Just so we get the tone of this conversation right, I'm enjoying this exchange. It's causing me to evaluate my assumptions and to question my beliefs (well, my beliefs wrt linux security).
You haven't presented anything better that you can do as root. There might be more ways to do the same thing, but that isn't any better.
It is possible, as root, to load code at runtime into the kernel that is totally invisible to anyone poking at the computer. It is NOT possible (within some epsilon of NOT, anyway) for an arbitrary user to hide running code from root, without first gaining root.
My SOP for dealing with weirdness is to log into a console and run top as root. If I always ran as root, the spykit could be completely invisible. If I typically ran as user, then I'll see something weird.
What if they changed the LD_LIBRARY_PATH?
They can't change root's LD_LIBRARY_PATH. That's the whole point of having multiple users.
How are is it being fair to everyone? If you buy a blank CD-R and just make a back-up of your personal computer files, why in the world should you have to pay an "artist" tax on that?
Because some actuary somewhere did the math, figured out the percentage of blank CD-Rs used for piracy, and computed an effective rate. At least, that's how I imagine it went. Much like insurance.
As a Canadian, hose numbers are certainly not reasonable. If a levy on downloads was deemed necessary (which I don't think it is), the levy for downloads should at least be close to that on physical purchases. For instance, if we currently pay a 0% levy on buying a music CD, something like 1% on downloads might be reasonable. 40%, not so much.
Uploading music that you don't have permission to upload is NOT legal in Canada. For instance, see Russell McOrmond's post to pcmag. Russell is super active trying to make Canadian copyright law sane, for instance, he runs Digital Copyright Canada, who recently had their Petition for Users' Rights submitted to parliament.
But you ignored my point. I wasn't arguing that it was necessary to be root in order to spy on someone. It's just that it's possible to do a better job as root. Security isn't about absolutes, it's about taking precautions. Just because I have a lock on my door, doesn't mean no-one can break into my house. However, it makes it less-likely.
For instance, a regular user has no way to run a process without it appearing in the process list. They could replace the program that a user uses for listing processes though.
No, they can't. Well, that's not quite what I mean. They could alias ps to/home/foo/.trojan/ps, for the low-priv user. Thing is, when Joe User calls his nerdy cousin Dwight up because his computer is slow as shit, and Dwight comes over and logs in to the console as root, typing/bin/ps aux is going to show the trojan running.
If you're not talking about a server or other shared/critical environment, then the only things of any real value on the machine are the user's own files. Root or not, they can toast them. Lindows, in case you hadn't noticed, is *not* aimed at servers...
Now, if I'm running as some random user, I'd fear rm -rf $HOME. However, I'd be able to download some software and say to it "find all deleted files on this partition and make them come back."
If I'm running as root, the attacker could do something like dd if=/dev/urandom of=/dev/hda and then my chances of getting any data back are pretty much toast.
Yes, 99% of my machine will not be affected. But guess what? I'm still losing that text document, which, to me is a hell of a lot more important than losing/bin/ls (which I can just reinstall).
scrolling up the screen, you can pound ctrl-c and pray that you stop things before any damage is done. And then you can reboot, without worrying that you're missing essential system files.
OTOH, if you were running as root, you'd HAVE to reinstall, or at least put a lot of effort into recovery.
Spyware doesn't need root privileges to spy on you.
But it sure helps. For instance, a regular user has no way to run a process without it appearing in the process list. A regular user can't load kernel modules. On the other hand, root can do both those things.
Spyware installed as root can become invisible, by taking advantage of root's powers. It makes the problem that much harder to detect and diagnose. If you run as root all the time, there's just no way to know if you've been owned. On the other hand, running under a regular user account, you can be a lot more confident that there isn't an invisible process/module watching you.
Not to mention that a lot of viruses like to guarantee their execution by piggybacking into system files. Remember when instead of worms, we had viruses that would infect.exe files? If all of your apps are root:root r-xr-xr-x and you aren't running as root, then it's a lot harder for a virus to add itself to a system binary.
We should really be milking the "think of the children" viewpoint more. The pro-children viewpoint has to be the lenient-IP viewpoint.
It's not what the WIPO people want us to think, but it's the true. The more restrictive our IP laws become, the more we neuter our children. IP laws are like pollution - harmful to the children.
The more we strangle the public domain, the less that they have to build on in the future. The more restrictions we place on what they can do, the less job oppourtunities they'll be able to create.
It drives me nuts that people can be pro-draconian-IP and still tell us to "think of the children."
Kudos to your daughter. She still working on things? I can't recall any recent emails to the DCC list, though I'm about a week behind.
This last election was tough for me. I considered IP to be one of my deal-maker issues, and only the Conservatives had a sane policy stance on it. The Liberals were pro-WIPO, the Greens were just confused, the NDP was super pro-WIPO, but the Conservatives were... conservative on the issue.
Unfortunately, the rabid CCRAP members ruled out the Conservatives as a sane vote, leaving me to pick and choose from parties with poor IP platforms.
I use VLC exlusively on my Windows computer (a 233) because WMP just can't do it. I can't explain it, but where WMP shows a blank screen and plays choppy audio, VLC plays back choppy video and perfect audio. ffmpeg must be tuned more than the windows codecs or something.
This is Canada. When I went to vote, they said "are you on our lists?" I said "no." They said, "oh. are you a citizen?" I said "yes, here's my passport." They said, "ok, sign this list here, here's a ballot."
Pre-blog days, this system makes perfect sense. The government remains transparent, it's just there's a delay until everyone hears about it in order to guarantee a fair trial.
experiment can only disprove, and never prove, our hypotheses
People love to point this out. I think it's worth mentioning that most (all?) actual scientists are aware of the fact that you can't prove something, you can only confirm it.
That said, when they do use the word prove, scientists mean it in a different way than mathematicians. For instance, "we've flown the plane between here and there 100 times, and it's been proven flight-worthy" vs. "a => b. a. therefore b".
Or: "I've promoted Bob because he's proven himself to be competent" vs. "The proof of Fermat's Last Theorem is the length of a book".
I'll very much grant you that the trademark case here seems open-and-shut from a layman's viewpoint.
But a patent on Scrabble? I can't even begin to make sense of that. What did they patent? The tile? A bag full of tiles? A board with tile shaped divits? Actually - the board, I could see. It strikes me as unlikely that an online Scrabble clone involves a physical board though.
I still don't understand that retroactive extension. Did Congress not even discuss it? Lessig makes a pretty good argument against it in Free Culture.
Actually.. I wonder.. Does the US Congress keep transcripts dating back to then? More usefully to me, does it keep them online? It might be an interesting read on a rainy weekend.
I saw Scrabble for sale at a games store not too long ago. Those bastards.
Really, I agree that I don't find anything particularly suprising or outrageous about this. But you are totally allowed to just copy other people's things and sell 'em. Witness the history of the modern desktop computer. In fact, the so-called American way is pretty much based on that fact. Otherwise every new product would be a monopoly and the system would break down pretty fast.
Every public library I've been to has had a huge book on tape section. They'll have nerdy books, and they'll have non-nerdy books. I might suggest using the time to branch out and listen to non-nerdy books. Variety being the spice of life, and all that.
Slashdot Mirror
It is possible, as root, to load code at runtime into the kernel that is totally invisible to anyone poking at the computer. It is NOT possible (within some epsilon of NOT, anyway) for an arbitrary user to hide running code from root, without first gaining root.
My SOP for dealing with weirdness is to log into a console and run top as root. If I always ran as root, the spykit could be completely invisible. If I typically ran as user, then I'll see something weird.
They can't change root's LD_LIBRARY_PATH. That's the whole point of having multiple users.
Because some actuary somewhere did the math, figured out the percentage of blank CD-Rs used for piracy, and computed an effective rate. At least, that's how I imagine it went. Much like insurance.
That said, I'm no fan of the levy.
As a Canadian, hose numbers are certainly not reasonable. If a levy on downloads was deemed necessary (which I don't think it is), the levy for downloads should at least be close to that on physical purchases. For instance, if we currently pay a 0% levy on buying a music CD, something like 1% on downloads might be reasonable. 40%, not so much.
www.btplc.com/Siteservices/Servicesforinvestors/G
Uploading music that you don't have permission to upload is NOT legal in Canada. For instance, see Russell McOrmond's post to pcmag. Russell is super active trying to make Canadian copyright law sane, for instance, he runs Digital Copyright Canada, who recently had their Petition for Users' Rights submitted to parliament.
No, they can't. Well, that's not quite what I mean. They could alias ps to
Now, if I'm running as some random user, I'd fear rm -rf $HOME. However, I'd be able to download some software and say to it "find all deleted files on this partition and make them come back."
If I'm running as root, the attacker could do something like dd if=/dev/urandom of=/dev/hda and then my chances of getting any data back are pretty much toast.
If you aren't running as root, when you see:scrolling up the screen, you can pound ctrl-c and pray that you stop things before any damage is done. And then you can reboot, without worrying that you're missing essential system files.
OTOH, if you were running as root, you'd HAVE to reinstall, or at least put a lot of effort into recovery.
But it sure helps. For instance, a regular user has no way to run a process without it appearing in the process list. A regular user can't load kernel modules. On the other hand, root can do both those things.
Spyware installed as root can become invisible, by taking advantage of root's powers. It makes the problem that much harder to detect and diagnose. If you run as root all the time, there's just no way to know if you've been owned. On the other hand, running under a regular user account, you can be a lot more confident that there isn't an invisible process/module watching you.
Not to mention that a lot of viruses like to guarantee their execution by piggybacking into system files. Remember when instead of worms, we had viruses that would infect
We should really be milking the "think of the children" viewpoint more. The pro-children viewpoint has to be the lenient-IP viewpoint.
It's not what the WIPO people want us to think, but it's the true. The more restrictive our IP laws become, the more we neuter our children. IP laws are like pollution - harmful to the children.
The more we strangle the public domain, the less that they have to build on in the future. The more restrictions we place on what they can do, the less job oppourtunities they'll be able to create.
It drives me nuts that people can be pro-draconian-IP and still tell us to "think of the children."
Kudos to your daughter. She still working on things? I can't recall any recent emails to the DCC list, though I'm about a week behind.
This last election was tough for me. I considered IP to be one of my deal-maker issues, and only the Conservatives had a sane policy stance on it. The Liberals were pro-WIPO, the Greens were just confused, the NDP was super pro-WIPO, but the Conservatives were... conservative on the issue.
Unfortunately, the rabid CCRAP members ruled out the Conservatives as a sane vote, leaving me to pick and choose from parties with poor IP platforms.
Not act like cowboys? The city's big stadium is the SADDLEDOME
I use VLC exlusively on my Windows computer (a 233) because WMP just can't do it. I can't explain it, but where WMP shows a blank screen and plays choppy audio, VLC plays back choppy video and perfect audio. ffmpeg must be tuned more than the windows codecs or something.
Good idea. You write us a verifying program that can tell us if any given program will halt, and then we'll use it to test our theorem generator.
Interesting link, thanks.
This is Canada. When I went to vote, they said "are you on our lists?" I said "no." They said, "oh. are you a citizen?" I said "yes, here's my passport." They said, "ok, sign this list here, here's a ballot."
Pre-blog days, this system makes perfect sense. The government remains transparent, it's just there's a delay until everyone hears about it in order to guarantee a fair trial.
I like the sound of the navy's system. It seems to me that it'd be way easier to hit an icbm on the way up than on the way down.
experiment can only disprove, and never prove, our hypotheses
People love to point this out. I think it's worth mentioning that most (all?) actual scientists are aware of the fact that you can't prove something, you can only confirm it.
That said, when they do use the word prove, scientists mean it in a different way than mathematicians. For instance, "we've flown the plane between here and there 100 times, and it's been proven flight-worthy" vs. "a => b. a. therefore b".
Or: "I've promoted Bob because he's proven himself to be competent" vs. "The proof of Fermat's Last Theorem is the length of a book".
What model gives CTCs? I've done some basic GR, but we didn't cover anything crazy like that. That sounds really neat.
I'll very much grant you that the trademark case here seems open-and-shut from a layman's viewpoint.
But a patent on Scrabble? I can't even begin to make sense of that. What did they patent? The tile? A bag full of tiles? A board with tile shaped divits? Actually - the board, I could see. It strikes me as unlikely that an online Scrabble clone involves a physical board though.
I still don't understand that retroactive extension. Did Congress not even discuss it? Lessig makes a pretty good argument against it in Free Culture.
Actually.. I wonder.. Does the US Congress keep transcripts dating back to then? More usefully to me, does it keep them online? It might be an interesting read on a rainy weekend.
I saw Scrabble for sale at a games store not too long ago. Those bastards.
Really, I agree that I don't find anything particularly suprising or outrageous about this. But you are totally allowed to just copy other people's things and sell 'em. Witness the history of the modern desktop computer. In fact, the so-called American way is pretty much based on that fact. Otherwise every new product would be a monopoly and the system would break down pretty fast.
Every public library I've been to has had a huge book on tape section. They'll have nerdy books, and they'll have non-nerdy books. I might suggest using the time to branch out and listen to non-nerdy books. Variety being the spice of life, and all that.
It's usable on this 233 ;)