As I said at the end of the summary, this really isn't a complete solution and you're right about a whitelisted applet/RIA being vulnerable. However this is a good piece of 'defense in depth' to prevent random Java crap from executing without authorization if (when) another bug crops and is somehow exploited. If the stuff you're whitelisting has problems, you need to revisit your coding quality checks, or talk to whatever vendor is supplying it to you.
The giant rabbit thing sounds straight out of a cheesy horror film. I think I would go with micro rabbits instead. You could breed them by the millions and just eat them whole like little snacks. They might be a little furry and a little crunchy, but at least there is less danger they will turn out evil and eat your children. You're right: http://imdb.com/title/tt0069005/
And it is a very cheesy film;)
Fair enough, but in this type of game it's not usually about who can blow things up fastest or be the strongest; they're more about developing a character, interacting with other characters, and having fun along the way.
I agree with you that there are infinite number of ways to play the game, but when one person's way--such as being the best at everything, or immune to everything, etc--encroaches on the fun of others, that's a problem. The point to stress to players is to temper the ability to make a character ANYTHING they want with the responsibility of being a good sport towards the other players in the setting:)
This is a common problem in any setting where the individual player has near-limitless control over the abilities of his or her player character. In the IRC Free Form RPG I frequent we have called them 'GodPCs' and they are a recurring and annoying problem. People, especially younger ones, tend to think that the point of such games is to have 'the best' PC and they do not realize that a balanced character with flaws and weaknesses can be much more fun to play and develop in the game's setting rather than one that has nothing to work on, and can kill mighty dragons with his or her left pinkie finger.
Sadly, the article is correct when it says these sorts of characters will always be around. What we've attempted to do is give new players or those we see with potential 'Mary Sue' characters some pointers and advice, along with some educational writing about how to make a good player character. That's really the best one can do.
Bingo.
Do what I did: call them and tell them you think this is bullshit. Office phone: 602-267-7500 Email: investor@sunncomm.com
Tell them what I told them: the use of the DMCA against a student who exercised his right to free speech and his right to publish an academic paper has made me strongly decide not to invest in their company, and tell most people I know to avoid their stock like the plague.
On a side note, wasn't the DMCA supposed to specifically protect academic research? Of course this same question was asked when SDMI pulled this shit too, so I guess we all know the answer.
Yup, and all this proof is, of course, documented with the 'illegal' source code. To see it you'll need to sign an NDA.:)
Seriously, I don't think Linus' comment that "they are smoking crack" really covered it. McBride obviously seems to believe that the Open Source community isn't capable of refuting their bullshit without the backing of a large company.
Here's a newsflash for you, Darl: IBM doesn't -need- to coordinate an attack on SCO. The way I see it, an attack on one member of the Open Source community is an attack on all of us.
And I know it's been said before, but why not: put up or shut up, SCO.
There have been a lot of studies that link O3 to asthma, especially in children. Here's one example article about such a thing. I don't suffer from asthma myself but I have terrible allergies. I konw indivduals who have severe asthma along with allergies and they cannot use those "Ionic Breeze" air filters simply because they are known to produce ozone, which affects asthmatics negatively.
Check out this page for the basics, this thread over at insecure.org, and the Honeypot page at sourceforge.net has an interesting article on monitorting such honeypots. Good luck!
You can try any of the ones from the LCDProc hardware page. These include CrystalFontz, Matrix-Orbital, and CwLinux to name a few. The first two of these companies have a pretty good selection of LCDs in different colors and with different viewable areas.
I, for one, like the different options we have in terms of desktop environments. I don't want either KDE or GNOME to go away. I think the different desktop environments are important the way it's important to have variation in the gene pool. We can only attain perfection through variety.
You like the variety. I like the variety, likely most of the Linux users on/. here love the variety. But honestly Joe Windows, who's never touched Linux before in his life, will be scared to death of the variety and totally confused and terrified of trying to set things up or be left wondering which desktop is the 'right' one to use. I don't think Red Hat did this for the Linux veterans; I think it was done to advance Linux as a desktop solution and make it less daunting for new users to make a switch. The variety will always be there for the people that know how to find it and set it up, but this could be a good start towards introducing Linux to more people.
So, basically their reaction to users having a choice is to try and negate that choice by making the options as similar as possible. How very MicroSoft!
I think you're missing the point here. The idea is to unify a desktop solution so that people who are familiar with MS (read: most of the world) are not terrified of trying to configure a Linux box. I don't see this as MS-like. I see this as a step in advancing Linux as a desktop solution.
The whole point of having KDE/GNOME/WindoMaker/Et al is to allow people to pick the one that suits them.
Very true. If the experts who are used to Linux want it, they should still be available 'untouched' for them to install and configure. But let's face a fact here: RedHat is becoming the easiet of the distros to install and configure; making the setup and configuration less daunting for newcomers is a step in the right direction.
If RH don't like this then why don't they just drop the one(s) they don't want people to use?
Don't you think that this is more MS-like than trying to unify their desktop components? To just drop packages they don't like would be a true method of negating choice. THAT would be a step in the wrong direction.
I suppose it's all a matter of opinion. Having been a tech-support person in the past, I -really- appreciate the UF comics that poke fun at things like user support and other things that can cause techies to go postal. I don't find every comic funny but there are some that are always worth revisiting ('PEBKAC' comes to mind) when you're on the phone trying to explain to somewhere where their 'Any' key is located.;)
So how come everything they do is worthy of being copied
I don't think the interface to the Windows OS was ever something people complained about (minus that damned Paper Clip..). The more ghastly problems are not in the UI, but the underside that the user doesn't see (VM subsystem, TCP stack, etc), and the coding methodology used to develop it. So not 'everything' is worth being copied...however a GUI that people are familiar with might not need too much improvement, and may make people more willing to try something new, and more comfortable in general.
Yeah there are other components that use the LSM hooks aside from SELinux and LIDS. There's Domain Type Enforcement (I believe).
Back to the original question I've used LIDS, SELinux, and GRSecurity and I've found them all to have their strengths and their weaknesses. The common problem with all of them is there is usually something you forget to configure properly the first time which can really be a pain to fix. SELinux and GRSecurity both solved this by adding a toggle mode and a/proc entry respectively to change the enforcement of their code.
With SELinux, the major advantage is that you gain a VERY flexible architecture you can use to create nearly any type of Mandatory Access policy you need. The specifications of the system make it able to use policies based on Type Enforcement (putting the bitchy SCC patent issues aside for the moment...), Role-Based Access Control, or Multi-Level Security and likely a host of other things. The drawback is that creating a policy that covers the whole system is not a trivial thing...look at the example security policy included with the distribution (http://www.nsa.gov/selinux) and you'll see what I mean.
GRSecurity is not exactly related to SELinux; they do different things. I like GRSecurity because most of its options do not require a lot of extra configuration, they don't break any existing applications (those that do are clearly marked), and they add a lot of small protections without a great deal of overhead to the vanilla kernel. Plus their ACL system is quite well-developed and extremely secure.
Ultimately I think it comes down to figuring out what you need for your box and then going with the option that will provide it to you with the least amount of interference (unless you like fixing things, of course;) ).
I'm pretty sure webpages have very little validity when compared to patents, but my favorite part of this debate is the fact that no one from SCC said anything until the use of SELinux in a commercial package was brought up on the mailing list. Even better is this page, which, after being around for about 2 years, 'magically' disappeared from SCC's website after the debate began on the mailing list. Take a look at Questions 5 & 6, which pretty much spell out that they released the work under the "letter and spirit of the GPL."
This is just another example of software patent BS. Doesn't the GPL forbid/advise against patents anyway? If that's the case then why would SCC bother to say they were releasing the work under the GPL? It looks more like they just noticed that there could be money to be made on this, so now it's time to break out the patents and scream about royalties.
Way to go, SCC. I think you've confused the 'spirit of the GPL' with something else far more ugly.
Slashdot Mirror
With you too. RIP roblimo, thanks for everything.
As I said at the end of the summary, this really isn't a complete solution and you're right about a whitelisted applet/RIA being vulnerable. However this is a good piece of 'defense in depth' to prevent random Java crap from executing without authorization if (when) another bug crops and is somehow exploited. If the stuff you're whitelisting has problems, you need to revisit your coding quality checks, or talk to whatever vendor is supplying it to you.
...a good security measure for the guy suing Apple for not filtering the porn he was addicted to.
I agree with you that there are infinite number of ways to play the game, but when one person's way--such as being the best at everything, or immune to everything, etc--encroaches on the fun of others, that's a problem. The point to stress to players is to temper the ability to make a character ANYTHING they want with the responsibility of being a good sport towards the other players in the setting :)
Sadly, the article is correct when it says these sorts of characters will always be around. What we've attempted to do is give new players or those we see with potential 'Mary Sue' characters some pointers and advice, along with some educational writing about how to make a good player character. That's really the best one can do.
Tell them what I told them: the use of the DMCA against a student who exercised his right to free speech and his right to publish an academic paper has made me strongly decide not to invest in their company, and tell most people I know to avoid their stock like the plague.
On a side note, wasn't the DMCA supposed to specifically protect academic research? Of course this same question was asked when SDMI pulled this shit too, so I guess we all know the answer.
Surprise...the stock is up of course.
Has anyone else noticed that the Babelfish translation of Sontag and McBride somtimes makes more sense than the crap they spew out in pure English? :)
"We have absolute direct knowledge of this..."
:)
Yup, and all this proof is, of course, documented with the 'illegal' source code. To see it you'll need to sign an NDA.
Seriously, I don't think Linus' comment that "they are smoking crack" really covered it. McBride obviously seems to believe that the Open Source community isn't capable of refuting their bullshit without the backing of a large company.
Here's a newsflash for you, Darl: IBM doesn't -need- to coordinate an attack on SCO. The way I see it, an attack on one member of the Open Source community is an attack on all of us. And I know it's been said before, but why not: put up or shut up, SCO.
There have been a lot of studies that link O3 to asthma, especially in children. Here's one example article about such a thing. I don't suffer from asthma myself but I have terrible allergies. I konw indivduals who have severe asthma along with allergies and they cannot use those "Ionic Breeze" air filters simply because they are known to produce ozone, which affects asthmatics negatively.
Check out this page for the basics, this thread over at insecure.org, and the Honeypot page at sourceforge.net has an interesting article on monitorting such honeypots. Good luck!
You can try any of the ones from the LCDProc hardware page. These include CrystalFontz, Matrix-Orbital, and CwLinux to name a few. The first two of these companies have a pretty good selection of LCDs in different colors and with different viewable areas.
I guess the most important issue is whether or not this device will generate the necessary 1.21 gigawatts of electricity? :)
The periodic table table was featured here before. Nice to see they were rewarded for all the hard work ;)
I, for one, like the different options we have in terms of desktop environments. I don't want either KDE or GNOME to go away. I think the different desktop environments are important the way it's important to have variation in the gene pool. We can only attain perfection through variety.
/. here love the variety. But honestly Joe Windows, who's never touched Linux before in his life, will be scared to death of the variety and totally confused and terrified of trying to set things up or be left wondering which desktop is the 'right' one to use. I don't think Red Hat did this for the Linux veterans; I think it was done to advance Linux as a desktop solution and make it less daunting for new users to make a switch. The variety will always be there for the people that know how to find it and set it up, but this could be a good start towards introducing Linux to more people.
You like the variety. I like the variety, likely most of the Linux users on
So, basically their reaction to users having a choice is to try and negate that choice by making the options as similar as possible. How very MicroSoft!
I think you're missing the point here. The idea is to unify a desktop solution so that people who are familiar with MS (read: most of the world) are not terrified of trying to configure a Linux box. I don't see this as MS-like. I see this as a step in advancing Linux as a desktop solution.
The whole point of having KDE/GNOME/WindoMaker/Et al is to allow people to pick the one that suits them.
Very true. If the experts who are used to Linux want it, they should still be available 'untouched' for them to install and configure. But let's face a fact here: RedHat is becoming the easiet of the distros to install and configure; making the setup and configuration less daunting for newcomers is a step in the right direction.
If RH don't like this then why don't they just drop the one(s) they don't want people to use?
Don't you think that this is more MS-like than trying to unify their desktop components? To just drop packages they don't like would be a true method of negating choice. THAT would be a step in the wrong direction.
...what's the bonus to saving throws when wearing it? :)
I suppose it's all a matter of opinion. Having been a tech-support person in the past, I -really- appreciate the UF comics that poke fun at things like user support and other things that can cause techies to go postal. I don't find every comic funny but there are some that are always worth revisiting ('PEBKAC' comes to mind) when you're on the phone trying to explain to somewhere where their 'Any' key is located. ;)
It's the 'Dust Puppy,' born from the dust and bits of other things that were inside of a server. :)
Check this comic for his birth.
So how come everything they do is worthy of being copied
I don't think the interface to the Windows OS was ever something people complained about (minus that damned Paper Clip..). The more ghastly problems are not in the UI, but the underside that the user doesn't see (VM subsystem, TCP stack, etc), and the coding methodology used to develop it. So not 'everything' is worth being copied...however a GUI that people are familiar with might not need too much improvement, and may make people more willing to try something new, and more comfortable in general.
Yeah there are other components that use the LSM hooks aside from SELinux and LIDS. There's Domain Type Enforcement (I believe).
/proc entry respectively to change the enforcement of their code.
;) ).
Back to the original question I've used LIDS, SELinux, and GRSecurity and I've found them all to have their strengths and their weaknesses. The common problem with all of them is there is usually something you forget to configure properly the first time which can really be a pain to fix. SELinux and GRSecurity both solved this by adding a toggle mode and a
With SELinux, the major advantage is that you gain a VERY flexible architecture you can use to create nearly any type of Mandatory Access policy you need. The specifications of the system make it able to use policies based on Type Enforcement (putting the bitchy SCC patent issues aside for the moment...), Role-Based Access Control, or Multi-Level Security and likely a host of other things. The drawback is that creating a policy that covers the whole system is not a trivial thing...look at the example security policy included with the distribution (http://www.nsa.gov/selinux) and you'll see what I mean.
GRSecurity is not exactly related to SELinux; they do different things. I like GRSecurity because most of its options do not require a lot of extra configuration, they don't break any existing applications (those that do are clearly marked), and they add a lot of small protections without a great deal of overhead to the vanilla kernel. Plus their ACL system is quite well-developed and extremely secure.
Ultimately I think it comes down to figuring out what you need for your box and then going with the option that will provide it to you with the least amount of interference (unless you like fixing things, of course
1.21 Gigawatts of electricity, of course ;)
...discussion about this on the Register.
I'm pretty sure webpages have very little validity when compared to patents, but my favorite part of this debate is the fact that no one from SCC said anything until the use of SELinux in a commercial package was brought up on the mailing list. Even better is this page, which, after being around for about 2 years, 'magically' disappeared from SCC's website after the debate began on the mailing list. Take a look at Questions 5 & 6, which pretty much spell out that they released the work under the "letter and spirit of the GPL."
This is just another example of software patent BS. Doesn't the GPL forbid/advise against patents anyway? If that's the case then why would SCC bother to say they were releasing the work under the GPL? It looks more like they just noticed that there could be money to be made on this, so now it's time to break out the patents and scream about royalties.
Way to go, SCC. I think you've confused the 'spirit of the GPL' with something else far more ugly.