Thats right. Spammers in Asia will feel compelled to comply with US laws.
They won't, but maybe the spammers clients will be. At some point all commercial spam involves money exchanging hands...and to do that, there has to be a hand to recieve it.
The users of the spam services -- sometimes the spammer themselves but not always -- should be the primary targets of any law enforcement (let alone any personal/private efforts). The spammer should be second in line, and primarily target to locate all the spammer's clients.
Analogy: A company asking for a spammer to spam is like someone asking a thug to kill. Both the thug and the person asking the thug to murder are murderers, even if one of them don't actually pull the trigger. The thug is still scumm, though without the request to murder would probably find something else less dammaging to do.
Can't the university rebut with "Don't walk around telling me I must provide you with internet access."
Internet access is a 'necessity' these days like a computer lab (sans-network) was just a few years ago. You can't keep up without it, and the proffessors post information over it.
Yes, you could do without...yet, you'd be doing yourself a disservice.
I think not banning till shown infected then blocking at the router is the best choice. The individual's motivation to get on the network would be enough to ensure people do the right thing. (If it's a Linux or Mac box...there would be no problem; innocent until proven guilty!)
THE EXACT SAME MECHANISM exists on a KDE or Gnome installation on a Linux / BSD box near you - open a.py file in KDE and it will execute, even if the file does NOT have executable permissions! (because internally it runs the command line "python file.py", the same way Windows Scripting runs "wscript file.vbs").
Hmmm...(checks using KDE's Konqueror)...nope, if it's not executible for the current user, it's not executible by clicking on it. A nice preview is shown, though, including colored syntax highlighting.
"If a file ends in.exe,.vbs,.bat,.scr, or one of lots of other extensions, Windows assumes it's executable and will load and run it when the user clicks on it." This is factually incorrect. Windows looks at a signature bytes at the bigging of a file to tell if it is executable. You can verify this by creating a text file, changing its extension to "EXE" and then double clicking on it. Windows will give the error: "File is not a valid Win32 application."
Nope, the original was entirely correct, and you just proved it. Windows attempted to execute something and failed...paying attention only to the extention till that failure occured. That's why there are exploits that involve using executable programs embedded in data files; load the file, the program chokes, and the payload executes. ACK!
Here are some other examples...
.DLL,.SCR, and a host of other files are really programs...go ahead, rename them and see if you can execute them directly (prompt may be required).
Additonally, if a data file is renamed it can't be used; rename a.doc file to.whatsup_doc and it will be useless. Do the same under Unix, and nothing has changed but the name.
If I rename "next_email_virus.exe" to "sex.bmp.exe", by default windows systems will show "sex.bmp". That's just one short "Hey! Look at this picture!" email away from causing the next plauge.
In addition, since Windows is largely oblivious of what files actually are (see above)...how do you find the bulk of the rouge programs? Use a virus scanner under Windows. Doing the same thing under most other operating systems is about as helpful as adding training wheels to a sports car.
Besides, scanning for a default set of signatures is really only the begining of a security scan. The rest of it involves removing what you don't need and knowing what remains.
Most of the fault for this situation is with Microsoft, not the users, though the admins and managers do share a good chunk of the blaim for paying for this *rap.
MS demands this extra work, allowing the more serious efforts to be ignored -- where the real dammage can occur.
If Microsoft wants to compete and beat Google then the results of a search will have to be relevant. If they are not, then people will continue to use Google.
About once a week, I recommend someone use Google to search for something. More and more people are learning abou Google, though they have to learn about it... it's not the default search engine even with Mozilla. (Netscape's search is, and I'm not complaining.)
In the long run having MSN as the default search engine for IE users, and obscuring the alternatives, is the obvious plan for Microsoft.
Keep in mind: MSN doesn't have to be good, it just has to be good enough.
Firewalls are useless if you still have running services on open ports!
If the service isn't running, there's nothing to protect.
If the firewall is up, but a service has a hole in the firewall, it is like no firewall is in use at all for that port. At that point, you have to trust what is exposed.
Windows is fine for games and light use, but who why would you want to do anything serious with it? Sooner or later, these companies will wise up and move to *nix.
[comic book guy voice] You would think that, but no, no they won't. [puts hands to face and continues to cry]
On a dead serious note, I have personally wasted 2 hours yesterday on this new strain of the worm (it took down a customer's network that one sub-project needs -- they are SOL). Add 10 hours for the original one and it's a big block of my time over the past week...so much so, that my contract has been extended at this site to deal with the backlog multiple departments are suffering with.
Here's the kicker; all *my* computers run Linux...yet, the network uses Windows, so the Linux systems become marginally useful even though they pur along fine by themselves.
Even though I'm not in the IS department on this project, I do get drafted because I know something...and the IS folks are not the cream of the crop here. Some are good, though they all do too much of the 'stand of one leg...no, server is still sick...stand on other leg...nope, is it time? OK, hit the lights and get the chicken while I light the candles.'.
You can bet that I've been pointing out that I have not had a single virus on my machines, though honestly that is a small value since most of what I do requires the damn network!
Amazing...this post gets flagged as a troll, while
my very next one gets bumped up to a 5. I'm proud of both, and the content is just as good...very strange.
Re:Aren't votes more important that campaign fundi
on
Open Source in Oregon
·
· Score: 4, Insightful
Don't voters care about such things? Aren't the voters ultimately the people responsible for just who's up there representing them?
What I found most interesting was that untill the people outside of governmnet noticed that open source could help them directly they weren't interested in how it impacted the government they voted for!
Politicians might be short sighted and highly influenced by lobyists, though it looks like the voters -- and all citizens in general -- also suffer from this.
Who's in charge? Counting on human nature to remain the same, what would be necessary to change this?
immediately delete all software from your computer that was not written 100% by Americans (say goodbye to linux, blender, apache, etc...)
Does that mean I'll have to delete Windows too, or only parts of it?
(General rule: The more U.S. flags and other pronouncements on a package about how "American" it is, the less likely it was actually made in the U.S.A. Car parts and sometimes whole cars come to mind, though I've encountered it in software too; the development team is outside the U.S. while the box is indeed "Made in the U.S.A.". In these days of massive Internet availablility, if I download from a site outside the U.S., is it 'forign' to me even if the development was performed within the U.S.?)
One of the reasons I boot to Linux is to force myself to stop playing MOHAA and get some real work done. I guess this trick won't work anymore. My existence is doomed.
There's always *BSD...no, wait, that can run Linux binaries. You're screwed!
Yes, I know there have been "studies" done comparing these interfaces. Unfortunately none of these that I have seen has been done by a person who has never used a computer before. I'd be interested to see one, but I imagine I know what the result would be.
Non-computer users; a steadily vanishing group.
Even if that group remained large, a shallow learning curve doesn't mean the tool is the most practical in the long run.
Everything is or will be computerized. The only way to avoid using computers is to not buy anything and die soon.
Yes, I know about novices. I've done time in tech support, and as 'a computer guy' for friends and family.
At work, it's rarely necessary to teach people the basics. Most of the time, I deal with deployment issues, some programming (Access can go die), with the goal of heading on to another project soon.
Normally when I have to explain things, I'm animated and use simple analogies with a spattering of technical details to keep it out of fantasy land. Brief, to the point, people get it.
Two days ago, there was an exception that made it practical to switch into the role of a trainer. For 2 hours I taught someone how to use folders/directories and what drag-and-drop does so that she would stop destroying files specific important files and how to back them up by dropping a copy into a backup directory. How to use a mouse was part of the training too.
She had used the company's customized applications for about 5 years -- much of it to process files that came in on floppies and tape. Not counting her computer skills, to say this person is a moron is an insult to morons. She didn't understand why it was a bad thing to change the only copy of legal documents or that she could have the program automatically process much of the data for her instead of spending hours picking through each line of data. I asked her leading questions on both points, she smiled and agreed, then went back to her old behavior immediately. (This is truely the sort of person who can be replaced with a small shell script and she doesn't know it.)
If this person had a Mac, they would not have been any more -- or less -- confused!
Nobody else on the floor -- a low wage key entry operator farm -- required this kind of hand-holding. From 70 year old to teen, from long-time employee to short term temp, the rest of them got it.
And people still wonder whether or not UNIX is really dying...
Actually, it's thriving. There are few exceptions if you look at the actively developed operating systems; they are either Unix or Unix-like. The exceptions I can think of are;
Windows - Getting more Unix-like all the time.
Palm OS - Not Unix-like. (?)
Minimalist embeded systems - Less is more.
Everything else --
Mac OS X
Linux (all flavors)
The *BSDs (all flavors)
other licenced or unlicenced Unix
QNX
misc other embedded operating systems
-- seems to be based on Unix intentionally or uses Unix as a core inspiration. I'd expect this to continue and tools for virtual machine environments such as Java and CLR will probably pick up Unix-isms even if they natively don't use them.
Not QNX! QNX drivers run in protected mode. Hell yeah, Microkernel biznatches!
*ALL* modern software on x386-based systems run in protected mode. Hell, even the x286 systems did as well as quite a few DOS drivers, games, and even applications (AutoCAD being one).
The main thing that matters is seperating the operating sytem from user applications and devices. This can be done on any processor (simulated or real) that supports memory virtualization and preemtion.
That QNX uses a protected mode doesn't grant it any special merit. *IF* it seperates the kernel (ring 0 on x86) and puts everything else including drivers on the user level (ring 3 on x86), then it can handle crashes of the user level subsystems and restart them without the kernel being touched. The kernel has to handle those crashes and moderate other user level software, though, otherwise having that isolation doesn't gain you much; an OS without external device support isn't very valuable.
If, as seems to be the case, your step-mother knows what it means to "burn a CD", then a successful user interface will indicate to her how to "burn a CD".
Red Hat uses "CD Writer" for GToaster. The only annoying thing is that it requires a root login, and it's not obvious how to run it as a regular user (Xcdroast and some other burner programs have an allow user setting). So, it's closer...just not as simple as it could be.
I can't speak for Red Hat (don't work for them), though at the time Linuxconf had many odd problems over a couple years. I'd be stunned if these nagging persistant issues weren't the reason for Red Hat looking for a substitution. That was a couple years ago (???).
The really beautiful thing was that this was the point at which RH introduced ext3 support, and I decided to upgrade all my ext2 partitions to ext3, so I COULD NEITHER ROLL BACK NOR SEARCH ONLINE FOR A FIX.
Ext3 is Ext2 with journaling; any Ext2-capable kernel can read an Ext3 file system and bisa-versa.
Using either a boot floppy or another kernel would have worked. The boot failure was annoying, but wasn't the end of the world.
It's easy to keep it a secret if all four people stand to lose something from it becoming public.
The school would have egg on it's face and the company would be shown to have an insecure product. Neither of which is good for their continued funding.
Agreed. Because of that, I'd add in a comment that you expect that these defects will be fixed within a specific, set, but entirely reasonalbe timeframe or you will considerdisclosing it to Bug Track or other security sites so that schools can take corrective actions. You don't have to (though I would if there's no movement).
Silently fixing it would be a hell of a lot more interesting compared to having everyone know that the software is unreliable.
Open sourcing them, or making them available under NDA for a third party audit, sure seems like a good idea. However, there are plenty of safety measures in place to assure that the right things go on.
While I'm sure there are, it's not an issue of one company or one group of people who either do the right thing or not. What matters is that there is no doubt *AND* that the lack of doubt is based on public facts verifiable through time. If the systems and software were available for independent audit by non-governmental groups or individuals on demand as a part of public policy, then there would be more confidence.
Within 10 years, I'm sure that there will be verified cases of corruption with electronic voting machines. The missed voting fraud will be what is the real issue. Computers just make it more effient to cover this up if the details are obscured.
If you rename the file to idicate WHAT IT ACTUALLY IS, i.e. a.csv file, then it will open the way you think it should.
Renaming a file doesn't change what it "ACTUALLY IS". If you have access to some Unix-style tools, run the file command;
file *
For example, the OpenOffice 1.1 RC1 files return these results;
f_0425: Zip archive data, at least v2.0 to extract install: Bourne shell script text executable LICENSE: ASCII English text, with very long lines LICENSE.html: HTML document text README: UTF-8 Unicode English text, with very long lines
Three of the files have no extention at all. If I rename it to LICENSE.txt, file still reports;
LICENSE.txt: HTML document text
It's OK to expect a lot from FLOSS, but I think expecting it to be psychic is a bit much, don't you think?
Psychic, no. It should do what it's told (even if a dumb idea) and if it attempts to guess, it could be wrong. Renaming the file doesn't help in either case since it's an awkward workaround that based on an old idea from the DOS and CPM days; file extentions mean nothing!
Slashdot Mirror
They won't, but maybe the spammers clients will be. At some point all commercial spam involves money exchanging hands...and to do that, there has to be a hand to recieve it.
The users of the spam services -- sometimes the spammer themselves but not always -- should be the primary targets of any law enforcement (let alone any personal/private efforts). The spammer should be second in line, and primarily target to locate all the spammer's clients.
Analogy: A company asking for a spammer to spam is like someone asking a thug to kill. Both the thug and the person asking the thug to murder are murderers, even if one of them don't actually pull the trigger. The thug is still scumm, though without the request to murder would probably find something else less dammaging to do.
Internet access is a 'necessity' these days like a computer lab (sans-network) was just a few years ago. You can't keep up without it, and the proffessors post information over it.
Yes, you could do without...yet, you'd be doing yourself a disservice.
I think not banning till shown infected then blocking at the router is the best choice. The individual's motivation to get on the network would be enough to ensure people do the right thing. (If it's a Linux or Mac box...there would be no problem; innocent until proven guilty!)
Hmmm...(checks using KDE's Konqueror)...nope, if it's not executible for the current user, it's not executible by clicking on it. A nice preview is shown, though, including colored syntax highlighting.
Nope, the original was entirely correct, and you just proved it. Windows attempted to execute something and failed...paying attention only to the extention till that failure occured. That's why there are exploits that involve using executable programs embedded in data files; load the file, the program chokes, and the payload executes. ACK!
Here are some other examples...
.DLL, .SCR, and a host of other files are really programs...go ahead, rename them and see if you can execute them directly (prompt may be required).
Additonally, if a data file is renamed it can't be used; rename a .doc file to .whatsup_doc and it will be useless. Do the same under Unix, and nothing has changed but the name.
If I rename "next_email_virus.exe" to "sex.bmp.exe", by default windows systems will show "sex.bmp". That's just one short "Hey! Look at this picture!" email away from causing the next plauge.
In addition, since Windows is largely oblivious of what files actually are (see above)...how do you find the bulk of the rouge programs? Use a virus scanner under Windows. Doing the same thing under most other operating systems is about as helpful as adding training wheels to a sports car.
Besides, scanning for a default set of signatures is really only the begining of a security scan. The rest of it involves removing what you don't need and knowing what remains.
Most of the fault for this situation is with Microsoft, not the users, though the admins and managers do share a good chunk of the blaim for paying for this *rap.
MS demands this extra work, allowing the more serious efforts to be ignored -- where the real dammage can occur.
And, that's a bad thing? I always considered that was the *point* of having the files actually mean something.
About once a week, I recommend someone use Google to search for something. More and more people are learning abou Google, though they have to learn about it ... it's not the default search engine even with Mozilla. (Netscape's search is, and I'm not complaining.)
In the long run having MSN as the default search engine for IE users, and obscuring the alternatives, is the obvious plan for Microsoft.
Keep in mind: MSN doesn't have to be good, it just has to be good enough.
No, DON'T CLICK that link.
If the service isn't running, there's nothing to protect.
If the firewall is up, but a service has a hole in the firewall, it is like no firewall is in use at all for that port. At that point, you have to trust what is exposed.
[comic book guy voice] You would think that, but no, no they won't. [puts hands to face and continues to cry]
On a dead serious note, I have personally wasted 2 hours yesterday on this new strain of the worm (it took down a customer's network that one sub-project needs -- they are SOL). Add 10 hours for the original one and it's a big block of my time over the past week...so much so, that my contract has been extended at this site to deal with the backlog multiple departments are suffering with.
Here's the kicker; all *my* computers run Linux...yet, the network uses Windows, so the Linux systems become marginally useful even though they pur along fine by themselves.
Even though I'm not in the IS department on this project, I do get drafted because I know something...and the IS folks are not the cream of the crop here. Some are good, though they all do too much of the 'stand of one leg...no, server is still sick...stand on other leg...nope, is it time? OK, hit the lights and get the chicken while I light the candles.'.
You can bet that I've been pointing out that I have not had a single virus on my machines, though honestly that is a small value since most of what I do requires the damn network!
Amazing...this post gets flagged as a troll, while my very next one gets bumped up to a 5. I'm proud of both, and the content is just as good...very strange.
What I found most interesting was that untill the people outside of governmnet noticed that open source could help them directly they weren't interested in how it impacted the government they voted for!
Politicians might be short sighted and highly influenced by lobyists, though it looks like the voters -- and all citizens in general -- also suffer from this.
Who's in charge? Counting on human nature to remain the same, what would be necessary to change this?
Does that mean I'll have to delete Windows too, or only parts of it?
(General rule: The more U.S. flags and other pronouncements on a package about how "American" it is, the less likely it was actually made in the U.S.A. Car parts and sometimes whole cars come to mind, though I've encountered it in software too; the development team is outside the U.S. while the box is indeed "Made in the U.S.A.". In these days of massive Internet availablility, if I download from a site outside the U.S., is it 'forign' to me even if the development was performed within the U.S.?)
There's always *BSD...no, wait, that can run Linux binaries. You're screwed!
Non-computer users; a steadily vanishing group.
Even if that group remained large, a shallow learning curve doesn't mean the tool is the most practical in the long run.
Everything is or will be computerized. The only way to avoid using computers is to not buy anything and die soon.
Yes, I know about novices. I've done time in tech support, and as 'a computer guy' for friends and family.
At work, it's rarely necessary to teach people the basics. Most of the time, I deal with deployment issues, some programming (Access can go die), with the goal of heading on to another project soon.
Normally when I have to explain things, I'm animated and use simple analogies with a spattering of technical details to keep it out of fantasy land. Brief, to the point, people get it.
Two days ago, there was an exception that made it practical to switch into the role of a trainer. For 2 hours I taught someone how to use folders/directories and what drag-and-drop does so that she would stop destroying files specific important files and how to back them up by dropping a copy into a backup directory. How to use a mouse was part of the training too.
She had used the company's customized applications for about 5 years -- much of it to process files that came in on floppies and tape. Not counting her computer skills, to say this person is a moron is an insult to morons. She didn't understand why it was a bad thing to change the only copy of legal documents or that she could have the program automatically process much of the data for her instead of spending hours picking through each line of data. I asked her leading questions on both points, she smiled and agreed, then went back to her old behavior immediately. (This is truely the sort of person who can be replaced with a small shell script and she doesn't know it.)
- If this person had a Mac, they would not have been any more -- or less -- confused!
Nobody else on the floor -- a low wage key entry operator farm -- required this kind of hand-holding. From 70 year old to teen, from long-time employee to short term temp, the rest of them got it.Exaggeration is a poor debait technique.
Actually, it's thriving. There are few exceptions if you look at the actively developed operating systems; they are either Unix or Unix-like. The exceptions I can think of are;
Windows - Getting more Unix-like all the time.
Palm OS - Not Unix-like. (?)
Minimalist embeded systems - Less is more.
Everything else --
Mac OS X
Linux (all flavors)
The *BSDs (all flavors)
other licenced or unlicenced Unix
QNX
misc other embedded operating systems
-- seems to be based on Unix intentionally or uses Unix as a core inspiration. I'd expect this to continue and tools for virtual machine environments such as Java and CLR will probably pick up Unix-isms even if they natively don't use them.
Linux (and *BSD? and OSX?) supports CIPE. I'm fighting with a corporate firewall right now, otherwise I'd be using it.
Question for those fiddling with a mixed environment; Are the CIPE implementations you've used compatable cross operating systems?
*ALL* modern software on x386-based systems run in protected mode. Hell, even the x286 systems did as well as quite a few DOS drivers, games, and even applications (AutoCAD being one).
The main thing that matters is seperating the operating sytem from user applications and devices. This can be done on any processor (simulated or real) that supports memory virtualization and preemtion.
That QNX uses a protected mode doesn't grant it any special merit. *IF* it seperates the kernel (ring 0 on x86) and puts everything else including drivers on the user level (ring 3 on x86), then it can handle crashes of the user level subsystems and restart them without the kernel being touched. The kernel has to handle those crashes and moderate other user level software, though, otherwise having that isolation doesn't gain you much; an OS without external device support isn't very valuable.
Red Hat uses "CD Writer" for GToaster. The only annoying thing is that it requires a root login, and it's not obvious how to run it as a regular user (Xcdroast and some other burner programs have an allow user setting). So, it's closer...just not as simple as it could be.
I can't speak for Red Hat (don't work for them), though at the time Linuxconf had many odd problems over a couple years. I'd be stunned if these nagging persistant issues weren't the reason for Red Hat looking for a substitution. That was a couple years ago (???).
Ext3 is Ext2 with journaling; any Ext2-capable kernel can read an Ext3 file system and bisa-versa.
Using either a boot floppy or another kernel would have worked. The boot failure was annoying, but wasn't the end of the world.
Linuxconf had it's own problems. I was happy to see it dropped.
Breaking the install so that an upgrade hosed my Athlon box at home (motivating a quick run to Best Buy to get SuSE, and I've never looked back).
Tip: Select another kernel from the boot menu or insert the boot floppy you made before.
The school would have egg on it's face and the company would be shown to have an insecure product. Neither of which is good for their continued funding.
Agreed. Because of that, I'd add in a comment that you expect that these defects will be fixed within a specific, set, but entirely reasonalbe timeframe or you will consider disclosing it to Bug Track or other security sites so that schools can take corrective actions. You don't have to (though I would if there's no movement).
Silently fixing it would be a hell of a lot more interesting compared to having everyone know that the software is unreliable.
While I'm sure there are, it's not an issue of one company or one group of people who either do the right thing or not. What matters is that there is no doubt *AND* that the lack of doubt is based on public facts verifiable through time. If the systems and software were available for independent audit by non-governmental groups or individuals on demand as a part of public policy, then there would be more confidence.
Within 10 years, I'm sure that there will be verified cases of corruption with electronic voting machines. The missed voting fraud will be what is the real issue. Computers just make it more effient to cover this up if the details are obscured.
Renaming a file doesn't change what it "ACTUALLY IS". If you have access to some Unix-style tools, run the file command;
For example, the OpenOffice 1.1 RC1 files return these results;
Three of the files have no extention at all. If I rename it to LICENSE.txt, file still reports;
It's OK to expect a lot from FLOSS, but I think expecting it to be psychic is a bit much, don't you think?
Psychic, no. It should do what it's told (even if a dumb idea) and if it attempts to guess, it could be wrong. Renaming the file doesn't help in either case since it's an awkward workaround that based on an old idea from the DOS and CPM days; file extentions mean nothing!