Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Outlining Thin Linux

benjymouse Re:Maybe read the thread (197 comments)

Citation needed. I have never seen anyone declaring Windows Server 2012 the best ever OS because of the CLI.

With respect, the above poster is replying to someone that appears to be asserting that. I suggest reading other posts higher up in the thread before wasting time writing such long replies that miss the point.

With respect, the GP of my post never asserted that. For reference this is the entire post:

We used to run linux in the server room because it was lean and easy to admin. Windows was slow, mousy, and dependencies were hellish.

Now we run Windows Server 2012 with no GUI, virtualized, and admin with powershell. We've ripped out tens of thousands of dollars of Red Hat; windows is cheaper.

Basically there aren't any linux server distros that are like Red Hat used to be before the Fedora fiasco. It seems like Red Hat today is doing a bad job of trying to be a GUI laptop distro running on server hardware. And they are letting mature stuff like PADL's LDAP modules go to seed while shipping raw, buggy stuff like SSSD, instead of maintaining the old stuff until the new is reliable enough for real world use.

There is no assertion of "all those Windows sysadmin flunkies are declaring Server 2012 is the bestest ever because you can run in headless with a CLI" in that quote, is there?

There is a certain bias towards Server 2012, but no claim of it being the best ever server OS. Much less a claim that others think it is the best ever server OS.

I suggest reading other posts higher up in the thread before writing short post that you cannot even get right.

6 hours ago
top

Outlining Thin Linux

benjymouse Re:Yes, just like that. (197 comments)

Windows sysadmins amaze. For fifteen years I listened to them rattle on about how the GUI in Windows NT and its descendants was absolutely necessary, that it opened up servers to people who couldn't or wouldn't learn how to work from a CLI.

You are inventing a demographic that we cannot verify, then you are ascribing a position to "them" which you then proceed ridicule because of the alleged hypocritical 180. The very definition of a strawman: Create it, pretend it is real, "kill" it.

So a few server distros put the head on their installs, worked like mad dogs to build GUI and web-based management systems like Webmin, and now suddenly all those Windows sysadmin flunkies are declaring Server 2012 is the bestest ever because you can run in headless with a CLI.

Am I getting this right: Are you seriously saying that the (alleged) argument from the Windows camp was what forced server distros [to] put the head on their installs? Seriously?

and now suddenly all those Windows sysadmin flunkies are declaring Server 2012 is the bestest ever because you can run in headless with a CLI

Citation needed. I have never seen anyone declaring Windows Server 2012 the best ever OS because of the CLI.

What you may have overlooked is the fact that Windows Server from very early on had policies. Policies even existed before AD. In Unix/Linux we scripted everything, often hoping that the scripts would perform the same on every server.
During all that time some 80% of what we scripted could be expressed declaratively and more robustly using policies. Policies could ensure that application packages (MSIs or EXEs) were installed (or uninstalled), that security permissions were set up correctly, could create, rename or delete accounts, files, registry entries etc.
Very little could not be expressed using declarative policies - and they could even be set to use scripts.

For the parts of remote administering that were too cumbersome to create policies for, there was always scripting. Yes, Windows scripting (.bat, .vbs and the like) used to kinda suck compared to Unix/Linux - but it *was* there.

Yes, Windows always had the GUI option - even if you did not use it. That kinda sucked for the big deployments - not so much for the smaller ones where the GUI could sometimes be an efficient way to troubleshoot a misbehaving server.

Listen you fucking asshole. *nix has been running CLI longer than most people posting here have been alive.

I am sorry that I have to be the one to break this to you, but: *nix did not invent the CLI. Indeed, every OS that came before Unix *all* of them had the CLI as the main shell.

Generations of system administrators have lived and fucking died while Windows was forcing a clunky GUI toolset that you couldn't fucking script properly, and that you ended up having to go to REGEDIT and a bazillion GPO entries to fine tune.

Seem like you had trouble with the declarative way of thinking. To me, GPOs made perfect sense. It was declarative in a way that 'nix did not have until Chef and Puppet arrived. With GPOs you could describe which application packages had to be installed on which group of machines, both servers and desktops.
Move the machine to another org unit or group and group policy would ensure that aqpplications were uninstalled and new ones installed to match the new provisioning. I guess you never got that.

Oh no, but Windows is so fucking cutting edge because in the last seven or eight years has developed a fucking shell that you can properly fucking script (even if the scripting language in question is a verbose and unbelievably slow executing piece of shit that is in almost every way the exact opposite of the elegance of *nix).

I assume that you are talking about PowerShell. Initially I just want to point out that you could indeed script Windows long before PowerShell. VBScript *was* kinda verbose - but you *could* get the job done. More importantly - to enable scripting Windows Management Instrumentation (WMI) was developed during the VBScript era.
WMI is a much better interface to system management than strange, clunky file-mapped /dev /proc and other contraptions. WMI is an object oriented API to systems management that enable remote management. Yes - you can invoke WMI objects from remote - opening the prospect that you do not need a GUI and not even a shell nor an editor at the local machine to properly administer it.

Back to PowerShell:
You are correct that during the last seven/eight years Microsoft has quickly evolved a new shell. PowerShell has taken the idea of pipes and improved it, creating pipes of object. Objects can be complex, and thus in one stroke solved a decades old problem with text pipes: How to represent complex structures in a common way.
Another problem solved was how the Unix pipeline always required reparsing and formatting between the tools. These are all well known traits of PowerShell at this time.

But here's the kicker: PowerShell aims are much, much higher than becoming just a CLI shell: From the start, PowerShell was designed as a hostable engine - an engine that you could build into your application to run in-process and manipulate your applications in-process objects because your application runs PowerShell as an in-memory engine.
Why is that significant? Because it allows you to build rich GUIs (web or native) that uses PowerShell as the logic layer. The Exchange Admin interface was the first to leverage this. At this time virtually all the admin GUIs in Server 2012R2 uses this approach. The idea is that this way you will always have the scripting interface - because you build that first. This way the GUI never gets to do more than what can be achieved through scripting.
Bash or other *sh shells on Unix will never be able do to that in the same way. The *sh shells always run in a separate process and communication between an admin interface and the shell has to serialize to text (or byte) streams back and forth, which apart from being unbelievable cumbersome is dangerous security-wise (think injection attacks).

That is why Unix fanboys are all up in arms about PowerShell: While PowerShell would never make as much sense on *nix (*nix'es do not have a common object model for the entire system and APIs like Windows does); PowerShell by virtue of how it integrates on Windows nevertheless exposes the inherent limitations of *sh shells.

And that was even before PowerShell achieved workflows functionality and Desired State Configuration. Workflow allows Windows admins to create resilient scripts that can branch out and execute on multiple nodes and survive system restarts and pick up and continue after interruption. Desired State Configuration is "declarative scripting" where the PowerShell scripting engine figures out what steps/scripts are necessary to bring a node into the described state.
The kicker: A "node" can be a Windows machine or any other equipment that conforms to WBEM/CIM industry standards. Many of these will be network equitment running Linux or a BSD. Being controlled by PowerShell DSC.

Well congrat-u-fuck-ulations Mr. "We paid a bazillion dollars to Redmond in licensing fees so we could have a scriptable CLI-based OS in our data center". I bet you even think you did an amazing thing.

You sound like a bitter old man?

Fucking Windows admins. Arrogance, stupidity and a total lack of knowledge of their own fucking operating systems incredibly dubious history as a Server OS.

A very angry, bitter old man. Why all the anger?

Meanwhile, in the time it takes you to type out the name of a Powershell scriptlet and its arguments to import a CSV and puke it out as a SQL script, I can do write the code in awk or Perl in a bash wrapper.

PowerShell will beat you any day of the week. Perl in a bash wrapper? WTF?

But hey, I must be stupid and you must the be the super fucking genius

I am not the GP. I don't think you are stupid. You seem, well, passionate. Your passion may be clouding your judgement and when challenged you seem to become aggresive rather than considering whether the challenge could have merit and whether there could be some learning opportunities. While you may not be stupid, refusing to learn and digging into a whole could - over time - make you appear as stupid because of the accumulated ignorance that comes with being stuck in a hole.

10 hours ago
top

'Reactive' Development Turns 2.0

benjymouse Re:Reactive is an extension of event driven (101 comments)

Certainly cool, but most of the credit goes to C# supporting LINQ & lambda functions.

The point is, that when you view events as

public event EventHandler StockQuote;

you cannot use the LINQ goodness to compose events. Once you make the switch and view events as sequences where the items have not appeared yet, you enable the likes of LINQ and list comprehensions.

Mind you, these IObservable LINQ operators look like the IEnumerable counterparts - but they are all implemented quite differently. There is a beautiful duality between the two which enable us programmers to think about events the same way we think about collections.

Besides, if the so-called Reactive "movement" thinks nobody has been writing private event buffers & message lists for the past few decades then they're mistaken.

I'm with you. I'm certainly not part of any "movement" - I do not think every programming problem needs to be attacked from a "reactive" point of view. But I can recognize a good idea when I see one, and Reactive Extensions is one such good idea. And I am already aware of several places I should have used RX and LINQ instead of building complex finite state machine logic.

Another cool idea that I think this "movement" is embracing, is async. That has much more profound consequences for how we program and has been a real eye-opener. When I can program with async all the way down through multiple tiers, to the business logic that call external services or queries the database, a whole bunch of problems suddenly goes away: I no longer has to balance how many threads should serve the website, the app servers against how "idle" the threads are when waiting for a query to return or waiting for an external service to respond. When a request "waits" it yields the thread to the server so that it can be used for other requests. Once the answer arrives from the database or service, a thread is allocated to continue the request processing. The outcome is that all threads tend to become cpu bound - never idle. Which scales much, much better.

However, I still question that this is (or needs to become) a movement. It a discipline - or rather 2 related disciplines - that a good programmer should have in his/her toolbox.

yesterday
top

'Reactive' Development Turns 2.0

benjymouse Reactive is an extension of event driven (101 comments)

As far as I can tell, this person (or persons) has discovered something that has a name already: Event-driven programming. It's been around for a very long time. It has many of the benefits of naive multi-threaded coding without the warts. But it introduces warts of its own, with event orderings being the big one.

What Erik Meijer discovered was that an event can be viewed as a sequence. Each occurrence of the event is an "item" of the sequence. What's why he wrote an article called "Your mouse is a database": The mouse is a sequence of multiple event types such as moves, buttons etc.

Once you start to view (and represent) events as "push" sequences interesting things start to happen: Suddenly you can *compose* events in the same way you compose collections/sequences.

Erik Meijer wrote the Active Extensions for .NET which does exactly that. Using LINQ you can transform, aggregate, group, partition, project/map, filter etc events.

Consider, for instance, stock market ticker values: Clearly you can see those as events: When a deal/offer it is an event. Multiple events is a stream/sequence. Now imagine you want to know each time a symbol has "peaked" - i.e. each time 3 consecutive values for any symbol has the maximum as the middle value. With Reactive Extensions and LINQ you would write:


var peaks = stockQuotes.GroupBy(sq => sq.Symbol).SelectMany(g => g.Buffer(3, 1).Where(IsPeak));

where IsPeak is defined as:

bool IsPeak(IList<Quote> b) {
        b[0].Rate < b[1].Rate && b[1].Rate > b[2].Rate;
}

Explanation:
1. stockQuotes is the IObservable stream of quotes.
2. GroupBy created a new stream of multiple streams. Each time a new symbol is encountered, a new group will be added (appear in the stream); if the symbol has already been encountered the quote is added to the end of the stream for the symbol.
3. Buffer creates a "sliding" buffers (increments of 1), each with 3 items.
4. Where filters the IObservable so that only "peaks" are let through.
5. SelectMany "flattens" multiple streams into a single stream again, i.e. creates a single stream of quotes regardless of their symbol (group)

Now, this is an IObservable stream with no subscribers (observers) yet. This also means that there is no subscription at stockQuotes. But as soon as you register a subscription like this:


                  peaks.Subscribe(Peaked)

It starts to invoke the Peaked method with peaks consisting of lists with exactly 3 items each. And this will go on and one.

Now imagine how you would write something like that using events and event handlers? It will probably take 10 times more code and be less readable than the above. (Yes, I know that it is not entirely straightforward if you are not used to RX and LINQ).

2 days ago
top

Microsoft Kills Off Its Trustworthy Computing Group

benjymouse TPM also handy for mneasured boot (99 comments)

During boot, Windows will write log entries to the TPM. Every time a module or driver is loaded, the signature, hash code etc. is written to the TPM.

When the OS is up and running a client can request the TPM to issue the collected log entries, digitally signed with a key residing in the TPM. The boot log is then sent to a "health certificate" server. The health certificate server can inspect the log (after verifying its authenticity thjrough the signature) to see if any untrusted or known malicious software was loaded during the startup process. If everything checks out OK, it can then issue a "Health certificate".

Other devices on the corporate/private net can be instructed to quaranteen servers until they can present a valid Health certificate. Ie. the TPM can play a central role in preventing malicious software from propagating on internal Networks: If a server suddenly load more drivers than expected, loads non-whitelisted drivers or directly blacklisted drivers, nobody wants to talk to it.

3 days ago
top

Apple Locks iPhone 6/6+ NFC To Apple Pay Only

benjymouse Re:WTF (331 comments)

Do Apple have the majority of the market in smartphones and exert an undue influence on that market? Nope, they're not even the biggest player in that market. Not at all the same as Microsoft having 95% of the desktop market and Google having over 70% of the internet search market and using their market position to keep out competitors. I don't like what Apple do but if people don't like Apple's behaviour there are half a dozen other manufacturers happy to take their money instead.

In the EU you do not need to have the majority of a market to run afoul with the Commision. If you have a dominant market position and use it to unduly lock out competitors you'll get in trouble. As you should.

This reeks like Apple want to establish their own payment system as the defacto standard. And they are prepared to use their significant market share to do it. That could (and should) get them into trouble.

5 days ago
top

Apple Outrages Users By Automatically Installing U2's Album On Their Devices

benjymouse Re:Simple (609 comments)

I've had Steam put promotional stuff in my library automatically on a couple of occasions.

Yes, but it doesn't download it to your computer automatically.

No, Steam is actually worse: I play CIV5 on occasion. It was purchased on Steam, but I start from the shortcut I asked it to create. Nevertheless, Steam creates a pop-under ad that I have to close *every* time I play the game.

The point is not that I could probably easily find the shortcut to the *real* game (and not the Steam launcher). The point is lack of respect. I already bought the game. As far as I am concerned that is a completed transaction. I have NOT asked for promotional offers.

about a week ago
top

Microsoft Paid NFL $400 Million To Use Surface, But Announcers Call Them iPads

benjymouse Re:$400 million (405 comments)

Yeah, I noticed after posting the comment that the summary was completely wrong.
But in my defence; how could I have known that a summary on Slashdot would be completely wrong?

Yes. My bad. I am sorry.

It wasn't you who pulled it out of thin air. I can see how it was implied by the submitter.

Damn. One could get the impression that submitters/editors sensationalize just to get page-clicks.

about two weeks ago
top

Microsoft Paid NFL $400 Million To Use Surface, But Announcers Call Them iPads

benjymouse Re:$400 million (405 comments)

Just to have the NFL officially use your brand of tablet.

What gave you that idea? Did you just pull it out of thin air?

It covers more than that. Read the MS press release on the deal:

The agreement provides Microsoft with the rights to create exclusive interactive experiences through products such as Xbox One and Surface, transforming the way fans will experience the NFL in the years to come. The NFL on Xbox will provide fans with an all-new viewing experience through innovations around Skype and Xbox SmartGlass; an all-new, innovative fantasy football solution allowing fans to view players and live competition side by side on a single TV screen; and a personalized NFL destination featuring information about the players, teams and games fans care about most. Xbox also retains the exclusive rights to extend these interactive experiences to tablets, enabling fans to use Xbox SmartGlass technology to enhance game day.

So, basically also the license to use NFL content on XBox and tablets (I see no mention of live content - but it could be buried in the "xbox experience")

No advertising seconds, no "official phone", "official supplier" or anything, just "official tablet".

Wrong. From the press release (see above):

As part of the partnership, Surface by Microsoft branding will appear on NFL sidelines in unique ways, including on the hoods of the official on-field NFL instant replay stations. As part of the relationship, Microsoft will be granted the following designations:

  Xbox remains “The Official Game Console of the NFL” and will also become “The Official Interactive Video Entertainment Console.”

  Microsoft is “The Official Sideline Technology Sponsor of the NFL.”

  Surface by Microsoft and Windows are “The Official Tablet and PC Operating System of the NFL.”

about two weeks ago
top

Microsoft Paid NFL $400 Million To Use Surface, But Announcers Call Them iPads

benjymouse Yes it is a lot of money (405 comments)

It is not just for "product placement", though.

From Microsofts press release on the deal:

The agreement provides Microsoft with the rights to create exclusive interactive experiences through products such as Xbox One and Surface, transforming the way fans will experience the NFL in the years to come. The NFL on Xbox will provide fans with an all-new viewing experience through innovations around Skype and Xbox SmartGlass; an all-new, innovative fantasy football solution allowing fans to view players and live competition side by side on a single TV screen; and a personalized NFL destination featuring information about the players, teams and games fans care about most. Xbox also retains the exclusive rights to extend these interactive experiences to tablets, enabling fans to use Xbox SmartGlass technology to enhance game day.

So MS has also licensed the rights to use the NFL brand, clips etc. (could be 3D instant replay on the xbox, streaming over Skype?).

And exclusive rights for tablets. Could be a driver for Surface uptake.

And also this:

As part of the partnership, Surface by Microsoft branding will appear on NFL sidelines in unique ways, including on the hoods of the official on-field NFL instant replay stations. As part of the relationship, Microsoft will be granted the following designations:

The instant review stations are in view during some of the most tense situations of a game, with a lot of attention. Surely, that is worth money.

400.000.000 is a lot of money. I have no idea if it is too expensive or not. But it does cover more than the right to equip the sidelines with tablets.

about two weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:must me false (230 comments)

You do understand that it takes ROOT to set the SUID bit on a file right?

You do understand what the SUID bit does when the file is owned by ROOT, right? When you run such a file, you elevate to root just to change the password. That is *vastly* more power than you need, and it is a serious danger: Just a simple bug like a buffer overflow can cause total system compromise when it allows the attacker to execute as root.

This is why you will find all SUID programs set to read only and owned by an administrative user (such as root). It is why you instruct your sysadmin staff to NEVER SUID anything w/o good reason and permission and It is also why you scan systems for SUID binaries and scripts regularly so you can find and remove such nonsense as SUID security holes.

Yes, it is because the interent danger in SUID root utilities. Now imagine a security model that does not need anything like SUID.

And if you find any unexplained SUID stuff on your box, you pull the plug on everything and start looking for where the break in happened because you've been compromised and your whole network is suspect.

Yes, but how do you audit the "explained" SUID stuff? How do a security auditor really know what a user can do, which resources (files, etc) a specific user can access, when he is allowed execute access to SUID utilities like sudo, passwd and the likes? He may think he knows what the utility does by it's name, but how does he know *what else* it can do?

What do you think of a security model where you will have to compile all utilities from audited sources, with audited compilers to make sure that users cannot access resources they are not supposed to.

See, that's the difference between a security model that protects resources and one that tries to restrict access to utilities that can manipulate every resource on the system: You cannot effectively audit such a system.

about two weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hmmm (230 comments)

But we are talking ONE issue now which has long been known and easily avoided.

No, we are talking an issue that is the result of an inadequate security model that is incapable of securing anything but files.

Windows NT was designed with access control in place for files, devices, mailslots, pipes (named and anonymous), jobs, processes, threads, events, keyed events, event pairs, mutexes, semaphores, shared memory sections, I/O completion ports, LPC ports, waitable timers, access tokens, volumes, window stations, desktops, network shares, services, registry keys, printers, Active Directory objects, and so on. Yes Active Directory objects are in that list, because the model was designed to be extensible

We are talking you claiming that an operating system which cannot even pass the Orange Book requirements without severe redesign by NSA is more secure out of the box than an operating system which has met those requirements from day 1.

Ever wonder why they picked the [CTL][ALT][DEL] key sequence in Windows NT? Think about it... Windows has the same kinds of issues, you just don't want to think about it

The secure attention sequence is guaranteed to be non-hookable by software on the box. The reason for that is added security (that Linux lacks), not a remediation of lacking isolation. Yes, Windows has had similar (but far from as severe) problems with shatter attacks. And there's learning for you in how it was handled:

After UAC was introduced with Windows Vista it was made illegal for lower-integrity processes to send messages (or hook keyboard etc) of higher-integrity processes - even if they were running as the same user. Combined with the fact that IE ran as low-integrity it was made exceedingly difficult for an attacker to hook the kayboard or remote control other windows, even if he compromised the IE process.

However, trojan malware that users were tricked into installing as normal-integrity processes could still hook the keyboard. With Windows 7 Microsoft added to the protection: No longer can an equal-level (integrity level) process hook another process' window or keyboard. To accomodate accessibility tools which frequently need to do that, Microsoft allowed a slightly *higher* integrity level *if* and only if a certain manifest requires it and the files has been digitally signed.

The point of this is that both enhancements were achieved through the already extensible security model. Integrity levels were simply assigned SIDs. If the low-integrity SID is in your process token you are a low-integrity process.

You can *never* extend the simplistic Linux security model like this. It is forever limited to user identities. A process under Linux does not have a token - it has an effective user. It was designed with the faulty assumption that a process in all aspects could represent the user who started it. Proper tokens recognize that processes may have fewer rights, or even more rights than the user who launched it.

You have uttered unbased claims through this entire thread. Now it's time to tell the world how - specifically - the Linux mode is inherently more secure than the Windows model.

about two weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hmmm (230 comments)

I don't run X on any "server" system I manage. Not for this reason, but for the general security concept that you don't run stuff you don't use. Good luck turning off the GUI on your windows box...

Didn't you say that you just finished off setting up a Windows Server 2008R2? And you do not know about Server Core? I sense much deceit here. (IOW: I don't believe you).

However, if you did have X running, it's only going to accept X client connections from the local machine (unless you've opened it up further). This means that any attack vector though X will have to be launched from the local box. Which means that the attacker will have to compromise the local box in some other way.

Goes to show your grasp of this security thingy. There's this security principle called isolation:

Windows has been dealing with so-called shatter attacks where rogue processes sent messages remotely controlling windows belonging to other processes. Up until Windows Vista, Windows only isolated processes belonging to different users. With Vista and MIC (Mandatory Integrity Control), processes were prohibited from sending such messages to windows of higher-integrity processes.

X based Linux distros have absolutely zero isolation. Do you have any idea how serious this is? If there is a memory corruption bug in Firefox and the process is taken over (FF does not have sandboxing), it can install a keyboard hook in X and read every single keystroke entered into any windows. That includes a terminal windows, and worse, even if you sudo to root user, the keyboard hook read every single keystroke including the sudo password.

If that's a superior security model than I have a tower in Paris you may want to invest in.

about two weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Wrong (again) (230 comments)

The progression goes like this..

1. Unix was developed on the Digital Equipment Corp PDP-11 hardware in about 1970. Unix started as a multi-user system that supported memory segment protection between user processes and kernel space.

2. VMS followed on the next generation of DEC hardware the VAX-11780, which made it's appearance in the late 1970's. This system introduced Virtual Memory spaces for user processes. (Thus it's name Virtual Memory System) VMS was not first in being muti-user, commercially that was Unix.

3. Windows NT arrived in the late 80's, and not surprisingly ran on DEC VAX hardware as well as x86 based systems, as the chief engineer of NT came out of the VMS development team at DEC.

So NT got this idea from VMS which got it from Unix....

Unix was never implemented for PDP-11 by DEC. 3rd parties adapted several versions so that they could run on the PDP-11. A number of generations of "realtime" operating systems were developed by DEC for the PDP-11 and later the VAX-11 series.

Dave Cutler was on the teams for many of these OSes. Dave Cutler left for Microsoft to design Windows NT. Dave Cutler *never* implemented an OS for PDP-11 based on Unix. In fact, he *disliked* Unix.

And no, Unix did not invent access control. I sense that you need Unix to be some type of god-like hero. It is an operating system, and an aging one at that. Cool off.

about two weeks ago
top

Steve Ballmer Authored the Windows 3.1 Ctrl-Alt-Del Screen

benjymouse Re:Never liked the 'D' part of BSoD (169 comments)

BSOD happens when the kernel detects memory corruption. With a hybrid monolithic kernel like Windows that means all bets are off and continuing could very well case damage more damage.

Even if the memory corruption happens in an USB driver, it can overwrite critical kernel memory.

Incidentally, you *do* get more information. The kernel will initiate a kernel dump which can be investigated later.

about three weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hmmm (230 comments)

but the fact remains... Windows/Microsoft has been playing catch-up in security where Linux has been leading over the last decade.

So where are those facts?

Because they way I look at it there has been several embarrasing, high-profile successful attacks on Linux servers over the past few years:

Debian server compromised: http://www.zdnet.com/debian-se...
Ubuntu servers compromised: http://www.theregister.co.uk/2...
kernel.org compromised: http://lwn.net/Articles/457142... (we're still waiting for the post morten on that)
linuxfoundation.org and linux.com compromised: http://thehackernews.com/2011/...
red hat and fedora servers compromised: http://www.cnet.com/news/red-h...

(and we do not even mention the OpenSSL fiasco)

So where are the widespread Windows Server compromises?

about three weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hahahahahahaha (230 comments)

It was not a virus, it was an exploit of server software that was unpatched.

And the privilege escalation?

about three weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hahahahahahaha (230 comments)

If you notice, this doesn't effect desktop Linux users. Only servers.

Great. Nothing to worry about then. And here I was concerned that somebody would build a botnet of powerful, high-bandwidth computers. Silly me.

about three weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:Hahahahahahaha (230 comments)

Wasn't Internet Explorer so tied into early windows versions that it was considered part of the OS itself since mare mortals couldn't just uninstall it till a few years ago?

No.

The OS and Internet Explorer shared (and I believe still does) rendering components. Which means that some of the control panel views especially in XP was rendered using the Trident rendering engine - not IE. IE *also* used the Trident rendering engine.

There is also a difference between the kernel and the core OS. Components can belong to what is considered the core OS (with the GUI rendering parts) without being executed in kernel space.

But it makes great FUD.

about three weeks ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

benjymouse Re:must me false (230 comments)

Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default.

Windows 8, Windows 7 and even Windows Vista comes up and asks you if you *want* to turn on services. If you answer no, it will not have any network ports listening. Get it yet? That's the *desktop user* targeted operating systems.

Windows Server comes by default with NO network services turned on by default, and NO listening ports. Get it yet?

Linux *desktop user* targeted distros do turn on network services. Get it yet?

Yes the distribution may turn on some services

Yes, indeed. Get it yet?

Linux distributions targeted at "servers" generally come w/o any services even installed by default.

Yes. Just like the Windows Server versions. Get it?

If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure

Nope. Linux lacks many, many of the security features in Windows 8. In distros using apparmor it only protects some of the daemons. Windows 8 comes with Mandatory Integrity Control built-in sandboxing.

Windows 8 supports multiple (and simultaneous) network firewall profiles which are automatically selected based on where you are: On a corporate network SMB services may be available, on a public network without a trusted domain controller it selects the public (locked down) profile. Linux does not.

I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator

Good you do not believe it, because it is false. This is one of the hardest things for Linux fanatics to understand: Windows has tokens and with UAC even if you do log in with an account with administrative rights, the token will not have administrative rights. This means that the processes started by the shell will not have administrative rights. Get it yet?

Linux is not like this, and most desktop distributions today don't allow you to login as root.

No, but they do allow you to elevate to root as effective user - using sudo or other SUID utilities, which is a blatant violating of one of the most fundamental security principles: Least privilege.

In Linux you elevate to the highest, unrestricted and all-powerfull user just to change your own password??? Have you any idea how f* up that is?

Get it yet?

about three weeks ago

Submissions

top

VLC threatens Secunia with legal action in row over vulnerability report

benjymouse benjymouse writes  |  about a year ago

benjymouse (756774) writes "Following a blog post by security company Secunia, VideoLAN (vendor of popular VLC media player) president Jean-Baptiste Kempf accuses Secunia of lying in a blob post titled More lies from Secunia. It seems that Secunia and Jean-Baptiste Kempf have different views on whether a serious vulnerability has been patched. At one point VLC threatened legal action unless Secunia updated their SA51464 security advisory to show the issue as patched. While Secunia changed the status pending their own investigation, they later reverted to "unpatched". Secunia claimed that they had PoC illustrating that the root issue still existed and 3rd party confirmation (an independent security researcher found the same issue and reported it to Secunia)."
top

Pwn2Own 2009: Safari, IE8 and Firefox all pwned!

benjymouse benjymouse writes  |  more than 5 years ago

benjymouse (756774) writes "In a matter of seconds, Charlie Miller, last years winner of the PWN2OWN contest did it again at CanSecWest and successfully exploited a fully patched Safari running on a Mac. He came prepared, directed the operator of the browser to browse to a rigged website and it was all over.

He took the $10.000 first prize and the macbook home with him.

Last year he was quoted as saying "Every time I look for [a flaw in Leopard] I find one. I can't say the same for Linux or Windows. I found the iPhone bug a year ago and that was a Safari bug as well. I've also found other bugs in QuickTime.".

As I wrote this submission news came in that all of IE8, Safari (again) and Firefox was pwned by a researcher going by the name "Nils". So far only Chrome remains standing.

These were all drive-by exploits against fully patched browsers, not 3rd party plugins. Be careful out there."
top

Vista Capable lawsuit loses class action status

benjymouse benjymouse writes  |  more than 5 years ago

benjymouse (756774) writes "In a big setback for plaintiffs, a federal judge has stripped the class-action status from the Vista Capable suit against Microsoft.

Computerworld writes

The consumers who brought the original lawsuit, and those who followed as members of the class action, will be free to continue their cases, but they will have to do it individually, not as a group, Pechman said. "Approximately one year ago, this Court certified a class in this matter and allowed Plaintiffs 'to further develop their price inflation theory'," Pechman said. "It is now apparent that class treatment is no longer appropriate."

"Dr. Leffler did not attempt any regression analysis, much less an econometric analysis of the impact of 'Vista Capable' on demand," Pechman said. "It is ... critical to Plaintiffs' theory of proof to isolate Microsoft's purportedly deceptive efforts to increase demand from promotions OEMs had in the run up to the holiday season."

Presumably the lawyers for plaintiffs were expecting a good chunk of the potential damages. This will make it much more costly and risky to retrieve such damages. Will this effectively spell the end of the suits, or will the lawyers press on? IANAL so I wouldn't know whether they can appeal this ruling or not."

top

Microsoft urges Windows users to shun Safari

benjymouse benjymouse writes  |  more than 6 years ago

benjymouse (756774) writes "The Register has picked up on a recent Microsoft security bulletin which urges Windows users to "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple". This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Basically, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem.

The MS bulletin speaks of a possible "blended" attack. This is obviously recognizing that having the desktop carpet bombed with executable files does not imply that they can be executed. However, once the files are on the desktop all an attacker needs to do is to find some social engineering attack vector or a way to launch one or more of the files through some other vulnerability. At the very least it does not take much imagination to come up with scenarios where this vulnerability can be used by spammers or skiddies out to annoy users.

It is unprecendented for Microsoft to recommend Windows users to abstain from using a mainstream software product, especially a competing product. Could it be that Microsofts security response team have grown sensitive over Apple TV ads ridiculing Windows users over security while at the same time Apple software products, especially Quicktime, and now Safari threatening the security of those very same users? Surely the "Apple software updater" push of Safari haven't exactly earned them points in Redmond. Surely MSRT realizes that this may be controversial. Is this a "stab" back at Apple and/or a way to shine light on Apples own security problems?"
top

Netcraft: Microsoft IIS may soon overtake Apache

benjymouse benjymouse writes  |  more than 7 years ago

benjymouse (756774) writes "From the latest Netcraft web server survey:
In the August 2007 survey we received responses from 127,961,479 sites, an increase of 2.3 million sites from last month. Microsoft continues to increase its web server market share, adding 2.6 million sites this month as Apache loses 991K hostnames. As a result, Windows improves its market share by 1.4% to 34.2%, while Apache slips by 1.7% to 48.4%. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position."

Journals

benjymouse has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>