I know all of this. That's why "founded" is in quotes. I was being critical of the American Cultural Ego. The prevailing attitude in the US is that we are the inventors and owners of democracy (again, not my particular view) and I was drawing parallels to very similar attitudes that we have about the Internet (and cars and labor unions and...).
Chances are, if he did it for the school and did it at the school at all, then they own it. To me, it sounds as if he's going to a private school (let me know if I'm right or wrong). I too went to a private school with a very fervent alumni association. Since they are what brings in the donations for sports, scholarships, arts projects and school renovations, you will have a hard time trying to fight them for dominance.
I propose offering them a compromise. Change your scope. Let them build theirs and offer it as a paid members only section for alumni (and parents too - if your school is well-to-do enough) while you develop and build yours as a student body only site. With membership may come the ability to log into the student side an interact with "the future of their old school". Grant students access to the alumni section for the first two years after graduation (the hook) and charge them for one-time/monthly/annual membership after that.
This way, you get to interact with your fellow students and free reign to code and the alums get a donation business model. If you play your cards right and cooperate with them, you may even end up with a starter web design job right out of high school (either way, you've got resume material) and good standing in the associaion after you graduate. Remember to stay calm and bargain with them. If you can, find a way to maybe do some work on what they are developing as well.
Let them know that you have something to offer and that they could stand to create a renewable revenue stream. Two items not to back down on are:
They host both sites. Since you're entering an agreement with them, they need to pay for the bandwidth and not risk losing it should you go to college.
You are the lead programmer for your portion. Don't let them take your baby and hand it to someone who doesn't care. If you've gone this far, tell them that you did it out of school pride. They can hire any monkey to code but they can't just go out an contract school pride or loyalty.
Welcome to the software and web design business. You've got a good head start.
...But if you coded it alone, host it yourself and don't do any of it at school... Take your ball and go home. Keep the site going and strip it of any affiliation to the school. Apologize to the alumni and tell them that it will never again have any of your school's "branding". Develop it for a couple of years and - if it gets popular - sell it off. You can get a whole lot more money selling a popular finished site to some local company than the alumni association would be willing to give you, but it would take time and self promotion.
Since we "founded" it, we tend to think it's ours (not me, but the collective "We" that is the USA) and we can tell everyone how to use it. We do the same with Democracy... since we "founded" it, we tend to try to tell everyone else how to use it. We're the know-it-all ex-mechanic down the street that could rebuild your classic Mustang, but can't even diagnose a modern one because we haven't paid much attention for the last 30 years of resting on our laurels. The new fangled parts and additions are a mystery to us.
Am I alone in putting two and two together and becoming alarmed at the implication?
No. There's some guy named Ashcroft, some guy named Cheney and some guy named Bush who are right there with you. Of course they are alarmed that nobody thought of it sooner and that anyone would resist. Oh, and they have minions... You probably don't.
Thanks. Definetely food for thought. Since I don't host the server for any profit - just for family and friends, I would have to reconsider if I'm going to be financially liable for it (I have very little $$$). Definite food for thought. Your analogy to ham radio is very provocative. Hmmmm........
Actually, thats not so bad of an idea... well... anyways the taxing email part.
The problem with that is people like me with a private e-mail server. Do I have to become a business? Do I have to stop running the server? Do I have to clear every new account with some external authority and provide a paper trail for every user? Do I have to have someone come into my home and audit my server? Am I responsible for the tax if one of my users doesn't pay? Do I have to pay a tax for administrative e-mail I send?
So far, no proponant of taxed e-mail has been able to give me an answer to those questions short of "you shouldn't be allowed to have a server - no civilian should", which I can't agree with for numerous reasons. Don't get me wrong, the tax idea has merits. I just think it's a pipe dream without some government authority getting draconian and ruining a lot of what makes the internet such an open ended learning experience.
I agree with you wholehartedly. Additionally, I would love to see what level of exploits they are attributing. Even the term "hacked server" can mean so many things, from defaced web pages to a user grabbing a file that didn't have the right permissions to someone truly "0wn1ng" a system. We are in a time when the "tally everything" studies are increasingly irrelevant due to this complexity. I also agree that most/.ers fall into the "tally everything" trap more often than not. I find myself paying little or no attention to these types of generalizations and only keeping an eye on the exploits for software I actually have to use/maintain. General studies like this have become white noise and I've learned to tune it out. Whether that's the right thing for me to do still remains to be seen;)
Um, DCOM and RPC are both part of the operating system itself and have hooks into the MS kernel (NTOSKRNL.EXE and NTDLL.DLL). Sobig and MSBlast both touch the MS kernel because of this and could very well qualify as kernel level exploits - they are definately core OS exploits. If you look at this even the IIS buffer overflow exploits have kernel level implications. This is due to the way that the security model for each operating system is built. Usually, a server application exploit under Linux will not root the machine (without even going into CHRoot jails), but almost all MS application exploits in the server context will root the machine. Linux appliaction usually run with their own user account, while MS services usually rely on the System account. This has the effect of making Windows better for user-mode applications, but Linux better for hardened server stuff. Each has their use, but the differences are vast - which most people seem to miss.
Since Apache runs on both operating systems with pretty much an equal level of security, is an Apache exploit a Linux problem or a Windows problem? In my opinion, it's an Apache problem and neither operating system should be blamed for the exploit. I stand firm in thinking that the really useful statistics would focus on the exploits and applications vulnerable to them than the gross generalization that was this article.
And by the way, I'm a fan of both and I try not to disregard any exploit or possible vulnerability. I do agree with you that big, complicated projects will always have flaws. To me (and to others too - I hope!), it's very important to look at how those flaws manifest and not important at all to try to tally them in general to play some childish "we're more secure than you" game. Big complicated questions require complicated answers most of the time, not simple generalizations.
"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.
So let me get this right. Since third party applications under Linux get hacked, it is attributed to Linux being more vulnerable while MS Windows running third party software is more secure??? So a PHP/SQL injection exploit is attributed to the OS PHP is installed on? Does the exploit count twice then? - Once for each operating system?
I think it's time to break the statistics down application by application at that point. Show me some Apache vs. IIS numbers or MySQL vs. SQL Server numbers or exclude third party applications altogether please. For the record, I run both Windows and Linux for clients and servers and am pretty neutral in the whole OS wars thing. Each has their merits and uses, both need regular security maintenance and I am pretty much happy with both for very different reasons. I'm not a Linux zealot, but I know bad numbers when I smell them.
And then...
"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."
So MS is shoring up third party applications then? They even go on to cite Sobig and MSBlast as the reasons for the high MS numbers. This is shifting over to a very FUD-like smell now.
The point is that I can disable those under Linux. I can just have a command line if I want to. MS seems to think that I need a lot more than I desire.
Ironically, the dev box in question dual boots with a _very_ stripped down SuSE install (down to TinyWM, PHP and a couple of other things, but I rarely use Tiny and have been thinking of removing it and X). I do a lot of parse this data or parse that data with the box and the data needs to be in a clean environment for certain NDA reasons (no, it's not OS info, It's contact info). I get a CD and have PHP scripts that do the work for me. Unfortunately, the data starts out in MS Excel (blech), so I need to have a Windows install on it. A network admin certifies that the data is un-tampered and that my dev box is not connected to the outside world at all.
RIAA is a U.S. corporation (or organisation, not sure which)
The RIAA is a Non-Profit (that's right) Professional Association. They may have Articles of Incorporation, but they are a different beast from a regular corporation and the law in the US will consider that distinction when they deal with courts. Their bylaws and Board of Directors are voted upon by their members in a democratic election, but membership is based on approval.
However, they aren't what's known as a Charitable Non-Profit (501(C)(3) in tax terms if I remember right) such as United Way, so the courts will also take that into consideration.
I work for a Professional Association myself and have talked to our legal team about the RIAA and how they work at length. Association law can be quite complicated here in the US.
You are absolutely correct. Thank you. To clarify, I've been trying to turn RPC off since NT4. I can tell you firsthand that it's really bad juju to turn it off (though I still try to find a way to kill it and some other "necessary" services). You may not see the result immediately all of the time, but the problems still abound. Sure my isolated laptop should be safe from these attacks/exploits, but I want to turn RPC off altogether. It steals resources and can actually cause problems for a non-networked machine anyway. Print spool problems? Better make sure RPC is working right. Performance monitor problems? Same thing. User accounts acting funny at logon? Same thing.
Someone else compared it to 127.0.0.1 on a *nix box, but there's already a loopback interface in Windows. The RPC service was originally intended for remote administration. A better analogy would be SSH, but I don't have to run SSH under *nix, do I?
Wouldn't it be easier to just turn the RPC service off or remove it? Oh, that's right. You can't do either. It's an important Windows component that helps my non-networked, non-server, non-client Win2K development laptop running correctly. If it weren't there... well it just wouldn't be there and that's not good. Thank you MS for yet another non-uninstallable, non-disableable useless service for me to worry about. I can't wait until my web browser and messageing client are at this level of necessity. Then I'll really be enpowered to run my computer the way I see fit.
You know, it's amazing how many knee-jerk republicans there are on Slashdot. To answer it for all of you who have responded to my post so far, I'm not a Democrat. I'm not a Liberatarian. I'm not a Green. I'm not left wing. I'm not a hippie. I'm not affiliated with any political party at all.
I'm an American. I vote with my conscience and my intelligence. I listen to news sources I agree with and even listen to those that I don't agree with in order to form a well rounded opinion. I have an open mind and do not dismiss viewpoints simply because I disagree with them. Intelligent opposition is to be respected and I welcome it.
Speaking of which, what would you Proud Republican Anonymous Cowards suggest as an alternative news source on this subject then? Anyone? Anyone? Is there anyone out there with something to add? That's what I thought. Quit your childish party bashing and try to at least give some supporting data in a discussion please. Blindly discounting something without offering an alternative or citing facts is not a debate or discussion - it's just flippant, childish whining. It's a sad attempt to look superior, which would be marginally alright... If you were superior enough to use your names or user accounts. Otherwise, you can go on spouting without credibility, but don't expect anyone to listen or mod you up.
And please RTFC (read the flippin' comment). I didn't tell the parent to only listen to NPR. I didn't even say to go beyond this single subject (the RIAA, remember?). I merely cited the best mass media news source I had found on the subject and made a suggestion. If you view this as being un-american/communist/liberal then you're only showing how narrow minded and insipid you are. Good luck with that!
Enrolling in college is out too. Nice of the judge to be so considerate.
Funny enough, I heard he was in town (I'm in Sacramento) by spotting him being interviewed by a local newscaster last week. I was wondering if he was still around because I recognized the place he was interviewed at. Does anyone know if his parents live in this area?
Ignorace of the law has never been a defense. It is the responsibility of each citizen (in pretty much any country) to determine whether a course of action is legal or not.
In most states here in the US, this only really applies to adults in practice. A judge can throw out most juvinile cases if he/she thinks the child learning the lesson that an action was a crime is enough punishment. This is one of the reasons that juvinile courts are seperate from adult courts and is the theory behind being "tried as an adult".
When the other points of view are severely watered down and full of fluff - Yeah, listen. I don't listen to it because it's liberal, I listen to it because it's the most factual available. I listen to a lot of the BBC as well. That doesn't make me British.
As far as broadband... that could mean a 25-30 buck connection. Not alot of cash, really.
Especially if you consider it a way to help educate your 12 year old little girl so she can grow up and move out of the projects. I wonder if they returned her confiscated computer. If not, they've raised the bar for future ruining evil. Let's count them off:
Ruin a low income family financially
Disgrace a child for life
If Mom is like half of the Moms I've ever met in the hood, got a kid a beating
Increased the chance of homelesness for a child
Labeled someone a criminal at an early age, which can scar for life
Ruin the chance of a child to absorb technology and survive in modern america
Now all they need to do is rape some cleregy and they're on their way to the throne of hell. Good Job!
Of course it's due to that extra 100GB hard disk she installed. The motherboard she had was only the dual IDE variety, so she grabbed one of those with the Promise IDE RAID chips on it and set herself up for maximum throughput with the duplicate drive. Saturate that DSL line little girl!
Seriously, I think you just struck on what will now be my leading comment when telling people about this. I personally think the RIAA is just going for the first ones they could find. It's still a really wild internet out there and the actual users within their grasp is probably a lot smaller than they are letting on. Thanks for that spark of deduction.
Slashdot Mirror
I know all of this. That's why "founded" is in quotes. I was being critical of the American Cultural Ego. The prevailing attitude in the US is that we are the inventors and owners of democracy (again, not my particular view) and I was drawing parallels to very similar attitudes that we have about the Internet (and cars and labor unions and ...).
Or I could finally just notice that you are and alum and keep my mouth shut. :)
I propose offering them a compromise. Change your scope. Let them build theirs and offer it as a paid members only section for alumni (and parents too - if your school is well-to-do enough) while you develop and build yours as a student body only site. With membership may come the ability to log into the student side an interact with "the future of their old school". Grant students access to the alumni section for the first two years after graduation (the hook) and charge them for one-time/monthly/annual membership after that.
This way, you get to interact with your fellow students and free reign to code and the alums get a donation business model. If you play your cards right and cooperate with them, you may even end up with a starter web design job right out of high school (either way, you've got resume material) and good standing in the associaion after you graduate. Remember to stay calm and bargain with them. If you can, find a way to maybe do some work on what they are developing as well.
Let them know that you have something to offer and that they could stand to create a renewable revenue stream. Two items not to back down on are:
- They host both sites. Since you're entering an agreement with them, they need to pay for the bandwidth and not risk losing it should you go to college.
- You are the lead programmer for your portion. Don't let them take your baby and hand it to someone who doesn't care. If you've gone this far, tell them that you did it out of school pride. They can hire any monkey to code but they can't just go out an contract school pride or loyalty.
Welcome to the software and web design business. You've got a good head start....But if you coded it alone, host it yourself and don't do any of it at school... Take your ball and go home. Keep the site going and strip it of any affiliation to the school. Apologize to the alumni and tell them that it will never again have any of your school's "branding". Develop it for a couple of years and - if it gets popular - sell it off. You can get a whole lot more money selling a popular finished site to some local company than the alumni association would be willing to give you, but it would take time and self promotion.
Good luck!
(in a cynical mood today)
And risk my arm! The discomfort! Just let them drop I say.
Thanks. Definetely food for thought. Since I don't host the server for any profit - just for family and friends, I would have to reconsider if I'm going to be financially liable for it (I have very little $$$). Definite food for thought. Your analogy to ham radio is very provocative. Hmmmm........
So far, no proponant of taxed e-mail has been able to give me an answer to those questions short of "you shouldn't be allowed to have a server - no civilian should", which I can't agree with for numerous reasons. Don't get me wrong, the tax idea has merits. I just think it's a pipe dream without some government authority getting draconian and ruining a lot of what makes the internet such an open ended learning experience.
I agree with you wholehartedly. Additionally, I would love to see what level of exploits they are attributing. Even the term "hacked server" can mean so many things, from defaced web pages to a user grabbing a file that didn't have the right permissions to someone truly "0wn1ng" a system. We are in a time when the "tally everything" studies are increasingly irrelevant due to this complexity. I also agree that most /.ers fall into the "tally everything" trap more often than not. I find myself paying little or no attention to these types of generalizations and only keeping an eye on the exploits for software I actually have to use/maintain. General studies like this have become white noise and I've learned to tune it out. Whether that's the right thing for me to do still remains to be seen ;)
Since Apache runs on both operating systems with pretty much an equal level of security, is an Apache exploit a Linux problem or a Windows problem? In my opinion, it's an Apache problem and neither operating system should be blamed for the exploit. I stand firm in thinking that the really useful statistics would focus on the exploits and applications vulnerable to them than the gross generalization that was this article.
And by the way, I'm a fan of both and I try not to disregard any exploit or possible vulnerability. I do agree with you that big, complicated projects will always have flaws. To me (and to others too - I hope!), it's very important to look at how those flaws manifest and not important at all to try to tally them in general to play some childish "we're more secure than you" game. Big complicated questions require complicated answers most of the time, not simple generalizations.
Wow. I get a lot of those too. Thank goodness I deleted that pesky "default.ida" file from my Apache web server so I could be safe! :)
I think it's time to break the statistics down application by application at that point. Show me some Apache vs. IIS numbers or MySQL vs. SQL Server numbers or exclude third party applications altogether please. For the record, I run both Windows and Linux for clients and servers and am pretty neutral in the whole OS wars thing. Each has their merits and uses, both need regular security maintenance and I am pretty much happy with both for very different reasons. I'm not a Linux zealot, but I know bad numbers when I smell them. And then...
So MS is shoring up third party applications then? They even go on to cite Sobig and MSBlast as the reasons for the high MS numbers. This is shifting over to a very FUD-like smell now.Ironically, the dev box in question dual boots with a _very_ stripped down SuSE install (down to TinyWM, PHP and a couple of other things, but I rarely use Tiny and have been thinking of removing it and X). I do a lot of parse this data or parse that data with the box and the data needs to be in a clean environment for certain NDA reasons (no, it's not OS info, It's contact info). I get a CD and have PHP scripts that do the work for me. Unfortunately, the data starts out in MS Excel (blech), so I need to have a Windows install on it. A network admin certifies that the data is un-tampered and that my dev box is not connected to the outside world at all.
However, they aren't what's known as a Charitable Non-Profit (501(C)(3) in tax terms if I remember right) such as United Way, so the courts will also take that into consideration.
I work for a Professional Association myself and have talked to our legal team about the RIAA and how they work at length. Association law can be quite complicated here in the US.
It has also been called it's more common name here in the US - "Obstruction of Justice", but the RIAA would never do something like that...
Someone else compared it to 127.0.0.1 on a *nix box, but there's already a loopback interface in Windows. The RPC service was originally intended for remote administration. A better analogy would be SSH, but I don't have to run SSH under *nix, do I?
Wouldn't it be easier to just turn the RPC service off or remove it? Oh, that's right. You can't do either. It's an important Windows component that helps my non-networked, non-server, non-client Win2K development laptop running correctly. If it weren't there... well it just wouldn't be there and that's not good. Thank you MS for yet another non-uninstallable, non-disableable useless service for me to worry about. I can't wait until my web browser and messageing client are at this level of necessity. Then I'll really be enpowered to run my computer the way I see fit.
I'm an American. I vote with my conscience and my intelligence. I listen to news sources I agree with and even listen to those that I don't agree with in order to form a well rounded opinion. I have an open mind and do not dismiss viewpoints simply because I disagree with them. Intelligent opposition is to be respected and I welcome it.
Speaking of which, what would you Proud Republican Anonymous Cowards suggest as an alternative news source on this subject then? Anyone? Anyone? Is there anyone out there with something to add? That's what I thought. Quit your childish party bashing and try to at least give some supporting data in a discussion please. Blindly discounting something without offering an alternative or citing facts is not a debate or discussion - it's just flippant, childish whining. It's a sad attempt to look superior, which would be marginally alright... If you were superior enough to use your names or user accounts. Otherwise, you can go on spouting without credibility, but don't expect anyone to listen or mod you up.
And please RTFC (read the flippin' comment). I didn't tell the parent to only listen to NPR. I didn't even say to go beyond this single subject (the RIAA, remember?). I merely cited the best mass media news source I had found on the subject and made a suggestion. If you view this as being un-american/communist/liberal then you're only showing how narrow minded and insipid you are. Good luck with that!
Funny enough, I heard he was in town (I'm in Sacramento) by spotting him being interviewed by a local newscaster last week. I was wondering if he was still around because I recognized the place he was interviewed at. Does anyone know if his parents live in this area?
When the other points of view are severely watered down and full of fluff - Yeah, listen. I don't listen to it because it's liberal, I listen to it because it's the most factual available. I listen to a lot of the BBC as well. That doesn't make me British.
- Ruin a low income family financially
- Disgrace a child for life
- If Mom is like half of the Moms I've ever met in the hood, got a kid a beating
- Increased the chance of homelesness for a child
- Labeled someone a criminal at an early age, which can scar for life
- Ruin the chance of a child to absorb technology and survive in modern america
Now all they need to do is rape some cleregy and they're on their way to the throne of hell. Good Job!Not that I'm bitter about this or anything...
Seriously, I think you just struck on what will now be my leading comment when telling people about this. I personally think the RIAA is just going for the first ones they could find. It's still a really wild internet out there and the actual users within their grasp is probably a lot smaller than they are letting on. Thanks for that spark of deduction.