Since half of the responses are dedicated to lunacy, we have to add the third option to your two.
1: In the publicly-acknowledged laboratory, they test the theory and find that it works. But they announce that the theory doesn't work, and is false. Then they blow the laboratory up, and/or kill several researchers, citing fundamental and long-term practical problems with generating the super-intense magnetic fields necessary.
2: In the supser-secret government laboratory, they proceed to develop anti-gravity warp-drive spaceships.
3: Who needs PROFIT when you've got POWER!!!
See, it is possible to be facetious and serious at the same time. To be fair, this scenario is paraphrased from the "nano-forge" scenario (assembler, replicator, what ever you want to call it) in Joe Haldeman's "The Forever Peace."
For the moment, I'm going to lump a response to this together with "Skewed, Oh yeah..." thread ( http://it.slashdot.org/comments.pl?sid=173159&cid= 14409257 ) and say that it would be interesting to have a little better detail - for Windows and Linux both.
For instance, Windows has 2 distinct kernel families, Win9X and WinNT. Linux has 1. Within each of these families there is then versioning, Win95, Win98, WinME, WinNT, Win2k, WinXP, 2.4, 2.6, etc. Beyond that, it appears that all Windows versions share things like GDI.dll (WMF, anyone?) while all Linux versions share things like glibc. Some are distinct, like Linux modutils, and I've heard that Windows has similar, but can't enumerate.
Then there are applications on top of both, both bundled with the OS, and not.
Incidentally, SELinux ain't no picnic, either. I'm using the Gentoo hardened SELinux, and it's got a rather outdated basic policy. When enforcing, everything not specifically permitted is forbidden. Meaning that I can only run software for which a policy exists. Which means that I can't move the server load to this machine, since I depend on several programs that don't yet have policies. (leafnode and dovecot, to name 2) In the next few months, they're going to get current on the base policy. I'll get more serious about learning then, and maybe write my own, where needed.
Perhaps I misspoke, but "by default" I meant without adding hardening stuff like SELinux, RSBAC, or GRSecurity.
I don't disagree with what you say, though. The point I was trying to make was that the stock WinXP kernel has better security features than the stock Linux kernel. That's completely ignoring the normal installation status of each. At this point, it's also worth mentioning that Linux *HAS* things like SELinux, RSBAC, GRSecurity, and such. Those things are kernel patches, but can be done by anyone sufficiently skilled. OTOH, Windows source is so closely held that even those outside Microsoft who can see it can't do the kind of experimentation with it that has produced the hardened Linux kernels.
Is the magnetron on the latter casemod still in place?
If so, this is the perfect computer for putting your music and movie downloads on. When the ??AA sends someone knocking at the door, just put it on bake.
The other bad mindset is the "this is a fancy appliance" attitude toward personal computers. I wish we could inspire a more car-like attitude. We all drive cars, but we also expect to keep them maintained. Different people do various levels of maintenance/repair themselves, from practically none to practically all. They also accept that they will hire a professional for some level of maintenance/repair, from practially all to practically none. There is very little business in the computer maintenance/repair business, and very few consumers actually do it. IMHO this is not good. The real problem is coming up with a maintenance plan that can be economical, yet effective.
The alternative is to turn most computers into appliances, but so far every attempt has failed.
I said capabilities, not practice. Read the rest of my post, where I go on to say that the Windows Culture pretty much completely undermines those capabilities. On the other hand, the Linux/Unix culture respects its security capabilities, or at least *mostly* has, so far. One thing I fear about Linux getting more popular is that it might bring some security-unconscious Windows developers over, and they may do some damage before getting a clue. I already fear/dislike run-as-root Linux distros.
Actually, until you bring in the hardened Linux stuff, Windows actually has *better* default security capabilities than Linux.
The problem is one of software culture. Windows has a software culture of full access, whereas Linux/Unix has a software culture of limited access. Even though Microsoft added much better security capabilities, the Windows culture doesn't take advantage of them. In practice, that means: * The "owner" is Admin, by default. The separation between users and administrators is missing, by default. This is true even in the F500 company where I work. * Software developers assume they have full access, sometimes even at runtime. Even some Microsoft software has this problem. * Neat Stuff Rules! Let's face it, Windows is able to do some neat stuff, but the security implications of that neat stuff are frightening.
Now let's look at the Windows exploits historically. For a long time, Windows exploits were merely using the published APIs in "novel fashions." In other words, exploiting features, not bugs. Finding and exploiting bugs in Windows is actually comparatively recent. But with either, the tight integration that enables "Neat Stuff" increases the range of any exploit found. From another perspective, one route to security is compartmentalization, which is *difficult* to combine with tight integration.
It can be done, but it normally isn't done that way.
Obviously you know how to do this right, but you also know enough to avoid most of the problem situations.
The real problem is in taking the obvious steps you've suggested and roll them out more generally. THIS may well be the biggest security advantage of Linux/Unix/*bsd, not their low market share. They have cultures which begin with lesser access, rather than total access, as Windows does. Of course run-as-root Linux distros coming out scare and annoy me. (Is Linspire still run-as-root?)
I wasn't talking specifically about Homeland Security, I was talking about the behavior. Neglecting prevention is Congress' fault in this situation, but they are by no means the only ones guilty of it. IMHO, businesses are even more guilty of neglecting prevention, because it frequently fails cost analysis, and because we're so bad at doing a good job at factoring risk. If we were good at cost/risk analysis, prevention would get much better play.
Glad to see that somebody brought up "The Forever Peace."
Incidentally, there are FAR more interesting things in it than just the Soldierboys. (That's what he called the remote-operated exoskeletons.) In particular, there is a batch of Apocolyptics in the book that sounds disturbingly close to some of the people in the current administration. (Not bashing Bush, but some other fundamentalist elements.)
By the way, there IS a sequel to "The Forever War" called "Forever Free". Good book too, but in quite a different direction.
Since we're in the realm of fiction, and since you've brought up the philosophy of remote killing by bomb, it's time to bring up "Baron Munchausen" which had a bunch of ex-Pythons.
Specifically, there is a scene where our motley crew runs into Vulcan, and with pride he shows them one of his latest weapons of War. I forget what he called it, but it's obviously a nuclear missle, though he doesn't use the 'N' word. He says something to the effect of, "It kills your enemy. ALL of your enemy, and all of his family, and all of his manservants, and all of his maidservents, and all of his cattle, and all of his sheep..."
But they do care about their ability to police their own networks. They almost have enough expertise to almost handle Window and Mac. Add Linux and/or *bsd to the mix and many will be waaaaay out of their depth, and won't feel able to service. (Whether or not they're able to service Windows and Mac is a different question.)
To be fair, a rooted Linux box may well be far worse than a rooted Windows box.
"Left unattended, each could ultimately interrupt Microsoft's 25+ year run of growth and profits and leave the door open for younger, smaller, and more nimble competitors."
And the problem with this is????
It appears that what they're trying to say is that by addressing these Top 10 Challenges, Microsoft can prevent "younger, smaller, and more nimble competitors" from gaining a foothold in the marketplace. In other words, if Microsoft simply rests on its current monopoly status and continue to mis-execute, they're going to have some serious competition.
I still fail to see a problemhere , except for Microsoft shareholders and IT managers who have unwisely over-bought into Microsoft monoculture.
Or maybe they should rejuvenate yet again, and smash the competition, yet again. That'll make computing better for all of us. Right?
In the New World Order, you're down to just reason #1, the VPN.
As for #2, that's only for a fanatical minority, and they deserve longer waits, especially when they don't submit to the DRM "suggested" by our Information Overlords. And #3 shouldn't even be considered at all, because you're depriving telcos of their rightful revenue.
Good thing you didn't mention P2P, like some others have. That's just plain EVIL.
I say it somewhat facetiously, but really, #1 is the ONLY reason that TPTB will listen to for having even any sort of upstream bandwidth. Otherwise, I'd expect ADSL to become A-er with every passing year. That's really the model our Information Overlords would like us to have, enough upstream bandwidth to request the media they'll bill us for, and then ship downstream.
Actually, I guess #3 is sort of valid. It does require significant upstream bandwidth. It's just the routing and billing that are the REAL issues. As long as the right people are being paid well enough, you can have that bandwidth.
Let's just hope that they don't decide that VPN should be a value-add option. Remember that VPNs are usually for remote access to your place of employment, and "business services" are typically priced higher. They might decide to start mining your employer's pockets for more VPN revenue. At that point, upstream bandwidth, beyond that necessary to send email and media requests, becomes THE premium product.
It's not painful, I'd just rather keep the clutter out.
Plus perhaps I'm shorting KDE for what GNOME does, but... I have one GNOME application installed, gnucash, and I've minimized the GNOME stuff I installed just to get that. (With USE flags, which gives away my distro.) At one point, I made the mistake of clicking the "Help" menu, and my simple, lightweight icewm desktop turned into GNOME. It took over my desktop in order to bring up Mozilla to show me help. Nor did it give it back, when I was done browsing the help.
IMHO, behavior like that is unforgivable. Unfortunately I have several years of financial data in gnucash, so moving to something else wouldn't be easy, even if I knew what to move to. Besides, my wife mostly knows how to use it, and she hates changing software.
As I said, perhaps I've prejudged KDE applications based on misbehaving GNOME ones.
You're right, in that they assume that everyone is guilty, and that's wrong.
But you're wrong, in a more important aspect - At least they're attacking the right problem, or at least your quote implies that they are. To wit, "want a tax for author rights to be paid by everyone..." Note that it didn't say, "pay the publishers so the publishers can pay the artists," though that's how it may well be implemented, and the second "pay" may well be replaced with "cheat". So while the end effects may not really help, at least the initial intent appears to be in the right place.
Here in the US, what we DO with legislation is all about preserving the ??AA's business model. The ??AA cry about their lost revenue, and our legislators cry about unpaid artists. (Presumably while receiving campaign contributions from the ??AA, and knowing exactly who is benefitting from the legislation.)
But at the base of it all the problem should remain this: How do we fund artists, so they'll keep making art?
Whether you're talking "Windows 2003 and Symantec Enterprise firewall. It will be running on an HP DL380 G4" or "OpenBSD on there. And scale down the hardware a lot" or even a heavy-duty appliance box, the cart is in front of the horse, here. Don't know if that's a reflection of the planning or your thinking.
Plan the maintenance policy, first. Even if you have a heavy-duty appliance box, which you'd like to think of as "install and forget", someone's got to keep on top of security alerts and firmware updates. Remember the good old security mantra, "Security is a process, not a product."
Keeping that in mind, it can affect a purchasing decision, too. "Windows 2003 and Symantec Enterprise firewall" is 2 products from 2 companies, and the OS is very complex, needs significant work to lock down to minimal function, and has had a steady feed of monthly updates. On the other hand, "OpenBSD on there" is 1 (Isn't pf part of the base?) product, has a much more proven security track record, a lower update rate, and comes configured more securely out of the box.
Normally, I don't believe the "Just let me put an OSS firewall in there on the cheap," argument. But in this particular case, and keeping in mind that ongoing maintenance should be part of ANY solution, I guess I'd have to side with OpenBSD + pf.
This assumes "Beagle 2" was rooted in the Peanuts metaphor.
OTOH, if "Beagle 2" was rooted in the Darwin metaphor, the crash could be construed as Creationist (or I.D.) revenge, or insufficient I.D. for Beagle 2, itself.
Especially Disney, considering that some of their most popular signature cartoons came from raiding the public domain. (From what I understand, the copyright on Peter Pan had just *barely* lapsed.)
Slashdot Mirror
Since half of the responses are dedicated to lunacy, we have to add the third option to your two.
1: In the publicly-acknowledged laboratory, they test the theory and find that it works. But they announce that the theory doesn't work, and is false. Then they blow the laboratory up, and/or kill several researchers, citing fundamental and long-term practical problems with generating the super-intense magnetic fields necessary.
2: In the supser-secret government laboratory, they proceed to develop anti-gravity warp-drive spaceships.
3: Who needs PROFIT when you've got POWER!!!
See, it is possible to be facetious and serious at the same time. To be fair, this scenario is paraphrased from the "nano-forge" scenario (assembler, replicator, what ever you want to call it) in Joe Haldeman's "The Forever Peace."
For the moment, I'm going to lump a response to this together with "Skewed, Oh yeah..." thread ( http://it.slashdot.org/comments.pl?sid=173159&cid= 14409257 ) and say that it would be interesting to have a little better detail - for Windows and Linux both.
For instance, Windows has 2 distinct kernel families, Win9X and WinNT. Linux has 1. Within each of these families there is then versioning, Win95, Win98, WinME, WinNT, Win2k, WinXP, 2.4, 2.6, etc.
Beyond that, it appears that all Windows versions share things like GDI.dll (WMF, anyone?) while all Linux versions share things like glibc. Some are distinct, like Linux modutils, and I've heard that Windows has similar, but can't enumerate.
Then there are applications on top of both, both bundled with the OS, and not.
The CERT numbers are a mess, a disservice to all.
But back when "Nobody gets fired for buying IBM," there was an insinuation of it being a politically safe, but technically lesser solution.
One could easily make the same assertion about Microsoft, today. Or Intel, for that matter.
Complete agreement.
Incidentally, SELinux ain't no picnic, either. I'm using the Gentoo hardened SELinux, and it's got a rather outdated basic policy. When enforcing, everything not specifically permitted is forbidden. Meaning that I can only run software for which a policy exists. Which means that I can't move the server load to this machine, since I depend on several programs that don't yet have policies. (leafnode and dovecot, to name 2) In the next few months, they're going to get current on the base policy. I'll get more serious about learning then, and maybe write my own, where needed.
Perhaps I misspoke, but "by default" I meant without adding hardening stuff like SELinux, RSBAC, or GRSecurity.
I don't disagree with what you say, though. The point I was trying to make was that the stock WinXP kernel has better security features than the stock Linux kernel. That's completely ignoring the normal installation status of each. At this point, it's also worth mentioning that Linux *HAS* things like SELinux, RSBAC, GRSecurity, and such. Those things are kernel patches, but can be done by anyone sufficiently skilled. OTOH, Windows source is so closely held that even those outside Microsoft who can see it can't do the kind of experimentation with it that has produced the hardened Linux kernels.
Is the magnetron on the latter casemod still in place?
If so, this is the perfect computer for putting your music and movie downloads on. When the ??AA sends someone knocking at the door, just put it on bake.
The other bad mindset is the "this is a fancy appliance" attitude toward personal computers. I wish we could inspire a more car-like attitude. We all drive cars, but we also expect to keep them maintained. Different people do various levels of maintenance/repair themselves, from practically none to practically all. They also accept that they will hire a professional for some level of maintenance/repair, from practially all to practically none. There is very little business in the computer maintenance/repair business, and very few consumers actually do it. IMHO this is not good. The real problem is coming up with a maintenance plan that can be economical, yet effective.
The alternative is to turn most computers into appliances, but so far every attempt has failed.
I said capabilities, not practice. Read the rest of my post, where I go on to say that the Windows Culture pretty much completely undermines those capabilities. On the other hand, the Linux/Unix culture respects its security capabilities, or at least *mostly* has, so far. One thing I fear about Linux getting more popular is that it might bring some security-unconscious Windows developers over, and they may do some damage before getting a clue. I already fear/dislike run-as-root Linux distros.
Actually, until you bring in the hardened Linux stuff, Windows actually has *better* default security capabilities than Linux.
The problem is one of software culture. Windows has a software culture of full access, whereas Linux/Unix has a software culture of limited access. Even though Microsoft added much better security capabilities, the Windows culture doesn't take advantage of them. In practice, that means:
* The "owner" is Admin, by default. The separation between users and administrators is missing, by default. This is true even in the F500 company where I work.
* Software developers assume they have full access, sometimes even at runtime. Even some Microsoft software has this problem.
* Neat Stuff Rules! Let's face it, Windows is able to do some neat stuff, but the security implications of that neat stuff are frightening.
Now let's look at the Windows exploits historically. For a long time, Windows exploits were merely using the published APIs in "novel fashions." In other words, exploiting features, not bugs. Finding and exploiting bugs in Windows is actually comparatively recent. But with either, the tight integration that enables "Neat Stuff" increases the range of any exploit found. From another perspective, one route to security is compartmentalization, which is *difficult* to combine with tight integration.
It can be done, but it normally isn't done that way.
Obviously you know how to do this right, but you also know enough to avoid most of the problem situations.
The real problem is in taking the obvious steps you've suggested and roll them out more generally. THIS may well be the biggest security advantage of Linux/Unix/*bsd, not their low market share. They have cultures which begin with lesser access, rather than total access, as Windows does. Of course run-as-root Linux distros coming out scare and annoy me. (Is Linspire still run-as-root?)
I wasn't talking specifically about Homeland Security, I was talking about the behavior. Neglecting prevention is Congress' fault in this situation, but they are by no means the only ones guilty of it. IMHO, businesses are even more guilty of neglecting prevention, because it frequently fails cost analysis, and because we're so bad at doing a good job at factoring risk. If we were good at cost/risk analysis, prevention would get much better play.
Why do you blame this one on Congress?
From what I see, just about everyone works that way, especially corporations. I wouldn't single out Congress on this one.
Glad to see that somebody brought up "The Forever Peace."
Incidentally, there are FAR more interesting things in it than just the Soldierboys. (That's what he called the remote-operated exoskeletons.) In particular, there is a batch of Apocolyptics in the book that sounds disturbingly close to some of the people in the current administration. (Not bashing Bush, but some other fundamentalist elements.)
By the way, there IS a sequel to "The Forever War" called "Forever Free". Good book too, but in quite a different direction.
Since we're in the realm of fiction, and since you've brought up the philosophy of remote killing by bomb, it's time to bring up "Baron Munchausen" which had a bunch of ex-Pythons.
Specifically, there is a scene where our motley crew runs into Vulcan, and with pride he shows them one of his latest weapons of War. I forget what he called it, but it's obviously a nuclear missle, though he doesn't use the 'N' word. He says something to the effect of, "It kills your enemy. ALL of your enemy, and all of his family, and all of his manservants, and all of his maidservents, and all of his cattle, and all of his sheep..."
In most places this wouldn't be news, but this is Slashdot.
24.5 years ago, I picked up my bride and carried her across the threshold.
I didn't need an exoskeleton, either.
But they do care about their ability to police their own networks. They almost have enough expertise to almost handle Window and Mac. Add Linux and/or *bsd to the mix and many will be waaaaay out of their depth, and won't feel able to service. (Whether or not they're able to service Windows and Mac is a different question.)
To be fair, a rooted Linux box may well be far worse than a rooted Windows box.
"Left unattended, each could ultimately interrupt Microsoft's 25+ year run of growth and profits and leave the door open for younger, smaller, and more nimble competitors."
And the problem with this is????
It appears that what they're trying to say is that by addressing these Top 10 Challenges, Microsoft can prevent "younger, smaller, and more nimble competitors" from gaining a foothold in the marketplace. In other words, if Microsoft simply rests on its current monopoly status and continue to mis-execute, they're going to have some serious competition.
I still fail to see a problemhere , except for Microsoft shareholders and IT managers who have unwisely over-bought into Microsoft monoculture.
Or maybe they should rejuvenate yet again, and smash the competition, yet again. That'll make computing better for all of us. Right?
In the New World Order, you're down to just reason #1, the VPN.
As for #2, that's only for a fanatical minority, and they deserve longer waits, especially when they don't submit to the DRM "suggested" by our Information Overlords. And #3 shouldn't even be considered at all, because you're depriving telcos of their rightful revenue.
Good thing you didn't mention P2P, like some others have. That's just plain EVIL.
I say it somewhat facetiously, but really, #1 is the ONLY reason that TPTB will listen to for having even any sort of upstream bandwidth. Otherwise, I'd expect ADSL to become A-er with every passing year. That's really the model our Information Overlords would like us to have, enough upstream bandwidth to request the media they'll bill us for, and then ship downstream.
Actually, I guess #3 is sort of valid. It does require significant upstream bandwidth. It's just the routing and billing that are the REAL issues. As long as the right people are being paid well enough, you can have that bandwidth.
Let's just hope that they don't decide that VPN should be a value-add option. Remember that VPNs are usually for remote access to your place of employment, and "business services" are typically priced higher. They might decide to start mining your employer's pockets for more VPN revenue. At that point, upstream bandwidth, beyond that necessary to send email and media requests, becomes THE premium product.
It's not painful, I'd just rather keep the clutter out.
Plus perhaps I'm shorting KDE for what GNOME does, but...
I have one GNOME application installed, gnucash, and I've minimized the GNOME stuff I installed just to get that. (With USE flags, which gives away my distro.) At one point, I made the mistake of clicking the "Help" menu, and my simple, lightweight icewm desktop turned into GNOME. It took over my desktop in order to bring up Mozilla to show me help. Nor did it give it back, when I was done browsing the help.
IMHO, behavior like that is unforgivable. Unfortunately I have several years of financial data in gnucash, so moving to something else wouldn't be easy, even if I knew what to move to. Besides, my wife mostly knows how to use it, and she hates changing software.
As I said, perhaps I've prejudged KDE applications based on misbehaving GNOME ones.
KMail requires that you install a mess of stuff for KDE.
Evolution requires that you install a mess of stuff for GNOME.
Thunderbird requires that you install libc, gtk, and X11. If you prefer a stripped-down desktop, KMail and Evolution are non-starters.
You're right, in that they assume that everyone is guilty, and that's wrong.
But you're wrong, in a more important aspect - At least they're attacking the right problem, or at least your quote implies that they are. To wit, "want a tax for author rights to be paid by everyone..." Note that it didn't say, "pay the publishers so the publishers can pay the artists," though that's how it may well be implemented, and the second "pay" may well be replaced with "cheat". So while the end effects may not really help, at least the initial intent appears to be in the right place.
Here in the US, what we DO with legislation is all about preserving the ??AA's business model. The ??AA cry about their lost revenue, and our legislators cry about unpaid artists. (Presumably while receiving campaign contributions from the ??AA, and knowing exactly who is benefitting from the legislation.)
But at the base of it all the problem should remain this: How do we fund artists, so they'll keep making art?
So how long will it take us to get nVidia to support this with their evil, closed source drivers?
For that matter, even if there is R300 support, isn't it now 2 generations back?
Whether you're talking "Windows 2003 and Symantec Enterprise firewall. It will be running on an HP DL380 G4" or "OpenBSD on there. And scale down the hardware a lot" or even a heavy-duty appliance box, the cart is in front of the horse, here. Don't know if that's a reflection of the planning or your thinking.
Plan the maintenance policy, first. Even if you have a heavy-duty appliance box, which you'd like to think of as "install and forget", someone's got to keep on top of security alerts and firmware updates. Remember the good old security mantra, "Security is a process, not a product."
Keeping that in mind, it can affect a purchasing decision, too. "Windows 2003 and Symantec Enterprise firewall" is 2 products from 2 companies, and the OS is very complex, needs significant work to lock down to minimal function, and has had a steady feed of monthly updates. On the other hand, "OpenBSD on there" is 1 (Isn't pf part of the base?) product, has a much more proven security track record, a lower update rate, and comes configured more securely out of the box.
Normally, I don't believe the "Just let me put an OSS firewall in there on the cheap," argument. But in this particular case, and keeping in mind that ongoing maintenance should be part of ANY solution, I guess I'd have to side with OpenBSD + pf.
This assumes "Beagle 2" was rooted in the Peanuts metaphor.
OTOH, if "Beagle 2" was rooted in the Darwin metaphor, the crash could be construed as Creationist (or I.D.) revenge, or insufficient I.D. for Beagle 2, itself.
Especially Disney, considering that some of their most popular signature cartoons came from raiding the public domain. (From what I understand, the copyright on Peter Pan had just *barely* lapsed.)