Hmmm....I didn't quite get the distinction across that I meant to. Distributing copies to other people does not affect your copies of the software. When you distribute to other people, those copies are someone else's copies of the software.
This is what copyright law regulates, the creation and distribution of copies. If the copies of the software remain yours, you can do whatever you want to them.
It is when you try to do something normally prohibited by copyright - create new copies and distribute them to someone else - that the GPL starts to apply. Clause 9 of the GPL3 (clause 5 of the GPL2) explains this quite well.
(Although, looking at it those clauses now, it does appear to prevent you from modifying private copies. This is odd, as copyright does not prevent you from modifying personal copies of other copyrighted works - you are allowed to tear pages out of a book, or deface artwork that you own. Odd. I'd never noticed that before.)
"Except the Apple ad didn't use the word "access""
Sorry. My bad. I misread your previous post where you directly quoted "all the parts of the internet" and just put "access" there myself.
Having read the actual adjudication now (OK, I should have done that earlier), I still side with Apple.
I am interested in the ASA line which states their reasoning is based on the idea that "viewers were likely to expect to be able to see all the content on a website normally accessible through a PC". I have a Linux/PPC personal computer (PC). Given that the complaint has centered on Java and Flash, which are not yet supported well enough on my PC platform to render all the Java and Flash on the internet, the iPhone still does render all the content which is normally accessible through my PC.
Of course, what the ASA seem to be saying is that the iPhone cannot view "all the content on a website normally accessible through a Windows/x86 PC". They also seem to concentrate exclusively on websites, and neglect to mention any other internet services which the iPhone apparently has access to.
Is this what it has come to? "The Internet" now consists solely of the WWW which hosts content viewable by Windows PCs? Bah!
"That's not an artefact of proprietary software, it's basic copyright. I can download Ubuntu, but I do not own Ubuntu."
You own that copy of Ubuntu, same as you own books that you buy.
Owning a copy of a copyrighted work is different from owning the copyright to a copyrighted work. You can own copies of works copyrighted by other people. You can own a copy of "Harry Potter". You can own copies of Ubuntu.
Theoretically, you should be able to own copies of Windows as well. However, Microsoft insists that you do not own copies of Windows, rather that you license them from Microsoft, and are therefore bound by the license agreement (EULA) which is much more restrictive than copyright would allow. For example, license agreements typically prohibit you from studying (reverse-engineering) your copy in any detail, which copyright has no domain over. You are allowed to calculate character and word frequencies in a book you own. You are allowed to calculate a reading age for the book and the number of pages to get an idea of how long it will take to read (equivalent of benchmarking?). And, you are allowed to re-sell a book that you own, provided you do not keep any private copies of the work you may have made for your own convenience (e.g. blow-up photocopies for studying the typeface used), and the author or publisher has no say in the matter at all.
Note that these user license agreements are different from the GPL and other Free Software licenses. The GPL does not impose any restrictions at all on what you can do with your copy of the software. All the things you can do with a book you own, you can do with a copy of some Free Software that you own. You can inspect it, run it, benchmark it, add bits to it, remove bits from it, etc...
Rather, the main thing that the GPL does is allow you to make and distribute further copies of the work (something otherwise prohibited by copyright) provided you follow certain rules. Which includes, as you point out, not selling it as your own work sans source code.
I think a much more sensible definition is that if a device can send an arbitrary IP packet to any/all internet hosts, and any/all hosts can send one back to that device in response, then that device can access all the parts of the internet.
But, as demonstrated by this thread, it all depends on how you interpret "access", which we differ on. And it doesn't look like we're making much headway in changing each others minds.:-/
As a followup, do you think that adverts should be prohibited from using any technical terms in case the public either fails to understand, or worse misunderstands, those terms and is consequently mislead by their own ignorance? If so, are you just as annoyed at the cosmetics industry with all their science (and pseudo-science) jargon?
"so you should be prohibited from claiming that: all the parts of the internet are on [Insert name of device]"
OK, I've looked at the ads and that is never claimed. Ad 2 just says "This is the web", and ad 4 says "this is not a watered down version of the internet. It's not the mobile version of the internet. It's not the kinda sorta looks like the internet internet. It's just the internet"
I don't see how that claim is nearly as far reaching as you are taking it to be. It's not. It doesn't say you can view every single format ever created anyone ever.
According to your definition being able to access "all the parts of the internet" is impossible anyway. There are things that pretty much only IE can render, and there are things that IE is incapable of rendering. (SVG, KDE plasmoids, XHTML sent with the correct mimetype, Wordperfect 1.0 documents, etc...). That makes the phrase "all the parts of the internet" effectively meaningless puffery. Even if that phrase had been used in the Apple ad, seeing that it can never be true of any product, I don't see how it could not fall under the definition of a "term frequently used to denote the exaggerations reasonably to be expected of a seller as to the degree of quality of his product".
"Of course, given your stated views on Flash you probably can't watch it without defiling your computer with closed software."
Actually, Gnash is good enough these days for YouTube to work.:-p
By extension, are you saying that any browser which is unable to render ActiveX content is unable to "access the web" and should be prohibited from making such claims?
Hairsplitter of the year? For using the word "access" in the exact and pretty much only meaning it has on the internet? To be able to access a resource is to be able to download it. "Access control" does not prevent you from rendering content you've downloaded (accessed), it prevents you from downloading (accessing) it in the first place. See, for example Authentication, Authorization and Access Control. Notice the word "access"?
How the fuck is using a word exactly as it is intended, and exactly as it is widely understood by pretty much everyone who has anything to do with internet technologies, hairsplitting?
My Linux PC can access all of the web[0]. Anything that is on the web, including flash files, I can access.
What I do with that access is my own business. I might want to md5 the content in order to write it's fingerprint to a database. I might want to try to reverse-engineer the content in order to write my own flash player. I might want to attach it to an email to send to someone else.
Like my PC, the iPhone can access the content and could do any those things I listed above. (Or it could if md5ers and hex editors were available for it). That it can't render proprietary content which is released by proprietary ISVs who have a terrible record of supporting more than a single platform well should be a surprise to no one.
I'm not an Apple fan. I own none of their products. But I do think that them getting slapped down for Adobe not supporting their platform is a bit fucking harsh.
[0] Well, all of the web I am authorised to access.
This ruling means that no computer can "access all of the web", because there is content on some websites which are not renderable on all platforms.
For example, embedding binary KDE/Linux/x86-64 plasmoids on a website (e.g. with this plugin) would make that content unusable on IE/Wintel-32 and many other browser platforms.
Therefore, being able to "access all of the web" is meaningless. Marketing fluff.
The iPhone can access flash and java content perfectly.
That it can't render it is a different argument entirely. It's particularly specious for proprietary shite like Flash which subverts the whole paradigm of the web being built around open protocols and formats.
Jeez, I suppose my Linux/PPC box can't access "all of the web" because fscking Adobe haven't been gracious enough to release Flash for it yet, and Gnash doesn't work perfectly on all flash "content".[0]
Utter bollocks.
[0] "content" in used here its loosest possible sense, which includes "effectively content-free content".
"all the botnet client has to do is open a VPN connection"
Is that all? Wow, if only setting up tun/tap virtual network devices for VPNs required root access. Oh, wait a minute, it does.
Of course, it's actually simpler than that. All the botnet client has to do is open a TCP connection to a server (e.g. an IRC server) and accept commands from there. (e.g. Send this 10k email to these 25k email addresses.)
However, running an open mail relay, which is what the great-grandparent was talking about though,/is/ solved by the basic firewall rule of not allowing incoming network connections from anywhere. That is generally a bit restrictive though, so the default OOTB experience might ought to be to allow incoming zeroconf/filesharing connections to private address ranges (192.168.*, 10.*), and block all other incoming connections.
"First, most of the time, there is only one user."
As I asked of Sentry21 a couple of posts above, do you have any data at all to back that up? A study, news article, poll... anything but your anecdotal assertion that this is the case?
As I pointed out to Sentry21, my worthless anecdotal evidence from me and the people I know leads me to believe that most computers are used by more than one person, and that these people tend to have their own accounts on those computers.
"Second, as others have pointed out, there have been numerous local root escalation exploits."
OK, that is a problem. But as defense in depth goes, requiring an attacker to exploit a local root escalation in order to fuck over everyone else's account on the system is clearly better than the alternative of having everyone run as root, and the first bit of "dancing bunny" malware automatically own the whole system.
If we get away from the Wintel32 monoculture and end up with a nice range of mail/shell/OS/arch combinations (e.g. Thunderbird/KDE/Linux/PPC vs. Claws/Gnome/OpenBSD/x86-64) then local root escalations will be harder for attackers to take advantage of too.
"Given that most computers running Firefox these days are single-user systems"
I'm sorry, but that's not a given. Do you have any study, article, poll or other even tenuous/unscientific bit of actual data to back that assertion, or are you just making shit up?
Most people I know use computers that are used by workmates, partners and/or kids. And they use different accounts for each. Yes, I know that's an anecdote and not statistically valid, but then neither is your contention.
'Unless you happen to run one of the desktop distros which usually have a default policy of ACCEPT.'
So, as the administrator, make the default policy "DENY".
'Read all my documents through the world-readable home folders? Another convienience feature.'
If you're that worried about your spouse/parents/kids installing malware which can do that, make your home folders non-world-readable. Or even just your sensitive documents folder non-world-readable, if you want to share e.g. your music folder with the people you share the computer with.
'My experience is that people don't keep the accounts truly separate, that's just for convienience. "Hey, can I just check my webmail for a sec?" "Sure" and your email's compromised.'
So keep them truly separate. That's what fast user switching is for. I'm pretty sure even XP has this, and it's only 2 mouse clicks away. [Start] [Switch user].
It's *easier* if you do it that way, because when you log into your PC account, your web browser will remember *your* cookie/login form details for your webmail. If everyone in the house uses, e.g. gmail, this is a bonus.
'Least not without someone more experienced than the average guy.'
OK, setting the default firewall rule of "DENY" is probably not for the average guy. The rest are pretty easy to accomplish with point-and-click UI.
"Spammers need relays to send their spam through. You can run a relay just fine as a normal user"
Not if you don't have access to the firewall settings which will open the port that allows someone to connect to your relay.
"You can mess with the internals of Firefox without root access too, through plugins. Easy to put a password stealer in there."
Yes, but without access to the system FF folder, that plugin will go in your per-user plugin directory, and will only run for you. So only your passwords will be stolen, and not those of anyone else on the computer.
"Or you could mess with your desktop settings so that when you try to launch a browser, you get a compromised version instead."
Again, only works for one user.
Of course, the "only works for one user" argument is better if presented in reverse. If your less-computer-literate kid/spouse/parent can't accidentally run code that sets up a visible relay, or installs a system-wide password sniffer, or messes with your desktop, then your desktop/browsing experience will not be fucked with no matter what they accidentally do.
Furthermore, you'll be in a position to be able to clean their account up for them without having to wipe and reinstall the whole machine (including all your precious stuff) which you would have to do if system files had been cracked.
approach to fighting telemarketing spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it (x) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (x) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers (x) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical (x) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email (x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
The Linux kernel<->user ABI is stable, and has been since 2.0.0. Any userland code (the kind that normally makes calls through glibc) that made its own syscalls directly to 2.0.0 will work fine with zero changes on 2.6.26. Many programs written for Linux 1.x will also work fine, as the 1.x -> 2.0 change was to do with binaries being ELF instead of a.out by default. The syscall interface did not change, or if it did, did not change significantly in that time.
It's only the kernel internals (including drivers) that are not stable, but you don't actually want them to be stable. You think you do, but you don't.
I agree. I think I'm just using different terminology that you:)
To me, to "provide for the greater good of society" and to desire "that our quality of life and livelihood can and will be protected" is a valid ethical argument. It's not a personal moral (a word I don't like as it has connotations of mandated religious dogma, and not something that can be rationally studied, debated and updated, which I think ethics should be) argument, but is still an ethical argument.
"if the only argument against something is that it is illegal then I don't consider that to be an argument at all."
You don't have to just not consider it an argument, it isn't an argument.
You either have to base your laws off of your ethics, or your ethics off of your laws. You can't do both, as that's just circular reasoning, which is a logical fallacy, and therefore not a valid (i.e. rational, logical) argument.
If you base your ethics off of your laws, where do these laws come from? Well, I suppose if you're particularly religious then you might think that eternal, unchangeable laws come from God and fixed morals are based off of those. But if that is the case then you ought to still be selling your daughter into slavery, killing people who insisted on working the sabbath, etc...
No, laws are made by people, based off of their ethics.[0] We[1] decide what is legal and illegal based on what we believe is right and wrong.
But, the law-making process is not perfect. Sometimes laws were made in an earlier time, and our definition of what is right and wrong has changed since then. Sometimes laws are made imperfectly and do not solve the problem they were trying to. Sometimes they accidentally cause a greater problem than the one they were trying to solve.
If any of these are the case, it is up to people to write new laws, or strike existing ones from the books, in order to bring the law better in line with our ethics. It would be completely illogical to say that because a law exists, we must alter our ethics to adhere to it, and never change those ethics again. If that were the case, black people would still be giving up their seats on buses for white people.
It is therefore completely logically invalid to decide whether something is right or wrong based on whether or not it is illegal. We need to decide whether something is right or wrong solely from other ethical arguments. Only then can we create laws (if we have determined that laws need creating) to protect or outlaw a particular behaviour.
[0] Ignoring laws which are purchased by lobbyers for the purpose of this discussion.
[1] "We" meaning "the people that we have freely chosen (elected) to make such decisions on our behalf."
(Disclaimer: I used KDE 4.0, was aware it was a developer release, and liked it for what it was despite the lack of polish. I've been using the KDE 4.1 betas and RCs for a while and really like what's been done and it's really usable for me. But YMMV and there are some parts that aren't up to par with 3.5.x yet. That's fine - I didn't use those parts. But if you are using them, then 3.5.x is still being patched and updated, so it might be worth waiting 'til 4.2 before you switch.)
I find it odd that "59.1% of users are running the most up-to-date browser available to them, and that a decent number of people were not running fully-patched versions."
Surely if 59.1% of people are running the most up-to-date browser, then 40.9% will not be running fully-patched versions. Why bother with the "a decent number" hand-waving when you've got a hard number you could put in there?
...so why are VIA trying to split open source driver development resources instead of partnering with/providing support for the existing project that is already being run by a Linux kernel developer. IMO that would do more to actually help the state of open-source drivers, instead of sounding more like a grab for headlines.
Re:My heterogeneous experience with Cell processor
on
Panic in Multicore Land
·
· Score: 2, Interesting
"you can't use all C++ features on them (no C++ exceptions, thus can't use most of the STL)"
OK, I have to ask - why on earth can't you use C++ exceptions on them?
After all, what is an exception? It's basically syntactic sugar around setjmp()/longjmp(), but with a bit more code to make sure the stack unwinds properly and destructors are called, instead of longjmp() being a plain non-local goto.
What else is there that makes C++ exceptions unimplemenatable?
Slashdot Mirror
Hmmm....I didn't quite get the distinction across that I meant to. Distributing copies to other people does not affect your copies of the software. When you distribute to other people, those copies are someone else's copies of the software.
This is what copyright law regulates, the creation and distribution of copies. If the copies of the software remain yours, you can do whatever you want to them.
It is when you try to do something normally prohibited by copyright - create new copies and distribute them to someone else - that the GPL starts to apply. Clause 9 of the GPL3 (clause 5 of the GPL2) explains this quite well.
(Although, looking at it those clauses now, it does appear to prevent you from modifying private copies. This is odd, as copyright does not prevent you from modifying personal copies of other copyrighted works - you are allowed to tear pages out of a book, or deface artwork that you own. Odd. I'd never noticed that before.)
Is that clearer?
"Except the Apple ad didn't use the word "access""
Sorry. My bad. I misread your previous post where you directly quoted "all the parts of the internet" and just put "access" there myself.
Having read the actual adjudication now (OK, I should have done that earlier), I still side with Apple.
I am interested in the ASA line which states their reasoning is based on the idea that "viewers were likely to expect to be able to see all the content on a website normally accessible through a PC". I have a Linux/PPC personal computer (PC). Given that the complaint has centered on Java and Flash, which are not yet supported well enough on my PC platform to render all the Java and Flash on the internet, the iPhone still does render all the content which is normally accessible through my PC.
Of course, what the ASA seem to be saying is that the iPhone cannot view "all the content on a website normally accessible through a Windows/x86 PC". They also seem to concentrate exclusively on websites, and neglect to mention any other internet services which the iPhone apparently has access to.
Is this what it has come to? "The Internet" now consists solely of the WWW which hosts content viewable by Windows PCs? Bah!
"That's not an artefact of proprietary software, it's basic copyright. I can download Ubuntu, but I do not own Ubuntu."
You own that copy of Ubuntu, same as you own books that you buy.
Owning a copy of a copyrighted work is different from owning the copyright to a copyrighted work. You can own copies of works copyrighted by other people. You can own a copy of "Harry Potter". You can own copies of Ubuntu.
Theoretically, you should be able to own copies of Windows as well. However, Microsoft insists that you do not own copies of Windows, rather that you license them from Microsoft, and are therefore bound by the license agreement (EULA) which is much more restrictive than copyright would allow. For example, license agreements typically prohibit you from studying (reverse-engineering) your copy in any detail, which copyright has no domain over. You are allowed to calculate character and word frequencies in a book you own. You are allowed to calculate a reading age for the book and the number of pages to get an idea of how long it will take to read (equivalent of benchmarking?). And, you are allowed to re-sell a book that you own, provided you do not keep any private copies of the work you may have made for your own convenience (e.g. blow-up photocopies for studying the typeface used), and the author or publisher has no say in the matter at all.
Note that these user license agreements are different from the GPL and other Free Software licenses. The GPL does not impose any restrictions at all on what you can do with your copy of the software. All the things you can do with a book you own, you can do with a copy of some Free Software that you own. You can inspect it, run it, benchmark it, add bits to it, remove bits from it, etc...
Rather, the main thing that the GPL does is allow you to make and distribute further copies of the work (something otherwise prohibited by copyright) provided you follow certain rules. Which includes, as you point out, not selling it as your own work sans source code.
See this response for what I think the correct definition of being able to "access all of the internet" is. I hope that addresses it.
Stupid claim? I think it's a stupid definition.
I think a much more sensible definition is that if a device can send an arbitrary IP packet to any/all internet hosts, and any/all hosts can send one back to that device in response, then that device can access all the parts of the internet.
But, as demonstrated by this thread, it all depends on how you interpret "access", which we differ on. And it doesn't look like we're making much headway in changing each others minds. :-/
As a followup, do you think that adverts should be prohibited from using any technical terms in case the public either fails to understand, or worse misunderstands, those terms and is consequently mislead by their own ignorance? If so, are you just as annoyed at the cosmetics industry with all their science (and pseudo-science) jargon?
(Oh, I'm British btw.)
"so you should be prohibited from claiming that: all the parts of the internet are on [Insert name of device]"
OK, I've looked at the ads and that is never claimed. Ad 2 just says "This is the web", and ad 4 says "this is not a watered down version of the internet. It's not the mobile version of the internet. It's not the kinda sorta looks like the internet internet. It's just the internet"
I don't see how that claim is nearly as far reaching as you are taking it to be. It's not. It doesn't say you can view every single format ever created anyone ever.
According to your definition being able to access "all the parts of the internet" is impossible anyway. There are things that pretty much only IE can render, and there are things that IE is incapable of rendering. (SVG, KDE plasmoids, XHTML sent with the correct mimetype, Wordperfect 1.0 documents, etc...). That makes the phrase "all the parts of the internet" effectively meaningless puffery. Even if that phrase had been used in the Apple ad, seeing that it can never be true of any product, I don't see how it could not fall under the definition of a "term frequently used to denote the exaggerations reasonably to be expected of a seller as to the degree of quality of his product".
"Of course, given your stated views on Flash you probably can't watch it without defiling your computer with closed software."
Actually, Gnash is good enough these days for YouTube to work. :-p
By extension, are you saying that any browser which is unable to render ActiveX content is unable to "access the web" and should be prohibited from making such claims?
you win the hairsplitter of the year prize.
Hairsplitter of the year? For using the word "access" in the exact and pretty much only meaning it has on the internet? To be able to access a resource is to be able to download it. "Access control" does not prevent you from rendering content you've downloaded (accessed), it prevents you from downloading (accessing) it in the first place. See, for example Authentication, Authorization and Access Control. Notice the word "access"?
How the fuck is using a word exactly as it is intended, and exactly as it is widely understood by pretty much everyone who has anything to do with internet technologies, hairsplitting?
My Linux PC can access all of the web[0]. Anything that is on the web, including flash files, I can access.
What I do with that access is my own business. I might want to md5 the content in order to write it's fingerprint to a database. I might want to try to reverse-engineer the content in order to write my own flash player. I might want to attach it to an email to send to someone else.
Like my PC, the iPhone can access the content and could do any those things I listed above. (Or it could if md5ers and hex editors were available for it). That it can't render proprietary content which is released by proprietary ISVs who have a terrible record of supporting more than a single platform well should be a surprise to no one.
I'm not an Apple fan. I own none of their products. But I do think that them getting slapped down for Adobe not supporting their platform is a bit fucking harsh.
[0] Well, all of the web I am authorised to access.
Replying to your own posts is bad form, but....
This ruling means that no computer can "access all of the web", because there is content on some websites which are not renderable on all platforms.
For example, embedding binary KDE/Linux/x86-64 plasmoids on a website (e.g. with this plugin) would make that content unusable on IE/Wintel-32 and many other browser platforms.
Therefore, being able to "access all of the web" is meaningless. Marketing fluff.
The iPhone can access flash and java content perfectly.
That it can't render it is a different argument entirely. It's particularly specious for proprietary shite like Flash which subverts the whole paradigm of the web being built around open protocols and formats.
Jeez, I suppose my Linux/PPC box can't access "all of the web" because fscking Adobe haven't been gracious enough to release Flash for it yet, and Gnash doesn't work perfectly on all flash "content".[0]
Utter bollocks.
[0] "content" in used here its loosest possible sense, which includes "effectively content-free content".
"all the botnet client has to do is open a VPN connection"
Is that all? Wow, if only setting up tun/tap virtual network devices for VPNs required root access. Oh, wait a minute, it does.
Of course, it's actually simpler than that. All the botnet client has to do is open a TCP connection to a server (e.g. an IRC server) and accept commands from there. (e.g. Send this 10k email to these 25k email addresses.)
However, running an open mail relay, which is what the great-grandparent was talking about though, /is/ solved by the basic firewall rule of not allowing incoming network connections from anywhere. That is generally a bit restrictive though, so the default OOTB experience might ought to be to allow incoming zeroconf/filesharing connections to private address ranges (192.168.*, 10.*), and block all other incoming connections.
"First, most of the time, there is only one user."
As I asked of Sentry21 a couple of posts above, do you have any data at all to back that up? A study, news article, poll... anything but your anecdotal assertion that this is the case?
As I pointed out to Sentry21, my worthless anecdotal evidence from me and the people I know leads me to believe that most computers are used by more than one person, and that these people tend to have their own accounts on those computers.
"Second, as others have pointed out, there have been numerous local root escalation exploits."
OK, that is a problem. But as defense in depth goes, requiring an attacker to exploit a local root escalation in order to fuck over everyone else's account on the system is clearly better than the alternative of having everyone run as root, and the first bit of "dancing bunny" malware automatically own the whole system.
If we get away from the Wintel32 monoculture and end up with a nice range of mail/shell/OS/arch combinations (e.g. Thunderbird/KDE/Linux/PPC vs. Claws/Gnome/OpenBSD/x86-64) then local root escalations will be harder for attackers to take advantage of too.
And SELinux. Someday... :)
"Given that most computers running Firefox these days are single-user systems"
I'm sorry, but that's not a given. Do you have any study, article, poll or other even tenuous/unscientific bit of actual data to back that assertion, or are you just making shit up?
Most people I know use computers that are used by workmates, partners and/or kids. And they use different accounts for each. Yes, I know that's an anecdote and not statistically valid, but then neither is your contention.
'Unless you happen to run one of the desktop distros which usually have a default policy of ACCEPT.'
So, as the administrator, make the default policy "DENY".
'Read all my documents through the world-readable home folders? Another convienience feature.'
If you're that worried about your spouse/parents/kids installing malware which can do that, make your home folders non-world-readable. Or even just your sensitive documents folder non-world-readable, if you want to share e.g. your music folder with the people you share the computer with.
'My experience is that people don't keep the accounts truly separate, that's just for convienience. "Hey, can I just check my webmail for a sec?" "Sure" and your email's compromised.'
So keep them truly separate. That's what fast user switching is for. I'm pretty sure even XP has this, and it's only 2 mouse clicks away. [Start] [Switch user].
It's *easier* if you do it that way, because when you log into your PC account, your web browser will remember *your* cookie/login form details for your webmail. If everyone in the house uses, e.g. gmail, this is a bonus.
'Least not without someone more experienced than the average guy.'
OK, setting the default firewall rule of "DENY" is probably not for the average guy. The rest are pretty easy to accomplish with point-and-click UI.
"Spammers need relays to send their spam through. You can run a relay just fine as a normal user"
Not if you don't have access to the firewall settings which will open the port that allows someone to connect to your relay.
"You can mess with the internals of Firefox without root access too, through plugins. Easy to put a password stealer in there."
Yes, but without access to the system FF folder, that plugin will go in your per-user plugin directory, and will only run for you. So only your passwords will be stolen, and not those of anyone else on the computer.
"Or you could mess with your desktop settings so that when you try to launch a browser, you get a compromised version instead."
Again, only works for one user.
Of course, the "only works for one user" argument is better if presented in reverse. If your less-computer-literate kid/spouse/parent can't accidentally run code that sets up a visible relay, or installs a system-wide password sniffer, or messes with your desktop, then your desktop/browsing experience will not be fucked with no matter what they accidentally do.
Furthermore, you'll be in a position to be able to clean their account up for them without having to wipe and reinstall the whole machine (including all your precious stuff) which you would have to do if system files had been cracked.
It's amazing how versatile this document is.
Your law advocates a
( ) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting telemarketing spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
The Linux kernel<->user ABI is stable, and has been since 2.0.0. Any userland code (the kind that normally makes calls through glibc) that made its own syscalls directly to 2.0.0 will work fine with zero changes on 2.6.26. Many programs written for Linux 1.x will also work fine, as the 1.x -> 2.0 change was to do with binaries being ELF instead of a.out by default. The syscall interface did not change, or if it did, did not change significantly in that time.
It's only the kernel internals (including drivers) that are not stable, but you don't actually want them to be stable. You think you do, but you don't.
I agree. I think I'm just using different terminology that you :)
To me, to "provide for the greater good of society" and to desire "that our quality of life and livelihood can and will be protected" is a valid ethical argument. It's not a personal moral (a word I don't like as it has connotations of mandated religious dogma, and not something that can be rationally studied, debated and updated, which I think ethics should be) argument, but is still an ethical argument.
po-tay-to, po-tah-to.
"if the only argument against something is that it is illegal then I don't consider that to be an argument at all."
You don't have to just not consider it an argument, it isn't an argument.
You either have to base your laws off of your ethics, or your ethics off of your laws. You can't do both, as that's just circular reasoning, which is a logical fallacy, and therefore not a valid (i.e. rational, logical) argument.
If you base your ethics off of your laws, where do these laws come from? Well, I suppose if you're particularly religious then you might think that eternal, unchangeable laws come from God and fixed morals are based off of those. But if that is the case then you ought to still be selling your daughter into slavery, killing people who insisted on working the sabbath, etc...
No, laws are made by people, based off of their ethics.[0] We[1] decide what is legal and illegal based on what we believe is right and wrong.
But, the law-making process is not perfect. Sometimes laws were made in an earlier time, and our definition of what is right and wrong has changed since then. Sometimes laws are made imperfectly and do not solve the problem they were trying to. Sometimes they accidentally cause a greater problem than the one they were trying to solve.
If any of these are the case, it is up to people to write new laws, or strike existing ones from the books, in order to bring the law better in line with our ethics. It would be completely illogical to say that because a law exists, we must alter our ethics to adhere to it, and never change those ethics again. If that were the case, black people would still be giving up their seats on buses for white people.
It is therefore completely logically invalid to decide whether something is right or wrong based on whether or not it is illegal. We need to decide whether something is right or wrong solely from other ethical arguments. Only then can we create laws (if we have determined that laws need creating) to protect or outlaw a particular behaviour.
[0] Ignoring laws which are purchased by lobbyers for the purpose of this discussion.
[1] "We" meaning "the people that we have freely chosen (elected) to make such decisions on our behalf."
...from the KDE devs, read this before you install:
http://techbase.kde.org/Schedules/Is_KDE_4.1_for_you%3F
(Disclaimer: I used KDE 4.0, was aware it was a developer release, and liked it for what it was despite the lack of polish. I've been using the KDE 4.1 betas and RCs for a while and really like what's been done and it's really usable for me. But YMMV and there are some parts that aren't up to par with 3.5.x yet. That's fine - I didn't use those parts. But if you are using them, then 3.5.x is still being patched and updated, so it might be worth waiting 'til 4.2 before you switch.)
Actually, it would probably be "Y"
(Damnit, that's "Yↂ" but the ROMAN NUMERAL TEN THOUSAND is not showing up for me in preview! Here's hoping it does in the final page...)
But this problem has already been solved in a backwards-compatible way.
See RFC 2550 - Y10K and Beyond.
I find it odd that "59.1% of users are running the most up-to-date browser available to them, and that a decent number of people were not running fully-patched versions."
Surely if 59.1% of people are running the most up-to-date browser, then 40.9% will not be running fully-patched versions. Why bother with the "a decent number" hand-waving when you've got a hard number you could put in there?
...so why are VIA trying to split open source driver development resources instead of partnering with/providing support for the existing project that is already being run by a Linux kernel developer. IMO that would do more to actually help the state of open-source drivers, instead of sounding more like a grab for headlines.
This seems especially stupidly timed the LDP's recent status report.
"you can't use all C++ features on them (no C++ exceptions, thus can't use most of the STL)"
OK, I have to ask - why on earth can't you use C++ exceptions on them?
After all, what is an exception? It's basically syntactic sugar around setjmp()/longjmp(), but with a bit more code to make sure the stack unwinds properly and destructors are called, instead of longjmp() being a plain non-local goto.
What else is there that makes C++ exceptions unimplemenatable?
Offtopic? WTF? How is "I read TFA and it doesn't make sense or explain things well" offtopic?!?