of advancement in secure coding practices. For example, the way as little of its code is executed as root as possible gives it a big advantage. Sendmail 8.12 is moving in the same direction, but it's much newer than Qmail and, while I haven't gazed at the Sendmail source recently I'd be willing to wager that getting it to play with privilege separation wasn't a trivial change.
I'm not knocking Sendmail. I use it on a whole bunch of production boxes. It's familiar, easy to use, and works out of the box with everything. It's also fast enough to make it suitable for most environments and I have a whole lot of time invested in learning the various ways to configure and tweak it and how to fix it when it's being moody.
That said, I also use Qmail on a regular basis. Of the two I keep a much closer eye on the Sendmail installations. Sendmail's current biggest known flaw is its history, and until a something approximating that shows up in Qmail I'm more inclined to trust djb's baby (even though I put it in/usr/local/qmail. nyeh!).
(Qmail also has the luxury of being the product of someone who comes off as a complete asshole. I can guarantee you that the fact that Qmail doesn't have any known security holes is not for a lack of trying. There are plenty of people who would *love* to find a hole in Qmail just to shut him up . I hope djb doesn't have mod points!)
I'd personally be willing to fork over $500 to get SomaFM back on the air. Sure, it may be too much for some people (and it's not negligible to me, either), but I'm fairly certain most stations worth their salt can find three or four people willing to do the same to handle their back payments.
I've become rather used to the rhythmic hum of my PCs (there are four in this room) while I sleep. Sure, I had to get a voltage regulator for the 6000-something RPM fan on my Athlon XP's heatsink (even I have limits), but I didn't turn it down too far. Hell, none of my PCs even have cases on them besides the laptop.
Of course, on the rare occasions when members of the opposite sex have slept in this room (Gasp! It has happened. Recently, even!) I have gotten more than one complaint about the noise and turned my boxen off. I just chalk it up to the fact that the girls don't tend to be geeks, which isn't such a bad thing:).
I just don't think this guy is part of what you would call Debian's "target audience". Part of the reason I like Debian is that it doesn't make me go sorting through a huge list of video cards. I know that I need the nv driver and that I'll probably be quickly switching it to the nvidia driver once the system is up and running.
In fact, I have pre-written and tweaked XFree86 configuration files for each of my different machines available on one box via scp. There's no need to even ask me X questions in a system installer.
You may not have the option to install PHP from the setup menu, but I don't really care. I already know the name of the package to apt-get (not like the name isn't obvious) and I'd rather just type apt-get install php than go digging through potentially thousands of packages in a GUI list to find it. Hell, even if I didn't know it, I could fairly easily just apt-cache search php and find out.
On a different note, Java probably isn't readily available due to legal issues with Sun. FreeBSD is the same way, you have to manually fetch the necessary distribution file from java.sun.com. It's not like this is hard to do.
I'm not trying to troll or be a jerk. I like Debian because, as an experienced user, it gets out of my way most of the time and what it *does* do for me is truly useful. Its package system makes it extremely quick and easy for me to keep my systems up to date without burying me in a mountain of GUI widgets.
I respect the reviewers opinion, and don't necessarily have a problem with the review. I would, however, ask that he understand that there are tons of distributions out there right now. Some are geared towards people who don't want to get some dirt under their fingernails, and a precious few are geared towards those who either do or who have and are fully comfortable with it. Some of the former even have Debian underpinnings with a face he would be more happy with. Maybe there's not a problem with Debian, maybe it's just not for him.
I used to play Duke Nukem on Kali and across dial-up lines with my friends back in the day. I tried to play it online again a few months ago and couldn't find a game.
Yeah, it's not 3d, incredibly outdated, and it doesn't exactly take a ton of "skill" (auto-aim is on by default), but it is still amazing. The weapons in that game are unmatched for their ability to be used in extremely creative ways (tripmines and pipebombs rule) and some of the third party custom levels (of which there are quite literally thousands) are an absolute riot.
If the publishers are listening, stop putting out crap like "Duke Nukem: Manhattan Project" and get to work on the true sequel that everyone wanted five years ago. No matter what the critics say, we'd still all love to see it.
Failing that, I'd be content with buying a re-release of the Atomic version of the original with true TCP/IP network games, Linux and Windows (not DOS) executables, and updated graphics and sound. You don't even need a full OpenGL renderer, just touch up the sprites and let me crank the video beyond 800x600. It looks like total shit on my 21" monitor as is:(. Duke 3D with FSAA @ 1600x1200 would be a hoot.
Counter-Strike: Condition Zero is being developed by Gearbox Software (they've done various Half-Life official expansions), for the most part independent of Valve.
I believe Valve is working on another game (hopefully Team Fortress 2, yeah right) and Gooseman/Minh is working on a true CS sequel for that game.
http://www.counter-strike.net/faq.html (at the bottom) says that the actual CS team is not involved in the production of CS:CZ beyond ensuring the game stays true to the original.
I wouldn't say this is the case. One of the biggest reasons for Counter-Strike's success is the fact that it's based on an old game. There are a few major reasons for this:
1) Half-Life was a great game in its own right. It was also one of the best selling FPS games ever. As such, most PC gamers already owned everything they needed to start playing once CS came out. This is the power of a good mod being in the right place at the right time, and it is not to be overlooked. UT2K3 is supposed to be a dream to mod for. Much more so than Half-Life was. Be on the lookout there.
2) Many people have been playing CS for quite a long time, and as such have gotten very good at it. Most of these people hate the idea of trading in all their skills to begin again as a newbie in one of the "pretty" new games. This is a bigger sticking point than you might think. Also, ladders and leagues have fairly complex rulesets that have been tweaked to create the best possible competitive experience. Doing this with a new game is not easy and takes time.
3) Half-Life is based on Quake technology and has years of development behind it. The game is rock-solid stable. The few bugs in the engine (physics, etc) are well known and compensated for automatically by decent players. Contast this with something like Battlefield: 1942 or UT2K3. They'll get to the same level, but by then they'll be old.
4) The development tools are mature and there are plenty of map makers, coders, modelers and skinners that know how to use them. CS has some great maps, and to my knowledge pretty much every one of them has come from an unpaid third party mapper. The tools these guys use can be quite complex, and learning them for a new engine can be quite difficult. Not only that, but once you know how to use them, you need to spend a lot of additional time finding out what "works" with the gameplay. This is non-trivial and so these guys tend to stick with a game as long as they can, moving on to a new one only when they're fairly sure it's good enough to ride for a while in the future.
5) Most importantly, pretty means very little to gamers. Sure, they like to gawk at pretty pictures as much as the next guy, but they're not going to give up a great game just because something comes along that's prettier. You can still find a few raging NetQuake battles out there if you want. Why? The game rocks. Also, just because the hardcore among us (myself included) just must have the latest and greatest hardware doesn't mean all of us are that way. I constantly hear people in CS games complaining about how slow the game is on their P2-300/TNT. How do you think these people would fair trying to play RTCW? I get a little pissed at the framerates on that game myself, and I have an Athlon XP and a GeForce4.
Actually he is working (I believe exclusively at this point) on a second mod. A follow-up to Counter-Strike for Valve's next game.
He is, to my knowledge, on their payroll. As such, I'd say he's fairly unlikely to to be the subject of a lawsuit of any kind from Valve or Sierra (the game's publisher).
It's not a "need to know" thing. AFAIK they aren't planning on taking SUID/SGID out of OpenBSD or anything.
If you happen to know (or happen to be willing to find) the necessary syscalls you just get the advantage of a little better security. Even then, you don't have to do it if you don't want to.
Maybe I'm really Robert Novak and I'm just pretending to think he's insane so I can post mean comments and sue Slashdot. Or maybe that's just what I want you to think. Or maybe that's just what I want you to think... I want you to think... or something?
No, he's really crazy.
Besides, there's no money to get out of VA Software anyway:).
Heh, replying to my own comment. The discrepancy between the price in the subject and the price in the body of my comment is the result of me saying "Oh, yeah, I got one for $39," starting the comment, then checking my online bank statement to be sure I was right and realizing I was charged $29.
I don't know if the original price was a mistake or something on their part since the price has changed since I signed up, but I'm not crazy, I promise:).
Rackshack was selling Geotrust certs for $29. Had this story been posted a day or two earlier you could have gotten in on it:). They seem to be selling them now for $49, which is still *much* better than you'll find from say Thawte/Verisign. They've worked in every browser I tried, though I believe I just saw someone say they don't work in Opera. Oh well, small price to pay to save $120+ on a cert.
AOL/TW just needs to drop one of the many ridiculously stupid channels they own and create a channel that's just 24/7 Adult Swim-style programming. I'd never turn it off.
Of course, if people listened to me there'd already be a channel devoted strictly to The Simpsons.
To compensate for the addition of these new channels I propose the axing of TBS and Turner South.
I live pretty close to Turner, and would be willing to come down to their studios and fix all the other broken programming they have. All I ask in return is huge quantities of cash so I can live like Jay-Z.
If you had the financial backing to do this, why waste your time with doing it? Just buy whichever politician won. It's easier and far more socially acceptable.
I only skimmed the material because I got rid of my SMS-capable phone last year and don't have a specific interest in this.
It looked to me like this decision only applied to advertisements embedded in messages from a service users subscribed to. If that's the case, you're not paying any more to receive the ads (IIRC. Like I said, no more SMS) since SMS messages are charged on a per-message basis and you asked to receive the actual message.
As far as the need to disclose the source of the ad, here's a hint: The ad was paid for by whomever it portrays favorably. It was paid for by the opponent of whomever it portrays negatively.
If it pisses you off, unsubscribe from the service. If it really pisses you off, write a letter to the politician responsible for the ad and let them know you'll be voting against them due to their annoying advertising practices. With SMS not really being an established advertising medium that's shown proven results, they might actually stop using it if they get a couple complaints.
I actually wouldn't mind it too much. As it stands I'm not familiar with half the people I see on the ballots. Any bone-headed moves the candidates want to make to lose my vote only makes my day at the polls that much easier:).
The filters will quickly adapt to counter this behavior after at most a couple "delete as spam" clicks (and possibly none at all if the brief sales pitch is incriminating enough).
The resistence to this sort of tampering is exactly why this is such a great technique.
Slashdot Mirror
Meh? A Linux system you create yourself isn't going to be any more secure than a properly-configured RedHat box in the hands of someone who knows what they're doing. It's not like you're not going to be running the same software for the most part.
I, like most people, wish that the more mainstream distros didn't ship with everything but the kitchen sink on by default, but come on. If you've got the know-how to put together a Linux box from scratch there's no reason you can't properly lock down one you get from a mainstream distributor in much less time.
I realize it's good security practice to start from zero and enable only what you need rather than have everything on and disable what you don't, but UNIX isn't Windows. Unless a distro is shipped with a rootkit in it already it's quite easy to turn everything off. Once you've done that you can pretend you started from scratch if that makes you feel better.
Building "Linux From Scratch" is fun (for some people, myself included) and a great way to learn about how your system works. But if you do it on a regular basis for systems you deploy you're just wasting a lot of time and being masochistic.
On another note, I've never found it that much harder to admin or use an OpenBSD box than I have say, FreeBSD or even your average Linux box. I find that the difference in philosophy is the biggest hurdle (vi this file vs. use our badly-designed ncurses/GTK+ config tool). Once you get over that any of the above can be quite usable.
Age of code doesn't always directly relate to security of code. Yes, Sendmail is older. While that means the code has been around to be looked at by more people, it also means it was written before security was even close to the priority it is today.
:P), was created from the start to be as secure as possible. It has the advantage of being able to build on many years of advancement in secure coding practices. For example, the way as little of its code is executed as root as possible gives it a big advantage. Sendmail 8.12 is moving in the same direction, but it's much newer than Qmail and, while I haven't gazed at the Sendmail source recently I'd be willing to wager that getting it to play with privilege separation wasn't a trivial change.
/usr/local/qmail. nyeh!).
Qmail, on the other hand (and Postfix, and others. Sorry if I don't mention everyone's favorite
I'm not knocking Sendmail. I use it on a whole bunch of production boxes. It's familiar, easy to use, and works out of the box with everything. It's also fast enough to make it suitable for most environments and I have a whole lot of time invested in learning the various ways to configure and tweak it and how to fix it when it's being moody.
That said, I also use Qmail on a regular basis. Of the two I keep a much closer eye on the Sendmail installations. Sendmail's current biggest known flaw is its history, and until a something approximating that shows up in Qmail I'm more inclined to trust djb's baby (even though I put it in
(Qmail also has the luxury of being the product of someone who comes off as a complete asshole. I can guarantee you that the fact that Qmail doesn't have any known security holes is not for a lack of trying. There are plenty of people who would *love* to find a hole in Qmail just to shut him up . I hope djb doesn't have mod points!)
[I'm running IIS btw...]
How do you think I got in to read your e-mail?
Aye. ClearType on my laptop rules. When I VNC to said box on my work CRT, however, everything looks nasty.
I'd personally be willing to fork over $500 to get SomaFM back on the air. Sure, it may be too much for some people (and it's not negligible to me, either), but I'm fairly certain most stations worth their salt can find three or four people willing to do the same to handle their back payments.
Since I started using Mozilla's built-in popup blocking I haven't seen any of their delightful ads. It's good to hear they're still around.
I've become rather used to the rhythmic hum of my PCs (there are four in this room) while I sleep. Sure, I had to get a voltage regulator for the 6000-something RPM fan on my Athlon XP's heatsink (even I have limits), but I didn't turn it down too far. Hell, none of my PCs even have cases on them besides the laptop.
:).
Of course, on the rare occasions when members of the opposite sex have slept in this room (Gasp! It has happened. Recently, even!) I have gotten more than one complaint about the noise and turned my boxen off. I just chalk it up to the fact that the girls don't tend to be geeks, which isn't such a bad thing
I just don't think this guy is part of what you would call Debian's "target audience". Part of the reason I like Debian is that it doesn't make me go sorting through a huge list of video cards. I know that I need the nv driver and that I'll probably be quickly switching it to the nvidia driver once the system is up and running.
In fact, I have pre-written and tweaked XFree86 configuration files for each of my different machines available on one box via scp. There's no need to even ask me X questions in a system installer.
You may not have the option to install PHP from the setup menu, but I don't really care. I already know the name of the package to apt-get (not like the name isn't obvious) and I'd rather just type apt-get install php than go digging through potentially thousands of packages in a GUI list to find it. Hell, even if I didn't know it, I could fairly easily just apt-cache search php and find out.
On a different note, Java probably isn't readily available due to legal issues with Sun. FreeBSD is the same way, you have to manually fetch the necessary distribution file from java.sun.com. It's not like this is hard to do.
I'm not trying to troll or be a jerk. I like Debian because, as an experienced user, it gets out of my way most of the time and what it *does* do for me is truly useful. Its package system makes it extremely quick and easy for me to keep my systems up to date without burying me in a mountain of GUI widgets.
I respect the reviewers opinion, and don't necessarily have a problem with the review. I would, however, ask that he understand that there are tons of distributions out there right now. Some are geared towards people who don't want to get some dirt under their fingernails, and a precious few are geared towards those who either do or who have and are fully comfortable with it. Some of the former even have Debian underpinnings with a face he would be more happy with. Maybe there's not a problem with Debian, maybe it's just not for him.
I used to play Duke Nukem on Kali and across dial-up lines with my friends back in the day. I tried to play it online again a few months ago and couldn't find a game.
:(. Duke 3D with FSAA @ 1600x1200 would be a hoot.
Yeah, it's not 3d, incredibly outdated, and it doesn't exactly take a ton of "skill" (auto-aim is on by default), but it is still amazing. The weapons in that game are unmatched for their ability to be used in extremely creative ways (tripmines and pipebombs rule) and some of the third party custom levels (of which there are quite literally thousands) are an absolute riot.
If the publishers are listening, stop putting out crap like "Duke Nukem: Manhattan Project" and get to work on the true sequel that everyone wanted five years ago. No matter what the critics say, we'd still all love to see it.
Failing that, I'd be content with buying a re-release of the Atomic version of the original with true TCP/IP network games, Linux and Windows (not DOS) executables, and updated graphics and sound. You don't even need a full OpenGL renderer, just touch up the sprites and let me crank the video beyond 800x600. It looks like total shit on my 21" monitor as is
Counter-Strike: Condition Zero is being developed by Gearbox Software (they've done various Half-Life official expansions), for the most part independent of Valve.
I believe Valve is working on another game (hopefully Team Fortress 2, yeah right) and Gooseman/Minh is working on a true CS sequel for that game.
http://www.counter-strike.net/faq.html (at the bottom) says that the actual CS team is not involved in the production of CS:CZ beyond ensuring the game stays true to the original.
I wouldn't say I flunked out because of him, but he certainly gave me something to do when I was skipping class.
:P (to actually do my work this time. I don't want to see corporate america again for four years at least).
No regrets. It was fun, and I'm going back
I wouldn't say this is the case. One of the biggest reasons for Counter-Strike's success is the fact that it's based on an old game. There are a few major reasons for this:
1) Half-Life was a great game in its own right. It was also one of the best selling FPS games ever. As such, most PC gamers already owned everything they needed to start playing once CS came out. This is the power of a good mod being in the right place at the right time, and it is not to be overlooked. UT2K3 is supposed to be a dream to mod for. Much more so than Half-Life was. Be on the lookout there.
2) Many people have been playing CS for quite a long time, and as such have gotten very good at it. Most of these people hate the idea of trading in all their skills to begin again as a newbie in one of the "pretty" new games. This is a bigger sticking point than you might think. Also, ladders and leagues have fairly complex rulesets that have been tweaked to create the best possible competitive experience. Doing this with a new game is not easy and takes time.
3) Half-Life is based on Quake technology and has years of development behind it. The game is rock-solid stable. The few bugs in the engine (physics, etc) are well known and compensated for automatically by decent players. Contast this with something like Battlefield: 1942 or UT2K3. They'll get to the same level, but by then they'll be old.
4) The development tools are mature and there are plenty of map makers, coders, modelers and skinners that know how to use them. CS has some great maps, and to my knowledge pretty much every one of them has come from an unpaid third party mapper. The tools these guys use can be quite complex, and learning them for a new engine can be quite difficult. Not only that, but once you know how to use them, you need to spend a lot of additional time finding out what "works" with the gameplay. This is non-trivial and so these guys tend to stick with a game as long as they can, moving on to a new one only when they're fairly sure it's good enough to ride for a while in the future.
5) Most importantly, pretty means very little to gamers. Sure, they like to gawk at pretty pictures as much as the next guy, but they're not going to give up a great game just because something comes along that's prettier. You can still find a few raging NetQuake battles out there if you want. Why? The game rocks. Also, just because the hardcore among us (myself included) just must have the latest and greatest hardware doesn't mean all of us are that way. I constantly hear people in CS games complaining about how slow the game is on their P2-300/TNT. How do you think these people would fair trying to play RTCW? I get a little pissed at the framerates on that game myself, and I have an Athlon XP and a GeForce4.
Actually he is working (I believe exclusively at this point) on a second mod. A follow-up to Counter-Strike for Valve's next game.
He is, to my knowledge, on their payroll. As such, I'd say he's fairly unlikely to to be the subject of a lawsuit of any kind from Valve or Sierra (the game's publisher).
I've always wondered why the government does this. Why deny the existence of something when it's staring us right in the face?
I understand the need to keep secrets, but come on. This cat was quite obviously out of the bag a long time ago.
It's not a "need to know" thing. AFAIK they aren't planning on taking SUID/SGID out of OpenBSD or anything.
If you happen to know (or happen to be willing to find) the necessary syscalls you just get the advantage of a little better security. Even then, you don't have to do it if you don't want to.
Of course not. The web belongs to people who write Perl and use vi :).
Maybe I'm really Robert Novak and I'm just pretending to think he's insane so I can post mean comments and sue Slashdot. Or maybe that's just what I want you to think. Or maybe that's just what I want you to think... I want you to think... or something?
:).
No, he's really crazy.
Besides, there's no money to get out of VA Software anyway
Pets Warehouse sucks.
(I don't know anything about Pets Warehouse, I just think it'd be funny to get sued by this loon. Hope he reads Slashdot!)
Heh, replying to my own comment. The discrepancy between the price in the subject and the price in the body of my comment is the result of me saying "Oh, yeah, I got one for $39," starting the comment, then checking my online bank statement to be sure I was right and realizing I was charged $29.
:).
I don't know if the original price was a mistake or something on their part since the price has changed since I signed up, but I'm not crazy, I promise
Rackshack was selling Geotrust certs for $29. Had this story been posted a day or two earlier you could have gotten in on it :). They seem to be selling them now for $49, which is still *much* better than you'll find from say Thawte/Verisign. They've worked in every browser I tried, though I believe I just saw someone say they don't work in Opera. Oh well, small price to pay to save $120+ on a cert.
AOL/TW just needs to drop one of the many ridiculously stupid channels they own and create a channel that's just 24/7 Adult Swim-style programming. I'd never turn it off.
Of course, if people listened to me there'd already be a channel devoted strictly to The Simpsons.
To compensate for the addition of these new channels I propose the axing of TBS and Turner South.
I live pretty close to Turner, and would be willing to come down to their studios and fix all the other broken programming they have. All I ask in return is huge quantities of cash so I can live like Jay-Z.
Pretty fair, if you ask me.
If you had the financial backing to do this, why waste your time with doing it? Just buy whichever politician won. It's easier and far more socially acceptable.
I only skimmed the material because I got rid of my SMS-capable phone last year and don't have a specific interest in this.
:).
It looked to me like this decision only applied to advertisements embedded in messages from a service users subscribed to. If that's the case, you're not paying any more to receive the ads (IIRC. Like I said, no more SMS) since SMS messages are charged on a per-message basis and you asked to receive the actual message.
As far as the need to disclose the source of the ad, here's a hint: The ad was paid for by whomever it portrays favorably. It was paid for by the opponent of whomever it portrays negatively.
If it pisses you off, unsubscribe from the service. If it really pisses you off, write a letter to the politician responsible for the ad and let them know you'll be voting against them due to their annoying advertising practices. With SMS not really being an established advertising medium that's shown proven results, they might actually stop using it if they get a couple complaints.
I actually wouldn't mind it too much. As it stands I'm not familiar with half the people I see on the ballots. Any bone-headed moves the candidates want to make to lose my vote only makes my day at the polls that much easier
Isn't Microsoft cutting it a bit close? A penny more and they'd be overcharging.
The filters will quickly adapt to counter this behavior after at most a couple "delete as spam" clicks (and possibly none at all if the brief sales pitch is incriminating enough).
The resistence to this sort of tampering is exactly why this is such a great technique.