Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • I commented above that the thing installed by default to run software which I know to be vulnerable. I was able to get the network interface up though I'm not exactly sure how. Bringing the interface up from the console rather than letting the rc.d scripts and the installer's work do it was part of it. So, now it's time to patch. MacOSX, Windows, and various Linux distros have little daemons that run that check the vendor site for critical patches and either install them automatically or nag you to agree to install them. Let's see how Sun does it.

    System is vulnerable; I know it's vulnerable; it doesn't seem to know that, however. No daemon is writing to any log that I can see giving me instructions. The man pages are beyond useless (actively depressing) as already discussed. So I head to sun.com, drill down to "products", then "software", then "operating systems" (I shit you not) wading through glorious banners of their deal with Microsoft (everyone seems to want to, no one survives... half the reason Sun is where they are today is they weren't falling all over themselves to deal with Microsoft when Microsoft announced NT and declared it would revolutionaize servers with its simple GUI interfaces and low price), and then off to the "solaris" area where I wade through a bunch more self-congradulating articles clogging up every page. There's a "support" tab that tries to sell me a subscript, then tries to sell a service plan, then (still scrolling down) tries to sell me developer expert assistance, then tries to sell me on "sun connection" which is reportedly "a Solaris life cycle management tool that allows customers to provision new systems, manager their updates and configuration changes, and eventually re-deploy systems for new purpose" -- thank God. I was afraid Sun was never going to write software to *allow* me to redeploy systems for new purposes. I've been sitting here like an asshole with 40 Sparc 5's 10's and 20's in the garage unable to repurpose them for lack of software. Oh, wait, the BSD dinks already did that for me. Right. Looking for software updates. I hate shrinkwrapped software for this. If I'd downloaded and installed Debian, it would be already ready already. Holy cow! Next item, about three screens down, under the heading of "Additional Programs & Reference Materials" is "Solaris 10 Patches" / "Access freely available Solaris 10 patches". By this point, looking at a subheading off a major heading a few pages down drilled half a dozen pages in, I'm really starting to get the feeling that Sun is far more interested in selling me stuff (namely service agreements, hardware, and bullshit) than helding anyone ever under any circumstances patch their system. Kudos to Microsoft for including a direct link to the patch utility from their homepage. At this rate, Sun is going to have to take lessons from Microsoft. I can't believe I'm writing this. Okay, so I click the tab, finally there. But wait. "SUNSOLVE LICENSE AGREEMENT". In order to even read about how to patch the system, I have to agree not to write any reviews of Solaris without permission. FUCK YOU, SUN! Too fucking late, for one. For another, FUCK YOU, SUN! Also, I have to agree not to ever save more than one copy for personal use only of documents in this section, and any software downloaded is licensed conditionally, not sold, so Sun can take their patches back at any time, without permission, if I do something like, say, write an unfavorable review about them. Suddenly I'm unsurprised Sun and Microsoft are signing deals. This sounds all too familiar. And after reading Solaris 10 marketing material on my way here, Sun wasted no time pillaging Linux for code, not that there's anything wrong with that, but now they have this super operating system with all this great GPL code in it and they're telling me that patches for it are licensed, not sold, and if the printer jams half way through printing a page and I clear it and it retries and 1.5 copies of a page come out, Sun will shut down my entire operation and make me wish I were never born -- "Sun may terminate this Agreement at any time, ... Upon termination, you must destroy all copies of Software and Information. That's in pretty stark contrast to Theo's "OpenBSD should be free for any purpose. You should be free to build a baby mulching machine with it if you choose". Suddenly the prospect of backporting security fixes to BSD/OS 4.1 sounds extremely compeling. So, for my next stunt, I'm going to open the firewall and put this pigfucker online and tell you how it goes. I'm expecting more Microsoft-wannabe results from that one. Stay tuned.

    -scott