The ADSL USB Modem of Alcatel, THREE f***** week to set it up correctly on Linux, buggy or incomplete HOW-TO etc,etc, had to learn how to recompile a kernel which took me quite some time: I had Grub installed not Lilo (works better with ReiserFs) and 99% of the documentation is for Lilo, not for Grub..
Well, did you contribute your knowledge somehow - either make a new HOW-TO, or update the previous HOW-TO author with your new info? I find the same problem all the time - crappy, out of date HOW-TOs, or none at all. I dunno which is worse. My favorite is reading down thru an entire HOW-TO, and when it gets to my problem (if it does) it just says 'this is a problem' or 'doesn't happen to me'. Excellent.:)
The worm goes after 'default.ida' as I can see. They're trying to execute a program on my system. (default.ida). If my default.ida was actually a script that sent a payload back, and that payload just HAPPENED to be commands to disable their system, what's the harm there? I'm not ACTIVELY exploiting their system. I'm only sending a payload back in response to a request that THEIR system requested. Seems pretty clear cut to me.
The 'average user' sometimes *has* to compile apps. By 'average' I'm blurring both 'home' users with 'hobbyists' - let's face it, today, most linux users are still hobbyists/geeks. Some packages that I'd like to try only come as source. I'm not above configure, make, make install - when the packages are basic, it's pretty much like an installshield w32 setup. People don't mind those, and I don't mind basic make, make install stuff.
I think the frustration level is even higher for newbies who like the simplicity of M8 and want to try their hand at following some 'how tos' to compile packages. They can't DO it, and that'll cause more grief. Give them the tools to learn by default!
I *JUST* redid M8 today. The install was 1.4 GIGS, but STILL no telnet. I'm sure there's some other stuff missing, but I've only just started using it a little bit ago.
Wow - I figured we'd get thru ONE thread without 'debian r00lz' showing it's ugly head. We've got a debian enthusiast in the office who helped me get going on Debian. Guess what? Some things didn't work - specifically, everybuddy quit working (showed squares for every character) and GAIM started crashing. The AOL 'deb' package of AIM didn't work either.
What was I to do? I was 'apt-get install'ed out. Everything was as up to date as it could get - no luck anywhere. The most I got from other debian users was 'it works for me - I dunno what *you* did to *your* system'. If I have to download deb sources and compile everything, I might as well use a distro where that's encouraged, not discouraged.
Don't get me wrong - the apt package system is neat, and I think would have some uses for internal systems. But for me, an average user, not only did it not work, it left me with NO alternative but to ditch it. Waiting 3 days for a new version to be in a tree someplace isn't my idea of 'productive'.
It keeps a connection open for each apache process that connects to it. If you have 200 apache children, but only 100 connections available on mysql - POW! - errors galore.
Installing via their install system (fresh install) the 'network client' icon lists 'client network utilities like ssh, etc'. And there's a warning about FTP, Web, etc. services 'being on by default, and we're pretty sure there's no security issues, but you better check'. They're sending messages 'loud and clear' - why "try" to "tell me" that telnet isn't secure. Just offer it as an option I can see, off by default, and tell me it may be insecure, as they do with the other services.
Sheesh yeah! I forgot about telnet not being installed. *COME ON!* It's still Linux - home user or not, leave telnet in there! That's as bad as MS saying they're getting rid of the DOS window - hide it, maybe, but don't completely get rid of it!:)
Finally got through to the article! What was just so surprising about it was this this person seems to have never used an MS OS before. Well, never installed one before, anyway.
"The first thing that popped up that made me think about this parallel during the set up was the Network Connection Wizard built into the tail end of the set up process. Of course, XP being as new as it is, has a very large database of native drivers for NICs, so odds are that XP is going to find your NIC while it's installing itself on the PC...much like Mandrake 8.0 currently does. Once it finds this NIC, a wizard pops up wanting to set up your network!"
Wow, so Mandrake 8 finally has network card detection, and pops up a wizard. This happened back in Win95, when IIRC, Mandrake wasn't even around - certainly not for sale at Best Buy. Yet the author somehow implies that MS is *copying* Mandrake!
Then we're get to read about which icons he and his wife prefer. Ok, so XP 'chose' his login icon for him - he apparently didn't want to be a guitar, or whatever. *IT'S BETA*. I have a feeling you'll be able to choose your own login icon in the final release.
Warning: MySQL Connection Failed: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (61) in/usr/www/users/syslogic/temp/layout/discussions/1. php on line 7
Hmmm... perhaps using pconnects isn't such a good idea if you're going to get slashdotted.:)
Having bounced around between many distros the past couple years (slackware, debian, redhat, suse, caldera and mandrake) I found that the most *recent* mandrake 8.0 was actually about the most usable, from an installation and 'login/go' standpoint.
However, during the installation I apparently didn't say I was a developer, so it didn't install ANY compiling tools. OK, OK there may have been *something* there, but about 60% of the stuff I wanted to compiled didn't compile. So, from a 'casual/everyday' Linux user's perspective, it isn't very good. For someone like my wife, who just wants to sit down and type a letter by clicking on an office icon, it's fine.
I'd have commented more on the article itself(!) but it appears to be unavailable. Any mirrors?:)
I would think some IDG "For Dummies" books would be generic and 'long lasting' enough to give good value to a library. Win 95, 98, 2000, Office, etc. Some basic things like that.
For the more technical, some basic O'Reillys (camel and bat come to mind) would be nice. Probably at least one on VB.:)
You've answered your own question, pretty much. I'd hazard a guess to say that for MOST people, paying someone $40 and getting a prepackaged program that does what it says and says what it does is FAR easier than 'adding' to it just because it's open source.
Simply count the number of people who have the ability to add their own features to a pre-existing software project. Now, count the number of people who DON'T have that ability - I'll count myself in there as well. My hunch is that the number of people who CAN'T do such a seemingly basic task (as you seem to think) FAR outweigh the number of people who can.
There's your formula for competition.
Don't begrudge these people the opportunity to make a profit. If they make a good product, let them charge for it. Yes, there's great open source stuff out there, but that doesn't mean that that's the only way things should be. If the price/performance is good on this, it'll grow, and take off. *Some* shrinkwrapped products in stores, things like financial software, word processors, etc., is good because it keeps the idea of Linux in front of average Joe user shopping at Best Buy.
A client of mine purchased Webtrends from Zones, and we got it in the mail. The license key in the inside of the front manual was blacked out with a marker. The key didn't work. When I called webtrends for support, they claimed it was a bad license key and wouldn't help. It was $1600.
How about "gestures" like I can hit F5 to reload a page, instead of having to do CTRL-R? Or maybe a gesture like ALT-D instead of CTRL-SHIFT-L ?
Hitting a key seems like a pretty indicative gesture, imo.
Maybe with nicer keyboard controls we wouldn't be so infatuated with 'gestures'? I'd rather be able to do more with my keyboard - after all, for now, that's still where I'm doing my typing for replying to slashdot stories and the like - I'd prefer more intelligent keystroke commands rather than forcing me to use the mouse for more stuff.
But they've not done a recomparison of NT/Linux. It's great to see Linux/Apache together making enormous strides, but NT hasn't just remained static. NT5 and IIS5 have surely made some improvements in speed, etc. Any current NT numbers on similar hardware?
Thanks - I see someone else modded it up as well. For some reason I seem to get this more than the average user, from what I can tell (modded 'troll' for no apparent reason). Good to see the system eventually rights itself.:)
My understanding is that portscanning is more akin to the 'door knocking' that other people have mentioned here as well. Does a machine respond on port X, X1, X2, Xn... ?
While that's useful, there are more dangerous exploits to be used against common ports already - there are numerous port 80 exploits against IIS boxes, sendmail and bind exploits against unix boxes, etc. You don't need to 'portscan' (in my understanding of the word) to do damage. You already KNOW the port.
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
The reason the Court of Appeals will reverse Judge Jackson's rulings is simple - they did not act illegally in tying IE to their operating
system. Quite simply, having IE as part of the OS makes it a better product for users! What a concept!
Sorry, just because something produces "good" results for some people doesn't mean it's not illegal. Morality and legality are separate concerns. Not that I don't think the ruling might be overturned, but if that's the reason - 'it did some good for some people, ergo, it's not illegal' - we've got a sad court on our hands.:)
Windows 2000 *IS* NT. When my 2000 box boots up it proudly displays 'based on NT technology'. NT5 kinda just morphed into Windows 2000 for the millenium marketing potential, imo.
Somewhat a response to ergo98's 'Idiotic' post, but somewhat separate...:)
First off, I thought I read about similar action by a London-based insurance company a few months ago - darned if I can find the URL just now tho.
Nowhere did the article say 'NT=insecure, Linux=secure'. This insurance company is doing what all insurance companies do, which is analyze their claims data and make assumptions, inferences, and policy changes based on this data.
Of course inhouse skill, training levels, etc. all play into how secure a box or network is. However, according to this insurance company, their numbers are bearing out that it's more expensive to insure companies using Windows NT. Windows may be merely a symptom of a company that is lax about security in general - hiring inexperienced people, cutting security budgets, etc. But they have enough data to make a correlation between NT and higher insurance costs. (more claims? higher $ claims?)
Auto companies insuring cars will rate a sports car as a higher risk, even though it shouldn't happen that way. It's COMPLETELY down to the driver - just because I drive a red convertible sports car doens't mean that I *ever* speed, but statistically people driving red sports cars have higher accident rates, so they charge higher premiums for that car, because it's an indicator of risk. (Not sure on the specifics - I seem to remember red sports cars being higher, but could never afford one anyway, so it's a moot point for me!)
Interestingly, I was doing some work with an auto insurance company a few years ago that was looking at using people's credit ratings as a premium indicator - apparently, a credit rating is as good, or sometimes better, indicator of an auto insurance policy risk. Dunno if it's being phased in anywhere around here (Michigan) but I seem to remember the initial interest was stemming from research in California.
Back to the point - it's not idiotic at all that an insurance company would use something like software choices to base premiums on. Those choices, statistically, will point to other info about the company that is relevant as well. There will always be exceptions to the rule, but statistically, these will prove out - if they don't, insurance companies won't adopt these. If the numbers work out, they'll move in this direction. It's simple numbers.
The analogy about a car company asking for 'donations' to improve safety, etc., is about a flawed analogy as you can make. The primary thing wrong about it is that you HAVE to *purchase* a car. Car companies don't make their cars freely available. If they did, I'd bet money they'd ask for money to offset costs of creating the cars.
Honestly, I think there's absolutely nothing wrong with a company like this doing this sort of thing - I think I may go donate a few bucks. I like mandrake, but don't want to spend the $30 or so the stores are asking.
More companies should look at doing this on a larger scale - open source projects anyway. I offered to send a few bucks to the PHP APC project, and one of the developers politely declined, but I bet if a few hundred people donated a few bucks, they might think twice.:) And it may make the long nights/weekends some of these people donate a little more bearable.:)
Can even AOLTimeWarner, Sony, Sun, Oracle, and IBM combined beat them?
This was always at the crux of the trial I thought - MS could always point to their 'competitors', but if AOLTW, Sony, Sun, Oracle and IBM "got together" to develop an 'anti-MS' strategy (pricing/marketing/etc) wouldn't that be pointed at as a giant conspiracy or collusion? It would probably be MORE illegal than MS' monopoly abuse, if that's possible. Not that it would be WRONG necessarily, but I'd guess illegal nonetheless.
Slashdot Mirror
The ADSL USB Modem of Alcatel, THREE f***** week to set it up correctly on Linux, buggy or incomplete HOW-TO etc,etc, had to learn how to recompile a kernel which took me quite some time: I had Grub installed not Lilo (works better with ReiserFs) and 99% of the documentation is for Lilo, not for Grub..
:)
Well, did you contribute your knowledge somehow - either make a new HOW-TO, or update the previous HOW-TO author with your new info? I find the same problem all the time - crappy, out of date HOW-TOs, or none at all. I dunno which is worse. My favorite is reading down thru an entire HOW-TO, and when it gets to my problem (if it does) it just says 'this is a problem' or 'doesn't happen to me'. Excellent.
I don't see at all why it's a bad idea. Please explain.
The worm goes after 'default.ida' as I can see. They're trying to execute a program on my system. (default.ida). If my default.ida was actually a script that sent a payload back, and that payload just HAPPENED to be commands to disable their system, what's the harm there? I'm not ACTIVELY exploiting their system. I'm only sending a payload back in response to a request that THEIR system requested. Seems pretty clear cut to me.
Code red backdoor checker
The 'average user' sometimes *has* to compile apps. By 'average' I'm blurring both 'home' users with 'hobbyists' - let's face it, today, most linux users are still hobbyists/geeks. Some packages that I'd like to try only come as source. I'm not above configure, make, make install - when the packages are basic, it's pretty much like an installshield w32 setup. People don't mind those, and I don't mind basic make, make install stuff.
I think the frustration level is even higher for newbies who like the simplicity of M8 and want to try their hand at following some 'how tos' to compile packages. They can't DO it, and that'll cause more grief. Give them the tools to learn by default!
I *JUST* redid M8 today. The install was 1.4 GIGS, but STILL no telnet. I'm sure there's some other stuff missing, but I've only just started using it a little bit ago.
You forgot to clarify that with "WHEN IT WORKS".
Wow - I figured we'd get thru ONE thread without 'debian r00lz' showing it's ugly head. We've got a debian enthusiast in the office who helped me get going on Debian. Guess what? Some things didn't work - specifically, everybuddy quit working (showed squares for every character) and GAIM started crashing. The AOL 'deb' package of AIM didn't work either.
What was I to do? I was 'apt-get install'ed out. Everything was as up to date as it could get - no luck anywhere. The most I got from other debian users was 'it works for me - I dunno what *you* did to *your* system'. If I have to download deb sources and compile everything, I might as well use a distro where that's encouraged, not discouraged.
Don't get me wrong - the apt package system is neat, and I think would have some uses for internal systems. But for me, an average user, not only did it not work, it left me with NO alternative but to ditch it. Waiting 3 days for a new version to be in a tree someplace isn't my idea of 'productive'.
It keeps a connection open for each apache process that connects to it. If you have 200 apache children, but only 100 connections available on mysql - POW! - errors galore.
Installing via their install system (fresh install) the 'network client' icon lists 'client network utilities like ssh, etc'. And there's a warning about FTP, Web, etc. services 'being on by default, and we're pretty sure there's no security issues, but you better check'. They're sending messages 'loud and clear' - why "try" to "tell me" that telnet isn't secure. Just offer it as an option I can see, off by default, and tell me it may be insecure, as they do with the other services.
Sheesh yeah! I forgot about telnet not being installed. *COME ON!* It's still Linux - home user or not, leave telnet in there! That's as bad as MS saying they're getting rid of the DOS window - hide it, maybe, but don't completely get rid of it! :)
Finally got through to the article! What was just so surprising about it was this this person seems to have never used an MS OS before. Well, never installed one before, anyway.
/usr/www/users/syslogic/temp/layout/discussions/1. php on line 7
:)
"The first thing that popped up that made me think about this parallel during the set up was the Network Connection Wizard built into the tail end of the set up process. Of course, XP being as new as it is, has a very large database of native drivers for NICs, so odds are that XP is going to find your NIC while it's installing itself on the PC...much like Mandrake 8.0 currently does. Once it finds this NIC, a wizard pops up wanting to set up your network!"
Wow, so Mandrake 8 finally has network card detection, and pops up a wizard. This happened back in Win95, when IIRC, Mandrake wasn't even around - certainly not for sale at Best Buy. Yet the author somehow implies that MS is *copying* Mandrake!
Then we're get to read about which icons he and his wife prefer. Ok, so XP 'chose' his login icon for him - he apparently didn't want to be a guitar, or whatever. *IT'S BETA*. I have a feeling you'll be able to choose your own login icon in the final release.
Warning: MySQL Connection Failed: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (61) in
Hmmm... perhaps using pconnects isn't such a good idea if you're going to get slashdotted.
Having bounced around between many distros the past couple years (slackware, debian, redhat, suse, caldera and mandrake) I found that the most *recent* mandrake 8.0 was actually about the most usable, from an installation and 'login/go' standpoint.
:)
However, during the installation I apparently didn't say I was a developer, so it didn't install ANY compiling tools. OK, OK there may have been *something* there, but about 60% of the stuff I wanted to compiled didn't compile. So, from a 'casual/everyday' Linux user's perspective, it isn't very good. For someone like my wife, who just wants to sit down and type a letter by clicking on an office icon, it's fine.
I'd have commented more on the article itself(!) but it appears to be unavailable. Any mirrors?
I would think some IDG "For Dummies" books would be generic and 'long lasting' enough to give good value to a library. Win 95, 98, 2000, Office, etc. Some basic things like that.
:)
For the more technical, some basic O'Reillys (camel and bat come to mind) would be nice. Probably at least one on VB.
You've answered your own question, pretty much. I'd hazard a guess to say that for MOST people, paying someone $40 and getting a prepackaged program that does what it says and says what it does is FAR easier than 'adding' to it just because it's open source.
Simply count the number of people who have the ability to add their own features to a pre-existing software project. Now, count the number of people who DON'T have that ability - I'll count myself in there as well. My hunch is that the number of people who CAN'T do such a seemingly basic task (as you seem to think) FAR outweigh the number of people who can.
There's your formula for competition.
Don't begrudge these people the opportunity to make a profit. If they make a good product, let them charge for it. Yes, there's great open source stuff out there, but that doesn't mean that that's the only way things should be. If the price/performance is good on this, it'll grow, and take off. *Some* shrinkwrapped products in stores, things like financial software, word processors, etc., is good because it keeps the idea of Linux in front of average Joe user shopping at Best Buy.
A client of mine purchased Webtrends from Zones, and we got it in the mail. The license key in the inside of the front manual was blacked out with a marker. The key didn't work. When I called webtrends for support, they claimed it was a bad license key and wouldn't help. It was $1600.
I'm supposed to trust Zones with my licensing?
How about "gestures" like I can hit F5 to reload a page, instead of having to do CTRL-R? Or maybe a gesture like ALT-D instead of CTRL-SHIFT-L ? Hitting a key seems like a pretty indicative gesture, imo.
Maybe with nicer keyboard controls we wouldn't be so infatuated with 'gestures'? I'd rather be able to do more with my keyboard - after all, for now, that's still where I'm doing my typing for replying to slashdot stories and the like - I'd prefer more intelligent keystroke commands rather than forcing me to use the mouse for more stuff.
And VA Linux is going out of (hardware) business...
But it didn't say what hardware...
But they've not done a recomparison of NT/Linux. It's great to see Linux/Apache together making enormous strides, but NT hasn't just remained static. NT5 and IIS5 have surely made some improvements in speed, etc. Any current NT numbers on similar hardware?
Thanks - I see someone else modded it up as well. For some reason I seem to get this more than the average user, from what I can tell (modded 'troll' for no apparent reason). Good to see the system eventually rights itself. :)
My understanding is that portscanning is more akin to the 'door knocking' that other people have mentioned here as well. Does a machine respond on port X, X1, X2, Xn... ?
While that's useful, there are more dangerous exploits to be used against common ports already - there are numerous port 80 exploits against IIS boxes, sendmail and bind exploits against unix boxes, etc. You don't need to 'portscan' (in my understanding of the word) to do damage. You already KNOW the port.
Am I missing something?
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
The reason the Court of Appeals will reverse Judge Jackson's rulings is simple - they did not act illegally in tying IE to their operating system. Quite simply, having IE as part of the OS makes it a better product for users! What a concept!
:)
Sorry, just because something produces "good" results for some people doesn't mean it's not illegal. Morality and legality are separate concerns. Not that I don't think the ruling might be overturned, but if that's the reason - 'it did some good for some people, ergo, it's not illegal' - we've got a sad court on our hands.
Windows 2000 *IS* NT. When my 2000 box boots up it proudly displays 'based on NT technology'. NT5 kinda just morphed into Windows 2000 for the millenium marketing potential, imo.
Somewhat a response to ergo98's 'Idiotic' post, but somewhat separate... :)
First off, I thought I read about similar action by a London-based insurance company a few months ago - darned if I can find the URL just now tho.
Nowhere did the article say 'NT=insecure, Linux=secure'. This insurance company is doing what all insurance companies do, which is analyze their claims data and make assumptions, inferences, and policy changes based on this data. Of course inhouse skill, training levels, etc. all play into how secure a box or network is. However, according to this insurance company, their numbers are bearing out that it's more expensive to insure companies using Windows NT. Windows may be merely a symptom of a company that is lax about security in general - hiring inexperienced people, cutting security budgets, etc. But they have enough data to make a correlation between NT and higher insurance costs. (more claims? higher $ claims?)
Auto companies insuring cars will rate a sports car as a higher risk, even though it shouldn't happen that way. It's COMPLETELY down to the driver - just because I drive a red convertible sports car doens't mean that I *ever* speed, but statistically people driving red sports cars have higher accident rates, so they charge higher premiums for that car, because it's an indicator of risk. (Not sure on the specifics - I seem to remember red sports cars being higher, but could never afford one anyway, so it's a moot point for me!)
Interestingly, I was doing some work with an auto insurance company a few years ago that was looking at using people's credit ratings as a premium indicator - apparently, a credit rating is as good, or sometimes better, indicator of an auto insurance policy risk. Dunno if it's being phased in anywhere around here (Michigan) but I seem to remember the initial interest was stemming from research in California.
Back to the point - it's not idiotic at all that an insurance company would use something like software choices to base premiums on. Those choices, statistically, will point to other info about the company that is relevant as well. There will always be exceptions to the rule, but statistically, these will prove out - if they don't, insurance companies won't adopt these. If the numbers work out, they'll move in this direction. It's simple numbers.
The analogy about a car company asking for 'donations' to improve safety, etc., is about a flawed analogy as you can make. The primary thing wrong about it is that you HAVE to *purchase* a car. Car companies don't make their cars freely available. If they did, I'd bet money they'd ask for money to offset costs of creating the cars.
:) And it may make the long nights/weekends some of these people donate a little more bearable. :)
Honestly, I think there's absolutely nothing wrong with a company like this doing this sort of thing - I think I may go donate a few bucks. I like mandrake, but don't want to spend the $30 or so the stores are asking.
More companies should look at doing this on a larger scale - open source projects anyway. I offered to send a few bucks to the PHP APC project, and one of the developers politely declined, but I bet if a few hundred people donated a few bucks, they might think twice.
Can even AOLTimeWarner, Sony, Sun, Oracle, and IBM combined beat them?
This was always at the crux of the trial I thought - MS could always point to their 'competitors', but if AOLTW, Sony, Sun, Oracle and IBM "got together" to develop an 'anti-MS' strategy (pricing/marketing/etc) wouldn't that be pointed at as a giant conspiracy or collusion? It would probably be MORE illegal than MS' monopoly abuse, if that's possible. Not that it would be WRONG necessarily, but I'd guess illegal nonetheless.