1. I never said I didn't believe there was justification for Operation Bombs over Baghdad, however the public justifications for invasion have so far been unsubstantiated, which sure makes the Bush administration look like a bunch of lying asses, and has already cost one of Bush's allies (former Pres Aznar in Spain) his job
2. I knew Saddam was a dangerous madman and needed to be removed in the 80s, why did it take so long for the US to act? Oh right, that little prohibition on political assassination
3. The "proven beyond a reasonable doubt" bullshit (I'm not afraid of the FCC, nyah nyah) was raised by the parent to my comment, please try to understand the context of a comment before you attack the poster, k/plz/thx
Re:I wouldn't worry too much about that...
on
SCO Aims For The Feds
·
· Score: 2, Insightful
Lots of (relatively) cheap and talented labour up here in Canada, we'd love it if all the Linux businesses moved up here;)
I think you fail to comprehend the significance of a widely distributed target, i.e., the concept of monoculture contributing to widespread security issues.
There is no fix for Outlook and Word being major propagation vectors in the past, however there are fixes for this in the future. The same is true for holes in any Open Source project. Unless the patch is applied, a vulnerablilty remains a vulnerability. The PEBCAK issue comes into play when users fail to be diligent about patching. If a Linux admin fails to patch, then we'd all call them a dumbass. When a Windows admin fails to patch, then we all call Microsoft a bunch of dumbasses for having released a patch that the admin didn't apply.
Get the point now, or are you still blinded by looking into the sun?
If it turns out a state had provided material or know-how to terrorists for building a nuclear bomb that was subsequently used in the US, and that's proven beyond a reasonable doubt, I and every other sane person in this country would rightly expect a massive military response.
The scary thing about he current regime in the USA is that the "proven beyond a reasonable doubt" isn't necessary or even an advisable test to wait for if you happen to be Axis of Evil Country A, B or C. I would also suggest that it would take less than proof beyond reasonable doubt for every sane person down there to expect a massive military response, given precedent set a year ago.
Disproportionate? Simple statistical analysis of threats, impact, etc, cannot do reality justice. If the MS monoculture represents a very dominant 90% of the desktop market, and monoculture factors into things as suggested, then you would expect the impact due to proliferation of threats targetted at the dominant population to be "disproportionate", regardless of relative insecurity. Why bother writing a virus targetting some obscure platform like MacOS? The "disproportion" of Linux servers detailed in recent reviews is easy to write off by the same sort of reasoning, so if we are going to even pretend to be rational while espousing the virtues of Open Source, then we must make clear arguments which are as devoid of bias as possible.
The fact which most knee-jerk anti-Microsoft ranters try to avoid is that the patches and technology exists to very adequately secure a Windows desktop. The problem is users who refuse to do so.
You want to see all hell break loose? Put Linux, which requires more clue to operate than Windows, on the desktops of 90% of the users. They'll all be autologging in as root, randomly running rootkits that look like useful apps, leaving restarded services on like portmap, telnet, and wu-ftpd.
Every single Tom Cruise movie can be renamed according to the "Top Gun" template. For example, his last film (Top Samurai) was typical Tom Cruise. I can't think of any other actor better able to portray a washed-up alcholic post-traumatic stress syndrome civil war has-been who retains exceptional marksmanship when drunk, is capable of learning (over a single season) the martial skills of Samurai who've dedicated their lives to swordsmanship, and manage to come out a hero.
I still haven't seen Top Nascar or all of Top JAG, but I don't think I would have to. Lemme guess, he's disfunctional, a bit of an asshole, and lacks any semblance of discipline, yet manages to win, get the girl, and finish the movie as a hero...
Yes, I know why they would want to bend over. Wanting to, and being able to comply with the legal terms set out in the Notice of Motion are different things.
Of course, having authentication in place which allows an ISP to swear an affidavit about behavior of any user at any given moment in the past is something most privacy advocates would freak out about. Any system that uses PPPoE, Telus' Shasta stuff, etc, allows that sorta use profiling. Poindexter probably has a special place in his heart for that stuff... anybody who values their rights under PIPEDA, however, shouldn't.
An always-on connection doesn't need user authentication... and that, my friends, is the heart of the "unlimited usage" marketing stuff. You aren't on the clock, its always on. Being an idiot and moving gigabytes of traffic to the detriment of everybody who unfortunately shares a port with you somewhere upstream is never, should never, and rationally can't be included in "unlimited".
Are you equating not an ISP not running their own Total Information Awareness monitoring of customer (ie. person sitting behind the keyboard) behavior with fucked-up network infrastructure?
Everybody who is interested in this should take some time to read the actual Notice of Motion from CRIA:
Federal Court Documents
If you have decent reading comprehension, you'll notice that CRIA's "civil search warrant" efforts go far beyond asking an ISP to help identify people sharing files (check out the Schedule A of the Notice of Motion). CRIA wants the data in para. 1... thats who they target their extortion settlement letters. Its para. 2 that gets nasty. They want the ISP to swear a statement that User A is responsible for sharing out Files A-Z.
This has nothing to do with fucked-up network infrastructure, it has everything to do with an ISP not logging details of your behavior to the extent that they can swear an affidavit about what you did.
All this makes we wonder just how much good ol' roll-over-and-take-it-up-the-ass Videotron logs about their customers...
Nah, the funny stuff in the O'Reilly Appendix A relates to GNU/Hurd. There are some gems that would have me howling if I wasn't in the office...
If you write programs for linux today, you shouldn't have too many
surprises when you just recompile them for Hurd in the 21st century.
- Linus Torvalds
Linus = SMRT. The clock is still ticking on Hurd becoming widely useful... 22nd century maybe?
I don't know of any free microkernel-based, portable OSes. GNU is still
vaporware, and likely to remain that way for the forseeable future. Do
you actually have one to recomend, or are you just toying with me?;-)
The more things change, the more things stay the same:
As most of you know, for me MINIX is a hobby, something that I do in the
evening when I get bored writing books and there are no major wars,
revolutions, or senate hearings being televised live on CNN. My real
job is a professor and researcher in the area of operating systems.
- Andy Tanenbaum, "LINUX is obsolete", comp.os.minix
People are rightly concerned with the lack of a system to hold liars accountable. Recall is only one of the mechanisms proposed to solve the problem. Besides, its the sheep in Ontario and Quebec that seem content to repeatedly vote in liars... and its easy because of the masses of sheep. Politicians count on this since they know the sheep wll forget by the time the next election comes around.
Actually, that would be an incorrect assumption. Its a fairly common misconception that the everyday tasks our brains perform are "easy", whereas the tasks that computers perform are "difficult". The normal situation is that computers perform very simple computational tasks extremely quickly, but complex cognitive, perceptual, and interpretive tasks performed by the human brain and very difficult to get a computer to do.
The vision challenge in robot design is perhaps the best example of something we take for granted by is very difficult to accomplish with silicon.
The idea is that Senators are *not* elected, do not have an expiring term, and are not part of a party so that their decisions are not influenced by politics -- they are supposed to be appointed, respected members of society
How on earth does this shield them from being influenced by politics? They have accountability other than to the democratically elected benevolent dictator de jour.
You also seem to fail to realize that public opinion is meaningless since we (Canadians) have no ability to recall our elected officials, and seems to be blindingly stupid enough to re-elect a man who repeatedly lies to us (Chretien).
"Back in 2002"... thats funny. Modems were being disabled for abuse before AT&T got into the broadband business when they did a chestburster to @Home.
I don't recall having ever actually shut off someone's DSL modem back in 1997/1998 when we deployed it at ISP Employer At The Time, but back then we were just happy when the shit worked for any length of time.
Suspending modems for abuse is nothing new... what is new is the level of worm activity that makes it really difficult to scale for any ISP of a respectible size. Don't blame the ISP's abuse departments, blame the marketing people who refuse to educate customers and prospective customers about security basics.
Actually, no. I've been chewing on third party reviews, the testimonial of people I trust, and my own experiences. I don't listen to the marketing drowns, they are the ones who told me that Nvidia's drivers forcing games to run with less than the complete DX9 feature set was somehow a cunning performance tweak rather than a really clumsy way to compensate for crappy DX9 support.
As far as the two vendors and Linux support go, I'm a huge fan of Nvidia and their drivers for Linux (I've got cards ranging from the TNT up to a GeForce 3 Ti200 in my main workstation). All of my Linux boxes run Nvidia cards, whether or not I expect them to do a lot of 3D. ATI has sucked hardcore when it comes to the !windows world. I wasn't commenting on the specific Linux context.
The only thing separating local exploits from remote in impact is the cracker finding a way to get unpriviledged access to the host. Lots of remote but "trivial" exploits are discovered, and sysadmins like to write those off as unimportant if they don't involve priv escalation... and with the next breath, write off all local-only priv escalation vulns.
You may trust your authorized users, but do you trust their passwords, habits in storing passwords ("You don't expect me to remember that, do you? Where are my post-it notes..."), and wisdom to not extend trust to ANYONE?
Do you also trust users to not run a piece of malicious code that shows up purporting to be some groovy new Linux app that will do some groovy new thing? Afterall, it would only have to require a vanilla user account... and Linux never gets viruses, so why worry?;)
I think you see where I'm going with this. Local exploits need to be patched too, and sysadmins all too frequently think they don't because they are "only local".
ATI's GPUs have outperformed NVidia's for a couple years now in benchmarks and in real life. ATI has also stepped up to the plate with driver development, and now its Nvidia that lags behind. The drastic change in quality of ATI's products still shocks me (and it was a drastic enough change for me to actually spend money on an ATI product after swearing I'd never do so again).
Now you may wonder why (if you believe me) ATI's drivers went from suck to their current quality?
But one is as good as none. Nowadays, video cards based on ATI chips are being manufactured by 12 partnering companies, and
the Catalyst driver (created by former developers of nVidia) demonstrates quite serious stability and performance and, like nVidia's Detonator, has turned into a symbol of stability and continuity.
If SCO carries on in a court of law like they have in public then nobody, other than SCO shareholders that aren't smart enough to ditch, has nothing to fear. Judges like their time wasted by gibbering idiots even less than techies.
Darl and his band of morons are running a clown college, not a lawsuit. Open Source has gained momentum as far as public opinion goes, and will continue to do so.
The XFree86 Project, Inc is announcing that it has made a change to its license effective with the Third Release Candidate for the 4.4.0 series. This licence, like our previous, is fully free, (how do we know this? no less than the world authority on free software, RMS, has said so) and it's the hope of the XFree86 Project to no longer allow non-free licences into our tree so we can become a fully free-software compliant X product.
Whatever the issue is, Open Source is going to suffer for this squabble. The GPL acting as a roadblock to integration of new technology for the desktop is just going to prove Microsoft's point that the license is eeeeevvuuuuull. I think this may do more real damage to "The Cause" then the fiaSCO.
It isn't terrorism without meeting the definition, and this clearly does not meet the definition: "with the intention of intimidating or coercing societies or governments, often for ideological or political reasons."
The attack was against individuals, the government is only involved as a means to that end. This is a case of government using over-broad legislation to hack together charges against someone where older statute would do (but maybe not set as big of an example). This is a great illustration of the danger in bad law, bad administrators of the law, and the erosion of freedoms in the name of national security... except there is no national security issue here, only the erosion of freedoms.
Canadians have lived with this fear for some time thanks to the War Measures Act, especially after Pierre Idiot Trudeau's invocation in the 1970s in response to Quebec separatist terrorism:
Although strong, the provisions of the War Measures' Act are necessary to meet a crisis such as war. Evidently, a democratic state must be able to take all necessary steps to protect itself and to act quickly under crisis situations. Such was the argument made by Pierre Trudeau during the October Crisis of 1970. However, the Act allows for invocation of these strong measures even in times of peace, in particular when there would be an "apprehended" insurrection. In this instance, there is clearly a need for reform as the invocation of such measures can easily lead to clear violations of our most basic freedoms and rights as was shown in several instances in Canadian history
At least we only had that one very scary incident... the US has an administration that seems intent on turning everything since 9/11 into a scary era. Good luck guys, the whole world is going to need it if Bush, Ashcroft, and others have their way.
Slashdot Mirror
2. I knew Saddam was a dangerous madman and needed to be removed in the 80s, why did it take so long for the US to act? Oh right, that little prohibition on political assassination
3. The "proven beyond a reasonable doubt" bullshit (I'm not afraid of the FCC, nyah nyah) was raised by the parent to my comment, please try to understand the context of a comment before you attack the poster, k/plz/thx
Lots of (relatively) cheap and talented labour up here in Canada, we'd love it if all the Linux businesses moved up here ;)
There is no fix for Outlook and Word being major propagation vectors in the past, however there are fixes for this in the future. The same is true for holes in any Open Source project. Unless the patch is applied, a vulnerablilty remains a vulnerability. The PEBCAK issue comes into play when users fail to be diligent about patching. If a Linux admin fails to patch, then we'd all call them a dumbass. When a Windows admin fails to patch, then we all call Microsoft a bunch of dumbasses for having released a patch that the admin didn't apply.
Get the point now, or are you still blinded by looking into the sun?
Ah, good ol' Godwin.
The fact which most knee-jerk anti-Microsoft ranters try to avoid is that the patches and technology exists to very adequately secure a Windows desktop. The problem is users who refuse to do so.
You want to see all hell break loose? Put Linux, which requires more clue to operate than Windows, on the desktops of 90% of the users. They'll all be autologging in as root, randomly running rootkits that look like useful apps, leaving restarded services on like portmap, telnet, and wu-ftpd.
PEBCAK.
'nuff said.
I still haven't seen Top Nascar or all of Top JAG, but I don't think I would have to. Lemme guess, he's disfunctional, a bit of an asshole, and lacks any semblance of discipline, yet manages to win, get the girl, and finish the movie as a hero...
i.e., Where do you feel the rights and freedoms of individuals are best protected and/or recognized in law?
i.e.2., Is the USA still the "land of the free", or should that title be bestowed upon Canada, the EU, or foo?
Of course, having authentication in place which allows an ISP to swear an affidavit about behavior of any user at any given moment in the past is something most privacy advocates would freak out about. Any system that uses PPPoE, Telus' Shasta stuff, etc, allows that sorta use profiling. Poindexter probably has a special place in his heart for that stuff... anybody who values their rights under PIPEDA, however, shouldn't.
An always-on connection doesn't need user authentication... and that, my friends, is the heart of the "unlimited usage" marketing stuff. You aren't on the clock, its always on. Being an idiot and moving gigabytes of traffic to the detriment of everybody who unfortunately shares a port with you somewhere upstream is never, should never, and rationally can't be included in "unlimited".
Everybody who is interested in this should take some time to read the actual Notice of Motion from CRIA: Federal Court Documents
If you have decent reading comprehension, you'll notice that CRIA's "civil search warrant" efforts go far beyond asking an ISP to help identify people sharing files (check out the Schedule A of the Notice of Motion). CRIA wants the data in para. 1... thats who they target their extortion settlement letters. Its para. 2 that gets nasty. They want the ISP to swear a statement that User A is responsible for sharing out Files A-Z.
This has nothing to do with fucked-up network infrastructure, it has everything to do with an ISP not logging details of your behavior to the extent that they can swear an affidavit about what you did.
All this makes we wonder just how much good ol' roll-over-and-take-it-up-the-ass Videotron logs about their customers...
People are rightly concerned with the lack of a system to hold liars accountable. Recall is only one of the mechanisms proposed to solve the problem. Besides, its the sheep in Ontario and Quebec that seem content to repeatedly vote in liars... and its easy because of the masses of sheep. Politicians count on this since they know the sheep wll forget by the time the next election comes around.
The vision challenge in robot design is perhaps the best example of something we take for granted by is very difficult to accomplish with silicon.
You also seem to fail to realize that public opinion is meaningless since we (Canadians) have no ability to recall our elected officials, and seems to be blindingly stupid enough to re-elect a man who repeatedly lies to us (Chretien).
Crappy Sun is less than half as good then, since they are only about to hit version 10. Hooray for teh Penguin!
I don't recall having ever actually shut off someone's DSL modem back in 1997/1998 when we deployed it at ISP Employer At The Time, but back then we were just happy when the shit worked for any length of time.
Suspending modems for abuse is nothing new... what is new is the level of worm activity that makes it really difficult to scale for any ISP of a respectible size. Don't blame the ISP's abuse departments, blame the marketing people who refuse to educate customers and prospective customers about security basics.
As far as the two vendors and Linux support go, I'm a huge fan of Nvidia and their drivers for Linux (I've got cards ranging from the TNT up to a GeForce 3 Ti200 in my main workstation). All of my Linux boxes run Nvidia cards, whether or not I expect them to do a lot of 3D. ATI has sucked hardcore when it comes to the !windows world. I wasn't commenting on the specific Linux context.
You may trust your authorized users, but do you trust their passwords, habits in storing passwords ("You don't expect me to remember that, do you? Where are my post-it notes..."), and wisdom to not extend trust to ANYONE?
Do you also trust users to not run a piece of malicious code that shows up purporting to be some groovy new Linux app that will do some groovy new thing? Afterall, it would only have to require a vanilla user account... and Linux never gets viruses, so why worry? ;)
I think you see where I'm going with this. Local exploits need to be patched too, and sysadmins all too frequently think they don't because they are "only local".
ATI's GPUs have outperformed NVidia's for a couple years now in benchmarks and in real life. ATI has also stepped up to the plate with driver development, and now its Nvidia that lags behind. The drastic change in quality of ATI's products still shocks me (and it was a drastic enough change for me to actually spend money on an ATI product after swearing I'd never do so again).
Now you may wonder why (if you believe me) ATI's drivers went from suck to their current quality?
Nvidia has been spiraling since the 3dfx asset acquisition.Darl and his band of morons are running a clown college, not a lawsuit. Open Source has gained momentum as far as public opinion goes, and will continue to do so.
Actually, I'd suggest "No-talent assclowns".
The attack was against individuals, the government is only involved as a means to that end. This is a case of government using over-broad legislation to hack together charges against someone where older statute would do (but maybe not set as big of an example). This is a great illustration of the danger in bad law, bad administrators of the law, and the erosion of freedoms in the name of national security... except there is no national security issue here, only the erosion of freedoms.
Canadians have lived with this fear for some time thanks to the War Measures Act, especially after Pierre Idiot Trudeau's invocation in the 1970s in response to Quebec separatist terrorism:
At least we only had that one very scary incident... the US has an administration that seems intent on turning everything since 9/11 into a scary era. Good luck guys, the whole world is going to need it if Bush, Ashcroft, and others have their way.you fool, nobody can hack the Gibson!