All that you need to do, as far aas I understand it, is turn Challenge/Response authentication off (which nobody uses anyway). So the line in/etc/ssh/sshd_config reads:
ChallengeResponseAuthentication no
and then restart the daemon.
Big deal.
I don't see any need to upgrade anything. Yes, privilege separation is nice in terms of future security, but I prefer the (more likely) known stability of software that has been in use for a while.
Debian security policy is that vulnerability fixes are backported (to avoid adding anything that could cause instability or further insecurity); this was made impossible by Theo's and ISS' advisory which lacked any details about the exploit. This may have been justified had the exploit not be able to be prevented by a simple configuration change (in order to give administrators time to prepare an upgrade their systems), but not for this.
Cheers, Theo, you just cried Wolf for the entire community. If there ever is a hole major enough that everyone should (or might want to) upgrade to a version which is by nature immune rather than give away the exploit by releasing a patch, noboby's going to believe you now, and probably not anyone else either.
Who said anything about Copyright Law? I'm talking about what is right and wrong, not what the law says you should and should not do. Have you not noticed in your infinite wisdom that there is actually a difference?
There is a very good reason that copyright law exists; it's there to promote production of works by giving a financial incentive to do so. If someone is publishing something on the internet, then in my view he is effectively saying that he has more interest in dissemination of what he has to say than to make money, and therefore permission to copy verbatim is implied. If there are ads on the web page that he uses to fund himself, then that's fine; they'll get copied just as well as the other stuff.
What I was saying was that, if you're walking about publicly, by the very action of doing it publicly you can't really complain about people knowing about it. But you've got a reasonable expectation of privacy in your own home, and similarly you should have a reasonable expectation of privacy when you're browsing the web from your own home.
Just like people could monitor what you're doing in your home by using listening devices, secret cameras etc, similarly your ISP can do so.
Yes, but say a writer published a book, owned the copyright and gave permission in the book for anyone to freely make copies, but then sold the copyright to the publisher. The publisher can't then prevent me from freely making copies if I'd bought the original publication of the book. What I'm saying is that publishing something on the internet for anyone to download for free implies permission to freely make copies.
Like you say, it's the text that's copyrighted and not the content, so that whole (other) thread is irrelevant.
Because you paid for the book (the library did on your behalf) and the same for a film. The owner of the copyright didn't implicitly give you permission to do anything, because in the case of a film you paid for the privilege to see it, and for a book your library did.
That's interesting. My stance on that would be that the publisher should have considered that it had been on the internet, therefore publicly disseminated and thus impossible to prevent the article from being reproduced elsewhere when they made any agreement to transfer ownership of copyright.
Well, assuming you didn't pay to watch TV (if you did, then you're cutting into their revenue by selling copies, so that's a good reason for it not to be right, as otherwise you wouldn't be able to get pay TV) then as long as you kept the advertisements intact, then I don't see a problem.
As for website owners prohibiting things, I don't really consider that kind of notice valid. It's already implied that you can view them by the fact that you can (HTTP and all that). Restricting you after you've already done it is meaningless and therefore (in my humble opinion) invalid.
The way I see it, you implicitly give people some limited form of permission by putting it up on the internet freely available to download in the first place. You put it up for people to download, print out and so forth (which amounts to copying), and therefore you've implied that people may do so.
Sure, you own copyright, and blatant plagarism is something that clearly is wrong. But I see nothing wrong with taking an article that you published on the web and reproducing it, as long as it is taken in context and is clearly attributed (and it made obvious that the copy isn't the original, but proper attribution would do this and therefore suffice).
Of course, this is republication and so the issue is not so clear and obviously subjective. That's just my opinion.
There are sensible laws (the Government not doing business with convicted persons or companies) and then there are unjust laws (not allowing me to view a DVD I bought without agreeing to additional agreements [EULAs], even though I'm not breaking copyright law). It's perfectly valid to complain.
And by the way, the Government don't enforce the DMCA, the entities who reckon they've lost money do.
I don't worry about EM radiation eminating from my phone, mainly because I know that most of the time it isn't doing anything while it's in my pocket, fairly close to an important part of my anatomy:)
But with P2P phones this wouldn't be the case, and given that currently views on the issue are mixed, I'd rather have my phone transmitting as little as possible. That means no P2P for me, thanks.
There's also the issue of a massively decreased standby time, seeing as my phone is going to be effectively being used all the time.
I'd rather have ugly cell towers than have yet more EM radiation and decreased battery life.
Digital is all well and good for the production end...
It's good for the "consumer" too, you seem to have missed this point. I saw Monsters, Inc. twice; first on normal reel, and then on digital. I really noticed the difference. This might be just because it was a computer animated film, but that genre seems to be growing at the moment.
I want digital screens, as a viewer. Obviously I'd rather not have to pay more to be able to get it, but copyright and licensing issues don't really apply to me as a movie-goer (since I happily will pay-per-view if I get a seat in a theatre), and so I don't really care about what DRM gets applied there. The ticket price is all that matters to me.
When writing anything you'll probably find that a similar problem has already been solved; everything ultimately boils down to an algorithm and most things have already been done.
The programmer's bible for this is The Art of Computer Programming by Don Knuth. It isn't the easiest book in the world to read, however, and consists of three volumes and an additional one Knuth wrote recently.
An interesting example of this I found out about recently are coroutines. I struggled with writing part of a program for weeks on end trying to do something similar to this. Had I known about this kind of technique then, I would've done it in a day.
In that case, IMHO this whole thing is just academic. The virus has yet to demonstrate that it can effectively infect anything in the real world, seeing as (as others have mentioned) infecting an ELF on a Linux system would need root in most cases, and running untrusted binaries as root is something that few people do.
I wonder what would happen, though, if the machine of a binary package maintainer for any distribution got infected with a virus (not necessarily this one). This might lead to other maintainers rapidly becoming infected as they use the binaries of the infected maintainer and create binaries themselves.
This would need the virus to be somewhat clever and remain resident in some way as I'm guessing that most maintainers use fakeroot or something equivalent so wouldn't be capable of infecting system binaries, just the ones built.
If the virus didn't show itself for a few months would it manage to pass undetected? Is the way Debian works suceptible to this because it only needs one maintainer of anything that is commonly used to be malicious (and successful) to get everything infected?
By Sunday, it's obvious that Correlli has tanked, and that Beckham is a hit. Naturally you yank Corelli from the larger cinema and put Beckham in there. The studios hate this, but can do nothing about it. However, once the new technology is installed, Corelli will be beamed direct to screen one for the duration of its scheduled run, and will play to empty houses.
Why, exactly? The argument about this that I've always heard is that it's the other way round. With a digital projector, there's no problem with running out of reels; it is technically far easier to copy bits that replicate a reel.
Of course, DRM may prevent the cinema from doing this, but surely it's acceptable for them to pay more for showing the film to more people, seeing as it's the ticket (and food) price that pays for the film in the first instance?
And if the cinema has a shortage of digital projectors then that's irrelevant; it's just the case of the new technology maturing and becoming more widespread. Preventing progress because new technology isn't deployed widely enough is no argument at all.
Yes, I know that. What I'm saying is that the BSA have no right to demand an audit, unless they go to court. If they did after the company produced accounting for all computers and software they own (which, if they've been careful, they'll have available) and the BSA still manage to get an order, then surely the company could demand costs assuming that the audit shows that everything is OK?
Well, actually it doesn't, since I still refuse to recognize any agreement I didn't sign or verbally agree to. But you still will have needed to buy it.
If your company did have accounting for software, then why didn't they just tell the BSA to shove it? If it then went to court, then you could've produced licenses for everything and won costs, because clearly the BSA's accusations were groundless. You could have saved on the expense of losing your staff for the audit as well. Or am I just being naiive?
licq has supported SSL connections with other licq clients for eons. Jabber allows for end-to-end encryption and signing, and Gabber (a Jabber client) is at least one clients which supports this using gpg. On top of that connections to Jabber servers can be put down SSL.
Slashdot Mirror
All that you need to do, as far aas I understand it, is turn Challenge/Response authentication off (which nobody uses anyway). So the line in /etc/ssh/sshd_config reads:
and then restart the daemon.
Big deal.
I don't see any need to upgrade anything. Yes, privilege separation is nice in terms of future security, but I prefer the (more likely) known stability of software that has been in use for a while.
Debian security policy is that vulnerability fixes are backported (to avoid adding anything that could cause instability or further insecurity); this was made impossible by Theo's and ISS' advisory which lacked any details about the exploit. This may have been justified had the exploit not be able to be prevented by a simple configuration change (in order to give administrators time to prepare an upgrade their systems), but not for this.
Cheers, Theo, you just cried Wolf for the entire community. If there ever is a hole major enough that everyone should (or might want to) upgrade to a version which is by nature immune rather than give away the exploit by releasing a patch, noboby's going to believe you now, and probably not anyone else either.
Who said anything about Copyright Law? I'm talking about what is right and wrong, not what the law says you should and should not do. Have you not noticed in your infinite wisdom that there is actually a difference?
There is a very good reason that copyright law exists; it's there to promote production of works by giving a financial incentive to do so. If someone is publishing something on the internet, then in my view he is effectively saying that he has more interest in dissemination of what he has to say than to make money, and therefore permission to copy verbatim is implied. If there are ads on the web page that he uses to fund himself, then that's fine; they'll get copied just as well as the other stuff.
I agree with you completely.
What I was saying was that, if you're walking about publicly, by the very action of doing it publicly you can't really complain about people knowing about it. But you've got a reasonable expectation of privacy in your own home, and similarly you should have a reasonable expectation of privacy when you're browsing the web from your own home.
Just like people could monitor what you're doing in your home by using listening devices, secret cameras etc, similarly your ISP can do so.
Which would then be the equivalent of putting a camera in a public toilet, by the same analogy.
Which is also the equivalent of putting cameras in public places...
(Emphasis mine) My web browser is certainly not in a public place.
Yes, but say a writer published a book, owned the copyright and gave permission in the book for anyone to freely make copies, but then sold the copyright to the publisher. The publisher can't then prevent me from freely making copies if I'd bought the original publication of the book. What I'm saying is that publishing something on the internet for anyone to download for free implies permission to freely make copies.
Like you say, it's the text that's copyrighted and not the content, so that whole (other) thread is irrelevant.
Because you paid for the book (the library did on your behalf) and the same for a film. The owner of the copyright didn't implicitly give you permission to do anything, because in the case of a film you paid for the privilege to see it, and for a book your library did.
That's interesting. My stance on that would be that the publisher should have considered that it had been on the internet, therefore publicly disseminated and thus impossible to prevent the article from being reproduced elsewhere when they made any agreement to transfer ownership of copyright.
Well, assuming you didn't pay to watch TV (if you did, then you're cutting into their revenue by selling copies, so that's a good reason for it not to be right, as otherwise you wouldn't be able to get pay TV) then as long as you kept the advertisements intact, then I don't see a problem.
As for website owners prohibiting things, I don't really consider that kind of notice valid. It's already implied that you can view them by the fact that you can (HTTP and all that). Restricting you after you've already done it is meaningless and therefore (in my humble opinion) invalid.
who gave them permission to make those copies?
The way I see it, you implicitly give people some limited form of permission by putting it up on the internet freely available to download in the first place. You put it up for people to download, print out and so forth (which amounts to copying), and therefore you've implied that people may do so.
Sure, you own copyright, and blatant plagarism is something that clearly is wrong. But I see nothing wrong with taking an article that you published on the web and reproducing it, as long as it is taken in context and is clearly attributed (and it made obvious that the copy isn't the original, but proper attribution would do this and therefore suffice).
Of course, this is republication and so the issue is not so clear and obviously subjective. That's just my opinion.
License? What license? I don't recall ever signing an license...
Says who? As far as I understand it this is exactly what a court has decided that they aren't doing, and this has been upheld by a higher court.
It doesn't make any difference what MS has been charged with or convicted of, because they haven't been sentenced.
Says who? They've been convicted, and Maricopa County policies talking about convinction, not sentencing.
Yes, and?
There are sensible laws (the Government not doing business with convicted persons or companies) and then there are unjust laws (not allowing me to view a DVD I bought without agreeing to additional agreements [EULAs], even though I'm not breaking copyright law). It's perfectly valid to complain.
And by the way, the Government don't enforce the DMCA, the entities who reckon they've lost money do.
Most seem to see it only as a method of attacking MS.
I think that's a bit unfair, since people (in general) pay MS, but not the author of free software.
That does raise a tricky issue though; would a company that resells free software be liable for it?
I don't worry about EM radiation eminating from my phone, mainly because I know that most of the time it isn't doing anything while it's in my pocket, fairly close to an important part of my anatomy :)
But with P2P phones this wouldn't be the case, and given that currently views on the issue are mixed, I'd rather have my phone transmitting as little as possible. That means no P2P for me, thanks.
There's also the issue of a massively decreased standby time, seeing as my phone is going to be effectively being used all the time.
I'd rather have ugly cell towers than have yet more EM radiation and decreased battery life.
Digital is all well and good for the production end...
It's good for the "consumer" too, you seem to have missed this point. I saw Monsters, Inc. twice; first on normal reel, and then on digital. I really noticed the difference. This might be just because it was a computer animated film, but that genre seems to be growing at the moment.
I want digital screens, as a viewer. Obviously I'd rather not have to pay more to be able to get it, but copyright and licensing issues don't really apply to me as a movie-goer (since I happily will pay-per-view if I get a seat in a theatre), and so I don't really care about what DRM gets applied there. The ticket price is all that matters to me.
The programmer's bible for this is The Art of Computer Programming by Don Knuth. It isn't the easiest book in the world to read, however, and consists of three volumes and an additional one Knuth wrote recently.
An interesting example of this I found out about recently are coroutines. I struggled with writing part of a program for weeks on end trying to do something similar to this. Had I known about this kind of technique then, I would've done it in a day.
In that case, IMHO this whole thing is just academic. The virus has yet to demonstrate that it can effectively infect anything in the real world, seeing as (as others have mentioned) infecting an ELF on a Linux system would need root in most cases, and running untrusted binaries as root is something that few people do.
I wonder what would happen, though, if the machine of a binary package maintainer for any distribution got infected with a virus (not necessarily this one). This might lead to other maintainers rapidly becoming infected as they use the binaries of the infected maintainer and create binaries themselves.
This would need the virus to be somewhat clever and remain resident in some way as I'm guessing that most maintainers use fakeroot or something equivalent so wouldn't be capable of infecting system binaries, just the ones built.
If the virus didn't show itself for a few months would it manage to pass undetected? Is the way Debian works suceptible to this because it only needs one maintainer of anything that is commonly used to be malicious (and successful) to get everything infected?
So far Symantec has not received any submissions of this virus from customers.
From this I infer that the virus was not found in the wild. So where from, exactly? I'm thoroughly confused, this makes no sense.
By Sunday, it's obvious that Correlli has tanked, and that Beckham is a hit. Naturally you yank Corelli from the larger cinema and put Beckham in there. The studios hate this, but can do nothing about it. However, once the new technology is installed, Corelli will be beamed direct to screen one for the duration of its scheduled run, and will play to empty houses.
Why, exactly? The argument about this that I've always heard is that it's the other way round. With a digital projector, there's no problem with running out of reels; it is technically far easier to copy bits that replicate a reel.
Of course, DRM may prevent the cinema from doing this, but surely it's acceptable for them to pay more for showing the film to more people, seeing as it's the ticket (and food) price that pays for the film in the first instance?
And if the cinema has a shortage of digital projectors then that's irrelevant; it's just the case of the new technology maturing and becoming more widespread. Preventing progress because new technology isn't deployed widely enough is no argument at all.
Yes, I know that. What I'm saying is that the BSA have no right to demand an audit, unless they go to court. If they did after the company produced accounting for all computers and software they own (which, if they've been careful, they'll have available) and the BSA still manage to get an order, then surely the company could demand costs assuming that the audit shows that everything is OK?
DOS still needs a license.
Well, actually it doesn't, since I still refuse to recognize any agreement I didn't sign or verbally agree to. But you still will have needed to buy it.
If your company did have accounting for software, then why didn't they just tell the BSA to shove it? If it then went to court, then you could've produced licenses for everything and won costs, because clearly the BSA's accusations were groundless. You could have saved on the expense of losing your staff for the audit as well. Or am I just being naiive?
licq has supported SSL connections with other licq clients for eons. Jabber allows for end-to-end encryption and signing, and Gabber (a Jabber client) is at least one clients which supports this using gpg. On top of that connections to Jabber servers can be put down SSL.
No, because Microsoft has a monopoly, and Lindows.com don't.