Uhh ok, well I wasn't defending IE, but anyway I will on this count. Are you honestly trying to compare a full-featured web browser to libc?
Sure. Why not?
The key point is that you do NOT want tons of extra CRAP (like a web browser and such) welded to the OS.
The *nix approach (as shown by libc) is far easier to maintain and is a better approach from a security standpoint.
My point was if you have many OS components that rely on this poorly written software and interact with it in a trusted way, you are going to have many more severe security issues than with something like Firefox.
Again, it is easier to find the problems and fix them in a SMALL component (such as libc) than it is to find them and fix them in a complete web browser (with scripting and ActiveX and so forth).
Microsoft's approach was to hide portions of the browser functionality in other, system,.dll's. They only did this because they were trying to kill Netscape.
The better, cleaner, more securable approach would be the *nix way where the browser components are seperate and distinct modules.
The fact is, there are more uninformed people out there than there are informed people (just read the crap in the original article).
Another fact is that there are more Microsoft fans than there are Open Source fans (right now).
So, the intersection of those two groups means that there are more uninformed Microsofties than there are informed Open Source fans.
And those Microsofties, for whatever reason, have decided to hang out on/. and farm mod points so they can step on things they don't agree with.
Get used to it. That's the same way it will be throughout most of your life, unless you restrict yourself to very exclusive groups with very high entrance requirements (/. is not one of them).
Where have all the great OSS zealots gone that could argue down windows folk with a brilliant point of logic.
You can't argue them down. They don't know enough of the material to know how ignorant they are.
I've argued here with people who swore that SMTP did NOT have authentication. Even after I posted links to the RFC's.
Start it up and it will soon start swapping. No matter how much RAM you have.
Since it is going to do it anyway, you'll want a nice, clean, ORGANIZED place for it to do it in.
The problem is that adding a partition usually puts that partition near the spindle which is the SLOWEST portion of the disk. But it will still cut down on fragmentation and crap.
With a Linux system, I put the swap drive down first. It gets the fastest portion of the disk. It should never use it, but just in case...
With Windows, if you do that you'll end up installing Windows to D:\, which is fine, but you'll need to make adjustments everytime something wants to install to C:\program files.
What the fuck is wrong with people? Honestly, did they even read Ender's Game? It's not just some action movie with kids, you know. Well, at least I can get disappointed early.
Scene: Ender's sleeping quarters. Mazer: "Get up!" Ender: "I just got to sleep." Mazer: "Get up NOW! You're on!" Cut to battle room. Other kids are there. All are tired. Lots of lights (two colours) are on the display. Ender rattles off some coordinates. Other kids rattle off coordinates. Lights blink out. All kids rattle off more coordinates. Finally, only one colour lights are left. Mazer: "Congratulations. You've won again." Other kids look at Ender with a mix of sympathy and admiration. Cut to Ender's sleeping quarters. Mazer: "Get up!"......... Ender: "Those weren't games. I was killing the Buggers! Nooooooooooooo!" Ender slaps both hands to his face... fade to black.
The most important thing you need to know once you enter the workforce is how to work with people you don't like and don't respect so that you can both accomplish a goal.
Organized sports teaches this... badly. They tend to focus on the few with superior, natural skills and forget about the rest.
You can't all be superstars. A team of mediocre people, working together, can accomplish more than a team of superstars who each demand the spotlight.
What Matters (Score:5, Insightful) The guy didn't read the article, yet felt qualified to comment on it anyway. Other people who didn't read the article found his comments "insightful" despite the fact that they contradicted the findings of the article.
Re:What Matters (Score:3, Informative) You did read the article and quoted part of it, yet your rating isn't as high as the guy's who skipped the reading.
Welcome to Real Life. It's just like this in the work force which is why the article makes so much sense.
It isn't what you know. It isn't what other people know. It's how well you can re-state their pre-existing opinions to impress them. It's all about what other people (who didn't do the reading) BELIEVE you know.
"Terrorism" is just used to make it sound like you're tough and cool.
The same as "The War on Poverty" or "The War on Drugs".
Yes, our economy will suffer a major blow from an attack on our computer networks, but if you give me a choice between having to become a farmer to feed myself and *DYING* in a suicide attack, I think I'll take the former.
It's not even that bad. Look at what happened with the other worms (slammer in particular). Banks were off-line. And the total number of businesses that failed was... none.
"Cyberterrorism" is worse than an insult. No one dies in "cyberterrorism". No one is worried that they MIGHT die.
Just look at the sniper attacks in DC. People were worried and they stayed home, they kept their kids out of school, etc.
Slammer hits and people get annoyed at their computers. Big deal.
But "cyberannoyance" won't get votes.
People have emotional reaction to words and most of them don't have the knowledge to evaluate the REAL threat (or the desire). Tell them that THEY are in DANGER and that the NEXT ATTACKcould be WORSE | DEVASTATING | HORRIBLE BEYOND IMAGINATION and you can get them to do just about anything.
But one thing is true: our computers are horribly insecure and are at risk not ONLY from terrorists, but from pimply-faced teenagers that live down the street.
Yep. But the "risk" is that you might lose some money / time.
The fact is that there aren't many programmers out there who bother writing secure software, and even fewer customers who demand it.
Yep. But so what? Until the customers lose something of value, completely (no getting the bank to reverse the charges), they won't demand anything that limits their activities.
They will happily support politicians who want to get "tough" on "cyberterrorism" and "crack down" on those "cybercriminals", but they will still open every email attachment.
Using group policies, I can set the home page for all users with a click of a button. I can set security features for all users without leaving my desk.
That's great. So what's the problem?
At my current job (at a university), I would love to put firefox in all the labs and deploy firefox to all of the faculty workstations, but I can't manage like I can with IE.
The question is WHY would you want to put FireFox on those desktops?
The point is that Mozilla is ignoring corporate users. Remember that corporations are a much bigger market than home users. Mozilla needs to concentrate on this.
Yes, the corporate segment is larger than the home segment. So?
If a corporation has settled on AD and group policies and locking down IE, then WHAT is their incentive for deploying FireFox?
The company I work for is rather small, but we still NEED Internet Explorer because a few of the web based services we use require it.
I still run FireFox on my desktop (as do most of the people in the IT department), and I run it exclusively at home.
You have to address what NEED FireFox will fulfill that IE cannot or does not. Just because YOU want to deploy it is not sufficient.
FireFox usage will grow at home and in those companies that still haven't adopted Microsoft's security schema (which includes a lot of companies in other countries).
You're looking at the "problem" from your own viewpoint. Look at it from other vantage points. I'd rather see the developers working on security holes and such than working on making the deployment more like IE.
Again, those companies that will reject FireFox because it cannot be deployed/managed like IE are most likely to be the ones that already have other ties to IE that will not allow them to replace it anyway.
We're still running an old app that needs DOS. We have part of it running in a DOS window on an NT4.0 machine (NT's DOS sub-system is different from later Windows' versions).
It's hard for a support company to say "I support Debian" when there's no standard set of software to support.
Actually, it is very easy. The same as a support company can say "we support Red Hat".
What "support" means will vary with different vendors.
The local shop might "support" Red Hat because one of their techs uses it and likes it and has a book on it.
Oracle might "support" Red Hat because they have a formal contract with Red Hat and technicians on both sides who work to duplicate and resolve issues.
The local shop would be able to recommend NIC's and sound cards and such and be able to configure them and help you get your CD-burner working. But they wouldn't be writing code to provide you with new features in that app.
Oracle would be able to find the error in the code that caused your database to hog memory under certain circumstances and get the patch to Red Hat to be included in the next patch. But they wouldn't be helping you rip CD's.
All UserLinux was supposed to do was to pick the "best" (by Bruce's criteria) app in each category and focus development/support on those in order to provide a Free platform for users and businesses to port their software to in a business-friendly fashion.
The problem is that Bruce lost focus and is, instead, waiting on Debian to move Sarge to "stable". Debian supports almost every hardware platform out there and hundreds of apps. The problems slowing down Debian should NOT be affecting UserLinux.
The essential reason to choose UserLinux is that it avoids the conflict between Open Source and producing income that all commercial distributions develop while supporting the enterprise.
And how is that different from Ubuntu?
The policy of the UserLinux project is for all development to be carried out within Debian, not within our own repository. Customers can take a much greater role because the Debian organization admits them fairly.
Again, how is that different from Ubuntu?
Of course, the long release delay has made something of a fool of me - because so far we've only proven that this non-profit can't get it together to make a release.
You will always have that problem.
The solution is to base your releases off of a SUB-SET of Debian. As Ubuntu does with Gnome. As UserLinux was supposed to be based upon Gnome.
Rather than delaying while some package you won't even be including waits for its maintainer to fix it, you should be shipping your release.
Remember, one of the key aspects of UserLinux was that it would NOT ship with two dozen text editors, one dozen image viewers, etc.
Look at the packages, not whether Sarge is released or not.
Becuase he's one of those people who perpetually whines that the new solution isn't a total solution. He slams on things that are improvements because they don't completely and totally solve the problem.
Rather, he keeps pointing out how NOTHING is 100% reliable.
So companies and individuals so NEVER rely upon it 100%.
Anyone who DOES rely upon any method, 100%, will be scammed, looted, etc.
The problem with security is there is no magic bullet, no perfect solution.
That is what he keeps saying.
Two factor authentication is a definite step in the right direction. It means that you can't just find out/guess someone's password and get access to their data. There's another step. Does that make it impossible? No, but it sure as hell makes it a lot tougher.
Again, the REAL problem is people who BELIEVE that it is 100% secure.
It isn't. We know it isn't. He knows it isn't. And he's telling people that it isn't and to not trust it 100%.
However, there are those out there, and Schneier seems to be one of them, that just want to rip on anything that isn't a 100% perfect solution.
WHOA THERE!!!
You seem to believe that there's something WRONG with him telling people that such-and-such is NOT "a 100% perfect solution" and that people whould NOT trust it 100%.
I thinks he's doing a great job because the vendors selling those "solutions" will NOT be telling you about the problems.
Bruce is, once again, pointing out that security is a process, not an end item. You cannot be "secure" simply because you require two methods of authentication.
Read Bruce's paper on "attack trees" to see how he illustrates that. People focus too much effort on getting from 99.9% "secure" passwords to 99.95% "secure" passwords when other avenues of attack are wide open.
I'm not arguing that using 2 (or 3) factors won't be generally more secure than using 1, but people do tend to be quick to jump on the bandwagon of shiney new things, and the fact is that a good password is a good start to a good security setup.
Yep. And it's is even more important than you believe. It all starts with a system that does the following:
#1. A delay between password attempts.
#2. Lock out the account for 15 minutes after 3 incorrect attempts.
#3. Log the failed attempts, lock outs and the correct logins after failed attempts & lock outs.
#4. Have a good network administrator MONITOR THOSE LOGS.
#5. Mandatory password changing.
Too often, people focus on attempting to build unbreakable passwords (as with this article). Don't even bother with that. Given enough time, your password will be cracked. Even if it requires an RSA token and your fingerprint and a 15 character, random password.
That means that you have to be too secure with too many items for too long.
Scenario, a new neighbor moves next door to you. He likes the same things you do and you hang out with him a lot. How difficult is it going to be for him to get your finger prints and to "accidentally" pickup your RSA token over the next year? That just leaves your password.
It always comes down to your password.
The system MUST be able to handle security based only upon your password or it will NOT be able to handle security when the physical identifications are compromised.
And the way to do that is to log EVERY attempted login and to have a person read the logs and look for changes in the patterns and delay the login attempts enough so that a person CAN review the logs BEFORE access is gained.
For enterprises and organizations, yeah, forks are bad things. They take up time and resources to manage and maintain. What happens if an organization chooses the wrong fork for the base OS? That is a very tough call.
How would an "enterprise" choose the "wrong fork"?
Be specific.
The really only useful choices that I know of, and admitedly I am not too hip to all the distros out there, out there are the ones that offer true support and will survive the software cycle.
That would be IBM, Red Hat, SuSE/Novell, and I'm sure there are others.
Yet each of them is a "fork". Red Hat includes patches that SuSE doesn't. SuSE includes patches that Red Hat doesn't.
If the patches are deemed "good", then they will be merged to the main kernel and included in EVERYONE's distribution.
It's all about the GPL.
Think of forking like windows upgrades. Both impart uncertainty about the future. Both require investigation about the best choice. Both carry risk. That is hard for an organization to simply move on. That is one of the reasons that Windows upgrades take so long some times.
Possibly. But only if you're following the bleeding edge development tree (what "enterprise" would do that?).
Rather, the forks are different approaches to solving a problem. Enterprises would NOT be deploying them in production systems (not without a damn good reason).
Enterprises would, instead, be deploying the stock kernel of whatever distribution they were using (or with Oracle approved patches for their Oracle system). They would NOT be downloading the -mm tree or the -ac tree and installing it in production.
But the patches from -mm and -ac DO get incorporated into Linus's tree when he so chooses (and deems appropriate).
...their personal identity and self-esteem heavily reliant on the elitism associated with the communities surrounding OSS. The natural urge is to bar membership to this community to perpetuate the elitism, greatly harming new user adoption.
It's just software.
The people you are describing are generally known as "wannabees". They want to be elite, but they aren't secure enough in their knowledge or skills and react to questions as if they were threats.
You can see them most anywhere. They're usually the ones with the strongest opinions, also.
They can pretend to be knowledgeable and skilled, but they'd rather spend time boasting and belittling others than actually learning and doing.
The good news is that such individuals do not matter much in overall adoption rates. If someone is looking to use Linux, having a wannabee laugh at his questions isn't going to change his mind. It might mean that he won't go back to that site, depending upon the signal to noise ratio and whether he did get a good answer to his question.
When we have British citizens held at Gitmo and tortured and threatened until they sign "confessions" that are easily disproven by the British authorities... but the US government investigates Gitmo and finds NO EVIDENCE OF ANY VIOLATIONS...
What WOULD constitute an "abuse" of the PATRIOT Act?
How would YOU know that such an abuse happened? That the government was CORRECTLY investigating it?
We are holding prisoners in Gitmo specifically because it is non-US territory so our government can violate our most basic values regarding due process and justice.
Our government has attempted to redefine "torture" to allow people to "interrogate" prisoners with what would be called "drowning" if al Queda did it to our troops.
It all comes down to definitions. What is an "abuse" and who defines it as such.
Upgrading a mixed lot of 4.11 & 5.1 servers to 6.5.
Oops. Problems with the overlay CD and iManager just wouldn't work. (iManager relies upon LDAP, Apache2, Tomcat and their software all working together. Maybe it uses perl, too. Give me a single utility you idiots.)
Anyway, the iManager problem gets solved when Novell finally released a TID on how to MANUALLY install their iManager stuff. It seems that uninstalling and re-installing their stuff does NOT actually re-install their stuff. Novell, this is basic stuff. What the fuck are you thinking about?
Also, the software that I have to manually install is a mix of.zip,.tar,.tgz and.war files (.war? So now I have to get a utility specifically to uncompress that single.war file? What the fuck are you thinking?)
So, I finally get all of that working and now I have 4 applications (all launched differently and maintained differently) needed to manage the system.
#1. NWAdmin because GW5.5ep doesn't work with Console1 or iManager.
#2. Console1 because not everything has been migrated to iManager.
#3. iManager. Their future system for managing everything (this is the one that depends upon 4 other apps to run correctly). Oh, and it runs best with IE, not Firefox.
#4. NWoR (NetWare Remote Manager). You need this to work with the disks/NSS/volumes.
Novell has made the major leap to what Linux was in 1995. Congratulations. And they're finally discovering.rpm's. Great.
Novell, here are a few FREE hints.
a.) Look at apt-get update, apt-get upgrade. You already store the info on what packages are installed. In 2005, I should be able to keep my NetWare boxes updates as easily as I do my Linux boxes.
b.) While Console1 is still alive, you need to make ALL the plugins available for it and easily installed. Why should I have to run the GroupWise installation to get the GroupWise plugins for Console1? Why can't I just download whatever plugins I want?
c.) If you're going for a web interface, learn from webmin. Do NOT make running the MANAGEMENT CONSOLE dependent upon getting multiple other packages correctly configured. The MANAGEMENT CONSOLE should be a single app. Console1 sucked, but it was far better than iManager and far easier to setup.
d.) Back to point a. What is it with a "service pack" that is over HALF A FUCKING GIGABYTE? It's 2005. Why am I waiting 12 hours for a "service pack" to download? And when I want to install the eDir8734 patch, I have to MANUALLY hunt and install 3 other patches? In the time it took me just to download that patch, I had tested and updated 3 Debian boxes.
I bought it for Windows years ago and I've bought their upgrades.
I'll buy their Linux version and hope that the same expertise that made them the best Windows burner will make them the best Linux burner.
They're very focused on their core (CD burning) and they offer frequent updates to their software. I have no problems spending money on a company like that.
I do feel that XML allows for a file to bloat up rather badly, but compression on that sort of plain text file is so good these days that I don't really see any point in complaining about it.
No. I don't see any rational for compressing the config files and there are too many disadvantages.
And I don't see how XML will prevent misformatted config files.
What problems are present with text config files and how will XML prevent those?
The key point is that you do NOT want tons of extra CRAP (like a web browser and such) welded to the OS.
The *nix approach (as shown by libc) is far easier to maintain and is a better approach from a security standpoint.Again, it is easier to find the problems and fix them in a SMALL component (such as libc) than it is to find them and fix them in a complete web browser (with scripting and ActiveX and so forth).
Microsoft's approach was to hide portions of the browser functionality in other, system,
The better, cleaner, more securable approach would be the *nix way where the browser components are seperate and distinct modules.
The fact is, there are more uninformed people out there than there are informed people (just read the crap in the original article).
Another fact is that there are more Microsoft fans than there are Open Source fans (right now).
So, the intersection of those two groups means that there are more uninformed Microsofties than there are informed Open Source fans.
And those Microsofties, for whatever reason, have decided to hang out on
Get used to it. That's the same way it will be throughout most of your life, unless you restrict yourself to very exclusive groups with very high entrance requirements (/. is not one of them).You can't argue them down. They don't know enough of the material to know how ignorant they are.
I've argued here with people who swore that SMTP did NOT have authentication. Even after I posted links to the RFC's.
Start it up and it will soon start swapping. No matter how much RAM you have.
...
Since it is going to do it anyway, you'll want a nice, clean, ORGANIZED place for it to do it in.
The problem is that adding a partition usually puts that partition near the spindle which is the SLOWEST portion of the disk. But it will still cut down on fragmentation and crap.
With a Linux system, I put the swap drive down first. It gets the fastest portion of the disk. It should never use it, but just in case
With Windows, if you do that you'll end up installing Windows to D:\, which is fine, but you'll need to make adjustments everytime something wants to install to C:\program files.
Mazer: "Get up!"
Ender: "I just got to sleep."
Mazer: "Get up NOW! You're on!"
Cut to battle room. Other kids are there. All are tired. Lots of lights (two colours) are on the display.
Ender rattles off some coordinates. Other kids rattle off coordinates. Lights blink out. All kids rattle off more coordinates. Finally, only one colour lights are left.
Mazer: "Congratulations. You've won again."
Other kids look at Ender with a mix of sympathy and admiration.
Cut to Ender's sleeping quarters.
Mazer: "Get up!"
Ender: "Those weren't games. I was killing the Buggers! Nooooooooooooo!"
Ender slaps both hands to his face
I'm predicting maximum suckage.
The most important thing you need to know once you enter the workforce is how to work with people you don't like and don't respect so that you can both accomplish a goal.
... badly. They tend to focus on the few with superior, natural skills and forget about the rest.
Organized sports teaches this
You can't all be superstars. A team of mediocre people, working together, can accomplish more than a team of superstars who each demand the spotlight.
Rather than learning the idiosyncracies of whatever systems the school has, you learn the LOGIC and the PRINCIPLE behind the concepts.
Once you have those down, you can see how each system implements them in slightly different ways and you can pick up the new stuff quicker.
... than right here.
What Matters (Score:5, Insightful)
The guy didn't read the article, yet felt qualified to comment on it anyway. Other people who didn't read the article found his comments "insightful" despite the fact that they contradicted the findings of the article.
Re:What Matters (Score:3, Informative)
You did read the article and quoted part of it, yet your rating isn't as high as the guy's who skipped the reading.
Welcome to Real Life. It's just like this in the work force which is why the article makes so much sense.
It isn't what you know. It isn't what other people know. It's how well you can re-state their pre-existing opinions to impress them. It's all about what other people (who didn't do the reading) BELIEVE you know.
The same as "The War on Poverty" or "The War on Drugs".It's not even that bad. Look at what happened with the other worms (slammer in particular). Banks were off-line. And the total number of businesses that failed was
"Cyberterrorism" is worse than an insult. No one dies in "cyberterrorism". No one is worried that they MIGHT die.
Just look at the sniper attacks in DC. People were worried and they stayed home, they kept their kids out of school, etc.
Slammer hits and people get annoyed at their computers. Big deal.
But "cyberannoyance" won't get votes.
People have emotional reaction to words and most of them don't have the knowledge to evaluate the REAL threat (or the desire). Tell them that THEY are in DANGER and that the NEXT ATTACK could be WORSE | DEVASTATING | HORRIBLE BEYOND IMAGINATION and you can get them to do just about anything.Yep. But the "risk" is that you might lose some money / time.Yep. But so what? Until the customers lose something of value, completely (no getting the bank to reverse the charges), they won't demand anything that limits their activities.
They will happily support politicians who want to get "tough" on "cyberterrorism" and "crack down" on those "cybercriminals", but they will still open every email attachment.
If a corporation has settled on AD and group policies and locking down IE, then WHAT is their incentive for deploying FireFox?
The company I work for is rather small, but we still NEED Internet Explorer because a few of the web based services we use require it.
I still run FireFox on my desktop (as do most of the people in the IT department), and I run it exclusively at home.
You have to address what NEED FireFox will fulfill that IE cannot or does not. Just because YOU want to deploy it is not sufficient.
FireFox usage will grow at home and in those companies that still haven't adopted Microsoft's security schema (which includes a lot of companies in other countries).
You're looking at the "problem" from your own viewpoint. Look at it from other vantage points. I'd rather see the developers working on security holes and such than working on making the deployment more like IE.
Again, those companies that will reject FireFox because it cannot be deployed/managed like IE are most likely to be the ones that already have other ties to IE that will not allow them to replace it anyway.
Similar, though. We're highly regulated and slow to change.
We're still running an old app that needs DOS. We have part of it running in a DOS window on an NT4.0 machine (NT's DOS sub-system is different from later Windows' versions).
What "support" means will vary with different vendors.
The local shop might "support" Red Hat because one of their techs uses it and likes it and has a book on it.
Oracle might "support" Red Hat because they have a formal contract with Red Hat and technicians on both sides who work to duplicate and resolve issues.
The local shop would be able to recommend NIC's and sound cards and such and be able to configure them and help you get your CD-burner working. But they wouldn't be writing code to provide you with new features in that app.
Oracle would be able to find the error in the code that caused your database to hog memory under certain circumstances and get the patch to Red Hat to be included in the next patch. But they wouldn't be helping you rip CD's.
All UserLinux was supposed to do was to pick the "best" (by Bruce's criteria) app in each category and focus development/support on those in order to provide a Free platform for users and businesses to port their software to in a business-friendly fashion.
The problem is that Bruce lost focus and is, instead, waiting on Debian to move Sarge to "stable". Debian supports almost every hardware platform out there and hundreds of apps. The problems slowing down Debian should NOT be affecting UserLinux.
The solution is to base your releases off of a SUB-SET of Debian. As Ubuntu does with Gnome. As UserLinux was supposed to be based upon Gnome.
Rather than delaying while some package you won't even be including waits for its maintainer to fix it, you should be shipping your release.
Remember, one of the key aspects of UserLinux was that it would NOT ship with two dozen text editors, one dozen image viewers, etc.
Look at the packages, not whether Sarge is released or not.
That's just the fact of the matter.
So, the appropriate response would be to LIMIT the possible damage by limiting the functions/transactions allowed.
So companies and individuals so NEVER rely upon it 100%.
Anyone who DOES rely upon any method, 100%, will be scammed, looted, etc.That is what he keeps saying.Again, the REAL problem is people who BELIEVE that it is 100% secure.
It isn't.
We know it isn't.
He knows it isn't.
And he's telling people that it isn't and to not trust it 100%. WHOA THERE!!!
You seem to believe that there's something WRONG with him telling people that such-and-such is NOT "a 100% perfect solution" and that people whould NOT trust it 100%.
I thinks he's doing a great job because the vendors selling those "solutions" will NOT be telling you about the problems.
Bruce is, once again, pointing out that security is a process, not an end item. You cannot be "secure" simply because you require two methods of authentication.
Read Bruce's paper on "attack trees" to see how he illustrates that. People focus too much effort on getting from 99.9% "secure" passwords to 99.95% "secure" passwords when other avenues of attack are wide open.
Cleverly hidden beneath the keyboard.
There, no more lost smart cards.
What we REALLY need is an incentive system (think "positive reinforcement") for people who follow good security practices.
Instead, we have positive reinforcement for bad practices.
#1. A delay between password attempts.
#2. Lock out the account for 15 minutes after 3 incorrect attempts.
#3. Log the failed attempts, lock outs and the correct logins after failed attempts & lock outs.
#4. Have a good network administrator MONITOR THOSE LOGS.
#5. Mandatory password changing.
Too often, people focus on attempting to build unbreakable passwords (as with this article). Don't even bother with that. Given enough time, your password will be cracked. Even if it requires an RSA token and your fingerprint and a 15 character, random password.
That means that you have to be too secure with too many items for too long.
Scenario, a new neighbor moves next door to you. He likes the same things you do and you hang out with him a lot. How difficult is it going to be for him to get your finger prints and to "accidentally" pickup your RSA token over the next year? That just leaves your password.
It always comes down to your password.
The system MUST be able to handle security based only upon your password or it will NOT be able to handle security when the physical identifications are compromised.
And the way to do that is to log EVERY attempted login and to have a person read the logs and look for changes in the patterns and delay the login attempts enough so that a person CAN review the logs BEFORE access is gained.
Be specific.That would be IBM, Red Hat, SuSE/Novell, and I'm sure there are others.
Yet each of them is a "fork". Red Hat includes patches that SuSE doesn't. SuSE includes patches that Red Hat doesn't.
If the patches are deemed "good", then they will be merged to the main kernel and included in EVERYONE's distribution.
It's all about the GPL.Possibly. But only if you're following the bleeding edge development tree (what "enterprise" would do that?).
Rather, the forks are different approaches to solving a problem. Enterprises would NOT be deploying them in production systems (not without a damn good reason).
Enterprises would, instead, be deploying the stock kernel of whatever distribution they were using (or with Oracle approved patches for their Oracle system). They would NOT be downloading the -mm tree or the -ac tree and installing it in production.
But the patches from -mm and -ac DO get incorporated into Linus's tree when he so chooses (and deems appropriate).
The people you are describing are generally known as "wannabees". They want to be elite, but they aren't secure enough in their knowledge or skills and react to questions as if they were threats.
You can see them most anywhere. They're usually the ones with the strongest opinions, also.
They can pretend to be knowledgeable and skilled, but they'd rather spend time boasting and belittling others than actually learning and doing.
The good news is that such individuals do not matter much in overall adoption rates. If someone is looking to use Linux, having a wannabee laugh at his questions isn't going to change his mind. It might mean that he won't go back to that site, depending upon the signal to noise ratio and whether he did get a good answer to his question.
Since this is about abuses of the PATRIOT Act.
But if the actions in question are "legal", then those actions cannot be an "abuse".
So his analogy would be on topic.
Who gets to define what an "abuse" is?
Gitmo is certainly "legal" if you ask our current government. Yet it is also completely contrary to our stated VALUES of due process and justice.
So, is Gitmo an "abuse" of our justice system?
If "yes", then we can talk about abuses of the PATRIOT Act.
If "no", then the discussion is meaningless because the word "abuse" has no meaning.
When we have British citizens held at Gitmo and tortured and threatened until they sign "confessions" that are easily disproven by the British authorities ... but the US government investigates Gitmo and finds NO EVIDENCE OF ANY VIOLATIONS ...
What WOULD constitute an "abuse" of the PATRIOT Act?
How would YOU know that such an abuse happened? That the government was CORRECTLY investigating it?
We are holding prisoners in Gitmo specifically because it is non-US territory so our government can violate our most basic values regarding due process and justice.
Our government has attempted to redefine "torture" to allow people to "interrogate" prisoners with what would be called "drowning" if al Queda did it to our troops.
It all comes down to definitions. What is an "abuse" and who defines it as such.
Upgrading a mixed lot of 4.11 & 5.1 servers to 6.5.
.zip, .tar, .tgz and .war files (.war? So now I have to get a utility specifically to uncompress that single .war file? What the fuck are you thinking?)
.rpm's. Great.
Oops. Problems with the overlay CD and iManager just wouldn't work. (iManager relies upon LDAP, Apache2, Tomcat and their software all working together. Maybe it uses perl, too. Give me a single utility you idiots.)
Anyway, the iManager problem gets solved when Novell finally released a TID on how to MANUALLY install their iManager stuff. It seems that uninstalling and re-installing their stuff does NOT actually re-install their stuff. Novell, this is basic stuff. What the fuck are you thinking about?
Also, the software that I have to manually install is a mix of
So, I finally get all of that working and now I have 4 applications (all launched differently and maintained differently) needed to manage the system.
#1. NWAdmin because GW5.5ep doesn't work with Console1 or iManager.
#2. Console1 because not everything has been migrated to iManager.
#3. iManager. Their future system for managing everything (this is the one that depends upon 4 other apps to run correctly). Oh, and it runs best with IE, not Firefox.
#4. NWoR (NetWare Remote Manager). You need this to work with the disks/NSS/volumes.
Novell has made the major leap to what Linux was in 1995. Congratulations. And they're finally discovering
Novell, here are a few FREE hints.
a.) Look at apt-get update, apt-get upgrade. You already store the info on what packages are installed. In 2005, I should be able to keep my NetWare boxes updates as easily as I do my Linux boxes.
b.) While Console1 is still alive, you need to make ALL the plugins available for it and easily installed. Why should I have to run the GroupWise installation to get the GroupWise plugins for Console1? Why can't I just download whatever plugins I want?
c.) If you're going for a web interface, learn from webmin. Do NOT make running the MANAGEMENT CONSOLE dependent upon getting multiple other packages correctly configured. The MANAGEMENT CONSOLE should be a single app. Console1 sucked, but it was far better than iManager and far easier to setup.
d.) Back to point a. What is it with a "service pack" that is over HALF A FUCKING GIGABYTE? It's 2005. Why am I waiting 12 hours for a "service pack" to download? And when I want to install the eDir8734 patch, I have to MANUALLY hunt and install 3 other patches? In the time it took me just to download that patch, I had tested and updated 3 Debian boxes.
I bought it for Windows years ago and I've bought their upgrades.
I'll buy their Linux version and hope that the same expertise that made them the best Windows burner will make them the best Linux burner.
They're very focused on their core (CD burning) and they offer frequent updates to their software. I have no problems spending money on a company like that.
And I don't see how XML will prevent misformatted config files.
What problems are present with text config files and how will XML prevent those?
Linux has shown positive growth EVERY SINGLE YEAR.
The reality is that most people and companies do NOT switch platforms without a compelling reason to. There's just too much stress and pain involved.
So Linux will continue its steady gains, over the years. There's nothing wrong with that.