davidkv - Slashdot User

Chroot in OpenSSH 62

Posted by ScuttleMonkey on Wednesday February 20, 2008 @02:48PM from the making-life-easier-always-my-goal dept.

bsdphx writes "OpenSSH developers Damien Miller and Markus Friedl have recently added a nifty feature to make life easier for admins. Now you can easily lock an SSH session into a chroot directory, restrict them to a built-in sftp server and apply these settings per user. And it's dead simple to do. If you need to allow semi-trusted people on your computers, then you want this bad!"

Submission + - Half of SCO's Accountants Quit (groklaw.net)

Submitted by

Groklaw Reader

on Monday September 17, 2007 @03:50PM

Groklaw Reader writes: "Apparently, SCO's lawyers were working overtime last Sunday, because they wrote a quick plea to the bankruptcy court for permission to hire accounting temps. Why? Approximately half of SCO's finance department has resigned or been fired. Two who resigned had over ten years of experience each. One can only assume that they know what's about to happen to SCO."

Submission + - Bluetooth done right in Linux! (fedoraproject.org)

Submitted by

Anonymous Coward

on Monday September 17, 2007 @01:10PM

Anonymous Coward writes: "Ever wanted to use your bluetooth phone, keyboard, mouse or other system in Linux but been frustrated by the fiddly set-up? Check this story for a screencast of bluetooth done right in Linux (Fedora), with information on how to take advantage of this in the up-coming Fedora 8 release."

Submission + - New iPod Checksum Cracked (kde.org) 1

Submitted by on Sunday September 16, 2007 @07:41PM

An anonymous reader writes: After 36 hours of reverse engineering, the method for producing the checksum on new iPods has been discovered.

Submission + - Best programming practices for Web developers 1

Submitted by Anonymous Coward on Saturday September 08, 2007 @12:59AM

An anonymous reader writes: Web pages have become a major functional component of the daily lives of millions of people; you, the Web developer, are in a position to make that part of everyone's lives better. Why not try using traditional computer programming and best practices of software engineering.

Submission + - ATI/AMD to Release Open Source Linux Drivers (wordpress.com)

Submitted by

psyopper

on Friday September 07, 2007 @11:18AM

psyopper writes: "According to Michael Larabel at Phoronix, AMD/ATI have announced that their latest fglrx driver, 8.41 is here, it works, it renders, it competes and is going open source. Directly from the announcement page:

"Rumors and speculations have been flying around for months about ATI/AMD opening up the source-code to their Linux display driver or providing their GPU specifications to community developers. This for the most part had started after Henri Richard's statement at the Red Hat Summit earlier this year. Well, those rumors can finally be put to rest. AMD will be providing NDA specifications, an open-source library, and there is a new open-source graphics driver as a result. AMD will continue producing a closed-source proprietary driver; however, they are opening the source-code to a critical library with accompanying GPU specifications for X.Org developers. To get the ball rolling, AMD is also funding the development of a new open-source R500/600 driver."

How well does it stack up, performance wise? The R600/HD2600 is dead on to Nvidia's 8600."

Submission + - MA Treasurer Arrested for 3 Peaches at Airport 2

Submitted by boot1780 on Friday September 07, 2007 @09:01AM

boot1780 writes: The treasurer for the state of Massachusetts announced that he and his family arrested by US Customs officials and "treated like criminals" on their way back from Italy due to three peaches in his daughter's carry-on bag. "It felt like we were being interrogated and found guilty without any process, no explanation, no rundown of our rights," he said. He was told he had to pay a $300 fine or spend a night and jail, but wasn't told that paying the fine waived any right he had to an appeal. Well, they nabbed the girl with the three peaches. Any word on Osama yet?

Submission + - Tor spoofed by malware emails (eff.org)

Submitted by

Shava Nerad

on Friday September 07, 2007 @07:30AM

Shava Nerad writes: "The Tor Project, a US non-profit organisation producing Internet
privacy software, is issuing an urgent warning about a spam email
being circulated as a fake promotion for their software.

The real Tor software provides privacy on the Internet to journalists,
bloggers and human rights activists all over the world. The spam email
promotes the virtues of the software, but then directs people to a
series of fake websites that contain malicious code that will attempt
to take over visiting machines, and the downloaded software is fake
and equally dangerous to run.

The real website is hosted at http://tor.eff.org/ and the Tor
software can be downloaded from there. Users are able to check that
they have received the official version by following the instructions
at: http://wiki.noreply.org/noreply/TheOnionRouter/Ver ifyingSignatures

Shava Nerad, Development Director for the Tor Project said, "I am
disgusted that criminals who want to recruit more machines for their
illegal activities should trade on our reputation for providing
privacy on the Internet. Fortunately we already have systems in place
so that people can verify that they are downloading the official
software. But this is a distraction from our work that we could do
without.""

Submission + - Smaller and more lightweight software is better?

Submitted by on Friday September 07, 2007 @01:20AM

An anonymous reader writes: I prefer software that takes as little hardrive space and RAM as possible. I can't stand bloated software like iTunes, as compared to Foobar or classic Winamp; or Windows Media Player, as compared to VLC or Media Player Classic. What are some of your favorite applications which are virtually bloat-free?

Submission + - Network Solutions new sleazy tactic?

Submitted by TheFoxMeister on Thursday September 06, 2007 @12:44AM

TheFoxMeister writes: I've recently tried to help two people transfer a few domain names away from Network Solutions to eNom and discovered that Network Solutions has devised a new (I think sleazy) way of denying the transfer of domains away from their service.

The transfer process for most TLDs requires that you get an Unlock Code (aka EPP Transfer Key) from the current registrar, have the current registrar disable the Transfer Lock, and you must make sure your e-mail address is valid for the WHOIS Administrative Contact for the domain (so that the approval e-mails can be received and reacted upon).

Having done all that, including updating the e-mail address, I submitted the transfers. Imagine my surprise when Network Solutions sent the following e-mail to both of my friends:

—
Dear Network Solutions® Customer,

We were unable to process the request to transfer (domain name removed for privacy) to another domain name service provider.

Specifically, the domain name registration was not eligible for transfer because:
The domain cannot be transferred to another registrar for a period of 60 days following a change in Primary Contact or WHOIS Admin Contact.

If you have any questions, please contact Customer Service at registrar@networksolutions..com.

Network Solutions is committed to delivering high quality services to meet your online needs. We hope to continue to serve you in the future.

Sincerely,

Network Solutions® Customer Support
—

Yes, they denied the transfer, and will continue to deny the transfer for another 60 days, because the Administrative Contact e-mail address was changed. What, can they do this? I checked the ICANN site, and found the following:

++++

http://www.icann.org/transfers/dnholder-faq-03nov0 4.htm

A registrar may legitimately deny a transfer request in certain limited circumstances, as follows:

* Evidence of fraud
* Uniform Domain-Name Dispute Resolution Policy (UDRP) action
* Court order
* Reasonable dispute over the identity of the person authorizing the transfer
* Domain name is on hold due to payment owed for a previous registration period
* Express written objection from the domain name holder
* Domain name is in Lock status (Registrars must provide a readily accessible and reasonable means for name holders to remove the lock status. Contact your registrar for assistance.)
* Domain name is within 60 days of initial registration
* Domain name is within 60 days of a previous transfer

Registrars are required to specify a reason when denying a transfer request. Contact either the current registrar or the registrar you wish to transfer to for assistance.

++++

As you can see, there is nothing here that would allow Network Solutions to deny a transfer, based solely on the customer editing their WHOIS contact details.

I opened up a ticket with Network Solutions to ask about this new tactic. They responded with "Due to the nature of your inquiry, we have escalated the issue to the Executive Team for further review and immediate attention. For your reference, the Service Request number for this inquiry is (snip). An Executive Specialist will be contacting you in 1 business day to help address and resolve the issue."

After one business day, no response. I asked again for assistance. They responded with "Regarding your inquiry, we sincerely apologize for any inconvenience. Please be advised that your issue is still being processed for resolution. It has been assigned the Service Request # (snip — same number as before). As soon as it is, you will be contacted at the soonest possible time to update you on any further developments. Your continued patience is highly appreciated. "

So, now they are not committing to any type of response. It's been 2.5 business days so far.

eNom has been no help either. They say they are investigating and will let me know if they find anything out.

I also contacted ICANN (via transfer-questions@icann.org), and after 2 business days I have not even received a courtesy reply.

I guess Network Solutions has succeeded in holding these domain names hostage for the next two months.

Submission + - You can not reverse-engineer our GPL-violations... 6

Submitted by

phorm

on Wednesday September 05, 2007 @06:17PM

phorm writes: "If appears that Monsoon Technology, the makers of the Hava media-transmission systems, don't quite understand the GPL. As some users pointed out in their forums, their systems appear to be based on Linux and various GPL'ed software, with the output of "strings" and other tests showing signs of running busybox and others. A monsoon spokesperson on the forum has indicated that they are aware it uses GPL'ed software, and are "working" on making source available, but at the same time are dropping various threats against supposed reverse-engineering of the software by those that determined the GPL violations.

A few snippets from the Monsoon rep include: I have a little secret to let you in on — HAVA runs Linux! Yes, much of the source is GPL and we should publish those sections which we have modified per the terms of GPL. A project is underway to pull this together. A couple of observations — some of you appear to be violating the terms of the End User License Agreement
You recognize and agree that the HAVA Software including its structure, source code and the design and structure of modules or programs, constitute valuable trade secrets owned by Snappymultimedia or its licensors. You will not copy or use the HAVA Software except as expressly permitted by this EULA and, specifically, you will not ...

(b) yourself or through any third party modify, reverse engineer, disassemble or decompile the HAVA Software in whole or part, except to the extent expressly permitted by applicable law, and then only after you have notified Snappymultimedia in writing of your intended activities; Seems to me that some of you have just come out blatantly admitting you are reverse engineering the firmware — or trying to. How should we handle this? As responses have indicated, the methods used to determine the violation do not seem to constitute reverse-engineering. Moreover, the initial friendliness of the rep is severely marred by the apparent hostility of the later message, as forum members have indicated. The overall message seems to be "we have not lived up to our obligations under the license of the software which we are using, but we'll get to it... sometime. Meanwhile, do not attempt to poke around our code yourself or things will get ugly."

The owners of BusyBox have been notified of this violation, however the response is still troubling. Is this the response we should come to expect as more and more commercial software uses and misuses GPL'ed components?"

Submission + - AMD Launches New ATI Linux Driver (phoronix.com) 1

Submitted by

Michael Larabel

on Wednesday September 05, 2007 @12:43AM

Michael Larabel writes: "AMD has issued a press release announcing "significant graphics performance and compatibility enhancements" on Linux. AMD will be delivering new ATI Linux drivers this year that offer ATI Radeon HD 2000 series support, AIGLX support (Beryl and Compiz!), and major performance improvements. At Phoronix we have been testing these new drivers internally for the past few weeks and have a number of articles looking at this new driver. The ATI 8.41 Linux driver delivers Linux gaming improvements from the R300/400 series and the R500 series. The inaugural Radeon HD 2900XT series support also can be found in the new ATI Linux driver with "the best price/performance ratio of any high-end graphics card under Linux." While this new driver cannot be downloaded yet, AMD has also eluded to accelerating efforts with the open-source community. Will AMD's announcement be enough to rectify their troubled Linux past?"

Submission + - ATI/AMD Announces Driver Breakthrough (phoronix.com)

Submitted by

schestowitz

on Wednesday September 05, 2007 @12:11AM

schestowitz writes: "AMD has just dropped the bomb when it announced a major driver breakthrough. To Linux users, the effect of this news is enormous. To gamers and to projects like Compiz-Fusion, this will be the end of a lot of trouble. Phoronix.com seems to have had some insider information because the site already boasts extensive benchmarks and detailed information. From one among five articles: 'Whether you are using a Radeon X300 purchased a few years ago or the Radeon X1950PRO, the 8.41 driver is noticeably faster. How much faster? In many cases it is about 50% faster while in some configurations it may go as high as 90% or more. In fact, in some benchmarks the Mobility Radeon X300 was over 10x faster!'"

Submission + - Sourcefire acquires Clamav (sourcefire.com)

Submitted by

alanxyzzy

on Friday August 17, 2007 @07:49AM

alanxyzzy writes: "http://permalink.gmane.org/gmane.comp.security.vir us.clamav.announce/97

On August 17, Sourcefire, the creators of Snort, acquired the ClamAV project. The full announcement is available here: http://www.sourcefire.com/products/clamav/

FAQ: http://www.clamav.net/support/sf-faq"

Submission + - Point and click Gmail hacking at Black Hat (tgdaily.com)

Submitted by

not5150

on Thursday August 02, 2007 @04:51PM

not5150 writes: "Using Gmail or most other webmail programs over an unsecured access points just got a bit more dangerous. At Black Hat, Robert Graham, CEO of errata security, showed how to capture and clone session cookies. He even hijacked a shocked attendee's Gmail account in the middle of his Black Hat speech."

Slashdot Top Deals