This is false. I used to administer systems
which were immune to this attack. The system
had no root passwd. A sudo like program
would allow users who where a member of a particular
group to perform root tasks. All users in that
particular group had one time password cards,
so there passwd was never the same twice.
( OK, so they could randomly guess the next
crypto graphically random number that the
passwd card would generate and log in as one
of those users, but you get the point...)
MPEG-4 is not the panecea everyone seems to think it is. Currently MPEG-4 is heavily patent encumbered ( see http://www.m4if.org/patents/ ). The result is I doubt you will find it possible to produce a legal open source MPEG-4 codec.
The standard is also being put forth by ISO, a notoriusly shitty standards body. Do you want to pony up more than $1,000 to get a copy of the standard so you can begin making a standards compliant implementation? That's roughly what the MPEG-4 standards docs cost. Even if we disregard the patent concerns, this represents a serius barrier to entree for anyone wanting to do an open source implementation of the codec.
ISO ( and it's child the ITU-T ) are designed to be used as weapons by corporate players against each other, not to produce good clean standards that can be used by all.
Try looking at the ogg tarkin project http://www.xiph.org/ogg/index.html as a group trying to pursue a non-patents encumbered video codec with a truely open standard ( I don't consider ISO standards to be open because of the intense barriers to entree like the expense of the standards docs).
The GPL is more than a political statement. It is a choice that I or another programmer make about how their work is to be used. I am sorry that the terms of the GPL hinder your work, but you have no more right to demand to use the code that I or any other programmer who published under the GPL writes for free then you have a right to force your plumber to work for free or your doctor to work for free.
This is really what the GPL is about. It is about making an intentional choice about how your labors as a programmer can be used by others.
I choose to contribute to the GPL software community. I do not choose to give my work away for free. My payment for my work is the other contributions of the other memebers of the community, including those of people who modify or reuse my code. You don't have to contribute to this community if you don't want to, you just can't use our resources for purposes which don't contribute.
When code is published under an open source license it is a choice by the programmers writing that code to make it available to others under a specific set of restrictions. It is wrong of you to try to take the work of those programmers and use it in ways they explicitely do not approve of by virtue of their choice of licensing agreement.
If they choose to publish under a BSD style license you are free to reuse their code and incorporate it into a closed source product. That was the way the people who wrote the code intended you to use it.
Many of us who publish under the GPL feel differently about how we want our work used. We do not object to others who are contributing to our community on the same terms reusing our code, but we do object to people simply taking our work and using it as a free ride. When you release derived works under the GPL you are in a sense paying us for our work by enriching our community. When you simply take our labor and use it in your closed source product you are stealing our work as surely as someone who pirates your closed source software is stealing yours.
Please respect the wishes of those of us who choose to contribute our time, efforts, and talents under the GPL and respect both the letter and the spirit of that license.
My general experience was that kids learned to disrespect teachers and their "authority" by being in school, not from lack of training at home. Quite frankly many of my teachers growing up where not deserving of respect and not qualified to exercise authority of any kind. This was not universal, and I did have a very small number of good teachers, but these were the exception and not the rule. After a few years being put by the school system under the authority of someone who most rational human beings would not allow to pet sit tends to drive any respect for teachers out of you.
Derived authority is always weak. If you are only in authority because someone has put you in charge of a situation then your grasp on that control will be tenuous at best. Most of the good teachers I've seen don't have to put effort into 'discipline'. They command respect from their students and THIS is the source of their authority. Most teachers I've met can't even comprehend this distinction.
Well. I just finished recovering from
the upgrade to XF4.0 using
apt-get update
apt-get dist-install
It was not an altogether smooth experience.
I did have the presence of mind to exit
from X before attempting it.
apt-get claimed that task-x-window-core
was being kept back. Now I am rather
new to debian and wasn't sure what exactly
was meant by a package being kept back,
but as I had already determined to take the
plunge I went forward.
This was perhaps, not the wisest move.
A great many things where installed and
removed. At the end of it all startx would
not cause X to run. It failed because it claimed
it couldn't open display 0:0.
So I paniced and began searching on google
with lynx for someway to take it all back.
I discovered several kluggy suggestions involving
diff file of the/var/lib/dpkg/status and
/var/lib/dpkg/status.yesterday.0 files, but
nothing that looked very promising. (As
an aside, if anyone knows a good way to role
debian back to yesterday please let me know,
it looks like this is something that should be
quite doable.)
So I revisited the task-x-window-core problem.
apt-get install task-x-windows-core
revealed that it could not install because it
couldn't install xutils.
apt-get install xutils
informed me that it would have to remove
task-gnome and a bunch of other things
that I really didn't want to have to give up.
Being desperate however I agreed.
xutils then installed fine.
apt-get install task-x-windows-core
then complained that it couldn't install because
it couldn't get xbase to install.
apt-get install xbase
went off without a hitch however. Then finally
apt-get install task-x-windows-core
worked. Things installed and dexter was invoked
to generate the configuration file.
Everything is mostly fine now.
Hopefully my description of my experience will
help some other poor bastard who is reading this
in lynx.
One final note. The above is purely from
memory (I wasn't keeping a very good record
at the time) and so there may be some slight
inaccuracies.
How does Microsoft KNOWN that the hackers
have only had access for three months?
I have yet to hear how they are establishing
this claim (which is largely how they are
defending themselves from suspicion of their
code base being corrupt).
This reminds me very much of a point I have
frequently made to a friend of mine about
the security of his network.
He had claimed that he didn't need to worry about
security because his networking folks had
provided a very secure firewall.
"Really," I said, "Do you have any Windows
boxes on your network."
"Yes," he replied.
"Do they run Outlook?" I inquired.
"Yes," he replied.
"Then why do you bother to run a firewall at all?"
I went on to explain that anyone could infect
Windows boxes behind his firewall via email
(which almost every firewall in the world
is configured to pass). Once infected this
Windows box could subvert his whole network
and tunnel anything it needed back out via
SMTP (we do after all, have examples of
tunnelling IP via SMTP).
My friend thought I was nuts. Seems that something similar happened to Microsoft itself.
Guess I'm not nuts. There is no network
security on a network which has Windows
present.
Slashdot Mirror
This is false. I used to administer systems
which were immune to this attack. The system
had no root passwd. A sudo like program
would allow users who where a member of a particular
group to perform root tasks. All users in that
particular group had one time password cards,
so there passwd was never the same twice.
( OK, so they could randomly guess the next
crypto graphically random number that the
passwd card would generate and log in as one
of those users, but you get the point...)
MPEG-4 is not the panecea everyone seems to think it is. Currently MPEG-4 is heavily patent encumbered ( see http://www.m4if.org/patents/ ). The result is I doubt you will find it possible to produce a legal open source MPEG-4 codec.
The standard is also being put forth by ISO, a notoriusly shitty standards body. Do you want to pony up more than $1,000 to get a copy of the standard so you can begin making a standards compliant implementation? That's roughly what the MPEG-4 standards docs cost. Even if we disregard the patent concerns, this represents a serius barrier to entree for anyone wanting to do an open source implementation of the codec.
ISO ( and it's child the ITU-T ) are designed to be used as weapons by corporate players against each other, not to produce good clean standards that can be used by all.
Try looking at the ogg tarkin project http://www.xiph.org/ogg/index.html as a group trying to pursue a non-patents encumbered video codec with a truely open standard ( I don't consider ISO standards to be open because of the intense barriers to entree like the expense of the standards docs).
The GPL is more than a political statement. It is a choice that I or another programmer make about how their work is to be used. I am sorry that the terms of the GPL hinder your work, but you have no more right to demand to use the code that I or any other programmer who published under the GPL writes for free then you have a right to force your plumber to work for free or your doctor to work for free.
This is really what the GPL is about. It is about making an intentional choice about how your labors as a programmer can be used by others.
I choose to contribute to the GPL software community. I do not choose to give my work away for free. My payment for my work is the other contributions of the other memebers of the community, including those of people who modify or reuse my code. You don't have to contribute to this community if you don't want to, you just can't use our resources for purposes which don't contribute.
When code is published under an open source license it is a choice by the programmers writing that code to make it available to others under a specific set of restrictions. It is wrong of you to try to take the work of those programmers and use it in ways they explicitely do not approve of by virtue of their choice of licensing agreement.
If they choose to publish under a BSD style license you are free to reuse their code and incorporate it into a closed source product. That was the way the people who wrote the code intended you to use it.
Many of us who publish under the GPL feel differently about how we want our work used. We do not object to others who are contributing to our community on the same terms reusing our code, but we do object to people simply taking our work and using it as a free ride. When you release derived works under the GPL you are in a sense paying us for our work by enriching our community. When you simply take our labor and use it in your closed source product you are stealing our work as surely as someone who pirates your closed source software is stealing yours.
Please respect the wishes of those of us who choose to contribute our time, efforts, and talents under the GPL and respect both the letter and the spirit of that license.
My general experience was that kids learned to disrespect teachers and their "authority" by being in school, not from lack of training at home. Quite frankly many of my teachers growing up where not deserving of respect and not qualified to exercise authority of any kind. This was not universal, and I did have a very small number of good teachers, but these were the exception and not the rule. After a few years being put by the school system under the authority of someone who most rational human beings would not allow to pet sit tends to drive any respect for teachers out of you.
Derived authority is always weak. If you are only in authority because someone has put you in charge of a situation then your grasp on that control will be tenuous at best. Most of the good teachers I've seen don't have to put effort into 'discipline'. They command respect from their students and THIS is the source of their authority. Most teachers I've met can't even comprehend this distinction.
Well. I just finished recovering from
/var/lib/dpkg/status and
the upgrade to XF4.0 using
apt-get update
apt-get dist-install
It was not an altogether smooth experience.
I did have the presence of mind to exit
from X before attempting it.
apt-get claimed that task-x-window-core
was being kept back. Now I am rather
new to debian and wasn't sure what exactly
was meant by a package being kept back,
but as I had already determined to take the
plunge I went forward.
This was perhaps, not the wisest move.
A great many things where installed and
removed. At the end of it all startx would
not cause X to run. It failed because it claimed
it couldn't open display 0:0.
So I paniced and began searching on google
with lynx for someway to take it all back.
I discovered several kluggy suggestions involving
diff file of the
/var/lib/dpkg/status.yesterday.0 files, but
nothing that looked very promising. (As
an aside, if anyone knows a good way to role
debian back to yesterday please let me know,
it looks like this is something that should be
quite doable.)
So I revisited the task-x-window-core problem.
apt-get install task-x-windows-core
revealed that it could not install because it
couldn't install xutils.
apt-get install xutils
informed me that it would have to remove
task-gnome and a bunch of other things
that I really didn't want to have to give up.
Being desperate however I agreed.
xutils then installed fine.
apt-get install task-x-windows-core
then complained that it couldn't install because
it couldn't get xbase to install.
apt-get install xbase
went off without a hitch however. Then finally
apt-get install task-x-windows-core
worked. Things installed and dexter was invoked
to generate the configuration file.
Everything is mostly fine now.
Hopefully my description of my experience will
help some other poor bastard who is reading this
in lynx.
One final note. The above is purely from
memory (I wasn't keeping a very good record
at the time) and so there may be some slight
inaccuracies.
How does Microsoft KNOWN that the hackers
have only had access for three months?
I have yet to hear how they are establishing
this claim (which is largely how they are
defending themselves from suspicion of their
code base being corrupt).
This reminds me very much of a point I have
frequently made to a friend of mine about
the security of his network.
He had claimed that he didn't need to worry about
security because his networking folks had
provided a very secure firewall.
"Really," I said, "Do you have any Windows
boxes on your network."
"Yes," he replied.
"Do they run Outlook?" I inquired.
"Yes," he replied.
"Then why do you bother to run a firewall at all?"
I went on to explain that anyone could infect
Windows boxes behind his firewall via email
(which almost every firewall in the world
is configured to pass). Once infected this
Windows box could subvert his whole network
and tunnel anything it needed back out via
SMTP (we do after all, have examples of
tunnelling IP via SMTP).
My friend thought I was nuts. Seems that something similar happened to Microsoft itself.
Guess I'm not nuts. There is no network
security on a network which has Windows
present.
Do you believe that source code is speech and
thus should receive full protection under the
first amendment?
If not, how do you reconcile the copyrighting
of things not protected by the first amendment?