Slashdot Mirror

1. Keep the suits and incompetent people the hell out!

Once a compromise happened, there is no time to listen to lawyers or marketing executives. If they have anything to say, they would write a document where they list all recommendations they can care about -- for example, how "This site is pwn3d" web page is supposed to look like, whether it is a good thing to send all users a letter "please cancel your credit card", or what information can be released to authorities. If they didn't do that already, let them write those things while sysadmins are working.

This, of course, means that if there is only one sysadmin competent enough to investigate and fix the problem, then he would have to work on it alone.

2. Shut it down and investigate changes made by the attackers.

Before doing any investigation or recovery, shut the compromised and potentially compromised devices down. No malicious code should remain running. Whatever services should remain, must run in the minimal mode on separate hardware. For example, keep email running on a newly installed box. All investigation should be done in a clean environment -- drives moved to dedicated "clean" machines, or original servers booted from clean images (CD, PXE, replacement drives) on a private subnet, not accessible to anyone but people involved in incident response. Make full images of compromised hosts' storage whenever possible.

Backups are your friend. IDS logs are, too, but make sure that your IDS isn't compromised, and actually recorded something meaningful.

3. Don't worry about the person who originated the the attack.

Find its results and, if possible, method. Likely there will be at least one person within the company (malicious or more likely negligent) and at least one outside. Screw them both, they don't have access to your network anymore because it's off.

4. Immediately restore known-clean backups, perform audit on potentially compromised data and update the systems.

Backup is "known-clean" if investigation shown that it is from a state before the attack and does not contain vulnerable versions of software or compromised authentication information that allowed attack to happen. Usually some data has to be restored from a compromised system because it's more recent than backup (or because you are an idiot and forgot to back it up). Audits are supposed to be painful. Once data is in place, update software and configuration. Erase all compromised authentication keys and tokens.

5. Document the process.

I mean, technical details.

6. Tell everyone that they are screwed.

Explain to every office drone that they are going to get new passwords. They won't like it, so keep your LART ready.

Oh, btw:
http://abelits.livejournal.com/30214.html
http://abelits.livejournal.com/30681.html
http://abelits.livejournal.com/30872.html

1. Keep the suits and incompetent people the hell out!

Once a compromise happened, there is no time to listen to lawyers or marketing executives. If they have anything to say, they would write a document where they list all recommendations they can care about -- for example, how "This site is pwn3d" web page is supposed to look like, whether it is a good thing to send all users a letter "please cancel your credit card", or what information can be released to authorities. If they didn't do that already, let them write those things while sysadmins are working.

This, of course, means that if there is only one sysadmin competent enough to investigate and fix the problem, then he would have to work on it alone.

2. Shut it down and investigate changes made by the attackers.

Before doing any investigation or recovery, shut the compromised and potentially compromised devices down. No malicious code should remain running. Whatever services should remain, must run in the minimal mode on separate hardware. For example, keep email running on a newly installed box. All investigation should be done in a clean environment -- drives moved to dedicated "clean" machines, or original servers booted from clean images (CD, PXE, replacement drives) on a private subnet, not accessible to anyone but people involved in incident response. Make full images of compromised hosts' storage whenever possible.

Backups are your friend. IDS logs are, too, but make sure that your IDS isn't compromised, and actually recorded something meaningful.

3. Don't worry about the person who originated the the attack.

Find its results and, if possible, method. Likely there will be at least one person within the company (malicious or more likely negligent) and at least one outside. Screw them both, they don't have access to your network anymore because it's off.

4. Immediately restore known-clean backups, perform audit on potentially compromised data and update the systems.

Backup is "known-clean" if investigation shown that it is from a state before the attack and does not contain vulnerable versions of software or compromised authentication information that allowed attack to happen. Usually some data has to be restored from a compromised system because it's more recent than backup (or because you are an idiot and forgot to back it up). Audits are supposed to be painful. Once data is in place, update software and configuration. Erase all compromised authentication keys and tokens.

5. Document the process.

I mean, technical details.

6. Tell everyone that they are screwed.

Explain to every office drone that they are going to get new passwords. They won't like it, so keep your LART ready.

Oh, btw:
http://abelits.livejournal.com/30214.html
http://abelits.livejournal.com/30681.html
http://abelits.livejournal.com/30872.html

1. Keep the suits and incompetent people the hell out!

Once a compromise happened, there is no time to listen to lawyers or marketing executives. If they have anything to say, they would write a document where they list all recommendations they can care about -- for example, how "This site is pwn3d" web page is supposed to look like, whether it is a good thing to send all users a letter "please cancel your credit card", or what information can be released to authorities. If they didn't do that already, let them write those things while sysadmins are working.

This, of course, means that if there is only one sysadmin competent enough to investigate and fix the problem, then he would have to work on it alone.

2. Shut it down and investigate changes made by the attackers.

Before doing any investigation or recovery, shut the compromised and potentially compromised devices down. No malicious code should remain running. Whatever services should remain, must run in the minimal mode on separate hardware. For example, keep email running on a newly installed box. All investigation should be done in a clean environment -- drives moved to dedicated "clean" machines, or original servers booted from clean images (CD, PXE, replacement drives) on a private subnet, not accessible to anyone but people involved in incident response. Make full images of compromised hosts' storage whenever possible.

Backups are your friend. IDS logs are, too, but make sure that your IDS isn't compromised, and actually recorded something meaningful.

3. Don't worry about the person who originated the the attack.

Find its results and, if possible, method. Likely there will be at least one person within the company (malicious or more likely negligent) and at least one outside. Screw them both, they don't have access to your network anymore because it's off.

4. Immediately restore known-clean backups, perform audit on potentially compromised data and update the systems.

Backup is "known-clean" if investigation shown that it is from a state before the attack and does not contain vulnerable versions of software or compromised authentication information that allowed attack to happen. Usually some data has to be restored from a compromised system because it's more recent than backup (or because you are an idiot and forgot to back it up). Audits are supposed to be painful. Once data is in place, update software and configuration. Erase all compromised authentication keys and tokens.

5. Document the process.

I mean, technical details.

6. Tell everyone that they are screwed.

Explain to every office drone that they are going to get new passwords. They won't like it, so keep your LART ready.

Oh, btw:
http://abelits.livejournal.com/30214.html
http://abelits.livejournal.com/30681.html
http://abelits.livejournal.com/30872.html

Ever since Ubuntu Edgy much of the low hanging fruit in speeding up the Ubuntu boot has already been taken. Looking at the bootcharts for my system since then shows remarkably little time when the CPU is idle once the base kernel has finished loading. This means that running anything more in parallel simply won't net me anything (in fact scheduler overhead and disk thrashing may in theory make things slower).

For example, there is an improvement in the time it takes for the clock to appear from "Ubuntu Dapper Flight 3 Default kernel" to "Ubuntu Feisty Herd 5 generic kernel". The Ubuntu folks worked hard to try an eliminate sleeps from their initscripts and when a sleep was unavoidable they would run other parts of the startup process in parallel. They also made changes to Xorg to prevent it (re)reading so much stuff on launch. There was also the introduction of the readahead script which tries to arrange for as much of the boot time reading to be done in one big chunk. Throughput is higher when the disk is only reading and can utilise it's readahead. An attempt is also made to try and request files in the order in which they are laid out on disk (to minimise disk seeks which hurt performance). In Feisty a move was made to using dash instead of bash for scripts because it was smaller and executes scripts faster.

The only things that seem to win me any gain over the default Ubuntu Feisty install are turning off initscripts for services I absolutely won't use (e.g. ipv4 autoconfig via avahi) and reducing the number of restricted binary driver modules being probed (I have long noticed that the only benefit that recompiling the kernel gives to boot speed is that you can simply leave out features not on your computer making the initial kernel startup where it probes for things you might not have (like which software RAID is faster) a shade faster). It is also worth noting that Ubuntu starts X quite early and continues loading services afterwards which means the gain from disabling one of these "after X" services (like CUPS) isn't so noticeable (but might mean your desktop actually starts responding to clicks a bit sooner).

Profiling the boot to try and improve the readahead takes a long time to run - the profile run seems to take three times as long as a regular boot. It could be argued that you will never gain back the extra time you waited on the profile run...

I suspect reducing the boot further will start to need more complicated procedures, perhaps reordering modprobe.conf and reducing the amount of needless reading of files. Eventually you end up having to do the same tricks as Windows/OSX - e.g. working out where the fastest part of the disk is and copying every file needed to boot there, bringing up the network cardafter the desktop has started, periodically defraging bits of the disk, prelinking...

Blatantly by me. Thanks.

Did you write this?

No, time for Google Seppuku.

Firstly, thats my blog. Secondly, I had about 7 different issues over the space of 6 weeks, trying to get a completely fresh install of Gentoo on an [Athlon XP 2600+, 1GB RAM, ATi 9800 Pro]. Problems ran from circular dependencies, to Xorg building properly but barfing on my graphics card, circular dependencies in the ATi driver, KDE barfing on the Xorg build, and when everything got up and ran, Xorg randomly quit and dumped me to the shell. As I'm not a novice gentoo user, I resolved the circular dependencies, built with fewer use flags, and used more conservative compiler options. The issues that weren't dependencies persisted.

The advice I got from the community was more or less exactly as I was quoted; apparently my 9800 Pro was rubbish in their eyes. Or at least thats exactly what I was told in the IRC channel. I did a search on the forums and mailing list, found others with my issues, and they were told to get an NVidia card.

I'm not a Linux User per se; I just need to get my work done. My work environment is KDevelop, which necessitates KDE. There are few KDE-based/supported distros out there, apparently every distro manager loves the philosophy of Gnome. So proteus71 got me hooked up with Kubuntu, and that is where I have been getting my work done.

This blog said a lot I agree with. The Gentoo-relevant part:

Gentoo has given me intractable issues with X configuration. This is to be expected. Once, the Gentoo community was large, and therefore helpful enough to solve my problems. Their only answer for me now is "Your video card is rubbish!".

As for me, I once spent four days back in 2002 trying to install Gentoo on a laptop -- never did get X to work. Once I gave up, I had RedHat 7.3 installed in under three hours. I'm not saying Gentoo is a bad distro, but after that experience, I've had serious reservations about trying it again.

May this "new" project be a reincarnation of this site: http://debaday.livejournal.com/ ? [I've stumbled across this when i wanted to add the feed and wondered that my liferea examples already contained a "Debian Package a Day" feed :)]

If it is, the question will be: Why did it die back in 2004 (the last article is dated Nov. 15, 2004)? I guess it suffered from not enough people actually adding reviews of packages. As this article http://debaday.debian.net/2007/02/15/we-need-your- help-now/ suggest, the new (old?) maintainers are still worried about this problem.

Let's see how long it'll be alive this time.

who's done more on exposing this than I could.

You might start at his blog: http://parkerpeters.livejournal.com/

There are a number of "usual suspects" administrators, but one of the latest trends is administrators randomly renaming themselves, and leaving a less-than-adequate trail to show what the old administrator name was (such as user:Gaillimh); this is a ploy to make it harder for old abusive actions to be followed up on.

CheckUser, despite policy being that a user accused has the right to request the data be made public, has never ONCE seen this happen; on the contrary, requests to make the data public are usually beaten down, talkpages locked by other admins.

Talk pages of blocked users are routinely locked by the blocking admin, requests for administrator intervention against corrupt admins doing blocking are routinely removed without comment or with insults by 3-4 users like Ryulong and Yamla.

In Wikipedia, remember, you're guilty until proven innocent, and even if proven innocent you're "guilty of wikilawyering" for trying to prove your innocence as long as some admin somewhere wants to say so and block you. Nobody's going to stand up against them, least of all the only ones with the power to do something about it, the other administrators.

1. no anon edits. They're almost always just vandalism and frankly how can you trust information supplied without credentials?

Bullshit. I fix things all the time when I see them. I've become convinced it doesn't do shit for good, though. Anytime you get near anything that even hints of controversy, Wikipedia breaks because there are gangs of people who will try to control an article.

There's a great former admin who's written all about it, he describes it a hell of a lot better than I ever could. His blog's at http://parkerpeters.livejournal.com./

2. Lock articles once they're solid.

Wikipedia's admins do this all the time now; and they remain hopelessly inaccurate, with bad information or inaccuracies preserved for all to see.

What it really does is change it from wikipedia to elitopedia.

3. community == good, disorder == bad.

Corrupt community of admins = worst of all, and that's what wikipedia is now.

4. Derive clear policies concerning articles about commercial entities.

No shit. If a company wants to edit on the same basis as everyone else, and as long as they are putting in verifiable information that is factually accurate, why should they be reduced to a stub-page? Unfortunately, Wikipedia's got a bunch of freaks running it who go ape-shit the moment that the idea of someone being paid to edit particular pages is introduced.

The "problem" comes in when you get a vaporware/scam company like Infinium Labs or some shit, who start getting irate about their dirty laundry reaching the article. The proper response is "tough shit, if you didn't want it public, you shouldn't have done it in the first place." Unfortunately for wikipedia, the response from their userbase instead is "OMGWTFBBQ THEY BROUGHT IN A LAWYER BAN THEM FROM THE SITE" like a bunch of drooling morons, and so they get articles that are 25 pages long on a fucking pokemon that appeared in one episode back in 1996 and never anywhere else, but you can't have more than a 1-sentence stub on, say, a waterpark or amusement park or theater that's a national historic landmark / tourist attraction.

May as weell just link to a post I made on Livejournal. It says everything and has screenshots to boot

http://community.livejournal.com/gamers/2152581.ht ml

I made some pictures from the very central location of Europe - Kiev, Ukraine. Take a look here. It's not so easy to make pictures or Moon, though! :)

I have been experiencing true euphoria most of the day today. I even wrote a post on it just 15 minutes or so before this article came up.

Mark Cuban started things off and Bram Cohen responded. Bram's problem is that he mischaracterizes Cuban's argument when he makes his case. For example, right in the title of his blog entry, Bram claims Mark predicts the downfall of Bittorrent. Mark never said anything like that! And in fact Mark responds to Bram's false accusations in his own blog . How many billionaire CEOs would you see doing this? Of course people will keep accusing Mark of being a self-centered, power hungry megolomaniac. That may or may not be true. However, we can provably show what someone did or did not say in a blog and in this instance, Bram is way off.

I love Bram to death for what he's given to us for free and I don't know if he's deliberately mischaracterizing this criticism or perhaps temporarily misunderstood what Mark was getting at, but this constant spinning of his is kind of lame.

Mark Cuban started things off and Bram Cohen responded. Bram's problem is that he mischaracterizes Cuban's argument when he makes his case. For example, right in the title of his blog entry, Bram claims Mark predicts the downfall of Bittorrent. Mark never said anything like that! And in fact Mark responds to Bram's false accusations in his own blog . How many billionaire CEOs would you see doing this? Of course people will keep accusing Mark of being a self-centered, power hungry megolomaniac. That may or may not be true. However, we can provably show what someone did or did not say in a blog and in this instance, Bram is way off.

I love Bram to death for what he's given to us for free and I don't know if he's deliberately mischaracterizing this criticism or perhaps temporarily misunderstood what Mark was getting at, but this constant spinning of his is kind of lame.

I love this response. "Microsoft can make better programs because they use the super-secret ultra-special hidden APIs." Completely false. Though sometimes I wish there were secret hidden APIs that could be used to somehow make programs work better, this seems pretty far-fetched.
Microsoft employees use MSDN for documentation just like everybody else. While it is possible that they have access to better support options than the average developer (i.e. their friends that work on the Windows team can given them advice), there is no secret sauce available. Just elbow grease.

Oh how I know it, dear friend. I've lived on the front lines here in San Diego for the last 10 years. Bravely running away next month, I am. Just keep watching American Idol and Dancing with the Stars, folks.... the Nation will still be here when your kids grow up unable to go to college because it's full of Mexican nationals paying in-state tuition!

And King Shrub announced this morning that US highways will now be open to Mexican trucks. LOVELY. More death traps to kill innocent American children in mom & dad's SUV.

I've been talking this crap until I'm blue in the face... called every dirty name in Spanish and English, and all the while... they just keep shoving it all through, without regards to Americans. And *EACH TIME*, I've been right. I really hate those I Told You So words... I really really do.

I live 10 miles from Tijuana right now... crime is skyrocketing, prices are even worse, and I can't throw a rock without hitting La Raza or whatever activists. Funny thing that... my forefathers drew first blood from Santa Ana in 1836. I'm really glad my grandfather (a Texas Marshal til the day he died) didn't live to see this abberation.

And yes, I do place this squarely on King Shrub's head. How many illegals does HE employ? I just want my country back. Alas, it is not to be. :( So, I am leaving Southern California for the mountains of Colorado...where the infection is almost as bad, but at least I can retreat into my cave in the mountains and watch the world fall apart from the safety of my own land. Unless they give that to the Mexicans too..

Confrontational people switch too.

BoardGameNews has some nice coverage. Day One, Day Two and Day Three. Note the Khet (previously Deflexion) tower expansion. I'm definately getting the base set, beam splitters and tower when the tower comes out.

BoardGameNews has some nice coverage. Day One, Day Two and Day Three. Note the Khet (previously Deflexion) tower expansion. I'm definately getting the base set, beam splitters and tower when the tower comes out.

BoardGameNews has some nice coverage. Day One, Day Two and Day Three. Note the Khet (previously Deflexion) tower expansion. I'm definately getting the base set, beam splitters and tower when the tower comes out.

Recently my bad registar forgot to tell the TLD registry to renew my domain (even though I paid them months in advanced).

I knew immediately when the domain had been dropped because things weren't resolving on it.

So, I contacted my registar (that decided to spend two days todo nothing on it), only to see that within the first few hours, the domain had been grabbed and it was some weird scamming thing that wanted me to offer a amount of money to buy it.

(Response I got from my registar since then)

I'm certainly not going to pay anything to shady registars or whatever they are.

Or it could all be a hoax

Ubuntu continues to ship closed source proprietary drivers in potential violation of the GPL.

This is trading long-term liberty for short-term convenience.

The price of liberty is not free, nor is it comfortable. Fortunately in this case however, there is a reasonably comfortable choice. What if Free and Open Source Software communities voted with their dollars and bought video hardware that had libre drivers?

Today with Intel video, you have the convenience of working video out-of-the-box with full 3D acceleration with upstream X.org and kernel support. Perhaps if more people voted with their dollars, the other hardware vendors would take FOSS software more seriously and become a more honest partner in order to compete.

Think about it.

Warren Togami,
Fedora Project

p.s.
Note also the recent news of Intel finally releasing an IPW3945 driver suitable for the upstream kernel, by offloading the regulatory daemon into firmware. Good job Intel. As long as you continue to be a honest partner in the FOSS community, you have my dollar.

I'm soon buying a new laptop with Intel 950 video and IPW3945.

The artice about the adopting Linux in Russia is not really true. The story with the arresting the school director has got a bit of public attention, so the community of Russian Linux users started an initiative (sorry, the blog entry in in Russian, here is a google translation) to help teachers getting more knowledge about Linux. Many Russian LUGs are participating, but, really there not that many techers, who are willing to adopt Linux.

Viacom has every right to protect and enforce its copyright. But I think some of the videos caught by the broadly-cast net are NOT violations at all. Case in point? Mine. Check this out: http://pjperez.livejournal.com/118964.html

...has to be the livejournal of the Illmatic, North Korean president Kim Jong-Il.

"When the published and unpublished trials [from a FOIA request] were pooled, the placebo duplicated about 80% of the antidepressant response; 57% of these pharmaceutical company-funded trials failed to show a statistically significant difference between antidepressant and inert placebo. [...] This modest efficacy and extremely high rate of placebo response are not seen in the treatment of well-studied imbalances such as insulin deficiency, and casts doubt on the serotonin hypothesis."

Lets take your favorite database and reproduce the scenario: 6 drives each throw away 8MB of different data randomly selected from the last 500MB of database writes. Repeat with two different battery backed up write caching controller brands with on servers with dual power supplies at a colo with UPS, generator and dual circuits. That's what happened at Wikipedia.

I'm very interested in knowing which database server, running on only a single computer, will recover all except the last transaction in this situation. Expect your database supplier of choice to laugh at you and say that it's an unreasonable test and of course it can't recover if you're throwing away data from 500MB ago.

For a story of another outage, where InnoDB was fine, read the story of the 2005 LiveJournal power outage, caused when someone hit the emergency power off button in their colo. EPO = required to turn off all power, including generator and UPS power. Say goodbye to power to both of the redundant power supplies at the same time.

But what about the automatic light switches which only work with incandescent bulbs? In any case, incandescent bulbs are not really inefficient if you think about it.

Now if only other people could be so lenient towards copyright...

I agree... total FUD... There's no reason to close down even the 2d drivers (as has been done with the Radeon X1xxx series) just because a couple of 3d stuff is patented. There's always ways around the patents if you really care about them being a problem.
Please stop making excuses for people not doing the right thing..

Are patents also the reason why you "must" ignore anyone willing to sign your NDA and write drivers for you for free????
http://airlied.livejournal.com/31180.html
http://airlied.livejournal.com/32819.html //fatal

I agree... total FUD... There's no reason to close down even the 2d drivers (as has been done with the Radeon X1xxx series) just because a couple of 3d stuff is patented. There's always ways around the patents if you really care about them being a problem.
Please stop making excuses for people not doing the right thing..

Are patents also the reason why you "must" ignore anyone willing to sign your NDA and write drivers for you for free????
http://airlied.livejournal.com/31180.html
http://airlied.livejournal.com/32819.html //fatal

Then don't eat it!

Reminded me of a poll jwz put up, pointing to the story: The Worm Within

I'm definitely with jwz on this one: Save that fucker, wash it off, and put it in a jar on your mantle labeled with your name, the date, and "Sample #0001"

While spamassassin, OCR etc are good techniques, greylisting is the best way to do a first level check. See http://harishpillay.livejournal.com/2007/01/17/ in which I sing the praises of greylisting. A comment to my post says it best: Spammmer do not knock twice.

"Linus may fix an issue with the VM subsystem, but usually won't be the person to fix a problem with ext2"

It's kinda interesting that you bring this up, becuase he recently went through and fixed a data loss problem caused by interaction between VM and ext2. Just because someone else is the maintainer of it doesn't mean he can't go through and debug it like anyone else. But I think that there are plenty of people who would like to go through the nvidia source code. They may not all be experts, but I have a sneaking suspcion that the nvidia team isn't either. At first, you'll probably see a few code critiques, during which the module maintainers may be exposed to "kernel best practices" rants. But for all their internal knowledge, there's likely enough documentation in the drivers alone to more than double the efforts at improving nvidia drivers after 6 to 12 months. For example, the nouveau project is already making progress towards an open source driver for nvidia 3d chipsets, without anything more than the binary drivers, cards, and helpful users. Even if a tragically small percentage of OSS developers are able to help nouveau, it's still more than nvidia has dedicated to it.

From a recent discussion on how to learn Latin by self-study: http://community.livejournal.com/latin/326666.html

Check out the HP dv6000t vs. low-end MacBook Pro. That's from October; perhaps the MBP has changed since then, but if so, there's probably a newer HP model to compare it against as well.

Apple is pretty friendly to independent music sources, as well - CDBaby has a deal where for a small fee they'll perform digital distribution, and I've noticed that iTMS is the overwhelming source of all of the digital purchases of my band's stuff.

Their payout rates to artists are as good or better than other services, as I discussed elsewhere.

So while no-DRM would be ideal, Apple's approach isn't unfriendly to indie musicians.

Except for the fact that it's not 16x9 at all. Specs show 480x320 which is 3:2. Tiny smidge wider than 4:3, closest to 16:10 (which, granted, is generally what Apple releases labeled "widescreen" monitors. I have a friend who's a hi-def video producer and he's pretty disappointed by both the "widescreen" nature of the iPhone and the lack of codec support for the AppleTV as well as it's lack of output over 720p. (Though the spec page does list 1080i...) Anyway, his personal rant here.

...but it is the funniest one ever.

Definately, I too have a remote server to keep track of mail between my boxes.

I got a 30 bucks a month DDS with 80 gigs of space. Combined with IMAP and SMTP i can keep all my mail synced with the various, laptops/desktops/smartphones that i have.

also, if you are an avid IM/IRC user you can use it as a bouncer. check out this Killer setup i used as an example for mine.

http://nafai77.livejournal.com/39649.html#cutid1

"And just for the record, the A.C. parent posted no commentary. Just the moment of zen. And others modded it as funny (and insightful!). Why did you automatically assume he was ridiculing it?"
Read my signature, it's from the Dao de Ching, a root of Zen Buddhism, and you might get an idea. If you have a hard time, I had to squeeze it into 80 characters, go here. It's part of the way down the page.

"Which means just about the LAST place you'd expect it to come from is the mouth of the man whose job otherwise was to blow up as much of the known world as he could."
Nice flamebait, but not true. His job is to defend the USA, if that requires some blowing up, so be it. But not "as much of the known world as he could."

Blah blah blah I am an attention whore blah blah blah the site will do anything for page views and ad impressions blah blah why don't gaming industry people answer our questions when we do stuff like wear a retarded mask blah blah if you are going to believe any of my lies believe that I am not doing yet another "Sony is SUX dongs" FUD piece for clicks.

I did get a good LOL out of your "I think you'll find Destructoid (as a whole) to be both informative and reliable" bit!

MS isn't the only company that does this sort of thing. A friend of mine, Martin, creator of Memegen, received a similar, although less valuable, gift of iPod related goodness from Apple a while back.
 
In related news:
Damn, that was, too, many, commas, in the above sentence. Anyone care to correct it?

As for the point about Gnome, you're quoting someone from Novell who's fighting to avoid losing Suse developers to Ubuntu. I'll reserve judgement until I see some facts.

The link I posted above is to the blog of Josselin Mouette, one of the lead developers and maintainers of GNOME in Debian and in fact the Debian Developer responsible for getting GNOME 2.16.2 into testing. It's true that he is quoting a Suse developer, but if you scroll down to the comments you'll see that he himself asserts, "as one of the other GNOME maintainers, I can assure you this charge is true."

If Debian had no derivative distros geared towards end users, that would be a bad thing for Debian.

Debian itself is geared toward end users, just not the ones you have in mind. And honestly, why should Debian care about people who will use proprietary drivers over free ones just so they can "bring the bling"? That's not who Debian was meant for in the first place, and it's really none of our business to go around proselytizing to the masses. Debian is maintained by a community for that community and there's no reason why so much of the Debian Developers' time should be wasted trying to appease people who aren't interested in free software in the first place. I'm not saying Debian shouldn't care about making their distribution easier to maintain and install. I'm just saying that we should not give up the basic ideas and rights that the distro was founded on in the process, and we certainly shouldn't concern ourselves with the tinkerings of some company outside of Debian whose self-described "benevolent dictator for life" has admitted himself that Debian and Ubuntu have very different goals. I think it was said best by the Debian Developer, Gustavo Franco: "Debian is about us. The result of our work and feedback from our users, that are potential contributors in a much more powerful manner than alternative solutions." If Ubuntu wants to piggy-back off the labor of Debian to meet their own, very different goals then that's fine, but let's not forget what Debian is all about. This is a distribution for free software enthusiasts. The fact that there is another distribution out there that closely resembles Debian, but has entirely different goals and values does not help Debian to meet its own goals and values.

Undersecretary of State Frank Moss, the guy who pushed through the chipped passport program, came to the 2005 Conference on Computers Freedom, and Privacy ( http://cfp.org/ ) to demonstrate the tech, and, to his credit, face the critics before the rollout.

After his presentation, we cornered him in the hallway photo Moss, EFF's John Gilmore, travel writer Ed Hasbrouck, and yours truly.

I asked Moss what would happen if one presented a hammered passport at an entry point. "We'll admit you, eventually. But expect to spend a few hours at our tender mercy."

d laid out a nightmare scenario in which terrorists placed chip readers capable of detecting the proximity of US passports as triggers on explosives under the seats of busses, bar seats, etc. Moss apparently grasped the problem, and delayed the introduction of RFID passports until they could be redesigned with shielding to prevent reading when folded closed.

For what it's worth, my blog has actually been quoted in the local newspaper (India), at least once (and maybe more because I don't read the newspaper). So it can (and does) happen.

I consider my perspective "moderated," and I don't think there's any harm in a system geared towards non-nerd users. I have even used Ubuntu myself. I don't want to create a division between Ubuntu and Debian users, but I just think people should be aware that there is a very big and realistic difference between the two distributions. Time and time again, I hear people say, "Ubuntu is based on Debian. It's the same thing, just new software that's easier to install." In fact, it's not the same thing, and people should understand that because to me, what makes Debian the best distribution isn't apt-get; it's the fact that it's completely free and maintained by an open, democratic community. Ubuntu has none of that. The other issue I have with Ubuntu is that at times they have gotten in the way of Debian development. For example, recently it was revealed that Mark Shuttleworth prevented the Debian GNOME maintainer (who also works for Canonical) from updating GNOME packages until after Ubuntu LSO had shipped. That's not exactly what I would call an "unmitigated boon for the Debian community."