Re:Don't advertise version number
on
Hardening Apache
·
· Score: 1
Hm, well, you're taking it a bit too literally. The "security through obscurity" saying refers to attempting to obscure defects you are aware of, instead of fixing them. That certainly doesn't do a lot of good. In the real world, the best you can do is to work to find defects before the bad guys do and fix them.
Re:Don't advertise version number
on
Hardening Apache
·
· Score: 2, Informative
Actually it won't. Debian will keep an Apache version constant while fixing security related bugs, so it is not that simple.
I've seen removing the version number being advocated by the Nessus folks, but I haven't done it.... It feels somewhat like security by obscurity....
Ah, that explains it all: I'm pretty sure I have seen advertisements for this knife here. So, they probably knew this was something most/.ers knew they could get at thinkgeek, and they knew that karmawhores would post links to it. Or they may be astroturfing thinkgeek, of course....
What is more effective then,/. the living daylights out of the competitor, have tons of links to their partner. What kind of advertising is that?
It was a brilliantly clever plot, but now that we've exposed it *knock*, *knock*, uhm, brb, oh, hi Cmdr *whack* NO CARRIER....
You can't imagine the UN would take such a controversial stance would you?
In fact, they have, for long. For one thing you have the FSF/UNESCO Free Software Directory, and UNESCO has had a Free Software Portal, AFAIK for many years. Full with gnus and penguins. There are many people who really Get It in UNESCO, who realize that Free Software is all about promotion of Education, Science and Culture, and proprietary software is not.
Furthermore, they (I think it was the UNESCO, couldn't find the link), issued a very critical report on DRM, exposing it for the pending cultural disaster it is.
Unfortunately, this understanding doesn't penetrate throughout the UN. On the other extreme, you have WIPO, which is completely dominated by a *cough*superpower*cough*, takes their orders from entities like USPTO, is not open to debate and works tirelessly to strip away the rights you thought you had to participate in the cultural and scientific advancements of society.
The license terms, explained in the FAQ, gives so much room for FUDslinging against developers, I wouldn't touch it with a ten-foot pole...
Q.
Can I distribute a licensed program under an open source software license?
A.
Yes. There are many open source licenses available in the developer community. One useful place to review the various licenses that have been approved by the open source community is at Open Source Initiative.
The terms and conditions of these licenses differ in material respects. We believe you can distribute your program under many open source software licenses so long as you include the notices described in the licenses for the Office 2003 XML Reference Schemas. On the other hand, some open source licenses may include specific constraints or restrictions that might preclude development under the Office 2003 XML Reference Schema licenses. You should check with your legal counsel if you have questions about a particular open source software license.
I'm definitly unable to fully appreciate the terms, but it wouldn't surprise me if they are designed to stamp out any real competition and only allow licensing that allows Microsoft to use Free Software hackers as free labor. Give me a "no restrictions", and I would feel more confident about it.
Correct me if I'm the one who is spreading FUD now...
It's still pretty easy to make DVD player region-free. I mean, it's not illegal to modify your own hardware now is it?
Well, it is legal where I live (Norway), but many others can be thrown in jail for this. Nevertheless, I'm not doing it: Even if I can make myself a region-free DVD player, if they don't respect me as a customer enough to sell me one without that crap, they're not getting my money. Those are my terms. I know that it may imply that I can't play some DVDs that refuse to play on region-free players, but again, I don't care, I won't be interested in those DVDs anyway.
Come to think of it, these companies sound like they may be worthy of my business. Anybody know where I can get a region-free DVD player for my box, that is, one that fits in a 5.25" slot?
Actually, I think I could even use a DVD burner... Anybody know of a company that sells that? It needs to work well under Linux.
Uhm, how about those programmers can move on to more interesting things rather than duplicating other people's work? Sounds a whole lot more motivating to me...
People don't seem to realise that an insurance company's sole purpose in existence is to NOT pay out on claims.
Well, that's probably what it has come to, yes. But historically, the idea behind insurance was that shit happens to even nice guys, you pool some resources, so when disaster strikes, there rest of the community will be there for you.
It used to be a community thing. Certain things have been lost along the way...
Hm, my gf dragged me to the Opera to see Onegin, a ballet. I found that it had been a good idea to cut it down to three minutes, but I still wouldn't have bought it...:-)
I agree that familiarity has a lot to do with why people tend to like music, but I can't agree about blaming the guitar, there are lots of wonderful guitar music I can listen (and I mean listen to) for long periods of time.
I agree that it is a big stretch to say that CAN-SPAM turns the US into a spamhaven. Unfortunately, Spamhaus showed that the US was the world's biggest spam haven before the CAN-SPAM, and I haven't seen any big changes.
CAN-SPAM seems, quite simply, to have been ineffective. It was a bad idea, just like everyone who had been involved in the spam problem for some time said.
Come to think of it, I haven't seen a spam that looked to be CAN-SPAM compliant. I suppose they are easy to filter and that I reject them at SMTP time. I guess that is a bit of an improvement, but I think it also means that the tagging approach isn't a good solution, only opt-in is.
Didn't RTFA, but I wonder how they plan to enforce the GPL and stay anonymous....? Why didn't they just release it to the public domain and be done with it...? Any license for a work that is posted anonymously seems pointless to me...
Actually, Arne Næss sr. and Jens Bjørneboe got into the main NATO headquarters at Kolsås in Norway some time in the 1950-ties with something like this tactic. Long story short: They wanted a bottle of wine, and figured with all the big shots at Kolsås, they should have a fine bottle of wine... So they walked up to the main gate and fooled the guards that they were some kind of big shots themselves.
Well, in reality they were one of the most famous academics and authors in the country at the time, but what the heck...
So, they got in, but in the search for wine, they bumped into a real admiral, who wondered what these guys where doing in there, and how they got in...
The scene must have been absolutely monty pythonian, "you broke into NATO HQ for a bottle of wine?" and "of course we came through the main gate, have you seen all the barbed wire out there!?!"
They didn't write this story up before much later, I read it a couple of years ago.
On the serious side: Getting on a list, being watched and getting no information as to how you got there is extremely annoying, there is more than a little essential freedom that has been lost here.
Yep, I know that. I agree that having a mix of 3.2 and 3.3 is undesirable. But updating 3.2 from testing-proposed-updates and trying to work out 3.3 in unstable looks optimal to me, if, perhaps against all odds, 3.3 is ready according to the normal criteria, it can propagate from unstable, if not 3.2 can solidify in testing. Sounds good to me.
I tend to agree, but you bet calc got flamed for it. He hadn't told anybody else about the upload, which is probably a bad idea, but when Sarge releases, it would be really nice if it wasn't outdated the first few months....:-) So I hope it will release with 3.3.
One thing I'm worried about: Someone doing this at, yes, for example an Internet cafe, but changing the routing and/or DNS so that sites the user normally trusts, such as his bank is replaced by the attackers site. The attacker then says on the "bank's" site "you need to update your browser", which most would do without a blink. That browser is trojanned with a backdoor and some new root certificates. That way, the attacker can control the information flow between the user and the bank also when he's elsewhere, with no warning displayed.
I've outlined this attack to my bank, but they just scoff at it. Tell me, am I as totally clueless as my bank thinks, or is it them?
Why do you do it? Do you think that servers and bandwidth pay for themselves? How do you expect sites to put up impartial (read: not sponsored) content without some way for the site owners to make enough money to pay the bills?
Give me a straightforward micropayments option, and they'll get their money. I'd much rather pay directly to those that deserve it rather than making an occasional product I'd like more expensive and getting deluged by the crap of all the others.
Given that the W3C closed their micropayments activity due to lack of interest in the industry, hurting the bottom line might raise their interest. And I make sure to tell those I like "hi, I really like your site, but I'm blocking your ads." Then follow up with a description on how I'd like to pay and a few links to sites about micropayments.
The ad market is going to implode, and I'll be there to cheer it along when it does.
John Ashcroft and the ACLU led the fight against them
Yep, I once read an article by John Ashcroft on that topic, and I would have modded it insightful.
The man I see now is totally different. I'm seeing a totalitarian religious fanatic, with blatant disrespect for due process. It can't be just 911, what happened?
There has been a lot of stories on/. which says something like "if this goes through, the SCO case is effectively dead", and that "it is going to happen in weeks".
I must admit that I have gotten a bit tired of SCO stories (weird, huh?), but I can't remember seeing a ruling that has killed parts of SCOs case.
So, can somebody please summarize: Which parts of SCOs is dead now, by court rulings?
Not really. I'm Norwegian, but I communicate with people from other nations on a daily basis, and I don't think there is any country I would block as it is now.
But then, Norway is probably special, we're a very small country that appreciates the big world on the outside. We haven't got a domestic spam problem, and there is little spam coming out of Norway.
However, if the US could clean up their mess, then I might start advocating country-blocks, which should effectively remedy the "just move offshore" problem.
RTFWS... I have personally small problems sustaining 400 Watts over a period of a few minutes, and I can probably get somewhat higher since I have a pretty good anaerobic capacity.
They have done their tests, and they have a guy which can do well beyond 500 watts, that's a lot.
The next thing is of course to make the helicopter lighter, and optimize everything for efficiency.
At some point, energy demands will get low enough, and then you may have liftoff. I think you're a bit too pessimistic. It's not easy, but that's not why they do it.
I don't think it will. We're winning this, DRM won't have the protection it has under the DMCA, I'm pretty sure.
The DeCSS case raised a lot of awareness, and if you compare the reaction in the mainstream towards DeCSS with stories they print now, they are very different. About DeCSS, they were decidedly hostile, now it ranges from neutral to printing HOWTOs on cracking crippled CDs. Several commentators have started to understand why DRM is bad, and so we've got the big mainstream media's attention. In fact, it looks like they are grabbing headlines from/.:-)
Recently, a parliament member from the liberal party (Venstre, a small member of the ruling coalition) expressed support for Electronic Frontier Norway's amendment to EUCD, which will allow people to access legally obtained content with any means necessary and allow creating of tools to do it. I'm also very certain Socialist Left (SV, a medium sized opposition party) will support this too. Two major parties, the conservatives (Høyre, which is in government with the liberals, go figure), and the Labour party say they await a report from the Consumer Ombudsman's office. They haven't held a very clear position on DRM, but I expect it to come out in opposition to DRM.
With all this, I think EFNs proposed EUCD amendments have a very good chance of being included, and in that case, we'll still have a pretty well balanced copyright regime. It will still be possible to develop stuff that is not under the absolute control of the entertainment industry, and that may just save freedom of expression and technological progress for everyone.
I apologize, I found your original reply rather arrogant as well. We were probably talking about different topics.
The point is, these issues are very complex. I've been involved in something as simple as trying to publish a simple but international student's journal. I'm also a member of some of those Evil societies, in Physics, however, were self-publishing is much more common than in bioscience. I've been sitting in meetings were budgets are dissected and tried to get ends meet. It has nothing to do with arrogance, it has nothing to do with clouding issues, it just isn't easy.
Slashdot Mirror
Hm, well, you're taking it a bit too literally. The "security through obscurity" saying refers to attempting to obscure defects you are aware of, instead of fixing them. That certainly doesn't do a lot of good. In the real world, the best you can do is to work to find defects before the bad guys do and fix them.
I've seen removing the version number being advocated by the Nessus folks, but I haven't done it.... It feels somewhat like security by obscurity....
What is more effective then, /. the living daylights out of the competitor, have tons of links to their partner. What kind of advertising is that?
It was a brilliantly clever plot, but now that we've exposed it *knock*, *knock*, uhm, brb, oh, hi Cmdr *whack* NO CARRIER....
I agree, I'm actually considering taking this bet...
However,
In fact, they have, for long. For one thing you have the FSF/UNESCO Free Software Directory, and UNESCO has had a Free Software Portal, AFAIK for many years. Full with gnus and penguins. There are many people who really Get It in UNESCO, who realize that Free Software is all about promotion of Education, Science and Culture, and proprietary software is not.Furthermore, they (I think it was the UNESCO, couldn't find the link), issued a very critical report on DRM, exposing it for the pending cultural disaster it is.
Unfortunately, this understanding doesn't penetrate throughout the UN. On the other extreme, you have WIPO, which is completely dominated by a *cough*superpower*cough*, takes their orders from entities like USPTO, is not open to debate and works tirelessly to strip away the rights you thought you had to participate in the cultural and scientific advancements of society.
Yep, it sort of weird in light of that DVDs didn't really taken off until after CSS was cracked...
O'Reilly now has a book about the 2003 XML. So, there is docs to do it. But then, there may nevertheless be showstoppers here.
The license terms, explained in the FAQ, gives so much room for FUDslinging against developers, I wouldn't touch it with a ten-foot pole...
I'm definitly unable to fully appreciate the terms, but it wouldn't surprise me if they are designed to stamp out any real competition and only allow licensing that allows Microsoft to use Free Software hackers as free labor. Give me a "no restrictions", and I would feel more confident about it.
Correct me if I'm the one who is spreading FUD now...
Well, it is legal where I live (Norway), but many others can be thrown in jail for this. Nevertheless, I'm not doing it: Even if I can make myself a region-free DVD player, if they don't respect me as a customer enough to sell me one without that crap, they're not getting my money. Those are my terms. I know that it may imply that I can't play some DVDs that refuse to play on region-free players, but again, I don't care, I won't be interested in those DVDs anyway.
Come to think of it, these companies sound like they may be worthy of my business. Anybody know where I can get a region-free DVD player for my box, that is, one that fits in a 5.25" slot?
Actually, I think I could even use a DVD burner... Anybody know of a company that sells that? It needs to work well under Linux.
Uhm, how about those programmers can move on to more interesting things rather than duplicating other people's work? Sounds a whole lot more motivating to me...
It used to be a community thing. Certain things have been lost along the way...
I agree that familiarity has a lot to do with why people tend to like music, but I can't agree about blaming the guitar, there are lots of wonderful guitar music I can listen (and I mean listen to) for long periods of time.
CAN-SPAM seems, quite simply, to have been ineffective. It was a bad idea, just like everyone who had been involved in the spam problem for some time said.
Come to think of it, I haven't seen a spam that looked to be CAN-SPAM compliant. I suppose they are easy to filter and that I reject them at SMTP time. I guess that is a bit of an improvement, but I think it also means that the tagging approach isn't a good solution, only opt-in is.
Didn't RTFA, but I wonder how they plan to enforce the GPL and stay anonymous....? Why didn't they just release it to the public domain and be done with it...? Any license for a work that is posted anonymously seems pointless to me...
Well, in reality they were one of the most famous academics and authors in the country at the time, but what the heck...
So, they got in, but in the search for wine, they bumped into a real admiral, who wondered what these guys where doing in there, and how they got in...
The scene must have been absolutely monty pythonian, "you broke into NATO HQ for a bottle of wine?" and "of course we came through the main gate, have you seen all the barbed wire out there!?!"
They didn't write this story up before much later, I read it a couple of years ago.
On the serious side: Getting on a list, being watched and getting no information as to how you got there is extremely annoying, there is more than a little essential freedom that has been lost here.
Yep, I know that. I agree that having a mix of 3.2 and 3.3 is undesirable. But updating 3.2 from testing-proposed-updates and trying to work out 3.3 in unstable looks optimal to me, if, perhaps against all odds, 3.3 is ready according to the normal criteria, it can propagate from unstable, if not 3.2 can solidify in testing. Sounds good to me.
I tend to agree, but you bet calc got flamed for it. He hadn't told anybody else about the upload, which is probably a bad idea, but when Sarge releases, it would be really nice if it wasn't outdated the first few months.... :-) So I hope it will release with 3.3.
It still isn't democratic in any sense.
I've outlined this attack to my bank, but they just scoff at it. Tell me, am I as totally clueless as my bank thinks, or is it them?
Give me a straightforward micropayments option, and they'll get their money. I'd much rather pay directly to those that deserve it rather than making an occasional product I'd like more expensive and getting deluged by the crap of all the others.
Given that the W3C closed their micropayments activity due to lack of interest in the industry, hurting the bottom line might raise their interest. And I make sure to tell those I like "hi, I really like your site, but I'm blocking your ads." Then follow up with a description on how I'd like to pay and a few links to sites about micropayments.
The ad market is going to implode, and I'll be there to cheer it along when it does.
Yep, I once read an article by John Ashcroft on that topic, and I would have modded it insightful.
The man I see now is totally different. I'm seeing a totalitarian religious fanatic, with blatant disrespect for due process. It can't be just 911, what happened?
I must admit that I have gotten a bit tired of SCO stories (weird, huh?), but I can't remember seeing a ruling that has killed parts of SCOs case.
So, can somebody please summarize: Which parts of SCOs is dead now, by court rulings?
But then, Norway is probably special, we're a very small country that appreciates the big world on the outside. We haven't got a domestic spam problem, and there is little spam coming out of Norway.
However, if the US could clean up their mess, then I might start advocating country-blocks, which should effectively remedy the "just move offshore" problem.
They have done their tests, and they have a guy which can do well beyond 500 watts, that's a lot.
The next thing is of course to make the helicopter lighter, and optimize everything for efficiency.
At some point, energy demands will get low enough, and then you may have liftoff. I think you're a bit too pessimistic. It's not easy, but that's not why they do it.
The DeCSS case raised a lot of awareness, and if you compare the reaction in the mainstream towards DeCSS with stories they print now, they are very different. About DeCSS, they were decidedly hostile, now it ranges from neutral to printing HOWTOs on cracking crippled CDs. Several commentators have started to understand why DRM is bad, and so we've got the big mainstream media's attention. In fact, it looks like they are grabbing headlines from /. :-)
Recently, a parliament member from the liberal party (Venstre, a small member of the ruling coalition) expressed support for Electronic Frontier Norway's amendment to EUCD, which will allow people to access legally obtained content with any means necessary and allow creating of tools to do it. I'm also very certain Socialist Left (SV, a medium sized opposition party) will support this too. Two major parties, the conservatives (Høyre, which is in government with the liberals, go figure), and the Labour party say they await a report from the Consumer Ombudsman's office. They haven't held a very clear position on DRM, but I expect it to come out in opposition to DRM.
With all this, I think EFNs proposed EUCD amendments have a very good chance of being included, and in that case, we'll still have a pretty well balanced copyright regime. It will still be possible to develop stuff that is not under the absolute control of the entertainment industry, and that may just save freedom of expression and technological progress for everyone.
The point is, these issues are very complex. I've been involved in something as simple as trying to publish a simple but international student's journal. I'm also a member of some of those Evil societies, in Physics, however, were self-publishing is much more common than in bioscience. I've been sitting in meetings were budgets are dissected and tried to get ends meet. It has nothing to do with arrogance, it has nothing to do with clouding issues, it just isn't easy.
Please, if you have good plan, please present it.