Lots of people in an OCCUPIED country see NO PROBLEM with attacking Quislings.
If your country was invaded and you knew certain cops were helping the invaders by rounding up people who opposed the invaders, would you see killing those cops as "terrorism" or "patriotism"?
You mean like the democracies that were forced, at gunpoint, on Germany, Italy and Japan? Perhaps you think that those "sovereign nations" deserved a live and let live attitude from the US?
Germany was a Democracy before Hitler. We didn't force a democracy upon them.
The same with Italy.
Japan is the only example where a country without a Democratic history was successfully converted to Democracy.
Meanwhile, there are many, many examples where Democracy did not work when an outside country attempted to force it upon another. Vietnam and Korea are two recent, US examples.
Yep, Fundamentalism needs outside threats to rally the faithful to defend themselves against.
But Fundamentalism isn't a very popular (large segment of society) hobby.
In order for Fundamentalism to infect a large portion of society, you need a large portion of society to be (or believe it is being) affected by the evil threat.
Fundamentalism is catching in the mid-east because more and more of the people there ARE affected by "The Great Satan". Either directly or through someone they know.
That is the problem with our continued military response to the insurgency. When we accidently drop a 500# bomb on a house and kill a family, then we've given all the friends of that family a reason to hate / fear "The Great Satan".
Indeed, the longer this goes on, the more I am seeing it as a clash between two fundamental-ISMs, and show the great lengths people will go to avoid examining their basic assumptions.
Pretty much. The problem is that they're over there and we're over here. They can "win" this simply by outlasting us. Just like Vietnam.
But that will breed even more Fundamentalism over there. They will have driven out The Great Satan and they will have proof that there is a "war" against them.
The only way to stop this is to show the masses that we aren't really as bad as our recent and past actions have indicated.
But that takes time and focus and money. None of which our populace seems willing to invest when we are promised quick, cheap "victories" over the "bad men".
Rather than "spreading democracy" in the mid-east, Bush's wars will end up spreading Fundamentalism, anarchy, political assassinations and world wide terrorism.
And no amount of remote controlled gun-bots will be able to change that.
That is demonstratably false. You do not have any clue what I'm talking about. Here's the proof.
You're being opaque about "content": strings like "bush", "kerry", "election", "vote", "ballot", etc are all content, all political, and all catchable by bayesian filters.
No. They are strings.
"Bush" is political when used in political context.
"Bush" is sexual when used in a sexual context.
"Bush" refers to plants when used in that context.
"Bush" can be used in one context to make a comment in a different context in a single message.
It's all about the CONTEXT because "Bush" is just a string.
But what about filtering on "fraud", or "cheat" in a message with those other strings?
Again, ONLY if a message with those STRINGS in it was submitted to YOUR Bayesian database as SPAM.
If they were NOT, then they will NOT count towards the spam count.
There is nothing magical about it.
There isn't a government agency secretly populating your Bayes databases.
The Bayesian databases reflect exactly what was put in them. Which is why they are so effective at fighting spam.
That's a way to use bayesian filtering for a political analysis, even if nonpartisan; stopping "bush" and "cheat" more often than "kerry" and "cheat" is partisan.
And WHO is telling the database to do that?
Hmmmmmmm?
Do you believe that someone is pre-loading your Bayesian database?
Do you believe that someone is intentionally altering the settings on your Bayesian database?
I'm not guessing the mechanism. I haven't tested the filters. I expect there are different ones, with different patterns.
Well I'm certainly not surprised. Even though it wouldn't take much effort to look at the headers to see.
The bottom line, in simple political terms, is that acceptable messages between peers with political "content", even if just individual buzzwords, is stopped by some filters - sometimes invisibly.
And that's just more evidence that you do NOT understand the situation.
You're still putting "political" in there.
It isn't "political".
If a friend emails me that he's selling his home because he doesn't want to pay the mortgage while his cheatingwife has sex there and it gets flagged as spam, I don't worry that there's some RELIGIOUS problem with my filters. I understand what "strings" are and how they are used in these Bayesian databases based filters.
But to you, it's all about some political catastrophe.
That's bad for people using this medium for political discussions. Which is bad for people.
No. The problem is that you don't understand the technology.
You don't understand how/where spammers get addresses.
You don't understand how filters (particularly Bayesian based ones) determine whether an email is spam or not.
You don't understand how spammers try to get around those filters.
Despite all of that, you're still convinced that there is a problem that YOU see that others who actually understand the issues are blind to.
Scenario #1: A completely blank Bayesian database. Brand new. Your son "Kerry" is emailing you about how funny it was that another kid was caught "cheating" in one of his classes.
Those strings populate the database with a high "ham" factor.
Political emails about how "Kerry" was "cheating" in "Vietnam" will come through without any problem (and "Vietnam" will be learned as ham).
So, where's the political bias there?
Scenario #2: Same as scenario #1, except your kid's name is "George" and the political email is about how "George" "Bush" was "cheating" during "Vietnam".
The political crap still gets through.
It's all about technology and statistics.
It only looks like magic to those who don't want to spend the time to learn it.
I'm even more concerned if people at companies like CBS News are getting their emails screened out by political "content" if it's happening to everyone, not just me.
With Bayes, it isn't about content. I'm trying to tell you that.
It's about strings.
And spammers know that.
So the spammers include those strings in their spam.
Someone sees the spam and has Bayes "learn" it. Now those "political" strings are learned as spam.
You receive an email with those strings, but it is flagged as spam because of the Bayes database.
People sending political stories to the news, and law firms, and the government, etc, need those messages to get through.
Great. So all a spammer has to do to make sure his spam gets through is to include a segment of a political story.
Which means that there will be NO way of stopping ANY spam, ever.
This is NOT political.
This is all about spammers using strings that they know will be on lots of email that lots of people will be sending / receiving from their friends.
One of the friends whose spamfilter tagged me is a producer at CBS (network) News. They exchange email with similar and greater political content all the time. This kind of automated decision about what's unacceptable is dangerous.
If it is Bayesian, then it isn't the content, it's the strings.
Which means that some spam was learned that had that string so any messages with that string are flagged as likely spam.
During specific times (elections, disasters, etc), the spammers will attempt to poison Bayes databases by including phrases about those events.
#3. While they were doing the work and not just what they could remember during a meeting?
#4. Did they collect them over time? Some things happen: every day every week every 2 weeks every 1/2 month every month every quarter every 1/2 year every year
#5. Did they do a sanity check of the information they've gathered?
#6. Did they do a sanity check of how management wants to handle the data? (From TFA:
A McDonald's program called Innovate was even more ambitious - and expensive. Started in 1999 with a budget of $1 billion, the network sought to automate pretty much the entire fast-food empire. Software systems would collect information from every restaurant - the number of burgers sold, the speed of customer service, even the temperature of the oil in the French fry vats - and deliver it in a neat bundle to the company's executives, who would be able to adjust operations moment by moment.
Why would the executives be concerned with the oil for the fries? It's called "delegation".
#7. What are the legal requirements?
#8. Have you documented the reasons why you did something the way you did it?
#9. Have you documented the reasons why you are not providing certain functionality? This will come up in the future. Feature creep always happens.
#10. Have you evaluated commercial products and documented why they weren't sufficient?
Doing requirements is a LOT of work. But if you don't know what you need, how will you know how to build it?
While I certainly don't think games are the uber replacement for books, I would like to see a university take the approach of having 6 or 7 semesters of book work/study and allow the last year or so to be simulation of real world events with the knowledge they gained their first years of college.
Why not just have internships or similar programs?
The problems with "simulations" is that you only get the options they thought of and the goals they thought of and payoffs that they thought of.
Here's a good example: If you're learning computer science and the simulation only rewards you for choosing Microsoft based solutions because the guy who wrote the simulation likes Microsoft stuff.
Nothing beats the Real World for real world experience.
If it's done right, the companies offering the internships will give feedback to the schools and the schools can tune their programs.
Of course, that means that the school's programs will be slightly different each year as the technology and marketplace change, but the students will be more in-tune than they are right now.
To "prove" that Bush was AWOL, you'd have to "prove" that he was not present and did not have permission to be absent.
So it is impossible to "prove" that he was AWOL.
Much like Bigfoot and the Lock Ness monster, you will have people who, despite the complete lack of any supporting evidence, still believe that Bigfoot lives, Nessie swims and Bush served his time.
The fact that no one has been able to provide any evidence for Bigfoot or Nessie or Bush showing up for drills should be enough to conclude that they are fantasies.
When was the last time you saw a real journalist take the latest White House speech or press release and take it apart and either confirm or contradict (with supporting references) those statements?
TFA covers a lot of material, but not by taking apart specific speeches or quotes from Government officials.
If I want to verify that my Debian box is 100% clean, I just boot with a Knoppix disk, chroot the box and use dpkg to list the installed packages and again to validate all of the files against the installed packages.
Any files that are not identified that way should only be in the/home/~* directory. If you find something somewhere else...
Validating a Debian box is easy. I'm sure that validating most other Linux boxes is just as easy. Any advice from Red Hat/Fedora or SuSE or others?
"A big hello to all intelligent lifeforms everywhere...and to everyone else out there, the secret is to bang the rocks together, guys."
But seriously, run whatever you want to. Just remember that your machine can be taken over and used to spew spam and DDoS attacks. Let's all act responsibly with whatever we choose to run and make sure we're keeping the scumwads off of our machines.
Nice explanation of "PAT" vs "NAT". Thanks for correcting me.
You might want to toss in "IP Masquerading", too. A term familiar to many of us from the days of the 2.0 kernel.
Also, it is possible to have both PAT and NAT on one firewall. This is commonly seen where you have one firewall providing PAT/firewalling for the users, and NAT for the servers in the DMZ.
The attacks are scripted to do port scans to find open ports that correspond to the attacks the zombies are launching.
If you don't have the ports open, then they don't attack the services commonly using those ports.
There was another, better article that stated that Linux boxes had Linux-app-specific attacks against them either twice an hour or once every 2 hours (I don't remember which).
The point is, if you are vulnerable, you WILL be attacked.
How many Windows machines there are out there does NOT matter.
How few Linux machines there are out there does NOT matter.
The attacks are automated and run 24/7/52. Your machine will be found.
That doesn't make Linux "more secure," in the sense of a native attribute of the O/S; it just means people are less interested in writing exploits or there are fewer unpatched machines to propagate them.
Read more articles. See how most Linux distributions have things like Apache running in a more secured state (non-root and/or in a chroot'ed environment).
Security is all about limiting the avenues of attack.
These reports are mostly moot, however, because a router will deter all but hackers with a reason to pwn your box, and there is little reason to do so to a home computer.
What do you mean by "router"? There are probably several routers between your computer and any other computer on the Internet.
And most of the spam I see is from home machines that have been cracked (zombies).
Not to mention the DDoS zombies out there.
They'd be happy to get your credit card info off of your home machine, but they attack to turn you into a zombie with bandwidth.
As I've pointed out before, and as others have pointed out, this has nothing to do with the package format. RPM supports it.
Yes, the other poster confirmed that. I'm going to test it out tonight, at home, to see if there are other issues with it. But at this moment, this is no longer about whether or not you can put a "provides" in a.rpm package. You can.
If you have a problem with a particular RPM based distro, then fine, but it's annoying when you keep on bashing RPM for something that has nothing to do with RPM.
I'm not doing that. YOU are the one claiming that such functionality is seldom needed.
I've pointed out that Debian uses this a lot.
You've not said anything to refute that other than make a loose claim that Debian use it a lot. Why don't you provide some examples?
It is not much used because there are very few cases where it is reasonable to use it - most applications that require something require a specific library or a specific application to be present, very few requires a capability that is met by many applications.
Yet it is used a LOT on Debian.
I'm not talking about libraries.
I'm talking about things like: text editor webserver smtp etc.
The PROBLEM is when an app is packaged via RPM and it REQUIRES a specific app that should have been sufficiently abstracted so that any server of that type could fulfill it.
Such as with Debian.
Otherwise I end up with 10 different text editors because 10 different people packaged 10 different apps that required a different text editor each.
The more applications I have installed, the longer it takes to maintain my systems and the more avenues there are for a cracker to attack it.
Part of Security is getting rid of things you don't absolutely need.
With Debian, I can have ONE text editor and if there is some terrible flaw found with that one, I can remove it and switch to a different one.
I understand skepticism, but you're a bit over the top. There's no Red Hat junta out to trick Slashdot into thinking that RPM has more features than it does.
Nope, but there are lots of people who make unsubstantiated claims.
I'll try building a.rpm tonight that depends upon "webserver" and see if that works. All I have at work are Debian machines.
Rather each distribution was started because someone looked at the other distributions and didn't find one that s/he liked 100% so s/he started his/her own.
This isn't about who "knows best" but which approach works for different people.
Why do we have Red Hat and SuSE and Mandrake when they're all Linux and they're all RPM-based?
Why are each of those slightly different from the other two?
The simple answer is because different people are using different approaches to do different jobs. So we see different distributions.
http://www.hyperdictionary.com/dictionary/quisling
Lots of people in an OCCUPIED country see NO PROBLEM with attacking Quislings.
If your country was invaded and you knew certain cops were helping the invaders by rounding up people who opposed the invaders, would you see killing those cops as "terrorism" or "patriotism"?
The same with Italy.
Japan is the only example where a country without a Democratic history was successfully converted to Democracy.
Meanwhile, there are many, many examples where Democracy did not work when an outside country attempted to force it upon another. Vietnam and Korea are two recent, US examples.
But Fundamentalism isn't a very popular (large segment of society) hobby.
In order for Fundamentalism to infect a large portion of society, you need a large portion of society to be (or believe it is being) affected by the evil threat.
Fundamentalism is catching in the mid-east because more and more of the people there ARE affected by "The Great Satan". Either directly or through someone they know.
That is the problem with our continued military response to the insurgency. When we accidently drop a 500# bomb on a house and kill a family, then we've given all the friends of that family a reason to hate / fear "The Great Satan".Pretty much. The problem is that they're over there and we're over here. They can "win" this simply by outlasting us. Just like Vietnam.
But that will breed even more Fundamentalism over there. They will have driven out The Great Satan and they will have proof that there is a "war" against them.
The only way to stop this is to show the masses that we aren't really as bad as our recent and past actions have indicated.
But that takes time and focus and money. None of which our populace seems willing to invest when we are promised quick, cheap "victories" over the "bad men".
Rather than "spreading democracy" in the mid-east, Bush's wars will end up spreading Fundamentalism, anarchy, political assassinations and world wide terrorism.
And no amount of remote controlled gun-bots will be able to change that.
"Bush" is political when used in political context.
"Bush" is sexual when used in a sexual context.
"Bush" refers to plants when used in that context.
"Bush" can be used in one context to make a comment in a different context in a single message.
It's all about the CONTEXT because "Bush" is just a string.Again, ONLY if a message with those STRINGS in it was submitted to YOUR Bayesian database as SPAM.
If they were NOT, then they will NOT count towards the spam count.
There is nothing magical about it.
There isn't a government agency secretly populating your Bayes databases.
The Bayesian databases reflect exactly what was put in them. Which is why they are so effective at fighting spam.And WHO is telling the database to do that?
Hmmmmmmm?
Do you believe that someone is pre-loading your Bayesian database?
Do you believe that someone is intentionally altering the settings on your Bayesian database?Well I'm certainly not surprised. Even though it wouldn't take much effort to look at the headers to see.And that's just more evidence that you do NOT understand the situation.
You're still putting "political" in there.
It isn't "political".
If a friend emails me that he's selling his home because he doesn't want to pay the mortgage while his cheating wife has sex there and it gets flagged as spam, I don't worry that there's some RELIGIOUS problem with my filters. I understand what "strings" are and how they are used in these Bayesian databases based filters.
But to you, it's all about some political catastrophe.No. The problem is that you don't understand the technology.
You don't understand how/where spammers get addresses.
You don't understand how filters (particularly Bayesian based ones) determine whether an email is spam or not.
You don't understand how spammers try to get around those filters.
Despite all of that, you're still convinced that there is a problem that YOU see that others who actually understand the issues are blind to.
Scenario #1:
A completely blank Bayesian database. Brand new. Your son "Kerry" is emailing you about how funny it was that another kid was caught "cheating" in one of his classes.
Those strings populate the database with a high "ham" factor.
Political emails about how "Kerry" was "cheating" in "Vietnam" will come through without any problem (and "Vietnam" will be learned as ham).
So, where's the political bias there?
Scenario #2: Same as scenario #1, except your kid's name is "George" and the political email is about how "George" "Bush" was "cheating" during "Vietnam".
The political crap still gets through.
It's all about technology and statistics.
It only looks like magic to those who don't want to spend the time to learn it.
It's about strings.
And spammers know that.
So the spammers include those strings in their spam.
Someone sees the spam and has Bayes "learn" it. Now those "political" strings are learned as spam.
You receive an email with those strings, but it is flagged as spam because of the Bayes database.Great. So all a spammer has to do to make sure his spam gets through is to include a segment of a political story.
Which means that there will be NO way of stopping ANY spam, ever.
This is NOT political.
This is all about spammers using strings that they know will be on lots of email that lots of people will be sending / receiving from their friends.
Which means that some spam was learned that had that string so any messages with that string are flagged as likely spam.
During specific times (elections, disasters, etc), the spammers will attempt to poison Bayes databases by including phrases about those events.
There's nothing political about it.
Check what triggered on those emails. That's all.
#1. Did they even bother to collect them?
#2. From the people who actually do the work?
#3. While they were doing the work and not just what they could remember during a meeting?
#4. Did they collect them over time? Some things happen:
every day
every week
every 2 weeks
every 1/2 month
every month
every quarter
every 1/2 year
every year
#5. Did they do a sanity check of the information they've gathered?
#6. Did they do a sanity check of how management wants to handle the data? (From TFA: Why would the executives be concerned with the oil for the fries? It's called "delegation".
#7. What are the legal requirements?
#8. Have you documented the reasons why you did something the way you did it?
#9. Have you documented the reasons why you are not providing certain functionality? This will come up in the future. Feature creep always happens.
#10. Have you evaluated commercial products and documented why they weren't sufficient?
Doing requirements is a LOT of work. But if you don't know what you need, how will you know how to build it?
The problems with "simulations" is that you only get the options they thought of and the goals they thought of and payoffs that they thought of.
Here's a good example: If you're learning computer science and the simulation only rewards you for choosing Microsoft based solutions because the guy who wrote the simulation likes Microsoft stuff.
Nothing beats the Real World for real world experience.
If it's done right, the companies offering the internships will give feedback to the schools and the schools can tune their programs.
Of course, that means that the school's programs will be slightly different each year as the technology and marketplace change, but the students will be more in-tune than they are right now.
you'll never learn in school.
How to work with people you don't like to accomplish a goal you both have to complete.
Once you've mastered that, the work place is easy.
To "prove" that Bush was AWOL, you'd have to "prove" that he was not present and did not have permission to be absent.
So it is impossible to "prove" that he was AWOL.
Much like Bigfoot and the Lock Ness monster, you will have people who, despite the complete lack of any supporting evidence, still believe that Bigfoot lives, Nessie swims and Bush served his time.
The fact that no one has been able to provide any evidence for Bigfoot or Nessie or Bush showing up for drills should be enough to conclude that they are fantasies.
We have lots of chances to get the people who are bankrupting our country out of office before we do go bankrupt.
All it takes is for enough voters to get out and vote.
If people vote out the Congress Critters, we can stop Bush from spending all of Social Security's money.
Then we put someone fiscally responsible in the White House.
When was the last time you saw a real journalist take the latest White House speech or press release and take it apart and either confirm or contradict (with supporting references) those statements?
TFA covers a lot of material, but not by taking apart specific speeches or quotes from Government officials.
The issue should NOT be whether Social Security is solvent or not.
The issue SHOULD be, "you have X years to balance the budget and pay off the Social Security loans so Social Security stays solvent".
The Government BORROWED the Social Security money and now the Government doesn't want to pay it back.
Balance the budget, Bush. The Social Security money is there.
It is in secure, government bonds.
The problem is when the government cannot balance its budget. Then they have three options:
#1. Raise taxes to pay the bonds.
#2. Default on the bonds.
#3. Borrow more to pay the bonds.
NONE of this would be a problem IF the government could balance the budget.
Option #4. Declare that Social Security is in crisis and needs to be scrapped.
If I want to verify that my Debian box is 100% clean, I just boot with a Knoppix disk, chroot the box and use dpkg to list the installed packages and again to validate all of the files against the installed packages.
/home/~* directory. If you find something somewhere else ...
Any files that are not identified that way should only be in the
Validating a Debian box is easy. I'm sure that validating most other Linux boxes is just as easy. Any advice from Red Hat/Fedora or SuSE or others?
I like Debian.
"A big hello to all intelligent lifeforms everywhere...and to everyone else out there, the secret is to bang the rocks together, guys."
But seriously, run whatever you want to. Just remember that your machine can be taken over and used to spew spam and DDoS attacks. Let's all act responsibly with whatever we choose to run and make sure we're keeping the scumwads off of our machines.
Nice explanation of "PAT" vs "NAT". Thanks for correcting me.
You might want to toss in "IP Masquerading", too. A term familiar to many of us from the days of the 2.0 kernel.
Also, it is possible to have both PAT and NAT on one firewall. This is commonly seen where you have one firewall providing PAT/firewalling for the users, and NAT for the servers in the DMZ.
The attacks are scripted to do port scans to find open ports that correspond to the attacks the zombies are launching.
If you don't have the ports open, then they don't attack the services commonly using those ports.
There was another, better article that stated that Linux boxes had Linux-app-specific attacks against them either twice an hour or once every 2 hours (I don't remember which).
The point is, if you are vulnerable, you WILL be attacked.
How many Windows machines there are out there does NOT matter.
How few Linux machines there are out there does NOT matter.
The attacks are automated and run 24/7/52. Your machine will be found.Read more articles. See how most Linux distributions have things like Apache running in a more secured state (non-root and/or in a chroot'ed environment).
Security is all about limiting the avenues of attack.
Did he mean "firewall" instead of "router"?
I don't think he did because he refered to his "unfirewalled SP1 Windows XP box".
Unless he refers to a NAT'ing device as a "router".
And most of the spam I see is from home machines that have been cracked (zombies).
Not to mention the DDoS zombies out there.
They'd be happy to get your credit card info off of your home machine, but they attack to turn you into a zombie with bandwidth.
I've pointed out that Debian uses this a lot.Well, to use your examples "Sendmail, Exim, Postfix". Here's a good start http://packages.debian.org/testing/virtual/mail-t
http://packages.debian.org/testing/virtual/radius
http://packages.debian.org/testing/virtual/httpd
http://packages.debian.org/testing/virtual/editor
http://packages.debian.org/testing/virtual/mail-r
There, that should be enough examples. Common tasks, handled by a multitude of apps, each available as an option under a specific "provides".
All nicely labeled and set out so they can be easily identified and referenced.
I'm not talking about libraries.
I'm talking about things like:
text editor
webserver
smtp
etc.
The PROBLEM is when an app is packaged via RPM and it REQUIRES a specific app that should have been sufficiently abstracted so that any server of that type could fulfill it.
Such as with Debian.
Otherwise I end up with 10 different text editors because 10 different people packaged 10 different apps that required a different text editor each.
The more applications I have installed, the longer it takes to maintain my systems and the more avenues there are for a cracker to attack it.
Part of Security is getting rid of things you don't absolutely need.
With Debian, I can have ONE text editor and if there is some terrible flaw found with that one, I can remove it and switch to a different one.
I'll try building a
Great. So you claim that it works just like in Debian. So give me an example of a package in Red Hat or SuSE or whatever that does that.
.rpm's that have that functionality, then why can't you?
Don't just claim that some functionality exists.
If you can't find any
This isn't about who "knows best" but which approach works for different people.
Why do we have Red Hat and SuSE and Mandrake when they're all Linux and they're all RPM-based?
Why are each of those slightly different from the other two?
The simple answer is because different people are using different approaches to do different jobs. So we see different distributions.