"I agree, I've never understood why the American government
bother."
Actually, they more or less don't bother anymore. Up until a few
years ago, encryption was highly restricted -- exporting it outside
the US required obtaining near-impossible permissions, online
distribution sites had to verify that you were connecting from a US
IP, and so forth. And it was a joke -- either someone exported it
illegally (simple enough to do) and got it mirrored on a site outside
the US, or they developed the entire project outside the US.
So, presumably because they recognized that the regulations were
completely impotent and only hurt commercial entities, they changed
the policy to something like "Just don't delibrately export it
to one of these 7 or so really evil countries. You can make it
publically available on a website without download controls -- this
isn't considered delibrately exporting it to the countries in
question, even though someone from there could download it from your
site." In short, they've more or less done the right thing (with some
extra CYA verbiage, but that's to be expected when dealing with
politicians).
Does DeCSS enable me to copy a DVD? Nope - any bitwise copy program
will produce a copy identical to the original. Assuming there isn't
some issue with the physical media (e.g., how some CD players can't
read CD-R media) that copy can be used anywhere.
I used to argue that as well, until someone else told me that the
blank DVDs that you buy apparently have the "key" portion of the disk
made unusable. Also, last I heard, the burnable DVD media is
significantly smaller than the commercially pressed DVD media, which
means you'd have to either reduce the size of the copy or split it
across multiple DVDs (both of which would require decoding it, first).
Another poster has already pointed out the DVD rip->DivX issue, which is also worth considering. While there are alternatives (such as video out on the DVD player to video in on a video capture card), DeCSS makes it faster, easier, higher quality, and cheaper. Remember that piracy isn't just about being able to make copies -- it's about being able to make copies cheaply.
Overall, DeCSS can (and almost certainly does) assist in pirating DVDs. However, the important issue is that it's not exclusively a pirate tool, any more than a port scanner is exclusively a cracker tool.
They OBVIOUSLY creates an INFINITE amount of games, since they can
move around and around and around.
Under the F.I.D.E. laws (I
dunno how official this is, since I'm not a chess person -- it seems
to be "official" chess, according to the site), rule 10.10 states that
it's a draw when the chess board repeats its state for the 3rd time.
There are OBVIOUSLY a FINITE number of chess board states (placing a
finite number of pieces on a finite number of squares, plus a few
extra bits to represent piece "rights" such as castling and en passant
stuff). Therefore, sooner or later, a chess game will either end
"normally" or run out of states that haven't been hit twice.
You're ignoring that the infection comes from a malformed request, not response.
Well, the argument is that the counter-attacker would be advertising a service which the Code Red worm then "requests".
A analogy might be to the telephone service providers that registered names like "I don't care", thereby inadvertently foisting their services upon someone who said that phrase for different reasons.
Similarly, the counter-attacker would be making a request to "/default.ida" the request means by which a machine can indicate that it desires to have the Code Red worm backdoor exploited on itself.
Overall, it's predicated on the notion of what indicates acceptance of conditions on the web. Is someone providing a controversial service responsible for determining, beyond a shadow of a doubt, that the person requesting a service really knows what they're doing? Or is it the fault of the entity generating the request (in this case, the Code Red worm itself)? I suspect the answer's somewhere in the middle, but I have no clue on exactly where it would lie.
What will happen as the net becomes more and more like a brain? Can it have a soul?
Please don't take this the wrong way, but that's honestly the sort of question I'd expect from someone who doesn't understand computers.
While I believe in the possibility of machine intelligence (along with the moral, ethical, and most importantly philisophical questions that raises), the net is more of a data transfer mechanism than a processing mechanism. Short of very delibrate projects, such as SETI@Home, you just don't have your average machine on the net doing random computation. In that sense, the net really hasn't changed much since its inception.
Further, if you did have a distributed consciousness, what would the consequences of lag, network outages, and outright crashes be? In that sense, it would be interesting to see if random/semi-random/genetic algorithms are capable of generating an intelligence capable of coping with such noise. However, I think such issues would rapidly kill off something before it became "evolved" enough to cope.
If we do get an intelligence, I think it'll be something that happens on purpose. It may be distributed (maybe as a redundant, non-real-time simulation of a brain), but I doubt it'll be a spontaneous Skynet-like entity.
I believe it would be considered illegal in most countries.
What if one were to change one's web server's main page to advertise an automated Code Red fixing service, conveniently located at http://www.example.com/default.ida?
I suppose it probably wouldn't hold up in court, but it'd still be amusing.
If you buy one of these CD's and it turns out to be
defective
I think for most people, the delibrate defects won't hit until it's
too late. By delibrately munging the error correction, it seems that
the CDs won't fail for the non-CD-ripping public until after the CD
has been used and abused for awhile. At that point, your only options
are to suffer with a broken CD or buy another copy. Smells like a bit
of a scam to me.
I would like to exclude such stories from my homepage. Why? Because I don't run Windows.
This story is relevant to the following groups:
Windows users who install KaZaA
People who design web pages that may be visited by Windows users who install KaZaA (the story even specifically mentions the opt-out address for site owners to mail)
People interested in the copyright ramifications of a service that surrepticiously alters how web pages look to viewers
People interested in the legal ramifications of piggy-backing one software install on top of another -- this isn't a Windows-only issue; Linux has closed-source software, too. Regardless of whether or not you personally only use open-source software, some closed-source software would still be relevant in a Linux-only topic.
It's not picking up where it left off, it's starting over infecting the internet almost from scratch, so it should be the same thing as last time.
Except that last time, (as I understand it) the infection window was relatively short before it kicked over into attack mode. Also, due to the Cisco problem, the infection time is a bit of a DoS attack itself.
I don't expect doom and gloom (especially with the page defacement and probes making it easier to identify compromised hosts), but I do expect it to be at least a little different from last time.
First of all, I am marrying a woman, not a man, and it is not appropriate for you to make assumptions such as this.
It wasn't an assumption. I'm willing to bet that the other poster followed your lead, when you referred to the person that you're going to marry as your fiance. A fiance is a man who's engaged to be married. A fiancee is a woman who's engaged to be married.
...and to get back on topic, I've found that with my TiVo, I watch less ads but provides much greater weight to the ads that I do watch. Oh, and commercials that're funny once or twice, but get annoying quickly (such as the Levi karaoke thing) don't bother me, because I actually get subjected to it so rarely.
Pseudonymity provides more continuity (there are some Slashdot posters whom I recognize by name), gives people less incentive to be stupid ("FIRST POST! Natalie Portman and hot grits!"), means that the poster is more likely to catch a reply, and generally says, "I was willing to at least go through the trouble of getting a throw-away hotmail account so I could register on Slashdot." Is it a cure all? No. Are there worthwhile AC posts? Yes. But for the most part, it isn't worth the effort to wade through the garbage to catch the good ones. Besides, some of the good ones'll get caught by moderators, anyway.
And, if you want accountability, don't go to usenet, or stay in moderated groups.
Great! I propose a solution that doesn't stop anyone from posting, but allows me to selectively filter what I read, yet some genius AC declares, "If you don't like the way it is, go somewhere else."...and yet he still wonders why I feel superior to the ACs of Slashdot.
(As an aside, I'll generally read AC messages that reply directly to posts that I make. But more and more often, I wonder why I even bother.)
the spammers have already countered with random data appended to the spam (and random numbers in the subject headers)
...and the worst of the bunch -- randomly inserting punctuation in the entire message:
M`A.K,E M:O'N"E,Y F.A`S'T
*shudder* Every now and again, I wish we would have optional accountability in Usenet, similar to how I can set my default read-level on Slashdot high enough that J. Random Anonymous Coward never shows up. Couple that with a clause in the ISPs contract that allows them to assess significant fines against spammers, and we'd be (theoretically) set.
Then I wake up and realize that people'll just steal accounts or even use litigation to block the ISP from cutting them off for spamming. That's when I wish we could just train those kids who want to go on school shooting rampages to just take out spammers instead, killing two birds with one stone.
Unless things've radically changed since when I installed RH 6.1, the answer is no. You're running off a barebones system that has the software required to do the install and very little else.
If you're paranoid (with that 15 minute figure implies that you should be), you can force the first boot session of the new Redhat system to be at a runlevel that doesn't start up networking. Then you can leisurely edit config files so that no services get started. Kick the machine into a regular runlevel, download the patches, apply them, and then carefully reenable services that you really, really need.
I will admit that it's not the easiest solution, but it should work (barring a remotely exploitable networking bug in the kernel or client software), and it doesn't require a firewall.
i would be interested how well they hide them - that is is the
domain name of the network something which would attract their
attention ?
If it's anything like what happens where I work (we're a manufacturing
company in a non-tech related company), even the machines without DNS
entries get scanned regularly. Most of the time, it looks like
they're just scanning a single port on a range IP addresses in order
(our firewall has a pair of sequential addresses assigned to it, so
both attempts show up right next to each other in the log file). My
guess is that they aren't even bothering with DNS -- they're just
scanning anything and everything that might have a security hole in
it.
Why do people do this? One thousand two hundred US dollars for something so insubstantial. Up to $20 is understandable, from a certain viewpoint.
Let's say I really, really want the bow. Let's say it'd take me approximately 60 hours of gameplay to get it. If I make more than $20/hour, it's more cost-effective for me to work and then buy the bow. It may not be as fun and $1200 is a bit steep, but spending a few hundred dollars on something that will bring a comparable amount of enjoyment isn't unreasonable.
Besides, there're some people who'd say that spending $50 on a flat, plastic disc and $1500 on the hardware to use, just so you can move around a little plastic widget and click the buttons on top for hours on end is silly.
The price would not be reduced if Battle.Net were not included. You have paid nothing extra for it
Using that logic, Blizzard could release a patch to remove most features from the game. "Hey, it's not like you paid extra for the Barbarian, and we're tired of him forgetting that he's not outside and crapping on the rug, so he's gone." "Hey, it's not like you paid extra for a real villain. Instead, we're just going to put a single, normal skeleton in the last room. Kill him and you win. Diablo himself will instead be busy doing children's parties."
The malicious code could do something even more clever, like not dropping or revealing its payload unless it can figure out that the current user has some realistic-looking number of files in its home directory.
Assuming that I always saferun the executable, I'm still safe. Imagine combining saferun with a CVS-like system such that the files that the executable works with get copied to the jail, the executable does what it does, then the changes get imported back into my home directory. The worst the executable can do is destroy the work that I've done during that session of using the executable (which isn't too different from the program crashing from a bug).
But you're certainly right in that saferun isn't foolproof. However, when it comes to computer security, the realistic goal is to minimize risk, within a given usability-versus-security tradeoff. I would feel comfortable using saferun to run arbitrary code from semitrusted sources. If I were truly paranoid, I'd only trust personally audited source.
OK, so you've shown that if a friend emails you a suspicious.exe, you create a phony account with no permissions then run it from that account. This is also possible in Win2K and Windows XP.
Can you do the following in Win2K/XP? (This is only half rhetorical -- I freely admit that I'm less than fully versed on Windows-based security. I suspect that at least some of these are doable in Windows.)
Run the program in a chroot jail
Run the program with ulimited resources
Set up a script to quickly and easily do the previous two items (and run it as a throwaway user account, as previously mentioned).
The scripting issue is, I suspect, where it really wins. If a user can start something with 'saferun some_app' instead of just 'some_app', it's much less of a hassle, and it's that much more likely that a user won't do something stupid. It also limits damage to programs that're capable of breaking out of chrooted jails, when running as a user-level process. It's at least theoretically possible, but in the process, we've managed to cut out a lot of potential exploits.
From what little information there is, I don't see how this is significantly different from using a preprocessor to add static elements to your webpages. The one that I'm mildly familiar with is the Chakotay preprocessor (chpp). It seems preprocessing the pages would be more computationally efficient (do it once rather than every time you serve a page). (As a side note, does anyone have a favorite preprocessor? I never really got into chpp and don't know how it compares to some of the other ones out there.)
Personally, I can think of two reasons for mod_layout, though neither one is especially compelling:
Completeness - There's no major "cost" to having mod_layout available. If someone doesn't use it, they don't incur any extra overhead. If they do use it, then it's solving a need.
CGI stuff - I'm not sure, but it appears that mod_layout might work on things other than straight.html files. Since those can't be preprocessed, mod_layout would be the way to go (unless you wanted to manually add the static elements to each CGI, which is feasible in some cases, but can sometimes be a pain in the ass).
Overall, I personally don't like the Slashdot blurbs that link to a less-than-informative release message that was probably kicked out by a programmer who'd just spent the last N hours killing bugs and is in a hurry to get things up and available. I don't blame the programmer (who's doing a public service, usually for free), and I don't blame Slashdot (their role is mostly as an index rather than a direct content producer), but I still wish there was something a little more concrete, short of wading through the documentation of the actual module.
Many of the more savvy users start their own mail servers on verizon's network to act as a local relay.
In many cases, this isn't a viable option. The IP addresses assigned by cable and DSL providers tend to be listed on the MAPS dialup list. Refusing to accept mail from machines on that list is, in my opinion, one of the safer and more conservative anti-spam measures that a number of hosts have instituted.
At my second job, we've got business DSL and a static IP address (which isn't listed on the MAPS DUL). However, we still have to relay outgoing mail through our provider's mailserver because of one rather prominent national ISP (Hint: "You've got mail") that chooses to silently discard messages that we attempt to send directly to their mail server. We mailed their postmaster about this, but never got a reply.
If our DSL provider were to do the same thing as Verizon, it would be entirely unacceptable. We're trying to run a business here, and we want the added professional look of From addresses that end in @(ourcompanyname).com.
Adobe has no authority or ability to get Sklyarov out of prison.
While Adobe has no direct authority, I don't think they're completely devoid of influence. It's hard to make a case when you've got the victim claiming, "Well, in retrospect, we don't think it was that bad." I could see the FBI pushing ahead in a case involving violence or where the public was at risk from the criminal, but this is more-or-less an economic/property crime. If Adobe backs down, it's my guess (and I admit that it's little more than a guess) that the FBI will do the same.
I'm still pissed that the FBI, the frigging armed police of the government, arrested him based solely on the complaint of Adobe.
Uh, why else would the arrest him? If I get mugged, they'll try to arrest someone based on my complaint (unless an officer happens to witness the crime). If someone robs my apartment, it'll again take a complaint from me before anything happens.
I do question whether arrest was the appropriate action in this case, given the non-violent nature of the "crime", but one could argue that he is a flight risk. However, I don't question that the proceedings in question should be set in motion by a complaint from the wronged party.
is there any way to turn off the PS2 (or rather put it in standby mode) when playing DVDs
I'm not quite sure what you're asking. If you're asking if you can pause the PS2 game you've got, play a DVD, then go back to it, I'm pretty sure the answer is no. (You generally reboot the whole machine to play a DVD.)
If you're asking if you can pause your place on the DVD, shutdown the machine, come back later, and resume where you left off, then my answer is that I'm not aware of the feature. It might exist, but I haven't come across it. Generally, I just use the chapter/scene feature that most DVDs support to jump to something relatively close.
But he did say the PS2 he saw playing DVD's was outstanding
I, personally, have no problems with the actual playback (though like your friend, I don't really have anything to compare it to). It's mainly just the user interface that's screwy. Even after playing a dozen movies on the thing, I sometimes have trouble convincing it to do what I want. On the other hand, once it's chugging along, it's fine. But I'm not qualified to rate the relative sound and video quality other than to say that it generally required cranking the sound up on the TV for my setup (I was using just the plain RCA jacks), and the picture was definitely nicer than a videotape. Other than that, I can't really say.
Implementing a game such as Thief 3 using Free GPL'd APIs would be a statement against tyrannany and a big boost to the software for freedom movement.
Wouldn't a GPL'd API prevent them from releasing Thief 3 as commercial software? I'm all for open APIs (such as with Allegro or OpenGL), but since you're generally linking code when you use an API, it would seem that the "infect other software" clause of the GPL would come into play.
It may be that I'm misunderstanding the relation of APIs to the GPL. Since it's my understanding that "API" refers to the definition of functions to call, rather than the functions themselves, a GPL'd API for an LGPL'd (or BSD-licensed or public-domain or...) library might be kosher. However, there's at least an issue there that would need clarification.
Personally, I'm of the opinion that major libraries and languages should seriously consider using more commercial friendly licenses, as a means of actually promoting free software. If a commercial entity is capable of using your tool to produce commercial software, but at the same times sends back any changes to your side of the fence, you both win. The FSF party line, which I understand to be, "If they can't get it elsewhere, use the GPL instead of the LGPL so it gives them incentive to make it a GPL'd project." just doesn't work in the case where the company already feels the resulting software must be non-GPL'd.
Slashdot Mirror
Actually, they more or less don't bother anymore. Up until a few years ago, encryption was highly restricted -- exporting it outside the US required obtaining near-impossible permissions, online distribution sites had to verify that you were connecting from a US IP, and so forth. And it was a joke -- either someone exported it illegally (simple enough to do) and got it mirrored on a site outside the US, or they developed the entire project outside the US.
So, presumably because they recognized that the regulations were completely impotent and only hurt commercial entities, they changed the policy to something like "Just don't delibrately export it to one of these 7 or so really evil countries. You can make it publically available on a website without download controls -- this isn't considered delibrately exporting it to the countries in question, even though someone from there could download it from your site." In short, they've more or less done the right thing (with some extra CYA verbiage, but that's to be expected when dealing with politicians).
I used to argue that as well, until someone else told me that the blank DVDs that you buy apparently have the "key" portion of the disk made unusable. Also, last I heard, the burnable DVD media is significantly smaller than the commercially pressed DVD media, which means you'd have to either reduce the size of the copy or split it across multiple DVDs (both of which would require decoding it, first). Another poster has already pointed out the DVD rip->DivX issue, which is also worth considering. While there are alternatives (such as video out on the DVD player to video in on a video capture card), DeCSS makes it faster, easier, higher quality, and cheaper. Remember that piracy isn't just about being able to make copies -- it's about being able to make copies cheaply. Overall, DeCSS can (and almost certainly does) assist in pirating DVDs. However, the important issue is that it's not exclusively a pirate tool, any more than a port scanner is exclusively a cracker tool.
Under the F.I.D.E. laws (I dunno how official this is, since I'm not a chess person -- it seems to be "official" chess, according to the site), rule 10.10 states that it's a draw when the chess board repeats its state for the 3rd time. There are OBVIOUSLY a FINITE number of chess board states (placing a finite number of pieces on a finite number of squares, plus a few extra bits to represent piece "rights" such as castling and en passant stuff). Therefore, sooner or later, a chess game will either end "normally" or run out of states that haven't been hit twice.
Well, the argument is that the counter-attacker would be advertising a service which the Code Red worm then "requests".
A analogy might be to the telephone service providers that registered names like "I don't care", thereby inadvertently foisting their services upon someone who said that phrase for different reasons.
Similarly, the counter-attacker would be making a request to "/default.ida" the request means by which a machine can indicate that it desires to have the Code Red worm backdoor exploited on itself.
Overall, it's predicated on the notion of what indicates acceptance of conditions on the web. Is someone providing a controversial service responsible for determining, beyond a shadow of a doubt, that the person requesting a service really knows what they're doing? Or is it the fault of the entity generating the request (in this case, the Code Red worm itself)? I suspect the answer's somewhere in the middle, but I have no clue on exactly where it would lie.
Please don't take this the wrong way, but that's honestly the sort of question I'd expect from someone who doesn't understand computers.
While I believe in the possibility of machine intelligence (along with the moral, ethical, and most importantly philisophical questions that raises), the net is more of a data transfer mechanism than a processing mechanism. Short of very delibrate projects, such as SETI@Home, you just don't have your average machine on the net doing random computation. In that sense, the net really hasn't changed much since its inception. Further, if you did have a distributed consciousness, what would the consequences of lag, network outages, and outright crashes be? In that sense, it would be interesting to see if random/semi-random/genetic algorithms are capable of generating an intelligence capable of coping with such noise. However, I think such issues would rapidly kill off something before it became "evolved" enough to cope. If we do get an intelligence, I think it'll be something that happens on purpose. It may be distributed (maybe as a redundant, non-real-time simulation of a brain), but I doubt it'll be a spontaneous Skynet-like entity.
What if one were to change one's web server's main page to advertise an automated Code Red fixing service, conveniently located at http://www.example.com/default.ida?
I suppose it probably wouldn't hold up in court, but it'd still be amusing.
I think for most people, the delibrate defects won't hit until it's too late. By delibrately munging the error correction, it seems that the CDs won't fail for the non-CD-ripping public until after the CD has been used and abused for awhile. At that point, your only options are to suffer with a broken CD or buy another copy. Smells like a bit of a scam to me.
This story is relevant to the following groups:
Except that last time, (as I understand it) the infection window was relatively short before it kicked over into attack mode. Also, due to the Cisco problem, the infection time is a bit of a DoS attack itself.
I don't expect doom and gloom (especially with the page defacement and probes making it easier to identify compromised hosts), but I do expect it to be at least a little different from last time.
It wasn't an assumption. I'm willing to bet that the other poster followed your lead, when you referred to the person that you're going to marry as your fiance. A fiance is a man who's engaged to be married. A fiancee is a woman who's engaged to be married.
Pseudonymity provides more continuity (there are some Slashdot posters whom I recognize by name), gives people less incentive to be stupid ("FIRST POST! Natalie Portman and hot grits!"), means that the poster is more likely to catch a reply, and generally says, "I was willing to at least go through the trouble of getting a throw-away hotmail account so I could register on Slashdot." Is it a cure all? No. Are there worthwhile AC posts? Yes. But for the most part, it isn't worth the effort to wade through the garbage to catch the good ones. Besides, some of the good ones'll get caught by moderators, anyway.
And, if you want accountability, don't go to usenet, or stay in moderated groups.
Great! I propose a solution that doesn't stop anyone from posting, but allows me to selectively filter what I read, yet some genius AC declares, "If you don't like the way it is, go somewhere else." ...and yet he still wonders why I feel superior to the ACs of Slashdot.
(As an aside, I'll generally read AC messages that reply directly to posts that I make. But more and more often, I wonder why I even bother.)
M`A.K,E M:O'N"E,Y F.A`S'T
*shudder* Every now and again, I wish we would have optional accountability in Usenet, similar to how I can set my default read-level on Slashdot high enough that J. Random Anonymous Coward never shows up. Couple that with a clause in the ISPs contract that allows them to assess significant fines against spammers, and we'd be (theoretically) set.
Then I wake up and realize that people'll just steal accounts or even use litigation to block the ISP from cutting them off for spamming. That's when I wish we could just train those kids who want to go on school shooting rampages to just take out spammers instead, killing two birds with one stone.
Unless things've radically changed since when I installed RH 6.1, the answer is no. You're running off a barebones system that has the software required to do the install and very little else.
If you're paranoid (with that 15 minute figure implies that you should be), you can force the first boot session of the new Redhat system to be at a runlevel that doesn't start up networking. Then you can leisurely edit config files so that no services get started. Kick the machine into a regular runlevel, download the patches, apply them, and then carefully reenable services that you really, really need.
I will admit that it's not the easiest solution, but it should work (barring a remotely exploitable networking bug in the kernel or client software), and it doesn't require a firewall.
If it's anything like what happens where I work (we're a manufacturing company in a non-tech related company), even the machines without DNS entries get scanned regularly. Most of the time, it looks like they're just scanning a single port on a range IP addresses in order (our firewall has a pair of sequential addresses assigned to it, so both attempts show up right next to each other in the log file). My guess is that they aren't even bothering with DNS -- they're just scanning anything and everything that might have a security hole in it.
Let's say I really, really want the bow. Let's say it'd take me approximately 60 hours of gameplay to get it. If I make more than $20/hour, it's more cost-effective for me to work and then buy the bow. It may not be as fun and $1200 is a bit steep, but spending a few hundred dollars on something that will bring a comparable amount of enjoyment isn't unreasonable.
Besides, there're some people who'd say that spending $50 on a flat, plastic disc and $1500 on the hardware to use, just so you can move around a little plastic widget and click the buttons on top for hours on end is silly.
Using that logic, Blizzard could release a patch to remove most features from the game. "Hey, it's not like you paid extra for the Barbarian, and we're tired of him forgetting that he's not outside and crapping on the rug, so he's gone." "Hey, it's not like you paid extra for a real villain. Instead, we're just going to put a single, normal skeleton in the last room. Kill him and you win. Diablo himself will instead be busy doing children's parties."
Assuming that I always saferun the executable, I'm still safe. Imagine combining saferun with a CVS-like system such that the files that the executable works with get copied to the jail, the executable does what it does, then the changes get imported back into my home directory. The worst the executable can do is destroy the work that I've done during that session of using the executable (which isn't too different from the program crashing from a bug).
But you're certainly right in that saferun isn't foolproof. However, when it comes to computer security, the realistic goal is to minimize risk, within a given usability-versus-security tradeoff. I would feel comfortable using saferun to run arbitrary code from semitrusted sources. If I were truly paranoid, I'd only trust personally audited source.
Can you do the following in Win2K/XP? (This is only half rhetorical -- I freely admit that I'm less than fully versed on Windows-based security. I suspect that at least some of these are doable in Windows.)
The scripting issue is, I suspect, where it really wins. If a user can start something with 'saferun some_app' instead of just 'some_app', it's much less of a hassle, and it's that much more likely that a user won't do something stupid. It also limits damage to programs that're capable of breaking out of chrooted jails, when running as a user-level process. It's at least theoretically possible, but in the process, we've managed to cut out a lot of potential exploits.
Personally, I can think of two reasons for mod_layout, though neither one is especially compelling:
Overall, I personally don't like the Slashdot blurbs that link to a less-than-informative release message that was probably kicked out by a programmer who'd just spent the last N hours killing bugs and is in a hurry to get things up and available. I don't blame the programmer (who's doing a public service, usually for free), and I don't blame Slashdot (their role is mostly as an index rather than a direct content producer), but I still wish there was something a little more concrete, short of wading through the documentation of the actual module.
In many cases, this isn't a viable option. The IP addresses assigned by cable and DSL providers tend to be listed on the MAPS dialup list. Refusing to accept mail from machines on that list is, in my opinion, one of the safer and more conservative anti-spam measures that a number of hosts have instituted.
At my second job, we've got business DSL and a static IP address (which isn't listed on the MAPS DUL). However, we still have to relay outgoing mail through our provider's mailserver because of one rather prominent national ISP (Hint: "You've got mail") that chooses to silently discard messages that we attempt to send directly to their mail server. We mailed their postmaster about this, but never got a reply.
If our DSL provider were to do the same thing as Verizon, it would be entirely unacceptable. We're trying to run a business here, and we want the added professional look of From addresses that end in @(ourcompanyname).com.
While Adobe has no direct authority, I don't think they're completely devoid of influence. It's hard to make a case when you've got the victim claiming, "Well, in retrospect, we don't think it was that bad." I could see the FBI pushing ahead in a case involving violence or where the public was at risk from the criminal, but this is more-or-less an economic/property crime. If Adobe backs down, it's my guess (and I admit that it's little more than a guess) that the FBI will do the same.
Uh, why else would the arrest him? If I get mugged, they'll try to arrest someone based on my complaint (unless an officer happens to witness the crime). If someone robs my apartment, it'll again take a complaint from me before anything happens.
I do question whether arrest was the appropriate action in this case, given the non-violent nature of the "crime", but one could argue that he is a flight risk. However, I don't question that the proceedings in question should be set in motion by a complaint from the wronged party.
I'm not quite sure what you're asking. If you're asking if you can pause the PS2 game you've got, play a DVD, then go back to it, I'm pretty sure the answer is no. (You generally reboot the whole machine to play a DVD.)
If you're asking if you can pause your place on the DVD, shutdown the machine, come back later, and resume where you left off, then my answer is that I'm not aware of the feature. It might exist, but I haven't come across it. Generally, I just use the chapter/scene feature that most DVDs support to jump to something relatively close.
I, personally, have no problems with the actual playback (though like your friend, I don't really have anything to compare it to). It's mainly just the user interface that's screwy. Even after playing a dozen movies on the thing, I sometimes have trouble convincing it to do what I want. On the other hand, once it's chugging along, it's fine. But I'm not qualified to rate the relative sound and video quality other than to say that it generally required cranking the sound up on the TV for my setup (I was using just the plain RCA jacks), and the picture was definitely nicer than a videotape. Other than that, I can't really say.
Wouldn't a GPL'd API prevent them from releasing Thief 3 as commercial software? I'm all for open APIs (such as with Allegro or OpenGL), but since you're generally linking code when you use an API, it would seem that the "infect other software" clause of the GPL would come into play.
It may be that I'm misunderstanding the relation of APIs to the GPL. Since it's my understanding that "API" refers to the definition of functions to call, rather than the functions themselves, a GPL'd API for an LGPL'd (or BSD-licensed or public-domain or...) library might be kosher. However, there's at least an issue there that would need clarification.
Personally, I'm of the opinion that major libraries and languages should seriously consider using more commercial friendly licenses, as a means of actually promoting free software. If a commercial entity is capable of using your tool to produce commercial software, but at the same times sends back any changes to your side of the fence, you both win. The FSF party line, which I understand to be, "If they can't get it elsewhere, use the GPL instead of the LGPL so it gives them incentive to make it a GPL'd project." just doesn't work in the case where the company already feels the resulting software must be non-GPL'd.