Re: [LUAU] Intel Doubles Down on Linux
On Jul 27, 2005, at 1:07 AM, Jimen Ching wrote: On Tue, 26 Jul 2005, Eric Hattemer wrote: What I'd say sucks more than applications, more than vague issues with low level protocol stuff and how XYZ is missing, is that X11 seems slow. Really slow. *Groan* I've seen these complaint threads a thousand times. And those threads usually mention just as many causes for the slowness. My recommendation is to do a search on google to see if someone else has the same problem. In many cases (not all cases), the cause isn't the X server, or the X protocol, or even the video card. And before Jim responds with a 50 page lecture of X performance; yes I am aware of cases where some operations in the X server are slow, and the X protocol may be part of the problem. 50 pages? Thats my writing assignment? *Groan*! :-) Turns out, Mr. Packard has already written it. http://keithp.com/ ~keithp/talks/usenix2003/html/net.html This is a nice summary of whats up in the world of X11: http:// www.alkemio.org/wordpress/x-terminology/ jim
Re: [LUAU] Intel Doubles Down on Linux
On Jul 27, 2005, at 12:47 AM, Jimen Ching wrote: On Tue, 26 Jul 2005, Jim Thompson wrote: However, the protocol, the thing that defines X11, unfortunately, is broken for many interesting imaging applications. This was really in response to Wayne's cheerleading on X.org's recent moves. If X is to survive, I'm afraid we'll need X12 (a protocol rev) built around new graphics primitives. I think Wayne's point is that X.org is providing a 'good enough' solution for the majority of its users. X.org forked the server and managed to make the politics go away. Kicking Packard to the curb was a huge mistake on the part of whatever group (@ XFree86) did it. Restricting the license (to be GPL-incompatible, and therefre open, but not *free*) was fatal to XFree86. (http://yro.slashdot.org/article.pl?sid=04/02/18/131223) But the real damage is that, at the end of the day, the entire XFree86 team was no match for the combination of Gettys and Packard. (Yes, other people helped, but these two are (still) the core of X11.) And it is improving at an acceptable rate. When I say majority, I'm talking about those who are just looking for a good web browser, mail user agent and word processor. Most of these people don't need a wiz-bang render engine. True, but they don't need x11, either. For the things that X is good at, it's doing a fine job. There are always room for improvements, and when those improvements arrive, the group that brought it about should be praised. I think, ultimately, that's what Wayne was trying to do. And isn't that the FOSS way? Sure. Heck, for the things I (used) to use X for, (emacs and xterms) it does fine, great even. I'm one of those throwbacks who will run windowmaker with no KDE or Gnome anywhere in sight. But I've been using X (X6) since my days at UNLV and BYU, and later X10 and X11 at Convex, Sun, etc. Various boxes that I own still run it, but none are my primary desktop these days. Its ok... but you still have to fsck with it too much. jim
[LUAU] Everybody Loves (Eric) Raymond
Funny as Hell! Jim-Bob gives it two thumbs up! http://geekz.co.uk/lovesraymond/
[LUAU] ESR... dear God, what are you thinking?
http://www.onlamp.com/pub/a/onlamp/2005/06/30/esr_interview.html
Re: [LUAU] Everybody Loves (Eric) Raymond
http://spinster.org/photos/als/20.html more so than most. Tim Newsham http://www.lava.net/~newsham/
[LUAU] Handling Brute Force Attacks
Slashdot recently referenced a good article about the growing number of Brute Force Attacks against ssh http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/ Night after night my server is one whose logs fill with thousands of lines like these: Security Events =-=-=-=-=-=-=-= Jul 27 03:02:07 debby sshd[19964]: Failed password for illegal user daisy from :::217.106.234.86 port 36812 ssh2 Jul 27 03:02:09 debby sshd[20058]: Failed password for illegal user dorina from :::217.106.234.86 port 36912 ssh2 Jul 27 03:02:11 debby sshd[20143]: Failed password for illegal user marian from :::217.106.234.86 port 37011 ssh2 Jul 27 03:02:14 debby sshd[20195]: Failed password for illegal user juan from :::217.106.234.86 port 37114 ssh2 Jul 27 03:02:16 debby sshd[20243]: Failed password for illegal user don from :::217.106.234.86 port 37212 ssh2 I don't allow Root logins and I only allow trusted users. How are others handling this? Do you block the IP address? If so, does it help, or are you still found by yet another zombie? Any suggestions or insight are welcome. --scott
Re: [LUAU] Everybody Loves (Eric) Raymond
I don't know many chics who'd be willing to suck face with the human incarnation of Bill the Cat. And here I thought it'd be about the tee vee show, darn. -Charles Tim Newsham wrote: http://spinster.org/photos/als/20.html more so than most. Tim Newsham http://www.lava.net/~newsham/
Re: [LUAU] Handling Brute Force Attacks
On Jul 27, 2005, at 11:29 AM, R. Scott Belford wrote: Slashdot recently referenced a good article about the growing number of Brute Force Attacks against ssh http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force% 20Attacks/ Night after night my server is one whose logs fill with thousands of lines like these: Security Events =-=-=-=-=-=-=-= Jul 27 03:02:07 debby sshd[19964]: Failed password for illegal user daisy from :::217.106.234.86 port 36812 ssh2 Jul 27 03:02:09 debby sshd[20058]: Failed password for illegal user dorina from :::217.106.234.86 port 36912 ssh2 Jul 27 03:02:11 debby sshd[20143]: Failed password for illegal user marian from :::217.106.234.86 port 37011 ssh2 Jul 27 03:02:14 debby sshd[20195]: Failed password for illegal user juan from :::217.106.234.86 port 37114 ssh2 Jul 27 03:02:16 debby sshd[20243]: Failed password for illegal user don from :::217.106.234.86 port 37212 ssh2 Since the beginning of July we've turned away nearly 5500 of these, and 16 more attempts that resulted in Did not receive identification string from IP.AD.DR.ESS its been going on for at least a year, possibly longer. (I'm trying to forget all that came before Hawaii.) Here are the most popular names they try (and the number of times they've tried them): 368 admin 125 user 87 administrator 37 test 32 guest 29 adm 22 account 21 info 17 oracle 17 abuse 17 aaron 16 tomcat 15 webadmin 14 pgsql 14 adachi 14 abe 14 a4 13 michael 13 fax 12 sales 12 mike 12 george 12 cyrus 12 angel 12 admins 11 web 11 richard 11 cary 10 webmaster 10 rpm 10 nicole I don't allow Root logins and I only allow trusted users. You could turn off password authentication. (Its what I do. A bit more admin headache up-front, but most people love not having to remember passwords. It does, however, open you a bit to *their* security practices (but so do passwords). How are others handling this? Do you block the IP address? If so, does it help, or are you still found by yet another zombie? Any suggestions or insight are welcome. Some advocate dynamic port knocking: http://www.security.org.sg/code/ portknock1.html Some don't: http://software.newsforge.com/software/ 04/08/02/1954253.shtml You can auto-blacklist as well: http://www.pettingers.org/code/ sshblack.html Jim
Re: [LUAU] Intel Doubles Down on Linux
Jimen Ching wrote: As for 'accelerated' drivers; I recommend taking those comments with a large grain of salt. At work, a vendor says the video card and the driver they provided were 'accelerated'. But we found otherwise during regular use... I think we are getting into the core of this subject. Writing a device driver ( advertising it as such) is easy. But writing an optimized driver for a device that's worth hundreds of millions of dollars (as in the case of nVidia's accelerated video cards), is not. It was not until very recently that I decided that there are enough benefits to switch from nv to nvidia driver for my nVidia FX 5200 cards. Everytime I heard complaints about how stupid/backward X is, I always ask the instigator, whoever s/he is, to look at the Linux/UNIX version of Abode Reader 7.0 vis-a-vis the Windows version (though I never did this in a public forum). The point is not to prod how great X is (am I going to kid myself?) but how far X has progressed and how intimate the gap can be narrowed if enough sources are devoted to improving an X app. For a matured program running on a desktop machine (meaning that the app does all you want to do and you are familiar with how the app operates), as far as user experience is concerned, driver is everything. In the past, at least on the x86 side, device providers (most of them are based in Taiwan), either (1) don't know/care about the Linux kernel, (2) don't have any control/influence over how Linux kernel is developed, (3) don't give a damn about Linux driver or assign the job to entry-level employees, or, most likely, (4) all of the above. Intel's move (to double down on Linux), if true, will eventually elevate the status of certain (i.e., Intel-made) Linux device drivers to that of Windows, thus opening up an opportunity for Linux to be acceptably considered in the desktop arena. ( Intel Inside will no longer mean Idiot Inside.) But how should the Taiwanese periphery device makers respond to Intel's move, is something their top execs should be deeply concerned about. (A case in point: Intel's Centrino chipset has pretty much driven Taiwanese chipset makers out of the NB business.) Wayne
Re: [LUAU] Intel Doubles Down on Linux
It was not until very recently that I decided that there are enough benefits to switch from nv to nvidia driver for my nVidia FX 5200 cards. I failed to mention that it took nVidia (market ~$5B) more than a dozen iterations ( more than a couple of years, assisted by a very active community in nvnews.net) to reach today's status (1.0-7667). Wayne
Re: [LUAU] Handling Brute Force Attacks
I use DenyHosts What is DenyHosts? DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks. If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system? http://denyhosts.sourceforge.net/ When I take action I'm not going to fire a $2 million missile at a $10 empty tent and hit a camel in the butt.-- President of the United States, George W. Bush. - Original Message - From: R. Scott Belford [EMAIL PROTECTED] Date: Wednesday, July 27, 2005 8:29 am Subject: [LUAU] Handling Brute Force Attacks Slashdot recently referenced a good article about the growing number of Brute Force Attacks against ssh http://www.whitedust.net/article/27/Recent%20SSH%20Brute- Force%20Attacks/ Night after night my server is one whose logs fill with thousands of lines like these: Security Events =-=-=-=-=-=-=-= Jul 27 03:02:07 debby sshd[19964]: Failed password for illegal user daisy from :::217.106.234.86 port 36812 ssh2 Jul 27 03:02:09 debby sshd[20058]: Failed password for illegal user dorina from :::217.106.234.86 port 36912 ssh2 Jul 27 03:02:11 debby sshd[20143]: Failed password for illegal user marian from :::217.106.234.86 port 37011 ssh2 Jul 27 03:02:14 debby sshd[20195]: Failed password for illegal user juan from :::217.106.234.86 port 37114 ssh2 Jul 27 03:02:16 debby sshd[20243]: Failed password for illegal user don from :::217.106.234.86 port 37212 ssh2 I don't allow Root logins and I only allow trusted users. How are others handling this? Do you block the IP address? If so, does it help, or are you still found by yet another zombie? Any suggestions or insight are welcome. --scott ___ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
Re: [LUAU] Intel Doubles Down on Linux
On Jul 27, 2005, at 12:47 PM, Hawaii Linux Institute wrote: Jimen Ching wrote: As for 'accelerated' drivers; I recommend taking those comments with a large grain of salt. At work, a vendor says the video card and the driver they provided were 'accelerated'. But we found otherwise during regular use... I think we are getting into the core of this subject. Writing a device driver ( advertising it as such) is easy. But writing an optimized driver for a device that's worth hundreds of millions of dollars (as in the case of nVidia's accelerated video cards), is not. It was not until very recently that I decided that there are enough benefits to switch from nv to nvidia driver for my nVidia FX 5200 cards. The issue with nVidia isn't so much complexity as obscurity. Few outside nVidia grok the GPU pipeline of the nVidia cards, and these are likely all under NDA, which obviates any open source (or *free*) drivers for these chipsets. nVidia isn't alone in this regard, either. Everytime I heard complaints about how stupid/backward X is, I always ask the instigator, whoever s/he is, to look at the Linux/ UNIX version of Abode Reader 7.0 vis-a-vis the Windows version (though I never did this in a public forum). The point is not to prod how great X is (am I going to kid myself?) but how far X has progressed and how intimate the gap can be narrowed if enough sources are devoted to improving an X app. Cramming PS (or PDF) onto a page isn't that big a deal. If you're talking level of polish/finish, then thats up to the programmer and designer.I'd beat the point about imaging apps and the future of X .vs Windows (Avalon) and MacOS (Quartz Composer), but that horse is dead, or at least lying in the ditch. For a matured program running on a desktop machine (meaning that the app does all you want to do and you are familiar with how the app operates), (and its stable) as far as user experience is concerned, driver is everything. Uh the driver can't overcome a poorly-coded app, and its EZ (or at least straight-forward) to code an app that will perform quite poorly on any platform. In the past, at least on the x86 side, device providers (most of them are based in Taiwan), nVidia's GPU software developers are mostly in Canada. either (1) don't know/care about the Linux kernel, (2) don't have any control/influence over how Linux kernel is developed, (3) don't give a damn about Linux driver or assign the job to entry-level employees, or, most likely, (4) all of the above. Intel's move (to double down on Linux), if true, will eventually elevate the status of certain (i.e., Intel-made) Linux device drivers to that of Windows, thus opening up an opportunity for Linux to be acceptably considered in the desktop arena. Other vendors support their chipsets, and that hasn't made Desktop linux succeed. There are a plethora of issues with desktop linux for the mainstream. i doubt that Intel fixes even half of them. ( Intel Inside will no longer mean Idiot Inside.) But how should the Taiwanese periphery device makers respond to Intel's move, is something their top execs should be deeply concerned about. (A case in point: Intel's Centrino chipset has pretty much driven Taiwanese chipset makers out of the NB business.) Hardly. Nearly every major laptop vendor (Dell, IBM, HP, etc) offers a non-centrino notebook. All but Dell offer AMD powered notebooks, and these can't be Centrino, either. In any case, Centrino isn't a chipset, its a branding strategy. Unless you take all the specified Intel silicon content, you can't slap the Centrino brand on your notebook. Specificly, you need to have a Pentium M processor, Intel's 855GME GPU (Centrino) or 915GME (Sonoma, which is required for Centrino II) and Pro/Wireless Network). Intel would *love* to have you believe that Centrino is a chipset, but its just not true. Check these out: http://blogs.zdnet.com/BTL/?p=1584 http://blogs.zdnet.com/BTL/?p=1557 In any case, actions speak louder than words, and Intel hasn't been that supportive of linux (wrt Centrino) in the past. Intel took well over a year after the initial Centrino launch to release even preliminary linux support for Centrino notebooks. Intel also backed out of a commitment to have Michael Robertson (of lindows) on the original Centrino roadshow. jim
[LUAU] swap ram?
So I upgraded some ram in one of my laptops and now have an extra 256M notebook 200-pin 333mhz ram module. Of course the only other machine I have that might have been able to use it in takes 144-pin notebook 100mhz ram modules. Anyone wanna trade? If I get no takers I'll probably just give it to whoever wants to pick it up (its only worth about $30 new). Btw, I have an unused Epson stylus color 777 printer here. When I bought it at Fry's it cost little more than the ink cartridges (which is around $20-$30 I think). Its currently out of ink but I believe it still works. Does HOSEF take printers? If not, whoever wants it and will pick it up can have it. Tim Newsham http://www.lava.net/~newsham/
[LUAU] unfixable x86 floating point damage
http://www.artima.com/forums/flat.jsp?forum=121thread=120987 Its even EZ to test with gcc. 'gonzo' is a Powerbook (10.4.2) . 'gentoo' is a P3 box (linux): gonzo:~ jim$ cat tt.c #include math.h #include stdio.h int main(int argc, char** argv) { double d = M_PI; printf(sin(PI) is %.16le\n, sin(d)); d = M_PI_4; printf(sin(PI/4) is %.16le\n, sin(d)); } gonzo:~ jim$ gcc tt.c gonzo:~ jim$ ./a.out sin(PI) is 1.2246467991473532e-16 sin(PI/4) is 7.0710678118654757e-01 gonzo:~ jim$ scp tt.c gentoo.netgate.com: tt.c 100% 196 0.2KB/s 00:00 gonzo:~ jim$ ssh gentoo.netgate.com Last login: Tue Jul 26 17:24:51 2005 from ip68-108-69-127.lv.lv.cox.net --- its Vegas, baby! /usr/jim gcc tt.c -lm /usr/jim ./a.out sin(PI) is 1.2246063538223773e-16 sin(PI/4) is 7.0710678118654746e-01
[LUAU] FYA: Suicidal linux
http://www.defcon.org/html/defcon-13/dc13-speakers.html (Search for Potter.) [...] No, not the standard issue OpenBSD is uber secure, Windows sucks discussion. Rather, I've been focusing on the long term impact of each of these operating systems on the security of enterprise networks and the Internet as a whole. Any reasonable tech geek can be trained to lock down a host. Give them a checklist and some procedures and lock it down and *boom* a secure host. However, while that host may be secure today, what are the differences in long term security between the major operating systems. As it turns out, a lot of the long term security issues revolve around the development method used to develop the OS. Windows is designed as one big systems, and to some extent the BSD's are as well. But Linux... Linux is designed with duct tape in mind. Linux distros are held together with spit and tape, and the ramifications on security are dire. I've been gathering data from mail lists, looking at code, and talking to people running big systems in an attempt to figure out how bad things really are. I'm sure many of you will find this talk inflammatory, and that's a good thing. Knowing is half the battle even if you don't want to hear it.
[LUAU] SuSE 9.3
When will Vince the Great add SuSE 9.3 iso's to our local mirror? :-) Wayne