Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

E-Mail Hack Exposes Bush Family Pictures, Correspondence

Red Midnight Emails from the Bush twins... (230 comments)

Here's a picture of daddy drunk again...

Here's a picture of daddy throwing up again...

And here's a picture of mommy at *her* house...

about a year and a half ago
top

High Severity BIND Vulnerability Advisory Issued

Red Midnight Re:djbdns (144 comments)

Perhaps you've heard of IPv6 [snip]

Perhaps you've heard of turd polishing?

Find something that supports IPv6 that isn't a security nightmare. They exist. Isn't that your job as a netadmin, anyway? It's because of lazy-assed admins that keep following turds like BIND -- religiously -- that it remains #1 in market share when it should have been kicked to the curb long ago for being the bloated, slow dog that it is.

And I think I've already made my point about the relative easy[sic] [snip]

Security isn't always easy. You've made your deal with devil. Tell me all about it when he calls the tune and your BIND box gets rooted on a weekend or while you're on vacation.

Even if you *did* have to do something custom for a BIND alternative, you only have to do it once and never worry about it again. You make it sound like you have to write the daemon yourself from scratch. Lazy.

Enjoy your patch cycle and watching over your shoulder while I enjoy restful sleep.

more than 3 years ago
top

High Severity BIND Vulnerability Advisory Issued

Red Midnight Re:djbdns (144 comments)

The most interesting bit with the whole 'X is more secure and the old dinosaur programs" is that most of the new rewrites have the same deadlock or race conditions but they never get fixed. Sendmail and bind have plenty of OS work arounds in their code because they are needed to keep the whole system secure.

Joel Spolsky (the "Joel on Software" guy) advocates never throwing out the code and starting from scratch. Perhaps that's true in most cases, but not with BIND and any BIND derivatives.

IIRC the ISC tried that with BIND 9. Supposedly a rewrite, but I've read opinions that they imported a lot of the old code anyway. It doesn't really matter.

Sometimes you have to lose the old mindset and start with fresh eyes and a new attitude. Go back to basics and follow the KISS rule. DJB, whether you like him or not, did just that.

Part of the problem holding people back is the attitude that they need to retain all the old obscure features. I'm not interested in having a supposedly 'secure' way of transferring zone data when it becomes another vector for attack. I'll take good old ssh/scp, thanks.

Another BIND example I vaguely remember is it had lots of cool ways of logging information. Channels I think it's called. Wow, I could log various events (even security!) to different channels and different files... whatever. Having a secure DNS server in the first place removes the need for a lot of that crap. And seriously, do people actually view their logs to see who is querying their DNS server for what? It's masturbation that ranks up there with caring about who pinged you.

Whether you choose djbdns or an alternative doesn't matter. Just get something with a good security track record that moves away from the old (broken) model. Not to mention using software from a company, ISC, that has some bizarre disclosure policy of revealing fixes to paying clients first, then to the great unwashed 30 days later. I don't know if they still do that, but c'mon, that's a first clue there is something seriously wrong.

I honestly think BIND users are seriously misguided. How many times do you have to poke a stick in your eye before you stop? It was Marcus Ranum that first wrote about the idea of "not playing catch-up" with patches many years ago, and it's not just BIND he or I are referring to.

more than 3 years ago
top

High Severity BIND Vulnerability Advisory Issued

Red Midnight Re:djbdns (144 comments)

What a load of bullshit.

I don't know about you, I just want to sleep at night not worrying about any exploit du jour, and that definitely includes BIND.

Let me tell you how to update djbdns fast:

1. ssh to your slave.
2. scp your 'data' file.
3. run 'make'

You're seriously going to be a BIND apologist because you can't take 30 seconds to ssh/scp a file?

If you find yourself making DNS changes so often that this is a problem, take the time to automate it and focus on what you're doing, not going down some shit-happy path towards Kerberos enlightenment. Or figure out why you have to keep changing DNS records so often and come up with a better method.

I don't give a rat's ass about all the extra bells and whistles that BIND offers. If you don't need 'em, leave 'em. Simplicity is good for security. I just want my servers to answer queries, and not get DoS or hacked.

djbdns users are laughing at you right now. Yet another BIND problem, whether it's serious or not, and you're all in a tizzy to get the patch. How many times have you walked this path in the last 9 years? It's > 0. How many times have djbdns users worried about the latest patch for the latest problem? Exactly zero.

As for your last point, explaining to your boss, try this one:

10. Explain to your boss that you're not working on 'your project' because you're busy pissing around patching software that has a piss-poor security track record in a critical role. And that you must always be on the watch for patches. Then performing the patches/upgrading the software. Lather, rinse, repeat.

I guarantee that you spend more time patching your BIND crap (and worrying about it) than I spend scp'ing a file.

Sleep well.

more than 2 years ago
top

Most Useful OS For High-School Science Education?

Red Midnight This is Slashdot after all... (434 comments)

..so I'm going to go out on a limb that some version of Linux is going to get mentioned.

more than 4 years ago
top

Professor Gets 4 Years in Prison for Sharing Drone Plans With Students

Red Midnight This entire conversation is rediculous (354 comments)

Why are we even talking about this? The prof was either a complete idiot (and should put his Ph.D. back in the cereal box he got it from) or intentionally broke the law as some act of defiance. What is unclear? He knows he's working on a "secret" project used by the military. He probably got told 6 ways through Sunday he can't talk about it. And he goes to jail because he did what he was told to not do. To say he should not get jail time, or that he's from an academic world, defies logic and COMMON SENSE. Gee, this is a secret military project, I think I'll not only take the data/laptop to China, but I'll share it with Chinese and Iranian students. Gimme a break. It makes no sense. It's much more likely, IMHO, that he was giving a one-finger salute to the US. Even if he weren't, he's a moron, and ignorance of the law is not a valid defence.

more than 5 years ago
top

$74k Judgment Against Craigslist Prankster

Red Midnight Re:WHat?!?!? (182 comments)

Cite your source! I couldn't find it on Wikipedia so it can't be true.

more than 5 years ago

Submissions

top

Bug in latest Linux gives untrusted users root

Red Midnight Red Midnight writes  |  more than 4 years ago

Red Midnight (1440977) writes "Theo De Raadt offered these kind words on the OpenBSD misc mailing list:

If anyone wants a choice quote from me about the recent Linux holes,
this is what I have to say:

        Linus is too busy thinking about masturabating monkeys, he doesn't
        have time to care about Linux security.

For the record, this particular problem was resolved in OpenBSD a
while back, in 2008. We are not super proud of the solution, but it
is what seems best faced with a stupid Intel architectural choice.
However, it seems that everyone else is slowly coming around to the
same solution."

Link to Original Source

Journals

Red Midnight has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>