Interesting... I've been through the older MS EULA, and that grant isn't there. I *would* like to deploy older Office and Windows (older "junk" computers). I don't have the "latest and greatest" EULA (with Windows XP and Office 200x).
The ORIGINAL "hacked in 30 minutes" test was that.
The idea is that an exploit can get in via ssh (remote login, perhaps a weak password). It may get in by exploiting a buffer overrun in the network stack. Lots of things can happen. But the EASIEST is to spoof the user into running an attachment.
Since we know that priviledge escalation is possible in OSX, we know that any clicked-on program can achieve root.
Of course it is only a matter of time. My incoming SSH daemon is hit thousands of times a day with guessed user/password combinations.
Of course, time is relative. If a determined attacker tries one account, 10,000 passwords a day (and she can't do more than that), in 1000 years, she would have gone through 50 billion attempts.
At which point, I probably would start caring...
Of course we don't want weak passwords, but SSH does have the ability to create and use strong keys. And the attackers so far just shotgun users/passwords. Which means I will start worrying in around a million years.
I always have difficulty in understanding this. Why a "merit based sales job" for something that is free?
If the "customer" can simply try it, and see if it meets her needs...
It is genuinely hard to come up with competitive feature assessments. You have to be intimately aware of the products and how the features relate to each other.
Personally, I don't think its worth it. Given the price point, the "customer" can make the assessment and comparision themselves.
If a commercial software vendor starts targeting one of the free alternatives directly -- the question raised is why? Is that alternative good enough? It becomes advertising for the alternative. It would have been better for Microsoft had they continued ignoring Linux.
And if the alternative is ignored, popular use will drive the examination.
In other words, simply trumpeting "150 million downloads" is enough.
The vendor didn't want to release the fs info. The post author is NOT the vendor.
Since it was reversed, this implies others can reverse it.
Why not release the results? The vendor is simply unwilling to support Linux (implied, BSD) OS. This way, they AREN'T supporting it.
Will the author get sued? If the author lives in the USA, maybe, otherwise almost certainly not. The author wants to work for the company? So, go ahead and publish -- it will get their attention. And if its not in a positive way, *I* wouldn't want to work for them.
The old HP brought us the HP 65. What was the market for that? 3%? No, it was 0%, since the product had never been made or marketed. It new and exciting.
The new HP is worried about "nascent markets", and is delaying enabling products.
The old HP brought us RPN, and some fine diagnostic kit, that was new and exciting.
The new HP brings us reasonable office printers. I guess it isn't nascent; I like my HP 3015.
They are sure boring now, which is sad because HP is a melange of companies that sure were not boring. HP: first in micro tech, diagnostics, DEC: first in minis, COMPAQ: first in PC cloners.
It looks like first becomes last after two mergers.
First, what does CAD have to do with security? What does the number of users of Autodesk or Solidworks have to do with anything in this discussion? And, just as an aside, the last time I looked, DXF formats where supported by most CAD vendors, open or closed source.
Now, OpenOffice may not be as productive as Microsoft Office. Is your claim that this is due to bugs in OpenOffice? Further, is your claim that the cause of these bugs is because OpenOffice is an open source application? Easily refuted -- OpenOffice.org USED to be StarOffice, which was a COMPLETELY closed source application until purchased by SUN Microsystems, who open-sourced it. You may still have a point that the Microsoft product is superior for your uses. Just not relevant.
Now, you touch on Education, Support, and Installation issues. Is your claim that the lack of these constitutes a "bug" in the software sense?
If the flow is through the kernel, and less trusted code is invoked through the kernel, this would be bad. Very bad.
The only way to do this is to do the whole thing in "user" -- at the less trusted level. Perhaps more trusted than "user" and less trusted than "kernel".
This level can call up to kernel for services. This would be ok.
But, the opposite (kernel calling down) is NOT ok.
Yes, I expect change management. You know, I used to design run-books.
Now, he has to work within the structure. And, within the structure, scripts can probably be deployed.
Of course, making a script that enters from the keyboard via an SSH client playback macro so it doesn't have to go through the run-book is... kind of borked, no?
If he DIDN'T have write access and was simply collecting information, such a dynamic script may be justified.
If he wants to use this to introduce another management layer without entering it into the run-book, that's another issue.
Next, DNS does push control down -- for everything but the TLD. DNS *is* generally run on open source, and *is* open source. In that anyone can add to the DNS hierarchy.
There are already root servers that serve alternate TLDs. Have been for years. Indeed, a lot of us do this privately. As an example, a lot of us use "made-up" TLDs for our LAN, and then kick up stuff we don't know.
And why should *I* care. If I want a slice, I would register with the appropriate people and ask for my slice. There was lobbying for this levy, and the gov ("the people") said "Sure, is this ok?". Lobby says "yeah, we like it". Its now law. Anyway, its not a tax, its a levy.
As far as I am concerned, it is a good thing. Others can argue out the backend, and I get the benefit of personal copying.
Why don't you actually READ what I wrote? I *never* advocated that ANYONE actually use Linux.
I said that a user would know when and why.
Since Linux (and the BSDs, and ANY other OS) will NEVER support all those marvelous PC devices, obviously the time will be NEVER for you. Becuase the "why" will never come true.
No, I do not suggest that anyone use "Gentoo". Personally, I think Linux already has too many users. Too many people jumping in and trying to tell me what it is that I should do for them. For nothing. Too much "free beer" in the "free software", if you ask me. Windows is FAR better, less "free beer" involved, much more money for me.
Yes, I told an amusing and true story about someone who figured out WHY Linux may be better for her. Personally. No, I didn't expand that to EVERYBODY else. Please learn to read.
Yes, I did say that Windows has driver issues. Do you dispute this? If so, can YOU tell me why I can't use XP? Microsoft made a suggestion -- and I even tried it. The vendor won't help. Care to explain why Linux actually works on this box? I'll send it to you, and YOU can figure it out, for free. After all, you MUST be responsible for this piece of shit OS (which is a popular Linux suggestion I have received -- let's see your response, you idiot -- after all, its a standard off-the-shelf Windows XP).
First, Windows is no piece of cake. It has driver issues, driver issues, driver issues...
And there isn't anything anyone except Microsoft and the hardware vendors can do. And, in a lot of cases, will do.
At least with OSS, you have a fighting chance. Sure, if you don't pay for it, you likely won't get it... Unless you can do it yourself. Or pay for it, and have it done.
Csae in point -- I have a machine (earlier posts) that I wanted to use as a PVR. Fairly recent, but not TOO powerful (seeing as how its up 24/7). Athlon 1700+, 2 PCI slots, 1 AGP slot. Windows XP would LOAD on it, but wouldn't see the CD that it just loaded from. Of course, the solution is to load the drivers, but with no CD and no network, that becomes difficult... It runs Linux now. MythTV.
Problem - single, low quality (cheap) TV tuner. Mercury. Its a bit-banger. I wanted to get a better tuner, and now have an Adaptec AVC 2410. Ok, except the driver (ivtv) is not included with the Linux kernel. I am putting it into ANOTHER box, running Redhat 9 (older Linux). Driver support? It isn't. Right now. But, one of the devs for ivtv is hacking it to make it compile, and I'll get it going. It will be done soon. Adaptec? They don't support Windows 98 with this product, which DOES run for me. And, there is NO WAY it will ever run.
Does this affect Microsofts "traction"? I don't believe it does. My Linux "advocacy"? You know when you will need it, and why. I can't tell you to use it... indeed, I encourage people to use WHATEVER they want. And we have my mother-in-law. Grandma has a PC. Ran Linux for years, and was (fairly) happy. Email, web browsing, maybe a letter or three.
Complaint? Yes - "my next-door neighbour can't help me, because he doesn't know Linux". Ok, after 2 years, Linux is replaced with Windows. Fast forward a few months - she wants Linux back, because, I quote, "Linux is, umm.. more reliable, and easier, and I didn't ever have to reinstall stuff".
Personally, I think that its something else; I think that Linux discouraged the installation of silly programs from the 'web. I also believe that the open-source drivers in Linux are probably higher in quality than the closed-source ones supplied with most hardware (drivers are a pure cost, almost never generating any revenue for a company).
The most telling thing was that the "GUI", "look and feel", functionality (MS Word vs. OpenOffice.org) was NEVER mentioned. Basically, she doesn't even notice.
The levy on flash/hard-drive players was reasonable (IMO). The benefit? Copying to your "ipod"/flash or other player was fully legal.
I can still argue that such a player is a common way to store music, and (as that is its only purpose), the levy SHOULD have been collected. The device falls (should fall) under personal copying provisions and is fully legal to use. If I can round up a thousand people that USE their portable music player that way (the way it was intended to be used), it is proven.
But, having the levy overturned causes the headache of a potential legal challenge (which would not have been the case otherwise). The issue that would be easiest to attack would be the transitivity of the personal copy provision. The law right now does not differentiate the source of the copy, and I would like to keep it that way.
I am for increasing the scope of the levy, to cover such things as DVDs (thus allowing the "free" sharing of movies). Basically, take a slice, and leave me the fuck alone.
The first post to his column was from someone who said that the first thing done with his purchased "iTune" is to put it on a CD, then rip it to MP3.
Now I don't use "iTunes", and it is now MY turn to be critical. This person just paid $1 for a track. Happens to be the same price as an uncompressed 44100 stereo 16 bit digital sampled track.
Bought it for the same price (a loss of 90% of the information) and is now forced to convert it to another format. Don't know about you, but it sounds dumb to me. Why not just buy the uncompressed version? Hell, the vendor EVEN GIVES YOU THE MEDIA AT THE SAME PRICE.
Ok, I really want to pay 10x as much (effectively), because I can't tell the difference. I really want the less usuable, inferior product, because I want to pay to record it myself. I really want to waste time making CDs.
And *YOU* don't think I should be critical about the product.
You, sir, are wrong. If you use "iTunes", I laugh at you.
Slashdot Mirror
I wonder if the LANDesk client runs under Windows under VMWare.
A honeypot of sorts.
Interesting... I've been through the older MS EULA, and that grant isn't there. I *would* like to deploy older Office and Windows (older "junk" computers). I don't have the "latest and greatest" EULA (with Windows XP and Office 200x).
Can you post the grant?
Thanks in advance
Ratboy.
You have the answer
The ORIGINAL "hacked in 30 minutes" test was that.
The idea is that an exploit can get in via ssh (remote login, perhaps a weak password). It may get in by exploiting a buffer overrun in the network stack. Lots of things can happen. But the EASIEST is to spoof the user into running an attachment.
Since we know that priviledge escalation is possible in OSX, we know that any clicked-on program can achieve root.
Is Linuz more secure? I don't know.
Ratboy
Of course it is only a matter of time. My incoming SSH daemon is hit thousands of times a day with guessed user/password combinations.
Of course, time is relative. If a determined attacker tries one account, 10,000 passwords a day (and she can't do more than that), in 1000 years, she would have gone through 50 billion attempts.
At which point, I probably would start caring...
Of course we don't want weak passwords, but SSH does have the ability to create and use strong keys. And the attackers so far just shotgun users/passwords. Which means I will start worrying in around a million years.
A matter of time, indeed.
I always have difficulty in understanding this. Why a "merit based sales job" for something that is free?
If the "customer" can simply try it, and see if it meets her needs...
It is genuinely hard to come up with competitive feature assessments. You have to be intimately aware of the products and how the features relate to each other.
Personally, I don't think its worth it. Given the price point, the "customer" can make the assessment and comparision themselves.
If a commercial software vendor starts targeting one of the free alternatives directly -- the question raised is why? Is that alternative good enough? It becomes advertising for the alternative. It would have been better for Microsoft had they continued ignoring Linux.
And if the alternative is ignored, popular use will drive the examination.
In other words, simply trumpeting "150 million downloads" is enough.
Ratboy.
If you think there are better ways, lets have some suggestions.
If you don't have any suggestions (or, are you saying "I am not smart enough"), you're trolling. I hope not.
Ratboy
Thank you. I wish I had read your response before reading the article.
The article itself was very badly written, or badly edited. Looks like a sophomoric effort, at best.
I think Gundeeps main complaint is that a Firefox installation, if abandoned, is counted as a Firefox installation (download).
I suspect that Internet Explorer are counted on units shipped and downloaded as well, making the entire point moot.
And, as you were, here I am, stuck in the trollnes of it all.
Ratboy
From the post -
The vendor didn't want to release the fs info. The post author is NOT the vendor.
Since it was reversed, this implies others can reverse it.
Why not release the results? The vendor is simply unwilling to support Linux (implied, BSD) OS. This way, they AREN'T supporting it.
Will the author get sued? If the author lives in the USA, maybe, otherwise almost certainly not. The author wants to work for the company? So, go ahead and publish -- it will get their attention. And if its not in a positive way, *I* wouldn't want to work for them.
Ratboy.
"I'd limit myself.."
So, trust that others would as well. I use an open AP. And it hasn't been a problem. One or two extra users, no big deal.
Instead of a little trust, you are suggesting this dreadfully complicated approach?
Ratboy -- "open AP" since WEP cracked.
The old HP brought us the HP 65. What was the market for that? 3%? No, it was 0%, since the product had never been made or marketed. It new and exciting.
The new HP is worried about "nascent markets", and is delaying enabling products.
The old HP brought us RPN, and some fine diagnostic kit, that was new and exciting.
The new HP brings us reasonable office printers. I guess it isn't nascent; I like my HP 3015.
They are sure boring now, which is sad because HP is a melange of companies that sure were not boring. HP: first in micro tech, diagnostics, DEC: first in minis, COMPAQ: first in PC cloners.
It looks like first becomes last after two mergers.
Ratboy
I am sorry. I don't follow your argument at all.
First, what does CAD have to do with security? What does the number of users of Autodesk or Solidworks have to do with anything in this discussion? And, just as an aside, the last time I looked, DXF formats where supported by most CAD vendors, open or closed source.
Now, OpenOffice may not be as productive as Microsoft Office. Is your claim that this is due to bugs in OpenOffice? Further, is your claim that the cause of these bugs is because OpenOffice is an open source application? Easily refuted -- OpenOffice.org USED to be StarOffice, which was a COMPLETELY closed source application until purchased by SUN Microsystems, who open-sourced it. You may still have a point that the Microsoft product is superior for your uses. Just not relevant.
Now, you touch on Education, Support, and Installation issues. Is your claim that the lack of these constitutes a "bug" in the software sense?
Ratboy.
Basic security issue:
More trusted shall not call less trusted.
If the flow is through the kernel, and less trusted code is invoked through the kernel, this would be bad. Very bad.
The only way to do this is to do the whole thing in "user" -- at the less trusted level. Perhaps more trusted than "user" and less trusted than "kernel".
This level can call up to kernel for services. This would be ok.
But, the opposite (kernel calling down) is NOT ok.
Ratboy
Yes, I expect change management. You know, I used to design run-books.
Now, he has to work within the structure. And, within the structure, scripts can probably be deployed.
Of course, making a script that enters from the keyboard via an SSH client playback macro so it doesn't have to go through the run-book is... kind of borked, no?
If he DIDN'T have write access and was simply collecting information, such a dynamic script may be justified.
If he wants to use this to introduce another management layer without entering it into the run-book, that's another issue.
Now do you understand my confusion, and question?
Ratboy.
You are managing the servers with no write access?
Niskel
s .html
How much do you think it costs to run DNS?
Next, DNS does push control down -- for everything but the TLD. DNS *is* generally run on open source, and *is* open source. In that anyone can add to the DNS hierarchy.
http://people.csa.iisc.ernet.in/gaurav/np/rfcs/dn
should give you a basic idea of what DNS is.
There are already root servers that serve alternate TLDs. Have been for years. Indeed, a lot of us do this privately. As an example, a lot of us use "made-up" TLDs for our LAN, and then kick up stuff we don't know.
Ratboy (posted from neptune.lan).
So, please elucidate.
What makes Ruby "lightweight" as compared to Smalltalk and ObjC?
I would argue that Smalltalk is "lighter" than Ruby.
Ratboy.
Ok, prove that to me. Prove that Windows is the dominant "real-world" OS.
"Wanky"? Ok, if you lose, you have to suck my dick.
Ratboy
And why should *I* care. If I want a slice, I would register with the appropriate people and ask for my slice. There was lobbying for this levy, and the gov ("the people") said "Sure, is this ok?". Lobby says "yeah, we like it". Its now law. Anyway, its not a tax, its a levy.
As far as I am concerned, it is a good thing. Others can argue out the backend, and I get the benefit of personal copying.
Ratboy
Why don't you actually READ what I wrote? I *never* advocated that ANYONE actually use Linux.
I said that a user would know when and why.
Since Linux (and the BSDs, and ANY other OS) will NEVER support all those marvelous PC devices, obviously the time will be NEVER for you. Becuase the "why" will never come true.
No, I do not suggest that anyone use "Gentoo". Personally, I think Linux already has too many users. Too many people jumping in and trying to tell me what it is that I should do for them. For nothing. Too much "free beer" in the "free software", if you ask me. Windows is FAR better, less "free beer" involved, much more money for me.
Yes, I told an amusing and true story about someone who figured out WHY Linux may be better for her. Personally. No, I didn't expand that to EVERYBODY else. Please learn to read.
Yes, I did say that Windows has driver issues. Do you dispute this? If so, can YOU tell me why I can't use XP? Microsoft made a suggestion -- and I even tried it. The vendor won't help. Care to explain why Linux actually works on this box? I'll send it to you, and YOU can figure it out, for free. After all, you MUST be responsible for this piece of shit OS (which is a popular Linux suggestion I have received -- let's see your response, you idiot -- after all, its a standard off-the-shelf Windows XP).
Ratboy
First, Windows is no piece of cake. It has driver issues, driver issues, driver issues...
And there isn't anything anyone except Microsoft and the hardware vendors can do. And, in a lot of cases, will do.
At least with OSS, you have a fighting chance. Sure, if you don't pay for it, you likely won't get it... Unless you can do it yourself. Or pay for it, and have it done.
Csae in point -- I have a machine (earlier posts) that I wanted to use as a PVR. Fairly recent, but not TOO powerful (seeing as how its up 24/7). Athlon 1700+, 2 PCI slots, 1 AGP slot. Windows XP would LOAD on it, but wouldn't see the CD that it just loaded from. Of course, the solution is to load the drivers, but with no CD and no network, that becomes difficult... It runs Linux now. MythTV.
Problem - single, low quality (cheap) TV tuner. Mercury. Its a bit-banger. I wanted to get a better tuner, and now have an Adaptec AVC 2410. Ok, except the driver (ivtv) is not included with the Linux kernel. I am putting it into ANOTHER box, running Redhat 9 (older Linux). Driver support? It isn't. Right now. But, one of the devs for ivtv is hacking it to make it compile, and I'll get it going. It will be done soon. Adaptec? They don't support Windows 98 with this product, which DOES run for me. And, there is NO WAY it will ever run.
Does this affect Microsofts "traction"? I don't believe it does. My Linux "advocacy"? You know when you will need it, and why. I can't tell you to use it... indeed, I encourage people to use WHATEVER they want. And we have my mother-in-law. Grandma has a PC. Ran Linux for years, and was (fairly) happy. Email, web browsing, maybe a letter or three.
Complaint? Yes - "my next-door neighbour can't help me, because he doesn't know Linux". Ok, after 2 years, Linux is replaced with Windows. Fast forward a few months - she wants Linux back, because, I quote, "Linux is, umm.. more reliable, and easier, and I didn't ever have to reinstall stuff".
Personally, I think that its something else; I think that Linux discouraged the installation of silly programs from the 'web. I also believe that the open-source drivers in Linux are probably higher in quality than the closed-source ones supplied with most hardware (drivers are a pure cost, almost never generating any revenue for a company).
The most telling thing was that the "GUI", "look and feel", functionality (MS Word vs. OpenOffice.org) was NEVER mentioned. Basically, she doesn't even notice.
Ratboy.
Um... and why would you think that it is NOT?
Quite a few people (including me) SUPPORT the personal copying provision, and the levy.
You pay a bit, and then go ahead and share.
Personally, I want the provision expanded to cover DVDs (and allow sharing of movies).
Ratboy.
Never understood that.
The levy on flash/hard-drive players was reasonable (IMO). The benefit? Copying to your "ipod"/flash or other player was fully legal.
I can still argue that such a player is a common way to store music, and (as that is its only purpose), the levy SHOULD have been collected. The device falls (should fall) under personal copying provisions and is fully legal to use. If I can round up a thousand people that USE their portable music player that way (the way it was intended to be used), it is proven.
But, having the levy overturned causes the headache of a potential legal challenge (which would not have been the case otherwise). The issue that would be easiest to attack would be the transitivity of the personal copy provision. The law right now does not differentiate the source of the copy, and I would like to keep it that way.
I am for increasing the scope of the levy, to cover such things as DVDs (thus allowing the "free" sharing of movies). Basically, take a slice, and leave me the fuck alone.
Ratboy
What is interesting is that you are attacking ME. Not my message. I can only assume that you concede my point.
Let me make it again (and now the gloating comment is valid, it wasn't before).
If Apple stops supporting existing music download formats, they will most likely make another billion dollars as people buy their music again.
So, obviously, I am cynical, I gloat, and I must just OOZE superiority. And you win this debate. Ad hominem rules!
Ratboy.
In my jurisdiction, it IS dumb.
We pay a personal copying levy in Canada. And paying twice for a product is dumb.
Ratboy.
He isn't allowed to be critical...
The first post to his column was from someone who said that the first thing done with his purchased "iTune" is to put it on a CD, then rip it to MP3.
Now I don't use "iTunes", and it is now MY turn to be critical. This person just paid $1 for a track. Happens to be the same price as an uncompressed 44100 stereo 16 bit digital sampled track.
Bought it for the same price (a loss of 90% of the information) and is now forced to convert it to another format. Don't know about you, but it sounds dumb to me. Why not just buy the uncompressed version? Hell, the vendor EVEN GIVES YOU THE MEDIA AT THE SAME PRICE.
Ok, I really want to pay 10x as much (effectively), because I can't tell the difference. I really want the less usuable, inferior product, because I want to pay to record it myself. I really want to waste time making CDs.
And *YOU* don't think I should be critical about the product.
You, sir, are wrong. If you use "iTunes", I laugh at you.
Ratboy