Guess what, the general public doesn't want excuses. Corporate IT folks dont want excuses.
They just want to get their work done.
Then pay for it. Don't make excuses. Either fix it yourself, pay some one to fix whatever problems you have, or go whine somewhere else. Use some other WP. If it costs money and requires another OS that costs more, pay up. You just want to get your work done, right?
I'd suggest you go buy computers with everything you need pre-installed. You're going to have a hell of a time getting Linux installed on 100*N boxes, and then installing AbiWord or anything else on them all. (Although some folks invest the time to learn what they're doing, and replicate clusters in 15-20 minutes per box, it doesn't sound like you want to.) It could be worse. You might have to install Windows and Office on all those boxes yourself.
You don't have to be limited to what your compiler vendor supplies, or the extra libraries you (or your company) can afford. CPAN provides an enormous repository of useful (and usually well-written and well-tested) tools that no other language approaches.
But of course, you need to use perl.
Netlib may be the closest thing I know of for numerical analysis. While CPAN doesn't have the depth of numerical analysis the netlib does, it has much more breadth. I can usually find something that makes a new project much more quickly than I can code it up myself. CPAN is one of the big reasons I use perl
Keep you credit card in your wallet, leave the purchase requisitions in the file folder; keep your money and your sanity. Just check out CPAN!
Large scale correlation
on
Future Of IDS
·
· Score: 4, Interesting
I wonder if the author would credit things like my NetWatchman or Security Focus's Aris as large scale correlation efforts? I know it would probably be tough to get much more specific, as you could generate a huge amount of traffic trying to correlate every wierd package that hit many boxes.
First: make sure product liability applies to software products. That will, at some point, allow users to sue companies who foist lousy software on us, which in turn creates security headaches. Code Red and NIMDA are the worst examples of this to date. It could have been much worse.
Second: Congress needs to do some serious thinking about common-carrier issues for the internet. It seems reasonable to say a phone or cable company, for instance, cannot preferentially transmit information while blocking traffic from another source. Problem is, this is what we count on to block probes and flood traffic. Please try to keep RIAA, MPAA, and other intellectual property thugs out of these deliberations!
Third: it seems Dubya and his cronies don't have a really good idea how to handle security. Ask them for details on how a redundant govnet will increase security before giving them lots of money to hand out to their favorite contractors.
Fourth: push available technology. NSA with SEU Linux is a great idea. How about pushing IPv6 and IPSEC, for instance by including it in communication RFPs? That would increase the availability (from virtually nil) and help work out the bugs. How about specific funding to increase the security of notoriously insecure government computers hooked up to the net? The GAO will tell you, after they finish laughing, how well secured government nets are.
I also like the idea of computer security scholarships. Are these still around after the change in administration?
Compete against a company with apparently unlimited resources. They can keep throwing programmers at you, buying more magazine ads, articles, and columnists than you*, and keep doing this until you fail. Microsoft, with a monopoly on operating systems and OS revenue, comes to mind.
Borland languages? Hire away their best programmer. Netscape? Give away a product to undercut them. Wordperfect? Buy ads until the reviews start tilting your way, and (in the Netscape preview) bundle it with the OS for 1/4 to 1/8 the retail price of the competition. 1-2-3, ditto.
*A recent newsgroup article said of a magazine, "Everything in [the magazine] is an advertisement, and some of them are marked as such."
Maybe if he was chief of the Microsoft PAC, he gets the credit for preventing the breakup of Microsoft. That was a very effective job of security, and so he's therefore highly qualified.
Depends on what you expect from "security," I guess.
AT&T, for all its problems, is the only one of their top three customers that has a chance of reconnecting its cable customers in a timely fashion. Why would excite go after the capable one, instead of making an example of Comcast or Charter?
and kind of sad, too. Seems almost nobody on slashdot wants software that is secure. We'd rather have it complex, with lots of bells and whistles. Really???
Let's face it, the guy is, unfortunately, right. C and C++ ARE crappy languages, in that they rely on the programmer to ensure there are no buffer overflows. Other languages do offer such protection. OK, they may be different from what you are used to working with, but too many programmers (me included) don't check for overflows. As a result, we get bugs. Some merely crash the program or the system, some can be used to crack the whole box.
Who's to blame? Designers, programmers, consumers? It's tough work to retrofit security into an insecure design -- look at all the work sendmail has required in the last five years. In general, only those programmers who have been bitten by a security bug take the time to put in the extra checks -- it slows down the programming and the program. As for consumers, we'd all rather have the latest and greatest."features." (Like Clippy!) Until you've been bitten, of course; mine came when somebody hijacked my 14.4k dial-up connection to relay spam.
Why don't we return all the software that crashes, like everybody's talking about doing with the new copy-protected CDs? What do you need with the new Office XP that wasn't in Office 95, for example? The new, improved, crash-resistance?;)
Too bad they don't have a lameness filter on the submission box though, that would theoretically keep most Jon Katz articles from ever making the front page;)
Durn straight. If/. ever institutes account filters like Linux Today, that's my first target.
Oh, I guess I'd miss a good discussion or two. Every year or two.;)
You might want to institute something like the slashdot system, and let your users do the moderating. IIRC, AOL was held liable in a slander suit because they (AOL) were moderating users' posts. The act of moderating, to our brilliant judiciary (hack, spit!), is equivalent to your agreeing with, and even stating yourself, everything that's left on your message board. Let the slashdotters push the crap to the bottom of the heap; you're not exercising editorial control then.
It's good that you're thinking about this now, because I suspect political arenas would attract more lawyers and highly inflammatory idiots than most. That combination is asking for lawsuits, IMHO.
Their "backup plan" is a joke. Got the e-mail this morning (sent at 11:30 last night, BTW). For you: possible outages, loss of any data on @home, and we'll give you a credit on downtime and modem rental. In the meantime, look at the Comcast backup plan: NetZero.
There is at least one good ISP in my town. Doubt if they're smart enough at Comcast to negotiate compentent people taking over, though.
Does that mean the California judiciary gets it? First the appeals court decides against RIAA in the DeCSSS trade secrets case, then they allow unbundling in the Adobe case, now they see postings as opinions.
Will they blow it all in March (Sklyarov hearing), or should we start thinking about migrating to California, last refuge of the sane within the USA?
No, you don't understand what a "target" is. There are Windows targets like 95, 95OSR2, NT 3.5, 98, NT 4, ME, etc. - this is the number of operating systems the application can be installed on. Notice all the above are closely related, and, and least for a given "setup.exe," they all install on one chip (or chips that emulate that i386).
Now contrast that with an application with mulitple targets. SunOS with Sun cc, SunOS with GCC, Solaris with cc or gcc, Irix with SGI cc or gcc, HP, Alpha, StrongARM, or Intel, each with at least one unique operating system and compiler, and possibly with varying windowing systems, etc.
Perhaps "troll" is too strong a word. Nevertheless, a good project like this must compile and work in a far richer group of environments than the typical M$ user even knows about.
Since you have to be a contributor to gnome to vote, is it really any surprise these contributors didn't go and elect an outside agitator to be a spokesman?
Of course, this assumes you have a single target platform (or a very limited set, like half a dozen Windows targets). Since the question was asked for a project with multiple target platforms, double-clicking setup.exe is irrelevant.
I can understand the European desire to avoid dependence on a U.S. military system, but I think this is misplaced. Given the increasing civilian uses for GPS, including the proposed "next-generation" air traffic control system that would rely on GPS, the only way the military could turn it off now would be if the U.S. were under missile attack. At that point, the first strike or retaliatory (nuclear) strike would probably wipe out all civilian satellites anyways.
But, it's a free world! If the Europeans want to waste $3.6 billion (give or take another billion or two), they should go ahead! Higher taxes in Europe, increasing the attractiveness of American goods! If they waste enough, American manufacturers can stay on top of the economic battles for another generation!
BTW, paid vs. free doesn't always matter. Look at the world's largest software monopoly, and all the PCs everybody's going to buy this Christmas loaded with what operating system? (But just in case, maybe Garmin just needs to start contributing to some political campaigns on the other side of the pond...)
(slow, deep breath) Er, when the mirrors get caught up, there should be a patch-2.4.16.gz file for 2.4; one could hope there will be an (identical) patch-2.5.1.gz file in the 2.5 directory...
Absolutely. And this is supposed to be a network security outfit. (disgusted grimace) Trouble is, these idiots fail to make clear where the responsibility for "solid software design" lies -- right on the shoulders of the people putting the information out in the open. It's like taking Martha Stewart's idea to the extreme -- collect all the credit cards in town and line the public swimming pool with them, and then put signs up saying, "Please do not copy down credit card numbers!"
Maybe we do need some kind of accreditation. Any idiot can claim to be a security expert in the computer field. Can any convicted burglar claim to be a locksmith?
Did you notice the part about TV watching? Looks like there's a peak in the test scores for kids watching around 2-3 hours per school day.
As a parent, I wasn't surprised to see the dip with 5-6 hours (or more) - how are they supposed to homework? But, given what my children watch, I'm surprised it has any positive influence. Or is this a side effect of the socio-economic factors - kids whose families can afford a TV score better than those who can't? (How many families don't own a TV any more? I'd have thought that was vanishingly small!)
Lawrence Lessig came out the other week saying the geeks who helped create the internet, and enjoy the freedom it was designed to permit, are not helping to defend that freedom. Those who want to limit or eliminate that freedom, from big business who wants to sell you something, to those who want to use it to watch your every move, are winning the political battle by default.
This is the time to prove Lessig wrong. I don't know how to get a congresscritter's attention any more. They only used to pay attention to postal mail, which they are afraid to open now. But between telephone, fax, e-mail, and watching out for him when he comes into town, I intend to let my congresscritters know not just how much I despise this crock, but why.
It's time for a call to arms. Slashdotters can take down almost any web site, because there's lots of us and we're not too lazy to click on a few buttons. But if we want to avoid the tremendous pitfall this treaty will engender, it's time to slashdot Congress. I doubt there will be 10,000 phone calls, pieces of mail, etc., the entire Congress will get because of newspaper, radio, or TV coverage. If we're not too lazy, we can generate a normal./ volume in faxes, phone calls, and so forth, we can make ourselves heard.
The alternative is to whimper, roll over, and cringe.
None of the major backbones are willing to provide IPv6 connections. The U.S. Government contracts out almost all of its long-haul communication requirements. They used to get AT&T to build underground bunkers for them, but now they get nothing. Why not start by requiring IPv6 in all government RFPs/RFQs for long-haul comm? That should provide an instant market to kick-start IPv6, complete with all the security features that have already been designed.
Although terrorists or resistance fighters rarely are afraid to die for their causes, they usually don't want to bring large-scale destruction to those they seek to defend. So contagious diseases are NOT good agents of bioterror for most purposes.
Smallpox is not the threat-- it is well-guarded, so it is beyond the means of the lone lunatic. The more organized people like bin Laden's group are unlikely to use it.
It's possible, however, that a group of Western civilization-hating Luddites (like Al Quaeda) from a remote part of the world (like Afghanistan) would be willing to use this on remote foreign soil (like America).
The rationale in that case would be, first, it will kill lots of Americans. Second, it will scare a bunch more. Third, they will probably get it under control, at great expense, before it gets to us. And fourth, if smallpox does get back to us, we live in isolated villages and towns. It won't spread fast when it gets here. And those wonderful American doctors will be spreading vaccine before more than a few of our people get sick.
And if Iraq has a secret store, which of the above would not also apply to them? Remember too, that the moment an outbreak of smallpox occurs, the vaccine will be released. Rich and powerful men may well calculate they can steal or buy vaccine to protect themselves as soon as the CDC lets go of the vaccine.
Microsoft says it's "irresponsible" to expect them to get a patch out for a critical flaw within "a few days."
And of course, this is one of the things that has pushed full and open disclosure: "a few days" is indeterminate. Sometimes, it's going on ten years, sometimes it's ten weeks or ten hours.
What Microsoft (and other major vendors) could do, of course, is adopt a clear and reasonable policy. "We will fix all security holes within two weeks or contact you, explain why it is taking longer, ask you to delay a public announcement, and give you credit in the bug-fix announcement for finding the vulnerability."
It'll happen right after all the XP bugs are fixed.
Slashdot Mirror
I think I just heard KidSock volunteer to write the MSWord 97 import/export module for you.
Guess what, the general public doesn't want excuses. Corporate IT folks dont want excuses.
They just want to get their work done.
Then pay for it. Don't make excuses. Either fix it yourself, pay some one to fix whatever problems you have, or go whine somewhere else. Use some other WP. If it costs money and requires another OS that costs more, pay up. You just want to get your work done, right?
I'd suggest you go buy computers with everything you need pre-installed. You're going to have a hell of a time getting Linux installed on 100*N boxes, and then installing AbiWord or anything else on them all. (Although some folks invest the time to learn what they're doing, and replicate clusters in 15-20 minutes per box, it doesn't sound like you want to.) It could be worse. You might have to install Windows and Office on all those boxes yourself.
You don't have to be limited to what your compiler vendor supplies, or the extra libraries you (or your company) can afford. CPAN provides an enormous repository of useful (and usually well-written and well-tested) tools that no other language approaches.
But of course, you need to use perl.
Netlib may be the closest thing I know of for numerical analysis. While CPAN doesn't have the depth of numerical analysis the netlib does, it has much more breadth. I can usually find something that makes a new project much more quickly than I can code it up myself. CPAN is one of the big reasons I use perl
Keep you credit card in your wallet, leave the purchase requisitions in the file folder; keep your money and your sanity. Just check out CPAN!
I wonder if the author would credit things like my NetWatchman or Security Focus's Aris as large scale correlation efforts? I know it would probably be tough to get much more specific, as you could generate a huge amount of traffic trying to correlate every wierd package that hit many boxes.
First: make sure product liability applies to software products. That will, at some point, allow users to sue companies who foist lousy software on us, which in turn creates security headaches. Code Red and NIMDA are the worst examples of this to date. It could have been much worse.
Second: Congress needs to do some serious thinking about common-carrier issues for the internet. It seems reasonable to say a phone or cable company, for instance, cannot preferentially transmit information while blocking traffic from another source. Problem is, this is what we count on to block probes and flood traffic. Please try to keep RIAA, MPAA, and other intellectual property thugs out of these deliberations!
Third: it seems Dubya and his cronies don't have a really good idea how to handle security. Ask them for details on how a redundant govnet will increase security before giving them lots of money to hand out to their favorite contractors.
Fourth: push available technology. NSA with SEU Linux is a great idea. How about pushing IPv6 and IPSEC, for instance by including it in communication RFPs? That would increase the availability (from virtually nil) and help work out the bugs. How about specific funding to increase the security of notoriously insecure government computers hooked up to the net? The GAO will tell you, after they finish laughing, how well secured government nets are.
I also like the idea of computer security scholarships. Are these still around after the change in administration?
Compete against a company with apparently unlimited resources. They can keep throwing programmers at you, buying more magazine ads, articles, and columnists than you*, and keep doing this until you fail. Microsoft, with a monopoly on operating systems and OS revenue, comes to mind.
Borland languages? Hire away their best programmer. Netscape? Give away a product to undercut them. Wordperfect? Buy ads until the reviews start tilting your way, and (in the Netscape preview) bundle it with the OS for 1/4 to 1/8 the retail price of the competition. 1-2-3, ditto.
*A recent newsgroup article said of a magazine, "Everything in [the magazine] is an advertisement, and some of them are marked as such."
Depends on what you expect from "security," I guess.
Mind you, since I'm on Comcast, I don't mind...
Let's face it, the guy is, unfortunately, right. C and C++ ARE crappy languages, in that they rely on the programmer to ensure there are no buffer overflows. Other languages do offer such protection. OK, they may be different from what you are used to working with, but too many programmers (me included) don't check for overflows. As a result, we get bugs. Some merely crash the program or the system, some can be used to crack the whole box.
Who's to blame? Designers, programmers, consumers? It's tough work to retrofit security into an insecure design -- look at all the work sendmail has required in the last five years. In general, only those programmers who have been bitten by a security bug take the time to put in the extra checks -- it slows down the programming and the program. As for consumers, we'd all rather have the latest and greatest."features." (Like Clippy!) Until you've been bitten, of course; mine came when somebody hijacked my 14.4k dial-up connection to relay spam.
Why don't we return all the software that crashes, like everybody's talking about doing with the new copy-protected CDs? What do you need with the new Office XP that wasn't in Office 95, for example? The new, improved, crash-resistance? ;)
Durn straight. If /. ever institutes account filters like Linux Today, that's my first target.
Oh, I guess I'd miss a good discussion or two. Every year or two. ;)
It's good that you're thinking about this now, because I suspect political arenas would attract more lawyers and highly inflammatory idiots than most. That combination is asking for lawsuits, IMHO.
There is at least one good ISP in my town. Doubt if they're smart enough at Comcast to negotiate compentent people taking over, though.
Will they blow it all in March (Sklyarov hearing), or should we start thinking about migrating to California, last refuge of the sane within the USA?
Now contrast that with an application with mulitple targets. SunOS with Sun cc, SunOS with GCC, Solaris with cc or gcc, Irix with SGI cc or gcc, HP, Alpha, StrongARM, or Intel, each with at least one unique operating system and compiler, and possibly with varying windowing systems, etc.
Perhaps "troll" is too strong a word. Nevertheless, a good project like this must compile and work in a far richer group of environments than the typical M$ user even knows about.
Since you have to be a contributor to gnome to vote, is it really any surprise these contributors didn't go and elect an outside agitator to be a spokesman?
Of course, this assumes you have a single target platform (or a very limited set, like half a dozen Windows targets). Since the question was asked for a project with multiple target platforms, double-clicking setup.exe is irrelevant.
But, it's a free world! If the Europeans want to waste $3.6 billion (give or take another billion or two), they should go ahead! Higher taxes in Europe, increasing the attractiveness of American goods! If they waste enough, American manufacturers can stay on top of the economic battles for another generation!
BTW, paid vs. free doesn't always matter. Look at the world's largest software monopoly, and all the PCs everybody's going to buy this Christmas loaded with what operating system? (But just in case, maybe Garmin just needs to start contributing to some political campaigns on the other side of the pond...)
(slow, deep breath) Er, when the mirrors get caught up, there should be a patch-2.4.16.gz file for 2.4; one could hope there will be an (identical) patch-2.5.1.gz file in the 2.5 directory...
Maybe we do need some kind of accreditation. Any idiot can claim to be a security expert in the computer field. Can any convicted burglar claim to be a locksmith?
Did this patch make it into 2.5 yet? :)
As a parent, I wasn't surprised to see the dip with 5-6 hours (or more) - how are they supposed to homework? But, given what my children watch, I'm surprised it has any positive influence. Or is this a side effect of the socio-economic factors - kids whose families can afford a TV score better than those who can't? (How many families don't own a TV any more? I'd have thought that was vanishingly small!)
This is the time to prove Lessig wrong. I don't know how to get a congresscritter's attention any more. They only used to pay attention to postal mail, which they are afraid to open now. But between telephone, fax, e-mail, and watching out for him when he comes into town, I intend to let my congresscritters know not just how much I despise this crock, but why.
It's time for a call to arms. Slashdotters can take down almost any web site, because there's lots of us and we're not too lazy to click on a few buttons. But if we want to avoid the tremendous pitfall this treaty will engender, it's time to slashdot Congress. I doubt there will be 10,000 phone calls, pieces of mail, etc., the entire Congress will get because of newspaper, radio, or TV coverage. If we're not too lazy, we can generate a normal ./ volume in faxes, phone calls, and so forth, we can make ourselves heard.
The alternative is to whimper, roll over, and cringe.
None of the major backbones are willing to provide IPv6 connections. The U.S. Government contracts out almost all of its long-haul communication requirements. They used to get AT&T to build underground bunkers for them, but now they get nothing. Why not start by requiring IPv6 in all government RFPs/RFQs for long-haul comm? That should provide an instant market to kick-start IPv6, complete with all the security features that have already been designed.
Smallpox is not the threat-- it is well-guarded, so it is beyond the means of the lone lunatic. The more organized people like bin Laden's group are unlikely to use it.
It's possible, however, that a group of Western civilization-hating Luddites (like Al Quaeda) from a remote part of the world (like Afghanistan) would be willing to use this on remote foreign soil (like America).
The rationale in that case would be, first, it will kill lots of Americans. Second, it will scare a bunch more. Third, they will probably get it under control, at great expense, before it gets to us. And fourth, if smallpox does get back to us, we live in isolated villages and towns. It won't spread fast when it gets here. And those wonderful American doctors will be spreading vaccine before more than a few of our people get sick.
And if Iraq has a secret store, which of the above would not also apply to them? Remember too, that the moment an outbreak of smallpox occurs, the vaccine will be released. Rich and powerful men may well calculate they can steal or buy vaccine to protect themselves as soon as the CDC lets go of the vaccine.
And of course, this is one of the things that has pushed full and open disclosure: "a few days" is indeterminate. Sometimes, it's going on ten years, sometimes it's ten weeks or ten hours.
What Microsoft (and other major vendors) could do, of course, is adopt a clear and reasonable policy. "We will fix all security holes within two weeks or contact you, explain why it is taking longer, ask you to delay a public announcement, and give you credit in the bug-fix announcement for finding the vulnerability."
It'll happen right after all the XP bugs are fixed.