I would say the two classes are: those who save and build wealth, and those who don't. Wealth can look like a defined benefits pension plan (what both my parents did), live frugally, don't load up on debt, live a good life. It can look like owning a business, real estate, etc. All things that generate passive income so one day you can truly retire. Then there are the people who do not save, rack up debt and generally are broke all the time. This can include people making $500,000 a year (and spending $550,000 a year). They live paycheck to paycheck, have a net worth of 0 or a negative number, and probably aren't going to succeed long term.
Seriously. What is a virtual good? A poem? A news article from Reuters? A short fiction story? Some 3d models of a car? Some 3d models of a car produced by a stock 3d image firm and then sold to a movie producer? Do we define a virtual good simply as bits and bytes that can only exist within a certain software program (i.e. a sword in Warcraft) and cannot easily "leave" that environment? Does this cover CAD files? It seems like the government simply wants to tax money transfers, which is historically what they do. In Canada it's really simple, we have a federal Goods and Services Tax (GST, 6%) which is applied to.. well.. all goods and services except basic needs (most foods, etc.). If money changes hands, we're supposed to report it and the GST. Doesn't matter if it's random scribbles on a paper or a happy thought.
Interesting, Canada as a whole (as I understand it) is a one party consent state. However if a police office and a person are in the middle of something, and I am simply a bystander can I be considered to be part of the conversation so to speak? Is asking "Hey officer, what's going on?" and having him reply sufficient? Or can I simply mute the audio on my video camera and capture picture only, thus avoiding the whole wiretapping issue? Would there be a difference between a "normal" microphone and some amped up monster with a parabolic capture dish that can make out a conversation at 200 feet? Interesting opportunities to create case law.
> self destruct, great, so if you want to destroy someones data, just grab their memory stick and intentional use bogus passwords. Now that's brilliant. A MS with a builtin self DOS.
Uhmmm if I can grab your memory stick and plug it into a PC I can just format it. Or put it in my pocket and leave. Or throw it in a waste bin. Ir snap it in half. Let's think this one through shall we?
Traditionally security is defined as the AIC triad (Availability, Integrity, Confidentiality), any issue that violates one of these is classed as a security issue (i.e. I can bypass passwords, modify information in the system or make the system unavailable to legitimate users). In general crashes are considered a denial of service, and more importantly to me say that the code is behaving in an unexpected way. Had it been expected that processing a malformed file would be a problem the application should do something like "I'm sorry, this file appears malformed, I can try repairing it, but if that doesn't work then you can basically kiss the data goodbye, sorry about that" to the user.
In this case the application crashes. Based on previous results, with exploitable Word (and Excel, etc.) flaws that allowed for code execution I'm going to go out on a limb and put my money in the corner with "these flaws are exploitable, it just hasn't been figured out how yet."
I find it interesting as well, there seems to be a propensity for these good to great companies to last for a while and then enter the doom loop, of which Circuit city is obviously in the middle of. I suppose the corporate culture of being great wasn't firmly entrenched enough to withstand this, and fell apart in the face of mediocre managers/board directors.
This is why I bought myself an iPod, my best friend and iPod, my mother an iPod, my wife an iPod, etc. They just work. I've never heard of anyone with an iPod having anything remotely like your experience, a consumer device that requires 10 hours of fighting to get nowhere in an attempt to correct fundamental problems sounds like a disaster to me.
They are supposed to investigate EVERY bug as being a potential exploit.
Er no. They generally fix the bug and move on. Investigating it to see if it is exploitable is largely a waste of time (unless it is a new class of bug in which case they usually research it and audit the entire code tree, which is why you don't see so many flaws in OpenBSD), every single code error can potentially be a serious security exploit, or a non issue (unreachable code path, etc.).
FUnny, my Mac, the Mac my parents use, the ones I see in use at businesses don't have these issues. Hopefully one day Apple will catch up to Windows and implement all these security problems so we have something to click on when we get bored of doing work or playing on the computer. =)
#1. It must make installing new software as easy as it currently is with apt.
up2date -i [package name]
"This package will require the installation of these additional packages, accept?" Yes/No
#2. The same for upgrading the software.
up2date -u [package name]
"This package will require the installation of these additional packages, accept?" Yes/No
#3. The same for removing the software.
rpm -e [package name]
#4. The same for handling dependencies. Including the order in which dependencies must be installed.
Already done, see above. up2date will find dependancies, dependancies of dependancies, etc. until it is done, then present you the list and confirm to install all the packages, you hit "Y" and you're done.
If you just want to check what would be a dependancy you can:
up2date --solvedeps=[package name]
which accepts a comma deliminated list of packages as well as a single package name
#5. The same for validating the installed software against the original software (checksums or whatever).
To verify packages installed (or package files not yet installed) you use the verify option:
rpm --verify
Which can check the GPG sig of the package file, the MD5 sigs of the files, etc. allowing you to detect any tampering or changes.
#6. The same for re-installing the software over the existing installation when you accidentally delete or over-write something.
up2date --force [package name]
rpm --force [package name]
#7. The ability to point the updater at your own repository or multiple repositories.
/etc/sysconfig/rhn/up2date
serverURL[comment]=Remote server URL
serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC
serverURL[comment]=Remote server URL
serverURL=https://www.centos.org/XMLRPC
#8. The ability to recompile (automatically) any software that you install for your specific hardware.
rpmbuild -ba
But in general major vendors provide optimized packages for various architectures that rely on heavy math/etc (kernel and OpenSSL being two of the important ones)
up2date (front end for RPM) includes the option ("5. enableRollbacks yes/no"). RPM supports rollbacks, config files would be saved as [filename].rpmsave or [filename].rpmnew depending on exactly what you are doing.
Kerberos is an authentication protocol, only the authentication portion of the session is secured, the rest of the session is plain text and can easily be intercepted, data read, modified, injected, etc.
To summarize: Kerberos provides strong authentication and encryption of network authentication, but nothing for the data communications part of a session.
Dying isn't the problem. Dying is cheap. It's when you suck up weeks in ICU and then 6-18 months in a neurological trauma unit because you didn't wear a helmet that is the real concern.
Part of it though is that some (actually pretty much all) of those "single" servers are actually clusters sitting on large pipes, i.e. gigabit and up to major IX's in their respective areas, so while dos'ing them is definitely possible it would take a concerted and sustained effort, and largely have no noticeable effect to end users.
My sister's theory was always that the brain is like a herd, it only moves as fast as it's slowest member. So by culling the herd every once in a while (killing off the weaker cells with booze) you actually improve your brain as a whole. Works for me.
What happens when (not if) N. Korea weaponizes these giant rabbits? Possibly by irradiating them and turning them into an even larger and more fearsome animal (sort of like African killer bees, but with big floppy death ray shooting ears). Seriously folks. Won't someone think of the children?
I don't know legally what this all means (IANAL) but it seems to me it could present a conflict of interest, and depending on how much stock they have (i.e. is it a significant percentage) it could potentially open them up to liability. Ultimately I suspect the SCO lawyers have knowingly done some very naughty things, but proving this in a court of law is another matter. Thus I doubt any sanctions will be leveled against them, but I suspect many people will make the case that sanctions should be leveled against them.
My last 6 machines shipped without Windows. Before you jump down my throat:
2 came from Sun.com (X2100's, officially they run Red Hat, SuSE, Solaris and Windows, they run OpenBSD nicely as well) - you can actually buy these without an HD now.
1 from Dell (Poweredge 750, officially they support Red Hat, Windows)
3 came from a local shop (memoryexpress, officially they don't support anything, but I asked for machines that would run OpenBSD or Red Hat Linux specifically)
Slashdot Mirror
As a rule you don't generally repackage sterile sponges... hint: sterile.
Healthcare for one. My tax dollars are directly paying for your choices.
Yeah but he wasn't driving on deserted roads. He's going through traffic at 100mph+.
I can think of some very similar products/etc, for example memcached:
http://www.danga.com/memcached/
You can have multiple memcached servers servicing multiple front ends (just ask wikipedia.org!)
I would say the two classes are: those who save and build wealth, and those who don't. Wealth can look like a defined benefits pension plan (what both my parents did), live frugally, don't load up on debt, live a good life. It can look like owning a business, real estate, etc. All things that generate passive income so one day you can truly retire. Then there are the people who do not save, rack up debt and generally are broke all the time. This can include people making $500,000 a year (and spending $550,000 a year). They live paycheck to paycheck, have a net worth of 0 or a negative number, and probably aren't going to succeed long term.
Seriously. What is a virtual good? A poem? A news article from Reuters? A short fiction story? Some 3d models of a car? Some 3d models of a car produced by a stock 3d image firm and then sold to a movie producer? Do we define a virtual good simply as bits and bytes that can only exist within a certain software program (i.e. a sword in Warcraft) and cannot easily "leave" that environment? Does this cover CAD files? It seems like the government simply wants to tax money transfers, which is historically what they do. In Canada it's really simple, we have a federal Goods and Services Tax (GST, 6%) which is applied to.. well.. all goods and services except basic needs (most foods, etc.). If money changes hands, we're supposed to report it and the GST. Doesn't matter if it's random scribbles on a paper or a happy thought.
Interesting, Canada as a whole (as I understand it) is a one party consent state. However if a police office and a person are in the middle of something, and I am simply a bystander can I be considered to be part of the conversation so to speak? Is asking "Hey officer, what's going on?" and having him reply sufficient? Or can I simply mute the audio on my video camera and capture picture only, thus avoiding the whole wiretapping issue? Would there be a difference between a "normal" microphone and some amped up monster with a parabolic capture dish that can make out a conversation at 200 feet? Interesting opportunities to create case law.
> self destruct, great, so if you want to destroy someones data, just grab their memory stick and intentional use bogus passwords. Now that's brilliant. A MS with a builtin self DOS. Uhmmm if I can grab your memory stick and plug it into a PC I can just format it. Or put it in my pocket and leave. Or throw it in a waste bin. Ir snap it in half. Let's think this one through shall we?
Traditionally security is defined as the AIC triad (Availability, Integrity, Confidentiality), any issue that violates one of these is classed as a security issue (i.e. I can bypass passwords, modify information in the system or make the system unavailable to legitimate users). In general crashes are considered a denial of service, and more importantly to me say that the code is behaving in an unexpected way. Had it been expected that processing a malformed file would be a problem the application should do something like "I'm sorry, this file appears malformed, I can try repairing it, but if that doesn't work then you can basically kiss the data goodbye, sorry about that" to the user. In this case the application crashes. Based on previous results, with exploitable Word (and Excel, etc.) flaws that allowed for code execution I'm going to go out on a limb and put my money in the corner with "these flaws are exploitable, it just hasn't been figured out how yet."
I find it interesting as well, there seems to be a propensity for these good to great companies to last for a while and then enter the doom loop, of which Circuit city is obviously in the middle of. I suppose the corporate culture of being great wasn't firmly entrenched enough to withstand this, and fell apart in the face of mediocre managers/board directors.
This is why I bought myself an iPod, my best friend and iPod, my mother an iPod, my wife an iPod, etc. They just work. I've never heard of anyone with an iPod having anything remotely like your experience, a consumer device that requires 10 hours of fighting to get nowhere in an attempt to correct fundamental problems sounds like a disaster to me.
Er no. They generally fix the bug and move on. Investigating it to see if it is exploitable is largely a waste of time (unless it is a new class of bug in which case they usually research it and audit the entire code tree, which is why you don't see so many flaws in OpenBSD), every single code error can potentially be a serious security exploit, or a non issue (unreachable code path, etc.).
FUnny, my Mac, the Mac my parents use, the ones I see in use at businesses don't have these issues. Hopefully one day Apple will catch up to Windows and implement all these security problems so we have something to click on when we get bored of doing work or playing on the computer. =)
up2date -i [package name]
"This package will require the installation of these additional packages, accept?" Yes/No
#2. The same for upgrading the software.up2date -u [package name]
"This package will require the installation of these additional packages, accept?" Yes/No
#3. The same for removing the software.rpm -e [package name]
#4. The same for handling dependencies. Including the order in which dependencies must be installed.Already done, see above. up2date will find dependancies, dependancies of dependancies, etc. until it is done, then present you the list and confirm to install all the packages, you hit "Y" and you're done.
If you just want to check what would be a dependancy you can:
up2date --solvedeps=[package name]
which accepts a comma deliminated list of packages as well as a single package name
#5. The same for validating the installed software against the original software (checksums or whatever).To verify packages installed (or package files not yet installed) you use the verify option:
rpm --verify
Which can check the GPG sig of the package file, the MD5 sigs of the files, etc. allowing you to detect any tampering or changes.
#6. The same for re-installing the software over the existing installation when you accidentally delete or over-write something.up2date --force [package name]
rpm --force [package name]
#7. The ability to point the updater at your own repository or multiple repositories./etc/sysconfig/rhn/up2date
serverURL[comment]=Remote server URL serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC serverURL[comment]=Remote server URL serverURL=https://www.centos.org/XMLRPC #8. The ability to recompile (automatically) any software that you install for your specific hardware.rpmbuild -ba
But in general major vendors provide optimized packages for various architectures that rely on heavy math/etc (kernel and OpenSSL being two of the important ones)
up2date (front end for RPM) includes the option ("5. enableRollbacks yes/no"). RPM supports rollbacks, config files would be saved as [filename].rpmsave or [filename].rpmnew depending on exactly what you are doing.
Kerberos is an authentication protocol, only the authentication portion of the session is secured, the rest of the session is plain text and can easily be intercepted, data read, modified, injected, etc. To summarize: Kerberos provides strong authentication and encryption of network authentication, but nothing for the data communications part of a session.
Dying isn't the problem. Dying is cheap. It's when you suck up weeks in ICU and then 6-18 months in a neurological trauma unit because you didn't wear a helmet that is the real concern.
Part of it though is that some (actually pretty much all) of those "single" servers are actually clusters sitting on large pipes, i.e. gigabit and up to major IX's in their respective areas, so while dos'ing them is definitely possible it would take a concerted and sustained effort, and largely have no noticeable effect to end users.
Why not just buy a USB floppy drive? That way you can use floppies, but not have a floppy drive in each machine. Seems simple to me.
My sister's theory was always that the brain is like a herd, it only moves as fast as it's slowest member. So by culling the herd every once in a while (killing off the weaker cells with booze) you actually improve your brain as a whole. Works for me.
My Karma is excellent (note the low 5 digits UID =).
What happens when (not if) N. Korea weaponizes these giant rabbits? Possibly by irradiating them and turning them into an even larger and more fearsome animal (sort of like African killer bees, but with big floppy death ray shooting ears). Seriously folks. Won't someone think of the children?
Actually in this case the sco attornies are taking sco stock as payment:
http://yro.slashdot.org/article.pl?sid=03/11/18/17 2233
I don't know legally what this all means (IANAL) but it seems to me it could present a conflict of interest, and depending on how much stock they have (i.e. is it a significant percentage) it could potentially open them up to liability. Ultimately I suspect the SCO lawyers have knowingly done some very naughty things, but proving this in a court of law is another matter. Thus I doubt any sanctions will be leveled against them, but I suspect many people will make the case that sanctions should be leveled against them.
From: Badguy
Subject: http://www.cnn.com/ ; rm -rf *
My last 6 machines shipped without Windows. Before you jump down my throat: 2 came from Sun.com (X2100's, officially they run Red Hat, SuSE, Solaris and Windows, they run OpenBSD nicely as well) - you can actually buy these without an HD now. 1 from Dell (Poweredge 750, officially they support Red Hat, Windows) 3 came from a local shop (memoryexpress, officially they don't support anything, but I asked for machines that would run OpenBSD or Red Hat Linux specifically)