A while back while working on our web site, we put up the default IIS page for an hour or so as a prank. Next thing I know, we're up on attrition.org as a defacement! We tried to get them to stop saying that since we had defaced our own site, but got no response. So, for weeks we had to answer questions from people wondering how the break-in had occured, and if they were vulnerable too.
I'll tell you, it was the last time I screwed around with the site like that (though the patent protest page did cause one similar inquiry).
Given the methodology of Gentoo's packaging system, I'm not surprised that it's the first mainstream Linux distribution that's making it over to the PS2.
Slackware has supported the Microchannel bus based PS/2 machines for years.
This is true, but I suspect most of the packages would run on a 386 anyway (but haven't tested this, as the olde-original-slackware-devel-box is mothballed somewhere in the garage). Most of the kernels wouldn't boot on a 386 though, so you'd need to compile your own. The "lowmem.i" kernel is a notable exception.
BTW, said "old development box": Packard Bell 386SX16/4MB. Glad I'm not using that anymore.
Yeah, that's a great idea, I'll resurrect an old 386 with a 11 year old linux distribution, put it on the net, and watch all 11 years of security holes get exploited! yay!
Doubtful. They'd actually have to THINK about how to attack old holes that have been patched for years. More likely your box will get hit by script kidz trying to exploit modern holes (like buffer overflows with Red Hat specific offsets) and your box will remain unexploited.
Not that I recommend this, mind you, but there is a certain amount of security that you get from running an OS that nobody uses anymore.
Slackware is more like Guinness (extra stout, not the draught), in the 'slap upside the head' kinda way.
I'll second that. (and I also prefer the extra stout most of the time, even though the stuff we get here is now brewed in Canada) However, Slackware is actually a home-brewed Irish style stout.
It's been a few years, but IIRC...
Mash the following grains to produce about 6 gallons of wort:
7.5 pounds of pale malt. (preferably British or Belgian 2-row) 1 pound of roasted, unmalted barley. Dark black stuff for the proper Guinness approach. (BTW, the use of unmalted roasted grain rather than roasted malt is what sets a stout apart from a porter).5 pound steel cut oats. OK, this is not traditional in an Irish stout, but gives the beer a creamier texture which you'll want if you'll be bottle carbonating.
162F is a good strike temp for the mash. Generally I'd do a modified mash where you drain some wort, heat it up, and return it to the mash to keep things around 150F - 155F until the starches are done converting. Oh -- bit of Burton river salt (mostly gypsum) in the water also helps extraction.
Then, boil it up. Use bittering hops like Chinook, Fuggles, or Kent Golding. Since Alpha Acid content varies, I can't give an exact amount here, but shoot for about 35 IBUs.
Chill, put in a carboy, and ferment. Wyeast's Irish Ale yeast is ideal, but the 1056 American works well, too and gives a cleaner (though less traditional) finish. The only dry yeast I can recommend (and then only barely) is Whitbread, if you can find it anymore.
Don't bother to transfer for a secondary ferment. When it's done, prime the carboy. (boil 3/4 cup of dextrose in water, cool, add)
Then bottle:
NUM=1 cat beer | while read 12oz ; do
makepkg -cap y slackware-beer-1.0-malt-$NUM.tgz
NUM=`expr $NUM + 1` done
Or if you have better brewing equipment than I do, keg and carbonate. My friends have been using something called "BevMix" lately, which is 60% nitrogen / 40% CO2 but can be used with standard soda kegs. It works really good, and the beer serves up with that great cascading Guinness effect! Even better if you can get the correct tap like my buddy Dan has. It's amazing he gets any work done! Of course, this afternoon I'll be hanging out at Len's house where he has a Pepsi machine converted into a canned Guinness machine, and it only costs a nickel, so probably the 2.4.22 update in -current won't be happening until tomorrow.
I installed SystemWorks 2002 on my wife's computer (yes, I let her run Windows;-), and once the virus subscription ran out it went into daily nag-mode, popping up a subscription renewal box at random times throughout the day, and with NO WAY to tell it to never pop up again. As far as I can tell, Symantec will not allow me to continue with the current level of protection without the continual nag box -- either I live with it, subscribe, or uninstall.
Also nicely demonstrates the pointlessness (and stupidity) of serving out your MD5sums from the same machine.
MD5 sums are only secure if they are provided through a secure channel (like within a GPG-signed message). Using a second machine to serve out the MD5 sums is only twice as safe (two machines to crack), and that's still not too safe.
What I wonder is why they didn't sign accepted packages with GPG. I've been doing that for a while (well, since breaking-and-trojaning became fashionable).
I hope when ftp.gnu.org comes back that it's with *.asc files next to all the archives...
These guys sell 1800-2300 mAH NiMH batteries at a decent price. I still use the occasional alkaline for long-term use (like smoke detectors, thermostats, stuff like that), but for everything else it's NiMH all the way. I started with Radio Shack stuff (and still use the 1 hour RS charger (cat no 23-405), but the Powerex batteries from Thomas are better. I didn't have great luck with the Energizer NiMH... almost thought they were low quality just to get me to switch back to alkalines.:)
A little AA rating among more common brands:
Energizer "accu-rechargable": 1200 mAH. Radio Shack: these varied. I saw both 1200 and 1500 mAH -- check the label! Duracell also sells 1800mAH NiMH.
A real alkaline AA clocks in at 2800 mAH or so.
No affiliation with Thomas... heard about them on DAT-Heads years ago.
This isn't copyright infringement. Home recording and archiving is considered fair use for non-commerical purposes, and is protected in the US by the Home Recording Act (for now). Plus, TiVo has always detected Macrovision (anti-analog copying technology) and if the show was originally broadcast with it (mostly Pay Per View), the TiVo will produce Macrovision on the analog outs to try to prevent recording. My guess is that this new unit will refuse to burn Macrovision-protected shows to DVD-R, and that will be good enough to satisfy those who control the content.
There is no magical waiting period or re-try period that cannot be trivially coded around. And, with good money on the line, will be trivially coded around. You don't get it. Really smart people are getting paid a whole lot of money to make programs to exploit every possible crack in the way we send email.
Yeah, spammers are so clever. Well, the fact is if for every one of these "smart" (yeah, right) spammers who has the help of a network consultant that will work around greylisting there are 5 dumbasses who don't (and I think I'm being generous there), then if I greylist I'd think over 80% of my spam problem would be eliminated. What's wrong with that? What's to "get"? Looking through headers I see the same bulk mailers used over the years, probably passed around as warez in spammer circles.
"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."
And if a rogue SCO programmer decides to save a little time by copying GPL'ed Linux code, there is no mechanism in place for SCO to identify that fact. Their point is?
Instead of downloading the entire kernel, download just the patch file if you are running the previous version.
But, is anyone actually running vanilla 2.4.20, or keeping it in/usr/src/linux? Odds are that most people are running vendor kernels (even in Slackware the usually virgin kernel has been slightly violated this time;), or at least applied the ptrace hole fix. As that fix is implemented differently in 2.4.21 it would be enough to keep the patch from applying cleanly.
Of course, you might still have the official linux-2.4.20.tar.bz2 tarball sitting around somewhere, and if you do you can use that and the patch-2.4.21.
SGI's XFS still occasionally hangs my machine under heavy load. Plus, by the time they have a release out for 2.4.20 (they still don't), I'm sure I'll be running 2.4.21. In addition, it's still not part of the standard kernel sources. XFS would have to be considered the least supported choice of the three.
Even though ext3 is a journaling filesystem, it still does a lengthy (and annoying) filesystem check every 20 mounts or so. To its credit it has never found an error, but still. I thought getting rid of that stuff was why we wanted journaling filesystems.
ReiserFS has been rock solid for me, and has been the default Slackware filesystem for two releases. I don't forsee something else replacing it as default any time soon. It's still a bit of a moving target, though... if you're thinking of running a few different kernel versions you may run into situations where your filesystem has features that are too new to be mounted. (In those kinds of cases ext2 is still the safe choice)
There's also IBM's JFS. The one thing I've noticed about that is that a newly formatted partition won't mount cleanly until you've run fsck.jfs on it. This doesn't inspire great trust, but other than that I've had no problems while testing it.
Try telling that to the officer when you get a speeding ticket. "Well, I was going as fast as everyone else."
Actually, in California you can tell that to the judge and if they can't produce a "speed survey" that's sufficiently recent from that stretch of road showing that you were travelling at least 10% faster than the average car, it's thrown out.
Now if we can just get some fair use legislation for P2P, we'll be all set. As long as you're not downloading 10% more than the average user, hands off, it's "fair use".
Re:Mostly compatible, but...
on
GCC 3.3 Released
·
· Score: 2, Insightful
The thing is, if you have to configure gcc-3.3 for and i486 target in order to be binary compatible with gcc-3.2.x comfigured for i386, then gcc support for i386 might as well be dead, because all the OS distributions will be compiling it for i486 (or better). I doubt we'll see too many gcc or glibc packages for i386 after that.
Contact the John Cage estate and tell them the RIAA is distributing copies of Cage's copyrighted silence (4'33", exactly 4 minutes and 33 seconds of silence). They've won cases against people infringing against their silence in the past. If they're distributing any substantial chunk of silence as "music", it's probably a copyright violation.
Hans has done an enormous amount of really high-quality work and deserves fair compensation and recognition for it. He's got every right to have his code display all the credits that he sees fit.
On the other hand, the moment you say that these credits cannot be removed (or suppressed from being displayed by default) then you no longer have a fully free license. That's what the problem was with the old BSD license with the advertising clause (that used to make BSD code incompatible with the GPL until that was removed), and that's the same problem with invarient sections in the GNU Free Documentation License that caused such a stink recently. The GPL doesn't allow any additional restrictions either, and since Hans' code is available under the GPL, the best he can do is ask that people are respectful of the credits. There's no legal recourse if they aren't (other than maybe to get mad, and quit GPL'ing future versions). This leads to the question -- maybe there should be a new free software license that attempts to protect author credits while remaining otherwise free?
That said, I'd have to say that anyone who would remove credits from free software simply because the license doesn't (or can't) prohibit it is being a rude parasite. A good member of the community has more respect for the contributions of others.
Shouldn't it be _UNIX-Haters Handbook for Dummies_?
Re:The Space Management Issue - Workaround.
on
Rabid TiVo Fanaticism
·
· Score: 3, Informative
Pop in a 10-hour tape, and tell it to play all those Farscape episodes while you're at work...
It would be delightful to be able to do this, but the TiVo only supports dumping one program at a time to tape, and then you have to select another program from "Now Showing" and pick the "Save to VCR" option again. A playlist feature would be a most welcome addition.
I'm sure TiVo's heard this already, but it wouldn't hurt to tell them again.
I can assure you that I am not trolling, spreading FUD, or any of those things. This is a valid point that I've not seen brought up, and is the reason I do not include OpenOffice in Slackware (believe me, there are a lot of requests). I'd love to be shown how I'm wrong about this.
Feel free to Google for OpenOffice's build requirements, and then follow the link to the gpc site.
That our company has switched over to OpenOffice exclusively.
Plus, OpenOffice is totally free.
Since you're using OpenOffice at your company, you might be interested to know that you could be in violation of the gpc (general polygon clipping library) license. gpc, which is often mistaken for a GNU item since it starts with a 'g', is required to build OpenOffice. However (and I've never seen this mentioned or reported anywhere), it comes with a very restrictive 'non-commercial-use' license. Presumably anything linked with it (like OpenOffice) should also be considered for 'non-commercial-use' only as well, right?
To me this is a major problem. I'm also not thrilled to see it require Java. We need a good free, open source office suite for free operating systems, but I don't think this is it.
Slashdot Mirror
Sendmail badly needs a severe audit.
What do you think it's getting? These problems don't find themselves.
A while back while working on our web site, we put up the default IIS page for an hour or so as a prank. Next thing I know, we're up on attrition.org as a defacement! We tried to get them to stop saying that since we had defaced our own site, but got no response. So, for weeks we had to answer questions from people wondering how the break-in had occured, and if they were vulnerable too.
I'll tell you, it was the last time I screwed around with the site like that (though the patent protest page did cause one similar inquiry).
Given the methodology of Gentoo's packaging system, I'm not surprised that it's the first mainstream Linux distribution that's making it over to the PS2.
Slackware has supported the Microchannel bus based PS/2 machines for years.
Not that I recommend this, mind you, but there is a certain amount of security that you get from running an OS that nobody uses anymore.
:-)
Like Slackware?
Take that trolls, I beat you to it.
Slackware recently dropped support for i386...
This is true, but I suspect most of the packages would run on a 386 anyway (but haven't tested this, as the olde-original-slackware-devel-box is mothballed somewhere in the garage). Most of the kernels wouldn't boot on a 386 though, so you'd need to compile your own. The "lowmem.i" kernel is a notable exception.
BTW, said "old development box": Packard Bell 386SX16/4MB. Glad I'm not using that anymore.
Yeah, that's a great idea, I'll resurrect an old 386 with a 11 year old linux distribution, put it on the net, and watch all 11 years of security holes get exploited! yay!
Doubtful. They'd actually have to THINK about how to attack old holes that have been patched for years. More likely your box will get hit by script kidz trying to exploit modern holes (like buffer overflows with Red Hat specific offsets) and your box will remain unexploited.
Not that I recommend this, mind you, but there is a certain amount of security that you get from running an OS that nobody uses anymore.
"If you have a game involving keeping a car on the road, you do that by tilting," says company spokesman Jan Ahrenbring.
It's hard enough to keep my car on the road while blathering on the cellphone, but now I have to tilt, too?
Slackware is more like Guinness (extra stout, not the draught), in the 'slap upside the head' kinda way.
.5 pound steel cut oats. OK, this is not traditional in an Irish stout, but gives the beer a creamier texture which you'll want if you'll be bottle carbonating.
I'll second that. (and I also prefer the extra stout most of the time, even though the stuff we get here is now brewed in Canada) However, Slackware is actually a home-brewed Irish style stout.
It's been a few years, but IIRC...
Mash the following grains to produce about 6 gallons of wort:
7.5 pounds of pale malt. (preferably British or Belgian 2-row)
1 pound of roasted, unmalted barley. Dark black stuff for the proper Guinness approach. (BTW, the use of unmalted roasted grain rather than roasted malt is what sets a stout apart from a porter)
162F is a good strike temp for the mash. Generally I'd do a modified mash where you drain some wort, heat it up, and return it to the mash to keep things around 150F - 155F until the starches are done converting. Oh -- bit of Burton river salt (mostly gypsum) in the water also helps extraction.
Then, boil it up. Use bittering hops like Chinook, Fuggles, or Kent Golding. Since Alpha Acid content varies, I can't give an exact amount here, but shoot for about 35 IBUs.
Chill, put in a carboy, and ferment. Wyeast's Irish Ale yeast is ideal, but the 1056 American works well, too and gives a cleaner (though less traditional) finish. The only dry yeast I can recommend (and then only barely) is Whitbread, if you can find it anymore.
Don't bother to transfer for a secondary ferment. When it's done, prime the carboy. (boil 3/4 cup of dextrose in water, cool, add)
Then bottle:
NUM=1
cat beer | while read 12oz ; do
makepkg -cap y slackware-beer-1.0-malt-$NUM.tgz
NUM=`expr $NUM + 1`
done
Or if you have better brewing equipment than I do, keg and carbonate. My friends have been using something called "BevMix" lately, which is 60% nitrogen / 40% CO2 but can be used with standard soda kegs. It works really good, and the beer serves up with that great cascading Guinness effect! Even better if you can get the correct tap like my buddy Dan has. It's amazing he gets any work done! Of course, this afternoon I'll be hanging out at Len's house where he has a Pepsi machine converted into a canned Guinness machine, and it only costs a nickel, so probably the 2.4.22 update in -current won't be happening until tomorrow.
I installed SystemWorks 2002 on my wife's computer (yes, I let her run Windows ;-), and once the virus subscription ran out it went into daily nag-mode, popping up a subscription renewal box at random times throughout the day, and with NO WAY to tell it to never pop up again. As far as I can tell, Symantec will not allow me to continue with the current level of protection without the continual nag box -- either I live with it, subscribe, or uninstall.
I'll never buy anything from them again.
Also nicely demonstrates the pointlessness (and stupidity) of serving out your MD5sums from the same machine.
MD5 sums are only secure if they are provided through a secure channel (like within a GPG-signed message). Using a second machine to serve out the MD5 sums is only twice as safe (two machines to crack), and that's still not too safe.
What I wonder is why they didn't sign accepted packages with GPG. I've been doing that for a while (well, since breaking-and-trojaning became fashionable).
I hope when ftp.gnu.org comes back that it's with *.asc files next to all the archives...
These guys sell 1800-2300 mAH NiMH batteries at a decent price. I still use the occasional alkaline for long-term use (like smoke detectors, thermostats, stuff like that), but for everything else it's NiMH all the way. I started with Radio Shack stuff (and still use the 1 hour RS charger (cat no 23-405), but the Powerex batteries from Thomas are better. I didn't have great luck with the Energizer NiMH... almost thought they were low quality just to get me to switch back to alkalines. :)
A little AA rating among more common brands:
Energizer "accu-rechargable": 1200 mAH.
Radio Shack: these varied. I saw both 1200 and 1500 mAH -- check the label!
Duracell also sells 1800mAH NiMH.
A real alkaline AA clocks in at 2800 mAH or so.
No affiliation with Thomas... heard about them on DAT-Heads years ago.
This isn't copyright infringement. Home recording and archiving is considered fair use for non-commerical purposes, and is protected in the US by the Home Recording Act (for now). Plus, TiVo has always detected Macrovision (anti-analog copying technology) and if the show was originally broadcast with it (mostly Pay Per View), the TiVo will produce Macrovision on the analog outs to try to prevent recording. My guess is that this new unit will refuse to burn Macrovision-protected shows to DVD-R, and that will be good enough to satisfy those who control the content.
There is no magical waiting period or re-try period that cannot be trivially coded around. And, with good money on the line, will be trivially coded around. You don't get it. Really smart people are getting paid a whole lot of money to make programs to exploit every possible crack in the way we send email.
Yeah, spammers are so clever. Well, the fact is if for every one of these "smart" (yeah, right) spammers who has the help of a network consultant that will work around greylisting there are 5 dumbasses who don't (and I think I'm being generous there), then if I greylist I'd think over 80% of my spam problem would be eliminated. What's wrong with that? What's to "get"? Looking through headers I see the same bulk mailers used over the years, probably passed around as warez in spammer circles.
"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."
And if a rogue SCO programmer decides to save a little time by copying GPL'ed Linux code, there is no mechanism in place for SCO to identify that fact. Their point is?
Instead of downloading the entire kernel, download just the patch file if you are running the previous version.
/usr/src/linux? Odds are that most people are running vendor kernels (even in Slackware the usually virgin kernel has been slightly violated this time ;), or at least applied the ptrace hole fix. As that fix is implemented differently in 2.4.21 it would be enough to keep the patch from applying cleanly.
But, is anyone actually running vanilla 2.4.20, or keeping it in
Of course, you might still have the official linux-2.4.20.tar.bz2 tarball sitting around somewhere, and if you do you can use that and the patch-2.4.21.
SGI's XFS still occasionally hangs my machine under heavy load. Plus, by the time they have a release out for 2.4.20 (they still don't), I'm sure I'll be running 2.4.21. In addition, it's still not part of the standard kernel sources. XFS would have to be considered the least supported choice of the three.
Even though ext3 is a journaling filesystem, it still does a lengthy (and annoying) filesystem check every 20 mounts or so. To its credit it has never found an error, but still. I thought getting rid of that stuff was why we wanted journaling filesystems.
ReiserFS has been rock solid for me, and has been the default Slackware filesystem for two releases. I don't forsee something else replacing it as default any time soon. It's still a bit of a moving target, though... if you're thinking of running a few different kernel versions you may run into situations where your filesystem has features that are too new to be mounted. (In those kinds of cases ext2 is still the safe choice)
There's also IBM's JFS. The one thing I've noticed about that is that a newly formatted partition won't mount cleanly until you've run fsck.jfs on it. This doesn't inspire great trust, but other than that I've had no problems while testing it.
1. Steal 80 lines of code from Linux
2. ???
3. Profit!
Try telling that to the officer when you get a speeding ticket. "Well, I was going as fast as everyone else."
Actually, in California you can tell that to the judge and if they can't produce a "speed survey" that's sufficiently recent from that stretch of road showing that you were travelling at least 10% faster than the average car, it's thrown out.
Now if we can just get some fair use legislation for P2P, we'll be all set. As long as you're not downloading 10% more than the average user, hands off, it's "fair use".
The thing is, if you have to configure gcc-3.3 for and i486 target in order to be binary compatible with gcc-3.2.x comfigured for i386, then gcc support for i386 might as well be dead, because all the OS distributions will be compiling it for i486 (or better). I doubt we'll see too many gcc or glibc packages for i386 after that.
Contact the John Cage estate and tell them the RIAA is distributing copies of Cage's copyrighted silence (4'33", exactly 4 minutes and 33 seconds of silence). They've won cases against people infringing against their silence in the past. If they're distributing any substantial chunk of silence as "music", it's probably a copyright violation.
Hans has done an enormous amount of really high-quality work and deserves fair compensation and recognition for it. He's got every right to have his code display all the credits that he sees fit.
On the other hand, the moment you say that these credits cannot be removed (or suppressed from being displayed by default) then you no longer have a fully free license. That's what the problem was with the old BSD license with the advertising clause (that used to make BSD code incompatible with the GPL until that was removed), and that's the same problem with invarient sections in the GNU Free Documentation License that caused such a stink recently. The GPL doesn't allow any additional restrictions either, and since Hans' code is available under the GPL, the best he can do is ask that people are respectful of the credits. There's no legal recourse if they aren't (other than maybe to get mad, and quit GPL'ing future versions). This leads to the question -- maybe there should be a new free software license that attempts to protect author credits while remaining otherwise free?
That said, I'd have to say that anyone who would remove credits from free software simply because the license doesn't (or can't) prohibit it is being a rude parasite. A good member of the community has more respect for the contributions of others.
Shouldn't it be _UNIX-Haters Handbook for Dummies_?
Pop in a 10-hour tape, and tell it to play all those Farscape episodes while you're at work...
It would be delightful to be able to do this, but the TiVo only supports dumping one program at a time to tape, and then you have to select another program from "Now Showing" and pick the "Save to VCR" option again. A playlist feature would be a most welcome addition.
I'm sure TiVo's heard this already, but it wouldn't hurt to tell them again.
I can assure you that I am not trolling, spreading FUD, or any of those things. This is a valid point that I've not seen brought up, and is the reason I do not include OpenOffice in Slackware (believe me, there are a lot of requests). I'd love to be shown how I'm wrong about this.
Feel free to Google for OpenOffice's build requirements, and then follow the link to the gpc site.
That our company has switched over to OpenOffice exclusively.
Plus, OpenOffice is totally free.
Since you're using OpenOffice at your company, you might be interested to know that you could be in violation of the gpc (general polygon clipping library) license. gpc, which is often mistaken for a GNU item since it starts with a 'g', is required to build OpenOffice. However (and I've never seen this mentioned or reported anywhere), it comes with a very restrictive 'non-commercial-use' license. Presumably anything linked with it (like OpenOffice) should also be considered for 'non-commercial-use' only as well, right?
To me this is a major problem. I'm also not thrilled to see it require Java. We need a good free, open source office suite for free operating systems, but I don't think this is it.