The speech-as-expression issue was AFAIK best handled in one of the Amicus briefs in the Bernstein crypto export case. Can't figure out which one just now, but IIRC the documentation on this point was extensive.
You miss an important (and true, IME) possibility: StarTAC handsets have lousy reception. There are *many* places that my wife's old StarTAC didn't work (we're both on Sprint) that my Sanyo 4000 did, and there are more places that her new Samsung handset works where my Sanyo doesn't. All handsets are not created equal.
Do you have an opinion about, say, WWII? Have you read _Mein Kampf_, _The Will to Power_ , _Also Sprach Zarathrusta_, and other primary sources?
Actually, if you believe that Nietzsche was anti-semitic, or in favor of those things that the Nazis believed, in general, you've been listening to the wrong secondary sources. I'd dispute that anyone can be a primary source of information on a war who died decades before that war was fought.
Also, yesterday was the 100th of Queen Victoria's death. How's that for the end of the Victorian era: her death one day, the first successful long distance radio transmission the next?
Yeah, but if they've got system-level control (ie BackOrifice or root), then even biometrics won't help, as you can override the reporting functions....
"OpenBSD, as Jon points out, misses vulnerabilities, because their auditors are human and non-omniscient." and what, the Bastille guys are God-like and omniscient?
Er, no.
I think we were just pointing out that 'audited' isn't necessarily the same thing as 'secure,' and that in fact the gap is much wider than people give credit for.
We make mistakes. Heck, we make a lot of mistakes. But we do our best to fix 'em, too.
It's worth noting that this was Robert Morris Jr.'s favorite book. (He was author of the great worm, of course, based partially on the ideas of this book.
<LITCRIT>
A number of people have commented that this book, or other Brunner books, haven't aged well. If you're looking primarily at the details of everyday life, that's obviously true. If you're looking at the larger social patterns, this may or may not be the case.
Brunner's talent lay in his ability to take someone else's projections about the future (in this case Toffler, in The Sheep Look Up Rachel Carson, in other books other prognosticators) and turn them into a story.
His Achilles' Heel lay in the fact that the story he told was almost always the same: they're all retellings of the story of Jesus, or the coming of the Messiah. (It's a hell of a story, mind you, but he always tells the same story.) All of the plots are essentially there's a society falling apart, but this one individual has the power to make things all better. However, he's in exile or a criminal or just disappeared. Towards the end of the book, though, he shows up and saves the day.
This is true of Stand On Zanzibar (which is about overpopulation and his effects. It's his best novel, IMHO.), The Sheep Look Up, and The Shockwave Rider, among others. The difference in The Shockwave Rider is that you hear the story more-or-less from the point of view of the Messiah. Children of the Thunder (I may have gotten the title wrong, but it's pretty close anyways) is one of his later books, but in that case it's inverted: it's the story of the Antichrist instead.
There's nothing wrong with these stories; they're fabulous stories whether or not you believe they're true, and they're definitely embedded deep within the psyche of Western Culture. But it's not an original idea, nor are the ideas behind each of his books particularly original, so it's frustrating in some way to read more than one of his books. Do, however, read Stand on Zanzibar. In both form and content it's one of the best SF novels of all time.
</LITCRIT>
That said, it's great fun to read Brunner. The Compleat Traveler In Black is a blast. I wonder if it's still in print, my mom tossed my copy out probably a decade ago...
Re:Typos not a minor point
on
Think Unix
·
· Score: 1
How about some errata for the errata?:)
[ . . . ]
These are all fixed. Thank you for reporting the problems.
Re:So it covers X Windows?
on
Think Unix
·
· Score: 2
Too bad, since X Windows is not an integral part of Unix. I was about to recommend this book to a couple of MacOS X newbies, but this serious flaw made me reconsider.
The book has eleven chapter. The last two chapters are about X. X is a major Unix subsystem that most people have significant problems with, so it needed to be covered.
Put another way, the book is has 242 pages of main text. Pages 1 through 196 don't have a damned thing to do with X; pages 197-242 are about X. Nothing before page 197 cares whether or not you have X, so not having X shouldn't stop anyone from getting through the majority of the book..
Re:Typos not a minor point
on
Think Unix
·
· Score: 3
Hey, I'm the author of the book. This is a fair criticism, but...:
There's an errata for the book. It is, as far as I'm aware, entirely complete and up-to-date. It's over here (the address is listed in the book, yes). You can determine how many of these have any impact whatsoever on the content.
There are two typos I know of (one of which Danny Yee reported, and both of which are in the errata) in 'code examples' (that is, anything that looks like a transcript of a session). One of those is in the output of a command (the wrong quotes are displayed as output), and the other is a case where the point is that a certain thing doesn't work. (In talking about $0-$9, I show that $10 doesn't work. Only it was shown as 10 rather than $10 in the example.) This one should be clear from the context, but the point is that it doesn't work anyway.
Iam anal-retentive. But things get messed up in the editing phase, as documents are passed back and forth among half a dozen people and file formats change, etc.
It's also a first printing. Some stuff will be fixed in the second printing. Everything will be fixed in the third printing. The second edition of the Llama book's first printing was horrendous. Especially the code examples.
Correctness is important to me. But I'd have to say that it's pretty darned good. Check the errata and decide for yourself before making a comment like this, please.
Re:It is nice to get back to "grass roots"
on
Think Unix
·
· Score: 2
Try using a real UNIX for a couple of months, then tell me Linux is the same.
Well, I'm a professional Unix sysadmin (And the author of the book.:-)). We're a Solaris/IRIX/Linux shop. Linux is the same. Or at least as much as either Solaris or Irix is.
We've moved many of our central AFS servers to Linux from Irix because Linux is much more stable. (Solaris does well too as an AFS fileserver, but why pay more when you don't get more?)
We've moved most of our labs from Irix boxes to Linux boxes. We're down to two labs with Irix boxes, which will probably be replaced in the next year or so with Linux boxes and decent 3D cards.
About one-third to one-quarter of our central servers (for around 20,000 active accounts) are Linux boxes.
[ . . . Stallman on why GNU su doesn't support wheel . . . ]
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.
I'm afraid he didn't think this one out: if I have su I can not only tell other people, but I can add them to the wheel group, right?
That has the added advantage, from my perspective, of keeping anyone too stupid to edit/etc/group from giving somebody even less capable the power to wreck the system. Not much of a bonus, but something of one.
(5) Home directories world readable, umask 022.
No real security problem here. If a user wants to hide something from prying eyes, they should learn about permissions, or better, how to use cryptography. In general, you shouldn't expect anything on a multi-user system to be private.
Right. So let's screw all the newbies, then tell them they should have known better.
IMHO they should be using the OpenBSD ftpd by default, but at least it's not wu-ftpd ("Providing remote root since 1994!"), which is the default ftp daemon on RedHat.
Of course, on the last remote root exploit just the other week, OpenBSD's ftpd was every bit as affected as wu-ftpd...
... is that the judge cited (obviously, they don't make these things up, which means that probably the plaintiffs as precedent cited) Religious Technology Center vs. Netcom. RTCvsN was the Scientologists cracking down on ISPs. Bad case, bad precedent, bad law. Ugh.
I get six hours of battery life. Sony Vaio Z505S with the "3-hour" extended battery. I don't get six if I'm building kernels all the time, but if I'm in vi and playing nethack, I get six easily.
OTOH, with Crusoe, double the battery life and shave another pound off of it and I'll buy it all over again.
Ya know, I generally like Katz's articles, but I think he's off the mark on this one
J.C. does do a fabulous job as A.K. No questions about that.
As someone who saw maybe an episode of Biography a few years back on A.K, seen a couple old Taxi episodes, and heard about some of his other acts from a friend who's really into A.K., I can't say I learned anything about him.
Unfortunately, the movie lacks a point of view. It's a cop-out to say that the subject does so the movie has to --- that's the "pathetic fallacy", for you lit-crit types --- and the lack of perspective makes it impossible to judge (in the broad sense of that term) what you're seeing.
Ditto the pathetic fallacy on the lack of character development. Not only for A.K. himself, which would be understandable, but for every other character in it -- there had to be more to his relationship with his girlfriend, right? We don't even find out how he meets Bob Zmuda. Or what drives B.Z.
This bullet point intentionally left blank.
In short, I tried hard to like this movie but couldn't quite like it. I got out of the movie feeling like I'd seen a few minutes of a highlight reel and basically got ripped off. Sorry Katz, I think you're dead wrong on this one.
And, for the record, I think A.K.'s comedy is more interesting than J.C.'s, but J.C. still makes me "laugh like a drain" in Patrick Stewart's words. (He was talking about Beavis and Butthead, though.)
Bah. I actually enjoyed V more than I did IV (Voyage Home), or anything after VI. You may not have liked the characterizations in V, but they were closer to the original show than anything besides the first movie. II (Wrath of Khan) was just an action film dolled-up to be a Star Trek movie. It was a good movie, but it wasn't Star Trek. III (Search for Spock) was them backpedaling from that. IV (Voyage Home) had nothing to do with Star Trek and was just typical "lite comedy". And I do mean "lite" not "light" --- completely empty. And the characterizations sucked there, too. ST:TMP and VI (Undiscovered Country) were both fine Star Trek films. No complaints. Anything after that, though, is an abomination unto heaven. Then again, I preferred TOS to TNG or anything later, so I'm admittedly biased. And Star Trek: Geriatrics was not only a waste of film, but an ignominious ending for Kirk. Like Shatner or hate him, the character didn't deserve to die in such a bogus way. I liked V (Final Frontier) because it had heart. None of the other movies really had heart. The laughable plot was a lot more like series episode plots (like "Shore Leave", which is one of my all-time favorites) than the other movies were, and the characterizations you may not have liked were also closer. Too much focus on Kirk, it's true, but what did you expect with Shatner directing? And you're right about the title.
The last redhat release i played with (version 5.2) had sendmail 8.8, and bind version 4.9 or something... any reason for this? Both were known security problems (that had been fixed for a while) on the day it shipped AFAIK:P
Aaah, Grasshopper: look at the patches inside the SRPM -- both BIND and Sendmail had the security fixes applied before 5.2 shipped.:-)
Remember, when RH 5.2 shipped, BIND 8 was not in very wide use, and Sendmail 8.9 was quite new. Rather than release a new, largely untested version of something with possibly huge new security holes (which thankfully didn't actually happen, but it's a lie to claim that there was no or low risk at that point), they released the old, known-to-work version with a patch for the known security holes.
A lot of stuff RH does may not be great, but don't slam them on this one -- they got it right, for certain. (Now, releasing pre-kernels may be another story, but there's a good argument to be made that said pre-kernel was much more stable than the official release at that point...)
Errr, "just grab a DES textbook, copy the code and make some custom changes to the encryptor"????
1. DES is broken. It's trivial for the government, especially with an $80mil anti-crypto group, to break it or anything of equivalent strength.
2. Making changes isn't likely to improve your security. Actually, it's quite likely to decrease your security, as DES was designed specifically to avoid certain attacks. (The S-boxes were altered to defend against differential attacks, one of the benefits of having nice NSA people look over your code before making it standard...) Any changes and cracking your new crypto may be anywhere from trivial to no-harder-than DES.
Slashdot Mirror
The speech-as-expression issue was AFAIK best handled in one of the Amicus briefs in the Bernstein crypto export case. Can't figure out which one just now, but IIRC the documentation on this point was extensive.
You miss an important (and true, IME) possibility: StarTAC handsets have lousy reception. There are *many* places that my wife's old StarTAC didn't work (we're both on Sprint) that my Sanyo 4000 did, and there are more places that her new Samsung handset works where my Sanyo doesn't. All handsets are not created equal.
Actually, if you believe that Nietzsche was anti-semitic, or in favor of those things that the Nazis believed, in general, you've been listening to the wrong secondary sources. I'd dispute that anyone can be a primary source of information on a war who died decades before that war was fought.
Also, yesterday was the 100th of Queen Victoria's death. How's that for the end of the Victorian era: her death one day, the first successful long distance radio transmission the next?
Yeah, but if they've got system-level control (ie BackOrifice or root), then even biometrics won't help, as you can override the reporting functions....
Yup. That's another reason it hasn't been one of our early target platforms.
-- Jon
Er, not necessarily. Bastille is for workstations and servers, really.
Er, no.
I think we were just pointing out that 'audited' isn't necessarily the same thing as 'secure,' and that in fact the gap is much wider than people give credit for.
We make mistakes. Heck, we make a lot of mistakes. But we do our best to fix 'em, too.
-- Jon
It's worth noting that this was Robert Morris Jr.'s favorite book. (He was author of the great worm, of course, based partially on the ideas of this book.
<LITCRIT>
A number of people have commented that this book, or other Brunner books, haven't aged well. If you're looking primarily at the details of everyday life, that's obviously true. If you're looking at the larger social patterns, this may or may not be the case.
Brunner's talent lay in his ability to take someone else's projections about the future (in this case Toffler, in The Sheep Look Up Rachel Carson, in other books other prognosticators) and turn them into a story.
His Achilles' Heel lay in the fact that the story he told was almost always the same: they're all retellings of the story of Jesus, or the coming of the Messiah. (It's a hell of a story, mind you, but he always tells the same story.) All of the plots are essentially there's a society falling apart, but this one individual has the power to make things all better. However, he's in exile or a criminal or just disappeared. Towards the end of the book, though, he shows up and saves the day.
This is true of Stand On Zanzibar (which is about overpopulation and his effects. It's his best novel, IMHO.), The Sheep Look Up, and The Shockwave Rider, among others. The difference in The Shockwave Rider is that you hear the story more-or-less from the point of view of the Messiah. Children of the Thunder (I may have gotten the title wrong, but it's pretty close anyways) is one of his later books, but in that case it's inverted: it's the story of the Antichrist instead.
There's nothing wrong with these stories; they're fabulous stories whether or not you believe they're true, and they're definitely embedded deep within the psyche of Western Culture. But it's not an original idea, nor are the ideas behind each of his books particularly original, so it's frustrating in some way to read more than one of his books. Do, however, read Stand on Zanzibar. In both form and content it's one of the best SF novels of all time.
</LITCRIT>
That said, it's great fun to read Brunner. The Compleat Traveler In Black is a blast. I wonder if it's still in print, my mom tossed my copy out probably a decade ago...
These are all fixed. Thank you for reporting the problems.
The book has eleven chapter. The last two chapters are about X. X is a major Unix subsystem that most people have significant problems with, so it needed to be covered.
Put another way, the book is has 242 pages of main text. Pages 1 through 196 don't have a damned thing to do with X; pages 197-242 are about X. Nothing before page 197 cares whether or not you have X, so not having X shouldn't stop anyone from getting through the majority of the book..
Hey, I'm the author of the book. This is a fair criticism, but...:
- There's an errata for the book. It is, as far as I'm aware, entirely complete and up-to-date. It's over here (the address is listed in the book, yes). You can determine how many of these have any impact whatsoever on the content.
- There are two typos I know of (one of which Danny Yee reported, and both of which are in the errata) in 'code examples' (that is, anything that looks like a transcript of a session). One of those is in the output of a command (the wrong quotes are displayed as output), and the other is a case where the point is that a certain thing doesn't work. (In talking about $0-$9, I show that $10 doesn't work. Only it was shown as 10 rather than $10 in the example.) This one should be clear from the context, but the point is that it doesn't work anyway.
- I am anal-retentive. But things get messed up in the editing phase, as documents are passed back and forth among half a dozen people and file formats change, etc.
- It's also a first printing. Some stuff will be fixed in the second printing. Everything will be fixed in the third printing. The second edition of the Llama book's first printing was horrendous. Especially the code examples.
Correctness is important to me. But I'd have to say that it's pretty darned good. Check the errata and decide for yourself before making a comment like this, please.Well, I'm a professional Unix sysadmin (And the author of the book. :-)). We're a Solaris/IRIX/Linux shop. Linux is the same. Or at least as much as either Solaris or Irix is.
We've moved many of our central AFS servers to Linux from Irix because Linux is much more stable. (Solaris does well too as an AFS fileserver, but why pay more when you don't get more?)
We've moved most of our labs from Irix boxes to Linux boxes. We're down to two labs with Irix boxes, which will probably be replaced in the next year or so with Linux boxes and decent 3D cards.
About one-third to one-quarter of our central servers (for around 20,000 active accounts) are Linux boxes.
Linux is Unix.
[ . . . Stallman on why GNU su doesn't support wheel . . . ]
I'm afraid he didn't think this one out: if I have su I can not only tell other people, but I can add them to the wheel group, right?That has the added advantage, from my perspective, of keeping anyone too stupid to edit /etc/group from giving somebody even less capable the power to wreck the system. Not much of a bonus, but something of one.
Right. So let's screw all the newbies, then tell them they should have known better.
Of course, on the last remote root exploit just the other week, OpenBSD's ftpd was every bit as affected as wu-ftpd...Every change Bastille makes can (now) be reversed. This (very important) functionality was added in 1.1.
I did submit the story on Bastille Day, when it was posted.
My submission to Slashdot about that article was rejected.
Well, the Bastille is a fortress, you see. And, sure, the building was stormed --- but the problem wasn't the building, it was the administration.
It's a joke, you see.
... is that the judge cited (obviously, they don't make these things up, which means that probably the plaintiffs as precedent cited) Religious Technology Center vs. Netcom. RTCvsN was the Scientologists cracking down on ISPs. Bad case, bad precedent, bad law. Ugh.
I get six hours of battery life. Sony Vaio Z505S with the "3-hour" extended battery. I don't get six if I'm building kernels all the time, but if I'm in vi and playing nethack, I get six easily.
OTOH, with Crusoe, double the battery life and shave another pound off of it and I'll buy it all over again.
You can say all these things about auto repair, too, and I don't imagine you'd include auto mechanics in the new intelligentsia.
Ya know, I generally like Katz's articles, but I think he's off the mark on this one
In short, I tried hard to like this movie but couldn't quite like it. I got out of the movie feeling like I'd seen a few minutes of a highlight reel and basically got ripped off. Sorry Katz, I think you're dead wrong on this one.
And, for the record, I think A.K.'s comedy is more interesting than J.C.'s, but J.C. still makes me "laugh like a drain" in Patrick Stewart's words. (He was talking about Beavis and Butthead, though.)
Bah. I actually enjoyed V more than I did IV (Voyage Home), or anything after VI. You may not have liked the characterizations in V, but they were closer to the original show than anything besides the first movie. II (Wrath of Khan) was just an action film dolled-up to be a Star Trek movie. It was a good movie, but it wasn't Star Trek. III (Search for Spock) was them backpedaling from that. IV (Voyage Home) had nothing to do with Star Trek and was just typical "lite comedy". And I do mean "lite" not "light" --- completely empty. And the characterizations sucked there, too. ST:TMP and VI (Undiscovered Country) were both fine Star Trek films. No complaints. Anything after that, though, is an abomination unto heaven. Then again, I preferred TOS to TNG or anything later, so I'm admittedly biased. And Star Trek: Geriatrics was not only a waste of film, but an ignominious ending for Kirk. Like Shatner or hate him, the character didn't deserve to die in such a bogus way. I liked V (Final Frontier) because it had heart. None of the other movies really had heart. The laughable plot was a lot more like series episode plots (like "Shore Leave", which is one of my all-time favorites) than the other movies were, and the characterizations you may not have liked were also closer. Too much focus on Kirk, it's true, but what did you expect with Shatner directing? And you're right about the title.
Aaah, Grasshopper: look at the patches inside the SRPM -- both BIND and Sendmail had the security fixes applied before 5.2 shipped. :-)
Remember, when RH 5.2 shipped, BIND 8 was not in very wide use, and Sendmail 8.9 was quite new. Rather than release a new, largely untested version of something with possibly huge new security holes (which thankfully didn't actually happen, but it's a lie to claim that there was no or low risk at that point), they released the old, known-to-work version with a patch for the known security holes.
A lot of stuff RH does may not be great, but don't slam them on this one -- they got it right, for certain. (Now, releasing pre-kernels may be another story, but there's a good argument to be made that said pre-kernel was much more stable than the official release at that point...)
Errr, "just grab a DES textbook, copy the code and make some custom changes to the encryptor"????
1. DES is broken. It's trivial for the government, especially with an $80mil anti-crypto group, to break it or anything of equivalent strength.
2. Making changes isn't likely to improve your security. Actually, it's quite likely to decrease your security, as DES was designed specifically to avoid certain attacks. (The S-boxes were altered to defend against differential attacks, one of the benefits of having nice NSA people look over your code before making it standard...) Any changes and cracking your new crypto may be anywhere from trivial to no-harder-than DES.