Don't be ridiculous, a video game requires constant attention, and it's way too dangerous to be distracted by something as mundane as driving while video gaming.
You're seriously suggesting that people get off the highway (even at night) and pull over to some random, possibly highly dangerous area and make a call?
By the way, I grew up in Saint Paul. I know it well, and there are few places I would feel comfortable telling my wife or child to pull over anywhere near any freeway exit in Saint Paul. Offhand, possibly the U of M exit, but that's about it..
No way i'd want them to pull over at Snelling or Lexington or Dale or any exit downtown or anywhere on the east side until at least Little Canada.. Virtually every freeway exit in Saint Paul is in a dangerous or semi-dangerous area.
By the way, the term "convicted" isn't even an acceptable term using your logic, because civil lawsuits require an great deal less burden of proof than criminal proceedings. This is why montetary fines are all that can occur.
So basically you're saying that same thing as saying "OJ is a convicted murderer", which he's not. He was found civilly liable in the deaths, and he probably is quite guilty, but he's not a "convicted murderer". If he were, he'd be in prison.
I despise when people use such emotionally laden terminology, and especially despise it when it's not, in fact, accurate.
I can't stand people who think that just because something works for one thing, it will work for another, despite there being greatly different circumstances, motivations, and complications.
A seat belt is a one-time, passive thing that's on for the length of your trip. Takes half a second, and generally, most people aren't that concerned about it (though some refuse to use a seat belt on principle).
A Cell phone is a multi-use information device. People call you, you call people, you need directions while driving, call people and tell them you're late, whatever.. People have a virtually unlimted reasons to use them, and those reasons don't go away when they get behind the wheel. Add to that the relative difficulty in finding a safe place to stop to take or make a phone call when driving and it makes the incentive even less.
Tell you what, Mr Regulator. Why don't you install "cell phone stops" every 1 mile on the roads, where we can safely pull over and make or receive calls before you tell us that we can't use them.
If a an arbitrary code execution vulnerability is exploited in an app running as the local user, then that app can do anything the user can do.. such as deleting everything in their/home folder, thus the exploit can anything the user can do.
That's the point of protected mode. It runs with such low privileges that such a vulernability can't do that, though it might be able to use a local vulnerability to raise it's rights.
I think I can be forgiven for not knowing about this work which was only announed 11 days ago, and is only 3 years late (ODF 1.1 was ratified in 2007 after all), and will still take another year to complete...
The point still stands. ISO ODF is still only ODF 1.0, and will be fore another year (assuming the process they're doing now is completed).
Nobody is using ODF 1.0 anymore, so talk about ODF being a standard and anything else not is a moot point.
Of course ODF 1.0 is now out of date, and there has been no attempt to submit 1.1. They may submit 1.2 when it's ratified, but that could be several years yet before approval. Nobody writes ODF 1.0 documents anymore, not even OpenOffice.
Well, I guess it's better than trusting someone who doesn't understand the meaning of the word "convicted". Or maybe doesn't understand the meaning of the phrase "civil suit".
In any case, "convicted" and "civil suit" are mutually exclusive.
yes, ie's protected mode is an advantage. If a flaw is found in the browser (and contrary to popular belief, Firefox and others have flaws as well and are regularly uncovered) then protected mode helps to mitigate most issues (such as deleting the users/home folder).
And again, if you are *required* to use ActiveX, then refusing to use it based on your political beliefs won't help you keep your job.
IIS is actually a very good web server, and since version 6 has had fewer and less severe vulnerabilities than apache has had in the same time frame (the last 7 years), although neither has had very many.
And despite popular belief, ASP.NET can and does generate standard compliant code if you write standard compliant html.
ASP.NET generates standard conforming code if you write standard conforming code. OLD asp.net code wasn't standard conformant, but that hasn't been true for half a decade.
Proprietary certainly has disadvantages. However, they have to be weighed against the advantages to say "it's bad". In this case, IE does have advantages that you can't get, or can't easily get with non-proprietary. For example, IE's "protected mode" is an advantage. If you absolutely *need* to use ActiveX (for instance, an app you are required to use for work) then IE has an advantage (even if people who don't need it would call it a disadvantage).
However, one cannot say "proprietary = bad" in all cases, as whether or not proprietary is bad depends on your own requirements.
My point was not that there's no such thing as absolute security. Of course there isn't. My point was that whether or not something is "secure" or not changes from day to day with the knowledge of the attackers.
You can setup your system any way you see fit, but you are only doing so within the bounds of what is known TODAY, and in some cases you can plan for what might be known tomorrow, but that is no guarantee. In the long run, all you can ever do is react to threats as they are known.
For example, you don't know if there will be a vulnerability in your email reader found tomorrow that will allow arbitrary code execution, nor do you know if there will also be a new local root vulnerability that will allow a local attacker (such as arbitrary code being run by your email program) to gain root privileges and install a rootkit. You can't plan for that. Just like many of the vulnerabilities in code written 10 years ago couldn't plan for some of the exploits today.
Many of us believe that a Linux distribution with a decent default configuration is inherently more secure and less exploitable than the average Windows system that ships with new PCs.
That's where "many of you" have a serious misunderstanding of what security is.
"Security" is not a simple grayscale. Things aren't "more" or "less" secure. Security is a very complex concept that is based largely upon the skill and knowledge of the attackers.
A simple cardboard box is "secure" against a great many threats, such as mosquitos. But not secure against others, such as a human attacker. Despite this lack of security, we deem simple cardboard boxes "good enough" to secure billions of packages every year as thy move through various mail systems.
Many kinds of attacks that are common today, were thought to be "theoretical" and "impossible" 10 years ago. Systems that are vulnerable today, would not have been vulnerable 10 years ago. Conversely, that means systems that are "secure" today may well be insecure tomorrow, with nothing more than a bit of knowledge changing that status.
The point is, all it takes is knowledge to defeat security. If that's the case, was it ever really secure to begin with?
In my opinion, if you're going to start over, you start a new project. You start small, and you build a solid base of code. You don't get something that the authors admit is "riddled with bugs"
both Firefox and lighttpd started out as very small subsets of larger tools, focusing on small code and a lower number of features. From the sound of BIND 10, it sounds like they're shooting for the universe.
So we're throwing away all the code that has matured and spend a decade being looked at, and starting over with new buggy code that will be riddled with security vulnerabilities.
"The term 'General Public Virus', or 'GNU Public Virus' (GPV), has a long history on the Internet, dating back to shortly after the GPL was first conceived.[3][4][5] Many BSD License advocates used the term derisively[6][7][8] in regards to the GPL's tendency to absorb BSD licensed code without allowing the original BSD work to benefit from it, while at the same time promoting itself as "freer" than other licenses."
You’ll get back the following: @(#) Copyright (c) 1983 The Regents of the University of California.Incidentally, on my FreeBSD server at home it shows a bit more up to date code:
strings/usr/bin/ftp | grep California
@(#) Copyright (c) 1985, 1989, 1993, 1994 The Regents of the University of California. All rights reserved.
Notice how the ftp in Windows predates the first copyright in FreeBSD. That copyright, 1985 also pre-dates the first open source version. The first open source version of BSD was Networking Release 1, which was released in 1989, and did in fact contain a 1989 copyright.
Suppose a BSD developer writes some code, and a GPL developer includes that code in his work. Now, unless the GPL developer explicitly also relicenses it under the BSD, the BSD developer is unable to make use of the changes the GPL developer has made.
Yes, I know, if the BSD developer were so concerned about that, he'd have licensed it under the GPL. Well, possibly. Sometimes your hands are tied. You have to use a given license because the parent project you are contributing to has that license (unless you want to start your own fork, which most people don't want to do). Also, the BSD developer may feel that even though the license doesn't require that you release changes, the spirit of the BSD community says you morally should if you're a free software project (and BSD is considered free software by the FSF).
The fact of the matter is, the GPL is restrictive not only against proprietary code, but also against virtually every other free software project out there. This is one reason that BSD developers coined the term "viral license" (No, it wasn't Microsoft that did it). And, this is a reason that many BSD license advocates feel that GPL advocates are hypocrites regarding free software. They talk the talk, but unless you are willing to accept their restrictions (which is more than just "don't add more restrictions"), they won't let you walk the walk.
Of course you are basing your argument on false information. Microsoft did not, and has not used open source BSD licensed code in anything I am aware of.
They did *LICENSE* a network stack from Spider Software, who in turn had *LICENSED* the stack from UCB Berkely. This code predates the first open source version of BSD as witnessed by the copyrights present in the code.
In other words, the author of the code (UCB Berkely) gave Spider software explicit permission to use the code in their product, even relicensing it other users most likely for a fee.
It's easy. Look at the copyrights of the BSD based apps in Windows, then look at the copyrights of the versions of BSD released.
Actually, it's likely a mixture of insurance, and the massive amount of red tape necessary to get a medical device approved by the FDA.
Anyone that has ever done any medical device manufacturing knows that the FDA process is insanely expensive. You ahve to do studies, your manufacturing processes have to be approved, you need design paper trails, all kinds of stuff you wouldn't imagine for a simple device.
Plus there's the profit. Nobody's going to build such devices if there wasn't a good profit in it because the demand is so low.
According to WIkipedia, CP/M was first written in 1973. There's no guarantee that Kildall had even seen a Unix system at that point, as it was internal to AT&T.
Slashdot Mirror
Don't be ridiculous, a video game requires constant attention, and it's way too dangerous to be distracted by something as mundane as driving while video gaming.
You're seriously suggesting that people get off the highway (even at night) and pull over to some random, possibly highly dangerous area and make a call?
By the way, I grew up in Saint Paul. I know it well, and there are few places I would feel comfortable telling my wife or child to pull over anywhere near any freeway exit in Saint Paul. Offhand, possibly the U of M exit, but that's about it..
No way i'd want them to pull over at Snelling or Lexington or Dale or any exit downtown or anywhere on the east side until at least Little Canada.. Virtually every freeway exit in Saint Paul is in a dangerous or semi-dangerous area.
By the way, the term "convicted" isn't even an acceptable term using your logic, because civil lawsuits require an great deal less burden of proof than criminal proceedings. This is why montetary fines are all that can occur.
So basically you're saying that same thing as saying "OJ is a convicted murderer", which he's not. He was found civilly liable in the deaths, and he probably is quite guilty, but he's not a "convicted murderer". If he were, he'd be in prison.
I despise when people use such emotionally laden terminology, and especially despise it when it's not, in fact, accurate.
I can't stand people who think that just because something works for one thing, it will work for another, despite there being greatly different circumstances, motivations, and complications.
A seat belt is a one-time, passive thing that's on for the length of your trip. Takes half a second, and generally, most people aren't that concerned about it (though some refuse to use a seat belt on principle).
A Cell phone is a multi-use information device. People call you, you call people, you need directions while driving, call people and tell them you're late, whatever.. People have a virtually unlimted reasons to use them, and those reasons don't go away when they get behind the wheel. Add to that the relative difficulty in finding a safe place to stop to take or make a phone call when driving and it makes the incentive even less.
Tell you what, Mr Regulator. Why don't you install "cell phone stops" every 1 mile on the roads, where we can safely pull over and make or receive calls before you tell us that we can't use them.
No, there are plenty of posts of ODF 1.1 on it's way through the OASIS standards body, not the ISO standards body.
Perhaps you'd like to keep the goalposts in place.
If a an arbitrary code execution vulnerability is exploited in an app running as the local user, then that app can do anything the user can do.. such as deleting everything in their /home folder, thus the exploit can anything the user can do.
That's the point of protected mode. It runs with such low privileges that such a vulernability can't do that, though it might be able to use a local vulnerability to raise it's rights.
I think I can be forgiven for not knowing about this work which was only announed 11 days ago, and is only 3 years late (ODF 1.1 was ratified in 2007 after all), and will still take another year to complete...
The point still stands. ISO ODF is still only ODF 1.0, and will be fore another year (assuming the process they're doing now is completed).
Nobody is using ODF 1.0 anymore, so talk about ODF being a standard and anything else not is a moot point.
Of course ODF 1.0 is now out of date, and there has been no attempt to submit 1.1. They may submit 1.2 when it's ratified, but that could be several years yet before approval. Nobody writes ODF 1.0 documents anymore, not even OpenOffice.
Well, I guess it's better than trusting someone who doesn't understand the meaning of the word "convicted". Or maybe doesn't understand the meaning of the phrase "civil suit".
In any case, "convicted" and "civil suit" are mutually exclusive.
yes, ie's protected mode is an advantage. If a flaw is found in the browser (and contrary to popular belief, Firefox and others have flaws as well and are regularly uncovered) then protected mode helps to mitigate most issues (such as deleting the users /home folder).
And again, if you are *required* to use ActiveX, then refusing to use it based on your political beliefs won't help you keep your job.
IIS is actually a very good web server, and since version 6 has had fewer and less severe vulnerabilities than apache has had in the same time frame (the last 7 years), although neither has had very many.
And despite popular belief, ASP.NET can and does generate standard compliant code if you write standard compliant html.
ASP.NET generates standard conforming code if you write standard conforming code. OLD asp.net code wasn't standard conformant, but that hasn't been true for half a decade.
Proprietary certainly has disadvantages. However, they have to be weighed against the advantages to say "it's bad". In this case, IE does have advantages that you can't get, or can't easily get with non-proprietary. For example, IE's "protected mode" is an advantage. If you absolutely *need* to use ActiveX (for instance, an app you are required to use for work) then IE has an advantage (even if people who don't need it would call it a disadvantage).
However, one cannot say "proprietary = bad" in all cases, as whether or not proprietary is bad depends on your own requirements.
My point was not that there's no such thing as absolute security. Of course there isn't. My point was that whether or not something is "secure" or not changes from day to day with the knowledge of the attackers.
You can setup your system any way you see fit, but you are only doing so within the bounds of what is known TODAY, and in some cases you can plan for what might be known tomorrow, but that is no guarantee. In the long run, all you can ever do is react to threats as they are known.
For example, you don't know if there will be a vulnerability in your email reader found tomorrow that will allow arbitrary code execution, nor do you know if there will also be a new local root vulnerability that will allow a local attacker (such as arbitrary code being run by your email program) to gain root privileges and install a rootkit. You can't plan for that. Just like many of the vulnerabilities in code written 10 years ago couldn't plan for some of the exploits today.
Security is a process, not a state of being.
Many of us believe that a Linux distribution with a decent default configuration is inherently more secure and less exploitable than the average Windows system that ships with new PCs.
That's where "many of you" have a serious misunderstanding of what security is.
"Security" is not a simple grayscale. Things aren't "more" or "less" secure. Security is a very complex concept that is based largely upon the skill and knowledge of the attackers.
A simple cardboard box is "secure" against a great many threats, such as mosquitos. But not secure against others, such as a human attacker. Despite this lack of security, we deem simple cardboard boxes "good enough" to secure billions of packages every year as thy move through various mail systems.
Many kinds of attacks that are common today, were thought to be "theoretical" and "impossible" 10 years ago. Systems that are vulnerable today, would not have been vulnerable 10 years ago. Conversely, that means systems that are "secure" today may well be insecure tomorrow, with nothing more than a bit of knowledge changing that status.
The point is, all it takes is knowledge to defeat security. If that's the case, was it ever really secure to begin with?
It responds with an IP address given a name.
How exactly is that "complicated network interaction"?
Yes, yes.. i know, we have Dynamic updates, DNSSec, etc.. now.. but come on, how hard is it to get the basics solid, then move on to the rest?
In my opinion, if you're going to start over, you start a new project. You start small, and you build a solid base of code. You don't get something that the authors admit is "riddled with bugs"
both Firefox and lighttpd started out as very small subsets of larger tools, focusing on small code and a lower number of features. From the sound of BIND 10, it sounds like they're shooting for the universe.
Also, Postfix wasn't a rewrite of existing code.
So we're throwing away all the code that has matured and spend a decade being looked at, and starting over with new buggy code that will be riddled with security vulnerabilities.
Nice.
While that's true, it's also galling when someone claims their software is "free" but you can't use it.
http://en.wikipedia.org/wiki/Viral_license
"The term 'General Public Virus', or 'GNU Public Virus' (GPV), has a long history on the Internet, dating back to shortly after the GPL was first conceived.[3][4][5] Many BSD License advocates used the term derisively[6][7][8] in regards to the GPL's tendency to absorb BSD licensed code without allowing the original BSD work to benefit from it, while at the same time promoting itself as "freer" than other licenses."
Yes, precisely. Did you actually *do* it?
You’ll get back the following:
@(#) Copyright (c) 1983 The Regents of the University of California.Incidentally, on my FreeBSD server at home it shows a bit more up to date code:
strings /usr/bin/ftp | grep California
@(#) Copyright (c) 1985, 1989, 1993, 1994
The Regents of the University of California. All rights reserved.
Notice how the ftp in Windows predates the first copyright in FreeBSD. That copyright, 1985 also pre-dates the first open source version. The first open source version of BSD was Networking Release 1, which was released in 1989, and did in fact contain a 1989 copyright.
Really?
Suppose a BSD developer writes some code, and a GPL developer includes that code in his work. Now, unless the GPL developer explicitly also relicenses it under the BSD, the BSD developer is unable to make use of the changes the GPL developer has made.
Yes, I know, if the BSD developer were so concerned about that, he'd have licensed it under the GPL. Well, possibly. Sometimes your hands are tied. You have to use a given license because the parent project you are contributing to has that license (unless you want to start your own fork, which most people don't want to do). Also, the BSD developer may feel that even though the license doesn't require that you release changes, the spirit of the BSD community says you morally should if you're a free software project (and BSD is considered free software by the FSF).
The fact of the matter is, the GPL is restrictive not only against proprietary code, but also against virtually every other free software project out there. This is one reason that BSD developers coined the term "viral license" (No, it wasn't Microsoft that did it). And, this is a reason that many BSD license advocates feel that GPL advocates are hypocrites regarding free software. They talk the talk, but unless you are willing to accept their restrictions (which is more than just "don't add more restrictions"), they won't let you walk the walk.
Of course you are basing your argument on false information. Microsoft did not, and has not used open source BSD licensed code in anything I am aware of.
They did *LICENSE* a network stack from Spider Software, who in turn had *LICENSED* the stack from UCB Berkely. This code predates the first open source version of BSD as witnessed by the copyrights present in the code.
In other words, the author of the code (UCB Berkely) gave Spider software explicit permission to use the code in their product, even relicensing it other users most likely for a fee.
It's easy. Look at the copyrights of the BSD based apps in Windows, then look at the copyrights of the versions of BSD released.
Actually, it's likely a mixture of insurance, and the massive amount of red tape necessary to get a medical device approved by the FDA.
Anyone that has ever done any medical device manufacturing knows that the FDA process is insanely expensive. You ahve to do studies, your manufacturing processes have to be approved, you need design paper trails, all kinds of stuff you wouldn't imagine for a simple device.
Plus there's the profit. Nobody's going to build such devices if there wasn't a good profit in it because the demand is so low.
According to WIkipedia, CP/M was first written in 1973. There's no guarantee that Kildall had even seen a Unix system at that point, as it was internal to AT&T.
http://en.wikipedia.org/wiki/CP/M
I'm confused. How do you execute apache if it's on a readonly and noexec partition? How about tools your server may need to exec?
You should be able to run anything in /bin.
Plus, your "leaving aside a kernel bug" seems odd, since there have been a number of such kernel bugs. The most recent was just a few days ago.
http://www.debian.com/security/2010/dsa-2005