EMAIL - I publish email sometimes. If you send me an email and you want privacy, say so, I will respect that. If I don't know that you want your email address published, then I won't. Be aware, though, that I am (usually) human and make mistakes.
Grendel remains headless, but with X11 forwarding across the home network here, I am having no problems. I get a little bit of updating sluggishness in screen redraws, but a 100BaseTX hub should cure that little problem. This works because the implementation of ssh that I am using has a file, /etc/sshd_config, in which is contained a line "X11Forwarding yes". That pretty much covers it. There are other interesting features there, but that's for another day. Now into the mail bag. (</SHEEPISH GRIN> BTW, Thanks, Jim, for pointing that out to Delanae ... </SHEEPISH GRIN>).
My silent vote was counted with enough positive feedback as far as I am concerned - Ben Rota is now an un-tested member of the Gang. Untested because we haven't yet put him through the full ration of scheiss, but then running Windows will do that for us <g>. I have posted him on the Orb Mirror. He gets to write about cool toys, and maybe he will send me his cast-offs (if Bob turns them down, eh?).
> I have real trouble reading white text on a black background
> - it is very goth-stylin, but hard on my eyes at the small text
> sizes I use on my screens. I suppose I could bump the font size up,
> but would prefer not to. Hmmm. Problem, since he writes about
> things I want to read about.
Do what I do. Load the page, and then do an Edit--Select all. You
get nice dark blue on white, which is quite readable.
--
Robert Bruce Thompson
[email protected]
http://www.ttgnet.com
Tip of the Day. You win!
Enough - I have to run. Have a great day. Back atcha later.
Fixed all the dates on this page (I think 'all') before anyone was able to successfully email me. Oops, there's an email now - I think I will wait until I am done to read it. Getting more info on the horrors of UCITA, and a side note on the bad things that AOL 5.0 can do to your connectivity and even your system. I will get more info on it later, but run, don't walk, away from AOL v5.0, until further notice.
Thanks, but as you note, there are unintended side effects. I could also drive up the default font size, and may do so. My premise is big monitors, small features, lots of processes going on at once. It is the converse of the Clean Desk <--> Empty Mind thing, perhaps more graciously stated as multitasking.Subject: colours Date: Mon, 07 Feb 2000 12:41:55 +0000 From: Jan Swijsen > I have real trouble reading white text on a black background - > it is very goth-stylin, but hard o..... In Nest-cape (Win version, at least) you can change the colours. Check the "always use my colours, overriding document" and you are likely to end up with a more readable page. [Insert JPG of Netscrape Preferences Dialog here -bpb] It doesn't always work, for example the text on Ben Rota's page becomes clear but the links on the sidelines become difficult to read. The 'Death line approaching' could indeed fit a film but like things are developing here I think Arnold would run away scared. Hitchcock () would make a good script out of it. -- Svenson.
For instance right now, I have a gimp window open, running on Grinch. An ssh-session, X11 forwarded to run Bluefish and Netscrape. Another ssh session monitoring log and TCP-IP state, as the system was down earlier today, and I want to see if I can learn anything (doubtful, but I should always try). Thanks, though.
A brief link on
firewalls. Go have a look - I will myself, after supper.
Supposedly, aside from the self-promotional bits there, there is some
good and interesting info on building Linux firewall boxen. Steve?
Meantime, supper for us, the Chateau-less Bilbreys of Sunnydale
. . . um, Sunnyvale.
Interesting. The above link takes you to a place which on the face of it is advertising for the book. Bear in mind that the book is on the shortlist, as firewalls are important things to be running. I am configuring one now to hang between the Cayman Systems DSL router and the internal network, and we have some serious house cleaning to do before I will connect anyone but me. Oh, back to the link, right. Well, you fill in the blanks on a number of forms, and the site writes you a firewall script. Looks good at first pass. Of course, to understand what it is doing, you will want the book, or an equivalent, but the script uses standard Linux services (generally IPChains, these days, but the older services have their options available) and builds what looks like a competent script, then you get instructions on installation that seem complete. Check it out. If you don't trust him, you can enter false data, but don't forget, your IP is *always* reported when you browse, unless you are behind a firewall and being masqueraded, or forwarded. An interesting exercise that is instructive is to change some parameters, then watch the changes in the script as a result. The diff command comes into play here.
Some fun top-level links at Slashdot,
and a couple of very good threads going on at
Technocrat. Marcia is watching the Mary &
Rhoda show, so here I am... y'all have a great evening, I will catch you tomorrow.
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
Mailbag first, though, as it appears the gastro-intestinal blockage in the PBI mailserver appears to have been rooter'd clear. There was this...
Glad there's some forward motion, from your perspective. I also do see the convenience factor of reverse chron., but I just don't like it for anything except what's happening today. That means restructuring to archive, and I am a lazy sun-of-a-gun, and would rather do other things with my time. That said, if something I do breaks your Synch, you let me know and I will get right on it. I do see the need to keep that in workable shape.Subject: Redirector to Current day Date: Mon, 07 Feb 2000 12:40:08 -0500 From: Chuck Waggoner To: [email protected] I like it. Even more, I would like the reverse order that Shawn uses. Then, there is really no problem finding where I left off reading--I just keep reading until I bump into it. Except for Pournelle, even if one reads a Daynoter out of order, each day stands on its own, so I really don't see that it makes much difference if the material is in chronological order or reversed--and reversed is less hassle. I'm a dialup guy (by lack of alternative, not by choice) and I really don't like the loading time it takes for online browsing--thus I seldom do it. I have IE download everything I read (about 15 pages) every day, using the Synchronizing feature. Not many people use that feature, and that's a shame--it really saves a lot of time, even though it's not always flawless in operation. It behaves more with IE5.01, though. So far--and amazingly,--after the obligatory wait, your redirector page also gets me to the current page, even when I'm browsing the Synchronized pages offline. Bottom line: as long as I can Synchronize your page, I'm happy! --Regards, Chuck Waggoner
Then more mail resulting from my DoubleClick opt-out activities of last week.
No response to that one of course, but it is interesting to watch the ebb and flow of marketing-speak around this issue. Apparently over 13K people opted out of the DC tracking in the first 3 days, and many thousands went on to send letters, as I did. I have gotten 3 responses, ranging from (sort of) supporting the DoubleClick party line, to this promise, above. We'll see. Got another one from Jeeves, which is merely a resend of the "letter" from Kevin Ryan of DoubleClick. Heh.Subject: An Open Letter To All WebMD Users [#485415] Date: Tue, 08 Feb 2000 08:47:20 +0000 From: [email protected] To: [email protected] An open letter to all WebMD users, communities, and visitors. Dear WebMD users and visitors, WebMD understands the trust you have vested in us to safeguard your privacy, both as an Internet user and as a medical patient. It is a responsibility that we take seriously. In light of recent reports, many of you have inquired about WebMD's relationship with DoubleClick and that company's online tracking activities. Some of you have expressed your concern that your privacy on www.WebMD.com may be compromised by this relationship. WebMD does not provide any personally identifiable data to DoubleClick, nor will we provide that type of information in the future. [snip]
Oh, right, the Hall of Shame. Here's the tail of my /etc/hosts.deny. All IP's that were caught with their hand in the cookie jar.
ALL: 24.94.82.104 ALL: 206.79.22.9 ALL: 12.9.162.4 ALL: 205.166.45.51 ALL: 195.188.192.23 ALL: 194.235.214.12 ALL: 203.229.151.250 ALL: 216.32.140.200 ALL: 128.40.117.136 ALL: 210.104.236.196 ALL: 210.99.62.160 ALL: 209.67.232.128 ALL: 209.3.75.52 ALL: 24.64.104.216 ALL: 216.0.222.7 ALL: 204.210.18.60 ALL: 195.188.192.23
Running out of time, so I will see you later. In the interim, does anyone out there use Wacom tablets? Feedback and advice would be appreciated - there is some graphics work in the pipeline that would be better served by far with a tablet than this mouse. Have a great day.
Evening. Success (though not without pain) on the DSL installation at work today. Turns out that IP Forwarding doesn't 'appear' to work with Win9x clients that have dynamic IP addresses. The setup is
DSL line --> Cayman router --> bobo (the linux box) --> Internal Network
With two levels of non-routable addresses (what I refer to as the double condom method), everything is working fine. Still have to convert half the office, and put up the local anti-viral stuff (some of which hasn't been updated since they bought the machines, not that it needed to be, since the machines weren't connected to anything previously).
The great email backup continues... I received three more emails today that had been sent last Thursday, several from last Friday, yada, yada, yada. That include this notice from Tom (culled from the IBM AIX Discussion List):
Cool. Also backed in, from Sunday, a 'new' Alertbox from Jakob Nielsen. I always follow the run, don't walk method regarding Jakob's output. What he writes is simple, to the point and extremely pertinent. Strongly recommended (as usual). Lots of spam, as usual (Attention Homeowners and my personal favorite - Legal TV Descrambler - using RDO SHK parts, drawings, parts list only $10.95) Eventually I manage to work these guys into my filters, but I have such fun looking, knowing that SOMEONE must be falling for it, or they wouldn't even bother. Heh.IBM has released the source to their JFS filesystem under GNU's GPL agreement. "IBM is contributing this technology to the Linux open source community with the hope that some or all of it will be useful in bringing the best of journaling capabilities to the Linux operating system." More info and a link to CVS repository at: http://oss.software.ibm.com/developerworks/opensource/jfs/index.html I thought this was a pretty aggressive move on IBM's part. It proves IBM is committed to the OSS and Linux movement.
Subject: WTF?
Date: Mon, 07 Feb 2000 23:26:10 -0800
From: "J.H. Ricketson"
To: [email protected]
.b -
When I tried (02.07.00 23:25) to send you my latest WebWanderings effort, I
got the message from Eudora:
Can't send to ". The server gives the reason: '550 relaying mail to
pacbell.net not allowed'.
As I said - WTF?
[J.H. Ricketson in San Pablo]
[email protected]
WTF indeed. So I attempt to send an 'I dunno, I did get a message from you' back to JH, and received the following from Netscrape...
So, sorry, I can't seem to email back at this time, but thanks for the update (and here is what J.H. sent (you may have seen this elsewhere)).
Whew. Very nice indeed. If he keeps this up, I won't have to write anything original, just publish the work of others. Heh. Yeah, right. (Double positive creates negative, film at 11).> Linux: > Up until a couple of weeks ago I had been extremely skeptical of Linux > for the average W98-type desktop user. Linux seemed to me targeted > toward the Suits & Servers users. Man have I changed my Attitude! > Thanks to encouragement by the Daynotes Mob, and some serendipituous > finds in my web wandering, I now can hardly wait to get a third HDD > and start my own Linux adventure. What I found: An article in Linux > World , > http://www.linuxworld.com/linuxworld/lw-2000-02/lw-02-expo-newbie.html > was not too encouraging, but pointed me to http://www.linuxnewbie.org/ > which is just what its URL implies: a handholding site for the rest of > us, composed in understandable English. No LinuxSpeak here. I > bookmarked that one. My next stop, at IDG?s news site, pointed me to > http://www.linux-mandrake.com/en/demos/ , an interactive demo of > Mandrake that steps through the whole Mandrake install, with thorough > and understandable explanations at every step before you?re in the > middle of the install and facing a thorough system crash with one > wrong keystroke. The demo is absolutely devoid of Linuxspeak. Exactly > what is needed to calm the would-be Linux installer?s nerves. > Bookmarked that one. > > But the best is yet to come. Another pointer at IDG led me to > http://www.pcworld.com/pcwtoday/article/0,1510,15145,00.html , an > interesting commentary on Open Source philosophy & practice. Back to > IDG, and another pointer to LinuxworldParis, > http://www.linuxworld.com/linuxworld/lw-2000-02/lw-02-paris.html?IDG.net > There I found a mention of DemoLinux, a Linux-on-a-CD app that allows > running Linux totally from the CD, with no change to the rest of the > system! Just the thing for me: all Linux & no risk! I tracked > DemoLinux down at http://demolinux.org/index.en.html DL info: ?The > ISO9660 image of the Demolinux CD takes up more than 600Mb (or 200 Mb > compressed) and is located at ftp://www.demolinux.org/pub/demolinux/ > (anonymous FTP server).? And, of course, this can be burned onto a CD. > Free. > > OnLine Banking > Later, IDG pointed me to this PC World article > http://www.pcworld.com/ontheweb/article/0,1978,14816,00.html on Online > banking, a subject very dear to my heart. I abhor banks & insurance > companies. I began investigating online banking in Dec. ?97, and began > banking with SFNB.COM/ in Feb. ?98. They are about as good as banking > can get. Free, open 7/24/365 (including their working support staff), > and NO charges except for overdrafts (naturally). And it would take a > really purposeful effort to overdraw. ATM fees? Not necessary. Get > cash from your grocer when you buy your groceries with your ATM card - > no fee. If I sound like an evangelist for online banking, I am. For > the first time in a long life I no longer have a nagging worry about > paying bills on time. As skeptical of banks as I am, I keep monitoring > the online banking offerings. None come close to SFNB. I even found > one that has 29 (count?em - 29) little ?Gotcha? fees, fines, and > charges that they can - and will - hit you with if allowed. > Accounting? I can slice & dice reports a dozen ways from the middle at > my SFNB account site. No need for Quicken or Money. The article has a > comparison chart for many of the best of online bank offerings. See > SFNB?s demo at http://www.sfnb.com/demos/bankdemos.html
Subject: Wacom Date: Tue, 08 Feb 2000 09:24:17 -0600 From: "Wallbridge, Shawn" To: "Brian Bilbrey (E-mail)" Ronda uses a Wacom 12x12 at work all day. But she uses a Mac (*freak*). I have used a Wacom on a PC and they are very nice. I plan on getting a Graphire 4x5 USB for home. Both Ronda and I could use it. I was planning on getting a CalComp since the 12x12 was only $389 (vs $900 for a Wacom), but they went out of business. Funny how the Wacom tablets went up 30% as soon as CalComp closed its doors. I gather you would be getting a serial tablet. The only thing I can say about them is get the biggest one you can afford. Shawn
Gotcha. Thanks.
There was also correspondence with Dan Seto about migrating his site. The answer I sent him was, 'Mirror your content, then submit the DNS changes to NSI. Keep mirroring for a while, generally a few days after you can get to the new home, then hang a "I've moved" shingle out at the old hosting service till your time runs out. That way, if it takes several weeks for NSI to get the DNS changes right, then you will only have to do twice the work, forever.' Well, it was something like that.
Lastly for now, there was this... LinuxJuan. You figure it out (hint, think LinuxOne, the IPO that shouldn't!). Later.
Well, now I was able to send that message (to J.H.). And
Marcia tells me that she sees the same
dialog sometimes (Win98, NS 4.71-128) when sending mail to
Barbara Thompson.
Go figure! Now to work. G'night.
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
I spent time last night, back at Perl, bashing my head against a brick wall. At this point in the book. the exercises build strongly on material already covered. Since I am sporadic in my attention to the topic, apparently some bits have fallen out. Rather than go all the way back, I am just writing code, then attempting to figure out what to do from error message. I picked up a few, and remembered some things from a few weeks ago, but still stumped on a bit or two about using hashes. Hmmm. Should be simple, but then, I am a 'simple' guy. Hey, what's the ISBN for Perl for Village Idiots? Anyone know?
Lots and lots of mail this AM, 90% of which is from last Thursday and Friday. Perhaps one day this will end (but I doubt it). I received notice of Chris's plans, three days after I saw ChateauKeybord. Sigh. Oh, double sigh - I have a visit to Sweeney Todd this afternoon - having a post set in a tooth that I broke and killed in my teens. Lovely. Otherwise I might have to enjoy myself today, even though it is supposed to rain - Hey, maybe a traffic accident will prevent me from making my appointment! Maybe I can put it out of my mind. Yeah, right.
Off to finish the DSL install, now. Have a lovely day.
And now for something completely different. I managed to find exactly one online source that singled out Linux boxes as a culprit in the DOS attacks of the last few days. Other sources talk about the vulnerabilities of many different systems, without even knowing what the origin of the attacks is yet. Hmmm. Sure. Any system can be secured, be made reliable, be fast, be useful. These goals generally require conflicting implementations. This is why I run multilayered security. There are things I do that would be far easier if my system were more open. Heck. I keep up with updates. I am sure there are a lot of people that don't. But I *really* don't like finger-pointing, especially not backed up by hard data that I can see. Sigh.
The tooth is rebuilt. Better than it was. Better, stronger, faster. The six million dollar tooth. (I sure hope not that much -G-). The DSL implementation went clean, everyone is online - I even (against my better judgement) improved an AOL connection. But don't ask me how to do XyZ inside of an AOL thing - the only use for the AOL CD's is to hold a hot or cold drink 0.063" away from a wooden surface.
Just a tidbit from yesterday - in my dose of Andover News, I get a shot from Dave Central (Linux), and the daily Best of Linux thing. Sometimes it appears not to be a linux thing after all. Most of the time it is. Also most of the time, what he's writing about is irrelevant to what I am working on, looking for. But I always read, so that I will remember that I saw "something that sort of handled that function" when someone asks. Yesterday's was Siag Office. I am always interested in office productivity suites, just for the alternative value-add for people hooked on Redmond products. Siag wins the Slogan Contest hands down : It sucks less!(tm). They have a spreadsheet (Siag), word processor (Pathetic Writer) and drawing/animation package (Egon Animator) They offer source and binary downloads at the right price (free).
Given that I am a sucker for giving something a shot, I d/l the sources for the latest release. Why compile from source? You know that it will use your libs and should work optimally in your environment if you compile. Binaries may have been compiled with different dynamic libraries or resources than you have on your system. Anyway, I downloaded the latest release (later than that mentioned on the home page. Several compiler warnings, some of them in red, indicating function usage (getwd) that is dangerous and shouldn't be used. Then a compile failure. Hmmm. Track back a little ways, then decide to back down one revision level. Strip out the 3.1.22, get and untar 3.1.21, and ./configure, make clean, make, make install. Hmmm. All of the same warnings and danger signs. But the compile completes. So I execute the make install.
I start up pw (Pathetic Writer). I type a line or two, start mucking about with the formatting. The font handling is a little less than optimal, although it prints beautiful output. Then I opened some dialog box and the program wicked itself right off my screen. Segfault, core dump - no core dump. cd back to the source directory, then make uninstall, cd .., rm -rf siag*. So sorry, g'day. A tool doesn't have to have nearly the bells and whistles that MS office products do, but they do have to work, not disturb my eyes too much, and (most especially) not die.
A reference unearthed today, the
NIPC site off the FBI
url. The actual link above is a description and tools for diagnosing
Distributed Denial of Service daemons. Interesting information, but they
only offer executable binaries. I am so sorry, but run an executable
binary from the FBI, as root, on my system, without looking at the source,
or knowing that someone that actually knows what they are doing
looked at the source and pronounced it innocuous???? I don't think so!
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
Well, very short this AM, 'cause it is raining, and that plays havoc with my commute. I was successful yesterday also, at forwarding an X-session across a secure pipe, from home to work over the Internet (you know, that thing with wires that Al Gore 'invented'). I rather thought things would be fine, and they were. I was running *this* application, Bluefish, on my display at work. The processing was happening here. Very fun. In other news, J.H. is switching ISP's and heading into Linux land. Let's all wish him luck <SEG> I will be standing down here with a safety net, ready to assist (and he knows I will help).
Check out Half.com. I read about this in my morning RedHerring update - Half lets you sell your mass market items, as long as you sell for half or less. Looks kind of interesting, and Ralph Needleman thinks the biz model has more potential than eBay. Hmmm. Why can't I have these ideas? And this plug for a friend's company, smartshop.com. Our friend works there, maybe with a stake, we haven't asked. They are launching, and not all the features are up yet, it's a pricescan type of model, but navigation is far easier - I have been there and used it for comparision shopping myself. (Standard disclaimer - I make money from none of the things I write about - if I do, I will say so.)
Have a lovely, damp (or sunny) day (depending on your location).
Nope, not you. But the FBI site just added linux to its list of vulnerable systems, adding to the solaris ddos detection tools already in place.> I managed to find exactly one online source that singled out > Linux boxes as a culprit in the DOS attacks of the last > few days.But I *really* don't like finger-pointing, > especially not backed up by hard data that I can see. Sigh. Brian, I'm not sure who you are referring to when you talked about finger pointing but when I first talked about DDoS I mentioned that *all* systems were vulnerable. But. The Register's story: http://www.theregister.co.uk/000127-000005.html did say the following: "More ominously, DSL and cable modems, which remain connected around the clock, make it possible to launch attacks through the growing number of private Linux boxes now online. "We've already seen these attacks coming through Linux boxes," ISCA Director of Research Services David Kennedy told The Register. "And there's no reason why it can't be ported to the Win-32 [operating system]," he added." This last statement seems to indicate that the software \ runs on Linux machines and had not been (at least at that point) "ported to Win-32." I assume they are talking about the daemons but I do not know that for sure. But bottom line, it appears it runs only on Linux. In either case, finger pointing is almost always counter productive. If we are going to get this under control, *everyone* will have check their security settings/updates. And I am sure, you being a conscientious sysadmin., you have done all of that already. But. The other guys out there must also do that. And that is one of the problems...Sigh. Aloha - Dan
After tracking into the Register story, Kennedy is quoted as saying that, without actually saying that Linux boxes were to blame for this particular outbreak... These tools operate primarily at this time on *nix installations, because the large majority of boxes persistently connected to the internet run some variant of Unix. This of course includes Linux, but by singling out Linux in his quote (or having his quote edited), that gets more links in, because Linux is so hot-hot-hot right now. I actually can't determine anything about Kennedy's qualifications to comment on the situation, since I don't know what the ISCA is, and haven't been able to ID the organization from the info in the Register story. The buzz around Linux works both ways. In order to use DeCSS on a linux box you have to be able to patch your kernel, recompile, and install some fairly rough-edges software. The windows version is a Win32 app - ready to fly - just plain works (I know, I tried it). Hmmm.
News is a business. Connected computers are vulnerable. Period. End of story. Doesn't sell many papers, does it? OK, try this:
Connecting computers to a network such as the Internet can result in increased vulnerability for the connected systems. Any measures taken to increase the security of the connected system generally result in reduced utility, speed or reliability. Thus, Internet security is always a game of compromise.
Reads a tad dry, don't you think? But... Linux Implicated in Yahoo Outage. "Yes, these tools will run on Linux." says Director of Security...
Now that sells papers and banner ads, chum. Never forget that if they didn't make a buck, the internet would still just connect universities, the government and corporate research labs. Sure, my viewpoint is biased, too. I like Linux. Hell, I like Windows - a *LOT* more now that I have seen Win2K. There are tools for doing my job that only exist under Windows. The issue here is that I really don't like blame without facts. Even the Kennedy statement from the Register didn't actually make any claim - just a vague sort-of accusation that sells plenty. Sigh.
To the left you will find a thumbnail linking to an image of the latest in a series of desktop protection devices sent to me by the good people at AOL. Interestingly, there is a story or two that goes with Version 5.0 of AOL... Let me dig up a link or two first.
http://news.cnet.com/news/0-1005-200-1540024.html?tag=st.cn.1. and
http://biz.yahoo.com/bw/000203/ny_prodigy_1.html
contain a couple of reports about the possibility that installing AOL 5.0 and accepting defaults can disable other access modes and ISP connectivity pre-existing on your system. Various tales from the wild went so far as to claim that a full bare metal reinstall was required to recover from what AOL 5.0 does to your system. Well. There are SO MANY things that can make a bare metal reinstall make sense that one more on the list troubles me not. The reported behaviour though, is strikingly similar to that noted by people attempting to run paleo-Windows on DR-Dos systems. If a program sets itself as default, do you know how to change that default back to another program? Of course you do. But the average user out of 22 million plus? I think not! Anyway, the Titanium moniker must have been . . . the intelligent choice, even intelspired.
In other mail, there were interesting pointers from Bob Thompson on
combining IDE and SCSI drives on a system - his final phrase? "Good Luck!"
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
Possible, not 'probably'. That's like saying that Svenson was probably the one that killed all of those people - after all, he could have done it... eh?Subject: Deamon Date: Fri, 11 Feb 2000 13:37:20 +0000 From: Jan Swijsen Porting Deamons to Win32. Heu. Don't they know Windows does'nt cohabit with other daemons? More serious. I can quite see that the Register is probably right with mentioning Linux as the attack lounching clients. Linux can be secured but with its current popularity and the number of people experimenting with it there must be lots of badly secured Linux boxes visible out there. Especially if you realise it is not trivial to make it secure and keep it that way. -- Svenson.
In reality, setting up networking is less trivial than it sounds (or sys admins wouldn't be so valuable, right Matt?). People who have linux boxes connected to fat pipes are people who know what they are doing, at least somewhat - this is one of the hidden 'advantages' of Linux's steep learning curve. Easiest way to crack a box is to use bad passwords, and RH and its derivatives have bad password checking built in, which helps considerably.
Sure, Linux boxen can be used in this type of attack. No particular OS has been singled out, so far as I know, in the DDoS attacks of earlier this week. The *nix family as a whole (unsecured) is vulnerable to the current generation of tools.
Truth in Advertising - once again I say: Connected computers are vulnerable. A minimum of effort will keep the vast majority of the vandals at bay. Choose good passwords (not dictionary words, use numbers *and* punctuation). Turn off services you don't need. (that means telnet, rsync many others under Linux; Don't run File and Printer sharing on a persistently connected Windows box. Don't run NetBUEI, you don't need it) Run a personal firewall - there are low cost software packages out there to do this - make the effort. There are so many connected computers that if you take the time to do a little bit, the bad guys, the script-kiddies will bump up against a brick wall or two, and keep going. If they have to keep going long enough, they will get bored, and go do something that might get them arrested (a good thing).
Whew. Happy Friday! The roads sound dry out there (temporarily, since it is supposed to rain for the next few days over here. Fairly successful at getting things set up to be able towork from home occasionally - getting document structures replicated here that I have at work, things like that. Got one possible artwork done for a new ad, and some datasheets completed. I need some more of my material from work, then I should be on a hot run. I want to get all of ETS' current products into the new datasheet format (actually, in *any* datasheet format would be cool) OK, the above rant took time I didn't have, gotta run now. Have a great day.
OK. I give. You're right. I am wrong. <G>Subject: Re: Deamon Date: Fri, 11 Feb 2000 16:37:52 +0000 From: Jan Swijsen What I intended to point out is not that setting up a network is trivial, not that making it secure is more difficult than setting up the network. Securing a box is not something you do once. You have to keep up with developments and install updates. A box that was secure six months ago is not (necessary) secure today. A lot of people are getting a linux box setup for net access and firewalling at home, not all of these people are doing the setup themselves. Many of these will be used in the same way that Jerry uses his Netwinder. Few people using Linux that way are going to keep the box updated regularly. If it ain't broke, don't fix it. And broken security is not visible until after the damages has been done.
We agree, I think... But if so, there's nothing that can be done about it. You can always find someone who won't do the necessary. period. full stop. I do what I can, and write about it. You do the same - we do our best, and the 22 million AOL users with their File and printer sharing will still be the death of us all.... sigh.
The advantage to tacking into large corporate or university networks with vulnerabilities is lots of indentically configured machines, often with the ability of access one, access all. Linux boxes, even unsecured, tend to be one at a time.
Still I fight the battle of upgrading old (4+ years old) computers at work.
Each one of them has a distinct and quirky personality at this point. I am
strongly tempted to, one at a time, move data off to the net, then scrap'm
off and start from scratch. Probably be good for them. But I dunno. Happy
Friday! The work week is done (well, mostly - I brought datasheet work home
with me). Laundry is in process, and Perl is in the queue. Here's an
link to an interesting
Wired
article on Microsoft's 'anti-piracy' processes and technology for Win2K.
Have a nice evening.
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
Good Morning. The streets are soaked, and there is a tiny break in the clouds allowing the sun to point directly into my window, through all that freshly washed air - totally blots out my screen. Aaaergh! We are off into the weather momentarily to do some errands, a little shopping, etc.
Just thought I would take the opportunity to let you know that Red Hat has put out a beta of piglet - the beta of release 6.2. I accompany this news with a screenshot of gFTP, the Gnome graphical ftp client. Looks highly similar to some cute program available for Windows, eh? The advantage of this type of client, as opposed to CLI mode ftp is that I get running feedback on download rate. With DSL, for most things, it just doesn't matter - what's the difference between 2.5 minutes and 5 minutes for a 15 meg d/l. However, when grabbing an ISO image, speed matters. I initially tried to fetch off of the RH site - looked to be a 4 to 6 hour process. Then I spelunked the list of mirrors (most don't have the beta up yet), and ended up here, at University of Michigan. Looks like I will end up with about 1:20:00 or 1:30:00 for the 611,119,104 byte ISO image download.
Have a great day - see y'all later.
Success - that's two out of three successful burns.
Running RH6.2 Beta on Grinch now. Screen shots soon, when I bring up
VMware and do some grabs. Initial take: Positive. Short for the
next few days. Got a lot going on, from helping out a friend, to
Valentine's and Marcia's birthday, as well as our nieces and nephews
from my side of the family to visit in Orinda tomorrow, it will
probably be a sparse few days. But do enjoy yourselves, and keep
playing freecell, the game can't keep you down forever.
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey
Sad news for a rainy Sunday. Charles Schultz, whose internal life with Peanuts has kept us entertained and instructed for the last 50 or so years, has died following a 3 month battle with colon cancer. Bloody brilliant guy - tapped into something that touched a lot of people. Sayonara, Charlie Brown.
Thanks, Dan Bowman - fyi, a long chapter for TR from Syroid, and more to follow all week as Tom approaches the wire, an afternoon spent playing with a nine year old and a 4 year old, a collapse in exhaustion, a 3/4 day of work, a 15:00 wisdom tooth extraction, and who knows what beyond that. "Young Love" . . . >snurf<
I did get my love a couple of sparklies for an early Valentine's, and a freestanding cherrywood case to hold geegaws like that. I think she likes them.
A tip of the hat to Don Armstrong, who kindly let me know that all of my Last Week links for the last three weeks were broken. But I had all the Next Week links right. You shouldn't be able to go back in time, now should you? Fixed (I think). Thanks, Don. The rest of you, have a great day, where ever you are (OK, you too, Don). Take care.
Evening. Not much to report. My back is destroyed (see image
to right, for evidence), but young Robbie (and my sister Barbara, image
left) were much better behaved. A good time was had by all, with joint
birthday celebrations, vast amounts of sugar and lasagne were consumed,
and I will probably be unable to walk tomorrow. See you next week.
Orb Home / Top (& search)
/ Index & Links
/ Email Bilbrey