Slashback: Public, Anecdotes, Conclusions

It's been a while since the last iteration of Slashback, so tonight there are updates and errata on several recent stories. Read on below to find out more about Harlan Ellison's battle with copyright infringers, why modding your Linksys WAP might not be as cool as you thought, internet access in Wellington, New Zealand, the results of the NASA poll on space priorities and more.

How many anecdotes? Drestin writes "Looks like all the flame mail and traffic to WinInfo for the recent 'Windows more secure than Linux' article prompted it's author, Paul Thurrott, to reply with his opinion. He tells us to think with our heads, not our hearts."

Several readers complained about my original (since updated) headline, and they're all right. As Kathleen Ellis put it:

"I find this title to be rather misleading. Bugtraq is a security mailing list that happens to be archived on security focus' web site (it is also moderated by one of SecurityFocus' founders, but bugtraq content is not subjected to SecurityFocus editorial control), and WinInformant is really the one making the assertion, based on their analysis of Bugtraq list traffic.

As an occasional SecurityFocus reader (and occasional writer), I am particularly concerned that your headline (and the attribution of the assertion to SecurityFocus) will make SecurityFocus look bad. As a professional in "the industry" and as someone who follows computer security very closely, I am confident most sensible members of the security community will quickly realize that the assertion is of extremely dubious merit and your attribution could make SecurityFocus look extremely foolish."

Here, why don't you pay? TheGeneration writes "Recently Salon had an article about public money being used to write private code (ie, for a university.) The article apparently moved Richard Stallman enough to write a response and opinion. Stallman sites his own reason for leaving MIT such as his inability to write free software while under their employ. Stallman discusses ways to sidestep University control of free software, and how to get admins to allow software developed under them to be licensed as free software."

For your personal museum's display cases. airrage writes "As a follow-up to the early design docs for some of the earliest ATARI games. More fascinating, is the 30 Secrets of Atari. Did Jobs ever do any work? Finally, the creater of ATARI's adventure has a web site. Check out his work on virtual nano-technology and his presentation on creating Adventure. They sure didn't have much to work with did they?"

Connecting everything to everything. seanadams.com writes: "Our company has just published the firmware source code for our SliMP3 Ethernet MP3 player, previously reviewed on Slashdot. The firmware, written entirely in assembler, includes our super-compact TCP/IP stack for the 8-bit PIC microcontroller. The license allows for non-commercial use, so I hope this will be of interest to PIC hackers! If you're interested in experimenting with Ethernet and TCP/IP on the PIC, we will have an integrated PIC+CS8900 module and development kits available next month."

Next stop is telepathy. ruvreve writes "An update to a previous article featured here on Slashdot. Wellington is offering not only city-wide gigabit ethernet they are also offering wireless access. Currently it is still 11Mbps but plans are to make it 56Mbps down the road."

Not someone I'd want to mess with anyhow. yndrd writes "As a follow up to a previous Slashdot story about Harlan Ellison's feud with what he considers to be pirates of his work, Ellison has reached a settlement with Critical Path Inc. who will create software that enables Ellison to immediately delete postings of his work on the RemarQ service. The (somewhat) full article is here. He's still ready to rumble with America Online, the other party in his lawsuit."

The dirty side of quick n' dirty. nailgun writes: "http://www.maokhian.com/wireless/wap11.html has before-and-after oscilloscope traces of the spectra of a power-boosted (hacked) Linksys WAP. From the traces it is apparent that power-boosting does no good, since all (or nearly all) additional power is blasted out in neighboring frequencies. Boost your Linksys and you'll step on all other WAPs in the neighborhood. These are cool pictures too."

This took a survey to determine?An Anonymous Coward writes "Remember the Space Survey Thread? Where NASA was asking for our opinion on where to go in space? Well, the results are in. Lo and behold, we all want to go to Mars."

Likely standard 802.11g?

[Zergwyn]

I see that currently that Wellington wireless speed is 11Mbps. This leads me to suspect that they are using the 802.11b standard, which is pretty widespread at this point (Airport, and numerous PC solutions). However, if they plan on going to 56 I wonder which one they will be using. 802.11a supports the much higher speed, but at a price of greatly reduced range. I guess it seems most likely that they will use one of the new standards, such 802.11g, info on which can be found here. This one runs in the 2.4GHz band, and is supposed to support 54Mbps. However, a final draft hasn't been approved.

Re:Likely standard 802.11g?

[JesseL]

802.11a supports the much higher speed, but at a price of greatly reduced range

From what I've read (pdf warning) 802.11a has similar range to 802.11b and for a given range 802.11a will operate at a higher speed than 802.11b. 802.11a does have a shorter range at which it will operate at it's maximum speed, but even when it falls back it is faster than 802.11b.

Re:Likely standard 802.11g?

[Jeffrey+Baker]

Excuse your ignorance, but 802.11a has better range than 802.11b. At the limit of 802.11b range, 802.11a will still work up to about 6mbps. At any distance from the access point, 802.11a provides faster access than 802.11b.

Say it with me kids: 802.11a has better range than 802.11b.

Re:Likely standard 802.11g?

[Jeffrey+Baker]

Trees are going to clobber 802.11a, but they practically kill 802.11b as well. Fortunately for 802.11a outdoor deployment, 1W power is allowed in the upper band.

Re:At least ...

[oregon]

The geeks will go to outer space, it's the rest that will inherit the Earth!

Stallman's right, you know...

[s390]

code developed with public money should be, well... public. On the other hand, Microsoft PCs would still be confined to LANs if it weren't for their leverage of the University funded, BSD-licensed TCP/IP stack (which has made Microsoft billions of dollars).

Perhaps publicly funded code needs a modified GPL type license that is free to use (even to run a business) but incurs significant royalties if the code is incorporated into commercial software products. I wonder if RMS would be OK with that?

Re:Stallman's right, you know...

[ekrout]

Private universities don't get any public money, my friend. That's why my current education will cost around $70,000 next year for two semesters.

Don't confuse the "Big Ol' U.s" with the Ivies, etc.

Re:Stallman's right, you know...

[WNight]

Works for me.

If your state funded grant is for "generally running a lab, while not producing results" then you should use it for that.

However, most grants are a little more specific as to what you're supposed to do with them.

IMHO if you use any public money to research/create/etc, the creation/results should be co-licensed into the public domain.

Theoretically this allows someone to take your research and change a critical word " ... no reason to believe that telepathy [doesn't] exist." and have it look as if you said that, but this is covered by existing laws. I can write up a scientific sounding paper from my school experience, sign your name, and claim anything I want. What stops me isn't copyright law, it's defamation of character laws.

Likely, if the inclusion of public money made results public, private money would come with the stipulation that you do not accept public money on this project. But that's fine. If they foot the bills, they get the results. And it means there's more public money for people willing to open their results.

IMHO, using public money on something that we don't benefit from is theft. And I don't buy that there is *any* economic benefit to corporate control of this information (for the people, at any rate.) If the information was public, many companies could use it to base their work on, with it being closed only one company can. Being that public doesn't mean GPL (ie, perpetually open) there's no argument that a company couldn't make their discoveries proprietary.

Re:Stallman's right, you know...

[Lakitu]

Please. that's bad logic. Microsoft doesn't even use the BSD-licensed TCP/IP stack anymore, they wrote their own - and they probably only used it in the first place because it was already done for them. Don't you think they could've written their own code?

Microsoft does a lot of things wrong, you don't have to go looking for trouble that doesn't exist. You just lose credibility.

Re:Stallman's right, you know...

[hackerhue]

I believe what you are talking about is already being done, through dual licensing. See, for example, the licensing for FFTW (www.fftw.org - an FFT library developed by some MIT guys). It's licensed under the GPL, and if you don't want the GPL (e.g. you want to include it into a closed-source program), you can sign a licensing deal with MIT.

ReiserFS also does the same thing, and Hans has mentioned before that RMS hasn't complained about it yet.

Re:Stallman's right, you know...

[TheFrood]

Warm fuzzy feelings don't put food in your stomach.

Uh, no, that's what the money from the grant is supposed to do while you're writing the software.

TheFrood

Re:Stallman's right, you know...

[snilloc]

They do so get public money!

Research grants: Medical research grants, DOE Big friggin' laser grants, etc.

And of course, students are federally supported, and all that money (indirectly) goes to the Univ.

Re:Stallman's right, you know...

[MadAhab]

Of course they can. But the fact is, that Windows users were shit out of luck for a long time. Not because MS didn't have the programming muscle, but because they refused to do anything about TCP/IP until it was clear that they were going to lose the network protocol battle. Two words: Trumpet Winsock, motherfucker.

You're right, you don't have to go looking for trouble that doesn't exist, because the facts are that Microsoft was already years behind in developing a TCP/IP stack, thus the use of BSD code. The only reason they were "behind" is that TCP/IP became the de facto network protocol, and the only reason it did so is that it was a freely available university by-product.

I don't know what dumb fuck moderator gave you +1 Insightful, except one saying to himself "See, I'm not biased against Microsoft!". I'm not against them, either, but there's no point in trying to shine a turd.

Re:Stallman's right, you know...

[singularity]

No, publically funded code should end up in the public's hands. The last I checked, Microsoft was part of the "public." According to the government, they pay taxes every year based on the government's way of determining corporate tax (in addition to the numerous taxes paid each year by stockholders and others)

So Microsoft, for example, is helping to fund research at public institutions just like everyone else.

As a result, they should have free access to do whatever they want with the code. If they want to sell it with the latest copy of Windows, let them.

At the same time, though, everyone else should have that same access to the code.

Trying to treat big businesses differently will only come back to smack you in the face, and will only cause more problems.

Re:Stallman's right, you know...

[WNight]

Well, someone could take the public domain results and co-license them under the GPL, but this isn't a problem because people could still go get the original public domain version.

Re:Stallman's right, you know...

[praedor]

No they would not have developed a proper stack. Gates and M$ didn't even recognize the "internet" as important until recently. That means that if they hadn't done what they ALWAYS do and taken someone else's work (creating NOTHING themselves) they would be SOL. They CAN'T create anything. The entire M$ enterprise is about buying/stealing/pirating OTHER people's work. If they hadn't taken the TCPIP stack from BSD, they would either have had to take it from someone else or do without.

There is NO innovation/creation at M$, only taking, stealing, buying the innovations and creations of others.

M$ wouldn't even exist at all if not for taking the creations/ideas of others as the sole source of their product.

WinInfo goofball

[kyras]

...and I quote:

For example, generalities (like "Windows is more secure than Linux") are barely defensible.[...] What I am trying to say is that Linux is not more secure than Windows.

So windows is not more secure than linux, and linux is not more secure than windows. They're exactly equal in security? Huh?

Re:WinInfo goofball

[NonSequor]

No, it's just that security isn't easily quantifiable. As a result it's unwise to make claims like "X is more secure than Y."

That's not your head...

[Cato+the+Elder]

Here is the link to Paul Thorrott's response since I couldn't find it in the slashback.

I agree it's too bad he got a lot of "frothing" email. But I hardly think this response is a model of rationality either. He makes the point that compaines bet their future on Windows, and it wouldn't be true if it were "really so insecure." The same could be said about Linux. The fact that something is usuable does not mean it is more or less secure.

He states What I am trying to say is that Linux is not more secure than Windows. It's impossible.

That makes no sense. Of course it is possible for one system to be more secure than another. Maybe he means that you either are or aren't secure. OK, that's a valid point, but looking at the number of flaws discovered for a system in a given year gives you some idea of how likely it is that a new security flaw will be introduced in the future.

He also argues that fewer Linux vunerabilities are found because it is less widely deployed. I also think that this argument is invalid. Yes, fewer automated exploits are written against Linux vunerabilities because of this. Sure, this is why fewer Linux systems are broken into. However, I would argue that the communities of people who look for security vunerabilities on Windows and Linux are of comparable size, and large enough to find a comparable percentage of flaws.

The fact is, his original Short Take was simply blatantly incorrect in stating that for "the previous 5 years--for which the data is more complete--also shows that each year, Win2K and Windows NT had far fewer security vulnerabilities than Linux" The only way you can come up with that is by adding the numbers for each distrubution together, which is ridiculous (this same issue came up last summer).

Yes, the numbers show Win 2K beating RedHat last year. They also show a troubling increase in the number of Linux bugs in general. No, this issue shouldn't be dismissed out of hand. Yes, I'm sure a lot of people were offended by this article because they thought with their heart. However, I would hardly call putting out insultingly incorrect statements "thinking with your head"

Re:That's not your head...

[Cato+the+Elder]

A lot of the Linux "exploits" are very subtle, and very difficult to exploit.

I have to vehemently disagree. That "very difficult to exploit" line is a part of the standard Microsoft vunerability report. It's crap there, and it's crap here. Now matter how difficult something is to exploit, only one person has to figure out how to do it and script it. After that, it becomes easy.

Re:That's not your head...

[Mr+Z]

Even with a script, some things are much more difficult to exploit than others. Some holes require local access, a specific set of configuration options, or some other timing aspect to key off of. For instance, heap-overflow attacks require that the overflowable buffer get allocated next to something interesting, which, depending on the program, may or may not happen the bulk of the time.

Compare this to a remote-root overflow vulnerability in telnet that merely requires sending 1000 bytes to in.telnetd over a remote link. No local account needed, no special configuration, and works every time.

So, I'd have to disagree with you -- some flaws are much harder to exploit than others.

This is why, for instance, people harden their machines in various manners -- making the root fs read-only, removing exec permission for the stack, /tmp (and in draconian circumstances) the home areas, and so on. You lock down as many things as you can, making it less easy to script and mount an attack.

--Joe

Re:That's not your head...

[Cato+the+Elder]

I never said that some flaws weren't harder to exploit than others, I just said that it is invalid to say that a system is secure because its flaws are "hard to exploit."

A hole that requires local access is less severe than one that does not, because it has a precondition. However, it is still serious, since it means that anyone who can compromise a local account can compromise the entire machine.

A hole that only occurs with a specific set of configuration options should not be counted as a distrubution/package hole unless those are the options it ships with. Issues like this are the reason for the big disclaimer on SecurityFocus about not using the numbers to draw conclusions about the security of operating system. Also, even given this, it's remarkably easy to write exploits. My home machine sees periodic queries that I'm pretty sure are testing to see if I'm vunerable to the SSH1 bug.

A heap-overflow attack can be executed repeatedly by a cron job, as can attacks that rely on modifying files created in the /tmp directory before they are used. Again, this is a less severe case because automated attempts like that are easier to detect, but it is still a security flaw that needs to be dealt with.

I agree that hardening your machine (for instance, removing the exec bit from stack pages) is a great idea. I think one of the reasons Linux _is_ more secure that Windows is that it is both by default more hardened and easier to harden.

I suppose part of this is a question of what is meant by "hard." If you mean (as I thought the first responder did) that "it is hard to create an exploit that could work" then I think that that is invalid. However, if you mean "the probability of a well-coded exploit succeding is reduced" then that does give you some measure of security. The second is the basis behind improving the randomness of sequence number generation in TCP, for instance.

Re:That's not your head...

[supersnail]

.

As someone who works in very large corperations I would say two things are generally true about MS software.

It is widly deployed in 99% of large corperations.

It is not used for "betting thier entire business" applications in 99% of large corperations.

MS software is used for word processing, mail clients, non critical web servers, spread sheets, non critical databases and (probably its most important functions) terminal and X windows emulation.

Applications like warehousing, billing, accounts, order processing, important web servers are run on (in orderof usage) OS/390, Sun Solaris, AS/400, AIX, OpenVMS, HP/UX, etc.etc.

This is all besed on personal observation but I am sure most IT professionals working in Fortune 500 companies would agree with these observations.

Harlan Ellison link

[DaSyonic]

The "Harlan Ellison" link points back to Slashdot. It should point to: http://slashdot.org/article.pl?sid=01/03/08/015920 0&mode=nested

For those of us that had no idea what they were talking about...

Mars

[BigBir3d]

Why go again? All of these missions to moons or planets just turn into a really expensive way to litter. If these things came back, that would be worth it. The learning of how to design spacecraft would be greatly advanced if something came back into Earth orbit, was retrieved by a shuttle, and brought back to a lab on Earth to be tested. Maybe then, NASA could learn from their mistakes, and design something that actually works, all the time, as designed. We spend billions of dolllars on a budget that sends things into space, and hope/pray it woorks, without really knowing. And accepting the fact that it will not be comng back?! And why do we want to learn so much about Mars? To colonize it? That would be a disaster with current technology, and thinking, at NASA. Not to mentio the problems we have on Earth currently. How about pushing the focus of living on Mars, to that of living on a clean Earth? We are starting to go on the right direction. Fix us first, then colonize.

Re:Mars

[sigwinch]

If these things came back, that would be worth it. The learning of how to design spacecraft would be greatly advanced if something came back into Earth orbit, was retrieved by a shuttle, and brought back to a lab on Earth to be tested.

Return trips are very, very, very expensive, and you don't get much more information than you get from good laboratory work.

Maybe then, NASA could learn from their mistakes, and design something that actually works, all the time, as designed.

Better is the enemy of good, and what we have now is good enough to do anything we want to do. What is lacking is the will to do it.

How about pushing the focus of living on Mars, to that of living on a clean Earth?

Beaming energy down from solar collectors would go a long way towards having a clean Earth, and it would greatly cheapen access to space. You're also ignoring the fact that a little pollution (or even a lot) isn't the most serious risk to the Earth: asteroid impacts are.

Personally I favor the Moon over Mars. It has enough gravity that industrial operations aren't inconvenient, yet not so much that landing and launching are overly expensive. Lunar space elevators are also vastly easier than for even Mars; and Lunar rotavators are doable with known materials. The lack of an atmosphere means you don't have to put up with year-long dust storms. It's close enough to Earth that radiation exposure on the trip there isn't a serious problem, and the trip itself is doable by ordinary people. The major downside (might) be the lack of water.

Sillyscope

[TheSHAD0W]

Those pics of the 802.11b hub's emissions were from a spectrum analyzer, not an oscilloscope.

Re:Sillyscope

Yup. And it's worth mentioning that that sort of a mess is what results when you "tweak" pretty well any transmitter blindly.

Adjusting any RF equipment simply for "maximum output power" is a classic no-no: a power meter only tells you the total RF that is being emitted, not how much of it is being emitted where it's actually supposed to be. It's actually possible in some cases to decrease the power output in the frequency band you want, even while increasing the overall power output.

Harlan Ellison's battle copyright infringers

[karmma]

Read on below to find out more about Harlan Ellison's battle copyright infringers

hmmm... are "battle infringers" like Battle Bots? Are they now putting copyright infringers in a closed arena and letting them pound each other?

Sounds like an idea hatched by the RIAA. :-)

Public Survey [Space]

[ImaLamer]

over 54,000 replies!

Wow! 54,000... all linked from slashdot. At least 57% wanted the 'www' to provide space exploration information.

Maybe pop-ups and banner ads? Flash and techno beats? Maybe a popular boy band?

Right now you've only got 54,000 people at the site [or more, these people didn't feel the need to provide input]. Space is Cool![tm]

When will it catch on?

"Next stop telepathy"?

[Winged+Cat]

Well, I can certainly imagine an experiment where two or more people had implants connected to their nervous systems that could send and receive signals over this new bandwidth - even if you could only have "on" and "off", you could still use Morse code or something - but I don't see this being directly suggested by that entry...

Remarq

[acceleriter]

Boy, am I glad I dumped them. When someone like them in an industry caves to something like that, it opens the door for all the other mickey mouse authors to whine "my stuff is being pirated, my stuff is being pirated" like Chicken Little, causing other providers to have to agree. They'll probably have to raise their already too-high prices to pay for this "copyright liaison" for Whorelan Ellison.

Where does it lead? You guessed it. DEATH OF USENET. FILM AT 11.

What I wanted more of:

[ImaLamer]

Establish permanent robotic outposts on other planets 4.8 12%

Tied with "Learn lessons about the Earth by studying other planets" for overall score [4.8]. But lost to Colonization and Safety. Both considerable needs, but I see outposts as gateways to other areas.

If we started with the ISS, and moved to outposts on Mars [the top vote getter]. Where else can we go? We can move further out, maybe even establish communities on the way.

Why not?

Bio-domes. Whatever. But having those stepping stones is what is important. Go from ISS, to the Moon to Mars. Let's get past BattleBots and Robotica. US First, or First as it's now known shows potential for being able to develop robots who help each other solve problems.

Let's see a prime time game show which has something to build and have people try to build it. NASA should fund robotic development in order to have these outposts and stepping stones.

Where are we? Not close. Could we be a lot closer? I think so.

my 2 sense.

nasa will be around forever

[dcstimm]

When I think of the name Nasa I think of a company that will never go out of business, I believe that because it basicly has no competition. Why is nasa the only company sending people to space(in the us?) hopefully some day it will be as common as our airports. We need competition, I bet if nasa had competition we would already be on mars. thats just my two sence

Move on folks, there's nothing to see here.

[AltGrendel]

I agree with you. Maybe if it had been broken down by distro I would have been able to take it somewhat seriously.If his reply had been posted on /. it would have been marked as flamebait.

Remember when Harlan Ellison was *GOOD?*

[dr_eaerth]

Ellison has reached a settlement with Critical Path Inc. who will create software that enables Ellison to immediately delete postings of his work on the RemarQ service.

I could barely give a crap about Harlan having ubercancel powers over Supernews's servers, except as it leads to this:

There's a reason that usenet servers almost never respect cancels, and that's frivolous cancelling. It's destroyed froups in the past. Now once Supernews engineers their servers to allow Harlan to cancel any posting he has a personal problem with, there's no reason why others can't also have this power. Universal Music Group will ask for the same thing, followed by all the RIAA. And so on and so forth.

If Critical Path gives it them (and why wouldn't they?), Supernews will turn into a wasteland with as close to 0% binary completion as makes no odds. Harlan has gutted his chosen usenet service.

Next stop for me, Giganews. At least until Harlan gets to them.

Re:Remember when Harlan Ellison was *GOOD?*

[tkrotchko]

"Remember when Harlan Ellison was *GOOD?* "

Frankly, no.

Re:Remember when Harlan Ellison was *GOOD?*

[poot_rootbeer]

There's a reason that usenet servers almost
never respect cancels, and that's frivolous
cancelling.

Actually, in my experience every news server I've used respects 'cancel' control-messages, provided they appear to actually be from the sender of the message to be cancelled (i.e., not forgeries). This is extremely useful -- everyone occasionally sends out a message that they wish they hadn't.

The problem in the case with Ellison and Remarq is that they're letting him cancel ANY message posted by ANYONE, provided Ellison claims that the message contains his copyrighted content. That's a dangerous precedent to set.

And to be honest, I wouldn't cry if copyright holders destroyed the binary groups of Usenet forever--it's a rare file that makes it to my news server with all parts intact anyway, and far rarer for that file not to be a copyright violation.

source code and universities

[White+Shadow]

To my knowledge, my school doesn't have any policies about source code. I've asked two different professors about it and they're not sure. So since I have to write programs for homework, I've started to include the BSD license on everything I write, just to be safe. Maybe it wouldn't hold up in court, but it seems like a safe thing to do in case it comes up (who knows, someone may want the tetris game I wrote for OpenGL class).

Nasa Survey

[mbrod]

The results are in and we are -

Male (over 90% WHOA!)

Educated

Going to Mars

and online way too much

First Easter Egg??

[charon_on_acheron]

The 30 Secrets of Atari mentions one of the game designers, Warren Robinett, secretly signing a game, because the company policy was to have "no author credit for game designers." The statement finishes, "The popularity of Robinett's "easter egg" prompted Atari to release future games with similar surprises deliberately inserted."

Is this the first recorded easter egg in software? Or were there prior ones?

linux / windows security

[wiswaud]

I'd say one hell of a reason to say that linux is more secure, by a longshot, is the control you have over it. A hole exists in IIS, for example, allowing anyone to look at all files on your system. Crackers found the hole and decide to play with it. They might play with it for months, possibly stealing a heap of documents from you. Then someone else discovers it and publicizes it. How much more time before you get a fix from M$? They might first say it's not a hole. Then they'll admit it at some point. Then they'll get to the patch. This is either time where you take the risk of leaving your server open, or accept downtime.
On Linux: first, there's people looking at the code of Apache out of Apache: it's so much easier to find holes by looking at the code than from the outside (which might be reason #1 that holes make it to things like bugtrak more often!), so you have a good chance that more people will find the hole, which makes your chances higher that someone nice will be among the bunch, which means it's publicized more quickly.
Then you can very, very easily down- or side-grade to a version that doesn't have the hole, and in any case, chances are a new version will be out within hours!!!
So chance of being cracked are very much lower. And i call that higher security.
Another thing to consider is the fact that you should look at the holes discovered in, say only a specific set of versions of Debian 2.2 for example. Then the # goes down significantly. Looking at all linux bugs vs windows bugs would be like having people running ALL builds of ALL windows versions around the world: wouldn't they find HEAPS and TONS of bugs and holes then?

If you want to be serious, look at Windows 2k vs Debian 2.2 (again, for example, you pick one), and look at bugs that would actually have had any time period in which it could have been exploited before a fix was available. They weren't serious about this.

thinking with my head...

[s4m7]

...brings me to an obvious conclusion. a computer system is not made secure by the default settings of the operating system. A computer system is made secure through unending toil on the part of the system administrator.

Rather than counting the number of vulnerabilities that were reported-- a number easily skewed by the size and knowledgeability of the user base-- the only sure measure would be percentage of deployed systems compromised, a number that most companies would not readily admit.

The linux community has more eyes looking at security issues, more hands to post bug reports and more minds to fix them. Source is available for all to peruse, and bug reports come in often and highly detailed. This makes the job of the dilligent sysadmin a good deal easier by any standard.

RMS and writing free software

[The+Ape+With+No+Name]

Bullshit. You can work for a university and write free code. We do it here and have no problems. Of course, I release everything under the BSD license. No. I won't tell you what I work on as the university doesn't endorse it.

sci fi authors

[guinsu]

Its funny how sci fi authors are the ones to fight back the hardest when a new technology comes along that disrupts their lives. Not that I don't think Ellison should get paid for his work, but you'd think someone as imaginative as him would find a way to adapt to the new medium instead of cutting it off completely.

Comment removed

[account_deleted]

Comment removed based on user account deletion

What about growing stuff?

[Goonie]

The 28-earth-day day is going to make it bloody difficult to grow food on the Moon. Space transportation makes it rather expensive to import all your foodstuffs, particularly if they have to be launched from Earth (rather than, well, Mars).

Re:What about growing stuff?

[sigwinch]

Food is a minor point: you'll freeze before you have to worry about the plants not growing. So you *have* to have a reliable electricity supply.

Phase I: Fission reactors. Two or three fission reactors (for redundancy) can supply heat and electricity for a small town. U.S. Navy submarine reactors would be a likely choice.

Phase II: Polar solar ring. Put a series of photovoltaic arrays around one of the poles, connecting them with a network of AC power lines. Putting the city at the pole minimizes power line length. As a bonus, the poles are likeliest to have water, esp. the crater centered on the south pole.

Phase III: Fission reactors, fusion reactors, or orbiting solar collectors -- whichever is cheapest at the time -- to support heavy industry and larger populations.

And don't discount supply shipments from Earth for the first years of operation. Most supplies can withstand huge accelerations, and an electromagnetic launcher would have a very low marginal cost of operation.

Jobs and Wozniak?

[PhotoGuy]

I had always pictured Wozniak as the tehcnical genius behind Apple, Jobs as the guy who was btter able to commercialize and sell the product. But both as key partners, and ethical in their behaviour.

I've read Jobs is hard on his employees, but I've seen that some of the best and most successful leaders sometimes are.

Then I read this:

Bushnell assigned Steve Jobs to design the circuitry for Breakout, but it was too difficult for Jobs. He asked his friend (and Apple co-founder) Steve Wozniak to help, and promised to split the payment from Bushnell. Wozniak did it in four days and was paid $350. But it turned out that Bushnell actually paid $5,000 for Breakout -- Jobs pocketed the remaining $4,650.

Now, over the years, partially due to misrepresentations of myself in the media, I've learned to take public reports with a grain of salt. Anyone have any confirmation or details on the above statement?

My opinion of Wozniak (which couldn't be higher), wouldn't be harmed; but my business admiration for Jobs would be seriously affected if this were true. I don't mind business people being harsh, as long as they're fair, and this most certainly wouldn't have been, if it were true.

(On the other hand, I've seen people with big egos justify in their own mind that they were due the majority of the benefit, while "worker bees" did all the work. So it might just be a case of that...)

-me

Re:Jobs and Wozniak?

[PhotoGuy]

For those not taking the time to dig it up themselves, on woz.com:

I was hurt in later years when I heard that Steve was paid more than he'd told me, and I don't think that I hurt easily. But it was a long time ago and I prefer to get away from it. Steve has always been a good friend to me in many ways more than just palling around. It's so ancient that maybe it didn't happen, and maybe the Atari people that said it and wrote it were wrong in their own memories. I do believe that this is possible. Also, if my own self, or my own children, or my own friends did such a thing in their life, it's easy to excuse it if the circumstances were as I described. It's not 'necessarily' akin to stealing. If there was some dishonesty, I'm over that. Who hasn't done some things that would be considered bad, anyway? I doubt that I'd find such a person interesting.

Ouch! What a guy! From my perspective, that only enhances my view of Woz, and diminishes that of Jobs. He discovered Jobs probably screwed him, but prefers to make bygones be bygones. Maybe he's just naive, or maybe he's just a great guy (I really suspect the latter). I hope to be that big a man someday about folks who have screwed me over in my career.

More power to the Woz. He exudes hard work, talent, integrity, caring, and understanding. We should all do so well to live up to that.

I used to get a chuckle out of the Simpeons' line, regarding the US festival, "the guy from *what* computer?" But the guy was obviously trying to make a difference and have an impact on society back then, just as he does now in more personal ways through his teaching career. He's one of the few real heroes out there in this industry. I raise a glass to you, Woz...

-me

Re:Jobs and Wozniak?

[PhotoGuy]

I don't have any evidence to show you but yes its true and Woz has already long ago forgiven Jobs for it.

As I indicate in another post, I see this is indeed true.

Maybe Woz has forgiven Jobs, but I haven't! :-) Maybe someday I'll be as big a man as Woz...

-me

Re:Jobs and Wozniak?

[afidel]

hey if it's all about the cahs, and not the friendship, then woz has nothing to complain about, he's so rich he could never spend it all. If it is about the friendship than only woz can decide the situation, and he aparently has.

Re:Jobs and Wozniak?

[cpt+kangarooski]

Where did you get that impression from?

The Woz has a decent amount of money, certainly more than I have, but between his giving away stock to Apple employees who were shafted on the IPO, and his divorce, he really hasn't got as much as you'd think. Certainly not compared to billionare Steve Jobs.

Woz is young enough still that he likely will spend it all; so here's hoping his new company goes well.

Re:Jobs and Wozniak?

[Rocketboy]

Jobs is a good businessman

This is an example of the type of behavior a 'good businessman' exhibits? God save us from 'good businessmen'. Or rather, God save them: I have a feeling they're going to need it more than I will. I have a .357...

No, I don't, really. ;)

Well, maybe not. It's the uncertainty that makes things interesting, isn't it?

Re:Jobs and Wozniak?

[gosand]

Maybe he's just naive, or maybe he's just a great guy (I really suspect the latter).

Or maybe he realizes that they are both so friggin rich now that it doesn't matter. I bet if he was having trouble paying the rent, he would be a little more hurt. It is easy to let something go when you don't need it anymore. Don't get me wrong, I am sure he is a great guy, and I respect him, but NOW is it easy to get over it. I wonder how things would have turned out if he would have found out back then...

Xerox is ubiquitous

[HardCase]

If you're writing Tetris® games, you're either working for the Tetris Company or violating a trademark. "Tetris" is to tetramino game as "Xerox" is to photocopier. Would you say "I built a Xerox® machine for a senior project"?

Well, no, I wouldn't say that I built a Xerox® machine...I'd say that I built a xerox machine. Xerox has become one of those ubiquitous words in our lexicon. A Canon copy machine sits around the corner from my office. When I go to make a copy, I generally don't say that I'm going to go make a xerographic copy...I say that I'm going to go make a xerox. And so do most of the people I know.

-h-

Admirable... but...

[ebbomega]

I like the idea, but only if four years down the road everybody realizes that the latter of the two laws is pointless and serves nobody except for lobbyists and the law gets wiped out of existence. Because, quite frankly, this debate has been going on for a helluva long time, ever since the Error 23 debates on C64s. Should a publisher still maintain distributive control once they've sold the product? I mean, if I pay $80 for my latest Expansion kit for Diablo II, I should bloody well be allowed to do whatever I want with it and not face any type of litigation . I'm not saying that I will in this day & age, because, well, software pirating is so common that it's a moot point these days, but the corporations are still looking for ways to stop people from doing it (Copy-protected CDs, .nap audio file compression, and the list goes on). Software companies it seems learned a long time ago to give up on cracking down on software pirating, but it seems that peripheral companies that are now being affected by the technological boom, and thus the subculture of free-access-to-anything that has spawned out of the internet, and so now _they_ get to do the same. The only problem is, because, unlike software companies in the 80's, they already have a firm stranglehold on the corporate universe, so they make a lot more noise when their company becomes obsolete.

Personally, I'd rather just see this be the end of Record Companies altogether. The courts seem to be attempting to crutch them, when in reality, they don't realize that what's happening is that they no longer have a purpose, and as such we have no reason to keep giving them money. The industry as an industry is dying. Maybe now Music can become art again.

Alright. This article seems dead now, though, so I'll stop ranting.

Win/Lin Security

[ellem]

This guy is totally, irrevocably insane.

When a .bat file can wipe your harddrive you don't have any security.

Windows is targetted more often becuase it is easy -- end of story.

Here's a phrase Windows should look into -- Permission denied

Re:Win/Lin Security

[buffy]

When a .bat file can wipe your harddrive you don't have any security.

Hmm...making a similar generality one could retort:

"When a init.d script can wipe your harddrive you don't have any security."

The real point you're trying to make is--when it is so dirt simple to make AND remotely install a .bat file to wipe your harddrive, you don't have any security.

Just makin' the statement a little more precise.

And yes, I am a right-brained word fettishist. ;)

Next stop is telepathy ?

[Alien54]

No. The next stop is borgification, right after they figure out how to fix buffer overflow problems in the brain when it is hardwired to the internet.

You merely _think_ you have problems now.

Telepathy comes much later, mostly due to the bandwidth issues.

Changing WAP11 power output.

[funky+womble]

WAP11 tuning can (and should) be done a bit more carefully than just opening up the SNMP utility and typing '80' in all the boxes.

Looking at different values and monitoring with wlanexpert I see that on my WAP11s, near the factory setting the adjustment is very sensitive (i.e. small change in CR31 = large change in signal strength). The 20-30 values around it (maybe something like B0-C8 on the AP I have been testing) account for about 7-8dBm of difference.

CR31 settings outside this range have much less effect on signal strength - perhaps 1-2dBm.

I would be interested to know how clean the output is when the amplifier is set to the lowest amount (i.e. highest CR31 value) for the maximum signal strength measured.

I assume that above this value there will be a lot of distortion. (I'm not an RF engineer and would appreciate comments from anyone who is, but I assume it is similar to audio amplification - if so, imagine you have an amplifier and the inputs are turned up much louder than can be handled - the output doesn't get louder, it just gets more and more distorted. I assume that the situation here is similar.)

The question I would like to have answered is, at this value, is there still a serious amount of power into the sidebands? (Answering this requires access to a spectrum analyser - so this is just a question not a suggestion! Still, setting like this is at least not likely to cause worse problems than setting at 80, and isn't going to reduce the range).

Values below 80 react quite strangely, I didn't test very much since I found many values reducing power below the card's sensitivity (so I had to run up and down several flights of stairs to reset CR31 from the wired lan, which was very good exercise!). So...

People who want to reduce the power output to the minimum, possibly to keep the footprint of their WLAN as low as possible maybe to avoid interfering with neighbours, or so that passers-by are less likely to stumble across it, should definitely try different values below 80 as well as above 80 - at least on my boxes <80 is not a mirror of >80. (and use carefully positioned carefully chosen antennas, turn off SSID broadcasts, enable WEP, etc.)

I hope that everybody noted their default settings before modifying CR31 ;-) My two boxes (bought at the same time) came set to ...

c7-c7-c7-c7-c5-c3-c1-c1-bf-bf-bf-bf-bf-be
c7-c7-c7-c7-c7-c5-c3-c3-c1-c1-c1-c1-c1-c1

So this definitely seems to be done per-unit and not per-batch. (And, these are different to figures I've seen quoted in mailing list posts).

Presumably they are factory-tuned for the best trade-off between good range and a clean signal, without putting too much power into the sidebands, and probably with a safety margin so that this remains true while the unit ages and if it's operated in different temperatures (electronic components are not at exactly the rated value, they are usually within a certain tolerance, the software setting is to account for this - in other designs this might be done using, for example, variable resistors). And obviously the factory settings will be tuned to ensure that the unit is within FCC limits (for example, ensuring that transmissions stay within the ISM band so you're not broadcasting into licensed bands without a license, which you might be if you adjust CR31 without testing with proper equipment or filtering to remove out-of-band transmissions).

Re:At least ...

[afidel]

This goes to prove my point, the geeks shall inherit the Earth.

Shouldn't that be "This goes to prove my point, the geeks shall inherit Mars."

Head back to 1973

[Raunchola]

"Is this the first recorded easter egg in software? Or were there prior ones?"

Looks like the first recorded easter egg was back in 1973. Are there any eggs that pre-date this?

Re:Harlan, the ugly truth

[KillerKane]

I don't usually take the flamebait, but you're not only wrong, you're so wrong, that as Walter Huston said in "The Treasure of the Sierra Madre", "You're so wrong there's nothing to compare you to!"

Ellison as a writer is uneven. Some of his early work is brilliant, some is crap. Ellison as an editor is why we're not still reading either space opera or artless thought experiments that are neither art or literature.

Dangerous Visions, the series he edited over 30 years ago, broke ground that no one else had the guts to tread upon. More than anyone, he opened the door to the writers who would challenge their readers on levels more fundamental than "Ooh! What if there was a whole world in zero gee..." yadayada.

He also wrote two of the best Outer Limits episodes: Demon with a Glass Hand and Soldier, both of which won deserved Hugos. So blow me. End of rant.

Re:The Charity of Harlan

[Cplus]

Almost a great correction, but you forgot the html, genius:

http://harlanellison.com/kick/

Now run along before you are destroyed.

My name's Paul Thurrott

[ader]

I recently wrote an article asserting that Windows was more secure than Linux because the stats say it is so. But guess what, it was all just a big joke! I was teasin' ya! But I stand by it. Well, maybe not the bit about Windows being more secure than Linux. Or vice-versa. Or any of my other points, because obviously they were all based on wild or false suppositions (not surprising when I pulled them out of the same place I put my suppositories). Hey, ya rumbled me - congrats! Let's forget about it.

Anyway, here's a few more crazy ideas: you can't state anything categorical about Linux security, and Windows works just fine, and if the world used Linux then my crystal ball says it wouldn't be any better.

OK, I'm still fooling with ya! You rumbled me again, well done. It wasn't my crystal ball I was looking into at all.

But let me just say: think with your head, not your heart. Or your ass. Especially not your ass. Let this be a valuable lesson. And thank me for illustrating it so clearly for you.

Ciao,
Paul

Oscilloscope trace

[B'Trey]

&lt anal whining &gt That's not an oscilloscope trace. It's a spectrum analyzer. &lt /anal whining &gt

Will someone tell Harlan

[farrellj]

"CODING IS NOT A CRIME" - EFF

Please don't go an sue Gutenberg too!

And go to

http://pub53.ezboard.com/bkickinternetpiracy

And tell Harland & Co why they are wrong.

ttyl
Farrell

WAP 11 Dirty Output

[pcjunky]

The Spectrum analyzer traces I get from my WAP 11 don't show this out of band noise. Maybe you have a bad unit. I'll follow up with Pics later tonight.

It's true.

[Wntrmute]

And those figures are correct. Woz would find out when another Apple employee was reading a book on the history of Atari on an airplane. He rightfully felt betrayed.

The Apple story is a rather facinating one. I'd recommend Michael Malone's book, Infinite Loop.

In this book he also reveals the true story of the origin of the Mac, and Jobs' trip to Xerox PARC. And it's not even close to the common myth about Apple discovering the GUI there. (The Lisa and Mac projects were already underway by the time Jobs went to PARC. This, and the writings of Apple employee Jef Raskin. who envisioned the concept of a GUI while in college, are why Apple won the lawsuit against them from Xerox.)

Re:Freudian slip

[MaxVlast]

You know, that's what I find amazing. It just _doesn't_ work! I installed Windows 2000 on a PC to see what all of the fuss was about. The install wasn't hard at all, but as I got my TV card to work, installed drivers and software, I was struck by the fact that it actually doesn't work. It kinda works sometimes, but most of the time, it's just really broken.

A friend of mine with a Win98 laptop wanted me to set up a shared folder for him. It was a nightmare. We had to plunge into ridiculous windows domains, and all sorts of fuss. What made it worse was that when he mapped the folder as a drive, it didn't work in DOS.

It just doesn't work. And when you lean on it really hard, it gives up and goes home.

Re:Freudian slip

[MaxVlast]

For the sharing thing, it's more complicated than that. The problem is that sharing just sucks. Particularly on the part of Win98. It's all voodoo.

The TV card kinda works now. There are drivers, but they're nowhere as good at the BT848 for Linux.

I'm sorry, but W2k just doesn't work as a client. I can't tell you how many times I've been using the Explorer (for web or files) hard and it just fails. Stops working, craps out, locks the whole interface, just breaks. It sucks. It sucks all over the place. The problems aren't predictable (like they are on the Mac -- I can deal with problems that I know how to avoid.) On Linux, I know when it'll break. On Windows it could be fine one minute, and go straight to hell a minute later.

Swimming the internet

[Alsee]

Critical Path Inc. who will create software that enables Ellison to immediately delete postings of his work on the RemarQ service.

Joe Garelli, News Radio: "You can't take something off the Internet! It's like taking pee
out of a swimming pool."

-