What was the openssh.org thing? I don't remember that one!
Re:Tripwire, ColdFusion, and Mission: Impossible
on
Tripwire Going GPL
·
· Score: 1
Forget the money thing, it's irrelevant here, open sourcing this makes sense because of the quality boost that should be added to the product.
This is exactly the kind of software that smart security-conscious people WILL audit and improve if it's OSS, so this has far more implications than "oh now your company doesn't have to pay for it"
Sounds interesting. I have always had problems installing tripwire and getting it running. I'm sure if I just spent a little longer going through the docs I wouldn't have as bad a time, but they seem more onerous than many other programs (again, maybe I am crazy here, but this is as far as I recall anyway, it HAS been a few months since I've installed it on any boxen).
The part where it's only becoming OSS for linux is sort of odd. What happens if somene contributes something really great for the linux version that can also be reused for another version and they want to use it? Would their hands be tied without making the new one OSS, or I guess they could ask the author if they could include the code without making it GPL?
Sorry, no harm intended, I was just trying to give an example of someone who probably would not NEED to know the finer points of telnet security later on, english lit was the first example that popped into my head. I have no problem with english lit students, I just figured that 90% are not going to use telnet a lot after they graduate.
Really though, why leave ftp and telnet open? Users should be educated about some things like good passwords, but why educate some english literature major on the shortcomings of the telnet protocol if they're never going to need it again? It's sort of analagous to teaching them why they should use the web rather than gopher sites sort of, there's no real reason for them to have to LEARN that. Cause let's face it, 100% of people won't learn it.
I think a lot of people are missing here that the danger isn't for someone to break into some guy's account and read their email (which only affects the user who was connecting insecurely), th danger is that when someone breaks into an insecure box they often use it as a launching point for attacks on other systems, which affects everyone. If it was just the single user who was harmed I might agree that banning protocols MIGHT not be the best solution, but usually when a user's account is compromised they don't even notice. Someone just gets in and launches attacks, or uses other vulnerabilities to get root on the local machine, etc.
This might be an okay thing, but if not there is nothing Sun is doing that couldn't be solved by RMS or whoever confronting them and going "bock bock bock" and doing that hands-beside-the-body-like-a-chicken thing. Industry studies have shown that this strategy is almost always foolproof!
Really though, I don't get this exactly. Are they just chickening out so that they can leave some key parts out or something, or are they really genuinely trying to make the code more usable for people who want it?
Oh totally, I'm not saying the name recognition is enough to really push Linux up there, but considering the mindshare for linux went up about a zillion percent among non-techie businessmen this year, who knows what'll happen next year, etc!
Things are really moving fast, and maybe a lot of that has to do with the linux IPO fever, but either way, the more people hear about linux, the more legitimate they perceive it as. Sort of sad but true:)
If you look at what tv big executives and CEOs watch too, CNN has that demographic nailed, and there were a TON of Redhat / Linux - related stories a few months ago, around the time of the RH IPO I guess. I remember seeing about 5 stories in one week alone, including some pretty substantial ones.
This kind of thing is great, because it totally makes it so that when some guy says to an executive "we want to use Redhat for blah blah blah" the executive is past the "red what?" stage and goes "Oh yeah, I saw a story about them on CNN, I know who they are".
The more decision-makers who are at least familiar with the name the better, since M$ have proved often that reputation often precedes quality when it comes time to make decisions.
Or at least use the funds to hire someone to make sure slashdot doesn't post the same stories 2 weeks in a row. Maybe get real reporters before getting to investigators:)
Wired online write a few interesting articles about this recently here and here. They seemed to be suggesting that the government was doing the investigating, oops! It's ok Wired, you can go back to talking about push technology and robot dogs now, the offline press have scooped you again:)
Ah good point! To be honest I didn't 100% think it was a prank, but man, it'd be a great one. If it got picked up by a lot of the media I guess. Otherwise it would be somewhat lame. But that's a good link, thanks!
This is so retarded and beautiful that it CAN'T fail.
If you look through the history books, there are so many CRAZY things that have to happen in order for something truly new and great to occur, and yes, people have to take incredibly retarded chances.
I really think that this is just stupid enough to work, and when it does I'll be more excited than during any other boring old space launch on CNN.
The article mentions that they'll be writing this into apache hopefully (or a mod I guess), so can someone maybe give a succinct explanation on what exactly this would do? If it's governing the interacion between apache and the browser, would the browser need to completely be overhauled to be BXXP-aware also? Or am I missing something?
and yeah, I realize that the goal of this is for protocol development, but I am curious on how the apache stuff they mentioned would work. Thanks!
I think because there are many many sites with mp3s linked from mp3board, so if they only the resources to sue one group, mp3board is the logical choice.
Taking out mp3board alone will cut down on more piracy than taking out any of the individual sites holding the mp3s would, so that's what they're going for.
No way, this was completely THE internet con. Yes, some cons could happen anywhere, like the examples you mention of phone scams, chain letters, etc.
This con could only work in the current internet climate because of the frenzy of people trying to get rich through companies that may or may not have any chance of succeding, and I think that if this was a work of fiction the parts about the shoddy due diligence checks on Stanley would be a nicely placed piece of symbolism for the whole internet economy.
Comments like this I think completely miss the point. The question as I see it isn't "Will all GPL code be free for anyone to use if this case isn't won?" because of course it won't. If you distribute software you wrote with a legally defective license the law doesn't say "haha, that's it, you don't own it anymore!".
As far as I can tell, the big thing here is, will the "major software house" be forced to release all the source to whatever program of theirs is involved here. Maybe they will, maybe they won't, but I don't think anyone watching this case carefully thinks the outcome will be for the GPL authors actually LOSING their basic rights to the software!
Slashdot Mirror
hah yeah, I dumbly didn't think of checking that right away, but now I see it I understand. Crazy! Thanks.
What was the openssh.org thing? I don't remember that one!
This is exactly the kind of software that smart security-conscious people WILL audit and improve if it's OSS, so this has far more implications than "oh now your company doesn't have to pay for it"
The part where it's only becoming OSS for linux is sort of odd. What happens if somene contributes something really great for the linux version that can also be reused for another version and they want to use it? Would their hands be tied without making the new one OSS, or I guess they could ask the author if they could include the code without making it GPL?
Sorry, no harm intended, I was just trying to give an example of someone who probably would not NEED to know the finer points of telnet security later on, english lit was the first example that popped into my head. I have no problem with english lit students, I just figured that 90% are not going to use telnet a lot after they graduate.
I think a lot of people are missing here that the danger isn't for someone to break into some guy's account and read their email (which only affects the user who was connecting insecurely), th danger is that when someone breaks into an insecure box they often use it as a launching point for attacks on other systems, which affects everyone. If it was just the single user who was harmed I might agree that banning protocols MIGHT not be the best solution, but usually when a user's account is compromised they don't even notice. Someone just gets in and launches attacks, or uses other vulnerabilities to get root on the local machine, etc.
Really though, I don't get this exactly. Are they just chickening out so that they can leave some key parts out or something, or are they really genuinely trying to make the code more usable for people who want it?
Is that free PC as in free beer or free... oh nevermind, I never understood all this beer talk anyway. and I'm thirsty :-(
- Intel announces the NAME of their next chip
Hmm, which company would you bet on?
Things are really moving fast, and maybe a lot of that has to do with the linux IPO fever, but either way, the more people hear about linux, the more legitimate they perceive it as. Sort of sad but true:)
This kind of thing is great, because it totally makes it so that when some guy says to an executive "we want to use Redhat for blah blah blah" the executive is past the "red what?" stage and goes "Oh yeah, I saw a story about them on CNN, I know who they are".
The more decision-makers who are at least familiar with the name the better, since M$ have proved often that reputation often precedes quality when it comes time to make decisions.
cough.
HAAHAHHAAHAHAHAHAHHAHAAJHAHAHAHAHAHAHAHAHAHAHAHA HAHAHAHAHA
Or at least use the funds to hire someone to make sure slashdot doesn't post the same stories 2 weeks in a row. Maybe get real reporters before getting to investigators :)
Wired online write a few interesting articles about this recently here and here. They seemed to be suggesting that the government was doing the investigating, oops! It's ok Wired, you can go back to talking about push technology and robot dogs now, the offline press have scooped you again :)
Ah good point! To be honest I didn't 100% think it was a prank, but man, it'd be a great one. If it got picked up by a lot of the media I guess. Otherwise it would be somewhat lame. But that's a good link, thanks!
Hmm, anyone know what Joey Skaggs is up to lately ? :)
If you look through the history books, there are so many CRAZY things that have to happen in order for something truly new and great to occur, and yes, people have to take incredibly retarded chances.
I really think that this is just stupid enough to work, and when it does I'll be more excited than during any other boring old space launch on CNN.
Motherboard? I think you're thinking of the Call-Me-Mommy-Board actually!
and yeah, I realize that the goal of this is for protocol development, but I am curious on how the apache stuff they mentioned would work. Thanks!
Taking out mp3board alone will cut down on more piracy than taking out any of the individual sites holding the mp3s would, so that's what they're going for.
This con could only work in the current internet climate because of the frenzy of people trying to get rich through companies that may or may not have any chance of succeding, and I think that if this was a work of fiction the parts about the shoddy due diligence checks on Stanley would be a nicely placed piece of symbolism for the whole internet economy.
As far as I can tell, the big thing here is, will the "major software house" be forced to release all the source to whatever program of theirs is involved here. Maybe they will, maybe they won't, but I don't think anyone watching this case carefully thinks the outcome will be for the GPL authors actually LOSING their basic rights to the software!