Slashdot Mirror
Slashback: Shelter, Panic, Intrusion
Remember, Free Software Sinks Ships curtS was one of the many to point out that "MSNBC has an article about a security hole you could throw a cat through." This might be more exciting if it was the first time, but jamie posted about a very similar-sounding flaw a few months ago.
Calling off the dogs of war. An anonymous reader writes: "Slashdot reported that Indymedia had received a court order to hand over the logs and other records pertaining to the IMC's coverage of anti-globalization protests in Quebec City. Now FBI has dropped the case. Here is the press release."
phunhippy points to coverage at Wired as well.
This Old House - gr8dane writes "I was just checking out the Sunday posting on /. about .commers in homeless shelters and Salon is running an update to the same story. The previous post prompted quite a bit of feedback on /. and this update article seems to support those who felt the Sunday article wasn't indicative of the industry as a whole. 'John Sacrosante says he went from six figures to a shelter. His friends say there's something fishy in San Jose.' Quite interesting ... "
DoctorZ writes: "In response to reading the recent article about Zero-Knowledge's withdrawal from Linux development for Freedom. I emailed them discussing my concerns along with everyone else's. Here was their response:
'Hello,We know....
We understand your disappointment. It is not a easy decision. We are not giving up on Linux. Our entire Freedom Network is Linux based!This decision was taken in response to the number of people purchasing the Linux version as compared to the number purchasing the Windows version. While many of us at Zero-Knowledge are Linux enthusiasts, the number of interested Linux users downloading Freedom simply didn't warrant continued development efforts, and we have chosen instead to apply our development resources in a way that will maximize value to our customers.
Once again, thank you for expressing your concerns.
Regards,
Alan"
Let's face it, every major operating system has security flaws, either in the past or just waiting to be discovered. The benefit of Open Source is not only that it makes it easier for everyone to see its flaws, but it makes it easier for anyone to fix them.
Right now we have Craig Mundie preparing to argue the merits of commercial licenses over Open Source, and having a hole of this magnitude (read the article for details) showing up in closed-source software so close to this debate only serves to make our case look better.
There are times when a closed-source license scheme will work out better for a particular company, and there are times when an open-source one will be better (and I'm only talking in regards to the company, not the rest of society). This security hole will hopefully reduce the FUD level against Open Source software, particularly from a security point of view.
I can't wait to hear the Mundie debate next week.
--Cycon
Your Brain + EEG + LEGO Robots = Brainstorms
Oh, man. I'll forgo my raise next year if only they would offically declare me the Chief Hacking Officer. (It's almost as influential as Senior Shouting Officer amongst the Vogons, you know.)
If I were a Chief Hacking Officer, I could make broad assumptions like declaring that each domain that uses IIS only has one computer serving pages for it. I could be in article posted to Slashdot! What more could any sane geek want?
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
when are companies going to start coming out with really refined and good code
Microsoft has been releasing software with good, refined code ever since they used BSD code in Windows.
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
Samuel Clemens (Mark Twain) managed to blow $300,000 (19th century $) of his savings investing it in development of an automatic typesetting machine; Sir issac Newton lost his fortune in the South Sea Trading Company bubble way back in 1720; plenty of otherwise thought-to-be-intelligent people bit it investing in RCA in the 1920's, Polaroid in the 1960s, etc... I wouldn't try to judge people's intelligence based on their financial success. Human nature applies to the temptations of all, no matter how otherwise intelligent they might be. I think financial wisdom must follow a different thought pattern.
My response: "What do you mean WE?"
You need to have to burn a lot of bridges to actually end up in the street. You have to lose your income, your savings, your friends (or the goodwill of your friends) and what might be called Social Capital.
The trick is to have a lot of bridges to begin with, and to keep them from catching on fire.
Most of this will sound utterly obvious to nearly all of you, but you've got to reserve money (for upcoming bills and insurance payments), save money (for no particular purpose . . . a rainy day fund), be absolutely fanatical about paying off your debts, and stay in good with friends and family.
Short of a natural disaster or major crash, someone who does this won't end up on the street or "car camping."
And if there is a major crash, think of the great blues songs you can write! "Once I built a network, made it run, . . ."
Stefan
I wonder how many of those other submitters also conveniently "forgot" to point out that the article specifically mentions that a patch was released yesterday.
For a second I thought ./ had been compromised again.
In part (it is a long and thoughtful read):
In the story, a couple of consultants/network guys wound up in a shelter because they lost their jobs and couldn't pay their bills. One had a 100K a year job, the other a steady 60K consulting gig. These men caught the fear and it has swept them into the gutter. Is the idea of being young and homeless scary? Sure. But here are some factors people have to consider before embracing the fear. Why? Because the fear is a powerful thing. Once it has a hold of you, it owns you. You can't think, can't do anything but absorb the fear and let it control you. Why is the fear spreading so fast, based on ONE article? Because it could be anyone. It was as if everyone now had permission to be scared about their future and all of a sudden, all that liberterian thought they had sucked down was not working. The possibility of poverty, or a quick trip back to 1992 was not what they expected after the boom. And the fact that it's here scares people to the core. There's no work, there doesn't look like there's going to be any work, and people don't see a market for their skills. No more trips to Europe, no more unlimited futures, no more foosball in the office. No more office. But let's look at the circumstances of that article more closely: "
And it goes on.
a pretty good look at the psychology behind why the story struck a raw nerve in folks
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
The basic idea behind Zero Knowledge's Freedom project is that your traffic gets pooled (in a cryptographically secure manner) with that of the rest of their customers in such a way that all anybody (but ZKS) can discover is that one of their customers is doing something.
It would seem to me that a cooperative group of people could accomplish much the same without too much trouble: set up an IPSEC WAN and a bunch of proxy servers that only speak to clients on the private side of the network. Use DNS load balancing, and all you know is that a request is coming from a participant of the WAN.
ZKS also offers psuedononymous email, web server profiles, newsgroups posting, etc--all very good. But there's no reason the cooperative couldn't provide similar functions.
ZKS runs the servers that do all the heavy lifting. In the cooperative, all the members would provide a piece of the heavy lifting.
Yes, I'm painting with a broad brush here, and even I could start to pick holes in the way I phrased some of all this. But, I think the basic idea is sound: rather than rely on a company like ZKS to do everything, have everybody chip in, even if it's just to share some bandwidth and CPU cycles. Surely if we can all cooperate sufficiently to create a number of operating systems--even if the form of cooperation is nothing more than using them--we can also cooperate to protect our privacy?
b&
All but God can prove this sentence true.
ummm...I'm pretty sure it was an ICEBERG and not Free Software that sank the Titanic.
actually, now that I think about it, i'm pretty sure there wasn't much in the way of software back then either....
And you guys talk about Slashdot stories not getting researched enough!
Free software crashes ships?
Do you like German cars?
Clearly this is a perfect strategy: Those ship-based NT systems that are less reliable will drown while those that work will survive to breed with other ships thus improving the species....
Simon
Then there's proper unit testing, which should include full coverage testing. Unit test should be written so that they provide all sorts of legal and illegal input. Most software shops do not have the resources to do this properly within their deadlines. They might fore up the tools if they see som insane memory leaks or if the program crashes.
But again, I'd think Microsoft has all the resources they need. Judging on the poor quality of their software they probably have figured that the (lack of) quality of their software has no detrimental effect on their sales, so they probably leave the testing to GUI monkeys, and hope for the best. Even a 0.5 trillion $ company can make a few bucks extra by spending a few pennies less.
-- Another senseless waste of fine bytes.
Now, I don't think they will, because it would cost a lot of money and not make them much. They know their priorities - make money and dominate the market - and they know how to achieve them. They won't work hard on quality until we really start cutting into the desktop market. And at that point it will probably be too late.
My point is, quality is not now and never has been the point of free software. It is an important point for open source, which is basically about getting business to try free software, even if it's not all that free. If you're trying to convince executives who don't give a rat's ass about freedom, you have to put it in terms they can understand. The open source movement has gotten a lot of people to open up their code and use other people's free software, who otherwise would still be dismissing GNU as a bunch of left-wing wackos not living in the real world. Which they decidely are not, but sometimes you have to take a lateral approach to make people see that.
Free software is, and always has been, about freedom. The fact that it tends to result in better quality code is a fortuitous side effect. It's not the reason it exists, and it's not why I use it.