And FF1 will just piss you off (Tell John to attack Monster 2 and tell Jack to attack Monster 2; John kills Monster 2; Jack strikes at the empty air where Monster 2 was and whines at you: "Ineffective"
I always thought of it as your characters all running off and attacking at roughtly the same time, with it presented serially so you can actually follow what's happening. So John kills the thing, and Jack stabs the dead body... You eventually develop some strategy ("Ok, Bob can't kill a pirate with only 9 HP alone even though he's wielding a hammer bigger than his head, so let's stick Bill on it as well...")
The gameplay [in FF4] is actually good, but (and I've only played the original--crappy--SNES transplation) the story sucks the big one, IMHO.
Maybe it was just the 6 or so year difference, but I found the translation of the hardtype version to be much better than the SNES translation (yes! character development!).
I personally never really got into the playstation Final Fantasies, although Tactics was rather interesting.
FF I (NES) -- simplistic, but still fun.
Lots of fun, this is the game that got me hooked on Final Fantasy in the first place. Even though every one is different, they all have that much in common.
FF II (Famicom, get an emulator and a translated version)
FF IV (II on the NES, see FFC on the PSX for the "hard" edition) -- I absolutely love this game.
I didn't like the US easy version when it first came out, but the translation of the Japanese hardtype version was a lot better. Better characterization, characters say "Well, i'm off to die!" instead of "I'll see you later" before they go sacrafice themselves for the greater good, and so on.
FF V (emulate, or see FFA on the PSX)
From what I've heard, the fan translation is actually better than the playstation version, fewer WTF moments in the dialog and such. As far as I've been able to determine, the original translation group doesn't have a website anymore, but the patch is all over the net. v1.10 seems to be the latest.
FF VI (III SNES, FFA on PSX)
Definately a good game, but not that much better than the other SNES FFs. No translation needed, unless you're like this guy (slashdot doesn't seem to like the underscore in 'sky_render'... check that if it says the page can't be found) and think the translation could've been done better (Nintendo does have this thing about strong language, 'sex', death, and so on). Too bad he has such bad taste in fonts sometimes...
What color is the sky on your world? Or are you just installing it on a dual-1GHz box with 1024M RAM? Just like that, you lose all credibility.
Remove X
You say this several times. This really makes you look like a dumbass when you claim in later posts you only want an alternative. Speaking of which, look at Berlin for one alternative (there are others, that's just the first i came up with).
OpenOffice is pretty good, but its NOT MS Office
If you want MS Office, you know where to find it. It's really difficult to take seriously the claims that "Linux has no good office suite" when 'good' is defined as 'MS Office'. I'll concede that Linux doesn't have MS Office, and to any other suite you can validly claim "But it's not MS Office".
A discussion as to whether MS Office is actually desirable for anything beyond compatibility with MS Office could prove useful, but as I haven't tried any office suite lately I'm not in a position to say much. LyX does everything I need, document-wise.
No good browser
Again, if you define 'good' as being 'MS Internet Explorer', there's not much I can say. Please note that "Site X looks like crap under [non-IE browser], but looks fine under IE" isn't terribly convincing unless you also show that site X follows the published standards rather than relying on the various bugs and 'features' specific to IE.
Fonts suck
It all depends on which fonts you have installed, which font handlers you have installed (XFree86 freetype or xtt, or some other library? Using anti-aliasing?). My fonts tend to look fine, except on certain websites which were designed for fonts which I don't have on my machine.
KDE and GNOME desktop's look like crap
Ok, I'll agree with this one. Then again, I think most Windows and Mac desktops look like crap as well. Mac OS X looks pretty nice though. I prefer WindowMaker on my own machine. There's also Blackbox, Sawfish, Fvwm, Fvwm2, and many other window managers available.
Of course, everything can be reconfigured to one extent or another to suit individual tastes. Many of the Linux offerings more so than Windows.
No good printing
I can't speak for others, but whenever I have to print anything complex on a Windows machine I wish for the power of my Linux box. Print to postscript, view in gv for a good enough "print prievew" for my purposes, manipulate with psnup or a2ps, gzip or convert to pdf for posting online, and so on. Under Windows, everything depends on the application or on the particular printer driver, beyond that there's no way to view or manipulate the output.
Oh, and perhaps I should mention that my crappy little Epson printer doesn't have a postscript interpreter, but things come out as expected modulo mechanical failures.
[competition in desktops/graphical environments]
Is there a particular reason you think competition is bad?
standardize on one low-level graphical kernel
Yes, my servers definately need a graphical kernel.../SARCASM>
Standardize on one API layer for the GUI, much like Win32
Since when does Win32 have one API layer for the GUI? Or even just one API layer distributed by Microsoft? Hint: MFC isn't the only layer available.
["solutions" 3: "Have IBM marketing sell it"]
How exactly is that a suggestion anyone besides IBM can impliment? So the rest of us should do nothing then? Bah...
["solution" 4: "killer app" again]
Why don't you write that "Killer app"? It's not like we're all sitting here and thinking "Yes, we COULD write that killer app we have plans for, but we'd rather write more desktop suites".
["solution" 5: "X sucks" and "competition is bad" again]
The most recent pie chart I can find is from November...
As others have mentioned, I wonder how many of the Windows and Other entries are people masquerading their user-agent strings? I know mine would fall into Other, even though I'm not really running Mozilla on TRSDOS (with my platform identified only as "Turing Machine").
Mozilla, now in Version 0.9.6, is very feature-rich and fast and the most standard-compliant browser in existence, but not for computers with less than 128 MB of memory.
I'm using Mozilla at this very moment on a machine with only 64M of RAM (kernel 2.4.16, WindowMaker (no Gnome/KDE environments), most of the debug stuff not compiled in, etc). On the other hand, I haven't bothered to install the mail/news client, or composer, or any of that other random crap (Cue rant: "I want a web browser, damnit, not..."). It's a bit slow on the display every once in a while, but not really worse than 4.7x was.
Do you think that the startup scripts for most distributions would break because, even though they say #!/bin/sh at the top, they REALLY mean #!/bin/bash?
I couldn't say for other distros, but Debian policy says that/bin/sh can be any POSIX-compatible shell, with the one extension that 'echo -n' must not generate a newline. If any script uses/bin/sh assuming bash features, it's considered a serious-level bug.
Also you are ALL assuming solaris which is not a free OS - the assumption everyone else is talking about is a Linux Distro - they are i put to you birds of 2 very different feathers.
In operation, not that different as long as you standardize on just one Linux Distro (why should the users care, they don't get root anyway?). Fewer licensing hassles though. Often a better GUI, if you like that sort of thing.
A secretary doesnt want to mess around - [...] she understands macros and has customised templates and auto texts
I must have always had to work with unusual secretaries then. The ones i've worked with didn't know or care what a macro is, probably never used auto-text, and consider a "template" to be a "last year's annual report that I can change the numbers in for this year".
(and NO console windows - shes never SEEN DOS)
Oddly enough, my secretaries (not really "my", i just fix their computers) deal with text-mode telnet for that ancient database all the time. My own mother, who doesn't even know how to turn the computer on, uses a DOS-ish system without trouble at work far enough to bring up the application and fill in the forms. Most people adjust surprisingly quickly when they have good, specific directions ("open X, type Y, and there you go") written down and kept in a good place at their computer, and the rest are going to be trouble in any situation until you train them like Skinner's pigeons.
If you've ever read an ad in the newspaper looking for a secretary, you know that MS Office is pretty much the prerequisite. All of your employees know how to use Windows coming in, not so for Unix.
On the other hand, i've seen new secretaries hired for those types of positions who don't actually know how to use MS Office even though it was explicitly in the job requirements. So they have to be taught anyway. Hell, I've been the one drafted into answering all her questions, and my (now former) cow-orker was drafted into setting up a bullet-proof excel spreadsheet for her so she _couldn't_ screw it up.
The other secretaries in the office would have little trouble switching to a Gnome/KDE desktop as long as the clutter was removed and the applications were in the right places. Legacy data would be a much larger problem.
In the college scenario, the article takes no account that many colleges make these decisions based on what the students use. Usually, that's Windows. Sometimes Mac. Almost never *nix.
Then why is it that, at the college where I've done some user (read: student) support recently, nearly everyone in the journalism school had an Apple machine of some sort. Do you really think the journalism school recommends Macs because all the students use them? Or is it more likely that the school recommends Macs because they want to and the students follow the recommended machine guidelines?
Sure, in more technical disciplines there might be more resistance to a Unix recommendation (and likely more support as well, especially where Linux is concerned these days), but it's still nowhere as clear-cut as you make it out to be.
In the corporate scenario, no mention is made of the need to share files with other companies. This requires Windows.
It requires a grand total of one Windos box to convert M$-format-of-the-year into something readable, at least until OpenOffice/whatever catches up. And remember, postscript, pdf, HTML, and sometimes even plain ASCII are also used for document sharing. And, especially as you get more to the research/academic side, TeX and DVI are not terribly uncommon.
CAD designs or other closed graphics formats may be more trouble, but AFAIK these are both likely to be less windows-only and less "standard" on the windows platform.
I added a little blurb about the DMCA to the section on the SSSCA, if anyone else wants to use it. The real-world example might help them see beyond what the corporations are selling...
This bill's predecessor, the "Digital Millennium Copyright Act" (DMCA), has already hindered research in a number of fields in the ways its proponents claimed it wouldn't. For example, some computer security researchers are wary of publishing their findings, because they cannot afford to risk a lengthly court battle over a dubious infringement claim. This new proposal simply tightens the noose, raising the bar for independant content distributors and making it possible for the established corporations to eliminate all possibilities of use that do not make them money.
According to last week's LWN Kernel page, a good number of Gnome applications show similar behavior. I hope this really does work for Mozilla, i haven't changed over yet because it tends to be slow on my old computer here...
If
a security-product vendor had information that would help their colleagues create barriers, signatures,
etc., they could share that information with those colleagues - without having to share it with the entire
world.
Which means someone has to keep a list of colleagues and everyone with a vulnerability has to make sure to send to everyone on that list. So either some central authority decides who gets on the list or not, or else anyone can add themselves to the list and get added with little or no verification. The first will lead to the more small-time colleagues being excluded, while the larger will be more or less identical to what already exists.
So, how does that solve the problem?
They could release enough information publicly to allow one "skilled in the art" to create
countermeasures, without providing a step-by-step recipe that even the relatively unskilled could use to
create new exploits.
Some of the virus/worm authors are quite skilled in the "art". And most script kiddies wouldn't know what to do even with a step-by-step recipe, they rely on others to make point and shoot kits.
It would cut down somewhat on attacks, but could also slow the response of those trying to fix the problem.
Of course, it's in security companies' interests that security-naive
people should get hurt, making them less security-naive and more likely to buy products or services
from companies such as the one of which Smith is CTO. I sure am glad that I'm not in a business
where making sure people get hurt is part of the business plan.
Wow, straw man!
Do you really advocate dumbing down everyone because of all the clueless W2K and RedHat users who never install any security updates? Because they won't install security updates, no one gets to know about the vulnerability well enough to determine if they are affected. Which could lead to social engineering attacks where a malicious individual releases a limited-disclosure bulletin that says to take measures that will actually increase vulnerability, and no one can verify if it works or not (similar attacks have already been attempted, this isn't completely hypothetical).
And, of course, in your entire post you mention nowhere that good practice is to alert the vendor before releasing to the public whenever possible. Instead, you imply that "full disclosure" doesn't give the vendor any chance to close the security holes.
Mail from adomain.com should go through the SMTP server of adomain.com
Wow, then i couldn't send out ANY mail from a domain i manage, since our hosting provider doesn't do SMTP from customers (they just accept incoming mail to the domain and either POP3 or forward it) and we don't have the cash to get a mail machine somewhere.
If only the ISPs would just go after the spammers, instead of treating us all like criminals... What if the USPS would refuse to accept your mail unless you put your current address on it, as opposed to your P.O. Box, or your work address, or your friend's address when she's over at your house and needs to send a letter, etc.? But most people are too clueless about the Internet to care, or are too blinded by the "Spam is evil! Death to spam at all costs!" mantra to notice...
And i've heard of people who use "Microsoft" or "Windows" to refer to every single micros~1 application on their computer (try guessing if they mean Word, Outlook, IE, or what), or "Word" to refer to whatever word processor they have, etc.
Remember, there are many people who have no real understanding, they just know to click on the icons, save and print.
One of my biggest complaints about Linux is that there isn't a modern open source Fortran compiler for it.
Check out the G95 project at http://g95.sourceforge.net/. It's still in the beginning stages, but someone like you who knows the language could certainly help with the development. At worst, you could run your code through it and give feedback.
I predict that this could set the record for the highest percentage of replies from people who didn't read the article.
That's ok, most people aren't talking about anything besides "Portscanning is like using a bomb to blow up my house! It's illegal!", followed by "You wanker, if you'd think for a minute you'd realize how stupid that analogy sounds" and a few rebuttals along the lines of "No, it's more like looking at your house to see if it exists."
I'd estimate the S/N ratio at about 1/4000, that high because there are only about 400 posts at the moment. At least the ACs are having a field day, it's almost worth turning the threshold to 0 to see the more lucid ones insult the less lucid posters.
You forget, these are the most commonly scanned ports anyway since they are most likely to have something interesting (for whatever definition of interesting). So that would accomplish very little, except to annoy a lot of people who do have a good reason to scan there or who simply mistype an address.
an operating system that performs connections automatically
A netboot machine? Windos with nthe "network neighborhood"? Most connections require a userspace program to request a connection. Contrary to Micros~1 propaganda, a web browser isn't really a standard operating system component.
Or were you referring to nmap not using the OS routines to attempt the connect? If so, then you're just wrong since it does use the OS routines.
Secondly, blah blah blah
It's usually considered bad form to change definitions in the middle of a debate.
So you're telling me you've never done an HTTP GET just to determine if the webserver is running? Oh no, port scan! Anyway, next time I portscan you i'll just be sure to send a GET request and you'll consider it not-a-port-scan.
This is similar in attitude to the "admins that dont patch their systems deserve to get cr/hacked", and almost as ridiculous
Go Straw Man! I'll just ignore this comment.
or implicitely (eg. setting up a website)
"I was just checking to see if that's what you had done!". Or is that a portscan, because i didn't magically know the instant you did so?
The sad fact is that many people don't seem to really understand the Internet. That's why we have parents expecting that the internet should fit their morality even though anyone can publish, governments thinking they can legislate it, and people like you thinking "no! don't even look at me!" is a basic right.
Not necessarily. The TCP Syn Scan (nmap -sS) sends no 'custom' packets. It just sends the first packet of the 3-way handshake, and sees if the response is the second of the handshake or an error packet. connect(2) would then send the 3rd, the syn scan just sends an error (valid TCP, BTW) to cancel the connection attempt.
No, because i know that every machine in the department isn't being used to try to hack one box. Windos sends out packets on those ports more or less at random to try to find more Windos boxes for the "network neighborhood" or whatever they've named it this week.
If you're going to try to correct me, please bother to know what you're talking about. If you don't, it just adds to the stigma of stupidity all ACs have.
i'd say any unsolicited attempt to connect to a tcp port could count as a port scan
Wow, then just about every networked Windos box in the entire world is guilty. Or else why does the firewall get hit on port 137 all the time, unsolicited?
And an "http GET request" is not a port scan.
Go Captain Contradiction! Do you realize you have to connect to a tcp port in order to make that request? Or do you expect Yahoo, Hotmail, Slashdot, etc all to call you up and say "sure, you can connect to our servers"?
The fact is, by connecting your machine to the Internet you're pretty much giving permission for random people to connect. A port scan is nothing more than a connection attempt, to see whether or not the attempt will be accepted or rejected. The house analogy is bad, because there you're not giving permission for random people to come see what you're offering whereas by connecting to the Internet you are (the Internet currently has no method of connecting to be a client only, everyone is potentially a server).
Not quite. The usual text is "either version 2 of the License, or (at your option) any later version." That's not quite the same as "This version, until we decide to change it, then that version only." The difference is in the option to keep using the older version.
Slashdot Mirror
Oh, wait, it said "plugin"... damn. Gotta get these eyes fixed.
I always thought of it as your characters all running off and attacking at roughtly the same time, with it presented serially so you can actually follow what's happening. So John kills the thing, and Jack stabs the dead body... You eventually develop some strategy ("Ok, Bob can't kill a pirate with only 9 HP alone even though he's wielding a hammer bigger than his head, so let's stick Bill on it as well...")
The gameplay [in FF4] is actually good, but (and I've only played the original--crappy--SNES transplation) the story sucks the big one, IMHO.
Maybe it was just the 6 or so year difference, but I found the translation of the hardtype version to be much better than the SNES translation (yes! character development!).
FF I (NES) -- simplistic, but still fun.
Lots of fun, this is the game that got me hooked on Final Fantasy in the first place. Even though every one is different, they all have that much in common.
FF II (Famicom, get an emulator and a translated version)
Might as well give a link to a translation...
FF III (again, emulate)
Translation again.
FF IV (II on the NES, see FFC on the PSX for the "hard" edition) -- I absolutely love this game.
I didn't like the US easy version when it first came out, but the translation of the Japanese hardtype version was a lot better. Better characterization, characters say "Well, i'm off to die!" instead of "I'll see you later" before they go sacrafice themselves for the greater good, and so on.
FF V (emulate, or see FFA on the PSX)
From what I've heard, the fan translation is actually better than the playstation version, fewer WTF moments in the dialog and such. As far as I've been able to determine, the original translation group doesn't have a website anymore, but the patch is all over the net. v1.10 seems to be the latest.
FF VI (III SNES, FFA on PSX)
Definately a good game, but not that much better than the other SNES FFs. No translation needed, unless you're like this guy (slashdot doesn't seem to like the underscore in 'sky_render'... check that if it says the page can't be found) and think the translation could've been done better (Nintendo does have this thing about strong language, 'sex', death, and so on). Too bad he has such bad taste in fonts sometimes...
What color is the sky on your world? Or are you just installing it on a dual-1GHz box with 1024M RAM? Just like that, you lose all credibility.
Remove X
You say this several times. This really makes you look like a dumbass when you claim in later posts you only want an alternative. Speaking of which, look at Berlin for one alternative (there are others, that's just the first i came up with).
OpenOffice is pretty good, but its NOT MS Office
If you want MS Office, you know where to find it. It's really difficult to take seriously the claims that "Linux has no good office suite" when 'good' is defined as 'MS Office'. I'll concede that Linux doesn't have MS Office, and to any other suite you can validly claim "But it's not MS Office".
A discussion as to whether MS Office is actually desirable for anything beyond compatibility with MS Office could prove useful, but as I haven't tried any office suite lately I'm not in a position to say much. LyX does everything I need, document-wise.
No good browser
Again, if you define 'good' as being 'MS Internet Explorer', there's not much I can say. Please note that "Site X looks like crap under [non-IE browser], but looks fine under IE" isn't terribly convincing unless you also show that site X follows the published standards rather than relying on the various bugs and 'features' specific to IE.
Fonts suck
It all depends on which fonts you have installed, which font handlers you have installed (XFree86 freetype or xtt, or some other library? Using anti-aliasing?). My fonts tend to look fine, except on certain websites which were designed for fonts which I don't have on my machine.
KDE and GNOME desktop's look like crap
Ok, I'll agree with this one. Then again, I think most Windows and Mac desktops look like crap as well. Mac OS X looks pretty nice though. I prefer WindowMaker on my own machine. There's also Blackbox, Sawfish, Fvwm, Fvwm2, and many other window managers available.
Of course, everything can be reconfigured to one extent or another to suit individual tastes. Many of the Linux offerings more so than Windows.
No good printing
I can't speak for others, but whenever I have to print anything complex on a Windows machine I wish for the power of my Linux box. Print to postscript, view in gv for a good enough "print prievew" for my purposes, manipulate with psnup or a2ps, gzip or convert to pdf for posting online, and so on. Under Windows, everything depends on the application or on the particular printer driver, beyond that there's no way to view or manipulate the output.
Oh, and perhaps I should mention that my crappy little Epson printer doesn't have a postscript interpreter, but things come out as expected modulo mechanical failures.
[competition in desktops/graphical environments]
Is there a particular reason you think competition is bad?
standardize on one low-level graphical kernel
Yes, my servers definately need a graphical kernel.../SARCASM>
Standardize on one API layer for the GUI, much like Win32
Since when does Win32 have one API layer for the GUI? Or even just one API layer distributed by Microsoft? Hint: MFC isn't the only layer available.
["solutions" 3: "Have IBM marketing sell it"]
How exactly is that a suggestion anyone besides IBM can impliment? So the rest of us should do nothing then? Bah...
["solution" 4: "killer app" again]
Why don't you write that "Killer app"? It's not like we're all sitting here and thinking "Yes, we COULD write that killer app we have plans for, but we'd rather write more desktop suites".
["solution" 5: "X sucks" and "competition is bad" again]
See above, or the other replies.
As others have mentioned, I wonder how many of the Windows and Other entries are people masquerading their user-agent strings? I know mine would fall into Other, even though I'm not really running Mozilla on TRSDOS (with my platform identified only as "Turing Machine").
I'm using Mozilla at this very moment on a machine with only 64M of RAM (kernel 2.4.16, WindowMaker (no Gnome/KDE environments), most of the debug stuff not compiled in, etc). On the other hand, I haven't bothered to install the mail/news client, or composer, or any of that other random crap (Cue rant: "I want a web browser, damnit, not ..."). It's a bit slow on the display every once in a while, but not really worse than 4.7x was.
I couldn't say for other distros, but Debian policy says that /bin/sh can be any POSIX-compatible shell, with the one extension that 'echo -n' must not generate a newline. If any script uses /bin/sh assuming bash features, it's considered a serious-level bug.
Same reason a demon from the Dimension of Pain attacks Torg every Halloween?
mmmm... Sluggy....
In operation, not that different as long as you standardize on just one Linux Distro (why should the users care, they don't get root anyway?). Fewer licensing hassles though. Often a better GUI, if you like that sort of thing.
A secretary doesnt want to mess around - [...] she understands macros and has customised templates and auto texts
I must have always had to work with unusual secretaries then. The ones i've worked with didn't know or care what a macro is, probably never used auto-text, and consider a "template" to be a "last year's annual report that I can change the numbers in for this year".
(and NO console windows - shes never SEEN DOS)
Oddly enough, my secretaries (not really "my", i just fix their computers) deal with text-mode telnet for that ancient database all the time. My own mother, who doesn't even know how to turn the computer on, uses a DOS-ish system without trouble at work far enough to bring up the application and fill in the forms. Most people adjust surprisingly quickly when they have good, specific directions ("open X, type Y, and there you go") written down and kept in a good place at their computer, and the rest are going to be trouble in any situation until you train them like Skinner's pigeons.
I cannot replace my OS [blah blah blah]
Vendor lock-in sucks, doesn't it?
On the other hand, i've seen new secretaries hired for those types of positions who don't actually know how to use MS Office even though it was explicitly in the job requirements. So they have to be taught anyway. Hell, I've been the one drafted into answering all her questions, and my (now former) cow-orker was drafted into setting up a bullet-proof excel spreadsheet for her so she _couldn't_ screw it up.
The other secretaries in the office would have little trouble switching to a Gnome/KDE desktop as long as the clutter was removed and the applications were in the right places. Legacy data would be a much larger problem.
In the college scenario, the article takes no account that many colleges make these decisions based on what the students use. Usually, that's Windows. Sometimes Mac. Almost never *nix.
Then why is it that, at the college where I've done some user (read: student) support recently, nearly everyone in the journalism school had an Apple machine of some sort. Do you really think the journalism school recommends Macs because all the students use them? Or is it more likely that the school recommends Macs because they want to and the students follow the recommended machine guidelines?
Sure, in more technical disciplines there might be more resistance to a Unix recommendation (and likely more support as well, especially where Linux is concerned these days), but it's still nowhere as clear-cut as you make it out to be.
In the corporate scenario, no mention is made of the need to share files with other companies. This requires Windows.
It requires a grand total of one Windos box to convert M$-format-of-the-year into something readable, at least until OpenOffice/whatever catches up. And remember, postscript, pdf, HTML, and sometimes even plain ASCII are also used for document sharing. And, especially as you get more to the research/academic side, TeX and DVI are not terribly uncommon.
CAD designs or other closed graphics formats may be more trouble, but AFAIK these are both likely to be less windows-only and less "standard" on the windows platform.
--
Why is it that I almost always check "No Score +1 Bonus"?
I added a little blurb about the DMCA to the section on the SSSCA, if anyone else wants to use it. The real-world example might help them see beyond what the corporations are selling...
According to last week's LWN Kernel page, a good number of Gnome applications show similar behavior. I hope this really does work for Mozilla, i haven't changed over yet because it tends to be slow on my old computer here...
Which means someone has to keep a list of colleagues and everyone with a vulnerability has to make sure to send to everyone on that list. So either some central authority decides who gets on the list or not, or else anyone can add themselves to the list and get added with little or no verification. The first will lead to the more small-time colleagues being excluded, while the larger will be more or less identical to what already exists.
So, how does that solve the problem?
They could release enough information publicly to allow one "skilled in the art" to create countermeasures, without providing a step-by-step recipe that even the relatively unskilled could use to create new exploits.
Some of the virus/worm authors are quite skilled in the "art". And most script kiddies wouldn't know what to do even with a step-by-step recipe, they rely on others to make point and shoot kits.
It would cut down somewhat on attacks, but could also slow the response of those trying to fix the problem.
Of course, it's in security companies' interests that security-naive people should get hurt, making them less security-naive and more likely to buy products or services from companies such as the one of which Smith is CTO. I sure am glad that I'm not in a business where making sure people get hurt is part of the business plan.
Wow, straw man!
Do you really advocate dumbing down everyone because of all the clueless W2K and RedHat users who never install any security updates? Because they won't install security updates, no one gets to know about the vulnerability well enough to determine if they are affected. Which could lead to social engineering attacks where a malicious individual releases a limited-disclosure bulletin that says to take measures that will actually increase vulnerability, and no one can verify if it works or not (similar attacks have already been attempted, this isn't completely hypothetical).
And, of course, in your entire post you mention nowhere that good practice is to alert the vendor before releasing to the public whenever possible. Instead, you imply that "full disclosure" doesn't give the vendor any chance to close the security holes.
Wow, then i couldn't send out ANY mail from a domain i manage, since our hosting provider doesn't do SMTP from customers (they just accept incoming mail to the domain and either POP3 or forward it) and we don't have the cash to get a mail machine somewhere.
If only the ISPs would just go after the spammers, instead of treating us all like criminals... What if the USPS would refuse to accept your mail unless you put your current address on it, as opposed to your P.O. Box, or your work address, or your friend's address when she's over at your house and needs to send a letter, etc.? But most people are too clueless about the Internet to care, or are too blinded by the "Spam is evil! Death to spam at all costs!" mantra to notice...
-----
Remember, there are many people who have no real understanding, they just know to click on the icons, save and print.
-----
Check out the G95 project at http://g95.sourceforge.net/. It's still in the beginning stages, but someone like you who knows the language could certainly help with the development. At worst, you could run your code through it and give feedback.
-----
That's ok, most people aren't talking about anything besides "Portscanning is like using a bomb to blow up my house! It's illegal!", followed by "You wanker, if you'd think for a minute you'd realize how stupid that analogy sounds" and a few rebuttals along the lines of "No, it's more like looking at your house to see if it exists."
I'd estimate the S/N ratio at about 1/4000, that high because there are only about 400 posts at the moment. At least the ACs are having a field day, it's almost worth turning the threshold to 0 to see the more lucid ones insult the less lucid posters.
-----
Paranoid enough, are you?
Beware absolute statements.
-----
You forget, these are the most commonly scanned ports anyway since they are most likely to have something interesting (for whatever definition of interesting). So that would accomplish very little, except to annoy a lot of people who do have a good reason to scan there or who simply mistype an address.
-----
A netboot machine? Windos with nthe "network neighborhood"? Most connections require a userspace program to request a connection. Contrary to Micros~1 propaganda, a web browser isn't really a standard operating system component.
Or were you referring to nmap not using the OS routines to attempt the connect? If so, then you're just wrong since it does use the OS routines.
Secondly, blah blah blah
It's usually considered bad form to change definitions in the middle of a debate.
So you're telling me you've never done an HTTP GET just to determine if the webserver is running? Oh no, port scan! Anyway, next time I portscan you i'll just be sure to send a GET request and you'll consider it not-a-port-scan.
This is similar in attitude to the "admins that dont patch their systems deserve to get cr/hacked", and almost as ridiculous
Go Straw Man! I'll just ignore this comment.
or implicitely (eg. setting up a website)
"I was just checking to see if that's what you had done!". Or is that a portscan, because i didn't magically know the instant you did so?
The sad fact is that many people don't seem to really understand the Internet. That's why we have parents expecting that the internet should fit their morality even though anyone can publish, governments thinking they can legislate it, and people like you thinking "no! don't even look at me!" is a basic right.
-----
-----
If you're going to try to correct me, please bother to know what you're talking about. If you don't, it just adds to the stigma of stupidity all ACs have.
-----
Wow, then just about every networked Windos box in the entire world is guilty. Or else why does the firewall get hit on port 137 all the time, unsolicited?
And an "http GET request" is not a port scan.
Go Captain Contradiction! Do you realize you have to connect to a tcp port in order to make that request? Or do you expect Yahoo, Hotmail, Slashdot, etc all to call you up and say "sure, you can connect to our servers"?
The fact is, by connecting your machine to the Internet you're pretty much giving permission for random people to connect. A port scan is nothing more than a connection attempt, to see whether or not the attempt will be accepted or rejected. The house analogy is bad, because there you're not giving permission for random people to come see what you're offering whereas by connecting to the Internet you are (the Internet currently has no method of connecting to be a client only, everyone is potentially a server).
-----
Not quite. The usual text is "either version 2 of the License, or (at your option) any later version." That's not quite the same as "This version, until we decide to change it, then that version only." The difference is in the option to keep using the older version.
-----