Does anyone remember the "age verification" routine in the old Leisure Suit Larry game? Just ask them a bunch of questions that someone under 18 isn't likely to know.:)
Adding an HTTP forwarder in front of an IIS server isn't going to help for pure HTTP based attacks. If there's a legitimate HTTP request that IIS is going to mishandle, Apache in proxy mode will happily forward on that HTTP request and let IIS choke on it.
Clueful admins can use something like mod_rewrite to sanitize HTTP requests and deny suspect (ie too long, contains a specific string..) URL requests, but if I remember correctly, even mod_rewrite doesn't let you rewrite stuff like Host: headers which can be abused as well.
I'm not saying it's a bad solution. In fact, I've suggested it in the past. It just has to be implemented carefully. It's not going to be a drop in black box solution the PHB likes.
It would be nice if there were more granular control over what operations are deemed insecure. E.g. so you could deem opening a file for reading insecure, or execution of SQL statements in a database.
Ruby exposes that functionality to the programmer. There are defined $Safe levels that define what actions can happen on "tainted" objects. Additionally, objects have the "taint" and "tainted?" methods which mark an object as tainted, or tells if an object is tainted, respectively.
By either changing the Safe level, or making explicit calls to object.tainted, you can make taint checking as granular as you want.
OK, I think we're well off-topic here, but the point is worth arguing.
Doesn't that seem more logical than to always tread along the same thought of an evil corporation "assimilating" everything in site? Move away, go find another OS, show MS that by you using another OS they mean little to you. Isn't that sweeter justice than moaning and groaning about something out of your reach (MS' so called monopolization)?
This might be a valid point if everyone were capable of making this decision. Unfortunately, due to whatever historic "competitive" practices Microsoft has used, the vast majority of computer users get an MS OS pre-installed and never think about the idea of having a choice. The smaller groups that have a grasp on the issues have little sway with Microsoft by spending their dollars elsewhere (or not at all.)
The real unfortunate drawback is that because Microsoft now has a majority installation base, they have the de facto ability to introduce new standards. The people that made the choice of another OS now have to make a choice of living with Microsoft shortcomings in OS designs, or not being able to communicate with 90% of the rest of the world using these new so-called standards. It's even more painfull when one realizes that some of these standards are no more than minor proprietary add-ons to BSD-licensed code, such as the Win2k Kerberos implementation.
Is this really the argument though? The original question was about the merits of computer design as a "fine art," not if it was a valid art form at all. I'm just being argumentative here, but in the same way most people will differentiate modern musical styles from classical music, I think it's fair to make a distinction between modern visual art styles and "fine art." The label fine art does nothing to increase or decrease the relative merits of the artist or his/her works, it's simply a label to identify the style. One can argue about the various abilities of musicians of the last few decades, but none would really be compared to the classical masters -- it's just a different ball park -- hell, it's a different sport. That's all the label "fine art" is conferring. It's like a genre label on a larger scale.
From the article The GPL, he continued, "breaks that cycle--that is, it makes it impossible for a commercial company to use any of that work or build on any of that work..."
How is this different from Microsoft's policy? When is the last you've seen people able to "work or build on any of [their source code]"? It's easy for people to attack Microsoft's stance on this for many reasons, but if you step back and look at it, their point isn't even consistant with their own actions. Letting select vendors have "view-only" access to MS source code in order to make better drivers is hardly allowing people to build on their source.
When it comes down to it, Microsoft is simply restating the standard BSD vs. GPL license argument, but now they're throwing around their new Shared Source term like it's somehow related.
On one hand you have a company talking about leaving the linux market because people aren't buying the stuff, and on the other hand you have the world's most profitible closed source developer being exposed for another huge hole that likely would have been caught sooner under an OSS model.
How much longer will it be till free market conditions start to force MS to shift its balance from flexibily/interoperability towards security?
Sure, getting fast, cheap internet acces is a good thing, but what are the ramifcations of government subsidised net access? You need to be licensed for the privilege of driving on the regular highway system, with police monitoring your behavior. How much government funding of the "information super highway" do we need before it becomes easy to take the same approach there?
I know -- cheesy analogy, but the point is the same. I think I might prefer a fully free-market capitalistic internet to a heavily subsidized one.
You're exactly right with your arguments, but I think it still might be missing the point. Is a student really "licensing" his/her work to the professor?
To take it out of the educational context.... say I go to my boss tomorrow and say, "hey, you know that secret super neato program you've had me working on? Well, it's done, and I've decided to license it to you on some pretty good terms, but I'm going to GPL it for some of my friends at competitor XYZ Company to use and improve on." Obviously, that's a silly proposition.
To get back to the educational environment, if I'm doing work for a professor, am I in a position to dictate the terms of my work? From what I understand, most universities reserve rights to patent student-produced work. Would their copyrighting of software fall under this same general idea? If the university has copyrighted the work (note, they would copyright the code itself, not some "special" version that I've released only to them) do I still have the ability to distribute it on my own terms? IANAL either, but I'd guess that I wouldn't be able to redistribute a copyrighted work, even if I were the original owner.
There are enough different aspects of this to make a few points. First, regardless of any "security" implications, any employer providing PCs (and the power to run them during those off cycles) has full rights to dictate what can and can't be run on them. For example, I've seen some employers try to force people to use all the powersave screensaver options to make sure that there's no electric consumption when the PC is not in use.
Beyond that part, there's the security debate. From the quotes in the article, it would seem that the people here are quite clueless. A web-site compromise of email addresses somehow leads to "some kind of risk" associated with the client?? That doesn't quite make sense. However, another good point that was raised in another post was the fact that the SETI client is closed source. It's doubtful, but what if the evil minds at Berkely really put a 3l33t r00tkit backdoor in the latest client? There'd really be little most people could do to detect it and stop it.
Of course, that's probably being paranoid, but the bottom line is, I'd still hate to walk into a reasonably secure government facility and see the SETI screensaver going. This is probably one of those cases where people end up at the right decision, just using the wrong logic.
Are you just defining DNS A records for the IP address your ISP has given you? If that's the case, then the forward and reverse lookups wouldn't match. What you probably want to do is define a CNAME record for the domain name you want to the domain name they give you. i.e.
ISP DNS has: ISPassignedHostname.isp.net. IN A 64.28.150.67
and 67.150.28.64. IN PTR ISPassignedHostname.isp.net.
You then add to your DNS: mydomain.com IN CNAME ISPassignedHostname.isp.net.
When people try to hit your domain, the lookup will show the canonical name as the one assigned by the ISP. That's the one that reverse lookup checks will do. The CNAME is just letting you assign a handy alias to it.
Ok, maybe I'm naive here, but I've seen enough to realize that capitalistic forces tend to set the course of just about everything in today's world. Which leads me to the question, which benefits from spam. I'll have to assume that all the corporate spammers out there are striving to make some money out of their efforts in some way. Wouldn't one of the most effective anti-spam campaigns be to simply cut off that revenue stream? I'm not sure I've ever actually read a spam email, so I may be out on a limb here, but if people just stop buying or browsing to whatever spammers are selling, they should start to go away.
Kind of like that Simpsons' Halloween episode where the commercial mascots went nuts until everyone ignored them.
On the contrary, I think this can be a pretty good idea if done in moderation. How many times do you take your collection of mp3s (or even a particular subset) and put them on random, and still end up with a mediocre set that doesn't quite fit. I like the idea of being able to workout a "format" using XML type meta tags.
If I want to put a particular song in a particular place, so be it... but if I want to put a marker for "Early 70s Classic Rock" followed by "90s Alternative" -- Sometimes I'll hear Floyd followed by Nirvana, but the next time it will be Zeppelin and Soundgarden. Maybe that's a bad example, but the point is you get control over something like a weighted random and avoid some of the annoying mixes that pure random generates.
As for the profit potential with paid promos, that might be a stretch. However, systems like this can only be abused if consumers are willing.
If anyone thinks that this is a case of helping a single person with legal research, they are missing a big point.
A valid patent on a 3-tier architecture with a RDB backend would impact just about everyone on the web. Isn't slashdot basically a 3-tier site with a RDB? Stories / Posts in a relational database, application logic for filters / preferences, and a front end web GUI.
In fact, how many useful dynamic content sites wouldn't fit this particular model?
"Even though the computer industry has come to accept as 'normal' that their products crash, fail to perform as promised, lock up, or cause you to lose valuable information, the law is not so forgiving,"...
"If the warranty is not honored, consumers are entitled to a new computer (or printer, scanner, software and so on) or a refund in exchange for the defective unit."
This is sort of scary if it passes. Can you imagine Dell being sued repeatedly in Pennsylvania Civil Court because people have Windows PCs that occasionally crash and cause them to lose information? While the bill might have noble intentions, past experience with government sponsored computer-related protection bills makes me a bit nervous.
Slashdot Mirror
Does anyone remember the "age verification" routine in the old Leisure Suit Larry game? Just ask them a bunch of questions that someone under 18 isn't likely to know. :)
Adding an HTTP forwarder in front of an IIS server isn't going to help for pure HTTP based attacks. If there's a legitimate HTTP request that IIS is going to mishandle, Apache in proxy mode will happily forward on that HTTP request and let IIS choke on it.
Clueful admins can use something like mod_rewrite to sanitize HTTP requests and deny suspect (ie too long, contains a specific string..) URL requests, but if I remember correctly, even mod_rewrite doesn't let you rewrite stuff like Host: headers which can be abused as well.
I'm not saying it's a bad solution. In fact, I've suggested it in the past. It just has to be implemented carefully. It's not going to be a drop in black box solution the PHB likes.
It would be nice if there were more granular control over what operations are deemed insecure. E.g. so you could deem opening a file for reading insecure, or execution of SQL statements in a database.
Ruby exposes that functionality to the programmer. There are defined $Safe levels that define what actions can happen on "tainted" objects. Additionally, objects have the "taint" and "tainted?" methods which mark an object as tainted, or tells if an object is tainted, respectively.
By either changing the Safe level, or making explicit calls to object.tainted, you can make taint checking as granular as you want.
OK, I think we're well off-topic here, but the point is worth arguing.
Doesn't that seem more logical than to always tread along the same thought of an evil corporation "assimilating" everything in site? Move away, go find another OS, show MS that by you using another OS they mean little to you. Isn't that sweeter justice than moaning and groaning about something out of your reach (MS' so called monopolization)?
This might be a valid point if everyone were capable of making this decision. Unfortunately, due to whatever historic "competitive" practices Microsoft has used, the vast majority of computer users get an MS OS pre-installed and never think about the idea of having a choice. The smaller groups that have a grasp on the issues have little sway with Microsoft by spending their dollars elsewhere (or not at all.)
The real unfortunate drawback is that because Microsoft now has a majority installation base, they have the de facto ability to introduce new standards. The people that made the choice of another OS now have to make a choice of living with Microsoft shortcomings in OS designs, or not being able to communicate with 90% of the rest of the world using these new so-called standards. It's even more painfull when one realizes that some of these standards are no more than minor proprietary add-ons to BSD-licensed code, such as the Win2k Kerberos implementation.
Is this really the argument though? The original question was about the merits of computer design as a "fine art," not if it was a valid art form at all. I'm just being argumentative here, but in the same way most people will differentiate modern musical styles from classical music, I think it's fair to make a distinction between modern visual art styles and "fine art." The label fine art does nothing to increase or decrease the relative merits of the artist or his/her works, it's simply a label to identify the style. One can argue about the various abilities of musicians of the last few decades, but none would really be compared to the classical masters -- it's just a different ball park -- hell, it's a different sport. That's all the label "fine art" is conferring. It's like a genre label on a larger scale.
From the article The GPL, he continued, "breaks that cycle--that is, it makes it impossible for a commercial company to use any of that work or build on any of that work..."
How is this different from Microsoft's policy? When is the last you've seen people able to "work or build on any of [their source code]"? It's easy for people to attack Microsoft's stance on this for many reasons, but if you step back and look at it, their point isn't even consistant with their own actions. Letting select vendors have "view-only" access to MS source code in order to make better drivers is hardly allowing people to build on their source.
When it comes down to it, Microsoft is simply restating the standard BSD vs. GPL license argument, but now they're throwing around their new Shared Source term like it's somehow related.
On one hand you have a company talking about leaving the linux market because people aren't buying the stuff, and on the other hand you have the world's most profitible closed source developer being exposed for another huge hole that likely would have been caught sooner under an OSS model.
How much longer will it be till free market conditions start to force MS to shift its balance from flexibily/interoperability towards security?
Sure, getting fast, cheap internet acces is a good thing, but what are the ramifcations of government subsidised net access? You need to be licensed for the privilege of driving on the regular highway system, with police monitoring your behavior. How much government funding of the "information super highway" do we need before it becomes easy to take the same approach there?
I know -- cheesy analogy, but the point is the same. I think I might prefer a fully free-market capitalistic internet to a heavily subsidized one.
Actually, I think the big question is, "who is the copyright holder?"
You're exactly right with your arguments, but I think it still might be missing the point. Is a student really "licensing" his/her work to the professor?
To take it out of the educational context.... say I go to my boss tomorrow and say, "hey, you know that secret super neato program you've had me working on? Well, it's done, and I've decided to license it to you on some pretty good terms, but I'm going to GPL it for some of my friends at competitor XYZ Company to use and improve on." Obviously, that's a silly proposition.
To get back to the educational environment, if I'm doing work for a professor, am I in a position to dictate the terms of my work? From what I understand, most universities reserve rights to patent student-produced work. Would their copyrighting of software fall under this same general idea? If the university has copyrighted the work (note, they would copyright the code itself, not some "special" version that I've released only to them) do I still have the ability to distribute it on my own terms? IANAL either, but I'd guess that I wouldn't be able to redistribute a copyrighted work, even if I were the original owner.
There are enough different aspects of this to make a few points. First, regardless of any "security" implications, any employer providing PCs (and the power to run them during those off cycles) has full rights to dictate what can and can't be run on them. For example, I've seen some employers try to force people to use all the powersave screensaver options to make sure that there's no electric consumption when the PC is not in use.
Beyond that part, there's the security debate. From the quotes in the article, it would seem that the people here are quite clueless. A web-site compromise of email addresses somehow leads to "some kind of risk" associated with the client?? That doesn't quite make sense. However, another good point that was raised in another post was the fact that the SETI client is closed source. It's doubtful, but what if the evil minds at Berkely really put a 3l33t r00tkit backdoor in the latest client? There'd really be little most people could do to detect it and stop it.
Of course, that's probably being paranoid, but the bottom line is, I'd still hate to walk into a reasonably secure government facility and see the SETI screensaver going. This is probably one of those cases where people end up at the right decision, just using the wrong logic.
Are you just defining DNS A records for the IP address your ISP has given you? If that's the case, then the forward and reverse lookups wouldn't match. What you probably want to do is define a CNAME record for the domain name you want to the domain name they give you. i.e.
ISP DNS has:
ISPassignedHostname.isp.net. IN A 64.28.150.67
and
67.150.28.64. IN PTR ISPassignedHostname.isp.net.
You then add to your DNS:
mydomain.com IN CNAME ISPassignedHostname.isp.net.
When people try to hit your domain, the lookup will show the canonical name as the one assigned by the ISP. That's the one that reverse lookup checks will do. The CNAME is just letting you assign a handy alias to it.
Ok, maybe I'm naive here, but I've seen enough to realize that capitalistic forces tend to set the course of just about everything in today's world. Which leads me to the question, which benefits from spam. I'll have to assume that all the corporate spammers out there are striving to make some money out of their efforts in some way. Wouldn't one of the most effective anti-spam campaigns be to simply cut off that revenue stream? I'm not sure I've ever actually read a spam email, so I may be out on a limb here, but if people just stop buying or browsing to whatever spammers are selling, they should start to go away.
Kind of like that Simpsons' Halloween episode where the commercial mascots went nuts until everyone ignored them.
Well, if you had a desktop, wouldn't you just plug in a 19" monitor?
There's still an important difference between reselling the copyrighted works and simply making them avaialbe to someone else to copy as fair use.
IANAL, but that seems like a huge difference to me.
On the contrary, I think this can be a pretty good idea if done in moderation. How many times do you take your collection of mp3s (or even a particular subset) and put them on random, and still end up with a mediocre set that doesn't quite fit. I like the idea of being able to workout a "format" using XML type meta tags.
If I want to put a particular song in a particular place, so be it... but if I want to put a marker for "Early 70s Classic Rock" followed by "90s Alternative" -- Sometimes I'll hear Floyd followed by Nirvana, but the next time it will be Zeppelin and Soundgarden. Maybe that's a bad example, but the point is you get control over something like a weighted random and avoid some of the annoying mixes that pure random generates.
As for the profit potential with paid promos, that might be a stretch. However, systems like this can only be abused if consumers are willing.
If anyone thinks that this is a case of helping a single person with legal research, they are missing a big point.
A valid patent on a 3-tier architecture with a RDB backend would impact just about everyone on the web. Isn't slashdot basically a 3-tier site with a RDB? Stories / Posts in a relational database, application logic for filters / preferences, and a front end web GUI.
In fact, how many useful dynamic content sites wouldn't fit this particular model?
Did you read the article?
...
"If the warranty is not honored, consumers are entitled to a new computer (or printer, scanner, software and so on) or a refund in exchange for the defective unit."
"Even though the computer industry has come to accept as 'normal' that their products crash, fail to perform as promised, lock up, or cause you to lose valuable information, the law is not so forgiving,"
This is sort of scary if it passes. Can you imagine Dell being sued repeatedly in Pennsylvania Civil Court because people have Windows PCs that occasionally crash and cause them to lose information? While the bill might have noble intentions, past experience with government sponsored computer-related protection bills makes me a bit nervous.