Even nicer are proxies that let you use regexp to specify disallowed sites. I use squid with a collection of many people's blockfiles for use with junkbuster (which is available for windows iirc).
This way I see virtually no ads.
I agree fully about unix. I know plenty of people who use the my school's UNIX machines without knowing anything about the file system outside their home directory. Some of them also know about professor's home directories, because programming assignments are posted there.
Windows system of C:\ makes the system easier for inexperienced people who have to admin it, but makes it harder for the user, who doesn't really need to know the relation between their directorios and the actual hard drive.
I agree this is an issue when it comes to banning something for people below a certain age, but recommendations are different. It's up to you whether you degide to trust his recommendation, and whether you consider 25 minus a day close enough.
The trick is that piracy keeps their user base large, which in turn means businesses buy MS software. The warez kiddies may never pay for anything, but they're making sure lots of people know how to use MS software. Companies buy what their employees know how to use.
I have a feeling that MS is shooting themselves in the foot with the anti-piracy measures in XP.
Actually a real anonymous remailer isn't going to include any IP address info. The cypherpunks' anonymous remailers throw away all identifying information, and are not supposed to log anything. In addition they are designed to be used in series, with each one only knowing who it got the message from, and who to send it to next. As long as at least one of the series of machines you send it through isn't compromised you're safe.
The idea behind LOMAC is that newbies can use it, without it interfering overly much with their normal usage. With one or two exceptions non-root users shouldn't even notice that this has been added.
As to your suggestion about the immutable flag - that keeps files from getting changed at all by anyone. This keeps files from being changed by any proccess that could have been corrupted. Again, not nearly as intrusive as not being able to modify any system files without rebooting.
LIDS, SELinux, etc. are great in many situations. LOMAC has uses in others. It's not a better or worse thing.
The author gave a talk at our lug last week. This is my understanding of what he said.
Basically LOMAC's goal is to increase security without being intrusive. (Intrusive systems are hard to get people to use). It doesn't protect against everything, or even close to everything. It does make a class of actions which should basically never be done impossible.
It divides the fs into level 1 and level 2 parts. Level 2 stuff is things like/etc,/usr, and anything else only root should be mucking with. Level 1 is everything else. Programs begin running at level 2, and are demoted to level 1 as soon as they read a level 1 file (or from the network which is considered level 1).
This keeps someone who compromised your copy of bind running as root from reconfiguring your system. It doesn't stop them from trashing your www data, or anything else going on at level 1.
i.e. it eliminates a certain class of problems.
As to it being drop in, it's a kernel module. What is level 1 vs. level 2 in the file system is defined at compile time. There is _no_ configuration, which makes it very easy to use.
Obviously limits are needed, and most schools have limited resources. That doesn't bother me. What does is rules written so broadly that they cover most normal usage (technically using roles in pine violates our school's rules, likewise there is no way to submit programming projects in the introductory classes which doesn't break the rules (no physical acess to the cluster thay must be submitted from, and rules forbid electronically transferring project)).
The problem is that if all normal usage breaks the rules, there might as well not be any rules, since admins can accuse anyone of breaking the rules they feel like, and always be right.
In practice people in authority are reasonable, and I've never heard of any real problems, but it smells like a disaster waiting to happen.
I think this is probably the case, but in addition I think they're concerned about security.
JR Random Newbie installs linux. 12 hours later box is owned (I know, it happened to me). haxor begins scanning other networks. Other networks admins call school. Now school must track down problem.
Many commercial version control systems have this feature available - particularly older ones designed for UNIX. They will pretend to be an nfs export, and you can mount that and work on it.
I think in general the conclusion was that it's not worth the trouble. It's not much harder for a user to run checkout.
I don't think it's ever been done to the extent you describe (although as other people have mentioned VMS apparently stored old versions of files) because while reading could be done reasonably quickly, wirting is slow (you have to run diff every time), a nuciense to implement, and uses a lot of space. Imagine the added cost of version control on (say) your mail spool. Or if you overwrite a large file.
Groundhogs are relatively large rodents that live in holes in the ground. There is a tradition here (mostly kept alive by people in some little town in PA that get's lots of tourists in today to watch phil the groundhog) that if the groundhog comes of of his hole today and can see his shadow summer is just around the corner, but if he can't we're going to have more winter weather. I don't think Phil actually gets to come out of the hole of his own accord, I think he gets yanked out on schedule.
Universities are generally considered private businesses. They are not generally affected by consitutional issues that affect the government. In addition, the constitution does not guarantee you freedom of choice. Currently there are a number of laws against monopolies, because currently we do not believe in laiz faire. However 100 years ago we did, and many monopolies existed, perfectly legally. This is not a consitutional issue, it's simply a matter of current laws, and doesn't affect universities anyway.
There's a difference between something which to a casual observer appears to be reality, and something which appears to be fiction. In general we expect that when we are shown something which appears to be reality, but actually is fiction, we will be informed. An example would be the radio broadcast of War of the Worlds. There was nothing wrong with the show, but the station still had the responsibility to make it clear that it was fiction. The floating logo for the channel is clearly fiction, no one is likely to believe it exists in reality, as you pointed out, and so the station has no responsibility to point this fact out. Had they made it clear that they footage they were showing of Times Square had been altered no one would have cared - they're entitled to alter it however they choose. The problem is when they pass it off as unaltered.
also, mac plus system V should make for a really secure box.
? Mac's (imho) are secure for 2 reasons. The first is that there are few enough of them that trojan/virus writers generally ignore them. (Why write a virus that can attack x people when with the same effort you can write one that attacks 40x people?). The other is that just like windows, MacOS doesn't have the remote administration abilities that other OS's do. Out of box, for a newbie, Windows may very well be more secure than Linux for this reason. Linux is a more secure OS, but only when configured and maintained well. MacOS may be less suceptible to DOS's, however I'm not sure that's ever really been tested.
I believe his point wasn't that if a site is broken into the administrator is incompetant. It sounded more like "if it costs you 300k to fix a defaced web page you must be incompetant." Yes, patching holes takes a lot of time and effort, but 300k is also a lot of money.
After reading a comment about this posted under your last essay (which was excellent incidently) I decided to try it. It works reasonably well, particularly after I started using a 2 button mouse instead of my usual 3 button one. I solved the granularity of control problems by actually using 2 mice. I have my normal 3 button mouse on my desk, and my old 2 button one on the floor. Since they control the same cursor, if I'm having trouble doing something with my foot I can just grab the mouse on the desk. Particularly for just changing focus the mouse on the floor is very convenient. In theory you have as much control with your feet as your hands - we just don't practice with them. Houdini used to tie knots in rope with his hands, then take off his shoes and untie them all with his feet! Actually the biggest problem that I have is that the weight of my leg interferes - it presses the mouse down so that it's difficult to move.
If you're using more than 40-bit encryption, all they need to do is wait for one of your encrypted messages to leave the U.S. Then, they can either nail you on the spot for violating encryption export laws or wait for a few more messages to pile up to hit you.
I was under the impression that sending something encrypted out of the country was perfectly legal. Exporting crypto software is illegal.
Slashdot Mirror
Even nicer are proxies that let you use regexp to specify disallowed sites. I use squid with a collection of many people's blockfiles for use with junkbuster (which is available for windows iirc).
This way I see virtually no ads.
I agree fully about unix. I know plenty of people who use the my school's UNIX machines without knowing anything about the file system outside their home directory. Some of them also know about professor's home directories, because programming assignments are posted there.
Windows system of C:\ makes the system easier for inexperienced people who have to admin it, but makes it harder for the user, who doesn't really need to know the relation between their directorios and the actual hard drive.
I agree this is an issue when it comes to banning something for people below a certain age, but recommendations are different. It's up to you whether you degide to trust his recommendation, and whether you consider 25 minus a day close enough.
The trick is that piracy keeps their user base large, which in turn means businesses buy MS software. The warez kiddies may never pay for anything, but they're making sure lots of people know how to use MS software. Companies buy what their employees know how to use.
I have a feeling that MS is shooting themselves in the foot with the anti-piracy measures in XP.
Actually a real anonymous remailer isn't going to include any IP address info. The cypherpunks' anonymous remailers throw away all identifying information, and are not supposed to log anything. In addition they are designed to be used in series, with each one only knowing who it got the message from, and who to send it to next. As long as at least one of the series of machines you send it through isn't compromised you're safe.
The idea behind LOMAC is that newbies can use it, without it interfering overly much with their normal usage. With one or two exceptions non-root users shouldn't even notice that this has been added.
As to your suggestion about the immutable flag - that keeps files from getting changed at all by anyone. This keeps files from being changed by any proccess that could have been corrupted. Again, not nearly as intrusive as not being able to modify any system files without rebooting.
LIDS, SELinux, etc. are great in many situations. LOMAC has uses in others. It's not a better or worse thing.
The author gave a talk at our lug last week. This is my understanding of what he said.
/etc, /usr, and anything else only root should be mucking with. Level 1 is everything else. Programs begin running at level 2, and are demoted to level 1 as soon as they read a level 1 file (or from the network which is considered level 1).
Basically LOMAC's goal is to increase security without being intrusive. (Intrusive systems are hard to get people to use). It doesn't protect against everything, or even close to everything. It does make a class of actions which should basically never be done impossible.
It divides the fs into level 1 and level 2 parts. Level 2 stuff is things like
This keeps someone who compromised your copy of bind running as root from reconfiguring your system. It doesn't stop them from trashing your www data, or anything else going on at level 1.
i.e. it eliminates a certain class of problems.
As to it being drop in, it's a kernel module. What is level 1 vs. level 2 in the file system is defined at compile time. There is _no_ configuration, which makes it very easy to use.
Obviously limits are needed, and most schools have limited resources. That doesn't bother me. What does is rules written so broadly that they cover most normal usage (technically using roles in pine violates our school's rules, likewise there is no way to submit programming projects in the introductory classes which doesn't break the rules (no physical acess to the cluster thay must be submitted from, and rules forbid electronically transferring project)).
The problem is that if all normal usage breaks the rules, there might as well not be any rules, since admins can accuse anyone of breaking the rules they feel like, and always be right.
In practice people in authority are reasonable, and I've never heard of any real problems, but it smells like a disaster waiting to happen.
I think this is probably the case, but in addition I think they're concerned about security.
JR Random Newbie installs linux. 12 hours later box is owned (I know, it happened to me). haxor begins scanning other networks. Other networks admins call school. Now school must track down problem.
Many commercial version control systems have this feature available - particularly older ones designed for UNIX. They will pretend to be an nfs export, and you can mount that and work on it.
I think in general the conclusion was that it's not worth the trouble. It's not much harder for a user to run checkout.
I don't think it's ever been done to the extent you describe (although as other people have mentioned VMS apparently stored old versions of files) because while reading could be done reasonably quickly, wirting is slow (you have to run diff every time), a nuciense to implement, and uses a lot of space. Imagine the added cost of version control on (say) your mail spool. Or if you overwrite a large file.
I would like to patent the concept of using protiens to transport a gas through a liquid.
Groundhogs are relatively large rodents that live in holes in the ground.
There is a tradition here (mostly kept alive by people in some little town in PA that get's lots of tourists in today to watch phil the groundhog) that if the groundhog comes of of his hole today and can see his shadow summer is just around the corner, but if he can't we're going to have more winter weather.
I don't think Phil actually gets to come out of the hole of his own accord, I think he gets yanked out on schedule.
OK, I phrased that badly. I meant that only web pages allow you to connect to actual phones, I don't know of any stand alone software that does so.
University of Maryland charges a rather high "switching fee" for using calling cards I believe.
While there's a lot of software that allows you to talk over the internet, as far as I know none of it can connect to someone else at an actual phone.
University of Maryland has started charging rather high "switching fees" every time you use a calling card.
Universities are generally considered private businesses. They are not generally affected by consitutional issues that affect the government. In addition, the constitution does not guarantee you freedom of choice. Currently there are a number of laws against monopolies, because currently we do not believe in laiz faire. However 100 years ago we did, and many monopolies existed, perfectly legally. This is not a consitutional issue, it's simply a matter of current laws, and doesn't affect universities anyway.
There's a difference between something which to a casual observer appears to be reality, and something which appears to be fiction. In general we expect that when we are shown something which appears to be reality, but actually is fiction, we will be informed. An example would be the radio broadcast of War of the Worlds. There was nothing wrong with the show, but the station still had the responsibility to make it clear that it was fiction.
The floating logo for the channel is clearly fiction, no one is likely to believe it exists in reality, as you pointed out, and so the station has no responsibility to point this fact out.
Had they made it clear that they footage they were showing of Times Square had been altered no one would have cared - they're entitled to alter it however they choose. The problem is when they pass it off as unaltered.
The fact that most open source licenses repeatedly state "this product has no warranty implied or otherwise" probably does though.
also, mac plus system V should make for a really secure box.
?
Mac's (imho) are secure for 2 reasons. The first is that there are few enough of them that trojan/virus writers generally ignore them. (Why write a virus that can attack x people when with the same effort you can write one that attacks 40x people?). The other is that just like windows, MacOS doesn't have the remote administration abilities that other OS's do. Out of box, for a newbie, Windows may very well be more secure than Linux for this reason. Linux is a more secure OS, but only when configured and maintained well.
MacOS may be less suceptible to DOS's, however I'm not sure that's ever really been tested.
AC's post at 0. He wasn't moderated down.
I believe his point wasn't that if a site is broken into the administrator is incompetant. It sounded more like "if it costs you 300k to fix a defaced web page you must be incompetant." Yes, patching holes takes a lot of time and effort, but 300k is also a lot of money.
After reading a comment about this posted under your last essay (which was excellent incidently) I decided to try it. It works reasonably well, particularly after I started using a 2 button mouse instead of my usual 3 button one. I solved the granularity of control problems by actually using 2 mice. I have my normal 3 button mouse on my desk, and my old 2 button one on the floor. Since they control the same cursor, if I'm having trouble doing something with my foot I can just grab the mouse on the desk. Particularly for just changing focus the mouse on the floor is very convenient.
In theory you have as much control with your feet as your hands - we just don't practice with them. Houdini used to tie knots in rope with his hands, then take off his shoes and untie them all with his feet! Actually the biggest problem that I have is that the weight of my leg interferes - it presses the mouse down so that it's difficult to move.
If you're using more than 40-bit encryption, all they need to do is wait for one of your encrypted messages to leave the U.S. Then, they can either nail you on the spot for violating encryption export laws or wait for a few more messages to pile up to hit you.
I was under the impression that sending something encrypted out of the country was perfectly legal. Exporting crypto software is illegal.
Yeah. They suggested that the people were a lot cheaper to produce.