The last problem is that I'm never "off-duty". When you work in a formal office environment, people are very hesitant to call if you're not in the office. (There's a social barrier.) When you're telecommuting and they always interact with you over the phone, they can't tell that you're trying to be off-duty. Learning to say "no" helps a lot though.
Yeah. I understand. I've solved this by having three phone lines.
1) My home phone. Just for friends and the like. Nobody I work with/for *EVER* gets this number. Ever.
2) My work phone. It's on the business card. It's on the website. Anybody I work with/for gets this number, and ONLY this number.
3) My cell phone. It's mentioned on the answering message for the business phone, along with "if this is an *emergency*, call...". I don't go *anywhere* without this on my waist.
I routinely ignore the business line on weekends / after hours. If it's important, they call the cell phone. This provides that social hesitance which is all I need to have peace on the weekends and after hours, while still being available if a server goes down. (Though, in most cases, I'd already know from a Big Brother alert.
As far as "decompression time" - I go for a jog. It's healthy, decompressing, and relieving. (Yes, I run with a cell phone!)
Unlike other operating systems (cough Windows cough), Linux doesn't really 'degrade' over time. It may get cluttered, but it continues to work just fine.
My main workstation has had the same filesystem since late 1998. I've got every email in KMail from KDE 1.2, and I've upgraded from RedHat 5.2 to Red Hat 9 without a hitch.
It's almost amazing how easy it is to upgrade your home directory. I used to be a windows person, and I've honestly been shocked at how UN-upgradable Windows can be!
The stability of even "cutting edge" distros can get quite intoxicating after a while...
You can trademark common english words if the product/service the trademark will be put on is not related to the meaning of the word.
All true and correct. But this doesn't explain how "Windows" really justifies its trademark. A "window" in computer parlance means what we all think it is - a program in a box on a screen. Thus, "X-Windows". How can it be claimed that a "Window" (and thus "Windows") is not a generic term?
Watching the Lindows trademark suit may be *very* interesting, if Lindows goes on the offensive and has the resources to pull it off...
Linux is clearly being taken seriously. It's pounding the competition in the server space, and it's beginning to make serious inroads to the desktop.
Desktop Linux stories carry some interest to me, but on a server? That's old hat, old news, and very much humdrum.
This article really should be more about the cluster of Itanium chips, which actually determine the speed of the system, rather than "it runs Linux!" which in this case is largely irrelevant.
Linux is as responsible for the success of this as a dog is responsible for the bus that hit it. Similar results could easily be obtained, I'm sure, with any number of BSD variants, or other *nixes compiled to run on Itanium.
This would have been news 3 years ago, but today? Bah!
However, I think the challenge for open source is that often times several different groups are writing competing code for competing projects will little consideration of the massive duplication (witness many distributions of Linux, many of which are functionally identical) in efforts. The successful projects in the open source world are projects that can agree on standards, organize factions of programmers, and distribute to a wide audience.
At first, this seems like a terrible waste of effort - except that by working in parallel, different ideas can be tried. The more ideas that get tried, the more quickly the bad ideas can be weeded out, and the more rapid the progress.
I, too, once upon a time agreed with you. But, I've seen the light. Even though I'm quite set on using Linux, I appreciate the BSDs as contributionary cousins, and though I use KDE as my desktop, I've written plenty of software using GTK.
Parallel is OK! Really! Over time, the winning ideas will accumulate and gain steam (Konqueror, Mozilla, Open Office, Apache, Perl/PHP/Python, My/PostgreSQL, etc) while the others provide valuable lessons. (EG: The thousands of dead projects on SourceForge)
Ok, so go ask Average User how fast the CPU in the HP Pavilion 3000+ is. Odds are they'll say 3.0 GHz, which isn't true but is proof of AMD's success in "looking good on paper".
So, I have an Athlon XP 2000+. I have no qualms about describing it as a "2 Ghz Athlon" because:
Intel has made clockspeed "the" indicator of processor performance,
AMD has provided an *accurate* method of comparing real-world performance of their Athlons to Intel's clockspeed, and
The chip says "2000" on it. Wouldn't that mean 2 Ghz?
I know full well and understand that it actually runs at 1.66 whatever Ghz. But truth be told, I really don't care. 2 Ghz describes it well enough, and since my 2 Ghz compares quite well against an Intel P4 2Ghz, it's "good enough".
And it doesn't look good just on paper. AMD's "2 Ghz" generally performs very close to, and usually better than, Intel's "2 Ghz". I don't apologize for my Athlon's "2 Ghz" not being "real", as I might have for a Via C3 or perhaps the Cx 6x86. (anybody remember those?)
With this in mind, it's easy to be vigorous in defending the legal rights of somebody you detest. It's not self-interest, it's moral duty.
Moral duty or not... I doubt that it's easy.
It'd be much easier (IMHO IANAL and all that) to defend a mass murder as a court-appointed rep than to bald-face lie repeated, in self-contradictory terms to newspapers and media day after day.
Darl seems to be of the same mindset as lawyers who defend mass murderers.
Not the same at *all*. A lawyer who defends a mass murderer is almost always appointed by the court. This lawyer is there to ensure that the legal rights of the defendant are secured. It's a basic and fundamental part of how our legal system works.
With this in mind, it's easy to be vigorous in defending the legal rights of somebody you detest. It's not self-interest, it's moral duty.
On the other hand, McBride is in a different ballpark altogether. Here's somebody who's clearly seeking personal gain at other's expense.
We're talking about something worse than a scum-sucking lawyer... the PR man!
While a dictionary of first names will allow some machine weeding, could a 95% coverage of last names be built? What percent coverage of last names is needed to keep a mortgage spammer from being dumped by the mortgage spammer? What's the distribution of last names? Help me out, Slashdot.
There's no way to answer that - what software would the weeder be using? Can you let me peruse its source?
Geez. I thought so.
However, I downloaded a list of the top 1000 most common last names, and the top 1000 mail / female names from the US Census for some research I did on personal domain names.
Sounds like some of the code I wrote to manipulate this list (all PHP) might be useful?
People want to look at members of the opposite sex in the nude and somehow manage to function in everyday life. It's been an issue ever since there've been the sexes.
I've clearly expressed my concerns about pornography to my 14 Y.O. children, and they have a computer in their room. I've not told them that I'm afraid that they might look at it. Instead, I've told them about the effects of pornography - victimization and objectification of the opposite sex, brief examples of the horror that porn "actors" and "actresses" have to go through, and the effects of irresponsible sex. (have a baby, venereal disease, etc)
The only rule that I've ever established is that I don't want to catch them looking at stuff they wouldn't see on a beach - EG: swimsuits are OK, but not much less than that.
I figure that every 15 Y.O. kid has a hustler or something stashed away, though I wouldn't tell them that until they're asking me about this stuff in respect to their kids.
And, I've seen no issues or problems so far - the computer's been in their room for about a year.
Remember when you were 15 - what did you look at? Your kids aren't stupid, why do you not trust your kids to make intelligent decisions? Give them the facts, and make a few restrictions so that a bad decision on their part won't violate the sanctity in your home.
Most of all, *TRUST YOUR CHILDREN*. They are intelligent people, too!
Actually it's closer to $.10 these days. Anyone paying $1-$5 is getting ripped off big time.
It depends on what *exactly* you are paying for.
It costs less than $0.10 to produce a can of soda in volume. Yet most people routinely pay $0.50, $0.75, even $1.00 or more for it. Why?
Because it's not the can of soda you're paying for - it's the convenience of delivery. It's there, in your local store, just around the corner from your office, home, or wherever you like to shop.
You're not going to run across town because you can save $0.88 on your next 6-pack of soda. For little guys, convenience is routinely a much larger part of the equation than price per unit.
If you are a smaller ISV, (Independent Service Provider, in case you didn't know) convenience is *far* more important than cost per GB.
I'm *happy* to pay $1-3 per GB, if the next DDoS attack is filtered out by a qualified network technician in the hosting facility while I peacefully sleep. I'm *happy* to pay this price if there's somebody there, day or night, to help me when something goes wrong. I'm not at all hesitant to pay this if I know that I can handle any reasonable traffic spike, anytime, day or night, without having to buy new hubs, switches, and routers.
On the other hand, if I was/., and had to deliver a truly massive quantity of traffic every day, the metrics of the business equation suddenly change rather dramatically in favor of price/unit. If you deliver 70 GB per hour instead of 200 GB per month, things become quite different quite quickly.
A good price can be *alot* more than just calculating price per unit, particularly when the unit count is small. Just remember what you are *really* paying for.
They are now holding a fundraiser to cover the multimillion dollar bandwidth costs of three hours of video on SLASHDOT.
Come on, buddy. At any decent hosting facility, the *real* cost of bandwidth is around $0.50 per GB of network transfer. The "retail" cost is usually anywhere from $1/$5 per GB, depending on other options.
Bandwidth isn't free, but it's actually quite reasonable.
I donno about anyone else, but twice now the SOSDG's main web server has been Slashdotted, and it didn't even cough. Its on a 1.5/256 DSL line.
Of course, it didn't even cough. It's only serving 256 Kbps of bandwidth! A Pentium 75 running Apache can saturate a 10 Mbps network with static page requests and never hit a high load average!
I mean, for static requests, the code in Apache might as well be:
$fp=fopen($sourcefile, 'r'); while (fwrite($stdout, fgets($fp, 1024)))
{} fclose($fp);
At which point the *only* bottleneck is I/O.
The question is really: How many people never saw your website due to the anemic bandwidth?
I find that I'm getting spoiled by the goodies of Linux as an Admin.
Windows locks files that are open. Linux creates references to open files.
What does that mean?
On Linux, I can update a script or command that's busy running, right on a production system, while 100 people are busy using that very command. The changes have no effect on running copies, and the updated script/command takes effect the next time somebody wants to use it. The result is a seamless and magical upgrade that just sortof "appears" before the end user.
Can't do that on Windows.
On Linux, I can do a full system backup, and include every file in the state its in as of the moment of the backup, even if it's being edited, or is in some way open for editing.
Can't do that on Windows.
These are *critical* functions - backups, updates, and the like. You can probably well imagine the pain of shutting down 100 people on a Windows server so that you can make a minor script update - many of you don't have to imagine!
so, incredulously, he asks whether bug research is a criminal act and bug researchers criminals.
Unfortunately, the answer today in America is a simple "yes". that is, unless you feel like researching and then hoarding your findings.
A mild short-sightedness in the DMCA
I don't subscribe to the oft-held (here) view that computer hacking isn't a crime. It is. However, there is "white" hacking, and that should NOT be illegal. But, the DMCA makes no provision for white-hat hacking.
Imagine how different things might be if there was a provision in the case that:
1) A company has a clearly posted email address or bug submission system;
2) A person submits a bug as a "critical security issue", with exploit code if available;
3) The company has 60 days to respond with patches/updates;
4) After 60 days, the bug posted verbatim can be considered public domain. Further disclosure or expounding on the bug by the instigator would not be allowed.
This protocol would provide a reasonable vehicle wherein a company can be notified of an issue and have a reasonable amount of time to correct it, and at the same time, the researcher has a clear CYA path to full disclosure for the public benefit.
are we setting a dangerous precedent here with regard to FAA authority? Do they have full authority of all known space farther than 6370km from Earth's core?
I don't think the FAA is trying to regulate outer space. If they were, then the recent Chinese mission would have had to be licensed by the FAA.
Fat chance.
But, you have to get from here to there, and if you are doing that in the atmospheric space that is immediately over the USA, you need to talk to the FAA.
On a final note, I don't think anything really needs to be said about how his paper on "open source software licensing" is somehow evidence of culpability. A hefty roll of the eyes goes out to the genius who thought that up.
I disagree. I'm not saying it's *correct* or anything, but the ideas behind free software are incomprehensible to non-programmers, and are therefore easily lumped together with piracy.
Remember, if you can't understand it, it's bad, or otherwise wrong, somehow. And the idea that you should have rights to software for *free* sounds an awful lot like piracy to many average Joes.
To prove my point that this will never happen, I have an example. Out of the 40 people that started a Java class in my college, only 6 of us finished it. 34 couldn't keep pace and couldn't understand it. The class wasn't that hard. One chapter a week, and one little app a week to re-enforce the chapter's materials. How is 'everyone' going to learn programming if that many can't hack a beginning class?
The strange thing is that computer programming is getting both hard and easier at the same time.
Things that were traditionally difficult are now easier than ever. However, the things that are expected of computers today make yesteryear's problems pale.
As languages evolve new capabilities, expectations rise to meet them - and the net effect is that the power of computing never really makes it to the average Joe.
So the use of the word geek does not make the article loose validity.
However, she not even ONE TIME confused "loose" (as in "Whoa, she's a loose chick!" with "lose" (as in "I'm going to lose my loose chick because I'm such a geek")
Thus, it's clear she's not a real geek... GET LOOST YOU POSEUR!
I'm more worried that someone a half mile away who has nothing better to do on their weekend is gonna try to spy on people for the hell of it then someone 57 miles away who works for the Telco and if they choose to peek in on peoples porn^H^H^H^Hweb surfing risks their job.
Then you have an inaccurate assessment of risk. Try this. Get a list of every email address you've gotten an email from in the past 2 years. If you have a Linux box, this is a simple regex to your ~/Mail folder.
Now, write a quick script that attempts to connect to each of the ISPs responsible for each of these addresses, and tries to login with any of 20 or so passwords... STARTING WITH THE SAME PASSWORD AS THE LOGIN NAME.
I'd bet that the odds are greater than 50/50 if you have *any* decent number of email addresses, that you'll get a match.
Add to this simple, freely downloaded mining scripts that mine websites and/or usenet for email addies, and you have a virtual guarantee of free Internet service for life in an afternoon's work.
I'm not advocating that you shouldn't be secure - I'm merely stating the obvious. Basic precautions - reasonable passwords, enabling the encryption on wifi, etc. when done as intended will provide a surprisingly adequate degree of security.
When faced with these simple, preventative steps, most of your problems move on to greener pastures.
Guys, wifi is limited in scope to that which is not more than a few hundred yards from the access point. The password doesn't have to stop everybody, just everybody not too far away.
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at/.?
The last problem is that I'm never "off-duty". When you work in a formal office environment, people are very hesitant to call if you're not in the office. (There's a social barrier.) When you're telecommuting and they always interact with you over the phone, they can't tell that you're trying to be off-duty. Learning to say "no" helps a lot though.
...". I don't go *anywhere* without this on my waist.
Yeah. I understand. I've solved this by having three phone lines.
1) My home phone. Just for friends and the like. Nobody I work with/for *EVER* gets this number. Ever.
2) My work phone. It's on the business card. It's on the website. Anybody I work with/for gets this number, and ONLY this number.
3) My cell phone. It's mentioned on the answering message for the business phone, along with "if this is an *emergency*, call
I routinely ignore the business line on weekends / after hours. If it's important, they call the cell phone. This provides that social hesitance which is all I need to have peace on the weekends and after hours, while still being available if a server goes down. (Though, in most cases, I'd already know from a Big Brother alert.
As far as "decompression time" - I go for a jog. It's healthy, decompressing, and relieving. (Yes, I run with a cell phone!)
Unlike other operating systems (cough Windows cough), Linux doesn't really 'degrade' over time. It may get cluttered, but it continues to work just fine.
My main workstation has had the same filesystem since late 1998. I've got every email in KMail from KDE 1.2, and I've upgraded from RedHat 5.2 to Red Hat 9 without a hitch.
It's almost amazing how easy it is to upgrade your home directory. I used to be a windows person, and I've honestly been shocked at how UN-upgradable Windows can be!
The stability of even "cutting edge" distros can get quite intoxicating after a while...
You can trademark common english words if the product/service the trademark will be put on is not related to the meaning of the word.
All true and correct. But this doesn't explain how "Windows" really justifies its trademark. A "window" in computer parlance means what we all think it is - a program in a box on a screen. Thus, "X-Windows". How can it be claimed that a "Window" (and thus "Windows") is not a generic term?
Watching the Lindows trademark suit may be *very* interesting, if Lindows goes on the offensive and has the resources to pull it off...
Linux is clearly being taken seriously. It's pounding the competition in the server space, and it's beginning to make serious inroads to the desktop.
Desktop Linux stories carry some interest to me, but on a server? That's old hat, old news, and very much humdrum.
This article really should be more about the cluster of Itanium chips, which actually determine the speed of the system, rather than "it runs Linux!" which in this case is largely irrelevant.
Linux is as responsible for the success of this as a dog is responsible for the bus that hit it. Similar results could easily be obtained, I'm sure, with any number of BSD variants, or other *nixes compiled to run on Itanium.
This would have been news 3 years ago, but today? Bah!
However, I think the challenge for open source is that often times several different groups are writing competing code for competing projects will little consideration of the massive duplication (witness many distributions of Linux, many of which are functionally identical) in efforts. The successful projects in the open source world are projects that can agree on standards, organize factions of programmers, and distribute to a wide audience.
At first, this seems like a terrible waste of effort - except that by working in parallel, different ideas can be tried. The more ideas that get tried, the more quickly the bad ideas can be weeded out, and the more rapid the progress.
I, too, once upon a time agreed with you. But, I've seen the light. Even though I'm quite set on using Linux, I appreciate the BSDs as contributionary cousins, and though I use KDE as my desktop, I've written plenty of software using GTK.
Parallel is OK! Really! Over time, the winning ideas will accumulate and gain steam (Konqueror, Mozilla, Open Office, Apache, Perl/PHP/Python, My/PostgreSQL, etc) while the others provide valuable lessons. (EG: The thousands of dead projects on SourceForge)
So, I have an Athlon XP 2000+. I have no qualms about describing it as a "2 Ghz Athlon" because:
I know full well and understand that it actually runs at 1.66 whatever Ghz. But truth be told, I really don't care. 2 Ghz describes it well enough, and since my 2 Ghz compares quite well against an Intel P4 2Ghz, it's "good enough".
And it doesn't look good just on paper. AMD's "2 Ghz" generally performs very close to, and usually better than, Intel's "2 Ghz". I don't apologize for my Athlon's "2 Ghz" not being "real", as I might have for a Via C3 or perhaps the Cx 6x86. (anybody remember those?)
With this in mind, it's easy to be vigorous in defending the legal rights of somebody you detest. It's not self-interest, it's moral duty.
Moral duty or not... I doubt that it's easy.
It'd be much easier (IMHO IANAL and all that) to defend a mass murder as a court-appointed rep than to bald-face lie repeated, in self-contradictory terms to newspapers and media day after day.
Darl seems to be of the same mindset as lawyers who defend mass murderers.
Not the same at *all*. A lawyer who defends a mass murderer is almost always appointed by the court. This lawyer is there to ensure that the legal rights of the defendant are secured. It's a basic and fundamental part of how our legal system works.
With this in mind, it's easy to be vigorous in defending the legal rights of somebody you detest. It's not self-interest, it's moral duty.
On the other hand, McBride is in a different ballpark altogether. Here's somebody who's clearly seeking personal gain at other's expense.
We're talking about something worse than a scum-sucking lawyer... the PR man!
Oh, and don't forget:
Ctl-K B - start highlight,
Ctl-K K - end highlight
Ctl-K D - Delete highlighted text.
Ugh! I hated it. I always used the shareware PC-Write by QuickSoft. The link here provides a neat little historical summary of the WP.
If anybody ported *that* to Linux, I'd be in hog heaven... Shift-Ctl-Backspace would finally do what it should!
While a dictionary of first names will allow some machine weeding, could a 95% coverage of last names be built? What percent coverage of last names is needed to keep a mortgage spammer from being dumped by the mortgage spammer? What's the distribution of last names? Help me out, Slashdot.
There's no way to answer that - what software would the weeder be using? Can you let me peruse its source?
Geez. I thought so.
However, I downloaded a list of the top 1000 most common last names, and the top 1000 mail / female names from the US Census for some research I did on personal domain names.
Sounds like some of the code I wrote to manipulate this list (all PHP) might be useful?
-Ben
People want to look at members of the opposite sex in the nude and somehow manage to function in everyday life. It's been an issue ever since there've been the sexes.
I've clearly expressed my concerns about pornography to my 14 Y.O. children, and they have a computer in their room. I've not told them that I'm afraid that they might look at it. Instead, I've told them about the effects of pornography - victimization and objectification of the opposite sex, brief examples of the horror that porn "actors" and "actresses" have to go through, and the effects of irresponsible sex. (have a baby, venereal disease, etc)
The only rule that I've ever established is that I don't want to catch them looking at stuff they wouldn't see on a beach - EG: swimsuits are OK, but not much less than that.
I figure that every 15 Y.O. kid has a hustler or something stashed away, though I wouldn't tell them that until they're asking me about this stuff in respect to their kids.
And, I've seen no issues or problems so far - the computer's been in their room for about a year.
Remember when you were 15 - what did you look at? Your kids aren't stupid, why do you not trust your kids to make intelligent decisions? Give them the facts, and make a few restrictions so that a bad decision on their part won't violate the sanctity in your home.
Most of all, *TRUST YOUR CHILDREN*. They are intelligent people, too!
Yeah. ISV="Independent Service Vendor"... my bad. We write and host custom software for SMB...
Actually it's closer to $.10 these days. Anyone paying $1-$5 is getting ripped off big time.
/., and had to deliver a truly massive quantity of traffic every day, the metrics of the business equation suddenly change rather dramatically in favor of price/unit. If you deliver 70 GB per hour instead of 200 GB per month, things become quite different quite quickly.
It depends on what *exactly* you are paying for.
It costs less than $0.10 to produce a can of soda in volume. Yet most people routinely pay $0.50, $0.75, even $1.00 or more for it. Why?
Because it's not the can of soda you're paying for - it's the convenience of delivery. It's there, in your local store, just around the corner from your office, home, or wherever you like to shop.
You're not going to run across town because you can save $0.88 on your next 6-pack of soda. For little guys, convenience is routinely a much larger part of the equation than price per unit.
If you are a smaller ISV, (Independent Service Provider, in case you didn't know) convenience is *far* more important than cost per GB.
I'm *happy* to pay $1-3 per GB, if the next DDoS attack is filtered out by a qualified network technician in the hosting facility while I peacefully sleep. I'm *happy* to pay this price if there's somebody there, day or night, to help me when something goes wrong. I'm not at all hesitant to pay this if I know that I can handle any reasonable traffic spike, anytime, day or night, without having to buy new hubs, switches, and routers.
On the other hand, if I was
A good price can be *alot* more than just calculating price per unit, particularly when the unit count is small. Just remember what you are *really* paying for.
-Ben
They are now holding a fundraiser to cover the multimillion dollar bandwidth costs of three hours of video on SLASHDOT.
Come on, buddy. At any decent hosting facility, the *real* cost of bandwidth is around $0.50 per GB of network transfer. The "retail" cost is usually anywhere from $1/$5 per GB, depending on other options.
Bandwidth isn't free, but it's actually quite reasonable.
Multimillion?
The World Wide Web is NOT the internet.
The World Wide Web is NOT the internet.
The World Wide Web is NOT the internet.
The World Wide Web is NOT the internet.
Eh... people who repeat themselves aren't necessarily any smarter than those who make their point once.
I donno about anyone else, but twice now the SOSDG's main web server has been Slashdotted, and it didn't even cough. Its on a 1.5/256 DSL line.
Of course, it didn't even cough. It's only serving 256 Kbps of bandwidth! A Pentium 75 running Apache can saturate a 10 Mbps network with static page requests and never hit a high load average!
I mean, for static requests, the code in Apache might as well be:
$fp=fopen($sourcefile, 'r');
while (fwrite($stdout, fgets($fp, 1024)))
{}
fclose($fp);
At which point the *only* bottleneck is I/O.
The question is really: How many people never saw your website due to the anemic bandwidth?
Answer that, and then you have something to say.
I find that I'm getting spoiled by the goodies of Linux as an Admin.
Windows locks files that are open. Linux creates references to open files.
What does that mean?
On Linux, I can update a script or command that's busy running, right on a production system, while 100 people are busy using that very command. The changes have no effect on running copies, and the updated script/command takes effect the next time somebody wants to use it. The result is a seamless and magical upgrade that just sortof "appears" before the end user.
Can't do that on Windows.
On Linux, I can do a full system backup, and include every file in the state its in as of the moment of the backup, even if it's being edited, or is in some way open for editing.
Can't do that on Windows.
These are *critical* functions - backups, updates, and the like. You can probably well imagine the pain of shutting down 100 people on a Windows server so that you can make a minor script update - many of you don't have to imagine!
Man I'm glad I jumped the MS ship...
so, incredulously, he asks whether bug research is a criminal act and bug researchers criminals.
Unfortunately, the answer today in America is a simple "yes". that is, unless you feel like researching and then hoarding your findings.
A mild short-sightedness in the DMCA
I don't subscribe to the oft-held (here) view that computer hacking isn't a crime. It is. However, there is "white" hacking, and that should NOT be illegal. But, the DMCA makes no provision for white-hat hacking.
Imagine how different things might be if there was a provision in the case that:
1) A company has a clearly posted email address or bug submission system;
2) A person submits a bug as a "critical security issue", with exploit code if available;
3) The company has 60 days to respond with patches/updates;
4) After 60 days, the bug posted verbatim can be considered public domain. Further disclosure or expounding on the bug by the instigator would not be allowed.
This protocol would provide a reasonable vehicle wherein a company can be notified of an issue and have a reasonable amount of time to correct it, and at the same time, the researcher has a clear CYA path to full disclosure for the public benefit.
Why don't we all push for *that*!?
dd if=/dev/random of=/dev/hdb1
Shouldn't this be...
dd if=/dev/urandom of=/dev/hdb1
urandom provides a better random number, right?
You've just seen the benefits of OpenSource (TM) at work!
are we setting a dangerous precedent here with regard to FAA authority? Do they have full authority of all known space farther than 6370km from Earth's core?
I don't think the FAA is trying to regulate outer space. If they were, then the recent Chinese mission would have had to be licensed by the FAA.
Fat chance.
But, you have to get from here to there, and if you are doing that in the atmospheric space that is immediately over the USA, you need to talk to the FAA.
On a final note, I don't think anything really needs to be said about how his paper on "open source software licensing" is somehow evidence of culpability. A hefty roll of the eyes goes out to the genius who thought that up.
I disagree. I'm not saying it's *correct* or anything, but the ideas behind free software are incomprehensible to non-programmers, and are therefore easily lumped together with piracy.
Remember, if you can't understand it, it's bad, or otherwise wrong, somehow. And the idea that you should have rights to software for *free* sounds an awful lot like piracy to many average Joes.
To prove my point that this will never happen, I have an example. Out of the 40 people that started a Java class in my college, only 6 of us finished it. 34 couldn't keep pace and couldn't understand it. The class wasn't that hard. One chapter a week, and one little app a week to re-enforce the chapter's materials. How is 'everyone' going to learn programming if that many can't hack a beginning class?
The strange thing is that computer programming is getting both hard and easier at the same time.
Things that were traditionally difficult are now easier than ever. However, the things that are expected of computers today make yesteryear's problems pale.
As languages evolve new capabilities, expectations rise to meet them - and the net effect is that the power of computing never really makes it to the average Joe.
This is news?
So the use of the word geek does not make the article loose validity.
However, she not even ONE TIME confused "loose" (as in "Whoa, she's a loose chick!" with "lose" (as in "I'm going to lose my loose chick because I'm such a geek")
Thus, it's clear she's not a real geek... GET LOOST YOU POSEUR!
I'm more worried that someone a half mile away who has nothing better to do on their weekend is gonna try to spy on people for the hell of it then someone 57 miles away who works for the Telco and if they choose to peek in on peoples porn^H^H^H^Hweb surfing risks their job.
Then you have an inaccurate assessment of risk. Try this. Get a list of every email address you've gotten an email from in the past 2 years. If you have a Linux box, this is a simple regex to your ~/Mail folder.
Now, write a quick script that attempts to connect to each of the ISPs responsible for each of these addresses, and tries to login with any of 20 or so passwords... STARTING WITH THE SAME PASSWORD AS THE LOGIN NAME.
I'd bet that the odds are greater than 50/50 if you have *any* decent number of email addresses, that you'll get a match.
Add to this simple, freely downloaded mining scripts that mine websites and/or usenet for email addies, and you have a virtual guarantee of free Internet service for life in an afternoon's work.
I'm not advocating that you shouldn't be secure - I'm merely stating the obvious. Basic precautions - reasonable passwords, enabling the encryption on wifi, etc. when done as intended will provide a surprisingly adequate degree of security.
When faced with these simple, preventative steps, most of your problems move on to greener pastures.
Guys, wifi is limited in scope to that which is not more than a few hundred yards from the access point. The password doesn't have to stop everybody, just everybody not too far away.
/.?
That limits the damage scope of a malicious party to that within a half a mile of their present location.
The *same* limitations of passwords on the public Internet, however, are much more likely to be damaging. Let me give an example...
How many people use email with pop3 over the Internet? Not only are these accounts typically set up with crummy passwords (like "Robert" - their middle name, or "120871" - their b/day) but then the passwords are sent, several times/day in plaintext!
And yet, with all of these big, huge, security no-nos, pop3 reigns supreme as the standard for email receipt on the 'net, and seldom is there actually a problem.
So, to whit, we have an issue like "A credit card can be used to bypass the locks on many doorknobs" and it makes front page at