The bank knows the ID of the token in question, and the keys it should return. The MIM/proxy does not. If the end user establishes a secure connection to the bank, the proxy in the middle will still not be able to use the encrypted data exchanged between the two points.
The proxy can only effectively make an attack if the user accepts an unsecured connection. If not, the MIM/proxy is not in possession of the keys needed to lure information out of the encrypted traffic.
Calm down. Take another cup of coffee. I ment no disrespect. I simply observed that the proposed solution was of a rather technical nature... and that "common people" would not be able to use it by themselves.:-)
But we do link to pages connected to peoples userprofiles, and which require a valid logon. Like Slashdot we offer the option to use a "never ending logon" without expiration (using a cookie).
There are many benefits in such personalized links, and the banks could use them without danger if only the authentication method was secure.
I am pretty sure that neither my mom, aunt, or even my boss would ever install a plugin where the terms "HTTP", "AJAX", or other techno-babble words were involved.
Besides - why sign *all* the traffic when all that is really needed is to digitally sign (and encrypt) the two parties involved in the transaction?
Are you seriously suggesting we totally abandon the use of anchor-tags in HTML mails?
I would't call that a "fix". I would call it a "work-around" with a heavy negative inpact on usability.
Our company and our customers send tons of HTML formatted mails with anchor-tags. Allmost all of them are individual links to specialized content targeted each reciever. It would be devestating for the end-users if we were to abandon these specialized anchor-tags.
Most modern phising is done very professionally, and the pages totally mimic the real thing. I recently received a phising e-mail regarding PayPal accounts and out of curiosity I took a look at it. The result was shocking. The page I was directed to was an exact duplicate of the real PayPal system. The link I followed did not use scripting. It did belong to the wrong domain, but most normal users would not have noticed it. Copy-pasting the link would not have made any difference.
The "fix" against phising is a better authentication method.
For some reason, many banks and payment providers in the US only use username/password (one-factor) authentication. In Europe most banks use at least a 2-factor security system, where the logon information is combined with either a physical security token (RSA or similar), an encryption key file, a supplemental 6 digit PIN sent by SMS to the user, etc.
The whole approach attempting to eliminate phising by filtering webpages, making fancy browser plugings or stuff a lot of security-bloatware on the computers is essentially wrong. The only reason simple phising attacks work is because the authentication mechanism is way too simple.
Adding another factor of security to the systems is a trivial task in terms of programming and implementation. And it works - the European home banking systems are the proof of that.
Phising gets a lot more difficult when SMS messages, encryption keys or physical tokens are involved in the logon procedure. Since all these methods have been well explained and documented in books ranging back to the early 80's, I really don't understand why these simple methods are so largely ignored...
The fact that we rely on software principles (and operating system principles) in which an "buffer overflow error" even exists and can be exploited, is clear a sign that we still have a lot to learn about designing software.
With the right design pattern or the right foundation, it should be possible to avoid all this fuzz, where errors in programming code can be exploited as means to get deeper access into a computer or the core of an OS.
While Linux/Unix is generally considered "more secure" it is still not at all "totally secure".
I am not saying that I have a solution. Or that the task is easy. I am simply saying that in the future (maybe a decade or two from now) we will hopefully be ROTFL over the fact that we used to live in a world where SSH processes could compromise a server, an e-Mail could compromise an entire desktop PC, and a browser could compromise just about everything...
Sarcasm aside, the point is: It is not standard support you get with the product when you buy it. No consumer or business gets this support simply by purchasing the software "as is".
"Premier support" is available for every major software product - not only Microsoft. You can get that level of support for all major Linux distributions, OSX, Microsoft products, and most other commercial software.
The argument that Microsoft products are better supported is invalid as a general argument, because that level of support is not available to common users. It is - exactly as you describe it - a "Premier" service for those willing to pay.
Since such services are available for practically all serious software (including, but not limited to, both FOSS and Microsoft software) the existence of such support is not an argument in itself.
Comparing the use of an unsupported Open Office package to a Microsoft Office with "Premier support" is hardly fair. A fair comparison is this:
(Microsoft Office with totally normal license and conditions) = (Open Office "as is" downloaded free off the web)
(Microsoft Office with Premier Support) = (Open Office with Enterprise support from a Linux/FOOS distributor)
The very least you could do is keep the debate serious and sober.
I believe you are essentially wrong for many reasons.
Like the person who you are replying to said, and you ignored,
I did not ignore anything. I tried to explain the reason behind my arguments. I clearly failed in reaching that objective, since you totally missed the points and continue with rude, selfish and shortsighted speeches. I will try again, and hope it gets a little more clear with each posting.
our Minister is required to act in the best interests of furthering the education of New Zealand children. Contributing to Open Source does not do this.
I disagree totally. And the minister would disagree too if he had any senses at all. He must be an educated man so I am pretty sure he would understand the implications if they were explained to him.
Open Source software contributes to New Zealand schools. That is an undisputable fact, since the software will now be used in said schools - encouraged by the Minister of Education. The issue at hand is, that for the many reasons I have explained earlier, New Zealand should return a small contribution to the software and the community from which it now benefits. The relationship between the New Zealand schools and the Open Source software community should be symbiotic in nature. Not parasitic (hard words - yes - but please just follow the analogy).
Helping random communities does not do this.
Ahemm... *NOT* random!!! I am proposing that the New Zealand schools contribute to the projects from which they benefit. That is not random at all.
We have severely underfunded schools, and you in your infinite stupidity are saying "screw them, he should be contributing money to open source".
That is not at all what I am saying. With all respect, please brush up on your English lessons and read the contents of my posts. You have missed close to all the key points in them.
The New Zealand schools may very well be under funded. One of the ways to solve that problem is to reduce IT spending.
I think we would both agree that a modern school can not function without providing basic IT infrastructure to its students. So it is impossible to simply throw away all computers. We need to make them cheaper to purchase and utilize.
One of many solutions is to use Free Open Sorce Software (FOSS). The price tag pretty much speaks for itself. So the schools get the free software, and everybody (except Microsoft) is happy. But wait... were did that software come from? Did it program itself? Was it summomed by magic powers? Was it typed on typewriters by a trillion monkeys until one of them randomly ended up making a large OSX compliant office suite? The answer is: It was programmed by hard working people who contributed to the project. So in essence the New Zealand schools would be in absolutely NO position to get free and open software without this community. Since we have established that the scools cannot exist without this software the only remaing option would be to buy it.
So yes - the New Zealand schools (and therefore the state of New Zealand) owns a favor to that community. You reaped the benefits from its hard work - the very least you could do is be honest about it.
Tax money is NOT something to be handed about to Open Source projects just because.
The reason is not "just because". The reason is that you are using something other people worked hard on. And you should contribute to the continued existence of the projects you now depend on. Being selfish and cheap will not ensure your continued use of free and open software.
Tax money is meant to further our people. Not groups of people all over the world.
I think the important thing in this discussion is the fact that we are talking about the Minister of Education and the state of New Zealand itself.
I think there is a difference between being a normal end-user who downloads and uses FOSS without contributing, and a minister of education who is just being cheap. He is not just a user - he is a very important person as it relates to FOSS. The support and future of FOSS lies with the computer science faculties at the universities, and he is very much in control of the students and teachers at those universities. He should be saying "go make FOSS projects and support the community and the products" - instead of saying "we can't afford the real software so please go find whatever free stuff is available".
In addition I believe the state of a country using FOSS has special obligations too support the products they use. Mainly because it is common since to work on the continued development and increased quality of the digital infrastructure the country is depending on - but also because a state/country should set higher standards than everybody else.
I am surprised that my post is being compared to the RIAA or MPAA. I am no pirate but still hate them both. While I did use the word "leach" I also specifically explained that normal end-users were not in this category. His special position is what makes him a "leach" in this matter.:-)
I disagree - because I think you are missing the context.
I specifically (!!) wrote that I don't believe every end-user should pay. The whole point is that the Minister of Education (of all important people in a state!) is in a unique position to influence the use of of - and contribution to - Open Source Software. And he is absolutely *NOT* just another end-user.
Not only is he an important employee of the state (which I personally believe has a special obligation to contribute to the community when using FOSS because the state should have a very big interest in keeping and support it). He is also the highest authority when it comes to the activities going on at schools and universities. The cornerstone of FOSS development and the foundation of the FOSS community is the educational system - especially the computer science faculties. For that important reason, he should do more than just "leech". I stand by that definition/word in this particular case.
I agree with you that ordinary people should not be obligated to contribute... but I already wrote that in the post you replied to...?;-)
Actually they don't. Thats half of the problem. They expect me to come fix things when they stop working - but spend 69.99$ on a security app that really "does nothing" as far as they are concerned? Never!
So to make matters worse, *I* am the one going down to BestBuy to pick up the latest Trend Micro Take-A-Pill PCCillin (Superinfused edition) because I get tired of saving their machine from the software pests they collect online...:-S
and isn't used much, thus not getting much attention by Malware makers.
Hmm... With all respect, "sequrity by obscurity" (using an obscure OS with an obscure browser) doesn't really get any better by using an opensource OS. It is still not real security, and it is still a bad approach. I want a solution! An implementation, design pattern, method, whatever, that actually fixes the problem. Not a tip on how to use software nobody knows about. The lack of widespread use is not "security".
Yet another piece of software that interferes with my network layer, slows my PC, and eats half my CPU cycles just to keep malware from infecting my machine.
When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?
When more than 50% of the CPU cycles in my PC go to security software (Antivirus, Antiphising, Antispyware, Antiadware, Antifraud, heuristics scanning, SPAM filter, personal firewall, strange DMZ browser-thingeys) during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.
I need an Anti-security-bloatware product. And fast!
Because, as we all know, it is *SO* incredibly easy to get support for your Microsoft Office products when you need it... or when it crashes... or when it corrupts your files...
In fact, they have a massive worldwide callcenter just waiting to help you and everyone else with your MS Office product. (what was the number again? I seem to have misplaced it.) And loads of internet based communities where users help each other with problems. (I forgot the address, could you write it in a post?).
Yes. The great and famous support for MS Office is the reason not to switch to any other product. I agree. Totally.... or something...
You seem to totally miss the point. And I believe you have misunderstood the very foundation of Free and Open Source Software (FOSS).
By using free OpenSource software the minister is saving a shitload of money. Money he would otherwise have to use on commercial software licenses. The only reason he even has the option to save this huge pile of money, is because a lot of other people already donated work, money and resources.
By taking/using the product without contributing anything at all, he and all the schools are guilty of leeching on an otherwise honest and productive community.
If everybody just took the free software without contributing anything, the minister would end up with only the commercial alternative. Contributing to Open Source community is his way of securing that option for the future (as others did before him), and at the same time ensuring continued development of the products that he and his schools now depend on.
You stated:
You hear the "somebody, think of the children" argument a lot these days. But this is one case where it applies well. It is Maharey's job to think of the children. And they are best served by using the money elsewhere.
The best way to ensure that the children and the schools in your country will continue to have a cheap and decent alternative to expensive commercial products is to make a small contribution. He will not be looking after the children's interests if his actions eventually lead to the termination of open source products used in your schools.
I think that contributing 5% of what he otherwise would have been forced to pay for commercial licenses would be a very fine solution. Not to mention a very cheap solution compared to the alternatives. And it would absolutely be beneficial for the children because it would ensure continued development and increased stability of the product he suggests using. Is it that hard to understand the connection?
In addition, one of the alternatives I mentioned was all free in terms of cache: Encourage the universities to make projects and contributions as part of the normal education plan. It would benefit the FOSS project, it is totally free of charge, and very easy to integrate into the normal university education. You seem to ignore that option in your reply.
It is unwise (not to say outright plain stupid) to rely on FOSS without making at least a minor contribution.
I am not saying every soul who downloads NeoOffice or OpenOffice should pay for it. I am saying that a Minister of Education is in a position where simply leeching on the work of others, and being dependant of their goodwill without returning any favors, is a little... shortsighted...
I think it is a good thing that they will attempt to make a switch to NeoOffice. But sadly it is for the wrong reasons!
In reality, it seems like the Education Minister is just being plain old-fashioned cheap.
If they were serious about using NeoOffice/OpenOffice, but have concerns about the stability of the software, they should consider contributing to the project. There are tons of ways an Education minister can make that happen. He could encourage the IT related universities in his country to make projects that contribute to the products. He could donate cash to the NeoOffice and/or OpenOffice teams - say a mere 5% of the money they would otherwise have spent on commercial licenses? Or he could have contracted a local software company to improve (contribute) to the software for a specified amount.
Open and free software is good. But choosing it simply because the initial price tag is low (read: nil) is a bad motivation - especially for an Education Minister. And it doesen't really help the product or the community either.
An Open Source product is only as strong as its ACTIVE contributors.
If you assume that anyone, including judges, can be 100% infallible then any further meaningful debate is impossible. Humans are humans. And judges are humans too.
The whole point of having multiple levels in the legal system is to ensure that mistakes are not repeated - but everybody accepts that they do happen. That is why the whole concept of appealing even exists.
With all due respect... I think you are on pretty thin ice here.
I don't think judges generally make hasty decisions. Nobody becomes a judge that way - it takes time, thinking, patience and a lot of hard work to become a judge. Granted - not all are as good as we could hope for. But I think most of them make bad rulings out of ignorance or lack of insight. Not because they are making hasty decisions.
I don't care if you are a judge or a programmer. I don't care if you are greedy or just careless.
Lucky for all of us, the legal system sees things differently than you do. Intent is a very important element in legal affairs. Lucky for me my employer sees things the same way. He tends to forgive me when I make unintended errors, but would probably fire my ass if I was screwing things up intentionally. I wonder what kind of strange job you have, where there is no difference between making a mistake and being plain old fashion evil.
If your decisions in your professional responsibilities cause me some loss, I think you are responsible for that
I find that kind of attitude horrible. People who say things like that are making the world a sad place to live in. This kind of thinking is exactly why naibors are suing each other over trivialities, traffic victims are suing the paramedics in the ambulance for malpractice, and old ladies sue McDonalds for a hundred million USD because she spilled hot coffee in her lap that was 1,5 degrees "too warm", and lame companies in Utah (who said SCO group?) attempting to sue every Linux user on the planet because they "have caused them some loss"...
You should know better, or get another job
You never make mistakes, eh? What a lucky guy you are. Not to mention how lucky your employer is. Wow. That is really something. I am impressed. You should teach all the rest of us how to achieve that, so that we may improve ourselves.
if you think personal responsibility is just insane.
That is not what I said. Please read the post again before replying. I said that holding a judge personally responsible for every ruling in every case was insane. I did not write that personal responsibility in general was insane - in fact I specifically wrote that an incompetent judge should be fired. Don't put words into my mouth - that is a nasty habit in a debate!
It would be totally impossible to predict the long term "side effects" on any ruling. Holding the judge personally responsible would only make him hesitate in every decision and probably always take the most conservative approach no matter what the more logical choice actually was.
Besides, the judge is just doing his/her job. I am a programmer - but I am not held personally responsible for each and every bug I produce. And I can't imagine any programmer taking a job under such conditions. If I make too many bugs I'll be fired. If the judge makes too many mistakes, fire him/her.
I think "personal responsibility for the rulings of judges" the way you describe it, is just insane and would paralyze the legal system totally.
There have been several similar rulings in lower courts in Europe, and all have been changed in higher courts. It is typical for a lower court to totally miss the deeper and more technical implications of cases such as this one.
The company has been providing a service to the consumer, but has not used the implicated files or distributed them to other users. As such, the company itself is not guilty of anything - let alone copyright violations. If they were, we would soon see virtually every MP3 device manufacturer being sued for copyright violations.
What is next - Suing Smith & Wesson for murder? Suing Ford for driving too fast? Suing every phone company on the planet for terrorist activities and every ISP for hacking and industrial espionage?
It is rulings such as this one that shows there is a reason for having multiple levels in the court system. And also why the judges in the higher courts are paid better...
Slashdot Mirror
I disagree.
The bank knows the ID of the token in question, and the keys it should return. The MIM/proxy does not. If the end user establishes a secure connection to the bank, the proxy in the middle will still not be able to use the encrypted data exchanged between the two points.
The proxy can only effectively make an attack if the user accepts an unsecured connection. If not, the MIM/proxy is not in possession of the keys needed to lure information out of the encrypted traffic.
Calm down. Take another cup of coffee. I ment no disrespect. I simply observed that the proposed solution was of a rather technical nature... and that "common people" would not be able to use it by themselves. :-)
We do not link to peoples banks :-)
But we do link to pages connected to peoples userprofiles, and which require a valid logon. Like Slashdot we offer the option to use a "never ending logon" without expiration (using a cookie).
There are many benefits in such personalized links, and the banks could use them without danger if only the authentication method was secure.
Why would it not protect against a MIM attack?
The whole point of the multi-factor authentication is to establish a secure identification of two parties and encrypt the communication between them.
I am pretty sure the communication between you and your bank is encrypted when you have established a connection using your token.
I am pretty sure that neither my mom, aunt, or even my boss would ever install a plugin where the terms "HTTP", "AJAX", or other techno-babble words were involved.
Besides - why sign *all* the traffic when all that is really needed is to digitally sign (and encrypt) the two parties involved in the transaction?
Are you seriously suggesting we totally abandon the use of anchor-tags in HTML mails?
I would't call that a "fix". I would call it a "work-around" with a heavy negative inpact on usability.
Our company and our customers send tons of HTML formatted mails with anchor-tags. Allmost all of them are individual links to specialized content targeted each reciever. It would be devestating for the end-users if we were to abandon these specialized anchor-tags.
Most modern phising is done very professionally, and the pages totally mimic the real thing. I recently received a phising e-mail regarding PayPal accounts and out of curiosity I took a look at it. The result was shocking. The page I was directed to was an exact duplicate of the real PayPal system. The link I followed did not use scripting. It did belong to the wrong domain, but most normal users would not have noticed it. Copy-pasting the link would not have made any difference.
The "fix" against phising is a better authentication method.
For some reason, many banks and payment providers in the US only use username/password (one-factor) authentication. In Europe most banks use at least a 2-factor security system, where the logon information is combined with either a physical security token (RSA or similar), an encryption key file, a supplemental 6 digit PIN sent by SMS to the user, etc.
The whole approach attempting to eliminate phising by filtering webpages, making fancy browser plugings or stuff a lot of security-bloatware on the computers is essentially wrong. The only reason simple phising attacks work is because the authentication mechanism is way too simple.
Adding another factor of security to the systems is a trivial task in terms of programming and implementation. And it works - the European home banking systems are the proof of that.
Phising gets a lot more difficult when SMS messages, encryption keys or physical tokens are involved in the logon procedure. Since all these methods have been well explained and documented in books ranging back to the early 80's, I really don't understand why these simple methods are so largely ignored...
I disagree.
...
The fact that we rely on software principles (and operating system principles) in which an "buffer overflow error" even exists and can be exploited, is clear a sign that we still have a lot to learn about designing software.
With the right design pattern or the right foundation, it should be possible to avoid all this fuzz, where errors in programming code can be exploited as means to get deeper access into a computer or the core of an OS.
While Linux/Unix is generally considered "more secure" it is still not at all "totally secure".
I am not saying that I have a solution. Or that the task is easy. I am simply saying that in the future (maybe a decade or two from now) we will hopefully be ROTFL over the fact that we used to live in a world where SSH processes could compromise a server, an e-Mail could compromise an entire desktop PC, and a browser could compromise just about everything
Sarcasm aside, the point is: It is not standard support you get with the product when you buy it. No consumer or business gets this support simply by purchasing the software "as is".
"Premier support" is available for every major software product - not only Microsoft. You can get that level of support for all major Linux distributions, OSX, Microsoft products, and most other commercial software.
The argument that Microsoft products are better supported is invalid as a general argument, because that level of support is not available to common users. It is - exactly as you describe it - a "Premier" service for those willing to pay.
Since such services are available for practically all serious software (including, but not limited to, both FOSS and Microsoft software) the existence of such support is not an argument in itself.
Comparing the use of an unsupported Open Office package to a Microsoft Office with "Premier support" is hardly fair. A fair comparison is this:
(Microsoft Office with totally normal license and conditions) = (Open Office "as is" downloaded free off the web)
(Microsoft Office with Premier Support) = (Open Office with Enterprise support from a Linux/FOOS distributor)
Somehow this simple fact is often forgotten...
I believe you are essentially wrong for many reasons.
I did not ignore anything. I tried to explain the reason behind my arguments. I clearly failed in reaching that objective, since you totally missed the points and continue with rude, selfish and shortsighted speeches. I will try again, and hope it gets a little more clear with each posting.
I disagree totally. And the minister would disagree too if he had any senses at all. He must be an educated man so I am pretty sure he would understand the implications if they were explained to him.
Open Source software contributes to New Zealand schools. That is an undisputable fact, since the software will now be used in said schools - encouraged by the Minister of Education. The issue at hand is, that for the many reasons I have explained earlier, New Zealand should return a small contribution to the software and the community from which it now benefits. The relationship between the New Zealand schools and the Open Source software community should be symbiotic in nature. Not parasitic (hard words - yes - but please just follow the analogy).
Ahemm ... *NOT* random!!! I am proposing that the New Zealand schools contribute to the projects from which they benefit. That is not random at all.
That is not at all what I am saying. With all respect, please brush up on your English lessons and read the contents of my posts. You have missed close to all the key points in them.
... were did that software come from? Did it program itself? Was it summomed by magic powers? Was it typed on typewriters by a trillion monkeys until one of them randomly ended up making a large OSX compliant office suite? The answer is: It was programmed by hard working people who contributed to the project. So in essence the New Zealand schools would be in absolutely NO position to get free and open software without this community. Since we have established that the scools cannot exist without this software the only remaing option would be to buy it.
The New Zealand schools may very well be under funded. One of the ways to solve that problem is to reduce IT spending.
I think we would both agree that a modern school can not function without providing basic IT infrastructure to its students. So it is impossible to simply throw away all computers. We need to make them cheaper to purchase and utilize.
One of many solutions is to use Free Open Sorce Software (FOSS). The price tag pretty much speaks for itself. So the schools get the free software, and everybody (except Microsoft) is happy. But wait
So yes - the New Zealand schools (and therefore the state of New Zealand) owns a favor to that community. You reaped the benefits from its hard work - the very least you could do is be honest about it.
The reason is not "just because". The reason is that you are using something other people worked hard on. And you should contribute to the continued existence of the projects you now depend on. Being selfish and cheap will not ensure your continued use of free and open software.
Your selfishness has no end has it
I think the important thing in this discussion is the fact that we are talking about the Minister of Education and the state of New Zealand itself.
:-)
I think there is a difference between being a normal end-user who downloads and uses FOSS without contributing, and a minister of education who is just being cheap. He is not just a user - he is a very important person as it relates to FOSS. The support and future of FOSS lies with the computer science faculties at the universities, and he is very much in control of the students and teachers at those universities. He should be saying "go make FOSS projects and support the community and the products" - instead of saying "we can't afford the real software so please go find whatever free stuff is available".
In addition I believe the state of a country using FOSS has special obligations too support the products they use. Mainly because it is common since to work on the continued development and increased quality of the digital infrastructure the country is depending on - but also because a state/country should set higher standards than everybody else.
I am surprised that my post is being compared to the RIAA or MPAA. I am no pirate but still hate them both. While I did use the word "leach" I also specifically explained that normal end-users were not in this category. His special position is what makes him a "leach" in this matter.
DAMNATION!
:-/
I forgot the Anti-crapware software! Why did you have to remind me of that!
Aaaawwww....
I disagree - because I think you are missing the context.
;-)
I specifically (!!) wrote that I don't believe every end-user should pay. The whole point is that the Minister of Education (of all important people in a state!) is in a unique position to influence the use of of - and contribution to - Open Source Software. And he is absolutely *NOT* just another end-user.
Not only is he an important employee of the state (which I personally believe has a special obligation to contribute to the community when using FOSS because the state should have a very big interest in keeping and support it). He is also the highest authority when it comes to the activities going on at schools and universities. The cornerstone of FOSS development and the foundation of the FOSS community is the educational system - especially the computer science faculties. For that important reason, he should do more than just "leech". I stand by that definition/word in this particular case.
I agree with you that ordinary people should not be obligated to contribute... but I already wrote that in the post you replied to...?
Actually they don't. Thats half of the problem. They expect me to come fix things when they stop working - but spend 69.99$ on a security app that really "does nothing" as far as they are concerned? Never!
:-S
So to make matters worse, *I* am the one going down to BestBuy to pick up the latest Trend Micro Take-A-Pill PCCillin (Superinfused edition) because I get tired of saving their machine from the software pests they collect online...
I use openSUSE at home, Windows for Gaming and Windows at the office (no choice). So yeah, I know what you mean.
It's still pretty lame though...
Hmm... With all respect, "sequrity by obscurity" (using an obscure OS with an obscure browser) doesn't really get any better by using an opensource OS. It is still not real security, and it is still a bad approach. I want a solution! An implementation, design pattern, method, whatever, that actually fixes the problem. Not a tip on how to use software nobody knows about. The lack of widespread use is not "security".
Great!
Yet another piece of software that interferes with my network layer, slows my PC, and eats half my CPU cycles just to keep malware from infecting my machine.
When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?
When more than 50% of the CPU cycles in my PC go to security software (Antivirus, Antiphising, Antispyware, Antiadware, Antifraud, heuristics scanning, SPAM filter, personal firewall, strange DMZ browser-thingeys) during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.
I need an Anti-security-bloatware product. And fast!
*LOL* ...
... or something...
Yes!
Because, as we all know, it is *SO* incredibly easy to get support for your Microsoft Office products when you need it... or when it crashes... or when it corrupts your files...
In fact, they have a massive worldwide callcenter just waiting to help you and everyone else with your MS Office product. (what was the number again? I seem to have misplaced it.) And loads of internet based communities where users help each other with problems. (I forgot the address, could you write it in a post?).
Yes. The great and famous support for MS Office is the reason not to switch to any other product. I agree. Totally.
*g*
By using free OpenSource software the minister is saving a shitload of money. Money he would otherwise have to use on commercial software licenses. The only reason he even has the option to save this huge pile of money, is because a lot of other people already donated work, money and resources.
By taking/using the product without contributing anything at all, he and all the schools are guilty of leeching on an otherwise honest and productive community.
If everybody just took the free software without contributing anything, the minister would end up with only the commercial alternative. Contributing to Open Source community is his way of securing that option for the future (as others did before him), and at the same time ensuring continued development of the products that he and his schools now depend on.
You stated:
The best way to ensure that the children and the schools in your country will continue to have a cheap and decent alternative to expensive commercial products is to make a small contribution. He will not be looking after the children's interests if his actions eventually lead to the termination of open source products used in your schools.
I think that contributing 5% of what he otherwise would have been forced to pay for commercial licenses would be a very fine solution. Not to mention a very cheap solution compared to the alternatives. And it would absolutely be beneficial for the children because it would ensure continued development and increased stability of the product he suggests using. Is it that hard to understand the connection?
In addition, one of the alternatives I mentioned was all free in terms of cache: Encourage the universities to make projects and contributions as part of the normal education plan. It would benefit the FOSS project, it is totally free of charge, and very easy to integrate into the normal university education. You seem to ignore that option in your reply.
It is unwise (not to say outright plain stupid) to rely on FOSS without making at least a minor contribution.
I am not saying every soul who downloads NeoOffice or OpenOffice should pay for it. I am saying that a Minister of Education is in a position where simply leeching on the work of others, and being dependant of their goodwill without returning any favors, is a little... shortsighted...
I think it is a good thing that they will attempt to make a switch to NeoOffice. But sadly it is for the wrong reasons!
In reality, it seems like the Education Minister is just being plain old-fashioned cheap.
If they were serious about using NeoOffice/OpenOffice, but have concerns about the stability of the software, they should consider contributing to the project. There are tons of ways an Education minister can make that happen. He could encourage the IT related universities in his country to make projects that contribute to the products. He could donate cash to the NeoOffice and/or OpenOffice teams - say a mere 5% of the money they would otherwise have spent on commercial licenses? Or he could have contracted a local software company to improve (contribute) to the software for a specified amount.
Open and free software is good. But choosing it simply because the initial price tag is low (read: nil) is a bad motivation - especially for an Education Minister. And it doesen't really help the product or the community either.
An Open Source product is only as strong as its ACTIVE contributors.
If you assume that anyone, including judges, can be 100% infallible then any further meaningful debate is impossible. Humans are humans. And judges are humans too.
... I think you are on pretty thin ice here.
:-)
The whole point of having multiple levels in the legal system is to ensure that mistakes are not repeated - but everybody accepts that they do happen. That is why the whole concept of appealing even exists.
With all due respect
I don't think judges generally make hasty decisions. Nobody becomes a judge that way - it takes time, thinking, patience and a lot of hard work to become a judge. Granted - not all are as good as we could hope for. But I think most of them make bad rulings out of ignorance or lack of insight. Not because they are making hasty decisions.
I find that kind of attitude horrible. People who say things like that are making the world a sad place to live in. This kind of thinking is exactly why naibors are suing each other over trivialities, traffic victims are suing the paramedics in the ambulance for malpractice, and old ladies sue McDonalds for a hundred million USD because she spilled hot coffee in her lap that was 1,5 degrees "too warm", and lame companies in Utah (who said SCO group?) attempting to sue every Linux user on the planet because they "have caused them some loss"...
You never make mistakes, eh? What a lucky guy you are. Not to mention how lucky your employer is. Wow. That is really something. I am impressed. You should teach all the rest of us how to achieve that, so that we may improve ourselves.
That is not what I said. Please read the post again before replying. I said that holding a judge personally responsible for every ruling in every case was insane. I did not write that personal responsibility in general was insane - in fact I specifically wrote that an incompetent judge should be fired. Don't put words into my mouth - that is a nasty habit in a debate!
It would be totally impossible to predict the long term "side effects" on any ruling. Holding the judge personally responsible would only make him hesitate in every decision and probably always take the most conservative approach no matter what the more logical choice actually was.
Besides, the judge is just doing his/her job. I am a programmer - but I am not held personally responsible for each and every bug I produce. And I can't imagine any programmer taking a job under such conditions. If I make too many bugs I'll be fired. If the judge makes too many mistakes, fire him/her.
I think "personal responsibility for the rulings of judges" the way you describe it, is just insane and would paralyze the legal system totally.
There have been several similar rulings in lower courts in Europe, and all have been changed in higher courts. It is typical for a lower court to totally miss the deeper and more technical implications of cases such as this one.
...
The company has been providing a service to the consumer, but has not used the implicated files or distributed them to other users. As such, the company itself is not guilty of anything - let alone copyright violations. If they were, we would soon see virtually every MP3 device manufacturer being sued for copyright violations.
What is next - Suing Smith & Wesson for murder? Suing Ford for driving too fast? Suing every phone company on the planet for terrorist activities and every ISP for hacking and industrial espionage?
It is rulings such as this one that shows there is a reason for having multiple levels in the court system. And also why the judges in the higher courts are paid better