I have quit reading computer-related magazines after Polish edition of Amiga Mag went down. When I sometimes browse a PC magazines on a display I wonder how anyone can even try to read it. It's filled with ads, has poorly written articles that reads like adverts, lame "Ten Things About Whatever" and interviews with people who are unintresting but have ties and a CEO business cards.
When I want to get some opinions on new hardware I'd rather to browse Internet, it's quicker and there's more different stories. When I want computer related news or reviews, there's/., Ars.
So, they gave poor rating to cheap Linux computer. No story here. I wouldn't expect them rate it any different. No Vista, no cash for publishers.
Re:"The silent majority" is uninformed.
on
Storm Worm Rising
·
· Score: 1
So your solution is the nuclear option of not allowing users to run *anything* that isn't preinstalled ?
What? Normal user should not install stuff in his home. There's/usr where programs should end up. And that's root job to put'em there. This is a feature because I can force some policy over my users
Most (if not all) UNIX email programs store their configuration in well-known plaintext files
Difference is we didn't saw anything working yet. So while I know it can be done it haven't been done just yet.
No machine where ignorant end users have the ability to make critical configuration and runtime decisions can be "secure"
OK, if I'll put you in a/home with noexec, will forbid you to bind low ports, push all network access to 25/110/80/whatever by proxy, put you in untrusted group with limited access to apps in/usr/bin and will perform simple backup of your home directory -- would you say I provided better evn. to prevent viruses? Because all this can be done with tools that are shipped by most distros.
Again: Linux or BSD is not more secure. But it's more transparent. So it can be secured better. That's my uneducated opinion -- I'm developer not sysadmin.
When I was working as developer at ISP in my city IT guys followed this steps:
Call person with a infected computer and ask him to disconnect it from the network and fix it
His IP was added to monitoring system. If he would not comply, someone would go to his place and disconnect him in a switch box
He would have to call back and tell us he fixed his problem, then we restored or let him put eth cable back.
If he couldn't do it, we had a list of people near him (also our customers) who agreed to assist helpless people (yeah, you may think it's strange, but people sometimes like to help, and maybe get a cookie or beer, or just a handshake)
We could also send someone from IT to fix it for small charge
In our contract there was a paragraph: Keep your computer clean. You're not alone in the network.
Re:"The silent majority" is uninformed.
on
Storm Worm Rising
·
· Score: 1
You're 100% right that UNIX is not silver bullet of security. I'll address few of your points, but don't take my word for it, and my answers would not be kernel-related
An uneducated user from executing a binary file they download from a URL they are given
Mounting/home and/tmp partitions as noexec (you can't run binaries from them) can be helpful here.
A process that user is running from executing further code with that user's privileges
Nothing, that would be silly.:-)
That user's processes from making outbound TCP/UDP connections
Nothing, again.
That user's processes from accessing an SMTP server to send emails
Again, nothing, but difference is, while in Windows most users uses Outlook and virus can read and parse configuration of said program and use this data to perform auth on victim SMTP server. That way you get better chances of replication. Doing simple SMTP server is possible, but it will degenerate successful rate of sending. First, you would have to send from your local IP, and there's a big number of SMTP that would drop connection from dynamic IP. You have no MX, again, drop. If you're behind NAT, your computer will not be traced back by other SMTP, again connection dropout. You would not have RevDNS entry. Again. Simple SMTP in virus will not deal with queue, so any server with greylisting will ignore it.
Not being sysadmin I remember being informed by one that you can forbid user from binding port. On both, BSD and Linux.
A user from configuring a process to run on logging in
Again, nothing -- but that's not the source of problem.:-)
RPM is not a distro, for fuck sake. It's a package format. You know? Files and metadata? Can we stop this 'RPM is bad, think about children!' stuff?
Old RPM tools had problems, sure. But new package manager was developed past last few years. They do mostly what APT do. Yet, you're still confused abut APT/Yum(or whatever) and.deb/.rpm
/. should be filled with people aware of difference between package format and package manager, or am I wrong?
Hmmm, let's see... on the one hand I can start paying for updates after 12 months.... on the other hand I get free updates for 18 months (or 36 months for LTS releases).
Yes, but maybe, just maybe, you'll get some form of support except packages update? You know? Ability to call call center or whatever? I was never a RH follower but I say, give them a benefit of doubt in their desktop market reapperance.
I want to see more good offering on Linux desktop. And RH has muscle to push some changes. They have quite a good brand and following of loyal customers in a business setting.
Maybe the execs at Red Hat need to update their hat size as whatever they're wearing appears to be cutting off circulation to their brains.
I invite you to do grep -r "@redhat.com". in few bigger FOSS projects. Yeah, I bet they are all stupid. Running so big FOSS-based company. How do they feed them self? Amazing!
Still, sounds like something very harmless. You should see Amiga-related (not AmigaOS related as much of the population used Amiga as game console) viruses, like Saddam. I think orginal Saddam could be proud this piece of horrible software.
Then, with release of AmigaOS 2.04, we had new kind of viruses. They would spread like... er... viruses? They patched all systems calls dealing with resources loading and all your fonts, device drivers, libraries, executables was infected. I still remember Happy New Year 1996 -- it took me two days with no sleep to clean my disk. Anti-virus software that could deal with it was designed by someone who hated people. First, you passed what it should scan. Then, when process started, at every instance of virus it would start FROM THE TOP. And it would say "Oh, you have an virus. It was deleted. Continue?" You HAD to click it to start again. My Libs: directory had over 6500 shared libraries. All infected.
(Yes, I realize it was done to prevent from recursive infection. This should not be the case since all system vectors was checked all the time by the very same program.)
I think this guy was hired to do 'Allow or Cancel' component.:-)
You aren't making any sort of choice based on the merits of the system
You see, I consider technological partners of my vendor to have merit while selecting an OS. If the partner is well known of thier abusive bahavior and I'll invest time/hard-cold-cash into OS that can be somehow "pushed-around", I'll consider it as a bad thing.
Imagine this: I run a company that has 10 servers running OS developed by Company X who partners with Company Z. I run a Open Source implementation of, let say, Exchange. It's core of my operations. I contribute code and maintain al servers. But then, Company Z says: Hey, Company X, renember the $AMOUNT you get? Drop support for libexchange from all you packages.
Now, I will have to a) put up with it, build my custom packages and deal with security issues for the OS I've paid, b) switch to other distro, and that would cost me in time, customers anger and relearning system tools.
if Novell has customers and developers supporting them
You reap what you sow. Novell exposed themself to any FUD by going to bed with MS. Now everything they do (whatever it will be FOSS friendly or commercial) will be taken into MS deal context. It will just get harder and harder to wash off mud thrown by others.
Not that I think FUD is a weapon FOSS supporters should use. But a bit of paranoia is healthy.:-P
FWIW they are quite popular for personal uses. Quite a few people I know got lastname.eu because they couldn't get.com/.net/.org -- so most of this sites are blogs, FOSS projects and the like. Companies who got.eu are probably using it just as an alias.
A new TLD was released and people who missed chance to get.org/.net/.com or Country-TLD are trying to get one? Colour me surprised.;-)
Re:Will anyone gain anything from this? Not Linux
on
The End is Nigh for XP
·
· Score: 1
How can that be?
Easy. I work a lot better in *NIX env. I love when I can solve my problems with bit of magic here and there. I can use same system on different HW platforms (I owe PPC/x86 computers). Linux "scales" to my needs. I can throw Openbox with set of tools on my P2/400 laptop with GPRS (very handy when you travell -- you don't have to be afraid it will get stolen or b0rken;-) and it will still work as similar as it can to my high-end machine.
I like dev-tools on *NIX side better. I like to solve problems with Ruby hacks.
This is, of course, personal taste. But I hope it ansfer your question.:-)
But "simplify" and "XML format" in once sentence does not always "return true;". If the number of information stored in XML will grow how much CPU time and storage it will require? Wouldn't it be better to get in into database and provide XML based API? Querying XML is a bit slower than asking any DB. Even SQLite.
South Park episode where gates gets lynched for touting the benefits of windows 98 "Well, it's over five million times.." -- BAM!
He was killed in "SP: The Movie" because of Windows 98 breakdown.
He needs to keep the boxes moving out the door. It's all promo anyway. Well, MS will "sell" Vista thanks to Dell, HP and other OEMs.
I haven't heard about all those Mac exploits he's referring to, have you? OSX ships with a dozen of thord part apps like PHP, Apache and Ruby (IIRC, my experience with OSX is very limited) and I've seen some security alerts regarding all of them since last release of OSX. I bet you could find some local exploits in them. Anyway, MS talking about exploits is a "pot calling kettle black". But no, I haven't hear about some nasty, transforming-to-botnets viruses for OSX.
It's sane to delay if a fuature missing is "our main character dies when he's near wall" but it's insane to delay product if you'd like to add "an e-market where you can buy branded underware and send e-mails with.MID song attached"
Maybe they fight spam in stupid way by letting fake SMTP servers eat thier e-mails? Normal SMTP server will delay deliver while spam-bot will gave up. They not follow RFC from what I know.;-)
"I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't."
Slashdot Mirror
You could click title with right mouse button and select "Move". No "secret keyboard shortcuts" knowledge needed.
I have quit reading computer-related magazines after Polish edition of Amiga Mag went down. When I sometimes browse a PC magazines on a display I wonder how anyone can even try to read it. It's filled with ads, has poorly written articles that reads like adverts, lame "Ten Things About Whatever" and interviews with people who are unintresting but have ties and a CEO business cards.
When I want to get some opinions on new hardware I'd rather to browse Internet, it's quicker and there's more different stories. When I want computer related news or reviews, there's /., Ars.
So, they gave poor rating to cheap Linux computer. No story here. I wouldn't expect them rate it any different. No Vista, no cash for publishers.
What? Normal user should not install stuff in his home. There's /usr where programs should end up. And that's root job to put'em there. This is a feature because I can force some policy over my users
Difference is we didn't saw anything working yet. So while I know it can be done it haven't been done just yet.
OK, if I'll put you in a /home with noexec, will forbid you to bind low ports, push all network access to 25/110/80/whatever by proxy, put you in untrusted group with limited access to apps in /usr/bin and will perform simple backup of your home directory -- would you say I provided better evn. to prevent viruses? Because all this can be done with tools that are shipped by most distros.
Again: Linux or BSD is not more secure. But it's more transparent. So it can be secured better. That's my uneducated opinion -- I'm developer not sysadmin.
When I was working as developer at ISP in my city IT guys followed this steps:
In our contract there was a paragraph: Keep your computer clean. You're not alone in the network.
You're 100% right that UNIX is not silver bullet of security. I'll address few of your points, but don't take my word for it, and my answers would not be kernel-related
Mounting /home and /tmp partitions as noexec (you can't run binaries from them) can be helpful here.
Nothing, that would be silly. :-)
Nothing, again.
Again, nothing, but difference is, while in Windows most users uses Outlook and virus can read and parse configuration of said program and use this data to perform auth on victim SMTP server. That way you get better chances of replication. Doing simple SMTP server is possible, but it will degenerate successful rate of sending. First, you would have to send from your local IP, and there's a big number of SMTP that would drop connection from dynamic IP. You have no MX, again, drop. If you're behind NAT, your computer will not be traced back by other SMTP, again connection dropout. You would not have RevDNS entry. Again. Simple SMTP in virus will not deal with queue, so any server with greylisting will ignore it.
Not being sysadmin I remember being informed by one that you can forbid user from binding port. On both, BSD and Linux.
Again, nothing -- but that's not the source of problem. :-)
RPM is not a distro, for fuck sake. It's a package format. You know? Files and metadata? Can we stop this 'RPM is bad, think about children!' stuff?
Old RPM tools had problems, sure. But new package manager was developed past last few years. They do mostly what APT do. Yet, you're still confused abut APT/Yum(or whatever) and .deb/.rpm
/. should be filled with people aware of difference between package format and package manager, or am I wrong?
Yes, but maybe, just maybe, you'll get some form of support except packages update? You know? Ability to call call center or whatever? I was never a RH follower but I say, give them a benefit of doubt in their desktop market reapperance.
I want to see more good offering on Linux desktop. And RH has muscle to push some changes. They have quite a good brand and following of loyal customers in a business setting.
I invite you to do grep -r "@redhat.com" . in few bigger FOSS projects. Yeah, I bet they are all stupid. Running so big FOSS-based company. How do they feed them self? Amazing!
Still, sounds like something very harmless. You should see Amiga-related (not AmigaOS related as much of the population used Amiga as game console) viruses, like Saddam. I think orginal Saddam could be proud this piece of horrible software.
Then, with release of AmigaOS 2.04, we had new kind of viruses. They would spread like... er... viruses? They patched all systems calls dealing with resources loading and all your fonts, device drivers, libraries, executables was infected. I still remember Happy New Year 1996 -- it took me two days with no sleep to clean my disk. Anti-virus software that could deal with it was designed by someone who hated people. First, you passed what it should scan. Then, when process started, at every instance of virus it would start FROM THE TOP. And it would say "Oh, you have an virus. It was deleted. Continue?" You HAD to click it to start again. My Libs: directory had over 6500 shared libraries. All infected.
(Yes, I realize it was done to prevent from recursive infection. This should not be the case since all system vectors was checked all the time by the very same program.)
I think this guy was hired to do 'Allow or Cancel' component. :-)
I wasn't clear, then. My point was: yes, there will be FUD. No, we shouldn't participate. Yes, we should be careful and learn from history.
C'mon, give a non-native-speaker a break. ;-)
You see, I consider technological partners of my vendor to have merit while selecting an OS. If the partner is well known of thier abusive bahavior and I'll invest time/hard-cold-cash into OS that can be somehow "pushed-around", I'll consider it as a bad thing.
Imagine this: I run a company that has 10 servers running OS developed by Company X who partners with Company Z. I run a Open Source implementation of, let say, Exchange. It's core of my operations. I contribute code and maintain al servers. But then, Company Z says: Hey, Company X, renember the $AMOUNT you get? Drop support for libexchange from all you packages.
Now, I will have to a) put up with it, build my custom packages and deal with security issues for the OS I've paid, b) switch to other distro, and that would cost me in time, customers anger and relearning system tools.
You reap what you sow. Novell exposed themself to any FUD by going to bed with MS. Now everything they do (whatever it will be FOSS friendly or commercial) will be taken into MS deal context. It will just get harder and harder to wash off mud thrown by others.
Not that I think FUD is a weapon FOSS supporters should use. But a bit of paranoia is healthy. :-P
Thanks for proving my point. :-)
FWIW they are quite popular for personal uses. Quite a few people I know got lastname.eu because they couldn't get .com/.net/.org -- so most of this sites are blogs, FOSS projects and the like. Companies who got .eu are probably using it just as an alias.
A new TLD was released and people who missed chance to get .org/.net/.com or Country-TLD are trying to get one? Colour me surprised. ;-)
Easy. I work a lot better in *NIX env. I love when I can solve my problems with bit of magic here and there. I can use same system on different HW platforms (I owe PPC/x86 computers). Linux "scales" to my needs. I can throw Openbox with set of tools on my P2/400 laptop with GPRS (very handy when you travell -- you don't have to be afraid it will get stolen or b0rken ;-) and it will still work as similar as it can to my high-end machine.
I like dev-tools on *NIX side better. I like to solve problems with Ruby hacks.
This is, of course, personal taste. But I hope it ansfer your question. :-)
But "simplify" and "XML format" in once sentence does not always "return true;". If the number of information stored in XML will grow how much CPU time and storage it will require? Wouldn't it be better to get in into database and provide XML based API? Querying XML is a bit slower than asking any DB. Even SQLite.
It's sane to delay if a fuature missing is "our main character dies when he's near wall" but it's insane to delay product if you'd like to add "an e-market where you can buy branded underware and send e-mails with .MID song attached"
The average availability was 55 percent
Maybe they fight spam in stupid way by letting fake SMTP servers eat thier e-mails? Normal SMTP server will delay deliver while spam-bot will gave up. They not follow RFC from what I know."I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't."
Quick, someone point him to rm manpage!