HIS Home Page

Just to add up to the list of recursive acronyms, here's HIS Internet Services ... (Reliability at the speed of light).

The Most Popular Free Signature on the Internet

vipersig.jpg (PNG Image, 345x99 pixels)

Security Report: Windows vs Linux | The Register

Security Report: Windows vs Linux | The Register: "Much ado has been made about whether or not Linux is truly more secure than Windows. We compared Windows vs. Linux by examining the following metrics in the 40 most recent patches/vulnerabilities listed for Microsoft Windows Server 2003 vs. Red Hat Enterprise Linux AS v.3:

1. The severity of security vulnerabilities, derived from the following metrics:
1. damage potential (how much damage is possible?)
2. exploitation potential (how easy is it to exploit?)
3. exposure potential (what kind of access is necessary to exploit the vulnerability?)
2. The number of critically severe vulnerabilities

The results were not unexpected. Even by Microsoft's subjective and flawed standards, fully 38% of the most recent patches address flaws that Microsoft ranks as Critical. Only 10% of Red Hat's patches and alerts address flaws of Critical severity. These results are easily demonstrated to be generous to Microsoft and arguably harsh with Red Hat, since the above results are based on Microsoft's ratings rather than our more stringent application of the security metrics. If we were to apply our own metrics, it would increase the number of Critical flaws in Windows Server 2003 to 50%.

We queried the United States Computer Emergency Readiness Team (CERT) database, and the CERT data confirms our conclusions by a more dramatic margin. When we queried the database to present results in order of severity from most critical to least critical, 39 of the first 40 entries in the CERT database for Windows are rated above the CERT threshold for a severe alert. Only three of the first 40 entries were above the threshold when we queried the database about Red Hat. When we queried the CERT database about Linux, only 6 of the first 40 entries were above the threshold.

Consider also that both the Red Hat and Linux lists include flaws in software that runs on Windows, which means these flaws apply to both Linux and Windows. None of the alerts associated with Windows affect software that runs on Linux.

So why have there been so many credible-sounding claims to the contrary, that Linux is actually less secure than Windows? There are glaring logical holes in the reasoning behind the conclusion that Linux is less secure. It takes only a little scrutiny to debunk the myths and logical errors behind the following oft-repeated axioms:

1. Windows only suffers so many attacks because there are more Windows installations than Linux, therefore Linux would be just as vulnerable if it had as many installations
2. Open source is inherently less secure because malicious hackers can find flaws more easily
3. There are more security alerts for Linux than for Windows, therefore Linux is less secure than Windows
4. There is a longer time between the discovery of a flaw and a patch for the flaw with Linux than with Windows

The error behind axioms 3 and 4 is that they ignore the most important metrics for measuring the relative security of one operating system vs. another. As you will see in our section on Realistic Security and Severity Metrics, measuring security by a single metric (such as how long it takes between the discovery of a flaw and a patch release) produces meaningless results.

Finally, we also include a brief overview of relevant conceptual differences between Windows and Linux, to offer an insight into why Windows tends to be more vulnerable to attacks at both server and desktop, and why Linux is inherently more secure."

Slashdot | Windows vs. Linux Security, Once More

Slashdot | Windows vs. Linux Security, Once More: "'The Register is running a very interesting article about Microsoft and Linux security. From the article: 'until now there has been no systematic and detailed effort to address Microsoft's major security bullet points in report form. In a new analysis published here, however, Nicholas Petreley sets out to correct this deficit, considering the claims one at a time in detail, and providing assessments backed by hard data. Petreley concludes that Microsoft's efforts to dispel Linux 'myths' are based largely on faulty reasoning and overly narrow statistical analysis.' The full report is available here in HTML form, and here in PDF. Although the article does make mention of OS X, it would have been nice if the 'other' OS had been included in the detailed analysis for comparison.'"

Lagro

Lagro 1
Originally uploaded by bloodpet.

In our House in Lagro, with my mom and dad carrying me.

Adopt a Blog: Support Free Speech

Adopt a Blog: Support Free Speech

Introduction

The Adopt a Blog project began in response to the second major blocking measure taken by the government of the People's Republic of China against blogging services. The first such measure was taken against Blogger's free Blogspot hosting service on January 8, 2003. That block is still in place today. The more recent block of Typepad blogs began on March 25, 2004, and is also still in effect.

The Adopt a Blog project is not a political agenda seeking to oppose the PRC or its policies. It is not confined to any particular country. It was founded strictly to uphold free speech, regardless of content. Its main idea is: we spread out our blogs, and when they block a blog, we move it elsewhere.

One of the reasons that blogs have been so easy to block is that their authors tend to use free services which keep many blogs together on one server. This works fine, until that server is blocked (as was the case with Blogspot and Typepad). If bloggers could all afford their own domain names hosted on different servers, blocking them all would become quite a headache for would-be blockers. Unfortunately, the expenses involved make that solution impractical.

Although the majority of bloggers use free hosting services, there are a large number of individuals that buy their own domains and pay for their own hosting. These individuals often use blogging clients such as Blogger or MovableType to maintain their websites. In many cases, these individuals are paying for way more space on the server than they actually use. Now consider that even a blog that has been going for 2 years, updated several times a week, containing some photos, in its entirety is not likely to take up as much as 10 MB of space online.

Blogging Frenzy

In preparation for the expiration of my flickr account, i'm going to blog most of my photos on different blogs. I'll blog as much as i can tonight.
Coffee, here i come.

Slashdot | Wearable LCD Display

PhysOrg reports, that Mitsubishi is going to introduce next year a headset with a small liquid-crystal display screen which is positioned in front, slightly below eye level so as not to obstruct normal vision. Designed for users who need to perform multiple tasks simultaneously, this tiny wearable heads-up display is expected to cost only US $400.

SDF Public Access UNIX System - Free Shell Account and Shell Access

Yey! Got another shell account for free.

I'll think about validating it. After all, it's just a dollar. Here are the instructions to validate it, just in case i forget:

Validating your account ensures our future! Please do it today.
Remember, you make SDF what it is. Without you, we wouldn't exist.

1) Get a stamped envelope, a sheet of paper and ONE US Dollar (or 5 EURO).
2) Write 'bloodpet' clearly in the upper left hand corner of the envelope.
3) Fold the donation inside a piece of paper and place inside the envelope.
OPTIONAL: Send TWO US Dollars/10 EURO & SASE for an SDF Bumper Sticker.
(a SASE is a self-addressed stamped envelope)

4) Seal and mail to:

SDF Public Access UNIX System
Post Office Box 1270
Bellevue WA 98009-1270 USA

For an immediate ONLINE membership via PAYPAL, type 'arpa'
To see a list of UNIX commands you can use *NOW*, type 'unix'
For more information why this helps SDF so much, type 'why'
US Military Personnel, please type 'mil'

Also, here's the intro from the site:

The Super Dimension Fortress is a networked community of free software
authors, teachers, students, researchers, hobbyists, enthusiasts and
the blind. It is operated as a federally recognised non-profit 501(c)(7)
and is supported and by its members.

Our mission is to provide remotely accessible computing facilities for
the advancement of public education, cultural enrichment, scientific
research and recreation. Members can interact electronically with each
other regardless of their location using passive or interactive forums.
Further purposes include the recreational exchange of information
concerning the Liberal and Fine Arts.

Members have UNIX shell access to games, email, usenet, chat, bboard,
webspace, gopherspace, programming utilities, archivers, browsers, and
more. The SDF community is made up of caring, highly skilled people who
operate behind the scenes to maintain a non-commercial INTERNET.

hide your email address from spam harvesters

From the site:

This is a very simple Server Side Includes method designed to prevent spammers from easily harvesting your valuable email addresses. It has been developed on Apache 1.3 but may work on other web servers. Once implemented, your email address is behind a click-through legal agreement. It is most effective with previously unpublished addresses. Already published addresses are being distributed via CD-ROM, but this may slow the spread of access to your valuable email address.

The Apache configuration is extremely simple, you only need the Server Side Includes module enabled (server-wide) and "Options IncludesNOEXEC" enabled for the specific directory. This may already be done for your web hosting space, search the web for more information on "Server Side Includes".

To link to this mechanism, simply create a URL in place of where you would put an email address. email My Name. Notice that the name is URL encoded.

This script / method / example is provided "as-is" with no guarantee or warranty of any kind. By using, you assume all liability for the performance or failure of this example.

Dream of spit

Last night, i was dreaming of people spitting on me.
Waking up, it felt as though people slobbered all over me. It felt real, and i had a strong urge to take a bath twice.

Dagitab

Dagitab == Kuryente