The thing is, they're obviously working on it. The CODEC assistant thing shows that.
But there's another issue. Application developers and Linux distributors have problems bundling non-free applications. They'd have to get Adobe to let them do it (it's not part of the default license) which probably requires some amount of money.
Otherwise, the issues seem largely to do with familiarity. Gimp looks different. Can't find music. Doesn't know that Transmission is a bittorrent client (this is an easily fixed issue, as stated in the article, though.) While some of this can be coded around, one must wonder if it's really an issue with stupidity, as you speculate.
One thing's for sure, in my mind. Ubuntu needs to fix the Flash issue. It's just too big a deal for most people.
It's a short term benefit with long term consequences. We'll never see those long term consequences if no one uses Linux because it's so different. Like it or not, Windows is the de facto standard right now. Trying to move people out of their comfort zone is difficult.
Good grief! I guess this comment shows why we're behind in this country with cell phone and other wireless gadget technology. Maybe it shows that we're behind, but not why. The reason that we're behind is because the infrastructure is "good enough" for most people, and putting out cell towers that service a dozen people in the sticks is not cost-effective.
People look at countries in Europe and wonder why the US can't have as comprehensive a cellular infrastructure.. Usually, they have forgotten that those countries are a) much more socialist (not that I'm judging socialism one way or another, but the governments there have a greater say in things like this, which are largely considered public interest) and b) much, much smaller, and with a higher population density.
Some sites started offering an iPhone version when that device became popular. I'd bet that there are more people living in rural areas without acess to broadband than there are iPhone users.
From my brief look at doxygen, it looks like the biggest difference is semantic. Literate Programming with web is effectively documentation with code bits and metacode to indicate where the code bits should go. This means that the code bits can be (and should be) in the order that makes the most sense for the documentation. This is not necessarily the order that makes the most sense for the code.
Doxygen looks like it just extracts properly formatted comments in code in order to generate documentation. Web extracts properly formatted bits of code in order to generate a semantically correct C file.
If they're using Apache, check out mod_gnutls. It supports SNI (Server Name Indication) meaning that your virtual hosts on the same IP can have different SSL certs.
Not all, but many, are not really very good these days and the quality or lack thereof of software and all the bloat it entails stands as a testement to that fact. To be fair, at least some of the lower quality and higher bloat has to be attributed to management requiring high turnaround for applications. It's one thing to write code well. It's another thing to write code well and fast.
I've tried a number of bourbon-like whiskeys, and I have to say that one of my favorites is Japanese: Suntory 18 year. After that is Noah's Mill. Neither of these do I consider staples, though. I found some stuff that's quite a bit smoother than Maker's Mark, about the same price, but long out of production:( I stocked up and drink it when I'm in the mood for something excellent.
It's hard to screw up asymmetric encryption. The hard part would be managing a key store for the PUBLIC keys (that's the only key you need to keep, and it would not be useful for botnet researchers.) The private key would be kept on the individual zombie and used to sign encrypted messages to the peers, and decrypt messages destined for it.
A researcher couldn't send a command to the botnet from the botnet controller--it wouldn't have the botnet controller's private key. It could act as a peer (with its own private key and public key in the keystore), but presumably the power one peer has over another is fairly limited.
The problem with this is that malware sometimes patches the flaw in order to prevent competing malware from getting onto the machine. Welchia's approach was to pro-actively patch vulnerable machines and delete Blaster if it found it.
And anyone who doesn't do backups WILL lose data, it's only a question of when. My grandfather never backed up his data, and he never lost it. He died before he could.
People who make absolute statements tend to be wrong eventually.
One of the problems is that the Storm network uses the Overnet protocol to communicate with its peers. That's the only real way to identify Storm from network traffic, but there can be false positives.
What you can detect is someone sending spam or (apparently) involved in a DOS. And if ISPs detect this, they should notify the user and/or shut them down.
If you think about the terms used: Informative means providing information. In the context of Slashdot, it should be information pertaining to the topic. This is not highly subjective, until you start talking about tangents.
Interesting is highly subjective. What's interesting to one person may be flat out boring to another. It's probably a bad moderation, but it's always going to be biased.
Insightful is somewhere between the two. Realistically, it ought to be reserved for times when a poster comes up with new and unique information--an insight, if you will--into the current thread.
I don't think there's really a place for "I agree" or "I disagree" moderation. If you disagree, rebut the post. If you agree, post an agreement that adds to the discussion or just keep on reading. Leave agreement and disagreement to the slums of Digg.
Wait, what? What do you want Microsoft to do about people opening a postcard that ends in.exe?
The exploits that Storm tries to use to automatically infect people don't work on patched versions of the browser. People who don't update their computers aren't Microsoft's fault. People who click on unsafe downloads aren't Microsoft's fault. So what is it that you want them to do, exactly?
I don't understand how they would do this without either being in the middle of the bot communication (being in-line between many infected hosts.) Otherwise, they must be interacting with the bots, which is where the danger lies. Suppose that the bot is configured to self-destruct if it receives a bad communication hash?
I don't think that it's feasible to identify people who are infected and help them clean their computers--at least, not for these researchers. Also, there's no patch for human gullibility--so what's to say that the person won't get infected all over again?
While I think that poisoning Storm is a gray area, I don't think that these researchers are going to be able to lead the charge to clean up end-users PCs.
That reasonable middle ground is due process. The article was extremely light on the details of how due process works in Brazil, and whether or not such processes were followed.
If this had been the US government, the Constitution and years of constitutional law and judicial rulings would have required a subpoena, signed by a judge, and pertaining to specific data before Google would give up the information.
Of course, 6 years of recent executive power would have required only the waterboarding of Google's CEO in order to get the information.
From the article, it looked to me like they were asking Google for access to private photo albums. I don't know what evidence they had on the matter, what the privacy standards are like in Brazil, or whether they had a lawful subpoena, but if something like that was tried in the US, freedom-loving people would be throwing a hissy-fit, and possibly rightfully so.
Slashdot Mirror
The thing is, they're obviously working on it. The CODEC assistant thing shows that.
But there's another issue. Application developers and Linux distributors have problems bundling non-free applications. They'd have to get Adobe to let them do it (it's not part of the default license) which probably requires some amount of money.
Otherwise, the issues seem largely to do with familiarity. Gimp looks different. Can't find music. Doesn't know that Transmission is a bittorrent client (this is an easily fixed issue, as stated in the article, though.) While some of this can be coded around, one must wonder if it's really an issue with stupidity, as you speculate.
One thing's for sure, in my mind. Ubuntu needs to fix the Flash issue. It's just too big a deal for most people.
People look at countries in Europe and wonder why the US can't have as comprehensive a cellular infrastructure.. Usually, they have forgotten that those countries are a) much more socialist (not that I'm judging socialism one way or another, but the governments there have a greater say in things like this, which are largely considered public interest) and b) much, much smaller, and with a higher population density.
Some sites started offering an iPhone version when that device became popular. I'd bet that there are more people living in rural areas without acess to broadband than there are iPhone users.
From my brief look at doxygen, it looks like the biggest difference is semantic. Literate Programming with web is effectively documentation with code bits and metacode to indicate where the code bits should go. This means that the code bits can be (and should be) in the order that makes the most sense for the documentation. This is not necessarily the order that makes the most sense for the code.
Doxygen looks like it just extracts properly formatted comments in code in order to generate documentation. Web extracts properly formatted bits of code in order to generate a semantically correct C file.
Pear with prepared statements has been around for a while. What method are you guys talking about that prevents SQL injection without that?
If they're using Apache, check out mod_gnutls. It supports SNI (Server Name Indication) meaning that your virtual hosts on the same IP can have different SSL certs.
I would buy one of these if they worked with non-Symbian, non-Ericsson phones. They're really neat looking devices.
Staying off-topic.
:( I stocked up and drink it when I'm in the mood for something excellent.
I've tried a number of bourbon-like whiskeys, and I have to say that one of my favorites is Japanese: Suntory 18 year. After that is Noah's Mill. Neither of these do I consider staples, though. I found some stuff that's quite a bit smoother than Maker's Mark, about the same price, but long out of production
It's hard to screw up asymmetric encryption. The hard part would be managing a key store for the PUBLIC keys (that's the only key you need to keep, and it would not be useful for botnet researchers.) The private key would be kept on the individual zombie and used to sign encrypted messages to the peers, and decrypt messages destined for it.
A researcher couldn't send a command to the botnet from the botnet controller--it wouldn't have the botnet controller's private key. It could act as a peer (with its own private key and public key in the keystore), but presumably the power one peer has over another is fairly limited.
The problem with this is that malware sometimes patches the flaw in order to prevent competing malware from getting onto the machine. Welchia's approach was to pro-actively patch vulnerable machines and delete Blaster if it found it.
People who make absolute statements tend to be wrong eventually.
No, what they're doing is tricking you into giving them your gun. It's a much stickier and gray situation.
And years of training will cause the users to just click "Yes" so that they can see their naked picture of Natalie Portman petrified in hot grits.
The damage has already been done.
It's not particularly easy.
One of the problems is that the Storm network uses the Overnet protocol to communicate with its peers. That's the only real way to identify Storm from network traffic, but there can be false positives.
What you can detect is someone sending spam or (apparently) involved in a DOS. And if ISPs detect this, they should notify the user and/or shut them down.
So they're suggesting DOSing the zombie computers? That sounds like a great idea without any repercussions.
If you think about the terms used:
Informative means providing information. In the context of Slashdot, it should be information pertaining to the topic. This is not highly subjective, until you start talking about tangents.
Interesting is highly subjective. What's interesting to one person may be flat out boring to another. It's probably a bad moderation, but it's always going to be biased.
Insightful is somewhere between the two. Realistically, it ought to be reserved for times when a poster comes up with new and unique information--an insight, if you will--into the current thread.
I don't think there's really a place for "I agree" or "I disagree" moderation. If you disagree, rebut the post. If you agree, post an agreement that adds to the discussion or just keep on reading. Leave agreement and disagreement to the slums of Digg.
Wait, what? What do you want Microsoft to do about people opening a postcard that ends in .exe?
The exploits that Storm tries to use to automatically infect people don't work on patched versions of the browser. People who don't update their computers aren't Microsoft's fault. People who click on unsafe downloads aren't Microsoft's fault. So what is it that you want them to do, exactly?
I don't understand how they would do this without either being in the middle of the bot communication (being in-line between many infected hosts.) Otherwise, they must be interacting with the bots, which is where the danger lies. Suppose that the bot is configured to self-destruct if it receives a bad communication hash?
I don't think that it's feasible to identify people who are infected and help them clean their computers--at least, not for these researchers. Also, there's no patch for human gullibility--so what's to say that the person won't get infected all over again?
While I think that poisoning Storm is a gray area, I don't think that these researchers are going to be able to lead the charge to clean up end-users PCs.
Thank you for the interesting insights into Brazil's government!
That reasonable middle ground is due process. The article was extremely light on the details of how due process works in Brazil, and whether or not such processes were followed.
If this had been the US government, the Constitution and years of constitutional law and judicial rulings would have required a subpoena, signed by a judge, and pertaining to specific data before Google would give up the information.
Of course, 6 years of recent executive power would have required only the waterboarding of Google's CEO in order to get the information.
From the article, it looked to me like they were asking Google for access to private photo albums. I don't know what evidence they had on the matter, what the privacy standards are like in Brazil, or whether they had a lawful subpoena, but if something like that was tried in the US, freedom-loving people would be throwing a hissy-fit, and possibly rightfully so.
Honestly, that seems pretty suspicious. Also, if it's a kernel driver, it's going to require admin access to the public terminal--highly unlikely.