So what, excactly, is the problem with heavy users paying their own way?
What's the point of high speed broadband access if you can't use it to full potential without having to start selling organs to pay the bills?
Hmmm... perhaps, to get low-latency access to the small(er) blobs of data you want to access?
Look, all they're doing is changing the bundling of their service to more closely reflect the usage patterns of two groups of customers. To insist that they do otherwise is to demand that the light-usage customers subsidize the heavy users. And this is exactly what happens in the DSL market anyway, where service providers charge different rates for different bandwidths.
It occurs to me that mostly CableModem companies have this bizzarre fetish about "abusing" your service by using NAT, running "VPNs", etc., while most DSL providers do not. I also observe that my friend (who has CableModem) gets much higher peak BW than I get on my DSL, and that he gets it often because he lives in a podunk small town without a lot of competing users.
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did:-)
"claim"?! How hard can it be to look up someone named "crispin"?:-) However, my Ph.D is in computer science, not EE, so I'm just as much of a diletante as the usual slashdotter on this topic. I just happen to be a big enough geek to have gone out to a power line with a florescent tube once upon a time:-)
If the Earth's magnetic field alternated its polarity 60 times a second, do you think ALL of the flourescent lighting in the world would glow?
Yes, they would. That's because a static magnetic field does not convey any energy, and an alternating field does. You can only induce power from moving EM fields.
It's an inference from there to the assumption that static magnetic fields are harmless while various alternating EM fields may cause damage. I'm pretty comfortable with the idea that the Earth's magnetic field is harmless to us:-)
I'm somewhat more on the fence about whether EM radiation causes health hazards. It seems plausible that any field with lots of energy (such as lighting up a florescent tube, or microwaves that melt chocolate) stand a stronger chance of being dangerous than weak fields (such as cell phone or radio towers).
Note that there have been cases in the past where something was thought to be safe and turned out to be very dangerous. In the 1950's, shoe stores had these X-ray devices for checking out your shoe fit. Put your feet over the emitter, put your face above the view plate, and lookit your tooties in the shoes. Small problem: loads of X-ray rems hitting you in the face:-)
Then you calculated wrong. Experiment: go get a 3 or 4 foot florescent tube light bulb, go stand under a high voltage line at night, and point the bulb at the high voltage line. The bulb will light up. I have personally verified that this works.
In a related anecdote, some guy (IIRC in the UK) was busted for stealing power from the power company. He did this buy winding a large quantity of copper coil around his garage, which was situated underneith a high voltage line. The garage full of coil was sufficient to induce enough power to run his house. Unfortunately, I can't find a link to the story.
Caveat: I still think the people trying to shut down the school radio are nuts. I just wanted to point out that short-range EM from high voltage lines is a much different situation than EM from cell towers.
Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.
I admitted that we shared code, only because we had shared ideas and had all come to the solution together.
You cheated, plain and simple. Busted. Quit yer bitchin'.
When we poked our heads in his office he was in his chair - asleep. If that isn't enough - he completely forgot to show up for the final exam.
So the prof was lame. Granted. Doesn't make what you did non-cheating. Suck it up, and if you don't like your school, change to a different one. To be really helpful, tell us the name of your school, so that other people can avoid going there.
IMHO, more significant (to say nothing of distrubing) than the domain name reduction is the huge spike in use of Microsoft web servers starting last June. The spike continues unabated through the summer of Code Red and Nimda.
What is it that caused this surge in Microsoft web servers? And what is it that causes these clueless dweebs to ignore the substantial risks of employing Microsoft web servers?
The main problem with this is that DRM without mandated hardware is fundamentally impossible. DRM without controlling hardware amounts to cute watermarks and obfuscation. You cannot prevent bits from being copied, you can only build machines that will refuse to play copied bits. While I agree that functional DRM may well be a boon to independent artists, it is about as helpful as observing that functional antigravity devices would be a boon to transportation, i.e. a pipe dream.
Immunix is our security-hardened Linux system. Immunix offers a security confinement mechanism called SubDomain which is similar to SELinux and HP's Virtual Vault technology, which is what is incorporated into their HP-LX product. SubDomain is "in between" SELinux and HP-LX, in the following ways:
Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
Immunix also features other security protections:
StackGuard: resists most buffer overflow attacks.
FormatGuard: resists most printf format bug attacks.
Quite a pity that a freedom-loving person didn't think of this and patent it. Were I the patent owner on this patent, I would not market it as a product, and I would demand a truly exhorbinant licensing fee to use it, i.e. no one would be selling a DRM OS:-)
Codifying a set of "best practicies" that, when applied, assure a solid
product.
Codifying educational programs that teach these best practices.
Certifying people who graduate from the educational process as "Software
Engineers".
The big problem with this idea is step 1: Sure, we have best practices,
but they do not assure a solid product. By far, the highest assurance
practice to date for developing working software is to make sure the developers
have a lot of talent and dedication. There are software engineering best
practices, but when goobers apply them, they are fully capable of producing
bloated non-working crap. This is characteristic of an art, not an
engineering discipline.
It is very nice that people are sufficiently concerned about software quality
and its impact on the real world (e.g. comp.risks). But this in no way means that we actually have best practices that will assure that
mediocre developers can produce working product. Wishing for it (or mandating
it) will not make it so.
IANAL, but didn't Intel go with "Pentium" partly because they couldn't trademark "586?"
Yes, that's correct. What's dissapointing is that Intel didn't proceed to name the subsequent product "Hexium", leading to dorky, hard to remember product names like "Pentium III":-)
Does this release take care of the compilation problems of RH7?
That's a matter of perspective:-) Immunix OS 7.0 ships with StackGuard 2.0 (which is a modified GCC 2.91) as the standard compiler, and glibc 2.2. It also ships with FormatGuard protection throughout.
We are a server company, so we focus on server support, and not really desktop stuff. However, our engineers like to run Immunix on their desktops too, so we share what we use in our contrib directory.
At last week's IEEE Symposium on Security and PrivacyBill Arbaugh presented a very interesting paper on trend analysis of exploitation, as represented by CERT incident reports. Summary: most attacks exploit known security vulnerabilites that a site admin did not patch.
Jim Reavis at Securityportal.com did this great study examining the "days of recess" for each of Red Hat, Solaris, and Windows NT. "Days of recess" is the total number of days that an exploit was known but no patch available, summed over all vulnerabilities for that platform.
At WireX, we are working on a related concept that we call "Relative Invulnerability". Here, the idea is to consider the number of vulnerabilities for a "base" system (e.g. unpatched Red Hat 7.0) that appear over a period of months, and then consider how many of those unpatched vulnerabilities are successfully mediated by some protective technology such as SELinux or Immunix. The fraction of vulnerabilities stopped is the "relative invulnerability" of the defensive technology. This is written up in a paper that is currently being reviewed.
You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
For classical user-space programs written in C, this clearly means "if you link in GPL'd code, then you're derived." But there are much more ambiguous circumstances:
loadable kernel modules. Linus has said he does not view these as derived works of the kernel.
loadable kernel modules that require a custom-hacked kernel. Linus has said that he does view these as derived works of the kernel.
Perl modules: how intimate do you have to get with a module to be a derived work?
.Net, the hot topic de jour: if someone provides a GPL'd.Net service, are programs that use that service derived works? If so, is not a web client a derived work of a web server, and vice versa? If not, then is putting your program on a separate machine sufficient to escape the GPL of the software it connects to? Is putting it in a separate process sufficient to escape the GPL?
This is actually pretty normal for novice instructors. Your are clearly one of the better students from your class, because you made it to grad school. Yet when you recall your experience as an undergrad, you probably assumed that you were middle of the pack (as this study).
Then you go to teach, and the top few students seem pretty decent (they're much like you) and the rest of the class seems to suck. Well, no. The rest of the class sucks as much as they ever did, only now you have to notice, because you're grading all the papers, instead of hanging out with the leet geek types.
I've been at three different computer science schools (Waterloo, UWO, and OGI) as an undergrad, grad student, and professor. Some of these schools are great, and some not so great (no comment:-) The teaching quality does vary, but not that much. I've conclucded that the real difference is the quality of the students, which induces a feedback loop.
What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.
At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.
So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.
Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.
Slashdot Mirror
- 114 moderator-approved posts to securityfocus.com mailing lists.
- 48 publications and citations to our work on the USENIX site.
- I served on the USENIX Security 1999 program committee.
- I was the publicity chair for the New Security Paradigms Workshop for three years.
- My first post to the Linux Security Audit Project in 1998.
I sure feel involvedCrispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Look, all they're doing is changing the bundling of their service to more closely reflect the usage patterns of two groups of customers. To insist that they do otherwise is to demand that the light-usage customers subsidize the heavy users. And this is exactly what happens in the DSL market anyway, where service providers charge different rates for different bandwidths.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
It's an inference from there to the assumption that static magnetic fields are harmless while various alternating EM fields may cause damage. I'm pretty comfortable with the idea that the Earth's magnetic field is harmless to us :-)
I'm somewhat more on the fence about whether EM radiation causes health hazards. It seems plausible that any field with lots of energy (such as lighting up a florescent tube, or microwaves that melt chocolate) stand a stronger chance of being dangerous than weak fields (such as cell phone or radio towers).
Note that there have been cases in the past where something was thought to be safe and turned out to be very dangerous. In the 1950's, shoe stores had these X-ray devices for checking out your shoe fit. Put your feet over the emitter, put your face above the view plate, and lookit your tooties in the shoes. Small problem: loads of X-ray rems hitting you in the face :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
In a related anecdote, some guy (IIRC in the UK) was busted for stealing power from the power company. He did this buy winding a large quantity of copper coil around his garage, which was situated underneith a high voltage line. The garage full of coil was sufficient to induce enough power to run his house. Unfortunately, I can't find a link to the story.
Caveat: I still think the people trying to shut down the school radio are nuts. I just wanted to point out that short-range EM from high voltage lines is a much different situation than EM from cell towers.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
The Olympic Games: A Century of Corruption and Graft/center
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
What is it that caused this surge in Microsoft web servers? And what is it that causes these clueless dweebs to ignore the substantial risks of employing Microsoft web servers?
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
- Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
- Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
Immunix also features other security protections:- StackGuard: resists most buffer overflow attacks.
- FormatGuard: resists most printf format bug attacks.
Crispin----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
- Back off on making various forms of tools illegal. This just makes
it that much harder for the defenders.
- Impose liability on networks that do not do egress filtering.
- Oppose the
SSSCA
.
- Fix the DMCA
.
Crispin----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
You should not do anything at all without talking to the company's conusel, lest ye get a lawsuit from the accused.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
- Codifying a set of "best practicies" that, when applied, assure a solid
product.
- Codifying educational programs that teach these best practices.
- Certifying people who graduate from the educational process as "Software
Engineers".
The big problem with this idea is step 1: Sure, we have best practices, but they do not assure a solid product. By far, the highest assurance practice to date for developing working software is to make sure the developers have a lot of talent and dedication. There are software engineering best practices, but when goobers apply them, they are fully capable of producing bloated non-working crap. This is characteristic of an art, not an engineering discipline.It is very nice that people are sufficiently concerned about software quality and its impact on the real world (e.g. comp.risks). But this in no way means that we actually have best practices that will assure that mediocre developers can produce working product. Wishing for it (or mandating it) will not make it so.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for Purchase
Yes, that's correct. What's dissapointing is that Intel didn't proceed to name the subsequent product "Hexium", leading to dorky, hard to remember product names like "Pentium III" :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Security Hardened Linux Distribution
Available for purchase
- Dell is now shipping a WireX product.
- Counterpane has licensed Immunix security technology for their internal use.
- We have two papers that will appear this summer at USENIX Security describing "FormatGuard" and "RaceGuard".
That's a matter of perspectiveCrispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Now available for purchase
- At last week's IEEE Symposium on Security and Privacy Bill Arbaugh presented a very interesting paper on trend analysis of exploitation, as represented by CERT incident reports. Summary: most attacks exploit known security vulnerabilites that a site admin did not patch.
- Jim Reavis at Securityportal.com did this great study examining the "days of recess" for each of Red Hat, Solaris, and Windows NT. "Days of recess" is the total number of days that an exploit was known but no patch available, summed over all vulnerabilities for that platform.
- At WireX, we are working on a related concept that we call "Relative Invulnerability". Here, the idea is to consider the number of vulnerabilities for a "base" system (e.g. unpatched Red Hat 7.0) that appear over a period of months, and then consider how many of those unpatched vulnerabilities are successfully mediated by some protective technology such as SELinux or Immunix. The fraction of vulnerabilities stopped is the "relative invulnerability" of the defensive technology. This is written up in a paper that is currently being reviewed.
Crispin----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Now available for purchase
- loadable kernel modules. Linus has said he does not view these as derived works of the kernel.
- loadable kernel modules that require a custom-hacked kernel. Linus has said that he does view these as derived works of the kernel.
- Perl modules: how intimate do you have to get with a module to be a derived work?
- .Net, the hot topic de jour: if someone provides a GPL'd
.Net service, are programs that use that service derived works? If so, is not a web client a derived work of a web server, and vice versa? If not, then is putting your program on a separate machine sufficient to escape the GPL of the software it connects to? Is putting it in a separate process sufficient to escape the GPL?
Crispin----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Then you go to teach, and the top few students seem pretty decent (they're much like you) and the rest of the class seems to suck. Well, no. The rest of the class sucks as much as they ever did, only now you have to notice, because you're grading all the papers, instead of hanging out with the leet geek types.
Crispin
----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute
What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.
At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.
So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.
Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.
----
Crispin Cowan, Ph.D
Research Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
----
Research Assistant Professor of Computer Science
Oregon Graduate Institute