Realistically, it's probably never going to matter unless you provide that recording to someone else. For example, if you try to use it in court, or send it to someone that the person knows.
You wouldn't be breaking the spirit of the law, for example, if you recorded the conversation so that you could personally refer back to it and/or transcribe it later.
Saying "Our software isn't finished, but you're going to pay $600 (or now, $400) for it isn't going to instill a lot of confidence. They probably planned on using "Now with 3rd party support!" as a way to generate good PR. Too bad they are taking so much flack right now for the update wiping 3rd party software. They're deficit-spending their own good will.
The big reason that Windows machines are riddled with Trojans, is that every user's process runs with the same permissions as the user, and that current systems do not allow finer-grained control over these permissions. (I removed 18 Trojans from my girlfriend's mom's computer the other day!) Stuff like this is one of the big reasons why the user experience on Windows can SUCK. (And yes, it's terrible that all iPhones have the same root password and that's already been cracked.) Nice jab at Windows, there. Can you give me an example of a consumer, user operating system where user processes don't run with the same permissions as the user? The main three (Windows, OS X, and Linux) all behave this way, unless I'm misunderstanding you. Most all embedded devices are actually worse, with any process on it having access to the bare metal.
Now, in the 21st century, essentially everyone, their mom, their grandparents, and anyone else who runs Windows as Administrator and installs programs is root. Of course, Windows has started addressing this for default installs (though OEMs could still screw things up.) OS X and Linux users don't run as root by default, usually (at least, I haven't seen a Linux distribution that set things up this way, though they could still do it.)
Besides, let's face it. Not running as root doesn't prevent trojans from doing nasty things. If you don't believe me, I have a shell script I'd like you to run on your computer....
Suddenly, even your grandpa will notice something is wrong. This is really a straw-man. The point is indetectability from within the guest OS (i.e. antivirus or whatever security software is running should not be able to detect it.) There are plenty of attacks that you can use to detect the infection from the outside.
The problem is where that effort comes from. Client-side spamfighting solutions put the burden on the client--I'm totally in control. Fighting spam with TXT records require that I reject all mail from domains that don't have a TXT record--which isn't really an option for everyone.
Interesting. I was going solely on what others in the thread have implied (that Debian updated the stable repositories rather than the volatile ones for the US TZ change.)
Generally speaking, I'd say that they did the wrong thing back then (from a policy perspective.)
Realistically, the number of affected servers in the US is probably large enough that there would be a huge backlash and people driven away from the project if Debian had done this, despite the fact that the policy is there and the volatile repository is available. Lots of people don't know about it (most just track stable) and so it could have really caused a lot of problems. New Zealand is small enough that Debian can use it to get some publicity on the subject (that -volatile exists, that it's used for this kind of thing, and that it probably ought to be tracked.)
I like the policy itself. Going against policy for really big problems is probably ok, too. And now, hopefully more geeks who run Debian will understand the way things are handled and will be prepared for next time.
You may want to stay away from volatile memory then. And volatile variables in C, which the Kernel is written in (probably ought to stay away from Linux, just to be safe.)
While we're playing the definitions game, the first defintion of server is "A person who serves." Why are you enabling volatile repositories on a person!?
Seriously. I shouldn't be feeding you, but there you go.
I like Ubuntu a lot. I run it on my home fileserver, my work workstation, and my home desktop. That said, in the 6.xx version, I had a ton of problems during many updates, mostly relating to X Windows. Proprietary (NVidia) driver? Stopped working twice after kernel upgrades (even after recompiling the stub driver didn't work--arcane magic was required to get my desktop back.) An Xorg update did the same. In 6.10, a kernel update left drivers out of the initramfs that had been available during the install--and which ran my SATA controller. No booting love. Arcane magic required.
It's good stuff, but in my experience, it's been fairly unstable.
Some form of protection is essential due to the epidemic of careless software developers. MAC certainly works, but as someone else posted, there's just no way to make it simple for the end-user. MAC simplicity means that the vendor has used sane defaults for common applications. Jails are good for doing things that people usually try to do with chroot, and they're improving all the time. I've never noticed an overhead problem, myself--can you elaborate?
As for complexity, this has been addressed using third-party applications. ez-jail http://erdgeist.org/arts/software/ezjail/ makes management a snap, though it slightly increases the overhead and complexity of backups (it uses nullfs to mount read-only copies of system binaries into the jail.) Of course, it's only suitable for a full system within the jail--something which is certainly not required, if all you want to do is jail a single process/service.
Interestingly, though, unidirectional NAT can be useful as a security tool. Because most implementations of NAT require that ports be explicitly forwarded, it's similar to having a firewall.
They may all be bugs, but they're still annoying, and when they inhibit usability, they force me to go to another browser. Hopefully 9.5 will be better.
In my case I use Safari for windows when some flash doesn't work well in Opera. Not an option for Linux users like me.
I like Opera quite a bit, but it has enough quirks that I don't use it for everything.
* Periodically (and not consistently reproduceably) Google Reader flips out. I can see one headline of one article, but the story and all other headlines are lost.
* Plugins are a nasty hack. No one writes plugins for/Opera/, they write them for/Firefox/ so they have to use a wrapper. I wish they'd do more work on this.
* Plugins can't capture user input, so if I'm playing a Flash game in Opera, and the whole webpage doesn't fit on one screen, then using the arrow keys will send the input to both Opera and to the Flash game. The webpage scrolls at the same time that the Flash game is receiving the input.
* Managing per-site preferences takes forever (load times, mostly). This wouldn't be too big of a deal if Opera had better extensibility (mostly, I want to be able to enable cookies, Javascript, and plugins on a per-site basis.)
None of these alone are showstoppers, but I do find myself using Firefox more and more, despite the bloat, because more and more websites require Java, Flash, cookies, etc, which is a whole separate level of annoyance.
If you're a programmer, you shouldn't complain about this. It just means that when the time comes to customize something like this, you'll have a better chance at getting the job:)
Honestly, I'd suspect that it's more like an old dog not interested in learning new tricks. Web 2.0 has a large social aspect. It's about communicating when you aren't in person (like IRC, only flashier.) It's about getting the information you want out of a website and ignoring the chaff.
To take an example from the grandparent post, RSS is a great tool for keeping up on website content. Rather than going to every site you wish to keep up with, every day (this includes news sites, not just fluff), you can check one place to see if there is any updated content. If there is updated content, you can scan headlines to see if they're worth reading. If any are worth reading, then you can go to the article. It's honestly a pretty big time saver if you visit any websites regularly.
Another example, Wikipedia (specifically editing it) is akin to volunteer work. It's about helping your community. It may not appeal to you, but that doesn't mean that there isn't value in it.
Flikr is just a filedump. Yeah, you can comment on the photos, but realistically, it's a place to put your photos so that other people can see them. I'm not surprised that it doesn't appeal to everyone. I only visit it when someone puts a slideshow of their vacation or their kids up there.
Anyway, it's just new stuff. New ways of publishing and consuming information.
I'm pretty sure that every major carrier can block SMS to your phone. What I dislike is that they can't selectively block SMS (I want to whitelist people who can send me messages.) Have you tried calling your carrier?
You've confused "Fantasy" with "Science Fiction." Generally speaking, good science fiction could happen if the technologies emerge. Fantasy, generally speaking, couldn't.
Then again, there is that saying about technology and magic....
Freezing someone else's credit as a prank or as harassment would definitely be something to try to prevent. But really, certified mail isn't that authoritative, anyway.
I get it, thank you very much. The point is that if a virus-infected executable is executed by the user in a situation where the user's privileges are limited and where Antivirus is run as admin (the exact situation that I described), then the virus simply cannot cover its tracks. Root/Administrator/whatever will be able to see it and stop it (assuming the proper signatures/heuristics are available.)
Data loss and integrity is a completely separate issue.
If we were under this onus several years ago, would we have Firefox today? 7-zip? Gaim? Probably not. A lot of really good, professional-grade projects probably wouldn't have gotten off of the ground.
I'm not saying that you're wrong, I'm just saying that there's a lot to consider.
No, you don't need to run the executables. People submit malware to Antivirus companies all the time. If the malware is signed (and in this situation, for it to have run, we assume that it was signed) and verified to be malware, you revoke their certificate.
You can make the certificate-granting process itself hard enough without requiring money. Time and effort are also things which are in limited supply, but which are required anyway to write code. And in theory, if you're a good little developer and you don't write bad code, it's a one-time cost.
This only protects against a few threats, like theft of personal information (assuming the VM doesn't get access to the rest of the drive.) The computer can still wreak havoc on the Internet if the VM has network access, and frankly, that's what matters.
Linux is largely safe from trojans because it's not popular enough to be a target. Linux is safe from worms because it is securely written. Linux is safe from viruses because Antivirus software will run as root, and Linux enforces a security model where the virus infection should be limited to the user's profile, rather than the root or system.
Note that of the three, trojans are the hardest to guard against (basically requiring either common sense or a white list).
Everyone seems stuck in the context of web browsers for some reason...In the Microsoft world, at least, IE7+Vista actually has a pretty secure design. A whitelist isn't going to be intended to stop flaws in the software--rather, it's intended to manage computer-related problems due to flaws in the human brain.
Unfortunately, it's just not workable without a pretty big shift in the way we think about computers. They have to stop being "general purpose" devices. We're talking about going to a cross between WebTV and personal computers, here, and that's a scary thought.
I still think that a license to use the Internet is what's in order. Remove a person's license, and if they still cause problems on the network, fine them.
Slashdot Mirror
Realistically, it's probably never going to matter unless you provide that recording to someone else. For example, if you try to use it in court, or send it to someone that the person knows.
You wouldn't be breaking the spirit of the law, for example, if you recorded the conversation so that you could personally refer back to it and/or transcribe it later.
Saying "Our software isn't finished, but you're going to pay $600 (or now, $400) for it isn't going to instill a lot of confidence. They probably planned on using "Now with 3rd party support!" as a way to generate good PR. Too bad they are taking so much flack right now for the update wiping 3rd party software. They're deficit-spending their own good will.
Besides, let's face it. Not running as root doesn't prevent trojans from doing nasty things. If you don't believe me, I have a shell script I'd like you to run on your computer....
The problem is where that effort comes from. Client-side spamfighting solutions put the burden on the client--I'm totally in control. Fighting spam with TXT records require that I reject all mail from domains that don't have a TXT record--which isn't really an option for everyone.
Interesting. I was going solely on what others in the thread have implied (that Debian updated the stable repositories rather than the volatile ones for the US TZ change.)
Generally speaking, I'd say that they did the wrong thing back then (from a policy perspective.)
Realistically, the number of affected servers in the US is probably large enough that there would be a huge backlash and people driven away from the project if Debian had done this, despite the fact that the policy is there and the volatile repository is available. Lots of people don't know about it (most just track stable) and so it could have really caused a lot of problems. New Zealand is small enough that Debian can use it to get some publicity on the subject (that -volatile exists, that it's used for this kind of thing, and that it probably ought to be tracked.)
I like the policy itself. Going against policy for really big problems is probably ok, too. And now, hopefully more geeks who run Debian will understand the way things are handled and will be prepared for next time.
You may want to stay away from volatile memory then. And volatile variables in C, which the Kernel is written in (probably ought to stay away from Linux, just to be safe.)
While we're playing the definitions game, the first defintion of server is "A person who serves." Why are you enabling volatile repositories on a person!?
Seriously. I shouldn't be feeding you, but there you go.
Heard of UTC? It doesn't change, which really makes it more suitable for logs, anyway.
I like Ubuntu a lot. I run it on my home fileserver, my work workstation, and my home desktop. That said, in the 6.xx version, I had a ton of problems during many updates, mostly relating to X Windows. Proprietary (NVidia) driver? Stopped working twice after kernel upgrades (even after recompiling the stub driver didn't work--arcane magic was required to get my desktop back.) An Xorg update did the same. In 6.10, a kernel update left drivers out of the initramfs that had been available during the install--and which ran my SATA controller. No booting love. Arcane magic required.
It's good stuff, but in my experience, it's been fairly unstable.
Some form of protection is essential due to the epidemic of careless software developers. MAC certainly works, but as someone else posted, there's just no way to make it simple for the end-user. MAC simplicity means that the vendor has used sane defaults for common applications. Jails are good for doing things that people usually try to do with chroot, and they're improving all the time. I've never noticed an overhead problem, myself--can you elaborate?
As for complexity, this has been addressed using third-party applications. ez-jail http://erdgeist.org/arts/software/ezjail/ makes management a snap, though it slightly increases the overhead and complexity of backups (it uses nullfs to mount read-only copies of system binaries into the jail.) Of course, it's only suitable for a full system within the jail--something which is certainly not required, if all you want to do is jail a single process/service.
Interestingly, though, unidirectional NAT can be useful as a security tool. Because most implementations of NAT require that ports be explicitly forwarded, it's similar to having a firewall.
I like Opera quite a bit, but it has enough quirks that I don't use it for everything.
/Opera/, they write them for /Firefox/ so they have to use a wrapper. I wish they'd do more work on this.
* Periodically (and not consistently reproduceably) Google Reader flips out. I can see one headline of one article, but the story and all other headlines are lost.
* Plugins are a nasty hack. No one writes plugins for
* Plugins can't capture user input, so if I'm playing a Flash game in Opera, and the whole webpage doesn't fit on one screen, then using the arrow keys will send the input to both Opera and to the Flash game. The webpage scrolls at the same time that the Flash game is receiving the input.
* Managing per-site preferences takes forever (load times, mostly). This wouldn't be too big of a deal if Opera had better extensibility (mostly, I want to be able to enable cookies, Javascript, and plugins on a per-site basis.)
None of these alone are showstoppers, but I do find myself using Firefox more and more, despite the bloat, because more and more websites require Java, Flash, cookies, etc, which is a whole separate level of annoyance.
If you're a programmer, you shouldn't complain about this. It just means that when the time comes to customize something like this, you'll have a better chance at getting the job :)
Honestly, I'd suspect that it's more like an old dog not interested in learning new tricks. Web 2.0 has a large social aspect. It's about communicating when you aren't in person (like IRC, only flashier.) It's about getting the information you want out of a website and ignoring the chaff.
To take an example from the grandparent post, RSS is a great tool for keeping up on website content. Rather than going to every site you wish to keep up with, every day (this includes news sites, not just fluff), you can check one place to see if there is any updated content. If there is updated content, you can scan headlines to see if they're worth reading. If any are worth reading, then you can go to the article. It's honestly a pretty big time saver if you visit any websites regularly.
Another example, Wikipedia (specifically editing it) is akin to volunteer work. It's about helping your community. It may not appeal to you, but that doesn't mean that there isn't value in it.
Flikr is just a filedump. Yeah, you can comment on the photos, but realistically, it's a place to put your photos so that other people can see them. I'm not surprised that it doesn't appeal to everyone. I only visit it when someone puts a slideshow of their vacation or their kids up there.
Anyway, it's just new stuff. New ways of publishing and consuming information.
I'm pretty sure that every major carrier can block SMS to your phone. What I dislike is that they can't selectively block SMS (I want to whitelist people who can send me messages.) Have you tried calling your carrier?
You've confused "Fantasy" with "Science Fiction." Generally speaking, good science fiction could happen if the technologies emerge. Fantasy, generally speaking, couldn't.
Then again, there is that saying about technology and magic....
Freezing someone else's credit as a prank or as harassment would definitely be something to try to prevent. But really, certified mail isn't that authoritative, anyway.
I get it, thank you very much. The point is that if a virus-infected executable is executed by the user in a situation where the user's privileges are limited and where Antivirus is run as admin (the exact situation that I described), then the virus simply cannot cover its tracks. Root/Administrator/whatever will be able to see it and stop it (assuming the proper signatures/heuristics are available.)
Data loss and integrity is a completely separate issue.
If we were under this onus several years ago, would we have Firefox today? 7-zip? Gaim? Probably not. A lot of really good, professional-grade projects probably wouldn't have gotten off of the ground.
I'm not saying that you're wrong, I'm just saying that there's a lot to consider.
$500 is not ok. FOSS probably can't afford that.
No, you don't need to run the executables. People submit malware to Antivirus companies all the time. If the malware is signed (and in this situation, for it to have run, we assume that it was signed) and verified to be malware, you revoke their certificate.
You can make the certificate-granting process itself hard enough without requiring money. Time and effort are also things which are in limited supply, but which are required anyway to write code. And in theory, if you're a good little developer and you don't write bad code, it's a one-time cost.
This only protects against a few threats, like theft of personal information (assuming the VM doesn't get access to the rest of the drive.) The computer can still wreak havoc on the Internet if the VM has network access, and frankly, that's what matters.
It's a multi-part issue.
Linux is largely safe from trojans because it's not popular enough to be a target. Linux is safe from worms because it is securely written. Linux is safe from viruses because Antivirus software will run as root, and Linux enforces a security model where the virus infection should be limited to the user's profile, rather than the root or system.
Note that of the three, trojans are the hardest to guard against (basically requiring either common sense or a white list).
Everyone seems stuck in the context of web browsers for some reason...In the Microsoft world, at least, IE7+Vista actually has a pretty secure design. A whitelist isn't going to be intended to stop flaws in the software--rather, it's intended to manage computer-related problems due to flaws in the human brain.
Unfortunately, it's just not workable without a pretty big shift in the way we think about computers. They have to stop being "general purpose" devices. We're talking about going to a cross between WebTV and personal computers, here, and that's a scary thought.
I still think that a license to use the Internet is what's in order. Remove a person's license, and if they still cause problems on the network, fine them.