Our entire business grinds to a halt if our electricity or internet connection goes down (happens about once per 18 months in the former, and maybe once per year for the latter, usually by about an hour or two). Literally, we go down the pub/play tiddly winks/whatever. About the only thing we can do is take customer calls - not that we can do much for them.
Using remote hardware isn't going to make us *more* than 100% reliant on our Internet connection.
The data issue is the deal-breaker for us, which is a shame, because being able to setup shop in another office in an emergency really easily and not having to fuck about with server hardware maintenance would be a real load off my mind.
Laziness + Arrogance could lead someone to do that. Consider this train of thought:
"I've got lots of open source software here I'm going to want to use this evening. It's going to be a minor inconvenience Googling for it and downloading it all. I know, I'm smart enough to easily and immediately pick out the open source from proprietary code, archive, compress and upload it to a remote server for instant access this evening"
Of course, if the truth was anything other than "I want to keep a copy of valuable code to prove I'm worth $1.2M" I'll eat my hat.
No, you're thinking (I kid! I kid!) of the word "patois". Pidgin is quite a good name for an IM client that can be used for many different, incompatible protocols.
All sorts of maritime search and rescue work. If your boat breaks down or capsizes, or your stuck in a downed plane, the RNLI will be the ones you want to see. Lifeguards on the other hand work from the beach and are concerned with bathers who get into trouble, usually swimming out and dragging back to shore.
Both involve lifesaving off the coast, but they're very different and shouldn't be confused. If you called a lifeboat crewman a lifeguard he'd smack you in the face.
Yes, but the progressions from Meeting->Dinner->Wait->Lawsuit seems a bit quick to jump into court.
Maybe he's just too pissed at this companies behaviour (which does seem pretty bad), but it seems to me the reasonable approach would have been to send a few letters explicitly asking for the code and seeing what -if anything - they respond with. If they don't give a satisfactory response then you think about using the courts.
Lawsuits are only good for lawyers. They should be a last resort.
Try this one: 'No. Because it's a freaking LOCAL EXPLOIT and nearly no-one uses Linux for multi-user systems now that everyone can afford their OWN FREAKING COMPUTER.' Good lord, kids these days, gotta teach them everything.
Well we have a handful of people who use ssh to tunnel into some internal services - it's more convenient than a VPN and I don't think it's too uncommon.
With a well administered server, and a small trusted set of users I still don't think it presents much threat. I don't think it will take too many more of these to undermine peoples confidence in Linux security.
No, security by obscurity is when you try to make something secure by purposefully obscuring it, (say you have an admin page on your site at http://mysite/mysecretadminpagethathasnopassword, or you have a known exploitable security issue and you keep it quiet instead of fixing it). Note that the 'obscurity' is something you introduce purposefully in a misguided attempt to secure a system. Having a privilege escalation bug which through bad luck/poor testing nobody goes unnoticed or unreported to the dev team for this long is either bad luck or evidence of sloppy work/poor testing/bad dev practices etc.
As for saying that a vulnerability is not a security issue if it hasn't been discovered: I guess that's technically true, but you have to be mindful of the fact that you have no way of knowing if or when it was discovered - particularly for one this old. Certainly when comparing different OS projects you could analyse the number, severity, time from public disclosure to patch and total time in the wild of security bugs to estimate how secure they are compared to each other.
My personal take on this specific issue is that if Linux were prominent on desktops this would be a moderate headache, but as things stand it's mostly just compounds vulnerabilities in userland apps on servers, and further exposes poorly administered servers.
Do you mean an exploit to run arbitrary code as the apache user? How is that different from a (presumably improbable) feature bug in Wordpress that allows you to run applications?
Cow evolution has been driven by unnatural selection for a long time. We've sculpted the animal to be naturally docile. If the dumb tail waggin variety are more likely to reproduce curtesy of our intervention, then you get a race of big dumb cows.
Less interestingly but more practically - it's not like a cow ever came back from the slaughterhouse to warn the rest of them!
True, but I think they'll always be a large set of users who will never move away from what is installed be default - you need to target PC manufacturers to get these people off IE.
Still, it's going to be a long time yet before IE6 *finally* dies
Slashdot Mirror
Really? When I search Google for that phrase now it just finds your comment. That's damn impressive from Google.
Our entire business grinds to a halt if our electricity or internet connection goes down (happens about once per 18 months in the former, and maybe once per year for the latter, usually by about an hour or two). Literally, we go down the pub/play tiddly winks/whatever. About the only thing we can do is take customer calls - not that we can do much for them.
Using remote hardware isn't going to make us *more* than 100% reliant on our Internet connection.
The data issue is the deal-breaker for us, which is a shame, because being able to setup shop in another office in an emergency really easily and not having to fuck about with server hardware maintenance would be a real load off my mind.
Jeez, for the last time: I'm sorry I put you on those spam lists. Let it go man, let it go.
Congrats on quoting trolls and getting modded down. You sir are a fucking retard.
Mister, you just saved me a fortune in medical bills!
Do you mean to imply that an upgrade from 10.x to 10.x+1 is a service pack, or something less naive?
No. This is not a laughing matter!
Your cerebral cortex is something like a big pile of unwound yo-yos
Yeah, great. Thanks for clearing that one up Slashdot.
No, you just head "Shebangmna!" That's the sound of someone demonstrating why an omission makes something satirically funny.
Watching Heaven's gate made me want to go "Heaven's Gate", so there is a connection
Of course, but remember to make sure that you own them under the terms of your contract.
Laziness + Arrogance could lead someone to do that. Consider this train of thought:
"I've got lots of open source software here I'm going to want to use this evening. It's going to be a minor inconvenience Googling for it and downloading it all. I know, I'm smart enough to easily and immediately pick out the open source from proprietary code, archive, compress and upload it to a remote server for instant access this evening"
Of course, if the truth was anything other than "I want to keep a copy of valuable code to prove I'm worth $1.2M" I'll eat my hat.
yew must b gnu hear!
Dont. Please, please just don't
A little, doesn't vibrate though.
No, you're thinking (I kid! I kid!) of the word "patois". Pidgin is quite a good name for an IM client that can be used for many different, incompatible protocols.
Can you be charged with breaking and entering a house that has the door left wide open?
Who cares? That has about as much to do with this story as theft does with copyright violations.
Come out here and show yourself. BE A MAN GRRR!!
All sorts of maritime search and rescue work. If your boat breaks down or capsizes, or your stuck in a downed plane, the RNLI will be the ones you want to see. Lifeguards on the other hand work from the beach and are concerned with bathers who get into trouble, usually swimming out and dragging back to shore.
Both involve lifesaving off the coast, but they're very different and shouldn't be confused. If you called a lifeboat crewman a lifeguard he'd smack you in the face.
Yes, but the progressions from Meeting->Dinner->Wait->Lawsuit seems a bit quick to jump into court.
Maybe he's just too pissed at this companies behaviour (which does seem pretty bad), but it seems to me the reasonable approach would have been to send a few letters explicitly asking for the code and seeing what -if anything - they respond with. If they don't give a satisfactory response then you think about using the courts.
Lawsuits are only good for lawyers. They should be a last resort.
Try this one: 'No. Because it's a freaking LOCAL EXPLOIT and nearly no-one uses Linux for multi-user systems now that everyone can afford their OWN FREAKING COMPUTER.' Good lord, kids these days, gotta teach them everything.
Well we have a handful of people who use ssh to tunnel into some internal services - it's more convenient than a VPN and I don't think it's too uncommon.
With a well administered server, and a small trusted set of users I still don't think it presents much threat. I don't think it will take too many more of these to undermine peoples confidence in Linux security.
No, security by obscurity is when you try to make something secure by purposefully obscuring it, (say you have an admin page on your site at http://mysite/mysecretadminpagethathasnopassword, or you have a known exploitable security issue and you keep it quiet instead of fixing it). Note that the 'obscurity' is something you introduce purposefully in a misguided attempt to secure a system. Having a privilege escalation bug which through bad luck/poor testing nobody goes unnoticed or unreported to the dev team for this long is either bad luck or evidence of sloppy work/poor testing/bad dev practices etc.
As for saying that a vulnerability is not a security issue if it hasn't been discovered: I guess that's technically true, but you have to be mindful of the fact that you have no way of knowing if or when it was discovered - particularly for one this old. Certainly when comparing different OS projects you could analyse the number, severity, time from public disclosure to patch and total time in the wild of security bugs to estimate how secure they are compared to each other.
My personal take on this specific issue is that if Linux were prominent on desktops this would be a moderate headache, but as things stand it's mostly just compounds vulnerabilities in userland apps on servers, and further exposes poorly administered servers.
Do you mean an exploit to run arbitrary code as the apache user? How is that different from a (presumably improbable) feature bug in Wordpress that allows you to run applications?
Yes, but only slightly more inconvenient. Damn script kiddies!
Cow evolution has been driven by unnatural selection for a long time. We've sculpted the animal to be naturally docile. If the dumb tail waggin variety are more likely to reproduce curtesy of our intervention, then you get a race of big dumb cows.
Less interestingly but more practically - it's not like a cow ever came back from the slaughterhouse to warn the rest of them!
People are choosing to get an alternative
True, but I think they'll always be a large set of users who will never move away from what is installed be default - you need to target PC manufacturers to get these people off IE.
Still, it's going to be a long time yet before IE6 *finally* dies