Any Unix virus will be limited to what one user can do. Any security bug can be fixed without breaking user programs.
Have you heard that people are considering Linux to be almost ready to replace Windows on the desktop? Well, one user on a single user system can easily hose all of his files, so that theory doesn't really hold.
there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
That's all fine and dandy for source packages that are just a couple hundred K, but for instance, when I download a new kernel, I simply assume that Linus trusted everyone whose contributions he included. There's no way I want to visually scan 17 Megs of source to make sure there's nothing fishy.
That, plus the fact that a LOT of apps I use are shrink-wrapped. Not many Apps for Linux are without sourcet, but it sounds like it's going to change.
You could create a product with "legacy" support for DH. Encourage all users to switch to the RSA version in 9 months, but even if some did, some didn't, they'ed still be communicatable with one another. End of problem.
Either way, if it were up to me, I'd definetly choose an RSA/Triple DES combo. They're to two most widely used algorithms, which would seem to mean that they're the largest targest, and they've stood pretty strongly.
I'm partially disappointed that I even have to have a Diffie Hellman key, but according to the PGP docs, that's about the only way to communicate with users of other products, thanks to that patent.
I'd strongly encourage everyone to upgrade to PGP 6.5 now, and a free alternative later, if you don't like giving your money to evil software companies that only care about profits (Me, I gladly for it over). In 8 months, unless a weakness is found, there really will seem to be no reason to use anything but RSA in PKI products.
Or maybe there is a weakness but they've been holding out on saying? When Shamir talked about his device for factoring Primes earlier this year, it was on my mind that it was him and Rivest (in other examples) that have gone the furthest in trying to show the theoretical vulnerabilities of RSA encryption.
I guess we'll see... It'd be scary if September 21st they announced that even 4096 bit keys were vulnerable, but their new patented algorithm, RSA2, did not have those vulnerabilities.
Just because there are some patents out there that are rather shaky, I don't think you should throw the entire patenting system out the window. Patents are there to protect inventors. If they hadn't ever existed, one would wonder if we would even have the wide spread of computers that we have today. Edison could spend his time inventing new things because his life was paid for by the things he'd invented previously. If he didn't know that he would achieve a financial pay off from his efforts, I doubt he would have done what he did.
The utopian society that you suggest doesn't exist. In this day and age of shrinking bottom lines, if paying royalties for using an invention of someone elses becomes optional, then most companies will simply not pay the royalty and gain a few more dollars in profit.
Perhaps is this were a socialist system, where governments would fund inventors of something so they could live and follow their pursuits, your hope could work. But then from everything I've heard, it sounds like that may not be the way to go.
Dumb patents suck. But lots of inventions exist that are worthy of patents. And lots of other things exist that exist only because patents were available to protect them. Inventors still need to be protected... But the patenting system should be competely revamped.
That reduces your bandwidth charges, but you're still using the same network that people are using to download napster and whatever else. Caching it locally does nothing to address the fact that the pipes are stuffed full. It just moves the bottle neck elsewhere.
Why's that scary? If someone I didn't authorize to do so broke into my computers and just looked at the data, that's basically trespassing. I can't walk into your house and just leaf through your belongings and leave and expect that that's okay.
Houses have locks for a reason. They're mostly symbolic though, because people can easily smash a window, chainsaw through a wall, climb down the chiminey, etc...
Computers have passwords for the same reason. Yes, it's possible to circumvent them. It's also possible to find out what it is through social interaction. That's basically like somehow coming in contact with a key and making a wax dupicate of it.
People keep saying here that if you don't want your computer broken into, then use a secure OS. That's bull. Or no, that's not bull. But a hacker/cracker/whatever should not expect to get off because the person or companies computer he broke into used Windows 98 or NT rather than OpenBSD.
We know computers are not secure. Stop proving it by messing up webpages just for the sake of proving it, already.
You said the one time that you'd be reading from a one-time use CD would be to spool it to your hard drive. Then you'd burn it to a "non degradable media". You said it, it's not slander.
If you purchased a one-time viewable DVD for less than the price of a regular DVD, burn it to a non-degradable medium, and view it more than once, you've just broken the law.
If you want to watch a DVD multiple times, you legally need to get a real DVD, not a one time use DVD coupled with a duplicator.
And yes, there are legimate reasons why you'd want to archive a DVD you purchase. However, I can't think of a single legitamate reaso nthat you'd want to archive a one time use DVD. Enlighten me.
Yes it does matter why. If it was because of the computer science majors using the bandwidth for legitamate needs, and that bandwidth turned out to be not enough, then the University could budget for that, raise tuitions a hair and have a paper trail as to why they needed to do so (3000 people are going to be required to download Linux this semester.... 1/4 of them will need to get it during this week, and we need to know that we'll have the bandwidth to handle that.)
Now, try explaining why they need more state funding or higher tuitions when it's because of Napster. "Yeah, our bandwidth is clogged from all this MP3 traffic. No, it's not because of any course requirement, our students just like it. Yes, other students complained they couldn't get their coursework done because of all that Mp3 stuff. But we need more money please."
@Home is not guarenteeing you bandwidth. They're putting you an a segment of their network and saying "Be a good boy and share this with your neighbors". If you decide to hog it to yourself, then you're violating their terms of service.
If you want for them to be more accomodating to you, then you'll have to find a provider that actually wants you. That'll mean, of course, paying for your actual usage. Then you'll just wish for the day that you were using @home or another cable provider.
You already own the CD's and are too lazy to convert them to MP3's. You can't distribute MP3's of your CD's to people unless they have those CD's already.
or
You are only sending and receiving MP3's of songs that the artists and/or labels have specifically authorized.
Since those are probably both rarities, it seems sensible that universities would ban it if it were causing problems with other student's connections and work. They don't need to ban MP3's, just Napster connections.
You want an MP3 of this bands song? Go download it fromtheir site.
Oh, you already have the CD? How long does it take to convert it to MP3? Sometimes it takes considerably shorter to convert it than to listen to it. Or you can just convert it as you listen.
----
I really think it's time for you to jump off of your sinking ship...
If someone has an actual need to download Linux for their school assignment (comp sci majors), then that's all fine and dandy. They're using the bandwidth the school assignments for actual work they need to do.
If some anthropology major decides to use Napster to examine some facate of society, then they too are within their legitamate needs.
But if some Computer Science major decides to download tons of MP3's just because he or she can't think of anything better to do, or they're just sick of their current music collection, then that's using bandwidth that someone else may actually need.
Imagine if you'd been at class all day, then at the library til 9, then you got back to your dorm room and your assignment for the night was to download the Linux kernel and compile it before 8AM. You think "Oh that's easy...." only to try to download it and find that you're not getting much better than.3K/Sec.
Great... you just flunked your homework because some kids are downloading MP3's all night.
Some legal MP3's exist - check out MP3.com, and lots of bands' sites have completely legal MP3's to download.
But the point is, that's only part of the point. Universities pay for their bandwidth. That bandwidth is their so that students can do their research. If some students are filling the universities pipes with MP3's, then that means other students may be lacking in resources to do their school work.
Because they have reason to believe that you could cause real and permanent harm against the plaintiff. Just as eMachines and whoever else injunctions placed against them by Apple, which prevented them from shipping their copycat machines until the issue came to trial. Of course, eMachines realized that they were either in the wrong or simply didn't have the funds to fight the fight and backed off completely.
The injunction itself is a bad sign. That means that the judge has heard the plaintiffs and believes them enough to try to stop distribution of the product until the issue's resolved. He or she is listening to the industry and believing what they say. And if it goes through, then most of you moles will get whacked.
Time to enlist overseas developers to further this cause.
95% of (but not all, so don't remind me) Slashdots readers are posturing, or else they're just doing it for the "me too" effect. Yes, they'll put the code on a site, but when push comes to shove, and the FBI shows up at their house and explains to their mom that their computer is being used for illegal activites, there goes that website.
The alternative is the lot that just want's to look cool in the eyes of/. But as soon as they get a letter that explains that they're criminally liable if this issue gets cleared up in such a way that DeCSS is illegal, they'll drop it too.
If you trully believe in what you're doing, then by all means do it. But don't talk the talk when you aren't prepared to walk the walk, please.
I wouldn't exactly call it an out of the box install... Or at least not out of the Red Hat box... looking at all the services it wants to start by default compared to what crack.linuxppc.com offered, and it's apparent that it wasn't exactly "out of the box". It was slightly tuned for it's task.... But would have been an aweful production machine. Just HTTP means only static pages, and sites these days use only static pages? (Personal sites not included)
How the am a troll by saying that the guy that's talking about copying and endorsing the copying of one-time use DVD's to DVD RAM is illegal and detrimental to your hopes of watching DVD's in Linux?
Or do you simply not believe in people and companies having rights to the property that they create?
Well it's young. But as bandwidth increases, and they start carrying more channels, people will just go to iCrave, or a copycat site. The broadcasters are trying to make sure that doens't happen. Because once they're carrying more than one channel, no one has any assurance as to how many eyes are watching their shows.
I Crave also is making money from their efforts. It takes many eyeballs to sign up with Doubleclick.net. So, they are directly profitting from other people's broadcasts.
Yes, in the short term, rebroadcasting a broadcasters signal could potentially reach more viewers. But then the broadcaster, which paid millions of dollars for the exclusive right to air such and such, suffers from Brand dilution. People may not necessarily look to them the next time one of their exclusive shows is aired, as they will suspect they can watch from iCrave instead. Once they've started (stealing) drawing sizable portions of the broadcasters audiences, what's to stop them from inserting their own ads?
That would ultimately be very damaging for the people whom they are rebroadcasting, as it'd turn out to create a smaller audience for themselves and their advertisers.
Personally, I'd always sided with the Movie Industry during this whole fiasco. After posting a bunch around here, it seemed to be made clear that the only reason that this technology was created was to enable playing DVD's under Linux and other OSes that weren't being supported.
What I'm getting at here is that if you rent a DVD, or purchase one that is specifically engineered for ONE TIME VIEWING, you're breaking the law, in that you have no right to do that. You have no right ro back up that data to watch it once (again), just as you have no legal right to sell your older versions of software after using them to upgrade to newer version.
The more people like you talk like that, the more I can see specifically why the industry wants to kill DeCSS, LiViD, whatever. And I sympathize.
Just because of comments like that, part of me hopes that the DVD industry succeeds in blocking the software decryption from being distributed, publishes their API's instead. Or creates royalty-free read only libraries. Or something like that.
To to be all PC or anything, but I think we need to move away from all this disposable stuff. Yeah, we'll all be dead before we've filled this planet with garbage, but there should at least be a little bit of consideration. How hard is it to return a video that you rented? And even if you're late, you only pay $4 or so.
One of the great things about digitalness is that it doesn't degrade. Now we seem set on introducing a digital technology that degrades. No matter what the ethic behind it, I'd never buy a disposable movie for the simple fact that I'd have throw it out when I'm done. I probably rent one or two movies a week. So with just me, you can figure on 75 discs a year being thrown away. A thousand me's equals 75,000 discs a year.
Now imagine 1 million of me. That's 75 million discs a year being thrown out. And that's still a far cry from the total number of VCRs out there. What's the weight of a disc? 2 ounces? It may not sound like much, but 4600 tons of additional waste a year seems a bit much to me, just so we don't need to return videos and DVD's anymore.
How about we just WAIT for the bandwidth to arrive for video on demand?
Slashdot Mirror
Any Unix virus will be limited to what one user can do. Any security bug can be fixed without breaking user programs.
Have you heard that people are considering Linux to be almost ready to replace Windows on the desktop? Well, one user on a single user system can easily hose all of his files, so that theory doesn't really hold.
there are relatively easy ways to keep them out: check source, compile source especially for anything suid root. Or trust your distro.
That's all fine and dandy for source packages that are just a couple hundred K, but for instance, when I download a new kernel, I simply assume that Linus trusted everyone whose contributions he included. There's no way I want to visually scan 17 Megs of source to make sure there's nothing fishy.
That, plus the fact that a LOT of apps I use are shrink-wrapped. Not many Apps for Linux are without sourcet, but it sounds like it's going to change.
Then what?
Couldn't a program spawn a thread (or maybe child) that watches your keystrokes and when you SUed to root, take note?
From that point forth it could run in a separate terminal and "kill itself" whenever you inquired as to what processes were running.
Doesn't seem that hard in theory. Or am I missing something?
You could create a product with "legacy" support for DH. Encourage all users to switch to the RSA version in 9 months, but even if some did, some didn't, they'ed still be communicatable with one another. End of problem.
Or is it for idealogical reasons?
Either way, if it were up to me, I'd definetly choose an RSA/Triple DES combo. They're to two most widely used algorithms, which would seem to mean that they're the largest targest, and they've stood pretty strongly.
I'm partially disappointed that I even have to have a Diffie Hellman key, but according to the PGP docs, that's about the only way to communicate with users of other products, thanks to that patent.
I'd strongly encourage everyone to upgrade to PGP 6.5 now, and a free alternative later, if you don't like giving your money to evil software companies that only care about profits (Me, I gladly for it over). In 8 months, unless a weakness is found, there really will seem to be no reason to use anything but RSA in PKI products.
Or maybe there is a weakness but they've been holding out on saying? When Shamir talked about his device for factoring Primes earlier this year, it was on my mind that it was him and Rivest (in other examples) that have gone the furthest in trying to show the theoretical vulnerabilities of RSA encryption.
I guess we'll see... It'd be scary if September 21st they announced that even 4096 bit keys were vulnerable, but their new patented algorithm, RSA2, did not have those vulnerabilities.
Just because there are some patents out there that are rather shaky, I don't think you should throw the entire patenting system out the window. Patents are there to protect inventors. If they hadn't ever existed, one would wonder if we would even have the wide spread of computers that we have today. Edison could spend his time inventing new things because his life was paid for by the things he'd invented previously. If he didn't know that he would achieve a financial pay off from his efforts, I doubt he would have done what he did.
The utopian society that you suggest doesn't exist. In this day and age of shrinking bottom lines, if paying royalties for using an invention of someone elses becomes optional, then most companies will simply not pay the royalty and gain a few more dollars in profit.
Perhaps is this were a socialist system, where governments would fund inventors of something so they could live and follow their pursuits, your hope could work. But then from everything I've heard, it sounds like that may not be the way to go.
Dumb patents suck. But lots of inventions exist that are worthy of patents. And lots of other things exist that exist only because patents were available to protect them. Inventors still need to be protected... But the patenting system should be competely revamped.
If you buy a video cassette, is the manufacturer required to furnish you with a TV and VCR?
If you buy a TV, should they arrange for you to have electricity?
The list goes on.
You had to buy a DVD Player and didn't complain. Why didn't you just buy the disc and demand that they give you a DVD player in order to watch it?
That reduces your bandwidth charges, but you're still using the same network that people are using to download napster and whatever else. Caching it locally does nothing to address the fact that the pipes are stuffed full. It just moves the bottle neck elsewhere.
Why's that scary? If someone I didn't authorize to do so broke into my computers and just looked at the data, that's basically trespassing. I can't walk into your house and just leaf through your belongings and leave and expect that that's okay.
Houses have locks for a reason. They're mostly symbolic though, because people can easily smash a window, chainsaw through a wall, climb down the chiminey, etc...
Computers have passwords for the same reason. Yes, it's possible to circumvent them. It's also possible to find out what it is through social interaction. That's basically like somehow coming in contact with a key and making a wax dupicate of it.
People keep saying here that if you don't want your computer broken into, then use a secure OS. That's bull. Or no, that's not bull. But a hacker/cracker/whatever should not expect to get off because the person or companies computer he broke into used Windows 98 or NT rather than OpenBSD.
We know computers are not secure. Stop proving it by messing up webpages just for the sake of proving it, already.
You said the one time that you'd be reading from a one-time use CD would be to spool it to your hard drive. Then you'd burn it to a "non degradable media". You said it, it's not slander.
If you purchased a one-time viewable DVD for less than the price of a regular DVD, burn it to a non-degradable medium, and view it more than once, you've just broken the law.
If you want to watch a DVD multiple times, you legally need to get a real DVD, not a one time use DVD coupled with a duplicator.
And yes, there are legimate reasons why you'd want to archive a DVD you purchase. However, I can't think of a single legitamate reaso nthat you'd want to archive a one time use DVD. Enlighten me.
Yes it does matter why. If it was because of the computer science majors using the bandwidth for legitamate needs, and that bandwidth turned out to be not enough, then the University could budget for that, raise tuitions a hair and have a paper trail as to why they needed to do so (3000 people are going to be required to download Linux this semester.... 1/4 of them will need to get it during this week, and we need to know that we'll have the bandwidth to handle that.)
Now, try explaining why they need more state funding or higher tuitions when it's because of Napster. "Yeah, our bandwidth is clogged from all this MP3 traffic. No, it's not because of any course requirement, our students just like it. Yes, other students complained they couldn't get their coursework done because of all that Mp3 stuff. But we need more money please."
@Home is not guarenteeing you bandwidth. They're putting you an a segment of their network and saying "Be a good boy and share this with your neighbors". If you decide to hog it to yourself, then you're violating their terms of service.
If you want for them to be more accomodating to you, then you'll have to find a provider that actually wants you. That'll mean, of course, paying for your actual usage. Then you'll just wish for the day that you were using @home or another cable provider.
Using Napster is only legal if:
You already own the CD's and are too lazy to convert them to MP3's. You can't distribute MP3's of your CD's to people unless they have those CD's already.
or
You are only sending and receiving MP3's of songs that the artists and/or labels have specifically authorized.
Since those are probably both rarities, it seems sensible that universities would ban it if it were causing problems with other student's connections and work. They don't need to ban MP3's, just Napster connections.
You want an MP3 of this bands song? Go download it fromtheir site.
Oh, you already have the CD? How long does it take to convert it to MP3? Sometimes it takes considerably shorter to convert it than to listen to it. Or you can just convert it as you listen.
----
I really think it's time for you to jump off of your sinking ship...
Kano, you're shooting yourself in the foot here.
.3K/Sec.
If someone has an actual need to download Linux for their school assignment (comp sci majors), then that's all fine and dandy. They're using the bandwidth the school assignments for actual work they need to do.
If some anthropology major decides to use Napster to examine some facate of society, then they too are within their legitamate needs.
But if some Computer Science major decides to download tons of MP3's just because he or she can't think of anything better to do, or they're just sick of their current music collection, then that's using bandwidth that someone else may actually need.
Imagine if you'd been at class all day, then at the library til 9, then you got back to your dorm room and your assignment for the night was to download the Linux kernel and compile it before 8AM. You think "Oh that's easy...." only to try to download it and find that you're not getting much better than
Great... you just flunked your homework because some kids are downloading MP3's all night.
Some legal MP3's exist - check out MP3.com, and lots of bands' sites have completely legal MP3's to download.
But the point is, that's only part of the point. Universities pay for their bandwidth. That bandwidth is their so that students can do their research. If some students are filling the universities pipes with MP3's, then that means other students may be lacking in resources to do their school work.
Because they have reason to believe that you could cause real and permanent harm against the plaintiff. Just as eMachines and whoever else injunctions placed against them by Apple, which prevented them from shipping their copycat machines until the issue came to trial. Of course, eMachines realized that they were either in the wrong or simply didn't have the funds to fight the fight and backed off completely.
The injunction itself is a bad sign. That means that the judge has heard the plaintiffs and believes them enough to try to stop distribution of the product until the issue's resolved. He or she is listening to the industry and believing what they say. And if it goes through, then most of you moles will get whacked.
Time to enlist overseas developers to further this cause.
95% of (but not all, so don't remind me) Slashdots readers are posturing, or else they're just doing it for the "me too" effect. Yes, they'll put the code on a site, but when push comes to shove, and the FBI shows up at their house and explains to their mom that their computer is being used for illegal activites, there goes that website.
/. But as soon as they get a letter that explains that they're criminally liable if this issue gets cleared up in such a way that DeCSS is illegal, they'll drop it too.
The alternative is the lot that just want's to look cool in the eyes of
If you trully believe in what you're doing, then by all means do it. But don't talk the talk when you aren't prepared to walk the walk, please.
I wouldn't exactly call it an out of the box install... Or at least not out of the Red Hat box... looking at all the services it wants to start by default compared to what crack.linuxppc.com offered, and it's apparent that it wasn't exactly "out of the box". It was slightly tuned for it's task.... But would have been an aweful production machine. Just HTTP means only static pages, and sites these days use only static pages? (Personal sites not included)
How the am a troll by saying that the guy that's talking about copying and endorsing the copying of one-time use DVD's to DVD RAM is illegal and detrimental to your hopes of watching DVD's in Linux?
Or do you simply not believe in people and companies having rights to the property that they create?
Well it's young. But as bandwidth increases, and they start carrying more channels, people will just go to iCrave, or a copycat site. The broadcasters are trying to make sure that doens't happen. Because once they're carrying more than one channel, no one has any assurance as to how many eyes are watching their shows.
I Crave also is making money from their efforts. It takes many eyeballs to sign up with Doubleclick.net. So, they are directly profitting from other people's broadcasts.
Yes, in the short term, rebroadcasting a broadcasters signal could potentially reach more viewers. But then the broadcaster, which paid millions of dollars for the exclusive right to air such and such, suffers from Brand dilution. People may not necessarily look to them the next time one of their exclusive shows is aired, as they will suspect they can watch from iCrave instead. Once they've started (stealing) drawing sizable portions of the broadcasters audiences, what's to stop them from inserting their own ads?
That would ultimately be very damaging for the people whom they are rebroadcasting, as it'd turn out to create a smaller audience for themselves and their advertisers.
Are you kidding, or what?
Personally, I'd always sided with the Movie Industry during this whole fiasco. After posting a bunch around here, it seemed to be made clear that the only reason that this technology was created was to enable playing DVD's under Linux and other OSes that weren't being supported.
What I'm getting at here is that if you rent a DVD, or purchase one that is specifically engineered for ONE TIME VIEWING, you're breaking the law, in that you have no right to do that. You have no right ro back up that data to watch it once (again), just as you have no legal right to sell your older versions of software after using them to upgrade to newer version.
The more people like you talk like that, the more I can see specifically why the industry wants to kill DeCSS, LiViD, whatever. And I sympathize.
Just because of comments like that, part of me hopes that the DVD industry succeeds in blocking the software decryption from being distributed, publishes their API's instead. Or creates royalty-free read only libraries. Or something like that.
To to be all PC or anything, but I think we need to move away from all this disposable stuff. Yeah, we'll all be dead before we've filled this planet with garbage, but there should at least be a little bit of consideration. How hard is it to return a video that you rented? And even if you're late, you only pay $4 or so.
One of the great things about digitalness is that it doesn't degrade. Now we seem set on introducing a digital technology that degrades. No matter what the ethic behind it, I'd never buy a disposable movie for the simple fact that I'd have throw it out when I'm done. I probably rent one or two movies a week. So with just me, you can figure on 75 discs a year being thrown away. A thousand me's equals 75,000 discs a year.
Now imagine 1 million of me. That's 75 million discs a year being thrown out. And that's still a far cry from the total number of VCRs out there. What's the weight of a disc? 2 ounces? It may not sound like much, but 4600 tons of additional waste a year seems a bit much to me, just so we don't need to return videos and DVD's anymore.
How about we just WAIT for the bandwidth to arrive for video on demand?
I stand corrected. Thanks!