|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 13 Aug 2001 17:11:58
To : All
Subject : URL: http://www.lwn.net/2001/0809/letters.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
[4]Security
[5]Kernel
[6]Distributions
[7]On the Desktop
[8]Development
[9]Commerce
[10]Linux in the news
[11]Announcements
[12]Linux History
Letters
[13]All in one big page
See also: [14]last week's Letters page.
Letters to the editor
Letters to the editor should be sent to [15]letters@lwn.net.
Preference will be given to letters which are short, to the point, and
well written. If you want your email address "anti-spammed" in some
way please be sure to let us know. We do not have a policy against
anonymous letters, but we will be reluctant to include them.
August 9, 2001
From: Joe 'Zonker' Brockmeier <jbrockmeier@earthlink.net>
To: lwn@lwn.net
Subject: Are you kidding?
Date: Wed, 8 Aug 2001 13:09:41 -0600 (MDT)
Hey guys,
I think you blew it, saying that the Linux Today incident should be
left behind so easily. Reichard only responded to the astroturfing
accusation, saying nothing about the accusations that he refused to
link to other sites, or that he was actively disparaging other Linux
news sources. It also doesn't address the accusation that he's actively
struck down other people's postings. I'm not saying that he has actually
done all these things, though I have experienced LinuxToday holding
news submissions appearing on other sites for upwards of three to four
days, while other news submissions were posted immediately. But, he should
have addressed all of these issues.
Frankly, LinuxToday has sank farther and farther downhill since
Internet.com has taken it over - and irresponsible people like Reichard
do not deserve to be let off the hook so lightly. It's fine for him
to have an opinion, but he should have the cojones to own up to his
opinion under his own name. If he can't do that, he doesn't belong in
the business.
His apology does not go far enough. If this were a print publication, he'd
be out on the street. I find it disheartening that anyone would feel that
this should be dismissed so easily.
Take care,
Zonker
--
Joe 'Zonker' Brockmeier -=- jbrockmeier@earthlink.net
[16]http://www.DissociatedPress.net/
Free Dmitry Skylarov! [17]http://www.freeskylarov.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"I'll sleep when I'm dead." -- Warren Zevon
From: Theo de Raadt <deraadt@cvs.openbsd.org>
To: jake@iki.fi
Subject: RE: Usage of SSH
Date: Wed, 01 Aug 2001 23:27:44 -0600
Cc: letters@lwn.net
> I've just been wondering why every time there is a problem with Secure
> Shell from SSH Communications Security Corp (which, believe me, is really
> rare), it is so clearly stated that the problem is only in the commercial
> product, but when the problem is in an open source implementation of the
> protocol, quite a few sites don't bother making the point of specifying
> the product. They just talk about SSH.
That might be because (according to measurements we have been doing
for about a year) OpenSSH is fast becoming the most popular SSH
Protocol server on the net, especially for Protocol 2. As well,
especially in the Open Source community, OpenSSH is very nearly the
exclusive choice, since it is included in the OS distributions.
See [18]http://www.openssh.com/usage for our graphs. (They are currently
being moved from elsewhere, so if you cannot get at them, try again
later).
Secondly, I think your sense of history is somewhat clouded. The
deattack bug hit pretty much everyone's servers and clients, and it
was very clear who fixed it first. We posted far and wide about the
issue, pretty much saying we had screwed up. ssh.com took quite a
while to fix it. Maybe people noticed? Or maybe not.
> Don't get me wrong, I'm all for open source, but looks like open source
> folks are quite good at FUD too.
But probably not intentionally.
Apparently you live in Finland, a fairly small country where ssh.com
is located; if you attribute the situation stated above to malice on
our part instead of an informed decision of the masses, are we to
assume the same of you? No, let's just stop right there.
ps. I can't believe I just used the phrase "informed masses".
From: Mace Moneta <mmoneta@optonline.net>
To: letters@lwn.net
Subject: Regarding Dmitry Sklyarov
Date: Thu, 02 Aug 2001 08:07:17 -0400
Regarding Dmitry Sklyarov, I was wondering why the U.S. Attorney's
Office has not arrested the researchers at IBM and AT&T Labs responsible
for Quantum Computing and Quantum Factoring algorithms. Clearly, their
primary function is the circumvention of existing encryption methods.
In fact, there have been several papers explaining the weakness of
commonly used encyption when confronted by a "quantum attack".
These circumvention devices can render the encryption methods, which are
used to protect not only copyrighted material but secret material as
well, worthless -- a blatant and flagrant violation of the DMCA as far
as I can tell.
In fact, this development appears to be part of a broad conspiracy.
There are "hacker communities" passing the "mathematics" and "physics"
(terms commonly used by these hackers) to new generations. These
"teachers" are the equivalent of drug dealers, giving our youth the
taste of illegal knowledge needed to progress the battle against decent
and law abiding copyright holders.
I hope that our Attorney General steps in and declares war on these
menaces to society.
Sickening, isn't it?
Mace Moneta
mace@monetafamily.org
From: Joe Klemmer <klemmerj@webtrek.com>
To: <letters@lwn.net>
Subject: A minor clarification on the Dmitry Sklyarov situation
Date: Thu, 2 Aug 2001 13:02:00 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
While I, like any other US citizen with at least two brain cells,
deplore the incarceration of Dmitry Sklyarov and the whole foundation of
the DMCA there's one thing that might be good to point out. I've seen
many people outraged over the fact that he is being held without a bond or
parole hearing. As Mr. Sklyarov is not a US citizen he is not entitled to
the same rights as the rest of us. Unfortunately the "government" can
virtually hold him indefinitely.
No I don't like it any more than you do but it's the way it works.
- ---
The most exciting phrase to hear in science, the one that heralds new
discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see [19]http://www.gnupg.org
iD8DBQE7aYePHeWRPx8OIHARAn3FAKCaVN8nTu8i5U57lgPBtQH6DHqJbACfeOgx
Yi3VeaSlArpNJYEoXAZRUGA=
=Bz+e
-----END PGP SIGNATURE-----
From: Leon Brooks <leon@cyberknights.com.au>
To: letters@lwn.net
Subject: To vigilant, or not to vigilant - that is the question
Date: Tue, 7 Aug 2001 10:27:29 +0800
By now we all know about CodeRedII and SirCam. We also know that
hosting menaces like these is an almost exclusive property of
Microsoft software. The question has been raised: do we have the
right to, uh, proactively defend ourselves from the infected servers?
And if so, how much defending should we do?
In my case, as I write, each of the single-IP servers here is taking
a hit about every three minutes. At about 460 bytes a hit, that's 8k
per hour per server. Not something to get flustered about. OTOH,
other places are reporting a hundred times the rate, and web service
in general appears to be a bit dodgy at the moment.
While any one server is not doing much damage, many raindrops make a
flood. This flood is impacting my ability to use the Internet (my
livelihood) and sooner or later the effect of exponents is going to
result in something like a tidal bore.
This morning, I contacted a software supplier for the client I am
working for now, to find out why an update hadn't arrived. It turned
out that over the weekend, SirCam had buried their Exchange servers
in jokes, porn, proposals and service reports.
Today, their intranet webserver was down for repairs after being
CodeRedded, oh, and by the way their proxy server apparently had a
web server up on it too, so all they have left is the 'phones and
snail mail. Snail mail would take three or four days to get here from
Queensland, and I'm going home tomorrow.
So both directly and indirectly, CodeRedII and SirCam have damaged my
business, and the businesses of those I contract to. At law, I have
certain rights of self-defense.
One of the side effects of SirCam is that it tells you that the
originator is running binary emails. One of the side effects of
CodeRedII is installing a public shell. Each machine has come to my
client or server and told me how to get back to it and do what I
please with it.
The opportunities are obvious. What should I do with them? I wrote a
one-pager PHP script that I call CodeRed2 Explorer, for
point-and-click navigation of and experimentation with compromised
hosts. But what next?
The obvious first step would be to contact the originators and
complain. This has several disadvantages, including that the the
machine or mailbox might not be attended, the recipient might not
understand or believe my message, and the recipient might not be able
to do anything about it.
So, am I within my rights to respond by deleting the offending
program (Outlook or IIS) and/or shutting down the attacking machine?
I'm pretty sure that uploading a Linux installer to the offending
machine and running it is going too far, but I wonder how many others
would agree, and how many would regard that as a final solution for
the problem?
From: Matthew.Ramsay@lineo.com
To: letters@lwn.net
Subject: Reply to Jay R. Ashworth on PoPToP and SnapGear
Date: Thu, 2 Aug 2001 20:05:39 -0600
I'd like to make some things clear about where PoPToP comes from, Jay
Ashworth's comments and where SnapGear is taking PoPToP.
I wrote PoPToP back in February 1999 for MoretonBay's NETtel platform (now
called SecureEdge). Around April that year I made some changes for it to
work on x86 platforms and released PoPToP to the GPL community. There was
no existing PPTP server for Linux back then so the idea was to give back to
the community I enjoyed being a part of by providing something that hadn't
been written yet.
In May 2000, Lineo purchased Moreton Bay and continued funding work on
PoPToP on the Coldfire platform (of which the NETtel -- renamed SecureEdge
-- used). At all times though we kept the PoPToP source code for the
Coldfire platform (and x86 platform) available. I focused my efforts on the
Coldfire and occasionally applied patches from various people to the x86
platform and released new versions. As I've got busier over the last year
the x86 tree became more difficult for me to maintain. However, I'd be more
than happy to help someone (perhaps Jay?) to fold Coldfire patches and
other patches into the x86 platform and let them contribute back into the
community.
Also, SnapGear was recently spun-off from Lineo to target the SOHO VPN
market and includes PoPToP as one of its VPN solutions. Again, SnapGear's
focus is on the Coldfire platform. Both Lineo and SnapGear together have
thousands of people and companies already using the Coldfire port of PoPToP
as their VPN solution and it works great. In this environment it needs to
work well.. and we've worked hard to make it so.
Finally, of all the developers I've worked with and even the companies I
have worked with (Moreton Bay, Lineo and SnapGear) they have all actively
contributed to the GPL community and are continuing to do so. It is a great
thing to see and be a part of.
Cheers,
Matt.
From: cpb@log2.net
To: letters@lwn.net
Subject: Woody by Christmas?
Date: 2 Aug 2001 14:20:29 -0000
On the Distributions page of the LWN issue of 2001-08-02, you suggest that
a release of Debian Woody is expected by Christmas. However, your reference
(Debian Weekly News for July 31) says that Woody will be released by Christmas
"if everything goes BETTER than planned" (emphasis mine). Anyone who expects
Woody by Christmas is a...uh...optimist. But as Mr. Stallman says, "it will
be done sooner if you help!" - Chris Bopp
From: "Schaefer, Peter" <peter.schaefer@gmx.de>
To: "'lwn@lwn.net'" <lwn@lwn.net>
Subject: "Open source databases have some catching up to do" - not quite
Date: 8 Aug 2001 10:41:38 +0200
Dear LWN editors,
this news article on your daily updates page
finally triggered a response by me, because
there is - since the beginning of the year -
a full featured, 24/7 capable database system
available as full GPL'd , LGPL'd open-source:
SAP-DB.
It's maybe not widely known outside of germany,
but the SAP guys in Berlin do a tremendous good
job. SAP-DB is used as the data center for many
SAP/R3 installations worldwide, has nearby full SQL92
compliancy and can even be switched to other SQL-dialects
like Oracle or AdabasD. Stored procedures, triggers and
relational constraints are available, additionally several
log backup strategies are possible without the need to
pause the database, making 24/7 operation possible.
Client libraries include JDBC, ODBC and a C-Precompiler;
full source available, LGPL'd.
Conclusion: There is at least one open-source DB which
doesn't need to catch-up, i think ;).
Link: [20]http://www.sap.com/solutions/technology/sapdb/
Best Regards,
Peter
--
peter.schaefer@gmx.de
From: "Jay R. Ashworth" <jra@baylink.com>
To: torvalds@transmeta.com
Subject: Happy 10th Anniversary
Date: Tue, 7 Aug 2001 10:53:44 -0400
Cc: letters@lwn.net
What a long, strange trip it's been. Thanks, man; you gave me
something to do for a decade.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida [21]http://baylink.pitas.com +1 727 804 5
015
Linux: the Choice of a GNU Generation
[22]Eklektix, Inc. Linux powered! Copyright Л 2001 [23]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=pageid=132-000-001-001
3. http://lwn.net/2001/0809/
4. http://lwn.net/2001/0809/security.php3
5. http://lwn.net/2001/0809/kernel.php3
6. http://lwn.net/2001/0809/dists.php3
7. http://lwn.net/2001/0809/desktop.php3
8. http://lwn.net/2001/0809/devel.php3
9. http://lwn.net/2001/0809/commerce.php3
10. http://lwn.net/2001/0809/press.php3
11. http://lwn.net/2001/0809/announce.php3
12. http://lwn.net/2001/0809/history.php3
13. http://lwn.net/2001/0809/bigpage.php3
14. http://lwn.net/2001/0802/letters.php3
15. mailto:letters@lwn.net
16. http://www.DissociatedPress.net/
17. http://www.freeskylarov.org/
18. http://www.openssh.com/usage
19. http://www.gnupg.org/
20. http://www.sap.com/solutions/technology/sapdb/
21. http://baylink.pitas.com/
22. http://www.eklektix.com/
23. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/0809/letters.php3 |
Sergey Lentsov |
13 Aug 2001 17:11:58 |
|
|
