0 is true, everything else is false. It makes sense to do it that way; if a function completes successfully it doesn't really matter how it does it, but it can fail in any number of ways and it's important to know which one.
It's only a lost cause if you're careless with your email address. My primary email has been active for almost 3 years now, and is relatively SPAM free. Almost all of the bulk mail I get is opt-in stuff I signed up for. And if you're curious, yes it is the email above.
I also have an alternate email address (from a former employer that never bothered to shut it off) that I use whenever I'm signing up for something I think is questionable (online merchants I haven't dealt with before, ebay, paypal, USENET, etc). It's been active for almost 2 years (one month to go) and is still perfectly usable, getting maybe 5 SPAMs a day.
Note that neither of these are typical "throw away" email addresses. Note also that I'm not going to any great lengths to keep either of them secret. You may be right in that it's a losing battle to try and keep a Hotmail or Yahoo address SPAM free, but for a real email address the only reason you should expect it to be overrun with SPAM is if you are exceptionally careless or stupid with it.
I've read a few of her books now (Dragonslayer, Lady's of Mandrygin, and another that I can't think of the title at the moment) and I've been really impressed.
grep? What good would a text-searching utility do here? "Hasn't anyone heard of dd" refers to the write-files-or-binary-patterns-here utility which can be used to overwrite the 'secret' data this article refers to.
Well, a text search of the slashdot archive for "MIT grad students buying old hard drives on Ebay" or something similar might have revealed that this story has already been posted.
Unless, of course, Taco dd'ed over the archive...
Re:Practical Applications
on
Effective Java
·
· Score: 1
If I were in your shoes I would go with VB.NET. With.NET VB finally became a real language. I still don't like using it, but I have to give it some grudging respect.
A trusted machine is one that conforms to a certification process. You don't define the certification, the remote service requires it of you. So using your metaphor, the hammer that kills someone is not in your control, you just swing it as per instructions.
The point of my metaphor is that TPM is just a tool, like a hammer. It has beneficial uses and harmful uses, and which use it is put to is not up to the tool. In the event the TPM is used to lock out certain OSs it makes no sense to blame TPM or even TCPA, the blame rests squarly on the issuer of the certificate. Most likely that would be MS, but it could just as easily be RH as I attempted to point out.
I can change software, those tiny silicon transitors are a damn site harder. But yes I agree they could do the useful stuff in software - there is no need for this stuff.
You're right, there isn't strictly a need for this. However, it would be really useful to me if I could put really strong crypto (say 2048 bit) on an ssh connection to a server I'm responsible for without bringing that server, or my home computer, to it's knees processing the encryption algorythms. It would also be really nice if there were a way to limit what machines my server would accept connections from specific remote machines. Since I can't do that currently, I err on the side of caution and leave no possibility for remote administartion.
Please read the bills before Congress, particular the "DRM in all devices" bill. To be paranoid I have to *suspect* something that is not true, not *read* something that is true.
There are no bills before Congress. Congress is not currently in session, and any bills which were undecided upon at the close of the last session are now gone, and will have to be reintroduced to the next session, which is unlikely considering the backlash against the Hollings bill, the fact that Hollings is no longer in the same position of power he was in which would have enabled him to push the bill through comittee, and the fact that the RIAA has stated that it no longer seeks such legislation.Based on that evidence I think it's quite reasonable to say that the threat no longer exists, therefore you are paranoid.
That said, though, the statement that was in response to had nothing to do with DRM.
I have access to all of Stephen King's ideas, since he publishes them in an easy-to-read and often easy-to-carry format, and yet when it comes to book writing he has a considerable advantage over me.
No, you don't have access to all his ideas, and that is one of the reasons he has considerable advantage over you. You only have access to the ideas he's finished with and decided to publish.
Software, OTOH, is generally a living document. AMI isn't finished with their BIOS idea, so it makes no sense for them, as a business which depends on their BIOS code for income, to give their competition a leg up by opening their source.
Your analogy only works for software thats "finished", meaning it's no longer being developed.
"Is it (will it be) possible to use TCPA to effectively lock-out certain operating evironments from various services (software, media, etc) solely because the operating environment is not backed by a company, and has no mechanism for paying certification fees and licenses"
The answer to this is yes, if you can't pay the fees, you don't get the certificate, so you're not trusted.
That has nothing to do with him or AMI or TCPA. Obviously MS could use TCPA with Palladium in such a way that it would lock out anyone not running Windows. Guess what, Red Hat could do the same thing. What part of "TCPA is an open spec" did you not understand?
TPM is just a tool, like a hammer. If I kill someone with a hammer, does the blame go to the hammer? No, the blame goes to me, the one who decided to use the hammer that way.
"While somebody could write a DRM application using the TPM, they could also write one without it. "
If they wrote it without TPM then it would be hacked, so TPM is pretty much a pre-requisite. So what he said is true, but yet not true.
If they wrote it with TPM it could still be hacked. TPM is just a peice of hardware that is optomized for crypto, it doesn't do anything that can't already be done (albeit a lot slower) in software.
"18. Does the TCPA support open source systems? Yes. The ability to use the TPM functionality is available to all developers of software"
Sure, if you remove anything the thought police object to.
There are people who can help you with these paranoid delusions you seem to be suffering. I suggest you look into it.
Apple APIs are developed and controlled by Apple. A person / group/company which uses those APIs and distributes software based off them must agree to their terms of use. If they violate those terms of use, and Apple does nothing, Apple is more or less legaly aproving the new use. By Approving, Apple opens themselves up to litigation.
In otherwords, Apple's own terms of use opens them up to litigation if they don't squash projects like iCommune. Like I said: stupid.
However, that isn't really my criticism of Apple, which I think is neatly summarized thusly:
Apple: "Here's a nifty Software Developement Kit, bit you can't use it to develope software."
THAT is what I'm saying is stupid. The fact is that Apple isn't going after iCommune because it's a p2p app. I wouldn't really have a problem with that, as I don't support piracy (never mind that the specific itch iCommune was developed to scratch is non-infringing, that isn't really relevant to this discussion). Apple is going after iCommune because it's software and Apple considers it's APIs to be for hardware only. Basically, Apple is trying to maintain an iron grip on the Mac user experience despite what the users are clearly showing they want.
Apple has always done this, and I have always thought it was stupid. This is merely the latest incarnation of what I have always considered to be Apples self-defeating policies.
I have no problem with a confidentiality agreement, but a Non-Compete clause is pretty onerous, IMO. I understand the reasons behind it, but I think accepting it is basically agreeing to take it you-know-where, especially in the current job market where employers can afford to be extremely picky. In many cases they will only hire people with experience in the particular technology or application they're working on, so it's entirely possible that a Non-Compete clause would make you effectively unhirable if you were to be laid off for whatever reason, something which is also unfortunately likely given the current economic situation.
I think a reasonable compromise would be that the Non-Compete clause should be voided if you are laid off, with maybe some added details like it wouldn't be voided if you were fired for a good reason, like mooning investors or punching your boss or something like that.
That's the thing I would push for, but there may be other things depending on the specific wording of the contract.
That said, I wouldn't have a problem with a straight Non-Compete if the contract also stipulated a severance package that would cover me for the Non-Compete period.
The important thing to remember is that they can't force you to sign the contract. If they say they will fire you if you don't, then that is duress, which will make the contract very easy to get out of if you do sign it, and gives you an opening to sue them if you don't sign it and they fire you.
In short, make sure there's something in it for you, and if you do decide to let them screw you, make sure you are adequately compensated for it.
Tampering with your odometer is not illegal. It is illegal to misrepresent the mileage of a vehicle you are trying to sell, and that is really the only reason why anyone would tamper with their odometer, but the tampering itself is not illegal.
For a company like Apple, preventing it's customers from having what they clearly want is stupid.
More to the point, iTunes is a major selling point for the Mac, and not allowing users to take advantage of the APIs to extend iTunes to be more useful to them is stupid.
Further, since iCommune wasn't developed by Apple, it would be a tenuous legal arguement at best to make them responsible for it. I seriously doubt that Apple was ever in any actualy legal danger because of iCommune.
It's only breech of contract if there is an actual contract the developer agreed to before using the API. If you read the parent again, you'll see that is the central question.
If the developer didn't have to agree specifically to a contract before using the SDK, there is no contract.
If the developer didn't use the SDK, but rather reverse-engineered the API using his own tools, there is no contract.
Without a contract, Apple doesn't have a leg to stand on.
I bought a nice new car that I saw at the dealership down the block, and when I tried to install a better stereo in it the bastards called the police on me.
The comment had nothing to getting stuff for free, but rather with the right to use something which you have legitimately obtained in a manner of your own choosing.
Or it may be that they make an OS that works and every product they make is pleasing to the eye as well as fun to use. Couldn't be that could it though?
Be careful about stating your opinions as fact. I personally think Macs fill the broad aesthetic range between Silly and Irritating, and I have generally found MacOS frustrating to use when it works, which is not nearly as often as the Mac-heads would have you believe, and nearly impossible when it doesn't.
So they don't want their product to be turned into a new kazaa via a plugin to their product. It is their right.
You are correct, but it's still stupid. But then, Apple has always been about limiting what the user can do. That's what they really mean by "user friendly", isn't it?
Some other responses have mentioned video, but let me add some real numbers to that. I'm a technician doing customer service repair on storage systems for high end digital video production systems.
One of our high end systems uses 10 73GB drives. Yes I know that there are bigger drives out there, but for video bandwidth, and therefore rotation speed, is very important, as is stability. Tons of storage space is pretty meaningless if there are hiccups in your video stream.
Anyway, these are arranged in 2 RAID-3 LUNs, which basically means 8 drives for storage and 2 drives for parity (error-correction). That gives 584GB of storage, which translates into just under 25 hours of high quality standard definition (NTSC) compressed (MPEG-2) video with stereo sound. How's that for eating up storage?
At the moment I don't deal with HDTV, but I would estimate of the cuff that HD would cut that space down to the 8-10 hour range. Even though my company now offers a solution based on 181G drives (for about 1.5TB of storage!) that only brings that up to around 24 hours worth, which really isn't much when you consider that for many productions one hour of source material for 2 minutes of final product is considered a pretty good ratio. That means that 1.5TB could be eaten up with just the source material for a single one hour show!
If your friends say they are moving back to MS Windows, try to find out why, and whether they'd prefer a Linux distribution that you can help them with more, if you are willing and have time, or see if someone else can help mentor them for a while.
The most often given reason is games, although with id supporting Linux and UT2003 shipping with Linux support in the box (which I am loving, although it beats the hell out of my 2 year old hardware) I think that will be less of an issue in the future.
Thats the only solid reason I've been given, and it's closely followed by the sort of nebulous Linux bashing you see on/., "Linux is a toy, not for serious work" and "Linux isn't ready for the desktop".
I have to say though that IRC is the last place I would send someone for help, mostly because of the maturity level I've encountered on IRC. If I can't answer a question myself I can usually find the answer through google, and I'm always willing to do that. On the rare occasions that I can't find it comp.os.linux is the best place I've found to get answers.
Policy (in terms of mechanics, not politics) is all-important, and I just like that with Debian. Similarly SuSE during the year I used it was a very solid, sturdy distro, with none of the hidden agonies I noticed with Mandrake and Red Hat.
You may be on to something there.
To be honest, I have found one hidden agony with SuSE: wheel mice. Why in the name of all that is holy YaST can't put a simple ZAxisMapping line in XF86Config I will never know. However, that being the only headache I've had with it is saying something. Still though, it's so simple...
Think it's because the installation process is to easy.
I don't think that's it. SuSE is also ludicrously easy to install and update (in fact, that's the main reason I haven't bothered to try any other distros, I'm just to used to having YaST).
Anyway, if being easy to install were the issue I think I would see an equal amount of attrition with SuSE.
The key is to hold those who crack systems accountable for their actions
We already do that, and have done so for years. It doesn't seem to be working, and the primary reason for this is because there are too many unsecured systems available to perpetuate these attacks. Any real solution to the problem has to take that into account and provide motivation to the owners of those unsecured systems to take appropriate precautions.
Notice that i said "unsecured", not "insecure". Like most things in Common Law, intent is very important here.
and to educate victims about how to better secure their systems.
How much more do we need? Every time theres a major virus going around I see a report on the evening news, and by the time it gets that big there is generally no shortage of information available about the virus and how to defend against it. I can't remember the last time there was a major virus that wasn't exploiting a hole for which a patch had been available for months.
Clearly education alone is not enough, the "victims" need to have a reason to pay attention, or all the education in the world isn't going to do a bit of good (you know, kind of like now).
Those users unwilling or unable to secure their systems should pay third parties to secure their systems for them.
Why? Think about that from this hypothetical users perspective. They've managed to get the machine up and running and serving pages on their own, what motivation do they have to go to the added expense?
Right now there is no motivation other than the desire to be a "good netizen". Most people don't have that desire at all. Go ahead and take an informal poll next time your walking down the street. Ask how many people are willing to pay even for an antivirus subscription. I think you'll be unpleasantly surprised.
Stupidity should be painful. If leaving your system wide open makes you liable for negligence, then I would say that is effective motivation to either learn something about security or pay someone else to take care of it for you.
Slashdot Mirror
0 is true, everything else is false. It makes sense to do it that way; if a function completes successfully it doesn't really matter how it does it, but it can fail in any number of ways and it's important to know which one.
Wasn't this uttered by a PR rep?
The Road Ahead is a book supposedly written by Bill Gates.
It's only a lost cause if you're careless with your email address. My primary email has been active for almost 3 years now, and is relatively SPAM free. Almost all of the bulk mail I get is opt-in stuff I signed up for. And if you're curious, yes it is the email above.
I also have an alternate email address (from a former employer that never bothered to shut it off) that I use whenever I'm signing up for something I think is questionable (online merchants I haven't dealt with before, ebay, paypal, USENET, etc). It's been active for almost 2 years (one month to go) and is still perfectly usable, getting maybe 5 SPAMs a day.
Note that neither of these are typical "throw away" email addresses. Note also that I'm not going to any great lengths to keep either of them secret. You may be right in that it's a losing battle to try and keep a Hotmail or Yahoo address SPAM free, but for a real email address the only reason you should expect it to be overrun with SPAM is if you are exceptionally careless or stupid with it.
Discriminatory licensing is perfectly legal for patents.
Also, IBM sells Unix (AIX). Linux is merely like Unix.
I've read a few of her books now (Dragonslayer, Lady's of Mandrygin, and another that I can't think of the title at the moment) and I've been really impressed.
Open the Recycle Bin and start browsing...
grep? What good would a text-searching utility do here? "Hasn't anyone heard of dd" refers to the write-files-or-binary-patterns-here utility which can be used to overwrite the 'secret' data this article refers to.
Well, a text search of the slashdot archive for "MIT grad students buying old hard drives on Ebay" or something similar might have revealed that this story has already been posted.
Unless, of course, Taco dd'ed over the archive...
If I were in your shoes I would go with VB.NET. With .NET VB finally became a real language. I still don't like using it, but I have to give it some grudging respect.
A trusted machine is one that conforms to a certification process. You don't define the certification, the remote service requires it of you. So using your metaphor, the hammer that kills someone is not in your control, you just swing it as per instructions.
The point of my metaphor is that TPM is just a tool, like a hammer. It has beneficial uses and harmful uses, and which use it is put to is not up to the tool. In the event the TPM is used to lock out certain OSs it makes no sense to blame TPM or even TCPA, the blame rests squarly on the issuer of the certificate. Most likely that would be MS, but it could just as easily be RH as I attempted to point out.
I can change software, those tiny silicon transitors are a damn site harder. But yes I agree they could do the useful stuff in software - there is no need for this stuff.
You're right, there isn't strictly a need for this. However, it would be really useful to me if I could put really strong crypto (say 2048 bit) on an ssh connection to a server I'm responsible for without bringing that server, or my home computer, to it's knees processing the encryption algorythms. It would also be really nice if there were a way to limit what machines my server would accept connections from specific remote machines. Since I can't do that currently, I err on the side of caution and leave no possibility for remote administartion.
Please read the bills before Congress, particular the "DRM in all devices" bill. To be paranoid I have to *suspect* something that is not true, not *read* something that is true.
There are no bills before Congress. Congress is not currently in session, and any bills which were undecided upon at the close of the last session are now gone, and will have to be reintroduced to the next session, which is unlikely considering the backlash against the Hollings bill, the fact that Hollings is no longer in the same position of power he was in which would have enabled him to push the bill through comittee, and the fact that the RIAA has stated that it no longer seeks such legislation.Based on that evidence I think it's quite reasonable to say that the threat no longer exists, therefore you are paranoid.
That said, though, the statement that was in response to had nothing to do with DRM.
I have access to all of Stephen King's ideas, since he publishes them in an easy-to-read and often easy-to-carry format, and yet when it comes to book writing he has a considerable advantage over me.
No, you don't have access to all his ideas, and that is one of the reasons he has considerable advantage over you. You only have access to the ideas he's finished with and decided to publish.
Software, OTOH, is generally a living document. AMI isn't finished with their BIOS idea, so it makes no sense for them, as a business which depends on their BIOS code for income, to give their competition a leg up by opening their source.
Your analogy only works for software thats "finished", meaning it's no longer being developed.
"Is it (will it be) possible to use TCPA to effectively lock-out certain operating evironments from various services (software, media, etc) solely because the operating environment is not backed by a company, and has no mechanism for paying certification fees and licenses"
The answer to this is yes, if you can't pay the fees, you don't get the certificate, so you're not trusted.
That has nothing to do with him or AMI or TCPA. Obviously MS could use TCPA with Palladium in such a way that it would lock out anyone not running Windows. Guess what, Red Hat could do the same thing. What part of "TCPA is an open spec" did you not understand?
TPM is just a tool, like a hammer. If I kill someone with a hammer, does the blame go to the hammer? No, the blame goes to me, the one who decided to use the hammer that way.
"While somebody could write a DRM application using the TPM, they could also write one without it. "
If they wrote it without TPM then it would be hacked, so TPM is pretty much a pre-requisite.
So what he said is true, but yet not true.
If they wrote it with TPM it could still be hacked. TPM is just a peice of hardware that is optomized for crypto, it doesn't do anything that can't already be done (albeit a lot slower) in software.
"18. Does the TCPA support open source systems?
Yes. The ability to use the TPM functionality is available to all developers of software"
Sure, if you remove anything the thought police object to.
There are people who can help you with these paranoid delusions you seem to be suffering. I suggest you look into it.
Apple APIs are developed and controlled by Apple. A person / group /company which uses those APIs and distributes software based off them must agree to their terms of use. If they violate those terms of use, and Apple does nothing, Apple is more or less legaly aproving the new use. By Approving, Apple opens themselves up to litigation.
In otherwords, Apple's own terms of use opens them up to litigation if they don't squash projects like iCommune. Like I said: stupid.
However, that isn't really my criticism of Apple, which I think is neatly summarized thusly:
Apple: "Here's a nifty Software Developement Kit, bit you can't use it to develope software."
THAT is what I'm saying is stupid. The fact is that Apple isn't going after iCommune because it's a p2p app. I wouldn't really have a problem with that, as I don't support piracy (never mind that the specific itch iCommune was developed to scratch is non-infringing, that isn't really relevant to this discussion). Apple is going after iCommune because it's software and Apple considers it's APIs to be for hardware only. Basically, Apple is trying to maintain an iron grip on the Mac user experience despite what the users are clearly showing they want.
Apple has always done this, and I have always thought it was stupid. This is merely the latest incarnation of what I have always considered to be Apples self-defeating policies.
I have no problem with a confidentiality agreement, but a Non-Compete clause is pretty onerous, IMO. I understand the reasons behind it, but I think accepting it is basically agreeing to take it you-know-where, especially in the current job market where employers can afford to be extremely picky. In many cases they will only hire people with experience in the particular technology or application they're working on, so it's entirely possible that a Non-Compete clause would make you effectively unhirable if you were to be laid off for whatever reason, something which is also unfortunately likely given the current economic situation.
I think a reasonable compromise would be that the Non-Compete clause should be voided if you are laid off, with maybe some added details like it wouldn't be voided if you were fired for a good reason, like mooning investors or punching your boss or something like that.
That's the thing I would push for, but there may be other things depending on the specific wording of the contract.
That said, I wouldn't have a problem with a straight Non-Compete if the contract also stipulated a severance package that would cover me for the Non-Compete period.
The important thing to remember is that they can't force you to sign the contract. If they say they will fire you if you don't, then that is duress, which will make the contract very easy to get out of if you do sign it, and gives you an opening to sue them if you don't sign it and they fire you.
In short, make sure there's something in it for you, and if you do decide to let them screw you, make sure you are adequately compensated for it.
Tampering with your odometer is not illegal. It is illegal to misrepresent the mileage of a vehicle you are trying to sell, and that is really the only reason why anyone would tamper with their odometer, but the tampering itself is not illegal.
For a company like Apple, preventing it's customers from having what they clearly want is stupid.
More to the point, iTunes is a major selling point for the Mac, and not allowing users to take advantage of the APIs to extend iTunes to be more useful to them is stupid.
Further, since iCommune wasn't developed by Apple, it would be a tenuous legal arguement at best to make them responsible for it. I seriously doubt that Apple was ever in any actualy legal danger because of iCommune.
Regardless, their API policy is still stupid.
I see it a little differently:
If there isn't such a clause Apple is wrong.
If there is such a clause Apple is stupid[1].
Either way Apple-bashing is appropriate.
[1] "Here's a nifty Software Developement Kit, but you can't use it to develope software!"
It's only breech of contract if there is an actual contract the developer agreed to before using the API. If you read the parent again, you'll see that is the central question.
If the developer didn't have to agree specifically to a contract before using the SDK, there is no contract.
If the developer didn't use the SDK, but rather reverse-engineered the API using his own tools, there is no contract.
Without a contract, Apple doesn't have a leg to stand on.
Are you free to do whatever you want with other people's stuff? Um... no. That's the beginning and the end of the discussion, guys.
I'm free to do whatever I want with my stuff, which I have legally obtained.
And because Apple created it, they have the right to tell you not to do that with it.
So because O'Reilly published "Unix in a Nutshell" they have a right to prevent me from writing in the margins of the copy I bought?
A more appropriate analogy would be:
I bought a nice new car that I saw at the dealership down the block, and when I tried to install a better stereo in it the bastards called the police on me.
The comment had nothing to getting stuff for free, but rather with the right to use something which you have legitimately obtained in a manner of your own choosing.
Or it may be that they make an OS that works and every product they make is pleasing to the eye as well as fun to use. Couldn't be that could it though?
Be careful about stating your opinions as fact. I personally think Macs fill the broad aesthetic range between Silly and Irritating, and I have generally found MacOS frustrating to use when it works, which is not nearly as often as the Mac-heads would have you believe, and nearly impossible when it doesn't.
So they don't want their product to be turned into a new kazaa via a plugin to their product. It is their right.
You are correct, but it's still stupid. But then, Apple has always been about limiting what the user can do. That's what they really mean by "user friendly", isn't it?
Some other responses have mentioned video, but let me add some real numbers to that. I'm a technician doing customer service repair on storage systems for high end digital video production systems.
One of our high end systems uses 10 73GB drives. Yes I know that there are bigger drives out there, but for video bandwidth, and therefore rotation speed, is very important, as is stability. Tons of storage space is pretty meaningless if there are hiccups in your video stream.
Anyway, these are arranged in 2 RAID-3 LUNs, which basically means 8 drives for storage and 2 drives for parity (error-correction). That gives 584GB of storage, which translates into just under 25 hours of high quality standard definition (NTSC) compressed (MPEG-2) video with stereo sound. How's that for eating up storage?
At the moment I don't deal with HDTV, but I would estimate of the cuff that HD would cut that space down to the 8-10 hour range. Even though my company now offers a solution based on 181G drives (for about 1.5TB of storage!) that only brings that up to around 24 hours worth, which really isn't much when you consider that for many productions one hour of source material for 2 minutes of final product is considered a pretty good ratio. That means that 1.5TB could be eaten up with just the source material for a single one hour show!
If your friends say they are moving back to MS Windows, try to find out why, and whether they'd prefer a Linux distribution that you can help them with more, if you are willing and have time, or see if someone else can help mentor them for a while.
/., "Linux is a toy, not for serious work" and "Linux isn't ready for the desktop".
The most often given reason is games, although with id supporting Linux and UT2003 shipping with Linux support in the box (which I am loving, although it beats the hell out of my 2 year old hardware) I think that will be less of an issue in the future.
Thats the only solid reason I've been given, and it's closely followed by the sort of nebulous Linux bashing you see on
I have to say though that IRC is the last place I would send someone for help, mostly because of the maturity level I've encountered on IRC. If I can't answer a question myself I can usually find the answer through google, and I'm always willing to do that. On the rare occasions that I can't find it comp.os.linux is the best place I've found to get answers.
Policy (in terms of mechanics, not politics) is all-important, and I just like that with Debian. Similarly SuSE during the year I used it was a very solid, sturdy distro, with none of the hidden agonies I noticed with Mandrake and Red Hat.
You may be on to something there.
To be honest, I have found one hidden agony with SuSE: wheel mice. Why in the name of all that is holy YaST can't put a simple ZAxisMapping line in XF86Config I will never know. However, that being the only headache I've had with it is saying something. Still though, it's so simple...
Think it's because the installation process is to easy.
I don't think that's it. SuSE is also ludicrously easy to install and update (in fact, that's the main reason I haven't bothered to try any other distros, I'm just to used to having YaST).
Anyway, if being easy to install were the issue I think I would see an equal amount of attrition with SuSE.
The key is to hold those who crack systems accountable for their actions
We already do that, and have done so for years. It doesn't seem to be working, and the primary reason for this is because there are too many unsecured systems available to perpetuate these attacks. Any real solution to the problem has to take that into account and provide motivation to the owners of those unsecured systems to take appropriate precautions.
Notice that i said "unsecured", not "insecure". Like most things in Common Law, intent is very important here.
and to educate victims about how to better secure their systems.
How much more do we need? Every time theres a major virus going around I see a report on the evening news, and by the time it gets that big there is generally no shortage of information available about the virus and how to defend against it. I can't remember the last time there was a major virus that wasn't exploiting a hole for which a patch had been available for months.
Clearly education alone is not enough, the "victims" need to have a reason to pay attention, or all the education in the world isn't going to do a bit of good (you know, kind of like now).
Those users unwilling or unable to secure their systems should pay third parties to secure their systems for them.
Why? Think about that from this hypothetical users perspective. They've managed to get the machine up and running and serving pages on their own, what motivation do they have to go to the added expense?
Right now there is no motivation other than the desire to be a "good netizen". Most people don't have that desire at all. Go ahead and take an informal poll next time your walking down the street. Ask how many people are willing to pay even for an antivirus subscription. I think you'll be unpleasantly surprised.
Stupidity should be painful. If leaving your system wide open makes you liable for negligence, then I would say that is effective motivation to either learn something about security or pay someone else to take care of it for you.