I can just see a whole business with freight forwarding or mail boxes developing for online purchases in the States in States that have the lowest tax for online purchase. Just like people buy in the U.S., consolidate their purchases at mail box in Miami or where ever, and ship them to destinations around the World. Well, they will start doing that between States also to avoid the online sales tax.
I call it the "kitchen sink effect". Distros and FOSS in general have reached the point where there is now so much hardware to support and so many software packages, that distros are forced or at least acquire the mentality that they need to throw in everything and the kitchen sink to keep up with the jones. Nothing ticks me off worse than having the default install for my desktop include icons for the eee pc, palm os, or whatever (don't even get me started about the frigen driver chase going on). Nice if the support is available, but as a default item in a general distro?
What really amazes me is the Nazi in distro development circles and forums screaming at new users about "security", "security", "never log in as root", "never do xyz", "why don't need a root x session" yet they insist on loading up their distro with every possible piece of crap script, new program, extension, plugin, and so on by default.
It leads a situation where updates are required for everyone more and more, because it is impossible even with large and long beta and rc releases for everyone to know if things are going to play nicely together, and new major distro releases becoming more frequent.
Yea, only the instability of a bleeding edge userland desktop distro like Ubunto would require a monthly reboot (even that is questionable). I reboot my servers around once a year (I think 3 reboots in 4 years on one) or less with centOS (I am sure there are people here that have almost never rebooted their linux servers), and even my CentOS desktop only gets a reboot about once every 3-6 months. That is normally for some sort of hardware upgrade or failure, more than a forced reboot for an update. Most updates can be taken on board by simply logging out and in again (kernels aside).
You normally do not have to take every kernel update they push down the pipe, and after a while you learn the hard way that updating your kernel (and a lot of other things) is something you only do if you really really have to do on a production system.
I think, you need to rethink just how little protection that would provide.
They have physical access to the hardware. They can mount the system with alternate media or whatever (he never mentioned if he was running a virtual machine or not). Basically, if they have eyes on everything but the encrypted drive, sooner or later if they wanted it they can have it. That is assuming you ever want to access that drive again, or could trust the OS again.
Likely all very academic. Really, if it is that sensitive, chances are it should not be on public server at all.
Open source code development by definition is a sort of "self-auditing" process. That is all good. The bigger problem that is unaddressed in the the FOSS community at large that I see is when the projects that run them fall apart. For example, in this case is the Sun going to set on Sun is still not known. What about Mysql?
More commonly it is the problem of rag tag bands of volunteers (that are increasingly novice these days), where a couple major players move the project along and if something happens to them the project goes off the rails. The rather high profile example of this was CentOS fiasco earlier this year.
I know everyone is going to come back and say things like, "if you don't like it, fork it". That is a nice sentiment, but much harder to do in practice. Often it is like saying if you don't like the service you get at Wall Mart start your own department store chain, bank, pharmacy, or whatever. Not something even most larger companies can do, let alone end private users.
We need a system for auditing and reviewing open source projects for their viability and overall health so users (individuals, companies, and other projects that depend on them) can make real decisions about using what they produce. Right now it is more of an art than a science to determine if a project is going to live. I am not saying limit open source creativity or stop small projects, but provide transparency as to the health of the projects. We can see the structure of the code, we should be able to see the structure of community that builds and maintains it.
Yea, I would second the documentation. That is one thing that is really really is lacking in Open Source, and is something that any government organization should be able to release to the public without any copyright issues (secret stuff aside).
There really needs to be a drive to get all the new convert users to open source that are none IT people helping to write the documentation. There is so much good software, that does just really amazing things, but lacks full and updated documentation. Even if a project has good documentation, they almost always lack an updated translation of one language or another.
Sorry, the rule that foreign e-commerce web sites have to register with the Chinese authorities and hosting porn is illegal has been around for many years. It was part of the law when I lived there over 5 years ago, and the "porn" excuse was well known cover for cracking down on politically sensitive issues. Nothing that I can see is new or interesting in this report that was not just as true 5 years ago.
Moderators are letting a lot of crap slip through these days.
I have actually on more than one occasion changed the entire underlying OS to Linux, copied the IE icons, email, and word icons on to the desktop, and simply told them it is was fixed. Some of those computers are still running just fine 4-5 years later without a problem. The users (mostly grandmothers) rave about the way I fixed their computers to their friends and refuse to buy a new one. So, Linux is ready for the desktop and grandma, with the right icons.
Yea, I realized a while back that for a travel site anyone using IE6 was either too technologically backwards to do online businesses or too cheap to have any money to do it. The remaining people are on corporate networks, and just wasting company time wishing they were somewhere else (big spikes around 4-5 PM from each time zone) or wishing they had a real browser.
yea, the guys with this study likly failed at both. I am not sure I would want to be the guy in the field getting shot at when it turns out they got one of the variables wrong (which from the article seems like they got more than a few wrong like this B.S. about the media).
My point was more aimed at the people that thought this was somehow a special discovery. The Art of War contains many specific (if not basic) formulas, mostly in regards to economics, about the nature of troop strengths, cost fielding troops, distance, and so on and done over 2,000 years ago.
Military fighting forces have been crunching numbers for a long time about everything.
Any quick survey of the number of sites internet (including big companies) will yield wayyyyyyyyy more LAMP than all others (probably combined). Are you telling me that somehow all these millions (perhaps billions) of sites are somehow not economically viable? They are not making money?
One of the reasons likly there is not a lot of demand for paid php writers is simply there are so many open source projects based on it that people simply pull shit off the shelf and plug it in now, rather than writing it all from scratch.
It is not about even an OS being vulnerable. Every OS is vulnerable on some level, although it sure is hell of lot harder on Linux and open source projects. The issue is how much damage can it do, and how fast can it be detected and fixed. MS has a long standing history of just frigen ignoring, stalling, or denying the problem exist at all.
Imagine is some alternative Universe MS came out with fixes and patches in hours and days, rather than weeks, months, years, and never. Imagine that end users could contribute patches and solutions as soon as things were discovered. How many botnets would even have a chance to get off the ground? One or two bots does not make a net or a threat.
Really, we should be able to bill frigen MS for the damages and wasted computing resources. Imagine all car models from Ford for instance would go out of control as they where driven down the street crashing in to things and killing people. Do you not think someone would at least try to hold Ford responsible for the damages caused? Why not MS?
Boy, my rural farm land in Southern Chile sure would go up in value fast if Yellowstone erupted. It is going to go up in value anyway as most of the population of the World lives in Northern hemisphere anyway, and seems hell bent on screwing up that half of the earth sooner or later. Yellowstone would just make it a whole lot sooner.
If I hire say a lock smith to work on my house, and then they do not provide the key to the house but instead say rob it or trash it, there is all kinds of laws to fit those crimes. This is not some sort of new thing.
By the way I am being charitable here by assuming that you can have a "crime" without a "law" makes any sort of sense to talk about at all.
Not being silly. It was a totally true story, but needs to some more detail to understand it. By chance, I happen to know the defense lawyers involved. so I do have a few more details on the case.
It was in Nevada, and a pot in any amount is a felony (at least it was at that time).
Other things found in a search are normally admissible in most states, if they where found in good faith or just in the course of the search even if for some reason the search warrant was not technically valid.
The pot was sitting on the table in the open when they came through the door, so it was not exactly a case of cops going on a fishing expedition.
There was a plea agreement between the defense and the prosecutor for a fine and I believe a bit of probation. It was the old judge that rejected the plea agreement when he seen that pot was found in the search and imposed his own sentence.
Yes, the the lawyer did screw up in that more experienced defense attorneys knows to add "if the judge accepts it" condition when negotiating plea agreements.
A new attorney (my father by chance), managed to go back in the court a couple months later and get the sentence reduced to time served because it was "excessive" but did it by taking it before another judge.
Like the U.S. law in congress right now forcing foreign banks to provide all information related to American owning accounts internationally, close them, or have 30% of the bank's assets in the United States withheld.
How about the recent EU SWIFT information handover to the U.S.?
I could see the U.S. doing something similar with internet connections of ISPs that run through the U.S., or have buisness in the U.S. Perhaps they will withhold 30% of their bandwidth.
I new a guy that got busted for copying sony games. The swat team busted in his door with a battering ram, and sony reps where with them. He got lucky and had some 80 year old judge with no appreciation for the whole deal around digital media copying. The judge was going to give him a fine and let him go, until he found out that they also found a couple joints in his house. He ended up with 2 months in jail, and 2 years of probation.
How about the suggestion that medical community and society as whole has evolved western medicine over a 1,000 years that defines abnormal behaviors and abnormal physical conditions around what is also deemed "poor".
ummmm, that sounds like Ubuntu's problem (likly on your particular hardware), not a problem of linux or any of the hundreds of other distros that I know of.
Slashdot Mirror
I can just see a whole business with freight forwarding or mail boxes developing for online purchases in the States in States that have the lowest tax for online purchase. Just like people buy in the U.S., consolidate their purchases at mail box in Miami or where ever, and ship them to destinations around the World. Well, they will start doing that between States also to avoid the online sales tax.
I call it the "kitchen sink effect". Distros and FOSS in general have reached the point where there is now so much hardware to support and so many software packages, that distros are forced or at least acquire the mentality that they need to throw in everything and the kitchen sink to keep up with the jones. Nothing ticks me off worse than having the default install for my desktop include icons for the eee pc, palm os, or whatever (don't even get me started about the frigen driver chase going on). Nice if the support is available, but as a default item in a general distro?
What really amazes me is the Nazi in distro development circles and forums screaming at new users about "security", "security", "never log in as root", "never do xyz", "why don't need a root x session" yet they insist on loading up their distro with every possible piece of crap script, new program, extension, plugin, and so on by default.
It leads a situation where updates are required for everyone more and more, because it is impossible even with large and long beta and rc releases for everyone to know if things are going to play nicely together, and new major distro releases becoming more frequent.
100+ days?
Yea, only the instability of a bleeding edge userland desktop distro like Ubunto would require a monthly reboot (even that is questionable). I reboot my servers around once a year (I think 3 reboots in 4 years on one) or less with centOS (I am sure there are people here that have almost never rebooted their linux servers), and even my CentOS desktop only gets a reboot about once every 3-6 months. That is normally for some sort of hardware upgrade or failure, more than a forced reboot for an update. Most updates can be taken on board by simply logging out and in again (kernels aside).
You normally do not have to take every kernel update they push down the pipe, and after a while you learn the hard way that updating your kernel (and a lot of other things) is something you only do if you really really have to do on a production system.
I think, you need to rethink just how little protection that would provide.
They have physical access to the hardware. They can mount the system with alternate media or whatever (he never mentioned if he was running a virtual machine or not). Basically, if they have eyes on everything but the encrypted drive, sooner or later if they wanted it they can have it. That is assuming you ever want to access that drive again, or could trust the OS again.
Likely all very academic. Really, if it is that sensitive, chances are it should not be on public server at all.
yea, your missing the point.
Open source code development by definition is a sort of "self-auditing" process. That is all good. The bigger problem that is unaddressed in the the FOSS community at large that I see is when the projects that run them fall apart. For example, in this case is the Sun going to set on Sun is still not known. What about Mysql?
More commonly it is the problem of rag tag bands of volunteers (that are increasingly novice these days), where a couple major players move the project along and if something happens to them the project goes off the rails. The rather high profile example of this was CentOS fiasco earlier this year.
I know everyone is going to come back and say things like, "if you don't like it, fork it". That is a nice sentiment, but much harder to do in practice. Often it is like saying if you don't like the service you get at Wall Mart start your own department store chain, bank, pharmacy, or whatever. Not something even most larger companies can do, let alone end private users.
We need a system for auditing and reviewing open source projects for their viability and overall health so users (individuals, companies, and other projects that depend on them) can make real decisions about using what they produce. Right now it is more of an art than a science to determine if a project is going to live. I am not saying limit open source creativity or stop small projects, but provide transparency as to the health of the projects. We can see the structure of the code, we should be able to see the structure of community that builds and maintains it.
Yea, I would second the documentation. That is one thing that is really really is lacking in Open Source, and is something that any government organization should be able to release to the public without any copyright issues (secret stuff aside).
There really needs to be a drive to get all the new convert users to open source that are none IT people helping to write the documentation. There is so much good software, that does just really amazing things, but lacks full and updated documentation. Even if a project has good documentation, they almost always lack an updated translation of one language or another.
I could see target using a database dump of searched terms in to an automated XML map that google bots are slurping up.
Sorry, the rule that foreign e-commerce web sites have to register with the Chinese authorities and hosting porn is illegal has been around for many years. It was part of the law when I lived there over 5 years ago, and the "porn" excuse was well known cover for cracking down on politically sensitive issues. Nothing that I can see is new or interesting in this report that was not just as true 5 years ago.
Moderators are letting a lot of crap slip through these days.
yea, but why would anyone lie about being that user agent?
I have actually on more than one occasion changed the entire underlying OS to Linux, copied the IE icons, email, and word icons on to the desktop, and simply told them it is was fixed. Some of those computers are still running just fine 4-5 years later without a problem. The users (mostly grandmothers) rave about the way I fixed their computers to their friends and refuse to buy a new one. So, Linux is ready for the desktop and grandma, with the right icons.
Yea, I realized a while back that for a travel site anyone using IE6 was either too technologically backwards to do online businesses or too cheap to have any money to do it. The remaining people are on corporate networks, and just wasting company time wishing they were somewhere else (big spikes around 4-5 PM from each time zone) or wishing they had a real browser.
I am curious about an example of a company that has really done this conversion, and what their savings was like. Where is it?
yea, the guys with this study likly failed at both. I am not sure I would want to be the guy in the field getting shot at when it turns out they got one of the variables wrong (which from the article seems like they got more than a few wrong like this B.S. about the media).
My point was more aimed at the people that thought this was somehow a special discovery. The Art of War contains many specific (if not basic) formulas, mostly in regards to economics, about the nature of troop strengths, cost fielding troops, distance, and so on and done over 2,000 years ago.
Military fighting forces have been crunching numbers for a long time about everything.
Yea, who would have thought that war follows a predictable (even mathematical) pattern.
http://en.wikipedia.org/wiki/The_Art_of_War
I am with you. I was looking for something worthy of really testing out a new home theater system and that hits the mark perfectly.
Any quick survey of the number of sites internet (including big companies) will yield wayyyyyyyyy more LAMP than all others (probably combined). Are you telling me that somehow all these millions (perhaps billions) of sites are somehow not economically viable? They are not making money?
One of the reasons likly there is not a lot of demand for paid php writers is simply there are so many open source projects based on it that people simply pull shit off the shelf and plug it in now, rather than writing it all from scratch.
It is not about even an OS being vulnerable. Every OS is vulnerable on some level, although it sure is hell of lot harder on Linux and open source projects. The issue is how much damage can it do, and how fast can it be detected and fixed. MS has a long standing history of just frigen ignoring, stalling, or denying the problem exist at all.
Imagine is some alternative Universe MS came out with fixes and patches in hours and days, rather than weeks, months, years, and never. Imagine that end users could contribute patches and solutions as soon as things were discovered. How many botnets would even have a chance to get off the ground? One or two bots does not make a net or a threat.
Really, we should be able to bill frigen MS for the damages and wasted computing resources. Imagine all car models from Ford for instance would go out of control as they where driven down the street crashing in to things and killing people. Do you not think someone would at least try to hold Ford responsible for the damages caused? Why not MS?
Boy, my rural farm land in Southern Chile sure would go up in value fast if Yellowstone erupted. It is going to go up in value anyway as most of the population of the World lives in Northern hemisphere anyway, and seems hell bent on screwing up that half of the earth sooner or later. Yellowstone would just make it a whole lot sooner.
How is there no law to fit the crime?
If I hire say a lock smith to work on my house, and then they do not provide the key to the house but instead say rob it or trash it, there is all kinds of laws to fit those crimes. This is not some sort of new thing.
By the way I am being charitable here by assuming that you can have a "crime" without a "law" makes any sort of sense to talk about at all.
Not being silly. It was a totally true story, but needs to some more detail to understand it. By chance, I happen to know the defense lawyers involved. so I do have a few more details on the case.
It was in Nevada, and a pot in any amount is a felony (at least it was at that time).
Other things found in a search are normally admissible in most states, if they where found in good faith or just in the course of the search even if for some reason the search warrant was not technically valid.
The pot was sitting on the table in the open when they came through the door, so it was not exactly a case of cops going on a fishing expedition.
There was a plea agreement between the defense and the prosecutor for a fine and I believe a bit of probation. It was the old judge that rejected the plea agreement when he seen that pot was found in the search and imposed his own sentence.
Yes, the the lawyer did screw up in that more experienced defense attorneys knows to add "if the judge accepts it" condition when negotiating plea agreements.
A new attorney (my father by chance), managed to go back in the court a couple months later and get the sentence reduced to time served because it was "excessive" but did it by taking it before another judge.
Like the U.S. law in congress right now forcing foreign banks to provide all information related to American owning accounts internationally, close them, or have 30% of the bank's assets in the United States withheld.
How about the recent EU SWIFT information handover to the U.S.?
I could see the U.S. doing something similar with internet connections of ISPs that run through the U.S., or have buisness in the U.S. Perhaps they will withhold 30% of their bandwidth.
I new a guy that got busted for copying sony games. The swat team busted in his door with a battering ram, and sony reps where with them. He got lucky and had some 80 year old judge with no appreciation for the whole deal around digital media copying. The judge was going to give him a fine and let him go, until he found out that they also found a couple joints in his house. He ended up with 2 months in jail, and 2 years of probation.
How about the suggestion that medical community and society as whole has evolved western medicine over a 1,000 years that defines abnormal behaviors and abnormal physical conditions around what is also deemed "poor".
The history of the IQ test is a case in point.
ummmm, that sounds like Ubuntu's problem (likly on your particular hardware), not a problem of linux or any of the hundreds of other distros that I know of.