I honestly think that they're doing this to try to kill off DVDs. It apparently costs considerably less to stream movies than to mail DVDs, and with DVDs, you have a lot more physical assets to manage.
Ubuntu appears to have a policy regarding support. The longest they'll support something is an LTS Server release, at 5 years. At least according to their Wiki:
That said, I think that support should be based upon the last time that a product was sold/distributed/promoted by the company. When it was first sold is completely irrelevant. It's been 3 years for XP. It's harder to compare to an open source OS.
Can viruses and rootkits actually be removed, or not? If you fix the MBR and have some tool that claims to find and remove the rootkit is it actually gone, or do you always need to format and reinstall? Is there stuff, even non virus stuff, just floating around that's mucking up your system that nothing can get rid of? That seems unlikely in this day and age.
Viruses have the upper hand because they come first. Although heuristic-driven antivirus has been around for a while, it's never been fully effective. So once the virus gets on the system, you can never know for sure that it's gone. The virus could simply be very effective at hiding itself from the virus scanner. It could be causing the virus scanner to report a status of "Updated" when, to the contrary, updates have not been applied in some time. Ultimately, if the virus is running at the highest privilege level, you just can't trust your system tools to be telling the truth.
That said, a bootable antivirus CD which can update from the Internet eliminates this issue, and could probably definitively tell you that your system is clean of viruses of which it is aware. Even so, if I thought I had a virus, I would reformat and reinstall.
Yeah, the GP clearly exaggerated (or is wildly out of touch with what "most people" means) but the point stands. At $15/mo, less than the cost of dinner and a movie (heck, in some places, less than the cost of a movie) you can get several hours of entertainment. One could probably discuss the quality of the entertainment, but that wasn't discussed. And there's the value of opportunity, too. That $15 gets you as much playtime per month as you want. When that movie ends, it ends.
Even if you play for 4 hours, 4 times a month (16 hours) you're beating almost all commercial entertainment that's out there.
Well, there's a saying: "Don't stick your dick in crazy." And people do it anyway, knowing the consequences. I think that some people are idiots, but I think that most people don't realize that a USB drive can be dangerous. So, yeah, a little bit of both, but we're still blaming the victims. The OS shouldn't let a USB drive be dangerous.
I will quibble, though, that rights are not based on available manpower. It either is a right (to not be tracked without a warrant) or it isn't. I believe the spirit of the constitution and the spirit of justice says that the police should be required to get a warrant for any investigative "tools" that target an individual and which aren't emergencies.
In general, I think that police should be able to follow a suspect around public areas without a warrant. I think there are reasonable parameters you would put on such tailing. The person should be the subject of an ongoing investigation. The police should not interfere or harass the subject. The police should not go anywhere where the subject would have a reasonable expectation of privacy, or on private land (discounting privately owned areas that are public--e.g. the police should be able to go into Wal Mart, though the managers should be able to ask them to leave the premises.)
A GPS and a tail are probably invasive for different reasons. The GPS is affixed to the vehicle somehow, which means it directly contacts the person or their property. It can follow the subject onto private areas, which would give the police additional information even if it couldn't be used directly in court. But it's mostly invisible to the subject, in contrast to a tail. The tail is at least an adult human being, and quite probably includes a police vehicle. That could affect a person's reputation.
So I could see both sides to the argument.
The point about resources was perhaps poorly thought out. I still think it's valid, but for different reasons. The gist is that limited resources inherently creates a barrier to abuse. It might mean that less oversight is required. But you're correct that the rights shouldn't be dependent upon resources. That does mean that warrantless GPS tracking is likely to be upheld in certain, specific circumstances, such as when a vehicle doesn't have to be broken into or modified. SCOTUS is unlikely to find that e.g. magnetic attachment violates the right to unreasonable search.
Exactly. I'd put money on it being a 5-4 split along ideological lines.
The thing is, I can see it both ways. The police don't need a warrant to follow a suspect. This isn't much different. The big difference is that police manpower is inherently limited, whereas GPS tracking is effectively unlimited. What needs to be decided is whether or not unlimited tracking is within the bounds of the Constitution.
Of course, there are other issues. Affixing a GPS to someone's car requires either breaking in (which should clearly violate the 4th amendment), attaching it to the exterior of the car via mechanical means (modifying property should clearly violate the 4th amendment), or affixing it via a magnet. The latter is frankly the easiest to justify, but still needs to pass the test I mentioned above.
Personally, I think that unlimited tracking crosses a line. But I can very easily see the argument that it's a simple extension of police tracking that is enabled through the use of new technology.
Unless Taiwan is a huge market for apps, this is largely irrelevant. The OP thinks that 15 minutes is too short, yet Apple has generated over $2 billion in app store sales.
And Apple's official policy seems to be no returns in markets where consumer laws don't require it. Some people have said that Apple will accept returns--I can't verify this.
One particularly interesting one is TarSnap. The best part is the client is OSS
Be aware that while the Tarsnap source is available, it's not really OSS (according to the guidelines of the OSS Initiative.) Colin Percival does not permit modified clients to connect to the tarsnap service, nor does he allow redistribution of modified clients. The main purpose for distributing source seems to be verifying that the encryption is done properly (this is a good thing) and compiling for your specific platform (also good).
They don't actually change screen brightness--they seam to be modifying opacity, which affects readability.
Try this: change the brightness in iBooks, and pay attention to the status bar. You'll notice that it's brightness changes. Now try the same in Nook. The status bar doesn't change.
Neither app, interestingly, affects system brightness. But iBooks can change elements outside of it's own domain.
IIRC, apps can't have access to brightness controls. Apple's iBooks has a true brightness control. iBooks does not come as part of the OS--it is an app store download, and is a feature which is used to make money selling books.
If you don't mind talking about applications which come with iOS but which fall outside of system functions, then Safari gets some attention. Safari is allowed to compile and execute code in the data segment of memory, bypassing a rather large security function. And long before multitasking was available, Apple's software could run in the background.
I have first.last@gmail, and I occasionally get mail for firstlast@gmail. It's pretty irritating. I used to reply and say they had the wrong person, but the idiots sending me mail refused to change their address books.
I've also had people accuse me of first playing a joke, then lying to them when I said I wasn't this guy. They were relegated to the bitbucket rather quickly.
The worst part is that periods aren't supposed to be meaningful in Gmail addresses.
It doesn't need to be - Very few people need to know to avoid it affecting their normal routine. My ISP (f'n Comcast) isn't helping me out with IPv6 and neither is my employer (a major national lab), but I expect zero effect. I suspect that I'm just a typical example of the vast majority of the population.
You're actually among the most likely people to notice, then. Depending upon your OS/browser/configuration, sites can fail or become quite slow if they advertise a AAAA record but you only have v4 connectivity. In fact, that's one of the things that's being measured today.
Me? I have v6 and I don't notice a difference. I have to go looking with tcpdump to see if I'm actually connecting to the v6 address or to the v4 address. As far as I can find, there's no place in my browser which tells me one way or the other.
Surely there will be the people holding on to older versions, and getting them to upgrade would be prying it from their cold dying hands (or being locked in with lack of OS support... cough IE and Windows XP).
Don't forget websites which only work with specific versions of browsers. That's the only reason I keep a copy of Firefox 3 around--one particular campus site doesn't work with Firefox 4.
For years you have been assuming something that isn't true. The basic Unix security model is nothing special.
I agree. But people spout this all the time on Slashdot.
The two main reasons for this are the lack of homogeneity among various Unix-type operation systems and the differing average competence level of Windows vs Unix admins.
Don't forget the differing purposes. When people start talking about "all the Linux servers out there" they're usually comparing it to all the Windows clients out there. If you're comparing a client to a server, there are a whole class of attacks that won't hit the server (probably) because you aren't browsing, reading e-mail on it, etc.
That said, I've seen plenty of Unix machines get compromised in various ways, from defaced websites to guessed login passwords. Trojans are fairly rare, though, and they seem to be the most common malware in the Windows world these days. Windows is vastly more secure today than it was 8 years ago, but you can't fix stupid without removing most of the user's ability to manage the machine (see iOS.)
We essentially prevent that due to exceptions in the blanket statement I made. Hosts which don't allow password logins (e.g. using certificates or keys) don't get the blacklist. Mail doesn't get the blacklist, but that's because a different subgroup runs that. If we did run mail, we would use alternate accounts to deal with unblocking, or perhaps require a phone call. And we'd probably have a fumble-finger wall of shame:)
We use honeypots purely for denyhosts purposes. These are machines which are not in DNS and should never have machines connect to it. If a machine connects, we assume that it's malicious and add it to a blocklist which is shared amongst the rest of our machines. No one ever gets in to the honeypot. One could wait for a failed login attempt to occur (it would be a little more generous to scanners who aren't trying to break in)--it's just a tradeoff. We're much harsher.
One thing to realize is that the CDDL is an open license. It is incompatible with the GPL, which makes some people think that it's not open. This means that it can't be incorporated into the kernel (under most interpretations of the GPL and CDDL.)
A different issue is the possibility that Btrfs infringing on Sun's patents. If Btrfs starts gaining any traction, you can bet that Sun will sue over it, whether or not there's any actual merit to the case.
And apart from ZFS suffering from NIH problems as well as the CDDL licensing, I really don't see any compelling reason to add yet another filesystem that does largely the same thing.
But the licensing is a dealbreaker on Linux. Btrfs being licensed GPL means BSD can't use it. ZFS being licensed GPL means Linux can't use it.
Slashdot Mirror
What does the UID have to do with anything, anyway?
I honestly think that they're doing this to try to kill off DVDs. It apparently costs considerably less to stream movies than to mail DVDs, and with DVDs, you have a lot more physical assets to manage.
Ubuntu appears to have a policy regarding support. The longest they'll support something is an LTS Server release, at 5 years. At least according to their Wiki:
https://wiki.ubuntu.com/LTS
That said, I think that support should be based upon the last time that a product was sold/distributed/promoted by the company. When it was first sold is completely irrelevant. It's been 3 years for XP. It's harder to compare to an open source OS.
Can viruses and rootkits actually be removed, or not? If you fix the MBR and have some tool that claims to find and remove the rootkit is it actually gone, or do you always need to format and reinstall? Is there stuff, even non virus stuff, just floating around that's mucking up your system that nothing can get rid of? That seems unlikely in this day and age.
Viruses have the upper hand because they come first. Although heuristic-driven antivirus has been around for a while, it's never been fully effective. So once the virus gets on the system, you can never know for sure that it's gone. The virus could simply be very effective at hiding itself from the virus scanner. It could be causing the virus scanner to report a status of "Updated" when, to the contrary, updates have not been applied in some time. Ultimately, if the virus is running at the highest privilege level, you just can't trust your system tools to be telling the truth.
That said, a bootable antivirus CD which can update from the Internet eliminates this issue, and could probably definitively tell you that your system is clean of viruses of which it is aware. Even so, if I thought I had a virus, I would reformat and reinstall.
Yeah, the GP clearly exaggerated (or is wildly out of touch with what "most people" means) but the point stands. At $15/mo, less than the cost of dinner and a movie (heck, in some places, less than the cost of a movie) you can get several hours of entertainment. One could probably discuss the quality of the entertainment, but that wasn't discussed. And there's the value of opportunity, too. That $15 gets you as much playtime per month as you want. When that movie ends, it ends.
Even if you play for 4 hours, 4 times a month (16 hours) you're beating almost all commercial entertainment that's out there.
idiots
Well, there's a saying: "Don't stick your dick in crazy." And people do it anyway, knowing the consequences. I think that some people are idiots, but I think that most people don't realize that a USB drive can be dangerous. So, yeah, a little bit of both, but we're still blaming the victims. The OS shouldn't let a USB drive be dangerous.
I will quibble, though, that rights are not based on available manpower. It either is a right (to not be tracked without a warrant) or it isn't. I believe the spirit of the constitution and the spirit of justice says that the police should be required to get a warrant for any investigative "tools" that target an individual and which aren't emergencies.
In general, I think that police should be able to follow a suspect around public areas without a warrant. I think there are reasonable parameters you would put on such tailing. The person should be the subject of an ongoing investigation. The police should not interfere or harass the subject. The police should not go anywhere where the subject would have a reasonable expectation of privacy, or on private land (discounting privately owned areas that are public--e.g. the police should be able to go into Wal Mart, though the managers should be able to ask them to leave the premises.)
A GPS and a tail are probably invasive for different reasons. The GPS is affixed to the vehicle somehow, which means it directly contacts the person or their property. It can follow the subject onto private areas, which would give the police additional information even if it couldn't be used directly in court. But it's mostly invisible to the subject, in contrast to a tail. The tail is at least an adult human being, and quite probably includes a police vehicle. That could affect a person's reputation.
So I could see both sides to the argument.
The point about resources was perhaps poorly thought out. I still think it's valid, but for different reasons. The gist is that limited resources inherently creates a barrier to abuse. It might mean that less oversight is required. But you're correct that the rights shouldn't be dependent upon resources. That does mean that warrantless GPS tracking is likely to be upheld in certain, specific circumstances, such as when a vehicle doesn't have to be broken into or modified. SCOTUS is unlikely to find that e.g. magnetic attachment violates the right to unreasonable search.
Exactly. I'd put money on it being a 5-4 split along ideological lines.
The thing is, I can see it both ways. The police don't need a warrant to follow a suspect. This isn't much different. The big difference is that police manpower is inherently limited, whereas GPS tracking is effectively unlimited. What needs to be decided is whether or not unlimited tracking is within the bounds of the Constitution.
Of course, there are other issues. Affixing a GPS to someone's car requires either breaking in (which should clearly violate the 4th amendment), attaching it to the exterior of the car via mechanical means (modifying property should clearly violate the 4th amendment), or affixing it via a magnet. The latter is frankly the easiest to justify, but still needs to pass the test I mentioned above.
Personally, I think that unlimited tracking crosses a line. But I can very easily see the argument that it's a simple extension of police tracking that is enabled through the use of new technology.
Unless Taiwan is a huge market for apps, this is largely irrelevant. The OP thinks that 15 minutes is too short, yet Apple has generated over $2 billion in app store sales.
http://www.talkandroid.com/39922-mobile-app-store-sales-will-grow-77-7-this-year/
And Apple's official policy seems to be no returns in markets where consumer laws don't require it. Some people have said that Apple will accept returns--I can't verify this.
And yet Apple's App Store rakes in the money without any sort of return policy (that I can find) to begin with.
One particularly interesting one is TarSnap. The best part is the client is OSS
Be aware that while the Tarsnap source is available, it's not really OSS (according to the guidelines of the OSS Initiative.) Colin Percival does not permit modified clients to connect to the tarsnap service, nor does he allow redistribution of modified clients. The main purpose for distributing source seems to be verifying that the encryption is done properly (this is a good thing) and compiling for your specific platform (also good).
Every theater has a policy against texting. Few enforce it.
They don't actually change screen brightness--they seam to be modifying opacity, which affects readability.
Try this: change the brightness in iBooks, and pay attention to the status bar. You'll notice that it's brightness changes. Now try the same in Nook. The status bar doesn't change.
Neither app, interestingly, affects system brightness. But iBooks can change elements outside of it's own domain.
IIRC, apps can't have access to brightness controls. Apple's iBooks has a true brightness control. iBooks does not come as part of the OS--it is an app store download, and is a feature which is used to make money selling books.
If you don't mind talking about applications which come with iOS but which fall outside of system functions, then Safari gets some attention. Safari is allowed to compile and execute code in the data segment of memory, bypassing a rather large security function. And long before multitasking was available, Apple's software could run in the background.
I have first.last@gmail, and I occasionally get mail for firstlast@gmail. It's pretty irritating. I used to reply and say they had the wrong person, but the idiots sending me mail refused to change their address books.
I've also had people accuse me of first playing a joke, then lying to them when I said I wasn't this guy. They were relegated to the bitbucket rather quickly.
The worst part is that periods aren't supposed to be meaningful in Gmail addresses.
It doesn't need to be - Very few people need to know to avoid it affecting their normal routine. My ISP (f'n Comcast) isn't helping me out with IPv6 and neither is my employer (a major national lab), but I expect zero effect. I suspect that I'm just a typical example of the vast majority of the population.
You're actually among the most likely people to notice, then. Depending upon your OS/browser/configuration, sites can fail or become quite slow if they advertise a AAAA record but you only have v4 connectivity. In fact, that's one of the things that's being measured today.
Me? I have v6 and I don't notice a difference. I have to go looking with tcpdump to see if I'm actually connecting to the v6 address or to the v4 address. As far as I can find, there's no place in my browser which tells me one way or the other.
Surely there will be the people holding on to older versions, and getting them to upgrade would be prying it from their cold dying hands (or being locked in with lack of OS support ... cough IE and Windows XP).
Don't forget websites which only work with specific versions of browsers. That's the only reason I keep a copy of Firefox 3 around--one particular campus site doesn't work with Firefox 4.
For years you have been assuming something that isn't true. The basic Unix security model is nothing special.
I agree. But people spout this all the time on Slashdot.
The two main reasons for this are the lack of homogeneity among various Unix-type operation systems and the differing average competence level of Windows vs Unix admins.
Don't forget the differing purposes. When people start talking about "all the Linux servers out there" they're usually comparing it to all the Windows clients out there. If you're comparing a client to a server, there are a whole class of attacks that won't hit the server (probably) because you aren't browsing, reading e-mail on it, etc.
That said, I've seen plenty of Unix machines get compromised in various ways, from defaced websites to guessed login passwords. Trojans are fairly rare, though, and they seem to be the most common malware in the Windows world these days. Windows is vastly more secure today than it was 8 years ago, but you can't fix stupid without removing most of the user's ability to manage the machine (see iOS.)
Sure!
We essentially prevent that due to exceptions in the blanket statement I made. Hosts which don't allow password logins (e.g. using certificates or keys) don't get the blacklist. Mail doesn't get the blacklist, but that's because a different subgroup runs that. If we did run mail, we would use alternate accounts to deal with unblocking, or perhaps require a phone call. And we'd probably have a fumble-finger wall of shame :)
We use honeypots purely for denyhosts purposes. These are machines which are not in DNS and should never have machines connect to it. If a machine connects, we assume that it's malicious and add it to a blocklist which is shared amongst the rest of our machines. No one ever gets in to the honeypot. One could wait for a failed login attempt to occur (it would be a little more generous to scanners who aren't trying to break in)--it's just a tradeoff. We're much harsher.
Clearly overlooked is Debian Gnu/kFreeBSD, as well.
Not the AC.
One thing to realize is that the CDDL is an open license. It is incompatible with the GPL, which makes some people think that it's not open. This means that it can't be incorporated into the kernel (under most interpretations of the GPL and CDDL.)
A different issue is the possibility that Btrfs infringing on Sun's patents. If Btrfs starts gaining any traction, you can bet that Sun will sue over it, whether or not there's any actual merit to the case.
And apart from ZFS suffering from NIH problems as well as the CDDL licensing, I really don't see any compelling reason to add yet another filesystem that does largely the same thing.
But the licensing is a dealbreaker on Linux. Btrfs being licensed GPL means BSD can't use it. ZFS being licensed GPL means Linux can't use it.
Are you trolling? Kernel work isn't development?