Forgot your password?
typodupeerror
Security Linux

First Botnet of Linux Web Servers Discovered 254

Posted by kdawson
from the shields-up dept.
The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware. "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"
This discussion has been archived. No new comments can be posted.

First Botnet of Linux Web Servers Discovered

Comments Filter:
  • by Kjella (173770) on Saturday September 12, 2009 @02:18PM (#29399807) Homepage

    Just waiting for the flamefest here of Linux vs Windows botnets.

    • by symbolset (646467) on Saturday September 12, 2009 @02:31PM (#29399905) Journal

      Just waiting for the flamefest here of Linux vs Windows botnets.

      OK, I'll start. Linux webservers are so lame they don't even include the facility [slashdot.org] for users to disable them remotely in case of malware distribution.

    • by easyTree (1042254) on Saturday September 12, 2009 @02:32PM (#29399913)

      Just waiting for the flamefest here of Linux vs Windows botnets.

      It's nice to see Lo0niX has advanced to the point where it can now successfully run botnet software. I'll bet there's no gui though. I'm not up on linux commands so don't laugh but I'll wager it's something like:
        * apt get b0tnet -s -x9 -secret -warez -pr0n -infectWindows=1 -p

      Rather than the point-and-click convenience you'd expect on windows.

      Maybe games are next? Quake-n for linux would be nice.

      How's that? :D

      • by LaskoVortex (1153471) on Saturday September 12, 2009 @02:36PM (#29399945)

        Rather than the point-and-click convenience you'd expect on windows.

        It's not that easy on MS windows. After you click the link to the tennis player nudie pix, your machine locks up. Then you have to *hard reboot* (without the help of the blue screen to let you know your computer crashed). Only after you hard reboot, usually by pulling the power cord all the way out, can you run the botnet software.

        Windows really isn't as user friendly for botnets as everyone thinks it is. I hope 7 does better.

        • by Anpheus (908711) on Saturday September 12, 2009 @03:32PM (#29400373)

          As a user of Windows 7, I found it exceedingly helpful. I was pleased when Clippy popped up and said, "It looks like you're trying to infect your computer, do you want some help?" At which point Clippy showed me how to use Aero Shake(tm) to get rid of all the distracting popups that would divert me from trying to find the source of all malware. After I encountered a fork in the road, so to speak, Clippy demonstrated Aero Snap(tm) so I could compare the sites I was surfing side by side. At long last, I found truly good malware on a *stan website. Top level domain was for some country like Miyagistan. Thankfully, I bought Windows(tm) 7 Ultimate Edition(tm) and downloaded the appropriate language pack so the viruses I downloaded would be more at home.

          Running it was as easy as clicking on it and clicking "Continue." Ever since then I've been living in a peaceful coexist

      • by Kjella (173770) on Saturday September 12, 2009 @03:09PM (#29400183) Homepage

        Rather than the point-and-click convenience you'd expect on windows.

        Actually, they found Amazon had patented that so they had to go with the no-click experience. Got to respect corporate IP, you know.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        how droll.

        A real linux guy will do a subversion checkout of the bot and issue a

        make clean; make deps; make;

        Only n00bs use that Apt-get stuff...

      • Re: (Score:3, Interesting)

        by Darkk (1296127)

        Not entirely true about Linux server. When I build them I usually install Webmin which allows me to manage the server via web-gui. Yes I know if I were a real linux geek I'd do everything in command line but when there are times I can't remember the proper CLI sequence it's easier just use the web-gui.

        Recently I built a linux webserver with RAID 5 drives. I've read the docs on how to create a RAID 5 array but that took awhile. When I installed the raid 5 module into Webmin I did it in 5 mins. I've als

    • Re: (Score:3, Insightful)

      by the_womble (580291)

      Only an idiot would claim that servers being compromised because admins choose to send passwords over the internet in plain text proves anything about how secure the software running on those servers is.

      Ah.....OK, I expect LOTS of such claims.

      • by the_womble (580291) on Saturday September 12, 2009 @03:33PM (#29400375) Homepage Journal

        It also looks likely that the passwords were stolen from the admin's compromised windows desktops!

      • Re: (Score:3, Insightful)

        by node 3 (115640)

        Only an idiot would claim that servers being compromised because admins choose to send passwords over the internet in plain text proves anything about how secure the software running on those servers is.

        Unless it's a Windows web server. In that case, Administrator incompetence always proves how insecure Windows/IIS are.

      • by laughingcoyote (762272) <barghesthowl@NospAm.excite.com> on Saturday September 12, 2009 @04:49PM (#29400817) Journal

        Only an idiot would claim that servers being compromised because admins choose to send passwords over the internet in plain text proves anything about how secure the software running on those servers is.

        Ah.....OK, I expect LOTS of such claims.

        Realistically, that depends. Part of secure design is accounting for potential user errors. That's why it's a good practice to have the password, when typed, appear as "********" rather than "heythisismypasswordanyonewatching". A good designer would know many users aren't going to look around for someone casually shoulder surfing while typing a password, so they take a step to prevent it.

        Of course, no software developer can fully account for a malfunctioning behind keyboard processing unit. Idiots are even more persistent than crackers in finding new ways to circumvent security measures. However, it can to some degree mitigate its effects, through making things as secure as possible and warning the user if (s)he is about to do something that might compromise it.

      • Re: (Score:2, Interesting)

        by thejynxed (831517)

        There is the argument to be made that plain-text passwords should never be allowed to begin with, nevermind which platform, 3rd-party software, or hardware architecture that a system is comprised of.

        That being said, there could be just a wee tad bit of blame laid at the feet of the programmers of the software/hardware for allowing this to be possible in the first place.

        Hindsight is so useless :P

  • Dang. (Score:2, Funny)

    Awkward...
  • Linux (Score:5, Funny)

    by Anonymous Coward on Saturday September 12, 2009 @02:20PM (#29399823)
    It's ready for the botnet!
  • by tetsukaze (1635797) on Saturday September 12, 2009 @02:25PM (#29399853)
    We can blame our hate pet OS for all of the internet evil out there, but we need to remember one important thing: people are almost always the week link in security. If someone knows what they are doing, it is very hard to penetrate a linux server... or a windows server. There will always be those that can break through the best security, but there is a lot of low hanging fruit and not just on the windows tree.
    • by bjourne (1034822) on Saturday September 12, 2009 @04:00PM (#29400525) Homepage Journal
      Well, it seems that stupid people [lwn.net] actually [linux.com] *build* [theregister.co.uk] linux [wiggy.net] too [slashdot.org]!
    • Re: (Score:3, Interesting)

      by bbernard (930130)

      Absolutely! There's plenty of stupid to go around.

      1. Where was the firewall admin to prevent external systems from connecting to these webservers over port 8080?
      2. Why did the admins use insecure tools or insecure systems to allow their credentials to be sniffed?
      3. Where was the IDS/IPS to notice the sudden change in traffic?
      4. Where was the load balancer/reverse proxy to intecept this junk?
      5. Where was the routine review of logs to notice the dynamic DNS updates from computers with (presumably) stati

      • by mcrbids (148650) on Saturday September 12, 2009 @05:57PM (#29401203) Journal

        1. Where was the firewall admin to prevent external systems from connecting to these webservers over port 8080?
        2. Why did the admins use insecure tools or insecure systems to allow their credentials to be sniffed?
        3. Where was the IDS/IPS to notice the sudden change in traffic?
        4. Where was the load balancer/reverse proxy to intecept this junk?
        5. Where was the routine review of logs to notice the dynamic DNS updates from computers with (presumably) static DNS entries somewhere?
        6. Where was the periodic pen/vulnerability test against these systems?

        ...

        7) Where was the funding to pay for 1 through 6?

  • by Anonymous Coward on Saturday September 12, 2009 @02:26PM (#29399863)

    Does this mean Linux finally has reached a point of user friendliness equal to Windows?

  • What's new here? (Score:2, Insightful)

    by Anonymous Coward

    What's so special about this one that we haven't seen in the last 5 years? Linux or BSD systems have been durned into rogue IRC servers (for C&C purposes) for zombies all the time.

    Whether sweeps for vulnerable AWStats installations, badly configured PHP installations or archaic PHPBB installs, webservers are hammered with automated exploits all day. Maybe "DataCha0s 2.0" rings a bell for some.

  • by gmuslera (3436) on Saturday September 12, 2009 @02:28PM (#29399885) Homepage Journal
    "With about 100 nodes". The average windows botnet (at least the one that make into the news) have from hundreds of thousands to millons of nodes. Not sure how "automatic" was the creation of this botnet, or how much at risk are generic linux users. Considering how are installed some and how careful are some admins about "security", is not amazing that a few out there could be rooted.

    In fact, if those servers already had apache, and some old vulnerable web application that enables somewhat transfer and execute binaries, in no recently patched kernels 2.4+ there are ways to escalate priviledges and get root to install what is needed. But probably normal users using modern distributions or admins caring a little about security are safe.
    • by pikine (771084) on Saturday September 12, 2009 @02:50PM (#29400049) Journal
      The article speculated that, since the iframe code was injected to legitimate webpages using stolen FTP credentials, it may be that a few "root" credentials are obtained the same way. FTP credentials can be stolen by malware running on the client computer, for example a computer an admin uses to control the server, from well-known FTP client software.
    • by eln (21727) on Saturday September 12, 2009 @03:07PM (#29400167) Homepage
      A Windows machine being run by someone who cares about security and updates it regularly won't end up in a botnet either, so I'm not sure what your point is.
    • by rohan972 (880586) on Saturday September 12, 2009 @03:18PM (#29400277)

      "With about 100 nodes". The average windows botnet (at least the one that make into the news) have from hundreds of thousands to millons of nodes.

      That's irrelevant. A linux botnet would be so much more productive than a windows botnet that you don't need nearly as many nodes.<\straightface>

    • Re: (Score:3, Interesting)

      by CAIMLAS (41445)

      Really, this is a pretty trivial "jump" from the normal way of things.

      You've got manually installed rootkits, and most of them have C&C tools. How is this much different, other than optimizing the C&C mechanisms? There's nothing here to suggest this is anything "new": the mechanisms, whatever used, still appear to be tightly constrained to "manual rootboxing" - a time consuming process compared to a "real" automated botnet.

      All evidence points to this being more of someone's "pet" botnet than it does

    • by mcrbids (148650) on Saturday September 12, 2009 @05:04PM (#29400893) Journal

      Back around 2001, I found a "botnet" comprising a perl script that ran on websites. Because it ran as a child of Apache, it showed up as "http" in ps. It would log into an IRC server, and wait for commands which appeared to be little more than arbitrary bash commands that were shelled out.

      Bone-headedly simple. Ran well on any unix website host running perl scripts, installed via an insecure formmail.pl script. I penetrated the IRC network and watched for a few hours while the operator attacked a few hosts. There were some 50 hosts or so. Then I killed the script and updated all copies of formmail.pl hosted on the server...

      Is this new news?

      What's next? "Hammers can be used to smack things, even if they aren't nails." !?!?!

      Truth is this: no operating system is 100% secure. But this "botnet" isn't necessarily even a compromise of the Operating System! Port 8080 is above 1024, so non-root controlled processes can open sockets there. This may be nothing more than something like the perl script I mentioned and having nothing to do with the Operating System in question. The server wasn't compromised, just a bad script was running that had to be deleted, then killed with an Apache restart.

      Given the parameters I just mentioned, there isn't an Operating System around that would stop this from happening. It's just that the "Mom's basement" fanbois get all riled up because it's gospel that Linux is immune to $allBadThings.

  • Reporters Fail (Score:5, Informative)

    by 99BottlesOfBeerInMyF (813746) on Saturday September 12, 2009 @02:34PM (#29399925)

    The only part of this article that is news is the part that is incorrect. Botnets of Windows machines often have compromised Linux servers working as a control channel or update channel. It is not at all unusual. What would be unusual would be for a worm or virus to actually compromise Linux machines in an automated fashion and make them bots. That does not seem to be what has happened here as the Linux systems seem to have been manually hacked in a normal, directed attack.

    Basicaly, nothing new or newsworthy happened here, except someone mistakenly referred to the compromised Linux servers as bots.

    • Basicaly, nothing new or newsworthy happened here, except someone mistakenly referred to the compromised Linux servers as bots.

      Well, you are assuming that calling a machine a bot is dependent on the fact it was infected. In many ways a bot is any machine that is doing the bidding of the people in control, no matter how control was achieved. Now whether the machine was 'infected' or 'hacked' is a different matter.

      • Re:Reporters Fail (Score:4, Interesting)

        by 99BottlesOfBeerInMyF (813746) on Saturday September 12, 2009 @02:58PM (#29400103)

        Well, you are assuming that calling a machine a bot is dependent on the fact it was infected.

        Not really. Calling a machine a bot or zombie is generally an indication that they are the regular "peon" part of a botnet. I mean technically the control channel and update channel and the terminals machines the operator is using are part of the botnet. They just are not generally referred to as bots because they are part of the system doing the controlling instead of being the end systems used to launch attacks.

        My main point was, the summary and title here led readers who use the specific terms one way to think that is what was happening. The comments from researchers led people to think that. That is why this was news. It's not news to discover Linux systems hacked by hand are being used to control Windows bots, because that happens all the time and is, perhaps, the most common kind of botnet.

        • Re: (Score:3, Insightful)

          by Aladrin (926209)

          'Botnet' has never meant 'auto-infected' and if they assumed that, they were careless. The summary makes no attempt to fool them into thinking anything other than the facts.

          Besides which, at this point, we don't -know- how it spreads. We just know that it exists... Which to me, is news.

          • Re: (Score:3, Informative)

            by c6gunner (950153)

            We just know that it exists... Which to me, is news.

            It shouldn't be. Or, at least the general concept shouldn't be. The original IRC bots were written to run on *nix, because they were meant to be used for channel control/moderation, and so needed to run on an always-on server. Which usually meant a shell account on a linux or BSD machine. Small channels only employed one bot, but larger ones used several working in tandem. So, really, the earliest bot-nets were all *nix based - they just weren't malic

          • Re: (Score:3, Interesting)

            'Botnet' has never meant 'auto-infected' and if they assumed that, they were careless.

            No, botnet means a network of computers auto controlled, but in general when you describe a botnet, especially referring to the OS, you refer to the OS of the bots, which make up the majority, not the OS of the select few control channel systems.

            The summary makes no attempt to fool them into thinking anything other than the facts.

            The title was, "First Botnet of Linux Web Servers Discovered". It didn't say first botnet of Windows machines controlled by ten Linux Webservers. It isn't the first botnet that includes Linux Web servers, those are actually quite common. Thus the average person who

    • Re:Reporters Fail (Score:5, Insightful)

      by burnin1965 (535071) on Saturday September 12, 2009 @04:29PM (#29400673) Homepage

      It is not at all unusual. What would be unusual would be for a worm or virus to actually compromise Linux machines in an automated fashion and make them bots.

      There is a continuous flood of SSH brute force attacks on any *nix machine connected to the internet. All one has to do is monitor their log files for verification.

      They are not even sophisticated attacks, they are attempting to login using lame passwords, i.e. after watching the attacks for awhile I set up a box to see what they were doing and created a user name test with the password test based on the fact I could see them using test as one of the users for the attack and suspecting it was a dumb password attack.

      It wasn't long before the system was "compromised" and likely recorded on the other end as a successful attack. Several hours later the account was again accessed and various applications downloaded and executed as the test user. One of these applications connected to the EFNET IRC network and joined a channel.

      Using another system I connected to the IRC network in way I thought would be inconspicuous and monitored what was happening. Sure enough there were two individuals chatting it up in the channel and sending commands to hundreds of compromised systems.

      While reviewing the various compromised systems I noted that they were all *nix machines of one type or another. This was a few years back so I believe you are correct in stating that this is nothing new. What would have been new is if a botnet like this was discovered to be from a real hack and not some lame password login scan.

      I don't have a problem with it being called a linux botnet, but until they can come up with an explanation for the means by which the systems were compromised, other than the likely lame password attacks, its not really news.

      • Re: (Score:2, Informative)

        by UnderLoK (552056)
        100% agree man, I was at ThePlanet and Rackshack and Rackspace before that and at each one of those hosts it was a constant to have tons of boxes on your network brute forcing because they had already been rooted. Granted this wasn't just brute force, they would often exploit holes in SSH, Apache (being the most common I would say), and similar services. I find this article suspect because I know full well these boxes (mine too at one point) were part of choreographed DOS attacks perptrated by an individua
  • by KDingo (944605) on Saturday September 12, 2009 @02:52PM (#29400063)

    If your customers put up vulnerable software on your shared, dedicated, or virtual hosting service and they don't update it or you don't detect it, someone's going to find it and exploit it.

    Had something similar happen to my me. If you're monitoring server load, a webserver sending spam will definitely raise an alarm. As for services on odd ports, block everything except the real ports. Blocking outgoing traffic on IRC ports helps too in minimizing damage. The script kids are already making use of the recent Linux local root exploit (wunderbar_emporium) so make sure you do some yum updates!

  • nginx? (Score:5, Funny)

    by Anonymous Coward on Saturday September 12, 2009 @02:57PM (#29400091)

    nginx, so that's what the worm is called? I'd better check my company's webservers so they aren't running this evil hacker malware.

    Oh my... all of them had been infected. No worries though, I managed to clean them all up. A good day's work well done.

  • by Temujin_12 (832986) on Saturday September 12, 2009 @03:24PM (#29400317)

    Rather than getting consumed in an OS holy-war, perhaps we should focus on how exactly these systems were compromised and how to detect whether your server has been compromised. Linux servers being compromised is not a new thing. If you run old-enough libraries and software on them or configure things improperly, they'll eventually be compromised.

    Does anyone know if a particular vulnerability was used to gain access to systems?

    Does anyone know how to detect whether your system is compromised in this manner (is doing "ps -aux nginx" simple enough to detect it)?

    Spare everyone the OS holy-war and fanboism and let's figure out what the problem is, how to detect it, and what to do to fix it.

    • My thoughts, exactly. I RTFA'd, and found no mention of any specific vulnerability or method used to gain access to the servers. In fact, it isn't even clear to me that it's a *nix specific hack. The one common denominator seems to be - Apache.

    • Re: (Score:2, Insightful)

      by Zero__Kelvin (151819)

      "Does anyone know if a particular vulnerability was used to gain access to systems?"

      Yes, they exploited the most common vulnerability, the idiotic system administrator ;-)

  • My bet is on a poorly written PHP (which stands for "Please Hack Promptly") app.

  • by drougie (36782) on Saturday September 12, 2009 @04:06PM (#29400565) Homepage

    It's nice to be able to apt-get yourself the latest stable copy of apache2 and php5 and mysql and postfix humming with just a command or two, also nice to be able to apt-get upgrade them after you apt-got updated. Those who maintain, clean and contribute to the large public repositories that apt and yum and rpm and pkg_add, good people and they generally do a bang up job for 99% of the Linux and UNIX and UNIX-like folks. However, when you maintain servers which are not completely hidden behind a nat with these programs for years and once in a blue moon compile something you downloaded in a gzipped tar, you put yourself on admin autopilot and that can bite you in the ass.

    Give you one example: I installed RoundCube, the most badass webmail client there will ever be, ever, with apt (the first time). Ran it for a while without incident. Had my system on weekly cron apt updates so I figured I was safe. Eventually I discover someone made it onto my system and put a malware installing js line in my web pages. Looking through the guy's bash history I discovered they got in through a RoundCube vulnerability. I checked out RoundCube's site [roundcube.net], something I should have done first thing but did not, and it turns out their stable version was much newer than what apt realized and that this vulnerability would not have been on my system about five months ago had I downloaded straight from their site and stayed on the ball with their support resources which are things that are less necessary when you just let apt-get rip.

    Bottom line, apt-get update/upgrading would not patch a glaring vulnerability in software I found with apt originally with the default Debian sources.list and I doubt it would have on most other distros' package management systems. It wasn't RoundCube's fault, the patched release was their Stable build for a long time but I was left wide open to anyone who went on a rootkit site and googled for roundcube hosts and I got nailed. Learned my lesson and I don't fault the repository maintainers for being behind the ball a bit on less popular software in their enormous archives but if you ask me software should not be available on the default repositories for Linux variants that the maintainers are not confident that they can keep up to date or don't have some kind of way to be quickly and effectively notified by the authors/vendors in the event of a critical upgrade being available and to put it live right quick. Put it on the people who want to install such software themselves -- if they can make it past that hump I'd say their odds of running the software safely will be substantially higher than Joe Yum. And spreading awareness of cvs/svn would be nice too.

    Can't believe I just admitted I got compromised.

    • Re: (Score:3, Insightful)

      by Anonymous Coward
      Can't believe I just admitted I got compromised.

      Much better than the fanbois who have tried everything under the sun to defend their pet project against the evil meanies who don't have a problem admitting that every system has weaknesses.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I can't imagine how you came to the conclusion that the fault was with *apt* of all things.. did you think it works by magic? Blame the Debian "It's not moldy, so it's not for us" maintainers instead, or even yourself for using a distribution known to ship ancient software no longer supported by upstream.

      • Re: (Score:3, Interesting)

        by drougie (36782)

        Firstly, it's my fault for running a webmail client I got from browsing through apt-cache, installed with apt-get and configured mostly with dpkg-reconfigure instead of grabbing the official current build and reading the readme and man pages and faq, and doing this on a somewhat important machine. Did the same thing with Gallery [menalto.com] and PHPNuke [phpnuke.org] several years ago. Even webmin in my reckless and stupid experimental days. That's painting a target on yourself to get malware on your sites and start running irc bots

        • Re: (Score:3, Insightful)

          by dbcad7 (771464)
          That Debian runs older stable software, does not stop them from installed patched versions of software when it comes to security. You still get security updates in stable.. Not pointing fingers or anything.. but if I do a search for roundcube in debian stable I don't find anything.. testing, unstable, and experimental yes.. but stable no.. So perhaps the whole idea of running the creaky old software makes sense.
  • by wzzzzrd (886091) on Saturday September 12, 2009 @05:01PM (#29400883)
    More than once I heard "I just use Linux, so I'm gonna have a secure system anyway". Yes, Linux is more secure by design than windows, but this attitude makes ppl dumb and lazy.
    • Re: (Score:3, Insightful)

      by Thundersnatch (671481)

      Yes, Linux is more secure by design than windows, but this attitude makes ppl dumb and lazy.

      Linux is most definitely no more secure by design than Windows NT. It is actually far worse in many areas from a design perspective.

      Linux is usually more secure as Implemented and deployed than Windows. But this has far more to do with the expertise of the sysadmins than the design of Linux. Microsoft.com seems to stay online despite running on beta versions of the MSFT suite.

  • This would be the reason that default firewall configurations should not allow any outgoing connections until the admin explicitly turns them on. Except perhaps on the standard HTTP and HTTPS ports as these are commonly used for downloading security updates upon initial install, and the DNS ports as these are needed by pretty much everything.
  • Use the source, Luke (Score:4, Informative)

    by petrus4 (213815) on Sunday September 13, 2009 @08:28AM (#29404475) Homepage Journal

    Let this be a lesson to everyone who reads the article. Security is not something that happens by accident.

    I've said for a long time that binary packaging is, fundamentally, a Hell-spawned abomination masquerading as a convenience; incidents like this only prove the point.

    Compile yourself a minimalistic base system, a la Hardened Linux From Scratch [linuxfromscratch.org].

    Then get the absolute minimum number of packages you need for a working system, such that you've got some chance of keeping them updated. Firefox for web browsing, maybe. A single media player; VLC or Xine. Vim/Emacs as an editor. OpenOffice.org if you need that. Whatever servers you need, but keep that list small. A firewall, which is hopefully obvious.

    Use a minimal window manager which doesn't have a dep list as long as your arm, as well. I use Ratpoison. Do not laugh until you've tried it. It is very, very fast, and resource consumption is virtually nil. It's basically an X version of GNU Screen.

    Once you've got this small list of packages, take full, ruthless, practical advantage of the fact that your system is open source. Subscribe to the announce or bug related mailing lists for the apps you've got, and keep local virgin tarballs. This way, whenever there is a bug or potential exploit, and the patch gets posted within a few minutes or hours, you can get it the moment it goes to CVS, patch your own source tarball, and recompile. The same goes for the kernel itself.

    You won't be vulnerable to exploits, because you'll get the solutions to them as they are implemented, and you're also far less likely to end up with a compromised machine as a result.

    Brainless Windows refugees, who will sneer at me, and/or complain about how this isn't, "user friendly," don't even bother. This post isn't for you. We already know that you've committed yourselves to being servile, unthinking sheep, and you are therefore invited to accept the consequences of your (lack of) actions in that regard.

My idea of roughing it turning the air conditioner too low.

Working...