> The impression I got from a BusinessWeek article (cover story, "Inside Napster") was that the former CEO was extrememly antagonistic toward the RIAA when they suggested some kind of fee-structure.
I see what you mean, but what I was envisioning was something more along the lines of "we scratch your back and you scratch ours." Much like the RIAA's associations with Viacomm (MTV) and various radio conglomerations. Obviously Napster would be hostile to something that would charge the *users*, but if for instance they hit upon a deal with the RIAA for mutual advertising, that could get interesting. Of course, I don't think the RIAA could even *concieve* of a scheme where people weren't actually paying money for each song, so in the meantime we will get these silly legal battles.
Actually, it's not so clear cut as that. The people using Napster are obviously violating copyright laws, yes, but does that mean that Napster is? Personally, I think it is in extremely bad taste to try to make money off of widespread copyright violation, but it is happening around the country with mp3 players and various services.
More obviously, in my eyes, is the fact that it is absolutely idiotic of the RIAA to bother trying to stamp out Napster. They should have tried to cut a deal with them a long time ago, I could easily envision a symbiotic relationship between the two, with all the advertising and glitz and shiny things of EmptyV. They could both stand to make some serious money out of such a relationship.
It seems that the RIAA is too control-hungry to even consider such a tactic; the mere *thought* of people being able to download any song at any time without having to pay anything sends them into conniptions(sp). They are stuck to this business model. I think it will eventually kill them, because it has been proven time and time again that it is very difficult to stop information from proliferating. Maybe they will learn.
I'm sure that by now there are thousands (well, dozens, at least) of reasons being put forth by Slashdotters as to why the XBox won't kill PC games. Here are mine:
1. User interface. Have you ever tried playing the Nintendo 64 version of Starcraft? Don't bother, it ain't worth it. Moving a cursor aruond on a screen without a mouse just plain sucks. Sure, when you're going the route of having *every* game be either Driving, Fighting, or Sports, then yes, a console might make sense. The Shoot'em'ups that come out on consoles generally suck compared to the ones on PCs, too, because the user interface sucks. Have you ever tried playing a FPS game that has 2 axis control over the character on a console (Like Quake3, Unreal Tournament and Half Life)? Neither have I, because they don't exist.
2. Screen resolution. TVs suck. Get used to it. They support something like 800x600 resolution, MAX. Try using WebTV sometime, you will laugh, or cry, depending on whether you have to actually get anything done or not. Games on a TV will never look as nice as games on a PC, and you won't be able to put as much information on the screen at one time.
3. Internet connection. Sure, the Dreamcast has a modem; but anyone who has tried to play any serious and fast paced multiplayer game over the internet with a MODEM has cried almost as much as I have. The number of games that realistically support modem connections for multiplayer games is quickly dwindling, and I think they will be a thing of the past as soon as next year. DSL and Cable (and T1/T3 if you are actually targetting college students) are necessary for new multiplayer games to work properly. If developers do not support this for the console, it will die.
That's all I can put into nice and even points, and I'm sure that others have said some of the same things, but that's the way it will be until the designers can overcome those three problems.
Well, I know I'm preaching to the choir, but here goes.
In any *nix system, the only people who have the potential to actually "screw around" with the operating system are the ones who have superuser access. In order to use the source code of an OS to change something, you have to recompile the program. and in order to install it anywhere meaningful, you have to be root. And believe me, if someone has superuser access, they don't need the froiking source code to mess things up royally. The article is being just plain silly to give Peter Firstbrook credence. He obviously isn't very well versed with Unix security.
Watch me mess things up in NT 5.0 or HP-UX with administrator/root access. It takes less than a minute to completely cripple a system or even to install trojanned binaries. Some people are knumbskulls.
Good point about the screen resolution of the web browser. I hadn't really been thinking in terms of just using it for little tasks. I would still prefer being able to read the entire page without having to scroll (I'm just remembering browsing the internet on a cell phone and how annoying it was to have one word per line).
Although the keyboard on the blackberry linked to in the above comment looks clever, I still don't think that I'd like it very much, and for writing more than a couple lines it would be more trouble than it's worth to me. I have the same feelings about graffiti, it's just a pain in the butt to have to write for 5 minutes to get out a 3 line email.
If you're like me, a 1280x1024 desktop resolution is not enough. I can deal with 1024x768 on a laptop, but I don't like it. The problem is that there are major space limitations for products of that kind.
I believe that a certain amount of convergence is practical and even desireable. However, some things just don't *want* to be converged. This is why i think the "Pocket PCs" are somewhat silly. Even if they ran a decent OS, many of their capabilities don't make much sense. Why would I want to use an AIM program where I had to type each letter on an onscreen keyboard? Why would I use a web browser that had a maximum screenres of 180x100 (or thereabouts)?
Sure, you can get a lot done with virtual displays on semi-VR goggles, but would you want to do that while sitting on the subway? (Hello, I'm a tool). The keyboard issue is no small one, either, you can either use a detatchable keyboard that folds or what have you, which while being cool and all still makes it so you have to set up your "PDA" as a laptop. Or we could use a virtual keyboard with VR gloves, which while being cool just plain doesn't exist and won't for a while now.
I have no problem converging PDAs with phones and pagers, but to make them try to do more would make them unuseable for the things you really need them for. I think, at least at the current state of the art, there should be a line between "PCs" and PDAs/Communication devices.
Although I agree with the spirit of the above comment, I must say that the MPAA does have an obligation to try to stop every version of the code.
The problem is that CSS is a Trade Secret. What this means is that it is an essential part of their business that no one else is allowed to use. That sounds very similar to a patent, except in one very pertinent area: a patent is registered, and enters public domain after a certain amount of time.
The legal ramifications are that when you have a trade secret, you have responsibility for protecting it. Once someone reverse-engineers it out of your product, the cat is out of the bag (and many other cliches), even in a legal sense. If the reverse-engineering was legal and legitimate, the trade secret is no longer.
The one *huge* weakness that PCs have is their bandwidth and internal bus speeds. They have the processing now, yes, but the problem is actually moving the information.
Of course, price is also an object, so that's why PCs usually win. As for comparing an IBM S/390 to a dual proc Alpha server; it's kind of like trying to compare an oil tanker with a waterskiing boat. It's just not fair to either one to compare them.
Oh I see, so that's why products that have their security bugs hidden are so much more secure than ones that have the bugs (and code) open to the world!! I get it!
Where is his proof in saying that disclosing bugs does not make for better security? I/We have a lot of proof to the contrary. OpenBSD. Linux (yes, I know most *nix types scoff at Linux "security", but compare it to NT/2000 in a corporate environment, with all those Outlook holes, etc., etc. ad infinitum). Sendmail. Even WuFTP for chrissake. I mean it has had bugs in the past, hell I even got root compromised because I fell asleep for one of them, but the problems get FIXED. That way, a SysAdmin who's on top of things can actually keep his system *secure*. Talk to some NT admins sometime, and hear them bitch about being forced to run Outlook on all their systems, even though tere are *known* exploits with *serious* depth. I would *much* prefer to live in a world, and run a network in a world, that has the bugs exploited, posted and fixed. And that's all I have to say about that.
One of the most interesting parts of the article that I saw was the part dealing with the SysAdmin having responsibility or at least partial responsibility for things that his computer does after a compromise.
All in all, this looks to be the equivalent of a Processing Crackers HOWTO, for either Law Enforcement or for corporations.
One of the problems I have with this article, is that it outlines all the different laws applicable where either the District Attourney or the corporation can prosecute, but it only goes very briefly or not at all into how a SysAdmin can actually stop these attacks.
All of these attacks can be stopped if the sysadmin is doing his job correctly. Especially if the sysadmin can be held legally responsible for attacks mounted from his system, he MUST keep on top of these things.
Obviously the article is meant to focus on the legal issues, and it can be a useful resource for someone who has already been compromised. But I know that whenever *I* as a sysadmin have a successful attack performed against *my* system, I am grateful for the heads up. Unless there is *real* and measurable damage (for instance stealing all the users' credit card numbers, etc) I do not believe in prosecuting the "hacker". YMMV.
I think the most important points this article makes are as follows:
"Vendors need to make hardening scripts available (or support existing ones like Bastille Linux), and tell the users to use them--something like the default email that OpenBSD sends to root after a new install, telling root to read "man afterboot.""
"Vendors need to turn stuff off and make users enable it, or, during install, make users aware of what they are doing (similar to SuSE's "Do you really want to turn inetd on?"). "
On my first entry into Linux, I installed Caldera's OpenLinux 2.3. The reason for this is that I had done some research and found that it was the only distribution at the time that autodetected the Voodoo3 video card I was using. I ran it for a while and was very happy, some annoying problems in that most software and drivers released for linux are now designed for RedHat, so the files that they looked for were in the wrong place. So I had to make a lot of symlinks, etc. Big deal, standard linux installation garbage that everyone has to deal with.
Then my box got root compromised. The cracker/script kiddie had used one of many buffer overflow 'sploits, along with a RootKit to get on my system and hide his tracks. The way I found out was that I chose to use a graphical login, which displayed as icons all user accounts (which i believe RedHat did not have at the time. the root exploit script the cracker used was designed for redhat). I found out that many of my files had been trojanned, and that I was basically going to have to wipe the drive and start over.
Now the problem is that Caldera and most other distros automatically leave all services on. This includes the infamous wu-ftp daemon, among others known to have security issues. If there were a simple dialog at install about which services the user wanted enabled and which disabled, I think the linux market as a whole would be much more secure. But then, now I know, and knowing is half the battle.
---------
200MHz FSB...Everything is going according to plan
on
Intel Reacts to AMD
·
· Score: 5
Hmm... It may not be in Intel's best interest to introduce a new processor with a 200 MHz FSB to counter an AMD proc. Until this point, the AMD chips have been competing at lobotomized speeds with respect to how fast the processor gets to talk to the RAM. Once they can actually get the PC200 SDRAM that is bound to come out with the release of a new Intel processor at that speed, they will also recieve a large performance increase. Will the.13 micron die size of the new intel chips be enough to counter? Especially now that the Athlons have an L2 cache that runs at full proc speed, and a LARGER L1 cache
It doesn't seem like Intel is having a good time right now, or will be any time in the future. Anyone care to speculate on what kind of processor AMD will develop by the time Intel actually releases Willamette? I was thinking that Intel would break away with the new Willamette chips because they'd be undeniably faster, but now that they're delaying them again... AMD must be seeing Sugar Plum Faeries.
First of all, the idea that a phonetic "equivalent" of a trademark or copyright can have the same value of the copyright is patently absurd. If I were in South Carolina and registered the domain name mahkrowsowft.com, would I be infringing on a trademark? Egad.
Secondly, let us assume for a moment that for some reason there is a legal precedent for a phonetic equivalent being trademark violation (now we have to say "Tee Em" after stating the name of a major corporation). The nasal fricative at the end of "Corinthiao" is MOST CERTAINLY NOT the same as an "N".
The nasal sound at the end of "Corinthiao" is a velar nasal. An "N" is an alveolar nasal. This may not sound like a big difference. It is the same as the difference between calling a boy a "Little tyke" ("T" is an alveolar stop) and calling him a "Little kike" ("K" is a velar stop).
Finally! Someone else knows where I'm coming from!
I've been using these damn carrier piqeons to connect to the net, and there's a line of packets streaming outside of my door and down the stairs!
Ever since I taught those birds TCP/IP they've been nothing but trouble. I guess I shouldn't have listened to that guy in the alley who wanted me to trade him my cable modem for some pigeons. Damn militant luddite insurgents, these kinds of terrorist acts shall not stand!
Sir! I'm getting a transmission from sector 9... "preparing to transmit coordinates for artillery bombardment... transmit. Wait, no! A blue screen of death! Sir, I suspect they're using the force.. fall back, fall back! ------
This will last for about a week unless two things happen:
1. They come up with a payment scheme that doesn't suck. I mean, are people really going to pay like 5 bucks to download a movie that they can watch once, in most cases on a crappy comptuer monitor? I'm thinking like a buck a dowload would work. How much overhead is there really anyway, especially with allt he advertising payouts of a heavy-hits website?
2. They use an ecryption scheme that doesn't suck. This is much less likely. For some reason content providers have not been able to understand encryption for the life of them. They should take a lesson from banks and use already existing standards. if they really want us to only be able to watch once, they are sorely mistaken and should think about the reality of things. If I can *see* it I can *record* it. Now repeat after me...
Is the Internet really promoting short attention spans and mindless adherance to sex, violence and other mind-polluting activites? Or is it merely paying lip service to those pursuits while underneath the mainstream (www.SEXXYY.com, etc)a new sort of culture emerges?
Some (including it seems the Librarian of Congress) say that most parts of the internet cater solely to people wanting instant gratification and blood&boobs. Okay; take a look at the First Person Shoot-em-up scene that has recently been growing huge (finally) due to the prevalence of high-bandwidth connexions and good networking protocols. You do have your QuakeIII bloodbaths, with seeming chaos all around, but at the same time you have Clans getting together to practice tactics and maneuvers (I'm thinking more along the lines of various Half Life mods, TF and CS). It really is growing into a new sort of community where people get together to razz eachother over an exciting game. Not unlike an arcade, whichmost will agree is at least partially a good social setting. As bandwidth and network protocol prowess increases, we will see a rise of voice technology over gaming (already the fledglins like Roger Wilco and such are there), and maybe even one day video.
Who are we to say that communicating with someone over the net and gaming with them overthe net is any less valid a form of socialization than talking with them across a checkerboard on a Saturday afternoon? Sex and violence are prevalent everywhere in our society, so of course they will be prevalent in any new mediumn that comes around (porn videos were some of the first to hit wide distribution); but soon the medium will expand to include all parts of society rahter than just the flashy ones.
Well now, the whole bit about perfect copies isn't quite right, either. Most radio stations I know of that are now broadcasting on the internet are still using things like RealAudio and Liquid audio, which both do, I suppose, allow for a perfect copy to be made, but the cold reality is that most of them still have much worse quality than actual airwave broadcasts.
The reasons are bandwidth bottlnecks and compression.
Actually, if you go through the compression algorithm and the way the data is transmitted, you'll find that *everything* actually compresses. It just compresses much better when it's in a language which has definite patterns in character frequency.
In english, the characters that are easiest to compress are and 'e', among others, but with pages containing a lot of images, that character may become the equivalent of ALT + 154xxx. It will still compress, you are just likely to see better results when it is natural language that is being compressed (look at pkzip; it works better when it's all just text, but it will still compress things like images and executable files).
Hmm, I actually got a text transfer that didn't go instantly! This is kinda weird for me, it used to be that way back when I used a modem (although even that would have had to be 2400 baud or less to make this happen)
Still, it's kind of interesting that it happened, don't most web servers hold people in a queue and then process their entire requests all at once per person? What kind of server does advogato use?
Gigabit ethernet is great, expecially for distributed computing tasks (e.g. Beowulf, MS Wolfpack), but as far as I've seen, there are some steep entry costs.
Every good gigabit ethernet adapter I've seen takes a 64 bit PCI slot to connect to the motherboard. I have seen very few motherboards, mostly Xeon and Alpha oriented, that have 64 bit slots. Not only that, but in any network size larger than 4 systems or so (which is pretty silly to be using that much bandwidth with anyway), you need a switch to give you the advantages of speed. Check any networking catalogue you like, but I sure haven't seen any plain old hubs that supoort 1000Mb/s.
So you need a switch, and you need 64 bit PCI. This is not stuff to be using on your 1337 overclocked dual celery 466 system that is maxed out to the gills. Gigabit ethernet still requires hardware that puts it in the "Professional Use Only" catagory. Hopefully sometime soon the entrance costs will be less prohibitive, but untilthen, I'll stick with my 100Mb/s ethernet with adapters for $25 a pop and hubs for $50. --------
When I first heard abot NetZero I thought that it was a good idea that would probably end up sucking. I also had no use for it because I already connect via a MediaOne Roadrunner cable modem (the Boston area is always one of the first for things like that:)).
Then one day at work I wanted to connect (I work at a computer retailer with phonelines but no ISP). I tried AOL, using a borrowed account from a friend, but it was annoying getting spam just for existing, and it wouldn't have been worth it if I had been paying the bill for the account. So then I tried netzero. It takes a little while to download all the updates, etc., but once you've gotten through the mess it's actually adecent ISP. You have to put up with a small add window, which if you are running 1024x768 should not be a problem at all. The speeds I get are actually better tan the speeds I got with AOL, which is not to say blazing, but respectable nontheless. I believe that NetZero has decent PoP presence throughout the country.
The only problem with this stuff, AOL and NetZero, is that you need windows to connect, because they use proprietary software.
If you want to connect with linux, I might recommend AT&T worldnet, with whom I've had a pretty good experience as well, and who also has decent PoP coverage. I've also heard that Earthlink is decent, but I've had no real experience. They both cost some money, but that's what you have to put up with if you're a linux junky.
I've been running SuSE for a while, and while I will heartily agree that for the linux veteran it is by far the best distro, including hundreds of applications that most other distrobutions don't even think of, for the newbie it can be very difficult. My roommate installed it in his system recently and illustrated some of the problems.
1. Yast2 pretty much sucks. A GUI install tool is nice, and I've seen it done well (as in Caldera), but the SuSE one holds your hand in the wrong places and glosses over the wrong places. Plus, the first time he ran it it blew up in his face just for running the "Recommended" setup. Once you got further into the nitty gritty (like, *gasp*, naming the partition on which you want linux installed) it went fairly well.
2. Neither Yast2 nor my preferred Yast include any provision for sound. There are many sound cards now supported by the kernel, so it wouldn't even need to include commercial software like OSS to work for many people.
3. This isn't quite as big a deal, but the CDs are very difficult to browse. There is no real standard directory structure, so looking through the CD to find useful software becomes a bit of a chore (add to that the fact that there are *6* CDs in the latest version!...)
Beyond that, I've loved just about everything about SuSE; once it is installed it is truly a joy to run, and the wealth of useful applications and utilities is very nice.
I think this is a perfect step in the right direction. Red Hat and VA Linux should be using their IPO riches for pushing Linux (and service) at basic levels, like schools and small businesses. How many people do you know who wouln't deviate from their beloved Mac even when they were far from the best computing platform out there? This is largely because Apple pushed Macs in schools from the beginning and people got attatched. If students and teachers both learn to use Linux it will spread much faster.
Slashdot Mirror
I see what you mean, but what I was envisioning was something more along the lines of "we scratch your back and you scratch ours." Much like the RIAA's associations with Viacomm (MTV) and various radio conglomerations. Obviously Napster would be hostile to something that would charge the *users*, but if for instance they hit upon a deal with the RIAA for mutual advertising, that could get interesting. Of course, I don't think the RIAA could even *concieve* of a scheme where people weren't actually paying money for each song, so in the meantime we will get these silly legal battles.
Actually, it's not so clear cut as that. The people using Napster are obviously violating copyright laws, yes, but does that mean that Napster is? Personally, I think it is in extremely bad taste to try to make money off of widespread copyright violation, but it is happening around the country with mp3 players and various services.
More obviously, in my eyes, is the fact that it is absolutely idiotic of the RIAA to bother trying to stamp out Napster. They should have tried to cut a deal with them a long time ago, I could easily envision a symbiotic relationship between the two, with all the advertising and glitz and shiny things of EmptyV. They could both stand to make some serious money out of such a relationship.
It seems that the RIAA is too control-hungry to even consider such a tactic; the mere *thought* of people being able to download any song at any time without having to pay anything sends them into conniptions(sp). They are stuck to this business model. I think it will eventually kill them, because it has been proven time and time again that it is very difficult to stop information from proliferating. Maybe they will learn.
EthernalQuest is trying to censor me! Help, help, I'm being repressed!
1. User interface. Have you ever tried playing the Nintendo 64 version of Starcraft? Don't bother, it ain't worth it. Moving a cursor aruond on a screen without a mouse just plain sucks. Sure, when you're going the route of having *every* game be either Driving, Fighting, or Sports, then yes, a console might make sense. The Shoot'em'ups that come out on consoles generally suck compared to the ones on PCs, too, because the user interface sucks. Have you ever tried playing a FPS game that has 2 axis control over the character on a console (Like Quake3, Unreal Tournament and Half Life)? Neither have I, because they don't exist.
2. Screen resolution. TVs suck. Get used to it. They support something like 800x600 resolution, MAX. Try using WebTV sometime, you will laugh, or cry, depending on whether you have to actually get anything done or not. Games on a TV will never look as nice as games on a PC, and you won't be able to put as much information on the screen at one time.
3. Internet connection. Sure, the Dreamcast has a modem; but anyone who has tried to play any serious and fast paced multiplayer game over the internet with a MODEM has cried almost as much as I have. The number of games that realistically support modem connections for multiplayer games is quickly dwindling, and I think they will be a thing of the past as soon as next year. DSL and Cable (and T1/T3 if you are actually targetting college students) are necessary for new multiplayer games to work properly. If developers do not support this for the console, it will die.
That's all I can put into nice and even points, and I'm sure that others have said some of the same things, but that's the way it will be until the designers can overcome those three problems.
In any *nix system, the only people who have the potential to actually "screw around" with the operating system are the ones who have superuser access. In order to use the source code of an OS to change something, you have to recompile the program. and in order to install it anywhere meaningful, you have to be root. And believe me, if someone has superuser access, they don't need the froiking source code to mess things up royally. The article is being just plain silly to give Peter Firstbrook credence. He obviously isn't very well versed with Unix security.
Watch me mess things up in NT 5.0 or HP-UX with administrator/root access. It takes less than a minute to completely cripple a system or even to install trojanned binaries. Some people are knumbskulls.
But then, you already knew that.
Although the keyboard on the blackberry linked to in the above comment looks clever, I still don't think that I'd like it very much, and for writing more than a couple lines it would be more trouble than it's worth to me. I have the same feelings about graffiti, it's just a pain in the butt to have to write for 5 minutes to get out a 3 line email.
I believe that a certain amount of convergence is practical and even desireable. However, some things just don't *want* to be converged. This is why i think the "Pocket PCs" are somewhat silly. Even if they ran a decent OS, many of their capabilities don't make much sense. Why would I want to use an AIM program where I had to type each letter on an onscreen keyboard? Why would I use a web browser that had a maximum screenres of 180x100 (or thereabouts)?
Sure, you can get a lot done with virtual displays on semi-VR goggles, but would you want to do that while sitting on the subway? (Hello, I'm a tool). The keyboard issue is no small one, either, you can either use a detatchable keyboard that folds or what have you, which while being cool and all still makes it so you have to set up your "PDA" as a laptop. Or we could use a virtual keyboard with VR gloves, which while being cool just plain doesn't exist and won't for a while now.
I have no problem converging PDAs with phones and pagers, but to make them try to do more would make them unuseable for the things you really need them for. I think, at least at the current state of the art, there should be a line between "PCs" and PDAs/Communication devices.
The problem is that CSS is a Trade Secret. What this means is that it is an essential part of their business that no one else is allowed to use. That sounds very similar to a patent, except in one very pertinent area: a patent is registered, and enters public domain after a certain amount of time.
The legal ramifications are that when you have a trade secret, you have responsibility for protecting it. Once someone reverse-engineers it out of your product, the cat is out of the bag (and many other cliches), even in a legal sense. If the reverse-engineering was legal and legitimate, the trade secret is no longer.
This is one major reason that I oppose the DMCA.
Of course, price is also an object, so that's why PCs usually win. As for comparing an IBM S/390 to a dual proc Alpha server; it's kind of like trying to compare an oil tanker with a waterskiing boat. It's just not fair to either one to compare them.
Where is his proof in saying that disclosing bugs does not make for better security? I/We have a lot of proof to the contrary. OpenBSD. Linux (yes, I know most *nix types scoff at Linux "security", but compare it to NT/2000 in a corporate environment, with all those Outlook holes, etc., etc. ad infinitum). Sendmail. Even WuFTP for chrissake. I mean it has had bugs in the past, hell I even got root compromised because I fell asleep for one of them, but the problems get FIXED. That way, a SysAdmin who's on top of things can actually keep his system *secure*. Talk to some NT admins sometime, and hear them bitch about being forced to run Outlook on all their systems, even though tere are *known* exploits with *serious* depth. I would *much* prefer to live in a world, and run a network in a world, that has the bugs exploited, posted and fixed. And that's all I have to say about that.
All in all, this looks to be the equivalent of a Processing Crackers HOWTO, for either Law Enforcement or for corporations.
One of the problems I have with this article, is that it outlines all the different laws applicable where either the District Attourney or the corporation can prosecute, but it only goes very briefly or not at all into how a SysAdmin can actually stop these attacks.
All of these attacks can be stopped if the sysadmin is doing his job correctly. Especially if the sysadmin can be held legally responsible for attacks mounted from his system, he MUST keep on top of these things.
Obviously the article is meant to focus on the legal issues, and it can be a useful resource for someone who has already been compromised. But I know that whenever *I* as a sysadmin have a successful attack performed against *my* system, I am grateful for the heads up. Unless there is *real* and measurable damage (for instance stealing all the users' credit card numbers, etc) I do not believe in prosecuting the "hacker". YMMV.
------------
"Vendors need to make hardening scripts available (or support existing ones like Bastille Linux), and tell the users to use them--something like the default email that OpenBSD sends to root after a new install, telling root to read "man afterboot.""
"Vendors need to turn stuff off and make users enable it, or, during install, make users aware of what they are doing (similar to SuSE's "Do you really want to turn inetd on?"). "
On my first entry into Linux, I installed Caldera's OpenLinux 2.3. The reason for this is that I had done some research and found that it was the only distribution at the time that autodetected the Voodoo3 video card I was using. I ran it for a while and was very happy, some annoying problems in that most software and drivers released for linux are now designed for RedHat, so the files that they looked for were in the wrong place. So I had to make a lot of symlinks, etc. Big deal, standard linux installation garbage that everyone has to deal with.
Then my box got root compromised. The cracker/script kiddie had used one of many buffer overflow 'sploits, along with a RootKit to get on my system and hide his tracks. The way I found out was that I chose to use a graphical login, which displayed as icons all user accounts (which i believe RedHat did not have at the time. the root exploit script the cracker used was designed for redhat). I found out that many of my files had been trojanned, and that I was basically going to have to wipe the drive and start over.
Now the problem is that Caldera and most other distros automatically leave all services on. This includes the infamous wu-ftp daemon, among others known to have security issues. If there were a simple dialog at install about which services the user wanted enabled and which disabled, I think the linux market as a whole would be much more secure. But then, now I know, and knowing is half the battle.
---------
It doesn't seem like Intel is having a good time right now, or will be any time in the future. Anyone care to speculate on what kind of processor AMD will develop by the time Intel actually releases Willamette? I was thinking that Intel would break away with the new Willamette chips because they'd be undeniably faster, but now that they're delaying them again... AMD must be seeing Sugar Plum Faeries.
-----------
Secondly, let us assume for a moment that for some reason there is a legal precedent for a phonetic equivalent being trademark violation (now we have to say "Tee Em" after stating the name of a major corporation). The nasal fricative at the end of "Corinthiao" is MOST CERTAINLY NOT the same as an "N".
The nasal sound at the end of "Corinthiao" is a velar nasal. An "N" is an alveolar nasal. This may not sound like a big difference. It is the same as the difference between calling a boy a "Little tyke" ("T" is an alveolar stop) and calling him a "Little kike" ("K" is a velar stop).
---------
I've been using these damn carrier piqeons to connect to the net, and there's a line of packets streaming outside of my door and down the stairs!
Ever since I taught those birds TCP/IP they've been nothing but trouble. I guess I shouldn't have listened to that guy in the alley who wanted me to trade him my cable modem for some pigeons. Damn militant luddite insurgents, these kinds of terrorist acts shall not stand!
-----------
Sir! I'm getting a transmission from sector 9... "preparing to transmit coordinates for artillery bombardment... transmit. Wait, no! A blue screen of death! Sir, I suspect they're using the force.. fall back, fall back! ------
1. They come up with a payment scheme that doesn't suck. I mean, are people really going to pay like 5 bucks to download a movie that they can watch once, in most cases on a crappy comptuer monitor? I'm thinking like a buck a dowload would work. How much overhead is there really anyway, especially with allt he advertising payouts of a heavy-hits website?
2. They use an ecryption scheme that doesn't suck. This is much less likely. For some reason content providers have not been able to understand encryption for the life of them. They should take a lesson from banks and use already existing standards. if they really want us to only be able to watch once, they are sorely mistaken and should think about the reality of things. If I can *see* it I can *record* it. Now repeat after me...
------
Some (including it seems the Librarian of Congress) say that most parts of the internet cater solely to people wanting instant gratification and blood&boobs. Okay; take a look at the First Person Shoot-em-up scene that has recently been growing huge (finally) due to the prevalence of high-bandwidth connexions and good networking protocols. You do have your QuakeIII bloodbaths, with seeming chaos all around, but at the same time you have Clans getting together to practice tactics and maneuvers (I'm thinking more along the lines of various Half Life mods, TF and CS). It really is growing into a new sort of community where people get together to razz eachother over an exciting game. Not unlike an arcade, whichmost will agree is at least partially a good social setting. As bandwidth and network protocol prowess increases, we will see a rise of voice technology over gaming (already the fledglins like Roger Wilco and such are there), and maybe even one day video.
Who are we to say that communicating with someone over the net and gaming with them overthe net is any less valid a form of socialization than talking with them across a checkerboard on a Saturday afternoon? Sex and violence are prevalent everywhere in our society, so of course they will be prevalent in any new mediumn that comes around (porn videos were some of the first to hit wide distribution); but soon the medium will expand to include all parts of society rahter than just the flashy ones.
#end post, should always return NULL
---------
The reasons are bandwidth bottlnecks and compression.
-------
In english, the characters that are easiest to compress are and 'e', among others, but with pages containing a lot of images, that character may become the equivalent of ALT + 154xxx. It will still compress, you are just likely to see better results when it is natural language that is being compressed (look at pkzip; it works better when it's all just text, but it will still compress things like images and executable files).
Still, it's kind of interesting that it happened, don't most web servers hold people in a queue and then process their entire requests all at once per person? What kind of server does advogato use?
Interesting... ------
Every good gigabit ethernet adapter I've seen takes a 64 bit PCI slot to connect to the motherboard. I have seen very few motherboards, mostly Xeon and Alpha oriented, that have 64 bit slots. Not only that, but in any network size larger than 4 systems or so (which is pretty silly to be using that much bandwidth with anyway), you need a switch to give you the advantages of speed. Check any networking catalogue you like, but I sure haven't seen any plain old hubs that supoort 1000Mb/s.
So you need a switch, and you need 64 bit PCI. This is not stuff to be using on your 1337 overclocked dual celery 466 system that is maxed out to the gills. Gigabit ethernet still requires hardware that puts it in the "Professional Use Only" catagory. Hopefully sometime soon the entrance costs will be less prohibitive, but untilthen, I'll stick with my 100Mb/s ethernet with adapters for $25 a pop and hubs for $50. --------
Then one day at work I wanted to connect (I work at a computer retailer with phonelines but no ISP). I tried AOL, using a borrowed account from a friend, but it was annoying getting spam just for existing, and it wouldn't have been worth it if I had been paying the bill for the account. So then I tried netzero. It takes a little while to download all the updates, etc., but once you've gotten through the mess it's actually adecent ISP. You have to put up with a small add window, which if you are running 1024x768 should not be a problem at all. The speeds I get are actually better tan the speeds I got with AOL, which is not to say blazing, but respectable nontheless. I believe that NetZero has decent PoP presence throughout the country.
The only problem with this stuff, AOL and NetZero, is that you need windows to connect, because they use proprietary software.
If you want to connect with linux, I might recommend AT&T worldnet, with whom I've had a pretty good experience as well, and who also has decent PoP coverage. I've also heard that Earthlink is decent, but I've had no real experience. They both cost some money, but that's what you have to put up with if you're a linux junky.
--------
1. Yast2 pretty much sucks. A GUI install tool is nice, and I've seen it done well (as in Caldera), but the SuSE one holds your hand in the wrong places and glosses over the wrong places. Plus, the first time he ran it it blew up in his face just for running the "Recommended" setup. Once you got further into the nitty gritty (like, *gasp*, naming the partition on which you want linux installed) it went fairly well.
2. Neither Yast2 nor my preferred Yast include any provision for sound. There are many sound cards now supported by the kernel, so it wouldn't even need to include commercial software like OSS to work for many people.
3. This isn't quite as big a deal, but the CDs are very difficult to browse. There is no real standard directory structure, so looking through the CD to find useful software becomes a bit of a chore (add to that the fact that there are *6* CDs in the latest version!...)
Beyond that, I've loved just about everything about SuSE; once it is installed it is truly a joy to run, and the wealth of useful applications and utilities is very nice.
------
I think this is a perfect step in the right direction. Red Hat and VA Linux should be using their IPO riches for pushing Linux (and service) at basic levels, like schools and small businesses. How many people do you know who wouln't deviate from their beloved Mac even when they were far from the best computing platform out there? This is largely because Apple pushed Macs in schools from the beginning and people got attatched. If students and teachers both learn to use Linux it will spread much faster.