Re: Microsoftheaded, hugely stupid
This is a new worm called Swen (similar to an one from a year and a half ago called Gibe). Swen does a more authentic looking announcement. It appeared yesterday. More information can be found at http://www.f-secure.com/v-descs/swen.shtml -- Dan Jenkins ([EMAIL PROTECTED]) Rastech Inc., Bedford, NH, USA --- 1-603-624-7272 *** Technical Support for over a Quarter Century ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Need a new laser printer
I need a new laser printer as my trusty old LJ2P has decided to stop working..I have had no issues whatsoever getting this thing to work with a few different flavors of Linux. Any suggestion on a good replacement? I want a personal laser basically, below $400 preferably.. How are the Samsung ml-1710 with Linux? or should I stick with HP? In that price range, I've used the HP 1200 successfully. I have used one Samsung (model doesn't come to mind) successfully and another was a Windows only unit, which didn't work. -- Dan Jenkins ([EMAIL PROTECTED]) Rastech Inc., Bedford, NH, USA --- 1-603-624-7272 *** Technical Support for over a Quarter Century ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Is OpenSSH the new Microsoft?
On 17 Sep 2003, at 11:03pm, [EMAIL PROTECTED] wrote: I'd say that it was more unfortunate than bad. Writing useful, correct, and secure software isn't easy. True. If this was some subtle design flaw, I'd be a lot more understanding. But all three of these vulnerabilities were *buffer overflows*. For crying out loud! We're coming up on the 50 year mark for programmable, commercial, digital computers. In half a century, we still haven't figured out something as radical as *bounds checking*? Come on! Has anyone written Runtime environments without automatic bounds checking considered harmful yet? 'cause I'm starting to think it needs to be. Maybe we should just rewrite everything above the most basic levels in insert scripting language of your choice here, since's it's pretty obvious we can't trust programmers to actually write code that works worth a damn. -- Ben, who has had a very long and frustrating day dealing with all manner of crappy code from all manner of sources (And yes, I know there's no silver bullet. I'm not really serious. I think.) -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Microsoftheaded, hugely stupid - procmail recipe
On Thu, 2003-09-18 at 22:29, Brian Chabot wrote: On Thu, 18 Sep 2003, Brian wrote: I'm also working on a perl/cgi-based procmail manager (we have about a dozen email servers to maintain) that allows you to have 1 master procmail body that can be edited via html GUI and then sync'd to the remote boxes. If/when you do, do you think you might be able to share it here? I have users on my system who could really use procmail but don't have time to learn the syntax. (Most can't even figure out how to use a bash prompt...) Sure... In the meantime, check out the procmail module in Webmin, it can write basic procmail rules for you. FWIW, I'm concentrating less on automagic writing, and more on keeping many systems in sync, but maybe I'll add in more Wizard-like (or actually, I prefer Magical Elf to Wizard...) capabilities to write rules. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Is OpenSSH the new Microsoft?
Ben Scott commented: On 17 Sep 2003, at 11:03pm, [EMAIL PROTECTED] wrote: I'd say that it was more unfortunate than bad. Writing useful, correct, and secure software isn't easy. True. If this was some subtle design flaw, I'd be a lot more understanding. But all three of these vulnerabilities were *buffer overflows*. For crying out loud! We're coming up on the 50 year mark for programmable, commercial, digital computers. In half a century, we still haven't figured out something as radical as *bounds checking*? Come on! Has anyone written Runtime environments without automatic bounds checking considered harmful yet? 'cause I'm starting to think it needs to be. You're most of the way there, Ben. Take the last step. The fault lies with.. C. Runtime environments (and languages) which were incapable by design of pointer errors have existed and have been used for implementation of systems large and small for more than your half a century. My own first professional language was COBOL - which for all its faults was incapable of buffer overflows. This was (in my case) in 1963. There are very few ways to get buffer overflows. 1. Use assembly language. 2. Use C. What's depressing is that we keep doing the same thing over again (we'll still use C, but we'll be really careful this time, or we'll use Purify, or...) and expecting a different result. I've read that this is one definition of insanity. Writing correct, secure software isn't easy. Writing software which doesn't overrun buffers IS easy. -Bill Who used assembly language to build OSs for 15 years And who has overrun his share of buffers ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
CSS Question
Hi all - I have a CSS question for anybody who has the urge to field it. I'm attempting to do something relatively simple - center a table on a page. In pre-css days, I would simple have done this: div align=center table . . /table /div I would have imagined that with css (using inline style sheet defs), I would simply do this: div style=text-align: center table . . /table /div This works just ducky in Netscape 4.7x, but not my current version of mozilla. Does anybody know what I need to do instead? I don't want to static position the table, I would like it to be centered. Thanks for any suggestions. -- A computer without a Microsoft operating system is like a dog without bricks tied to its head. Cole Tuininga Lead Developer Code Energy, Inc [EMAIL PROTECTED] PGP Key ID: 0x43E5755D ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Is OpenSSH the new Microsoft?
[EMAIL PROTECTED] (Bill Sconce) writes: There are very few ways to get buffer overflows. 1. Use assembly language. 2. Use C. Obviously, in many circles, C is referred to as high-level assembly language... What's depressing is that we keep doing the same thing over again (we'll still use C, but we'll be really careful this time, or we'll use Purify, or...) and expecting a different result. I've read that this is one definition of insanity. If somebody were to wave a magic wand and magically add bounds checking to all C implementations, I'd still feel more comfortable if people were to attack these problems by adjusting their development and testing methodologies. Writing correct, secure software isn't easy. Writing software which doesn't overrun buffers IS easy. I wouldn't say that the latter case is easy either. Writing such code requires a lot of attention to detail. Regards, --kevin -- If you want to program in C, program in C. It's a nice language. I use it occasionally... :-) --Larry Wall in [EMAIL PROTECTED] ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Is OpenSSH the new Microsoft?
On Fri, 19 Sep 2003, at 9:50am, [EMAIL PROTECTED] wrote: You're most of the way there, Ben. Take the last step. The fault lies with.. C. I know it is possible to design a C environment (compiler and runtime) that supports bounds checking and other automatic error checking features. I believe the language spec is designed to make that possible. (I know the C++ spec is.) All such environments that I have heard of run dog slow, but I suspect that is because they were retro-fitted onto existing, traditional C environments rather then being built that way from the start. I'd argue that it would be a lot more practical to design a workable C environment which protects against this kind of thing then it would be to re-implement the world in another language. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Mastering audio CD's under RH9.0 with ATAPI CDRW drive
Can anyone point out an error in this incantation? # cdrecord -v speed=4 -dummy dev=0,0,0 -audio *.wav Thats with a 2.4.20-20.9 i686 stock kernel (August 18), booted with hdc=ide-scsi and the recommended fiddling in /etc/modules.conf. I get the same error using dev=ATAPI:0,0,0 without fiddling the module loading, and I get the same result on some older kernels. The apparent error is: -- Starting new track at sector: 0 Track 01:0 of 18 MB written.cdrecord: Input/output error. write_g1: scsi sendcmd: no error CDB: 2A 00 00 00 00 00 00 00 1B 00 status: 0x2 (CHECK CONDITION) Sense Bytes: 70 00 05 00 00 00 00 0A 00 00 00 00 64 00 00 00 Sense Key: 0x5 Illegal Request, Segment 0 Sense Code: 0x64 Qual 0x00 (illegal mode for this track) Fru 0x0 Sense flags: Blk 0 (not valid) cmd finished after 0.003s timeout 40s write track data: error after 0 bytes Sense Bytes: 70 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 -- Clearly, basic communication is working, but just for completeness, cdrecord -scanbus gives: -- Cdrecord 2.0 (i686-pc-linux-gnu) Copyright (C) 1995-2002 J?rg Schilling Linux sg driver version: 3.1.24 Using libscg version 'schily-0.7' scsibus0: 0,0,0 0) 'HL-DT-ST' 'CD-RW GCE-8080N ' '2.02' Removable CD-ROM 0,1,0 1) * 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * -- Using the dev=ATAPI hack gives a similar scanbus result. I could swear that I've done this in the past on this very machine (but that may have been with RH7.x). I would be tempted to say that the drive or the media is toasted, except that the burn:/// in Nautilus works for burning some backup data *EVEN AFTER* getting the above message and on the same piece of media. (Perhaps Nautilus can create audio CDs too, but if so, I haven't found the button.) Bill ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: CSS Question
On Friday, September 19, 2003, at 10:04 AM, Cole Tuininga wrote: I would have imagined that with css (using inline style sheet defs), I would simply do this: div style=text-align: center table . . /table /div This works just ducky in Netscape 4.7x, but not my current version of mozilla. Does anybody know what I need to do instead? I don't want to static position the table, I would like it to be centered. This problem has plagued me, I have solved it, and then I have forgotten how I solved it and had it plague me again. I am pretty sure that the workaround* is to use div style=margin-left: auto; margin-right: auto; table ... . . . /table /div But YMMV since I can't remember for sure. text-align only applies to text. Erik * I find it ironic that workarounds in CSS are sometimes necessary, since one of the reasons people sometimes use CSS is to avoid misusing tables for composing a design in HTML, which was itself a workaround for the limitations of HTML. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Slide request; hello; adventures in the RMI
Some of you may remember me, some won't. I'm Randy Edwards, an occasional GNHLUG member and/or lurker. Here's something that'll be a bit out of the ordinary for this list... A while ago I took what I thought would be an interesting and challenging (and low-paying:-) job; I became the Director of Technology of the College of the Marshall Islands (CMI). CMI is the main source of higher education for the Republic of the Marshall Islands (RMI), a developing country about a four-to-five hour jet flight west-southwest of Hawaii (GMT +12). One of the reasons I took this job was the possibility of implementing a great deal of change in a short amount of time. Another attraction was a potential to use GNU/Linux in a widespread way. Since I arrived, I've learned a whole lot about high tech in the third world; I encountered things I never dreamed of when I was back in the states. For example, in twenty-plus years of working with computers in the US, I never saw a computer and gecko fry because the gecko stepped on the wrong spot on a circuit board while trying to keep warm. :-) I knew the power here would be shaky -- I was told it goes out fairly frequently (a couple of times a month for a half-day, usually). What I didn't expect was the extent of the problems of surges. The power here routinely fluctuates between 60 and 160 volts, all within seconds. Computers don't like that. :-) UPSs abound here at CMI, and yet their batteries last nowhere near as long as they should, due probably to the humidity and salt air (and the power quality). The salt air was something I was totally oblivious to. After a year or two, a machine in this environment looks like you poured acid over the power supply's fan outlet. It's amazing. Other than an odd case that sat for years in someone's damp basement, I never saw a case actually *rust* in the US. Here it's routine. I'm thinking if they get 3 years out of a machine here they've more than got their money's worth. The environment here -- 80-83 degrees, yet fairly humid and very salty -- is brutal. CMI and the RMI are like a lot of countries. *Everything* is pirated. Note the emphasis -- *everything*! I'm located on Majuro atoll, which is the gov'tal and main business hub of the RMI. There's about 40-odd thousand people here. Basically all software on this island is pirated. Someone will buy a new computer or buy one copy of software, and within a week it's all over the island. But it's not just software. All intellectual monopolies are ignored. The local cable company shows VCR and DVD movies on various channels. Each day they put in a different movie, run it constantly, and they'll put in a different movie tomorrow. It's just part of your basic cable service. This flagant piracy makes a sell for Linux much tougher -- there is no license cost benefit for using Linux. And I've had lawyers on this island tell me that piracy doesn't matter because the RMI doesn't have any copyright law(s). (Obviously, they've never had to *support* all that software!:-) Still, Linux has advantages. Open source code is an attraction. The RMI dreams of having a slice of the global information society's economic pie, but it's unrealistic because I'm literally the most knowledgeable IT/computer guy in the country and I know how stupid I am. :-) There is light years for the RMI to travel before they're ready to even run their own call center, let alone compete with Indian companies for programming contracts. Still, they dream... Linux's multilingual abilities attract some. Needless to say, Windows isn't available in Marshallese, but if someone got ambitious, Linux and/or OpenOffice could be. But overall, I think Linux's single biggest attraction in this environment is its flexibility. I used to tell people in talks in the US that Linux would run on mainframes to Macs to get this idea across. One problem I see all over these tiny islands in the Pacific is the lack of skilled people -- engineer-types is what we'd call them in the US. Like all organizations, the Pacific islands have more than their share of outdated and/or clueless managers. And they've got an oversupply of the hobbyist-turned-techie types -- the low level techs. But seriously skilled people -- what I'm calling engineer-types -- are in very, very short supply. For example, the RMI gov't doesn't employ *one* IT person. If a machine goes down and the end-user can't figure out what the problem is, they just throw it away and buy another one. Amazing. (I've got my CMI techs collecting those throw-aways; but with less than 100 machines in the Parliament building's LAN, there isn't a ton of these throw-aways, darn it. :-) And engineers are in short supply in all areas, not just IT. Whether it's the phone company, or the power company, or the local car dealership, it's all the same. Good techs are