Actually, I equally condemn this collusion between CERT and the major distros for a few reasons.
1. This pretty well shoots the benefits of OSS right in the foot. "Release fast, release often" just became "release when everybody is ready". Shouldn't this have been fixed at the wu-ftpd level (in their CVS) and then distributed that way? That would have allowed admins the opportunity to grab the latest source and get the fix/patch up and running while the distros worked on their update packages.
2. Where's the list of whom CERT considers a major distribution? By hoarding the exploit info among the larger distros, smaller distros now find out about this hole about a month after the major distros, which means the minors have to play catch-up AFTER the exploit is both addressed by the major competition and widely reported by CERT.
3. Why did a government body get to tell a bunch of Linux distributors when to release info on an exploit? If disabling anonymous FTP, changing FTP daemons, or shutting down FTP altogether provides a temporary fix while coders get the exploit patched, dammit, I'd want to know that. Pretending it doesn't exist for a few weeks does not make it not exist. Can we expect more information hoarding in the future between Linux distros and government bodies? Will Red Hat automatically bundle Magic Lantern (big stretch, I know, but if you don't play the extremes, posting isn't any fun)?
So yeah, the shoe is on the other foot, and this foot stinks just as bad as the first one.
Looks like our media-based culture has finally dominated the minds of its citizenry.
People are now convinced that paying $30 to watch a commercial is a good thing!
I thought they only had a constructed replica of Difference Engine No. 2. Have they built the Analytical Engine?
Or was that a forward looking statement that you hope they one day construct an Analytical Engine?
Regarding the book... I just finished this book a few days ago, and I thoroughly enjoyed it. I enjoyed the quick debunking of the role of Ada Lovelace in computing.
Because they don't have enough evidence to win in court.
This was mentioned during a White House press briefing. I think it might have been Rumsfeld that said that they didn't have enough evidence to try bin Laden in court, but they had enough to justify bombing Afghanistan.
Uh, guys? ATI has already responded to this by saying that yes, they do optimize their drivers for games.
Did HardOCP search the binaries for references to other executables? Their site doesn't imply that they did. So maybe it's just ATI trying to give gamers a better experience. It's not like they fudged 3DMark results.
I have one of the FV24's powering my OGG jukebox, running RH7.1 and Apache. Everything works great except the FireWire. Couldn't get Kudzu to auto-detect it, but also have no use for it, so I haven't dug into getting it working.
I've had no problems with the other components, though (somebody mentioned they had audio distortion problems under Win2K, but I didn't run into that at all in Linux).
So, then, it's key that everybody be plugged into the LAN before they boot up, otherwise the ARP will be pointless (and conflicts could occur). Is that accurate?
Regarding Music... I've recently started taking an OGG jukebox to our gatherings, though, so far, I'm the only one who uses it.
It's a Linux box running Apache, PHP, and Andromeda to stream OGGs over the LAN, so all you have to do is set up your playlist, click Play, and stick WinAmp/XMMS on Repeat/Shuffle. It plays in the background while you play whatever.
The downside is that you need to have a machine capable of playing games and music at the same time. Also, it helps if your players use headphones so that nobody else has to listen to music they think sucks.
So far, Atari Teenage Riot seems to be about the best Quake music ever.:)
The best place to find cheap 24 port switches is eBay. I snagged a 24 port Addtron switch from there for $139 and have never had problems with it at our LAN parties (web link in my user info). I also have a 24 port hub, just in case our numbers go above what the switch can take, which ran me $189 from Buy.com.
Also, DHCP is a snap to set up. If you let the Windows random assignment happen, there is always the chance that two machines will grab the same IP address. We're kinda cheapin' out right now by using my Linksys Cable/DSL gateway, which has built-in DHCP. We also use that to give the whole group Internet access via the usual host's cablemodem. Even works for multiplayer out in the wild (we typically do this with Counter-Strike). You can get a 4 port Linksys gateway/router for around $99 these days.
Now, if you're thinking that you need to have all 3Com gear, then yes, you will be spending huge bucks. Or if you get the idea that gigabit ethernet is your cup of tea... cha-ching, bye bye retirement fund. But equipment sufficient for running LAN parties can be found on the cheap. Keep this in mind - for the cost of a GeForce 3 at launch (~$400), you could have all the gear I've mentioned.
Perhaps the FTC should be made aware of Opera and Konqueror?
I was discussing this issue with last night with my wife when she asked, "Well, if Konqueror has the option to turn off window.open [no, she didn't say "window dot open"], why doesn't Microsoft just do that?"
Because Microsoft derives revenue from popups. Same reason they don't let you disable HTML mail even though it continues to be a security issue - the mail they send ties into tracking that helps them drive revenue. If they let you disable these two avenues, they lose money.
This is all speculation, though Hotmail does shove a popup on your screen while you're using it (and just think about how many people use Hotmail).
A friend of mine works in the acoustics lab at a nearby university. Not long after the attack, they received a request to build a device that would allow rescuers to find people in the rubble by listening for breathing or cries for help that couldn't be heard otherwise. The team did get something together for this and went up to the site, but they never got to try it out.
This was a couple days after the attack and rescue workers had pretty much given up on survivors at that point (though the media continued to report otherwise). According to my friend, when he got there, the police and firefighters were concentrating the search on finding their own guys and had pretty much given up on finding anyone else.
He said that it took about 6 hours to get cleared to go onto the site itself, and then, after that, you were put in a queue to use the site for your task (searching, removing rubble, et cetera). They were bumped twice before being told they weren't going to be used, so the device never had a field test, but none of the team complained. They were in complete awe of the scene itself, and, while they ultimately felt helpless, they felt privileged just to be there and to speak with other crews and native New Yorkers. They managed to get some audio recordings of the area as well, thinking it might be important for historical reasons.
And let's not forget that any universal key will be copied. If all US generated encryption contained the magic "back door" key to be held by authorities, just how long do we think it would be before that key were leaked, cracked, otherwise discovered and published worldwide?
The analogy of corporations able to track our every purchase falls apart when you move this to government. If Amazon, Wal-Mart, and EZPass all do things that I find reprehensible, it is usually easy for me to avoid patronizing those establishments. If, however, the government starts tracking everything I do, what choice do I have? My choices are to shut up and go along with it or to speak out, resist, and be arrested. I've never faced the possibility of arrest by not going to Wal-Mart.
Historically, we have used temporary laws to get us through tought times (WW2 rationing laws being an excellent example). I personally do not oppose temporary restrictions, but I have heard nobody talk about temporary solutions and writing up laws that self-expire. Everything I have heard so far has been in regard to permanent laws as a reaction to the attack. Perhaps I have missed this key point amid all the rhetoric, but I don't think our legislators have anything temporary in mind.
And while our attention is directed with pin-point accuracy to the deaths that occurred in the WTC attack, let us not forget that thousands die every year in the US by our own hands. Just not all at once and in the same place.
A coworker and I were arguing the issues around curtailing liberties and he said, "What if reading everybody's e-mail kept you from being killed tonight? Would you allow it?" My response: "I have an excellent chance of being killed every day during my drive to and from the office. Giving the government access to my e-mail isn't going to change that."
Chances are, I would not be as defensive about my liberties if I felt the government always acted with sanity and didn't try to overrun the Constitution every chance it got. If I trusted the government, perhaps I would be granting it more lenience in my concerns and arguments. But I don't. I've seen it act in the best interest of ratings and newsbites. I've seen it claim to defend democracy and freedom in the pursuit of oil (if only Tibet had oil fields, we would have liberated it from China). I've seen it decide that the morality of the few was so important that it deserved the censorship of all (the CDA). And you want me to trust this government now that they have been handed a tragic scepter that grants them temporary kingship?
Sorry. I can't do that. Of any time in recent history, now is the time to be most vigilant when it comes to watching what our government does in response to this awful attack. Make sure that what they propose to do will actually increase safety instead of simply increasing the mass belief that safety has been achieved (there is a crucial difference there).
I actually thought about that a few minutes after making my post, and it's a completely valid statement. But you have to seek out radio stations, too, though finding a radio station requires far less effort than finding a book.
But both are scenarios wherein a provider of content (sometimes the sole provider in a community... ClearChannel owns all the major stations in Pittsburgh, their closest major market to my location) is arbitrarily deciding that said content is not suitable under current conditions and pulling that content.
So while the delivery medium is different (push vs. seek), the removal of works is the same.
ClearChannel owns 1,170 radio stations in the US. They are not pulling songs based on regional requests, they are demanding that every station in every location stop playing these songs regardless of the demands of the community served by each station. That seems like censorship to me.
If libraries started pulling all books about war, all books about airplanes, all books about the Middle East, all books about terrorism, and, to bring it in line with the ClearChannel list, all books about balloons, blue dresses, love, rescues, sex, mothers, irony, LSD, Satan, and dance in NYC, there would be a fair bit of outrage from everybody in this forum. So what's the difference in pulling songs because of that content?
I see that Cat Stevens' "Peace Train" is on the list. Does that mean that the 10,000 Maniacs cover is also banned, or are all 10,000 Maniacs songs banned because the word 'Maniacs' is in their band name?
It could be that the Internet will slowly erode away the media's bent for propaganda, replacing it instead with perspectives that provide depth and humanity.
Has Chomsky ever weighed in with his perceptions of the effect of the net to circumvent the limited views put forth by mainstream, corporate media?
Obviously, the big ticket item is getting the citizenry involved in making changes at a legislative level regarding the liberties that have been traded in the interest of corporate domination. The problem, however, is finding a way to communicate that without spending three days pointing out cases of encroaching corporate control.
Do you have any tips/suggestions on how an average technology enthusiast such as myself can best go about conveying to the every-day public the sense of urgency surrounding technology issues and the reason such issues should be addressed?
This means that the patent is largely invalid due to Symantec's HealthyPC.com product having done the same thing a year before McAfee filed for their patent (HPC.com happened in '97, patent filed in '98).
I've posted all the details in a comment under the initial McAfee patent article, so I'm not going to repeat myself here, but check it out if you're curious.
TuneUp.com was originally an independent start-up. It didn't start out as a Quarterdeck initiative. Symantec considered buying them and even did a brief partnership with them before simply developing its own product.
Also, CyberMedia made both Oil Change and FirstAid 98, so they weren't exactly competitors.:)
Oil Change wouldn't really qualify under the patent (as I understand it) because Oil Change, while it did rely upon an online database, was not launched by a web site. The user launched it locally, and it then compared installed programs against version data at CyberMedia. After figuring out the diff, it came up with a list of what was out of date and where the updates could be found. The app then ran independently to get the updates and install them.
McAfee swallowed CyberMedia in September of 1998 (I was working for CyberMedia at the time), so, depending on the exact date the patent was filed, it may or may not have been in reaction to McAfee's acquisition of Oil Change.
Of course, you don't need an actual product to obtain a software patent. That's the beauty of patenting data.
This is a repost (see "*cough cough*"), but this incredibly relevant data is being ignored in favor of James Bond references.:)
There are at least two instances of prior art (that I submitted to Slashdot when I submitted mention of the McAfee story, but oh well...).
In 1997, Symantec partnered with Ziff Davis in launching the HealthyPC.com web site. It was a subscription service that allowed customers access to Norton Antivirus, a subset of Norton Utilities, and the then newly developed LiveUpdate product. I did web design for that launch.
The way the service worked is that the apps were downloaded and installed on the client side, but they could only be activated by a launch script from the server side, so a user had to log in to the HealthyPC.com subscriber area in order to use the tools.
Here are some pages that reference HealthyPC.com and pretty clearly show dates from 1997 (according to News.com, McAfee applied for the patent in 1998):
http://news.cnet.com/news/0-1003-200-318512.html
http://cypherpunks.venona.com/date/1997/04/msg0024 1.html
http://www8.zdnet.com/pcmag/insites/sod/sd970310.h tm
http://www.quantum.org/members/issues/1097/7875.ht m
Before that, there was a site offering similar services that was called TuneUp.com, but it ended up going through a few acquisitions before finally ending up as part of Symantec.
Slashdot Mirror
Actually, I equally condemn this collusion between CERT and the major distros for a few reasons.
1. This pretty well shoots the benefits of OSS right in the foot. "Release fast, release often" just became "release when everybody is ready". Shouldn't this have been fixed at the wu-ftpd level (in their CVS) and then distributed that way? That would have allowed admins the opportunity to grab the latest source and get the fix/patch up and running while the distros worked on their update packages.
2. Where's the list of whom CERT considers a major distribution? By hoarding the exploit info among the larger distros, smaller distros now find out about this hole about a month after the major distros, which means the minors have to play catch-up AFTER the exploit is both addressed by the major competition and widely reported by CERT.
3. Why did a government body get to tell a bunch of Linux distributors when to release info on an exploit? If disabling anonymous FTP, changing FTP daemons, or shutting down FTP altogether provides a temporary fix while coders get the exploit patched, dammit, I'd want to know that. Pretending it doesn't exist for a few weeks does not make it not exist. Can we expect more information hoarding in the future between Linux distros and government bodies? Will Red Hat automatically bundle Magic Lantern (big stretch, I know, but if you don't play the extremes, posting isn't any fun)?
So yeah, the shoe is on the other foot, and this foot stinks just as bad as the first one.
Looks like our media-based culture has finally dominated the minds of its citizenry. People are now convinced that paying $30 to watch a commercial is a good thing!
I thought they only had a constructed replica of Difference Engine No. 2. Have they built the Analytical Engine?
Or was that a forward looking statement that you hope they one day construct an Analytical Engine?
Regarding the book... I just finished this book a few days ago, and I thoroughly enjoyed it. I enjoyed the quick debunking of the role of Ada Lovelace in computing.
Because they don't have enough evidence to win in court.
This was mentioned during a White House press briefing. I think it might have been Rumsfeld that said that they didn't have enough evidence to try bin Laden in court, but they had enough to justify bombing Afghanistan.
Yeah, didn't make much sense to me, either.
Uh, guys? ATI has already responded to this by saying that yes, they do optimize their drivers for games.
Did HardOCP search the binaries for references to other executables? Their site doesn't imply that they did. So maybe it's just ATI trying to give gamers a better experience. It's not like they fudged 3DMark results.
I have one of the FV24's powering my OGG jukebox, running RH7.1 and Apache. Everything works great except the FireWire. Couldn't get Kudzu to auto-detect it, but also have no use for it, so I haven't dug into getting it working.
I've had no problems with the other components, though (somebody mentioned they had audio distortion problems under Win2K, but I didn't run into that at all in Linux).
2001-10-09 16:11:59 Jedi Knights recognized as a religion (articles,news) (rejected)
Okay, so what's the secret? Is it just how you write the description for the news item? Is it just that I was, oh, 7 hours too early in submitting it?
I try and try... all my hopes pinned on what I think is a great story... rejected... then posted later.
Ack.
Just last week, I received a letter from one of my state reps thanking me for my input regarding Dmitry Sklyarov and the DMCA.
So, even if the topics were just punched into a database in order to pump out form letters, somebody read it. It wasn't just deleted.
Do both. Fire off a well-written e-mail now and follow it up with a well-written snail mail later.
Thanks for the correction.
So, then, it's key that everybody be plugged into the LAN before they boot up, otherwise the ARP will be pointless (and conflicts could occur). Is that accurate?
Regarding Music... I've recently started taking an OGG jukebox to our gatherings, though, so far, I'm the only one who uses it.
:)
It's a Linux box running Apache, PHP, and Andromeda to stream OGGs over the LAN, so all you have to do is set up your playlist, click Play, and stick WinAmp/XMMS on Repeat/Shuffle. It plays in the background while you play whatever.
The downside is that you need to have a machine capable of playing games and music at the same time. Also, it helps if your players use headphones so that nobody else has to listen to music they think sucks.
So far, Atari Teenage Riot seems to be about the best Quake music ever.
The best place to find cheap 24 port switches is eBay. I snagged a 24 port Addtron switch from there for $139 and have never had problems with it at our LAN parties (web link in my user info). I also have a 24 port hub, just in case our numbers go above what the switch can take, which ran me $189 from Buy.com.
Also, DHCP is a snap to set up. If you let the Windows random assignment happen, there is always the chance that two machines will grab the same IP address. We're kinda cheapin' out right now by using my Linksys Cable/DSL gateway, which has built-in DHCP. We also use that to give the whole group Internet access via the usual host's cablemodem. Even works for multiplayer out in the wild (we typically do this with Counter-Strike). You can get a 4 port Linksys gateway/router for around $99 these days.
Now, if you're thinking that you need to have all 3Com gear, then yes, you will be spending huge bucks. Or if you get the idea that gigabit ethernet is your cup of tea... cha-ching, bye bye retirement fund. But equipment sufficient for running LAN parties can be found on the cheap. Keep this in mind - for the cost of a GeForce 3 at launch (~$400), you could have all the gear I've mentioned.
Perhaps the FTC should be made aware of Opera and Konqueror?
I was discussing this issue with last night with my wife when she asked, "Well, if Konqueror has the option to turn off window.open [no, she didn't say "window dot open"], why doesn't Microsoft just do that?"
Because Microsoft derives revenue from popups. Same reason they don't let you disable HTML mail even though it continues to be a security issue - the mail they send ties into tracking that helps them drive revenue. If they let you disable these two avenues, they lose money.
This is all speculation, though Hotmail does shove a popup on your screen while you're using it (and just think about how many people use Hotmail).
A friend of mine works in the acoustics lab at a nearby university. Not long after the attack, they received a request to build a device that would allow rescuers to find people in the rubble by listening for breathing or cries for help that couldn't be heard otherwise. The team did get something together for this and went up to the site, but they never got to try it out.
This was a couple days after the attack and rescue workers had pretty much given up on survivors at that point (though the media continued to report otherwise). According to my friend, when he got there, the police and firefighters were concentrating the search on finding their own guys and had pretty much given up on finding anyone else.
He said that it took about 6 hours to get cleared to go onto the site itself, and then, after that, you were put in a queue to use the site for your task (searching, removing rubble, et cetera). They were bumped twice before being told they weren't going to be used, so the device never had a field test, but none of the team complained. They were in complete awe of the scene itself, and, while they ultimately felt helpless, they felt privileged just to be there and to speak with other crews and native New Yorkers. They managed to get some audio recordings of the area as well, thinking it might be important for historical reasons.
Copy protection blah blah fair use blah blah return the CDs blah blah.
Most of the stuff here is rehash, but the News.com article mentioned that the record industry has been reeling from poor sales.
Huh?
When they were initially fighting Napster, sales were through the roof and climbing, and now that they've gotten rid of Napster... oh, oops.
Wow, RIAA, maybe all those people who said that they were more likely to buy a CD after sampling tracks from Napster were telling you the truth!!
And let's not forget that any universal key will be copied. If all US generated encryption contained the magic "back door" key to be held by authorities, just how long do we think it would be before that key were leaked, cracked, otherwise discovered and published worldwide?
Historically, we have used temporary laws to get us through tought times (WW2 rationing laws being an excellent example). I personally do not oppose temporary restrictions, but I have heard nobody talk about temporary solutions and writing up laws that self-expire. Everything I have heard so far has been in regard to permanent laws as a reaction to the attack. Perhaps I have missed this key point amid all the rhetoric, but I don't think our legislators have anything temporary in mind.
And while our attention is directed with pin-point accuracy to the deaths that occurred in the WTC attack, let us not forget that thousands die every year in the US by our own hands. Just not all at once and in the same place.
A coworker and I were arguing the issues around curtailing liberties and he said, "What if reading everybody's e-mail kept you from being killed tonight? Would you allow it?" My response: "I have an excellent chance of being killed every day during my drive to and from the office. Giving the government access to my e-mail isn't going to change that."
Chances are, I would not be as defensive about my liberties if I felt the government always acted with sanity and didn't try to overrun the Constitution every chance it got. If I trusted the government, perhaps I would be granting it more lenience in my concerns and arguments. But I don't. I've seen it act in the best interest of ratings and newsbites. I've seen it claim to defend democracy and freedom in the pursuit of oil (if only Tibet had oil fields, we would have liberated it from China). I've seen it decide that the morality of the few was so important that it deserved the censorship of all (the CDA). And you want me to trust this government now that they have been handed a tragic scepter that grants them temporary kingship?
Sorry. I can't do that. Of any time in recent history, now is the time to be most vigilant when it comes to watching what our government does in response to this awful attack. Make sure that what they propose to do will actually increase safety instead of simply increasing the mass belief that safety has been achieved (there is a crucial difference there).
But both are scenarios wherein a provider of content (sometimes the sole provider in a community... ClearChannel owns all the major stations in Pittsburgh, their closest major market to my location) is arbitrarily deciding that said content is not suitable under current conditions and pulling that content.
So while the delivery medium is different (push vs. seek), the removal of works is the same.
If libraries started pulling all books about war, all books about airplanes, all books about the Middle East, all books about terrorism, and, to bring it in line with the ClearChannel list, all books about balloons, blue dresses, love, rescues, sex, mothers, irony, LSD, Satan, and dance in NYC, there would be a fair bit of outrage from everybody in this forum. So what's the difference in pulling songs because of that content?
I see that Cat Stevens' "Peace Train" is on the list. Does that mean that the 10,000 Maniacs cover is also banned, or are all 10,000 Maniacs songs banned because the word 'Maniacs' is in their band name?
Has Chomsky ever weighed in with his perceptions of the effect of the net to circumvent the limited views put forth by mainstream, corporate media?
Obviously, the big ticket item is getting the citizenry involved in making changes at a legislative level regarding the liberties that have been traded in the interest of corporate domination. The problem, however, is finding a way to communicate that without spending three days pointing out cases of encroaching corporate control.
Do you have any tips/suggestions on how an average technology enthusiast such as myself can best go about conveying to the every-day public the sense of urgency surrounding technology issues and the reason such issues should be addressed?
TMR is not a prequel. It's an upcoming DVD release that contains more supplemental behind-the-scenes footage and yet more extras.
I've posted all the details in a comment under the initial McAfee patent article, so I'm not going to repeat myself here, but check it out if you're curious.
Also, CyberMedia made both Oil Change and FirstAid 98, so they weren't exactly competitors. :)
Oil Change wouldn't really qualify under the patent (as I understand it) because Oil Change, while it did rely upon an online database, was not launched by a web site. The user launched it locally, and it then compared installed programs against version data at CyberMedia. After figuring out the diff, it came up with a list of what was out of date and where the updates could be found. The app then ran independently to get the updates and install them.
McAfee swallowed CyberMedia in September of 1998 (I was working for CyberMedia at the time), so, depending on the exact date the patent was filed, it may or may not have been in reaction to McAfee's acquisition of Oil Change.
Of course, you don't need an actual product to obtain a software patent. That's the beauty of patenting data.
But it didn't do it before 1998, which is when McAfee applied for the patent.
There are at least two instances of prior art (that I submitted to Slashdot when I submitted mention of the McAfee story, but oh well...).
In 1997, Symantec partnered with Ziff Davis in launching the HealthyPC.com web site. It was a subscription service that allowed customers access to Norton Antivirus, a subset of Norton Utilities, and the then newly developed LiveUpdate product. I did web design for that launch.
The way the service worked is that the apps were downloaded and installed on the client side, but they could only be activated by a launch script from the server side, so a user had to log in to the HealthyPC.com subscriber area in order to use the tools.
Here are some pages that reference HealthyPC.com and pretty clearly show dates from 1997 (according to News.com, McAfee applied for the patent in 1998):
http://news.cnet.com/news/0-1003-200-318512.html
http://cypherpunks.venona.com/date/1997/04/msg0024 1.htmlh tmt m
http://www8.zdnet.com/pcmag/insites/sod/sd970310.
http://www.quantum.org/members/issues/1097/7875.h
Before that, there was a site offering similar services that was called TuneUp.com, but it ended up going through a few acquisitions before finally ending up as part of Symantec.