"Upgrading"
in [General Linux]
|
From: Bit Twister on 2 Feb 2010 17:39 On Tue, 02 Feb 2010 21:05:54 +0100, Aragorn wrote: > On Monday 01 February 2010 01:56 in comp.os.linux.misc, somebody >> I say it is stupid to run an application with known security flaws. > > And how careful is it to replace that application with one that has yet > unknown security flaws? ;-) Come on now, next release has same old unknown security flaws unless it is a complete rewrite. :-P Better compile/audit tools have found possible exploit avenues so newer libraries and whatnot are a bit more secure than old ones, generally speaking. > Besides, there is a difference between > patching security holes and installing the "latest and greatest". Was not arguing about that at all. See >> top of this reply. > Just > because there would be a security leak in, say, PHP doesn't mean that > you have to upgrade your entire system to the "latest and greatest". Well, I disagree. Criminals are breaking into web sites through applications like php and poorly coded input validation fields. I would not necessarily force anyone to next "entire system upgrade" for an application updates. > Especially not if you're not even using PHP in the first place. Bit of an argument misdirection there. If not using it, take it off the system. :) > Look at KDE for instance. KDE 3.5.10 contained a few minor bugs but was > mostly working just fine and was fully functional. Can not argue that point. I have converted to kde4 but still not happy with it, at all. > Then most > distributions started deliberately breaking KDE 3.5.10 by dumping some > of the essential packages from the tree in order to "guide" users into > using the as yet still unfinished KDE 4. > (That's what happened with Gentoo, among others. KDE org indicated they are still supporting kde3 and Mandriva 2009 is still running KDE3. :-D But you have to agree, If kde4 was not pushed by the distribution vendors kde4 would not be as far along as it is today. As for the distribution vendor screw ups, I cannot agree more. Mandriva has instituted a freaking Guest account no password. And yet you can see exploits being fixed to prevent local users from exploiting the system. Makes you wonder if M$ have planted a few people in the linux crews. :( >> Black hats usually have working exploits out within 24 to 48 hours >> after a security update to an application. > > Black hats are usually too busy exploiting the bugs in the most used > (excuse for an) operating system called Microsoft Windows to Can not be too busy if they have turned out new malware exploit within a day or so. Of course a new one showing up about every 20 seconds indicates they are not loafing at the terminal either. :-) > concentrate on home users running multiple variants and multiple > distributions of GNU/Linux Come on now, you know the big crime rings are not skipping big targets because they are not running M$. Think about it, between Suse and Red Hat's supported customer base there is around a million systems that no self respecting bot herder would not like to have under his thumb. Not to mention the free users. Look how they went after DSN, bind and ssh. > with far too many different versions of > individual packages dispersed across the userbase. I hear what you are saying, but Black hats are attacking the apps processing web content, (flash, pdf, gif, MP3, WMA, WMV, MP2,...) and you have to admit, it really is not that hard to have malware figure out which linux os is running. I can agree, the script kiddies are not going to do well in the linux environment as a group. > And just for the record, Gary McKinnon supposedly broke into NASA's > computers trying to find evidence of UFOs and "did a lot of damage", > according to NASA - which is nonsense of course, since he did not > damage anything. And do you know how he got in? Here's the joke of it > all: they had a whole network of Windows XP machines with their > Administrator account set up with a blank password... Yup, stupid is as stupid does.
From: Darren Salt on 3 Feb 2010 17:16 I demand that Aragorn may or may not have written... [snip] > I've just read an article - in French, unfortunately - to which the link > was posted in be.comp.os.linux, and which says that Micro$oft are now > submitting code to the Linux kernel, under GPLv2. > The article did not specify what that code might be - I presume it's got > to do with either the in-kernel NTFS driver or else with the CIFS/SMB > client driver code - but as I wrote in my reply on /BCOL/ I consider > the acceptance of any admission of Micro$oft code in the Linux kernel > to be "The End Of The Innocence", to quote the title of a great Don > Henley song. Makes me sad... :-/ http://www.theregister.co.uk/2009/07/20/microsoft_windows_drivers_linux/ http://www.theregister.co.uk/2009/07/23/microsoft_hyperv_gpl_violation/ http://www.theregister.co.uk/2009/07/24/ramji_defends_gpl_drop/ drivers/staging/hv; CONFIG_HYPERV. Found in 2.6.32 and 2.6.33-rc*. [snip] -- | Darren Salt | linux at youmustbejoking | nr. Ashington, | Doon | using Debian GNU/Linux | or ds ,demon,co,uk | Northumberland | Army | + They're after you... +2A does not support format, 0:1
From: Lew Pitcher on 3 Feb 2010 18:13 On February 3, 2010 17:16, in comp.os.linux.misc, news(a)youmustbejoking.demon.cu.invalid wrote: > I demand that Aragorn may or may not have written... > > [snip] >> I've just read an article - in French, unfortunately - to which the link >> was posted in be.comp.os.linux, and which says that Micro$oft are now >> submitting code to the Linux kernel, under GPLv2. > >> The article did not specify what that code might be - I presume it's got >> to do with either the in-kernel NTFS driver or else with the CIFS/SMB >> client driver code - but as I wrote in my reply on /BCOL/ I consider >> the acceptance of any admission of Micro$oft code in the Linux kernel >> to be "The End Of The Innocence", to quote the title of a great Don >> Henley song. Makes me sad... :-/ > > http://www.theregister.co.uk/2009/07/20/microsoft_windows_drivers_linux/ > http://www.theregister.co.uk/2009/07/23/microsoft_hyperv_gpl_violation/ > http://www.theregister.co.uk/2009/07/24/ramji_defends_gpl_drop/ > > drivers/staging/hv; CONFIG_HYPERV. Found in 2.6.32 and 2.6.33-rc*. And, apparently, due for removal from the kernel (2.6.35) after Microsoft abandoned the code mid-cleanup. http://www.kroah.com/log/linux/staging-status-12-2009.html -- Lew Pitcher Master Codewright & JOAT-in-training | Registered Linux User #112576 Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/ ---------- Slackware - Because I know what I'm doing. ------
From: Keith Keller on 3 Feb 2010 23:42 On 2010-02-01, Grant Edwards <invalid(a)invalid.invalid> wrote: > > Is there any consensus on the question of whether he's really a > troll -- in which case his posts are just a put-on to try to > elicit responses from others? Or do his posts genuinely reflect > his attitudes and beliefs? I think one would have to be impossibly stupid to actually hold the beliefs that ''Sid'' purports to hold. One would have to be so incredibly stupid that, no matter how much help one had, one would be absolutely unable to post more than five times to usenet, much less the almost uncountable spew that ''Sid'' puts out. Between that, plus the nym-shifting, plus the theatrical way he tells people to "stay out of his space", indicates to me that it's all a giant put-on. --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
First
|
Prev
|
Pages: 1 2 3 Prev: printing from XP to Linux printer server Next: nice bandwidth usage |