So why are stores that sell VHS tapes still in business? Yes, people like to rent before they buy. Yes, they like being able to get things they only want to watch once cheaply. But if they find something they want to watch repeatedly they go buy it, and in numbers large enough to keep the video department at Media Play, and stores like Sun Coast, open.
Yep, you've "got" it alright. But with attitudes like yours, not a lot more will be stored on media you can keep indefinitely.
Perhaps. But my "attitude" is the norm among consumers. License, schmicense. When the average buyer comes home with a movie, they know they don't have the right to duplicate it and sell copies but they own the copy they bought. Tell them "you can't use what you just bought because we changed our minds", and they'll laugh at you. Try to enforce it, and people will ignore you. Make media that doesn't let them ignore you, and it'll sell as well as DIVX.
The "except maybe for storage" is the kicker. Most people buy videotapes, DVDs and such precisely for storage. If I have the movie on DVD, I have it. You can decide not to distribute it any more, alter it, edit it, do whatever you want with it, I can still pop the disk in the player and watch what I bought no matter what. If I download it over the net when needed, I'm at your mercy. If you decide to take it down, I'm SOL.
Case in point: DIVX. It died because people didn't want to have to ask somebody else permission to watch a movie they'd already (in their opinion) bought. I suspect the same people want Internet-based video to succeed as wanted DIVX to succeed, and it'll die for the same reasons DIVX died.
A poster mentioned "R&J" and Grey's Anatomy. Those are good problems to solve. I don't know the best way to work in a "Parental Checkbox" on this (Shakespear="Yes", Larry Flint="No").
That's because there is no way of just making a checkbox electronically. The computers aren't smart enough to distinguish the two. Only a human being can manage that.
The other problem is that what you thing your kids are too young for, someone else might think is just fine for theirs and vice versa. Since government regulations apply to everyone, you have to either write them to the least restrictive subset or wind up preventing people from making choices they reasonably should be allowed to make. And remember that, while you're reasonable, other people aren't. The US has problems with fanatics who would consider the Mona Lisa part of that "sewage flowing down the street and over the curb", and the US isn't the worst in the world I'm afraid. When thinking of government regulations on content, think first of the most fanatical, uptight, prudish, irrational bunch you can imagine, and then ask yourself if you want them able to dictate to you what you can allow your child to see. Because, frankly, that's the bunch that'll take full advantage of a law like this to do precisely that.
t looks like the goal of this legislation is to prevent minors from seeing R-rated movies. (The comment dismisses them as only "soft-core", but I definitely don't want my 15-year-old seeing Pulp Fiction.)
But do you want your kid to not be able to see, for example, Romeo and Juliet or an on-line copy of Gray's Anatomy? Some people might want that restriction, some might not, but with this bill you don't get the choice. The problem is that the bill's supporters mislead people. They, like you, point first to the porn, but the bill covers far more than porn.
Then again, there's the practical aspect. Filtering of this magnitude is incredibly expensive because of the amount of data involved. Bear in mind that this isn't the first time a country tried this. I was there in the lat 80s when Germany told Compuserve that they had to prevent their German users from accessing certain types of content. Compuserve did the analysis on what it would take, and decided it was not feasible to filter/restrict only German users as long as the German portion of the network was connected to the rest of their network. Since they couldn't leave it unrestricted, they simply threw the switch and disconnected the German portion of their network. Heh. Perhaps the Australian ISPs should try something similar?
I converted my pages over to PNG on general principles when Unisys started this. The only thing left in GIF format is a NetMechanic graphic, and that's hosted off of NetMechanic's servers. Unisys wants payment for that, they can talk to NetMechanic.
My problem with Unisys is that this is the third time they've changed their story. First, they put LZW compression forward to Compuserve when CIS was explicitly looking for an unencumbered graphics format. Then, when this format became popular, Unisys turned around and said that it's really encumbered, but we're only going to charge commercial vendors, not freeware. Now, they're saying they're going to charge freeware too, and individuals if you can't prove the software had a license. Yes, I know what Unisys is saying. I also know what their written statements say. They conflict, and in any conflict involving lawyers I believe only what's written on paper with a signature below it.
Long and short, I dislike Unisys's attitude and PNG does what I need and lets me avoid dealing with Unisys. No contest. Sorry, Unisys, as far as I am concerned you lose.
On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud.
Not a good assumption. Go read Applied Cryptography. There are a lot of companies that have gone and put out systems that were advertised as secure that in reality were almost trivially breakable. I want to know all the details about their system before deciding whether it's secure or not. If the details aren't disclosed, it's not secure.
1. This can be done in every shell that comes on Linux. If you want DOS commands, configure it to use DOS commands. For me, it's more like "If I wanted to use DOS I know where I can find it.". That's the nice thing about Linux/Unix: you can make it work the way you want it to work.
2. PCI has plug-and-play built into the hardware spec, Linux has supported it from the first day it supported PCI. Jumpered ISA cards don't need plug-and-play, and most Linux drivers do a good job of autoprobing for settings. PnP ISA cards are a pain, but readily handled by the isapnp utility and someone who knows what they're doing. The most common PnP ISA card is probably a sound card, and the OpenSound drivers auto-configure those pretty much automatically. As for mounting/unmounting CDs, might I draw your attention to the automounter?
3. Might I draw your attention to KDE and Gnome?
4. Might I draw your attention to nVidia and NetGear? Also, for the most part I find that the hardware is supported by the kernel or XFree86 already, unless the vendor refuses to provide a driver and refuses to release the hardware specs (see, for example, the Logitech QuickCam Pro). And since the drivers are part of the system and not coming from outside, they usually work right straight off. The only problem is hardware where the vendor deliberately blocks development of a driver.
Repeatedly. Which is probably why it's not as traumatic for me anymore. Also Win98, although my opinion of it's stability is somewhere in the fourth sub-basement and dropping fast and I'd cheerfully set fire to the CD if the software I needed would run under anything but Win95/98.
The point was that, no matter how easy it is to complete the install, it's completing it with a working, correct system that counts and that's not particularly easy even with Windows.
Sure... RTFM. Thats what I tell most of those people also. But you cannot shove away the fact that RTFM makes is harder to install when compared to an OS which any braindead idiot can install. Face it; NT is click click click, done. If it will work remains to be seen but thats another story.
You contradict your own argument with your last sentence. Yes, NT can be installed with one click. You can do pretty much the same with Linux, unless you have some really cruddy hardware. The question isn't whether it's easy to install, but whether it's installed right. NT may be easy to install, but it's harder to install right than Linux is IMIAO. Screw up installing a Linux system, and you've got a good chance of still having something someone more knowledgeable can put back together. Screw up an NT install, and about all that can be done is to reformat and start over. You see few questions about NT installs only because few people install it. Usually that's handled by the manufacturer techs or a corporate IS department staffed by people who do this for a living. Hand NT to a "brain-dead idiot" and you'll get as bad a mess as with Linux, BeOS or OS/2.
My though is that putting wiretap capabilities into the lowest levels of the protocols is useless. So you can tap the IPv6 packet layer. So what? I'll just use SSL above that, or PGP-encrypt my mail, and your tap is useless.
There's also this: countries feel they need the Internet. Perhaps it's time to use the leverage this gives. Make no allowances in the protocols for wiretapping and the like, and give various countries a choice: allow people their privacy, or you will not be able to interoperate with the Internet. As noted above there are too many ways the people the governments could legitimately tap can bypass any hooks in the protocols, and why should the Internet protocols be designed to even potentially compromise the privacy of those who aren't legitimate targets?
On the first point, if they do really have operations that legitimately fall under all three TLD classifications, then they should be able to legitimately get domains in all three. As for shell entities, you'll never be able to stop them but you can make them go to the hassle of setting up believable entities. To be honest, I'd add one more rule to DNS, basically 'use it or lose it'. If a domain isn't active, has no active addresses registered under it and has no traffic except to bounce people to another domain, anyone who wants it can use that as grounds to challenge the registration and get it revoked. It won't stop a determined company, but it will raise the bar some.
As for mis-use, little can be done about that before the fact. I'd say, though, that yes if you mis-use a TLD you should have your registration yanked. If you're a for-profit business operating under a a.org name, ICANN shouldn't be going hunting for you but if anyone complains they should give you a warning to switch to the proper domain or lose your registration.
That depends on how you organize ICANN. Personally, I'd set it up with enough people in control with enough conflicting interests that it's not feasible to bribe everyone you'd need to bribe. And the foreign law firm would still be seen as the interloper suing the local operation. The idea is to set it up so that anyone making a challenge within the ICANN system would, if the challenge is reasonable, have support within ICANN, but nobody can get enough support to write their own ticket unless they really do deserve it and nobody can try applying pressure from outside through legal maneuvering without hitting exactly the same barriers the big corporations have been using to their advantage to date. And I wouldn't pick a banana republic, but as I said some small South Pacific island where you can literally know everyone in the entire national government. Big law firms don't work against that.
ICANN isn't entirely set up this way at present, but that can be changed under ICANN rules. And as a US citizen I really have to question whether US law should have any say in how the rather international DNS system is run. I really think that ICANN and such should be outside any one country's laws and staffed by people who are more concerned with the technical than the political/legal aspects. But maybe I'm being overly-idealistic.
Just enforce the rules on TLD usage. You're a commercial operation? Any application for a.org name will be denied automatically. Not providing network services to others? Forget getting a.net domain name. Not operating commercially ( eg. an individual or non-profit organization )? No.com for you. Just because the corporations want to pollute the DNs doesn't mean we have to let them. And just to make it harder, put ICANN outside the United States, maybe on one of those South Pacific islands who don't care about politics as long as your checks clear. Let the corporations sue in a country where they're the interlopers and the people they're suing are the locals.
"Our problems do bring up some of the issues with deploying open source software. We have no doubt that had the hacker that compromised our system not had access to the source of our scripts it would have been impossible for him to get in.
This from their Web page is wrong, unfortunately. It's the same thing mainframe programmers have been saying about their completely closed-source systems since the early 70s. The cracker can find out the package they were using, and can buy it himself. Had the source been completely unavailable to him he would have had to resort to the old method of experimenting with it, poking it to see what happened and using the debugger, but eventually he would have found the hole just as thousands of crackers have found holes in closed-source systems before him.
And I find their use of a stock install without security patches anything but "typical". I had it pounded into me in high school that computer installations should keep up with security patches because of the potential to attack. And yes, this was in a business-related course, not a techie one.
You're being naive. How do they know how to verify your identity? Well, right now, you enter a username and a password on a web page.
You're talking on-line banking. I'm talking about over-the-phone ordering in the real world.
Applying the principle of least privilege to computers on the net, it is clear to see that only the ones you use should be able to issue orders regarding your bank accounts. A computer that I use and that you don't use shouldn't have that capability.
You haven't used least-privilege, though. Least privilege would mean that the machine I'm sitting at at the moment and no other should be able to issue orders to my bank. If I use the machine and am not sitting at it, that I use it is irrelevant. If I have never used a machine before but am sitting at it, that I have never used it before is irrelevant. Access should follow me and not the machine in any way, so the check should be against me and not the machine in any way.
My opinion: if a check doesn't actually add to security, it should not be done. The identity of the machine is completely unrelated to my identity, so when trying to verify that it's me running a transaction you should not be concerned about the identity of the machine. If your method of identifying me is weak enough to need additional verification based on my being where I'm expected to be, then your scheme is too weak and needs improved, not papered over with irrelevant checks.
Here's what I'm saying: your bank should verify both *your* identity, and *your machine's* identity, before acknowledging requests to access your account.
Do they need to verify which phone in your house you're using to place a telephone order once they've verified that you are really you? I don't see why, and I don't see why they should need to verify which computer I'm using if they can securely verify my identity independent of which computer I'm at. If the machine I'm using is irrelevant to who I am, then it shouldn't be checked. If my identity is subject to forgery, then improve the method used to verify my identity and close the hole rather than trying to limit the number of places someone can exploit the hole.
Others have said it, but probably one of the reasons fetchmail's code growth is leveling out is that it's already doing what it needs to and doing it well. More features would just be bloat, and without new features being added you would expect the code growth to level out.
Eric did mention about the growth of the number of users being linear instead of a more expected logistic or exponential growth. One explanation might be that he's not counting users, just mailing list subscribers. I, for example, use fetchmail but don't subscribe to the mailing lists, not even the announcement one. For me, fetchmail is doing what I need nicely and without hitting any bugs. I check for major updates once or twice a year, and otherwise just let it run. One wonders how many people like me there are, who use it but don't feel a need to find out about new releases because the old ones aren't giving us any problems?
However, it is *possible* to use it to prove that your computer, specifically, is a party to a transaction.
And right there's where this number breaks down completely for e-commerce. When I run a transaction, I need to prove to the other end that I am involved. If I go to another computer, I want to authenticate as me. If someone else sits down at my computer, I do not want the computer to authenticate as if I were sitting there.
And if you think being at a different machine isn't a problem, bear in mind that right now I regularly use 4 different machines. 1 of those is used by several other people when I'm not using it, and another is used by about 75 other people simultaneously.
Actually it should be off for new users. Automatically running a program from a CD when you don't know exactly what will be autorun or where it came from is a good way to cause problems. Think about the problems updating software and drivers in the wrong order causes now, and then think about what's going to happen when you can do it accidentally by just closing the CD drive door. The only time I'd turn on autorun is for a power user who could be depended on to check the CD before putting it in the drive. For new users, it's just too dangerous to assume they won't put the wrong CD in the drive at the wrong time.
Well, we already get this sort of run-around. If you've got a problem, Microsoft blames any third-party drivers or software for the problem and the driver and software makers blame Microsoft. The only difference is that, in this case, the HTML source is available and can be checked against the DTD. If it validates and the browser doesn't display it correctly, then the browser isn't implementing the DTD correctly. If it didn't validate, the help file isn't HTML. Either way, there's an unambiguous answer.
If I install some random incompatible shell, such as tcsh, then yes it'll break. If I install a shell which uses Bourne syntax and follows the POSIX standards for shell behavior, it'll work just fine. I've tested the relevant startup scripts under bash, the original Bourne shell, ksh and pdksh. Original Bourne shell doesn't work very well because I like to use some extended constructs that POSIX allows but Bourne is too old to support, but the other three shells are close enough to be relatively interchangeable.
No, exactly relevent. When Netscape screws up displaying of the help pages, who do you think gets the support call?
First call would be to Microsoft. The first question they ask is "What browser are you using for help files?". When the user replies "Netscape.", the response is "We aren't Netscape. Call them.". Since the HTML source is readily available, Netscape can look and see whether it's standard HTML or not. If it is, Netscape has the bug and they fix it. If the HTML isn't standard, then Microsoft created the bug and they get to fix it. Simple, no?
Why, in particular, do you oppose a browser versus any other aspect of the OS such as, say, Notepad? I mean, if you don't like it, don't use it.
Because Microsoft hasn't made it impossible to not use Notepad. They don't claim Notepad is part of the OS, and force it's use for editing certain files. They have made it impossible not to use MSIE for certain things, even when alternatives are in fact available and Microsoft themselves created the means to make use of those alternatives. All Microsoft has to do to let any browser be used for their help files is interface to their own browser in exactly the same way they tell everyone else to interface to it for viewing HTML pages.
/bin/bash can be removed easily enough. You need a shell of some sort, and one that does Bourne syntax unless you're a masochist, but you don't need bash specifically.
init can easily be removed. In fact, I have a startup mode that only runs a shell without init at all. Very useful for clean-up after a particularly messy crash-and-burn.
ls is likewise removable. If I'm using sash, I don't need the ls binary at all.
They never prevented Netscape from being installed. Use it to your heart's content.
No, they didn't. They did, however, prevent me from using Netscape as the only browser on the system. They made it so that I must install MSIE to use their software, whether or not I want it and whether or not I install any other browser. Even though they themselves created the functionality that would let Netscape be used for everything they claim as a reason to make MSIE part of the OS.
Netscape is a buggy piece of garbage
Not relevant. If you don't like Netscape, don't use Netscape. If you don't like MSIE, though, MS has insured that you don't have that option, which is the problem.
there are other browsers out there. For an OS to use a browser as a fundamental tool (especially help pages), there needs to be a standard browser that the OS can depend on to have standard functionality (which, in Netscape's particular case, actually works right)
Wrong. You need a browser which supports particular standards. If your help pages require HTML 4.0, though, then any browser which correctly implements HTML 4.0 will display those pages properly. If this were not the case, the World Wide Web wouldn't exist because Netscape couldn't display half the pages and MSIE couldn't display the other half. That I can write HTML pages and check them with Netscape and through NetMechanic and have them display correctly in MSIE without specifically checking them using it is evidence that you do not need a specific browser to display standard HTMl pages. For Windows to interface with the browser the browser has to provide the appropriate COM interfaces, but the whole point of COM according to Microsoft is to let you use something without knowing the exact implementation behind it.
If a manufacturer wants to, say, put all his help pages into HTML, how can he do it? He can't, unless there is a standard browser built into the operating system.
No, you need a browser somewhere on the system. You emphatically do not need one particular browser, though. That's why the W3C HTML standards exist, to allow an HTML document to be displayed by any browser that wants to.
Easy method: during OS installation or afterwards, the user installs a browser that registers an IBrowser COM class. Until this is done the HTML help isn't available. If the user has no other browser he can elect to have MSIE installed as the default, but if he prefers Netscape he can skip MSIE and install Netscape. When Windows needs to display an HTML help page, it uses Microsoft's own COM facilities to instantiate an IBrowser object and uses that to display the help pages. If Microsoft has written standard HTML, the pages display correctly enough. And yes, I know about ActiveX. I tend to dismiss it, since I haven't seen any use of it on Microsoft's help pages that couldn't be duplicated using W3C-standard HTML tags.
So why are stores that sell VHS tapes still in business? Yes, people like to rent before they buy. Yes, they like being able to get things they only want to watch once cheaply. But if they find something they want to watch repeatedly they go buy it, and in numbers large enough to keep the video department at Media Play, and stores like Sun Coast, open.
Yep, you've "got" it alright. But with attitudes like yours, not a lot more will be stored on media you can keep indefinitely.
Perhaps. But my "attitude" is the norm among consumers. License, schmicense. When the average buyer comes home with a movie, they know they don't have the right to duplicate it and sell copies but they own the copy they bought. Tell them "you can't use what you just bought because we changed our minds", and they'll laugh at you. Try to enforce it, and people will ignore you. Make media that doesn't let them ignore you, and it'll sell as well as DIVX.
The "except maybe for storage" is the kicker. Most people buy videotapes, DVDs and such precisely for storage. If I have the movie on DVD, I have it. You can decide not to distribute it any more, alter it, edit it, do whatever you want with it, I can still pop the disk in the player and watch what I bought no matter what. If I download it over the net when needed, I'm at your mercy. If you decide to take it down, I'm SOL.
Case in point: DIVX. It died because people didn't want to have to ask somebody else permission to watch a movie they'd already (in their opinion) bought. I suspect the same people want Internet-based video to succeed as wanted DIVX to succeed, and it'll die for the same reasons DIVX died.
A poster mentioned "R&J" and Grey's Anatomy. Those are good problems to solve. I don't know the best way to work in a "Parental Checkbox" on this (Shakespear="Yes", Larry Flint="No").
That's because there is no way of just making a checkbox electronically. The computers aren't smart enough to distinguish the two. Only a human being can manage that.
The other problem is that what you thing your kids are too young for, someone else might think is just fine for theirs and vice versa. Since government regulations apply to everyone, you have to either write them to the least restrictive subset or wind up preventing people from making choices they reasonably should be allowed to make. And remember that, while you're reasonable, other people aren't. The US has problems with fanatics who would consider the Mona Lisa part of that "sewage flowing down the street and over the curb", and the US isn't the worst in the world I'm afraid. When thinking of government regulations on content, think first of the most fanatical, uptight, prudish, irrational bunch you can imagine, and then ask yourself if you want them able to dictate to you what you can allow your child to see. Because, frankly, that's the bunch that'll take full advantage of a law like this to do precisely that.
t looks like the goal of this legislation is to prevent minors from seeing R-rated movies. (The comment dismisses them as only "soft-core", but I definitely don't want my 15-year-old seeing Pulp Fiction.)
But do you want your kid to not be able to see, for example, Romeo and Juliet or an on-line copy of Gray's Anatomy? Some people might want that restriction, some might not, but with this bill you don't get the choice. The problem is that the bill's supporters mislead people. They, like you, point first to the porn, but the bill covers far more than porn.
Then again, there's the practical aspect. Filtering of this magnitude is incredibly expensive because of the amount of data involved. Bear in mind that this isn't the first time a country tried this. I was there in the lat 80s when Germany told Compuserve that they had to prevent their German users from accessing certain types of content. Compuserve did the analysis on what it would take, and decided it was not feasible to filter/restrict only German users as long as the German portion of the network was connected to the rest of their network. Since they couldn't leave it unrestricted, they simply threw the switch and disconnected the German portion of their network. Heh. Perhaps the Australian ISPs should try something similar?
I converted my pages over to PNG on general principles when Unisys started this. The only thing left in GIF format is a NetMechanic graphic, and that's hosted off of NetMechanic's servers. Unisys wants payment for that, they can talk to NetMechanic.
My problem with Unisys is that this is the third time they've changed their story. First, they put LZW compression forward to Compuserve when CIS was explicitly looking for an unencumbered graphics format. Then, when this format became popular, Unisys turned around and said that it's really encumbered, but we're only going to charge commercial vendors, not freeware. Now, they're saying they're going to charge freeware too, and individuals if you can't prove the software had a license. Yes, I know what Unisys is saying. I also know what their written statements say. They conflict, and in any conflict involving lawyers I believe only what's written on paper with a signature below it.
Long and short, I dislike Unisys's attitude and PNG does what I need and lets me avoid dealing with Unisys. No contest. Sorry, Unisys, as far as I am concerned you lose.
On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud.
Not a good assumption. Go read Applied Cryptography. There are a lot of companies that have gone and put out systems that were advertised as secure that in reality were almost trivially breakable. I want to know all the details about their system before deciding whether it's secure or not. If the details aren't disclosed, it's not secure.
1. This can be done in every shell that comes on Linux. If you want DOS commands, configure it to use DOS commands. For me, it's more like "If I wanted to use DOS I know where I can find it.". That's the nice thing about Linux/Unix: you can make it work the way you want it to work.
2. PCI has plug-and-play built into the hardware spec, Linux has supported it from the first day it supported PCI. Jumpered ISA cards don't need plug-and-play, and most Linux drivers do a good job of autoprobing for settings. PnP ISA cards are a pain, but readily handled by the isapnp utility and someone who knows what they're doing. The most common PnP ISA card is probably a sound card, and the OpenSound drivers auto-configure those pretty much automatically. As for mounting/unmounting CDs, might I draw your attention to the automounter?
3. Might I draw your attention to KDE and Gnome?
4. Might I draw your attention to nVidia and NetGear? Also, for the most part I find that the hardware is supported by the kernel or XFree86 already, unless the vendor refuses to provide a driver and refuses to release the hardware specs (see, for example, the Logitech QuickCam Pro). And since the drivers are part of the system and not coming from outside, they usually work right straight off. The only problem is hardware where the vendor deliberately blocks development of a driver.
You're about a year late on your objections.
Have you _actually_ installed NT?
Repeatedly. Which is probably why it's not as traumatic for me anymore. Also Win98, although my opinion of it's stability is somewhere in the fourth sub-basement and dropping fast and I'd cheerfully set fire to the CD if the software I needed would run under anything but Win95/98.
The point was that, no matter how easy it is to complete the install, it's completing it with a working, correct system that counts and that's not particularly easy even with Windows.
Sure... RTFM. Thats what I tell most of those people also. But you cannot shove away the fact that RTFM makes is harder to install when compared to an OS which any braindead idiot can install. Face it; NT is click click click, done. If it will work remains to be seen but thats another story.
You contradict your own argument with your last sentence. Yes, NT can be installed with one click. You can do pretty much the same with Linux, unless you have some really cruddy hardware. The question isn't whether it's easy to install, but whether it's installed right. NT may be easy to install, but it's harder to install right than Linux is IMIAO. Screw up installing a Linux system, and you've got a good chance of still having something someone more knowledgeable can put back together. Screw up an NT install, and about all that can be done is to reformat and start over. You see few questions about NT installs only because few people install it. Usually that's handled by the manufacturer techs or a corporate IS department staffed by people who do this for a living. Hand NT to a "brain-dead idiot" and you'll get as bad a mess as with Linux, BeOS or OS/2.
My though is that putting wiretap capabilities into the lowest levels of the protocols is useless. So you can tap the IPv6 packet layer. So what? I'll just use SSL above that, or PGP-encrypt my mail, and your tap is useless.
There's also this: countries feel they need the Internet. Perhaps it's time to use the leverage this gives. Make no allowances in the protocols for wiretapping and the like, and give various countries a choice: allow people their privacy, or you will not be able to interoperate with the Internet. As noted above there are too many ways the people the governments could legitimately tap can bypass any hooks in the protocols, and why should the Internet protocols be designed to even potentially compromise the privacy of those who aren't legitimate targets?
On the first point, if they do really have operations that legitimately fall under all three TLD classifications, then they should be able to legitimately get domains in all three. As for shell entities, you'll never be able to stop them but you can make them go to the hassle of setting up believable entities. To be honest, I'd add one more rule to DNS, basically 'use it or lose it'. If a domain isn't active, has no active addresses registered under it and has no traffic except to bounce people to another domain, anyone who wants it can use that as grounds to challenge the registration and get it revoked. It won't stop a determined company, but it will raise the bar some.
As for mis-use, little can be done about that before the fact. I'd say, though, that yes if you mis-use a TLD you should have your registration yanked. If you're a for-profit business operating under a a .org name, ICANN shouldn't be going hunting for you but if anyone complains they should give you a warning to switch to the proper domain or lose your registration.
That depends on how you organize ICANN. Personally, I'd set it up with enough people in control with enough conflicting interests that it's not feasible to bribe everyone you'd need to bribe. And the foreign law firm would still be seen as the interloper suing the local operation. The idea is to set it up so that anyone making a challenge within the ICANN system would, if the challenge is reasonable, have support within ICANN, but nobody can get enough support to write their own ticket unless they really do deserve it and nobody can try applying pressure from outside through legal maneuvering without hitting exactly the same barriers the big corporations have been using to their advantage to date. And I wouldn't pick a banana republic, but as I said some small South Pacific island where you can literally know everyone in the entire national government. Big law firms don't work against that.
ICANN isn't entirely set up this way at present, but that can be changed under ICANN rules. And as a US citizen I really have to question whether US law should have any say in how the rather international DNS system is run. I really think that ICANN and such should be outside any one country's laws and staffed by people who are more concerned with the technical than the political/legal aspects. But maybe I'm being overly-idealistic.
Just enforce the rules on TLD usage. You're a commercial operation? Any application for a .org name will be denied automatically. Not providing network services to others? Forget getting a .net domain name. Not operating commercially ( eg. an individual or non-profit organization )? No .com for you. Just because the corporations want to pollute the DNs doesn't mean we have to let them. And just to make it harder, put ICANN outside the United States, maybe on one of those South Pacific islands who don't care about politics as long as your checks clear. Let the corporations sue in a country where they're the interlopers and the people they're suing are the locals.
"Our problems do bring up some of the issues with deploying open source software. We have no doubt that had the hacker that compromised our system not had access to the source of our scripts it would have been impossible for him to get in.
This from their Web page is wrong, unfortunately. It's the same thing mainframe programmers have been saying about their completely closed-source systems since the early 70s. The cracker can find out the package they were using, and can buy it himself. Had the source been completely unavailable to him he would have had to resort to the old method of experimenting with it, poking it to see what happened and using the debugger, but eventually he would have found the hole just as thousands of crackers have found holes in closed-source systems before him.
And I find their use of a stock install without security patches anything but "typical". I had it pounded into me in high school that computer installations should keep up with security patches because of the potential to attack. And yes, this was in a business-related course, not a techie one.
You're being naive. How do they know how to verify your identity? Well, right now, you enter a username and a password on a web page.
You're talking on-line banking. I'm talking about over-the-phone ordering in the real world.
Applying the principle of least privilege to computers on the net, it is clear to see that only the ones you use should be able to issue orders regarding your bank accounts. A computer that I use and that you don't use shouldn't have that capability.
You haven't used least-privilege, though. Least privilege would mean that the machine I'm sitting at at the moment and no other should be able to issue orders to my bank. If I use the machine and am not sitting at it, that I use it is irrelevant. If I have never used a machine before but am sitting at it, that I have never used it before is irrelevant. Access should follow me and not the machine in any way, so the check should be against me and not the machine in any way.
My opinion: if a check doesn't actually add to security, it should not be done. The identity of the machine is completely unrelated to my identity, so when trying to verify that it's me running a transaction you should not be concerned about the identity of the machine. If your method of identifying me is weak enough to need additional verification based on my being where I'm expected to be, then your scheme is too weak and needs improved, not papered over with irrelevant checks.
Here's what I'm saying: your bank should verify both *your* identity, and *your machine's* identity, before acknowledging requests to access your account.
Do they need to verify which phone in your house you're using to place a telephone order once they've verified that you are really you? I don't see why, and I don't see why they should need to verify which computer I'm using if they can securely verify my identity independent of which computer I'm at. If the machine I'm using is irrelevant to who I am, then it shouldn't be checked. If my identity is subject to forgery, then improve the method used to verify my identity and close the hole rather than trying to limit the number of places someone can exploit the hole.
Others have said it, but probably one of the reasons fetchmail's code growth is leveling out is that it's already doing what it needs to and doing it well. More features would just be bloat, and without new features being added you would expect the code growth to level out.
Eric did mention about the growth of the number of users being linear instead of a more expected logistic or exponential growth. One explanation might be that he's not counting users, just mailing list subscribers. I, for example, use fetchmail but don't subscribe to the mailing lists, not even the announcement one. For me, fetchmail is doing what I need nicely and without hitting any bugs. I check for major updates once or twice a year, and otherwise just let it run. One wonders how many people like me there are, who use it but don't feel a need to find out about new releases because the old ones aren't giving us any problems?
However, it is *possible* to use it to prove that your computer, specifically, is a party to a transaction.
And right there's where this number breaks down completely for e-commerce. When I run a transaction, I need to prove to the other end that I am involved. If I go to another computer, I want to authenticate as me. If someone else sits down at my computer, I do not want the computer to authenticate as if I were sitting there.
And if you think being at a different machine isn't a problem, bear in mind that right now I regularly use 4 different machines. 1 of those is used by several other people when I'm not using it, and another is used by about 75 other people simultaneously.
Actually it should be off for new users. Automatically running a program from a CD when you don't know exactly what will be autorun or where it came from is a good way to cause problems. Think about the problems updating software and drivers in the wrong order causes now, and then think about what's going to happen when you can do it accidentally by just closing the CD drive door. The only time I'd turn on autorun is for a power user who could be depended on to check the CD before putting it in the drive. For new users, it's just too dangerous to assume they won't put the wrong CD in the drive at the wrong time.
Well, we already get this sort of run-around. If you've got a problem, Microsoft blames any third-party drivers or software for the problem and the driver and software makers blame Microsoft. The only difference is that, in this case, the HTML source is available and can be checked against the DTD. If it validates and the browser doesn't display it correctly, then the browser isn't implementing the DTD correctly. If it didn't validate, the help file isn't HTML. Either way, there's an unambiguous answer.
If I install some random incompatible shell, such as tcsh, then yes it'll break. If I install a shell which uses Bourne syntax and follows the POSIX standards for shell behavior, it'll work just fine. I've tested the relevant startup scripts under bash, the original Bourne shell, ksh and pdksh. Original Bourne shell doesn't work very well because I like to use some extended constructs that POSIX allows but Bourne is too old to support, but the other three shells are close enough to be relatively interchangeable.
No, exactly relevent. When Netscape screws up displaying of the help pages, who do you think gets the support call?
First call would be to Microsoft. The first question they ask is "What browser are you using for help files?". When the user replies "Netscape.", the response is "We aren't Netscape. Call them.". Since the HTML source is readily available, Netscape can look and see whether it's standard HTML or not. If it is, Netscape has the bug and they fix it. If the HTML isn't standard, then Microsoft created the bug and they get to fix it. Simple, no?
Why, in particular, do you oppose a browser versus any other aspect of the OS such as, say, Notepad? I mean, if you don't like it, don't use it.
Because Microsoft hasn't made it impossible to not use Notepad. They don't claim Notepad is part of the OS, and force it's use for editing certain files. They have made it impossible not to use MSIE for certain things, even when alternatives are in fact available and Microsoft themselves created the means to make use of those alternatives. All Microsoft has to do to let any browser be used for their help files is interface to their own browser in exactly the same way they tell everyone else to interface to it for viewing HTML pages.
init can easily be removed. In fact, I have a startup mode that only runs a shell without init at all. Very useful for clean-up after a particularly messy crash-and-burn.
ls is likewise removable. If I'm using sash, I don't need the ls binary at all.
They never prevented Netscape from being installed. Use it to your heart's content.
No, they didn't. They did, however, prevent me from using Netscape as the only browser on the system. They made it so that I must install MSIE to use their software, whether or not I want it and whether or not I install any other browser. Even though they themselves created the functionality that would let Netscape be used for everything they claim as a reason to make MSIE part of the OS.
Netscape is a buggy piece of garbage
Not relevant. If you don't like Netscape, don't use Netscape. If you don't like MSIE, though, MS has insured that you don't have that option, which is the problem.
there are other browsers out there. For an OS to use a browser as a fundamental tool (especially help pages), there needs to be a standard browser that the OS can depend on to have standard functionality (which, in Netscape's particular case, actually works right)
Wrong. You need a browser which supports particular standards. If your help pages require HTML 4.0, though, then any browser which correctly implements HTML 4.0 will display those pages properly. If this were not the case, the World Wide Web wouldn't exist because Netscape couldn't display half the pages and MSIE couldn't display the other half. That I can write HTML pages and check them with Netscape and through NetMechanic and have them display correctly in MSIE without specifically checking them using it is evidence that you do not need a specific browser to display standard HTMl pages. For Windows to interface with the browser the browser has to provide the appropriate COM interfaces, but the whole point of COM according to Microsoft is to let you use something without knowing the exact implementation behind it.
If a manufacturer wants to, say, put all his help pages into HTML, how can he do it? He can't, unless there is a standard browser built into the operating system.
No, you need a browser somewhere on the system. You emphatically do not need one particular browser, though. That's why the W3C HTML standards exist, to allow an HTML document to be displayed by any browser that wants to.
Easy method: during OS installation or afterwards, the user installs a browser that registers an IBrowser COM class. Until this is done the HTML help isn't available. If the user has no other browser he can elect to have MSIE installed as the default, but if he prefers Netscape he can skip MSIE and install Netscape. When Windows needs to display an HTML help page, it uses Microsoft's own COM facilities to instantiate an IBrowser object and uses that to display the help pages. If Microsoft has written standard HTML, the pages display correctly enough. And yes, I know about ActiveX. I tend to dismiss it, since I haven't seen any use of it on Microsoft's help pages that couldn't be duplicated using W3C-standard HTML tags.