They're probably already logging the telephone number you're dialing in from anyway. Caller ID was standard with PRIs so I would think anyone dialing up to ISDN or 56K lines would have their number logged by the ISP's accounting software. Now, whether or not you can block it on your end is another thing. I didn't see much use in logging that info except if we were to have to deal with a script kiddie on our dialups. When the feds come knocking on your door it is nice to be able to give them a number so they get off your back.
Sounds like Ed Crankshaft was driving that snowplow. The best mailbox I've ever seen was attached to a huge boulder by this stiffened chain that held it up. To hit the mailbox you'd have had to hit the 400lb boulder first.
You did not pay attention to a god damned word he said. These are unskilled workers probably making shittier wages than the average techie kid straight out of high school. It's a choice between moving boxes in Amazon's sweatshops or flipping burgers in McDonalds. These people have to feed their families. They don't have the choice of the 22 year old yuppie kid who can "bend his boss over the table" and ask for a 100% raise. If they said something stupid like that to their boss they'd be told "Fine.. there are 200 more wetbacks coming in off the boat tomorrow who can fling a box around just as good as you do. Get the hell out of here." Remember, not all people are techies in these companies. They actually have to work for a living and do manual labor to put food on their table. Just consider yourself damned lucky you learned a useful skill and aren't in their position so you have the choice.
Wasn't there an article on here a few weeks ago about how scientists had managed to stop light and suspend it until they released it by using some gas? Are we going to see that be used for storage?:-)
Hey guys, I got big news for you. Don't even waste your time going to the Moon. We did it back in 1969 and boy.. there isn't shit there. It's just a bunch of rocks. The money would be better spent on condoms and sex education.
Also, they scratch easily, and drives can be finicky about working with them. I can take a CD-R I burned in my Yamaha CD burner and my generic 32x IDE cdrom can't read it at all. Pop it into my ancient 4x Sony SCSI cdrom drive and it's fine. Pop it into my car CD player and just spins and spits it out. CD's are just a pain in the ass. Floppies worked. Period. You put it in, your computer recognized it as long as it was formatted and not shattered into a million pieces, and all was right with the world.
Oh I don't know. How about they get advance knowledge of bugs that have been reported by decent Bugtraq users? Reports that let them prepare patches for their OS's before every lame-ass hacker and his brother gets the knowledge and goes on a script-kiddie hacking spree? Remember, it is the procedure of Bugtraq that you contact the manufacturer first and notify them of the bugs so that they can provide a fix in a timely manner. Only after you allow a sufficient amount of time to pass should you then release it to the public. Unfortunately there have been an increasing amount of luser kiddies out there who fail to take that step and think they can gain some kind of notoriety by posting bugs with exploits directly to Bugtraq without notifying the manufacturer. In BIND's case, the manufacturer (the BIND team) needs a mailing list that this contact can be contained to while working on patches so that said luser script-kiddies don't go terrorizing the net before a fix can be made available. Why on earth does everyone keep making this out to be some kind of vast conspiracy? BIND isn't becoming closed source and ISC isn't keeping security patches from being released. Chill out people.
I've had good luck with the Abit boards I've been using. A PIII-500 coppermine in a Abit BE6-2 and an AMD Duron 800 in a Abit KT7. Since I haven't really bought a different kinds of motherboard in 4 years I must wonder, are people out there still configuring your motherboards with jumpers to set the clock rate? What a pain in the ass that was. I can't imagine having to go back to a motherboard where I'd have to pop off the case and play with jumpers to just change the CPU clock or bus clock speed.
I predict that if Internic begins charging fees for domain names people will rise up and quickly squash the idea by shifting their domains to Alternic. Pffft.;-)
Why are you guys so worried about this anyway? This certainly doesn't stop anyone from publishing the exploits on Bugtraq AS THEY DO ALREADY. You'll get the same information at the same time as everyone else. This just gives the authors a bit more time to patch their code when someone brings a bug to their attention. Bugtraq has that same policy with closed source companies' operating systems and products. Inform the vendor, give them time to patch it, then release the information if they don't fix it within a timely manner. What's so bad about giving ISC and the BIND group the same priviledges? I think this is just another typical slashdot knee-jerk witchhunt that is completely unfounded.
It there's going to be a major fork, how about we fix that other humongous problem. OpenBIND would certainly be nice if it included OpenNIC and OpenRootServers.;-) The DNS system has got to be the funniest example of something sustained only by people's unwillingness and laziness to change to something else because what they have is "good enough". We're paying for domain names from companies because no one really bothers to implement a replacement that has gotten widespread enough support.
How about everyone just get over it and learn to deal with direct e-mail marketing like adults? I mean, if you guys had your way you'd shoot the postal carrier when he delivered junk mail to your door. Direct e-mail marketing (or spam as you call it I suppose) is on the rise and it isn't going anywhere. We might as well just learn to accept it. If you're really sick of Direct e-mail marketing you could always setup your mail client to discard all mail except those from people on an approved list. Then, no more "spam". All these silly RBL organizations are doing is spinning their wheels anyway. If there was a way to stop direct marketing then I wouldn't be interrupted during dinner by telemarketers or have to sift through 10 lbs of junk mail to get to the 2 letters I'm interested in. The courts have done nothing but support "spam" so why are we even bitching about it? If you're really against it, talk to your congressmen and get it legislated out of existence along with all other forms of direct mail. If you don't want to, then deal with it.
Every single one of us uses BIND on a daily basis. If I were to pull a statistic out of my ass, I'd say 95% of the name servers on the Internet use BIND, including all of the root servers. Every query you do uses BIND, every web site you view uses BIND. Quite simply, BIND is God. It's fascinating but true.
I don't suppose djbdns support Dynamic DNS, DNSSEC, or any of the other goodies that BIND does? I really wish I could switch and try it, but some of us have to at least TRY to deal with the Win2000 Active Directory weenies. Besides, DJB's whole notion of breaking these things up into seperate programs is just weird. To replace BIND I'd need to install at least 5 or 6 of his different programs of which I have no guarentee they'll even perform with the same functionality. It seems like his server doesn't even support TCP queries! Simply throwing up your hands and saying you should never get a response larger than 512 bytes is a stupid cop-out.
Why stop at speeding?? They could setup a system that broadcasts when a light is going to change. Your car would automatically brake when the light begins to turn yellow presuming it has enough time to safely stop. Once these kinds of ridiculous controls get implemented they only get worse. I guess this is what the old-timers are whining about when they say cars were much better in the 50's and 60's when you could actually work on them yourself with a cheap toolkit from Sears rather than needing a computer and thousands of dollars worth of equipment to fix some damned little computer chip. Other than being dangerous gas guzzling boats, cars from that era were really sweet.
chroot'ing anything is always a good idea. Especially with bind. I would think the less binaries and libraries available to an attacker within the chroot'd environment, the less options they have. Imagine getting dumped into a system with only 5 libraries, 4 device files in/dev, no user binaries, no shells, and only 2 or 3 bind binaries in an sbin directory running as user named. What options do you have left? Attempt to exploit the environment or kernel directly? This isn't something your average run-of-the-mill script kiddie is going to be able to do.
Still, I was under the impression from the first time I read the BIND 9 documentation that it *was* audited for security as it was being rewritten from scratch. Has this changed? Everyone says "BIND should be audited".. well, if it already has, then the answer would be to run BIND 9 no? I'll probably be switching to it once I fix my damned joins to put in the mandatory $TTL field now.:-)
djbdns is NOT a viable alternative to BIND IMHO. It has no support for many of the emerging standards like DNSSEC, dynamic DNS, integration with Microsoft Active Directory, etc. So yes, if all you're planning on doing is serving up static names on port 53 (udp only of course since he apparently doesn't believe a DNS packet should ever be larger than 512 bytes) then use djbdns. The rest of us have to deal with a real world where people ARE looking to implement these new technologies and they are damned nifty.
How about instead of worrying about buggy APM support on servers, companies start to lobby California's government for some hard regulatory changes so power companies can actually start building new power plants there? I'm sorry if the environmentalists don't like this idea, but this is the only way to fix the situation. I find it personally offensive that the federal government has to force neighboring states to sell power to California because their own short-sightedness has put them in this situation. What did they think was going to happen? Huge population growth and no new power plants in years (decades?) are a recipe for disaster.
You could try and get everyone to suddenly decide to put solar panels on their rooves and start conserving electricity. Not bloody likely to those newly rich Internet millionaires who just bought their first $5 million home with completely automated toilet flushing facilities and 10000 watt lighting in the backyard so they can play nerf gun wars in the middle of the night.
Anyway, as others have pointed out, spinning down drives in ANY machine is a BAD idea. You're just putting more wear-and-tear on the system causing it to fail sooner. That may be fine for your $1k PC with the $100 ATA hard drive in it but when you're spinning down $50k worth of disks every once in awhile you're going to kill their MTBF rate! If your community cannot provide adequate power needs for your businesses you should leave and move it to somewhere that does. Come to the midwest for example. We'd be happy to build as many nuclear power plants as you need to get some of those fat tech jobs and money.;-)
Well, the TV Tuner stuff should be fairly good, especially if you get a card with a bt848 chip in it. I know my Hauppauge WinTV card worked quite nicely under Linux a couple years ago. MP3 rippers and players likewise should be very well supported. What I'd really like to see is a nice all-in-one set top box that you can pop a DVD into, select "rip" and have it unencrypt it and store it on the hard drive for later viewing. i.e. for those days when you've spent the damned money at Blockbuster to rent the DVD but just do not have time to get around to watching it and you don't want to pay the late fee. Maybe even throw in a DVD writer (the new Mac G4's have one) to make a home piracy kit.;-)
You mean like Linux Half-Life? I have to give this a try myself. If I can get Counter-strike working under Linux I may as well just wipe off Win2k from my system and boot into Linux fulltime again.
I think the new site is ugly and hard to navigate. What was wrong with the old layout? The boxes around each seperate application announcement made it easier to discern one from another. Now they just have a short line and it all flows together. I mean, what's with all the retro-ness of the site? It looks like someone's first HTML 2.0 project web site.
I guess one must also wonder whether by guessing the password you've illegally accessed their web site. On the other hand, the password was so trivially easy they probably have no leg to stand on.
Please, support anything else, but do NOT support that bastardized "standard"! "Security" wasn't even on anyone's mind when they drew up those specs! It uses random TCP AND UDP ports established from both directions and encodes the IP address of the client into the packets making NAT'ing it a bitch. This has got to be one of the worst protocols ever devised and I want to urge everyone to avoid it so that it goes away. If you have a firewall or even a nat'ing gateway you are quite literally fucked if you need to support this.
Slashdot Mirror
They're probably already logging the telephone number you're dialing in from anyway. Caller ID was standard with PRIs so I would think anyone dialing up to ISDN or 56K lines would have their number logged by the ISP's accounting software. Now, whether or not you can block it on your end is another thing. I didn't see much use in logging that info except if we were to have to deal with a script kiddie on our dialups. When the feds come knocking on your door it is nice to be able to give them a number so they get off your back.
Sounds like Ed Crankshaft was driving that snowplow. The best mailbox I've ever seen was attached to a huge boulder by this stiffened chain that held it up. To hit the mailbox you'd have had to hit the 400lb boulder first.
You did not pay attention to a god damned word he said. These are unskilled workers probably making shittier wages than the average techie kid straight out of high school. It's a choice between moving boxes in Amazon's sweatshops or flipping burgers in McDonalds. These people have to feed their families. They don't have the choice of the 22 year old yuppie kid who can "bend his boss over the table" and ask for a 100% raise. If they said something stupid like that to their boss they'd be told "Fine.. there are 200 more wetbacks coming in off the boat tomorrow who can fling a box around just as good as you do. Get the hell out of here." Remember, not all people are techies in these companies. They actually have to work for a living and do manual labor to put food on their table. Just consider yourself damned lucky you learned a useful skill and aren't in their position so you have the choice.
Wasn't there an article on here a few weeks ago about how scientists had managed to stop light and suspend it until they released it by using some gas? Are we going to see that be used for storage? :-)
Hey guys, I got big news for you. Don't even waste your time going to the Moon. We did it back in 1969 and boy.. there isn't shit there. It's just a bunch of rocks. The money would be better spent on condoms and sex education.
Also, they scratch easily, and drives can be finicky about working with them. I can take a CD-R I burned in my Yamaha CD burner and my generic 32x IDE cdrom can't read it at all. Pop it into my ancient 4x Sony SCSI cdrom drive and it's fine. Pop it into my car CD player and just spins and spits it out. CD's are just a pain in the ass. Floppies worked. Period. You put it in, your computer recognized it as long as it was formatted and not shattered into a million pieces, and all was right with the world.
Oh I don't know. How about they get advance knowledge of bugs that have been reported by decent Bugtraq users? Reports that let them prepare patches for their OS's before every lame-ass hacker and his brother gets the knowledge and goes on a script-kiddie hacking spree? Remember, it is the procedure of Bugtraq that you contact the manufacturer first and notify them of the bugs so that they can provide a fix in a timely manner. Only after you allow a sufficient amount of time to pass should you then release it to the public. Unfortunately there have been an increasing amount of luser kiddies out there who fail to take that step and think they can gain some kind of notoriety by posting bugs with exploits directly to Bugtraq without notifying the manufacturer. In BIND's case, the manufacturer (the BIND team) needs a mailing list that this contact can be contained to while working on patches so that said luser script-kiddies don't go terrorizing the net before a fix can be made available. Why on earth does everyone keep making this out to be some kind of vast conspiracy? BIND isn't becoming closed source and ISC isn't keeping security patches from being released. Chill out people.
I've had good luck with the Abit boards I've been using. A PIII-500 coppermine in a Abit BE6-2 and an AMD Duron 800 in a Abit KT7. Since I haven't really bought a different kinds of motherboard in 4 years I must wonder, are people out there still configuring your motherboards with jumpers to set the clock rate? What a pain in the ass that was. I can't imagine having to go back to a motherboard where I'd have to pop off the case and play with jumpers to just change the CPU clock or bus clock speed.
I predict that if Internic begins charging fees for domain names people will rise up and quickly squash the idea by shifting their domains to Alternic. Pffft. ;-)
Why are you guys so worried about this anyway? This certainly doesn't stop anyone from publishing the exploits on Bugtraq AS THEY DO ALREADY. You'll get the same information at the same time as everyone else. This just gives the authors a bit more time to patch their code when someone brings a bug to their attention. Bugtraq has that same policy with closed source companies' operating systems and products. Inform the vendor, give them time to patch it, then release the information if they don't fix it within a timely manner. What's so bad about giving ISC and the BIND group the same priviledges? I think this is just another typical slashdot knee-jerk witchhunt that is completely unfounded.
Or I can just run BIND 9.1.0 and not have to worry about whether I'm running the right programs to properly serve DNS queries on the net.
It there's going to be a major fork, how about we fix that other humongous problem. OpenBIND would certainly be nice if it included OpenNIC and OpenRootServers. ;-) The DNS system has got to be the funniest example of something sustained only by people's unwillingness and laziness to change to something else because what they have is "good enough". We're paying for domain names from companies because no one really bothers to implement a replacement that has gotten widespread enough support.
How about everyone just get over it and learn to deal with direct e-mail marketing like adults? I mean, if you guys had your way you'd shoot the postal carrier when he delivered junk mail to your door. Direct e-mail marketing (or spam as you call it I suppose) is on the rise and it isn't going anywhere. We might as well just learn to accept it. If you're really sick of Direct e-mail marketing you could always setup your mail client to discard all mail except those from people on an approved list. Then, no more "spam". All these silly RBL organizations are doing is spinning their wheels anyway. If there was a way to stop direct marketing then I wouldn't be interrupted during dinner by telemarketers or have to sift through 10 lbs of junk mail to get to the 2 letters I'm interested in. The courts have done nothing but support "spam" so why are we even bitching about it? If you're really against it, talk to your congressmen and get it legislated out of existence along with all other forms of direct mail. If you don't want to, then deal with it.
Every single one of us uses BIND on a daily basis. If I were to pull a statistic out of my ass, I'd say 95% of the name servers on the Internet use BIND, including all of the root servers. Every query you do uses BIND, every web site you view uses BIND. Quite simply, BIND is God. It's fascinating but true.
I don't suppose djbdns support Dynamic DNS, DNSSEC, or any of the other goodies that BIND does? I really wish I could switch and try it, but some of us have to at least TRY to deal with the Win2000 Active Directory weenies. Besides, DJB's whole notion of breaking these things up into seperate programs is just weird. To replace BIND I'd need to install at least 5 or 6 of his different programs of which I have no guarentee they'll even perform with the same functionality. It seems like his server doesn't even support TCP queries! Simply throwing up your hands and saying you should never get a response larger than 512 bytes is a stupid cop-out.
Why stop at speeding?? They could setup a system that broadcasts when a light is going to change. Your car would automatically brake when the light begins to turn yellow presuming it has enough time to safely stop. Once these kinds of ridiculous controls get implemented they only get worse. I guess this is what the old-timers are whining about when they say cars were much better in the 50's and 60's when you could actually work on them yourself with a cheap toolkit from Sears rather than needing a computer and thousands of dollars worth of equipment to fix some damned little computer chip. Other than being dangerous gas guzzling boats, cars from that era were really sweet.
chroot'ing anything is always a good idea. Especially with bind. I would think the less binaries and libraries available to an attacker within the chroot'd environment, the less options they have. Imagine getting dumped into a system with only 5 libraries, 4 device files in /dev, no user binaries, no shells, and only 2 or 3 bind binaries in an sbin directory running as user named. What options do you have left? Attempt to exploit the environment or kernel directly? This isn't something your average run-of-the-mill script kiddie is going to be able to do.
:-)
Still, I was under the impression from the first time I read the BIND 9 documentation that it *was* audited for security as it was being rewritten from scratch. Has this changed? Everyone says "BIND should be audited".. well, if it already has, then the answer would be to run BIND 9 no? I'll probably be switching to it once I fix my damned joins to put in the mandatory $TTL field now.
djbdns is NOT a viable alternative to BIND IMHO. It has no support for many of the emerging standards like DNSSEC, dynamic DNS, integration with Microsoft Active Directory, etc. So yes, if all you're planning on doing is serving up static names on port 53 (udp only of course since he apparently doesn't believe a DNS packet should ever be larger than 512 bytes) then use djbdns. The rest of us have to deal with a real world where people ARE looking to implement these new technologies and they are damned nifty.
You could try and get everyone to suddenly decide to put solar panels on their rooves and start conserving electricity. Not bloody likely to those newly rich Internet millionaires who just bought their first $5 million home with completely automated toilet flushing facilities and 10000 watt lighting in the backyard so they can play nerf gun wars in the middle of the night.
Anyway, as others have pointed out, spinning down drives in ANY machine is a BAD idea. You're just putting more wear-and-tear on the system causing it to fail sooner. That may be fine for your $1k PC with the $100 ATA hard drive in it but when you're spinning down $50k worth of disks every once in awhile you're going to kill their MTBF rate! If your community cannot provide adequate power needs for your businesses you should leave and move it to somewhere that does. Come to the midwest for example. We'd be happy to build as many nuclear power plants as you need to get some of those fat tech jobs and money.
I haven't tried it yet. Just saw it today. ;-)
Well, the TV Tuner stuff should be fairly good, especially if you get a card with a bt848 chip in it. I know my Hauppauge WinTV card worked quite nicely under Linux a couple years ago. MP3 rippers and players likewise should be very well supported. What I'd really like to see is a nice all-in-one set top box that you can pop a DVD into, select "rip" and have it unencrypt it and store it on the hard drive for later viewing. i.e. for those days when you've spent the damned money at Blockbuster to rent the DVD but just do not have time to get around to watching it and you don't want to pay the late fee. Maybe even throw in a DVD writer (the new Mac G4's have one) to make a home piracy kit. ;-)
You mean like Linux Half-Life? I have to give this a try myself. If I can get Counter-strike working under Linux I may as well just wipe off Win2k from my system and boot into Linux fulltime again.
I think the new site is ugly and hard to navigate. What was wrong with the old layout? The boxes around each seperate application announcement made it easier to discern one from another. Now they just have a short line and it all flows together. I mean, what's with all the retro-ness of the site? It looks like someone's first HTML 2.0 project web site.
I guess one must also wonder whether by guessing the password you've illegally accessed their web site. On the other hand, the password was so trivially easy they probably have no leg to stand on.
Please, support anything else, but do NOT support that bastardized "standard"! "Security" wasn't even on anyone's mind when they drew up those specs! It uses random TCP AND UDP ports established from both directions and encodes the IP address of the client into the packets making NAT'ing it a bitch. This has got to be one of the worst protocols ever devised and I want to urge everyone to avoid it so that it goes away. If you have a firewall or even a nat'ing gateway you are quite literally fucked if you need to support this.