you and the gp poster are saying it's somehow risky if it's internet connected
For me, the internet connection is the least of the problem. Actually, I'm saying it's risk because it's complex. If I can burn your whole data to a DVD, then I have a small number of easily understood risks with simple mitigation strategies. E.g.
the disk can get burnt
keep different ages of disk at different offsite locations
the disks can all get taken by the police in a raid
make sure the disks are at multiple locations and tell nobody about some of them
the media can be bad
do backups regularly enough that
the whole series of media can be bad
use different media and make sure you restore
or summarised
restore occasionally
keep multiple media in different places
make sure some of those places are very safe
compare that to a backup strategy with a redundant backup box:
both systems can be hacked from outside
make sure the backup system is ultra secure
the administrator can destroy both systems at once
make sure nobody has access to both systems
the main system can encrypt data on disk and send corrupt data to the backup
make sure we restore regularly
police can make simultaneous raids on all our official locations
???? - I think use offsite backups ; what alternative?
the BSA or other anti piracy organisation can make raids also
avoid proprietary software from BSA member companies
the operating systems have simultaneous failures
use completely different platforms
the hardware has near-simultaneous failures (e.g. backup disks are the same model as a failing disk and fail during the restore)
completely analyse
a lightning storm (or other weather incident) hits both offices
make sure offices have at least several hundred to thousands of kilometers of separation
a bigger (but still recoverable) event such as a solar storm
make sure the backup is in an electrically sealed nuclear bunker..
the backup system is stolen when being moved for restoration
ensure we can recover to a third site without any need to move
etc..
there's no one single important problem, just an endless list
I can't think of a simple summary for this. Overall, it's almost impossible to analyse and impossible to completely understand. I think it's a good solution for day to day backups, for recoving data people have deleted etc. but not for disaster recovery.
There are two fundamental tests that the backup box solution fails which I think that ever disaster recovery solution. The KISS test (keep it simple stupid); about which I think I've said enough abouve and the "is it different test". where I want my backup solution to be as different as possible. Different administrators, different room, different ownership, different technology etc. A simple passive disk or tape is as different from an active server as any solution I can think of. I just don't think there's any reasonable comparison
And I'm going to respectfully disagree with you too.
For most small businesses cash flow is critical. If you don't have a record of who paid you in the last month then you can't invoice the rest and you are dead. Your repeat customers will spot duplicate invoices and probably just block payments until it's all sorted out. The attack that you are defending against is either a fire which destroys your office or a burglary which steals all your computers in the night, including the backup box, taking the backups just because they happen to be there.
You need off site backups on a different, non internet-connected medium no less often than once a week. That is the maximum time for which it is acceptable (we are talking about disaster recovery here; "acceptable" has a different meaning from normal) to re-invoice people who have already paid you. Even so, most such incidents destroy small businesses completely just because they don't manage to get people back working in time. This just gives you a fighting chance if you have a nice and understanding bank manager and do a little more disaster planning. It is astounding how much difference spending four hours just thinking about it can make (e.g. you know the number of the temporary office providers, you know which people in your office can work from home and you realise everybody in your company should have a mobile phone, especially the receptionist).
And finally; if you haven't tried restoring from it, it isn't a backup.
You can take BSD licenced code and keep it - no upward financial contribution required,
You're more or less imaging what he's trying to say. The person who released the code that Apple then took is getting no benefit from Apple using the code.
In fact, it's pretty difficult for Apple to give them benefit even if they want to. Since companies are supposed to work for a profit, every major code contribution to a BSD project should really be weighed up, comparing the benefit it migh give to the competition againts the maintenance benefits of sharing. Since that's a pretty difficult calculation to make it needs serious effort and so most programmers just take (short term) the easy option and don't bother. Long term this means that BSD projects inside corporations tend to end up dead or proprietary.
Overall that means that BSD is a poor license for a company to release under or make long term commitments to. It's a good license for taking small bits of code for other projects, however.
...judges are also citizens. He should have the right to be a member of most any organization he chooses.
sure, that's why there are many different judges availble. If we have a lawsuit about destroying stamp collections then a judge who is a stamp collector would recuse himself. If we had one about stealing from IBM then an IBM shareholder would also recuse himself. Nobody is saying he doesn't have the right to be in such an organisation, just that if he is in one he shouldn't be the judge for this case.
There is only a problem when the judge attempts to manipulate court procedings in order to encourage a certain outcome.
the fundamental principle that justice should not only be done, but should be seen to be done disagrees strongly with you. Even if we assume that he had correctly convicted the pirate bay people and with no bias whatsoever, his association taints his verdict. Now those who disagree with the verdict will believe that he reached it for the wrong reasons even if that isn't true. This is damaging for justice simply because it undermines people's belief in the courts whether rightly or wrongly.
By failing to declare his pre-existing interests (so that other judges could decide if he has a conflict if required), the judge has breached his duty of trust. He should resign and the pirate bay verdict should be voided.
Were we talking about Windows then you would be more or less right (except that there's no decent package auditing software for windows). Each installed package tends to have full administrator privilages and can do anything it wants. However when we talk about something like Debian there are many reviews and checks. The attacker has two choices; a) do something during package install or b) wait to be triggered later. If the attack is triggered during package install and installs some backdoor it will be present on all systems so anybody will be able to find it during system review. In particular, a tripwire scan before and after package install will show any altered system files. This makes protecting the backdoor more or less infeasable. Alternatively, an attack which is triggered during system use can be avoided simply by never running the package as root.
Since debian is open source, any changes a package makes, which can be easily picked up by tools such as tripwire, can be reviewed against it's source and justified by the needs of the source code. No such possiblity exists with closed source software.
Stable. I refer the honorable gentleman to the BSD FAQ I gave previously. Actually, you might find that reading it will help you manage your BSD system effectively.
P.S. SELinux is not anti-virus software any more than PF is anti-virus software. Please have a look at some of the documentation. It's a quite interesting security framework which actually includes RBAC as a possible configuration. Possibly a bit complex to build; in RedHat it is almost user-transparent which means that it shouldn't be a problem. Please also note mellon's comments.
If this is true then it rather drives a coach and horses through the security-through-obscurity closed source security model.
The model was always marketing garbage anyway. However what you should understand is that the question is not "security" as such rather "who's security". Microsoft cares somewhat about the security of it's large and or strategic paying customers of which you are not one. In this context, messing over the Tibetan community would be the right thing to do since they are a threat to the Chinese government which is clearly a bigger customer than the Tibetan government and controls a much larger customer base (the Chinese people) than the Tibetan government (the Tibetan exile community). In security as in life; follow the money.
there is competition in providing commercial support
Open office is included in RedHat, Oracle, Ubuntu and several other commercially supported systems. With MS Office, if you are unhappy with your support provider then you are stuck. With open office, you can shop around until you find the support you want. Right now getting full support might well cost a little more, but if that were true long term then more competition would enter the market and keep prices low. No such thing exists with MS Office where nobody but MS can actually fix problems.
most contributors to free software make their living by working for commercial software companies.
Great. That's the point. "Free" as in freedom software is meant to be commercial as in valuable in many situation including in use in a company. That commercial software houses started supporting the development of free software just shows how important that support market is. And before you protest "that's not what I meant"; this is really true. The statistics say that most recent linux kernel changes are by people who work fulltime on the linux kernel and get paid for it.
You are trying to solve the wrong problem. You are assuming that you are facing random attacks from an attacker who just wants to go for some computer, any computer. In that case being on an uncommon system helps because the attacker sees less profit. However; in this specific case moving to a low usage system is the worst possible thing you can do. The attacker is the Chinese government and they have the resources and will to make special dedicated custom attacks. Moving to an OS that nobody else uses gives them several advantages.
A) the system is less likely to have had serious peer review so finding vulnerabilities should be easier for their Chinese enemies. B) the Chinese attackers can minimise collateral damage:
note the Chinese do not want to cause needless trouble - if they release an exploit for a windows vulnerability they have a risk of damaging random US govt computers which might give a propaganda advantage to Pentagon people at the wrong moment. It's much more convenient for them if they have an easy way to identify a Tibetan computer. If only Tibetans use an OS, then attacking that OS is perfect.
Things that the Tibetans want within their system.
A) serious general stability and safety (==properly audited open source by people who take security seriously) B) methods to recognise applications which have gone rogue (==mandatory access control per application) C) proper systems for monitoring system changes (==tripwire etc) D) variable security so that experts in their community can detect problems whilst others can still work (==security features such as SELinux which can be turned on gradually) E) fully controlled but very rapid security updates (==apt / yum etc).
For me that means that they want to have serious mandatory access control / role based access so that they can build application specific traps for malware (as in SELINUX). They need to have a system they can basically trust (OpenBSD) They want to have file based intrusion detection (tripwire / OpenBSD's systems). They need to have a system where they can take updates under their own control, but mostly don't have to do that.
When it comes to what I would recommend for them that's an incredibly difficult problem. Windows is out because it fails to provide so many of the basics. OpenBSD I would love to recommend, but the impossibility of building automated updates and the lack of role based access control rules it out for me. Probably I would end up recommending a CentOS (for normal users/people without money)/RedHat (for places needing commercial support) based system with a custom update distribution in places where RedHat's update policy is insufficient or where attacks via RedHat are a fear.
One thing which is absolutely clear; Windows should be ruled out
A) The Chinese government has preferential access to the Windows source code. As such they will always know a vulnerability you don't. If you are their enemy then it can never be an acceptable system. B) Windows is closed source and the build is under someone else's control; this means you can never be sure what is on your system and can never reduce it to just the components you need C) Windows is closed source and won't publish the source after a security breach; this makes it impossible to isolate root causes for an attack and stop them happening again. D) Windows is closed source and impossible to customise. This makes it impossible to set traps for malware with custom security systems and leads to a security monoculture. E) Windows is run by a commercial entity with an interest in turning on functionality. This means that even secure systems very rapidly become insecure when used by less experienced users.
However there's one crucial problem
A,B,C,D...Z) If the user administrator is clueless they won't spot attacks so a total Linux newbie will be much worse than a Windows expert.
Overall, the advice to move to Linux isn't bad, but it's something which the Tibetan community will have to do in a very serious and planned way whilst at the same time building up the number of security experts in their community and doing serious work on this. Without that kind of effort the effect will be worse than their current situation.
You are not comparing service for service. There are two services provided by night trains which aren't included in the service of an airline ticket.
a) get to the centre of city X from wherever you are early in the morning and in a good (having slept) state. b) get from city A to city B so that you can have a working day in each and a nights sleep in between.
To achieve either of these with an airline you typically fly the night before and take a hotel in your destination. That ends up more expensive than a night train. Also, travelling business, you can probably afford a night train with an en-suite shower (yes these exist in Europe) so the comfort level is in fact pretty good despite what the grandparent says.
It's really important and quite difficult to do these comparisons right. The perfect example is that the time city to city is normally much better for the plane. However, the time workplace to workplace is often better with the train since you miss out the security, check-in, loading delays, unloading delays, and baggage pick-up (none of which are included in your flight time) and the train will typically get you much closer to your destination so the taxi ride will be shorter.
You are so right. In fact, the next time that you have a court case, I suggest that you do absolutely no preparation for it whatsoever since, if the guy doesn't show up you'll save money on lawyers fees. <\sarcasm>
He didn't ignore it; He pulled you up on your assertion that a "secret court" is a good idea by pointing out that if the court is secret then people influenced by it's decisions can't have justice. That's different from an open court (e.g. everybody knows about the court, how it works, how to question it and how to check if the court is responsible for a specific warrant) for secret decisions. Perhaps you meant something different when you said "secret court" but the only way for us to find out is to discuss the things we think you said, even if they aren't the things you meant to say.
unless you actually *lower* the power on them to create smaller cells
Dynamic power control; where the mobile and base station lower the transmission power to the minimum needed is a standard feature on all proper modern mobile networks and has been since the start of GSM. Putting in cells more densely automatically lowers the power requirement for almost all mobiles. For some CDMA based networks (IS-95) there is a problem with "cell breathing" in that heavy traffic may leave gaps in coverage, however modern CDMA networks (UMTS and on) support controlled inter-frequency handover and so having multiple network layers works well; one providing coverage and and another providing capacity and then keep only a few mobiles (fast moving or very unlucky location) in the coverage layer, moving all other ones to the capacity layer.
That depends on the standard you are using and your definition of "slows to a crawl", but if we take "supports fast web browsing for all the users and standard quality video streaming for some" the answer is generally "lots" especially with something like LTE. It would take considerable investment, but it can be done. Basically you start by adding more frequencies and more antennas to one location. Then, when that starts to get overloaded, you start adding more and smaller cells until you only have a small number (ten?) of active users per cell. This does cost money, but the money is easy to justify since you have lots of traffic in the areas where you are investing. The maximum practical density (bits per second per square metre) for high frequency variants of LTE is pretty high.
By the time you get close to the maximum density, transmission to all the different base stations is your main problem. That's similar to fixed broad band but at least you should have a couple of orders of magnitude fewer wired end points.
Lets be clear, however, we are talking about slower maximum speeds than can be supported over fibre and a fundamental assumption that most of the customers are not actually sending packets most of the time. It's probably practical to compete with DSL. If everyone wants HDTV video streaming (as opposed to broadcast) on all the time, however, then there will be a problem.
The biggest problem with a mobile network is that many subscribers can move into one area. In a wired network, this is normally solved by simply providing a fixed number of network ports. When there are too many users, some have to wait. If your users start turning up with their own switches then you end up with problems. The same thing happens with mobile networks but the "lack of ports" isn't directly visible to the user. This means that QOS starts being implemented and if done badly that's a problem. Done well, though, mobile networks shouldn't end up any worse than a normal well run cable network with the same capacity.
Sorry, there are some things which are "not culturally neutral" but some things are universal truths. Just as it is clear that Crime goes with Punishment whether you are Chinese or Japanese; that the art of war goes with Sun Tzu, whether you are Brazilian or Jamaican and Roses go with Shakespeare whether you are Australian or Indonesian, it is also completely clear that Natalie Portman goes with toast. There can be no discussion.
The proposed Mortgage Bailout will provide money *directly* to troubled homeowners.
the definition of "troubled" basically means 'people for whom any extra money they get goes directly to the bank'. It's slightly better than giving to the bank directly since it slows down foreclosure but that's not done for the benefit of these people. That's done to try to slow the rate at which properties become available on the market and so the rate at which the property market collapses. In order to help the banks. Your money is more likely going to pay for lexuses (lexi??) than new homes.
As with me and a few others of the true slashdot elite, you probably spend every spare waking hour of your life following the minute details of the latest comment to report of a bug in sylpheed alpha four; never even sparing a moment to read code or try to replicate the bug yourself. However, you probably have to accept that even most of the people on slashdot have something else better to do with their lives (or at least more exciting), for example watching the countdown to the end of 64 bit time_t and posting on their favourite freenet BBS about exciting upcoming changes in the fifth to seventh digits. These more so called "normal" individuals will probably never even realise he discussion took place.
The thing being missed here is that EXT3FS is essentially turning a problem that happens regularly into an intermittent, rare but still present problem. That's much worse because it means that the problem is less likely to be noticed in testing and fixed. For "robustness" (e.g. three to five nines reliability) we need most things to be predictable something of the order of at least 10 nines. Ts'o making a mistake (hold on... excuse me whilst I perform my ablutions and sacrifice a beer bottle to the great kernel hacker god.. ) here and instead of fixing this so called bug, what he should have done is put in a patch to break EXT3FS instead.
Of course, you could reasonably argue that, by installing Windows, these people consented to use of their computing resources by any media organisation who wishes to (including the BBC). Now, if this was a computing security organisation or a bunch of do gooders then they might be in trouble.
I like your analogy; however, it needs to be extended a bit. The bank (RIAA) has built their vault (secure media) in the middle of your home (computer), however, they refuse to pay rent; in fact they even charge you (DVD license fees) for the irritation of having their vault taking up space (cycles) in your home.
They left a big hole in their vault (the analogue hole; various other holes) and now you are responsible for posting guards on that hole (make sure you don't file share their files). If you don't, then the police will come and get you (no analogy needed).
That sounds like a pretty serious environmental disaster. Computers are already a noticeable user of power. If big problems are being solved so inefficiently then that will get much worse.
Dammnit, why is it that this quote so often precedes posts of such breathtaking stupidity that they bring out the side of me which chose my slashdot ID.
If you had <blink>read the fucking article </blink> you would know that he, in an attempt to appear to be cooperating, actually used his password and showed them part of the contents of the drive.
Now we've done the RTFA bit, let's finish with the troll bit. I think that the fact that I only implied that his post was breathtakingly stupid rather than saying that "fm6 is an idiot" makes my post socially acceptable. What would you say?
I'm sure lots of operators think like that but, IMHO, it's deeply misguided.
If the customers start checking their because they hear about something like this they will only report problems in their own benefit. Customers questioning bills at all can never be a benefit. Better (for the operator) if they just pay up quietly.
In this particular public case the customer got his money back. If customers start to believe that you can get money back by challenging the operator then the operator is in for a world of hurt.
Finally, it's been shown that people are willing to spend much more as long as they can predict how much. If people read about this kind of problem they feel unable to predict heir bills and are likely to just stop using their phones
Slashdot Mirror
For me, the internet connection is the least of the problem. Actually, I'm saying it's risk because it's complex. If I can burn your whole data to a DVD, then I have a small number of easily understood risks with simple mitigation strategies. E.g.
the disk can get burnt keep different ages of disk at different offsite locations the disks can all get taken by the police in a raid make sure the disks are at multiple locations and tell nobody about some of them the media can be bad do backups regularly enough that the whole series of media can be bad use different media and make sure you restoreor summarised
compare that to a backup strategy with a redundant backup box:
both systems can be hacked from outside make sure the backup system is ultra secure the administrator can destroy both systems at once make sure nobody has access to both systems the main system can encrypt data on disk and send corrupt data to the backup make sure we restore regularly police can make simultaneous raids on all our official locations ???? - I think use offsite backups ; what alternative? the BSA or other anti piracy organisation can make raids also avoid proprietary software from BSA member companies the operating systems have simultaneous failures use completely different platforms the hardware has near-simultaneous failures (e.g. backup disks are the same model as a failing disk and fail during the restore) completely analyse a lightning storm (or other weather incident) hits both offices make sure offices have at least several hundred to thousands of kilometers of separation a bigger (but still recoverable) event such as a solar storm make sure the backup is in an electrically sealed nuclear bunker.. the backup system is stolen when being moved for restoration ensure we can recover to a third site without any need to move etc.. there's no one single important problem, just an endless listI can't think of a simple summary for this. Overall, it's almost impossible to analyse and impossible to completely understand. I think it's a good solution for day to day backups, for recoving data people have deleted etc. but not for disaster recovery.
There are two fundamental tests that the backup box solution fails which I think that ever disaster recovery solution. The KISS test (keep it simple stupid); about which I think I've said enough abouve and the "is it different test". where I want my backup solution to be as different as possible. Different administrators, different room, different ownership, different technology etc. A simple passive disk or tape is as different from an active server as any solution I can think of. I just don't think there's any reasonable comparison
And I'm going to respectfully disagree with you too.
For most small businesses cash flow is critical. If you don't have a record of who paid you in the last month then you can't invoice the rest and you are dead. Your repeat customers will spot duplicate invoices and probably just block payments until it's all sorted out. The attack that you are defending against is either a fire which destroys your office or a burglary which steals all your computers in the night, including the backup box, taking the backups just because they happen to be there.
You need off site backups on a different, non internet-connected medium no less often than once a week. That is the maximum time for which it is acceptable (we are talking about disaster recovery here; "acceptable" has a different meaning from normal) to re-invoice people who have already paid you. Even so, most such incidents destroy small businesses completely just because they don't manage to get people back working in time. This just gives you a fighting chance if you have a nice and understanding bank manager and do a little more disaster planning. It is astounding how much difference spending four hours just thinking about it can make (e.g. you know the number of the temporary office providers, you know which people in your office can work from home and you realise everybody in your company should have a mobile phone, especially the receptionist).
And finally; if you haven't tried restoring from it, it isn't a backup.
You're more or less imaging what he's trying to say. The person who released the code that Apple then took is getting no benefit from Apple using the code.
In fact, it's pretty difficult for Apple to give them benefit even if they want to. Since companies are supposed to work for a profit, every major code contribution to a BSD project should really be weighed up, comparing the benefit it migh give to the competition againts the maintenance benefits of sharing. Since that's a pretty difficult calculation to make it needs serious effort and so most programmers just take (short term) the easy option and don't bother. Long term this means that BSD projects inside corporations tend to end up dead or proprietary.
Overall that means that BSD is a poor license for a company to release under or make long term commitments to. It's a good license for taking small bits of code for other projects, however.
sure, that's why there are many different judges availble. If we have a lawsuit about destroying stamp collections then a judge who is a stamp collector would recuse himself. If we had one about stealing from IBM then an IBM shareholder would also recuse himself. Nobody is saying he doesn't have the right to be in such an organisation, just that if he is in one he shouldn't be the judge for this case.
the fundamental principle that justice should not only be done, but should be seen to be done disagrees strongly with you. Even if we assume that he had correctly convicted the pirate bay people and with no bias whatsoever, his association taints his verdict. Now those who disagree with the verdict will believe that he reached it for the wrong reasons even if that isn't true. This is damaging for justice simply because it undermines people's belief in the courts whether rightly or wrongly.
By failing to declare his pre-existing interests (so that other judges could decide if he has a conflict if required), the judge has breached his duty of trust. He should resign and the pirate bay verdict should be voided.
Were we talking about Windows then you would be more or less right (except that there's no decent package auditing software for windows). Each installed package tends to have full administrator privilages and can do anything it wants. However when we talk about something like Debian there are many reviews and checks. The attacker has two choices; a) do something during package install or b) wait to be triggered later. If the attack is triggered during package install and installs some backdoor it will be present on all systems so anybody will be able to find it during system review. In particular, a tripwire scan before and after package install will show any altered system files. This makes protecting the backdoor more or less infeasable. Alternatively, an attack which is triggered during system use can be avoided simply by never running the package as root.
Since debian is open source, any changes a package makes, which can be easily picked up by tools such as tripwire, can be reviewed against it's source and justified by the needs of the source code. No such possiblity exists with closed source software.
Stable. I refer the honorable gentleman to the BSD FAQ I gave previously. Actually, you might find that reading it will help you manage your BSD system effectively.
P.S. SELinux is not anti-virus software any more than PF is anti-virus software. Please have a look at some of the documentation. It's a quite interesting security framework which actually includes RBAC as a possible configuration. Possibly a bit complex to build; in RedHat it is almost user-transparent which means that it shouldn't be a problem. Please also note mellon's comments.
Well, you could trust random parts of the media or you could just trust the evil source themselves :-)
The model was always marketing garbage anyway. However what you should understand is that the question is not "security" as such rather "who's security". Microsoft cares somewhat about the security of it's large and or strategic paying customers of which you are not one. In this context, messing over the Tibetan community would be the right thing to do since they are a threat to the Chinese government which is clearly a bigger customer than the Tibetan government and controls a much larger customer base (the Chinese people) than the Tibetan government (the Tibetan exile community). In security as in life; follow the money.
It's also important to add:
Open office is included in RedHat, Oracle, Ubuntu and several other commercially supported systems. With MS Office, if you are unhappy with your support provider then you are stuck. With open office, you can shop around until you find the support you want. Right now getting full support might well cost a little more, but if that were true long term then more competition would enter the market and keep prices low. No such thing exists with MS Office where nobody but MS can actually fix problems.
Great. That's the point. "Free" as in freedom software is meant to be commercial as in valuable in many situation including in use in a company. That commercial software houses started supporting the development of free software just shows how important that support market is. And before you protest "that's not what I meant"; this is really true. The statistics say that most recent linux kernel changes are by people who work fulltime on the linux kernel and get paid for it.
You are trying to solve the wrong problem. You are assuming that you are facing random attacks from an attacker who just wants to go for some computer, any computer. In that case being on an uncommon system helps because the attacker sees less profit. However; in this specific case moving to a low usage system is the worst possible thing you can do. The attacker is the Chinese government and they have the resources and will to make special dedicated custom attacks. Moving to an OS that nobody else uses gives them several advantages.
A) the system is less likely to have had serious peer review so finding vulnerabilities should be easier for their Chinese enemies.
B) the Chinese attackers can minimise collateral damage:
note the Chinese do not want to cause needless trouble - if they release an exploit for a windows vulnerability they have a risk of damaging random US govt computers which might give a propaganda advantage to Pentagon people at the wrong moment. It's much more convenient for them if they have an easy way to identify a Tibetan computer. If only Tibetans use an OS, then attacking that OS is perfect.
Things that the Tibetans want within their system.
A) serious general stability and safety (==properly audited open source by people who take security seriously)
B) methods to recognise applications which have gone rogue (==mandatory access control per application)
C) proper systems for monitoring system changes (==tripwire etc)
D) variable security so that experts in their community can detect problems whilst others can still work (==security features such as SELinux which can be turned on gradually)
E) fully controlled but very rapid security updates (==apt / yum etc).
For me that means that they want to have serious mandatory access control / role based access so that they can build application specific traps for malware (as in SELINUX). They need to have a system they can basically trust (OpenBSD) They want to have file based intrusion detection (tripwire / OpenBSD's systems). They need to have a system where they can take updates under their own control, but mostly don't have to do that.
When it comes to what I would recommend for them that's an incredibly difficult problem. Windows is out because it fails to provide so many of the basics. OpenBSD I would love to recommend, but the impossibility of building automated updates and the lack of role based access control rules it out for me. Probably I would end up recommending a CentOS (for normal users/people without money)/RedHat (for places needing commercial support) based system with a custom update distribution in places where RedHat's update policy is insufficient or where attacks via RedHat are a fear.
One thing which is absolutely clear; Windows should be ruled out
A) The Chinese government has preferential access to the Windows source code. As such they will always know a vulnerability you don't. If you are their enemy then it can never be an acceptable system.
B) Windows is closed source and the build is under someone else's control; this means you can never be sure what is on your system and can never reduce it to just the components you need
C) Windows is closed source and won't publish the source after a security breach; this makes it impossible to isolate root causes for an attack and stop them happening again.
D) Windows is closed source and impossible to customise. This makes it impossible to set traps for malware with custom security systems and leads to a security monoculture.
E) Windows is run by a commercial entity with an interest in turning on functionality. This means that even secure systems very rapidly become insecure when used by less experienced users.
However there's one crucial problem
A,B,C,D...Z) If the user administrator is clueless they won't spot attacks so a total Linux newbie will be much worse than a Windows expert.
Overall, the advice to move to Linux isn't bad, but it's something which the Tibetan community will have to do in a very serious and planned way whilst at the same time building up the number of security experts in their community and doing serious work on this. Without that kind of effort the effect will be worse than their current situation.
You are not comparing service for service. There are two services provided by night trains which aren't included in the service of an airline ticket.
a) get to the centre of city X from wherever you are early in the morning and in a good (having slept) state.
b) get from city A to city B so that you can have a working day in each and a nights sleep in between.
To achieve either of these with an airline you typically fly the night before and take a hotel in your destination. That ends up more expensive than a night train. Also, travelling business, you can probably afford a night train with an en-suite shower (yes these exist in Europe) so the comfort level is in fact pretty good despite what the grandparent says.
It's really important and quite difficult to do these comparisons right. The perfect example is that the time city to city is normally much better for the plane. However, the time workplace to workplace is often better with the train since you miss out the security, check-in, loading delays, unloading delays, and baggage pick-up (none of which are included in your flight time) and the train will typically get you much closer to your destination so the taxi ride will be shorter.
You are so right. In fact, the next time that you have a court case, I suggest that you do absolutely no preparation for it whatsoever since, if the guy doesn't show up you'll save money on lawyers fees. <\sarcasm>
He didn't ignore it; He pulled you up on your assertion that a "secret court" is a good idea by pointing out that if the court is secret then people influenced by it's decisions can't have justice. That's different from an open court (e.g. everybody knows about the court, how it works, how to question it and how to check if the court is responsible for a specific warrant) for secret decisions. Perhaps you meant something different when you said "secret court" but the only way for us to find out is to discuss the things we think you said, even if they aren't the things you meant to say.
Dynamic power control; where the mobile and base station lower the transmission power to the minimum needed is a standard feature on all proper modern mobile networks and has been since the start of GSM. Putting in cells more densely automatically lowers the power requirement for almost all mobiles. For some CDMA based networks (IS-95) there is a problem with "cell breathing" in that heavy traffic may leave gaps in coverage, however modern CDMA networks (UMTS and on) support controlled inter-frequency handover and so having multiple network layers works well; one providing coverage and and another providing capacity and then keep only a few mobiles (fast moving or very unlucky location) in the coverage layer, moving all other ones to the capacity layer.
That depends on the standard you are using and your definition of "slows to a crawl", but if we take "supports fast web browsing for all the users and standard quality video streaming for some" the answer is generally "lots" especially with something like LTE. It would take considerable investment, but it can be done. Basically you start by adding more frequencies and more antennas to one location. Then, when that starts to get overloaded, you start adding more and smaller cells until you only have a small number (ten?) of active users per cell. This does cost money, but the money is easy to justify since you have lots of traffic in the areas where you are investing. The maximum practical density (bits per second per square metre) for high frequency variants of LTE is pretty high.
By the time you get close to the maximum density, transmission to all the different base stations is your main problem. That's similar to fixed broad band but at least you should have a couple of orders of magnitude fewer wired end points.
Lets be clear, however, we are talking about slower maximum speeds than can be supported over fibre and a fundamental assumption that most of the customers are not actually sending packets most of the time. It's probably practical to compete with DSL. If everyone wants HDTV video streaming (as opposed to broadcast) on all the time, however, then there will be a problem.
The biggest problem with a mobile network is that many subscribers can move into one area. In a wired network, this is normally solved by simply providing a fixed number of network ports. When there are too many users, some have to wait. If your users start turning up with their own switches then you end up with problems. The same thing happens with mobile networks but the "lack of ports" isn't directly visible to the user. This means that QOS starts being implemented and if done badly that's a problem. Done well, though, mobile networks shouldn't end up any worse than a normal well run cable network with the same capacity.
Sorry, there are some things which are "not culturally neutral" but some things are universal truths. Just as it is clear that Crime goes with Punishment whether you are Chinese or Japanese; that the art of war goes with Sun Tzu, whether you are Brazilian or Jamaican and Roses go with Shakespeare whether you are Australian or Indonesian, it is also completely clear that Natalie Portman goes with toast. There can be no discussion.
read the FSF's actual published opinion about licenses other than the GPL and then mod the parent "trolling for sanity" (as in screwing for virginity).
And you're not reading between the lines.
the definition of "troubled" basically means 'people for whom any extra money they get goes directly to the bank'. It's slightly better than giving to the bank directly since it slows down foreclosure but that's not done for the benefit of these people. That's done to try to slow the rate at which properties become available on the market and so the rate at which the property market collapses. In order to help the banks. Your money is more likely going to pay for lexuses (lexi??) than new homes.
As with me and a few others of the true slashdot elite, you probably spend every spare waking hour of your life following the minute details of the latest comment to report of a bug in sylpheed alpha four; never even sparing a moment to read code or try to replicate the bug yourself. However, you probably have to accept that even most of the people on slashdot have something else better to do with their lives (or at least more exciting), for example watching the countdown to the end of 64 bit time_t and posting on their favourite freenet BBS about exciting upcoming changes in the fifth to seventh digits. These more so called "normal" individuals will probably never even realise he discussion took place.
The thing being missed here is that EXT3FS is essentially turning a problem that happens regularly into an intermittent, rare but still present problem. That's much worse because it means that the problem is less likely to be noticed in testing and fixed. For "robustness" (e.g. three to five nines reliability) we need most things to be predictable something of the order of at least 10 nines. Ts'o making a mistake (hold on... excuse me whilst I perform my ablutions and sacrifice a beer bottle to the great kernel hacker god.. ) here and instead of fixing this so called bug, what he should have done is put in a patch to break EXT3FS instead.
Of course, you could reasonably argue that, by installing Windows, these people consented to use of their computing resources by any media organisation who wishes to (including the BBC). Now, if this was a computing security organisation or a bunch of do gooders then they might be in trouble.
I like your analogy; however, it needs to be extended a bit. The bank (RIAA) has built their vault (secure media) in the middle of your home (computer), however, they refuse to pay rent; in fact they even charge you (DVD license fees) for the irritation of having their vault taking up space (cycles) in your home.
They left a big hole in their vault (the analogue hole; various other holes) and now you are responsible for posting guards on that hole (make sure you don't file share their files). If you don't, then the police will come and get you (no analogy needed).
That sounds like a pretty serious environmental disaster. Computers are already a noticeable user of power. If big problems are being solved so inefficiently then that will get much worse.
I haven't read TFA,
Dammnit, why is it that this quote so often precedes posts of such breathtaking stupidity that they bring out the side of me which chose my slashdot ID.
If you had <blink> read the fucking article </blink> you would know that he, in an attempt to appear to be cooperating, actually used his password and showed them part of the contents of the drive.
Now we've done the RTFA bit, let's finish with the troll bit. I think that the fact that I only implied that his post was breathtakingly stupid rather than saying that "fm6 is an idiot" makes my post socially acceptable. What would you say?
I'm sure lots of operators think like that but, IMHO, it's deeply misguided.
If the customers start checking their because they hear about something like this they will only report problems in their own benefit. Customers questioning bills at all can never be a benefit. Better (for the operator) if they just pay up quietly.
In this particular public case the customer got his money back. If customers start to believe that you can get money back by challenging the operator then the operator is in for a world of hurt.
Finally, it's been shown that people are willing to spend much more as long as they can predict how much. If people read about this kind of problem they feel unable to predict heir bills and are likely to just stop using their phones