To paraphrase him, Security is a mentality
And that's about where the similarity ends. Bruce is qualified to write about how mentally challenged the TSA is because (as we can all agree) he's a smart guy.
But electronic security and physical security don't share much more than the word "security" in their names. Protecting a network is absolutely nothing like protecting a country, and it's only Bruce's arrogance that leads him to think he has something to say about guarding borders. He doesn't.
You're right, of course. But MacOS X is not secure because it's obscure; it's secure because it was designed that way.
That isn't to say that there haven't been problems, or that there won't be in the future. But keep to the facts and look at the numbers, and you'll see a marked difference between a mac and a pc. Time will tell, ultimately.
I think this is an excellent result. You have more exposure to computers and do less well on some standardized test: exactly what you'd hope for.
Whoever died and said standardized tests were some kind of proof of anything (besides being good at taking standardized tests)? How many standardized tests have you taken as an adult? (MCSEs and CISSPs can keep their mouths shut; those tests are irrelevant, too.)
More importantly, what are you in school to learn, anyway? Facts and figures? Formulas? No.
You're in school to learn how to learn, and the sooner these idiots recognize that, the sooner they'll realize that these kids "fooling around" with computers probably know more about how to learn than the adults will ever know.
Security starts with learning and experience
You are absolutely right, it does.
the best way to learn is to crash your machine before someone else does
The third lesson: just because someone can theoretically crash your machine doesn't mean you have to worry about it. You cannot secure any box or network 100%, so you need to concern yourself with the most likely attacks.
Actually not so true.
If I run apache and have some CGIs, and and of the CGIs allows you to write a file into the cgi-bin/ directory and give it +x, and then I execute that file (/cgi-bin/forkbomb) -- that's a remote exploit. All remote exploits have some component of locality.
The author is a BSD fanatic who is trying to disparage Linux without being obvious about it. He failed, even though he did try to cover his tracks by saying "Linux doesn't suck."
Resource exhaustion is not a serious issue when most/all Unix desktop machines are used by one person. And with servers -- either you tune your box or you have a nice big cluster. And you've secured it so that a script kiddie like the author can't run arbitrary forkbomb code.
Something "peeked" his interest? Does he really think it's spelled that way? Piqued! Reminds me of people writing about how the "ownness" is on someone. Onus! I fear for our future.
In the article comments on the original page, the author makes the point that choosing usability over security is not a very good idea. That's a common and sophomoric idea; the same people also try to say that security-by-obscurity is useless. In the real world, you have to make intelligent compromises, and here, keeping system limits liberal for practical purposes -- even while allowing forkbombing -- is often more important than being paranoid. If a user can forkbomb your server and actually do damage to your business or important hobby machine, you have other problems. Forkbomb-ability would be a symptom of a big underlying problem, not a problem itself.
(Security by obscurity is not something you should ever rely upon solely, but it doesn't hurt as part of an overall security plan.)
Fedora Core 3+ have SELinux turned on by fault. You should be able to set limits using this which are more effective than just using ulimit, but more flexible than compiling arbitrarily low limits into the kernel.
The forkbomb "problem" is not a kernel issue; it's a ulimit issue.
It is not practical to set resource limits radically low on an OS meant for general desktop use.
It is not practical to set resource limits radically low on an OS meant for general server use.
This author has never worked in the real world, or has been has wreaked havoc with his impractical ideas.
Also, he's a *BSD zealot; did I mention that? Has anyone told him the *BSDs are dying while Linux is bigger than ever? Hmm, maybe he's heard that, and that's why he wrote this FUD.
It didn't suck. Some of the effects shots were downright stunning -- if they were in an actual hollywood movie I'd be impressed.
The problem with fan productions always seems to be the acting; it reminds me of how the problem with open source GUI apps is always the GUI. It's the human part that the geeks have trouble getting right.
In the case of this trailer: the actors just don't look right for the parts, and their acting isn't very convincing. It's not horrible, just not good enough. There's a reason directors insist on take after take; a lot of the time it's so there is enough footage to piece together a decent scene.
Outside of the actual acted scenes, everything else looked superb and downright amazing -- including the live shots with the stormtroopers etc.
You're not writing textbooks, so if you have a point to make, you need to make it clear.
Worse, you don't know how to spell "independent." Use a dictionary, genius.
Worst of all, you mislead all of us when you bury the word "independent" in an otherwise inflamatory screed about how the artists get paid by iTunes and how we should all shut the fuck up.
Record companies make 99.9% of all profits on all music sold. Artists make.1%. So your estimate of 65 cents/download is way, way off.
Also, the particulars of how each record company distributes profits is individual to the companies. Apple can't dictate that 65 cents goes to artists even it was feeling magnanimous. And all available evidence is to the contrary; artists frequently end up *owing* money to record companies unless they become Britney or Justin.
Try not. Do or do not, there is no try. -- Dr. Spock, stardate 2822-3.
This has to be a joke, right? It was Yoda who said that, and Mr. Spock is not a Doctor. Dr. Benjamin Spock was a pediatrician whose books were popular in the last century.
If I buy Pro Tools I'll be as good as Quincy Jones or Nile Rogers?
Perhaps not, but until Quincy and Nile start producing every album that's released, your point is pointless.
The guy's argument here is that many big-name producers are really just Pro Tools jockeys, and he's probably right.
Music prices are freefalling. Looks like they're making an effort.
I quote the article in full, below. A 4% drop does not qualify for "freefalling," nor does it seem like much of an effort. (I'm presuming this article is legit and not just an RIAA-sponsored smokescreen.)
$12.95 is too expensive for what you get on a CD. I'd be willing to pay maybe $1.99 for the average CD. $1.50 might be more reasonable, but I'd go as high as $1.99.
Report: Average CD Price Drops 4% in Q3 2004 to $12.95 Posted 15. November 2004 17:51
CD prices hit a new low in the third quarter of 2004, when the average retail price of a CD fell to $12.95, a 4% decline from the same period a year ago, according to data from New York-based market research firm NPD Group.
Your whole paradigm is wrong; music is not property.
Where this all ends: a new business model will be developed in which artists can make money making music. This will, in all likelihood, spell the end of the RIAA and music companies as we know them. The RIAA knows this, and is just trying to hold off that day as long as it can; Hilary Rosen (former head of RIAA) has admitted this in interviews.
If you want to "support your artists," then you shouldn't give money to the RIAA companies. Fact is that the vast majority of the money you pay for CDs doesn't go to the artists, but to the corporate coffers.
Want to support your artists? Send them a check, directly. Don't kid yourself into thinking that buying music at that mall CD store is doing them any good.
Why do we like breaking DRM? Because if I pay for something, I might want do things with it. You know, throw it on a few computers, play it in my stereo downstairs and also have a copy up at my summer home (I'm dreaming). The Constitution gives us that right, and calls it Fair Use. DRM attempts to defeat our constitutional rights, something that nerds don't like, you dig?
Ok, you're trolling and everyone knows it, but I'll bite anyway.
Music is not property. There is no provision in the US Constitution for considering music as property. And you cannot steal something if it isn't property.
The Constitution does provide for a temporary monopoly on creative works in order to motivate authors to do more creating.
Temporary monopoly: that's a far cry from some kind of authorization to treat music as property. And by the way, it's not "theft" if you still have your original "property." It's just copying.
What's wrong with that is that there is no support for your concepts in the US Constitution.
Quoting Supreme Court Justice Sandra Day O'Connor (lifted the quote from the hymns website):
"The primary objective of copyright is not to reward the labor of authors, but [t]o promote the Progress of Science and useful Arts... to this end, copyright assures authors the right to their original expression, but encourages others to build freely upon the ideas and information conveyed by a work. This result is neither unfair nor unfortunate. It is the means by which copyright advances the progress of science and art."
Among other things, it means if I buy a song, I have rights.
The website mentioned that the patents relate to encoding and not decoding (playback.)
Sorry if we all seem ungrateful, but give your reputation as a closet spyware company, it's going to be a while before we trust you. And there are enough smart people here not to be fooled for long by neat-o semantic tricks.
Or maybe you're doing this to press the issue of the MP3 patent. Press hard enough and maybe Fraunhofer (sp) will start suing the open source projects that support MP3, and then your spyware (aka Realplayer) will be the only allowable MP3 player on Linux.
What a brilliant scheme your lawyers have hatched.
Slashdot Mirror
And pay your $599 SCO license fee, you lazy slack-offs!
Pay your $599 license fee, you slack-off bastards!
To paraphrase him, Security is a mentality And that's about where the similarity ends. Bruce is qualified to write about how mentally challenged the TSA is because (as we can all agree) he's a smart guy. But electronic security and physical security don't share much more than the word "security" in their names. Protecting a network is absolutely nothing like protecting a country, and it's only Bruce's arrogance that leads him to think he has something to say about guarding borders. He doesn't.
Security through obscurity is not permanent.
You're right, of course. But MacOS X is not secure because it's obscure; it's secure because it was designed that way.
That isn't to say that there haven't been problems, or that there won't be in the future. But keep to the facts and look at the numbers, and you'll see a marked difference between a mac and a pc. Time will tell, ultimately.
Is it just me, or does it seem likely that the primary use of this nice offer will be for pr0n hosting?
I think this is an excellent result. You have more exposure to computers and do less well on some standardized test: exactly what you'd hope for.
Whoever died and said standardized tests were some kind of proof of anything (besides being good at taking standardized tests)? How many standardized tests have you taken as an adult? (MCSEs and CISSPs can keep their mouths shut; those tests are irrelevant, too.)
More importantly, what are you in school to learn, anyway? Facts and figures? Formulas? No.
You're in school to learn how to learn, and the sooner these idiots recognize that, the sooner they'll realize that these kids "fooling around" with computers probably know more about how to learn than the adults will ever know.
Haha. Btw, I was being sarcastic before.
Security starts with learning and experience You are absolutely right, it does. the best way to learn is to crash your machine before someone else does The third lesson: just because someone can theoretically crash your machine doesn't mean you have to worry about it. You cannot secure any box or network 100%, so you need to concern yourself with the most likely attacks.
Actually not so true. If I run apache and have some CGIs, and and of the CGIs allows you to write a file into the cgi-bin/ directory and give it +x, and then I execute that file (/cgi-bin/forkbomb) -- that's a remote exploit. All remote exploits have some component of locality.
According to the author, you must drop Debian immediately and switch to a *BSD. Otherwise you have just chosen usability over security. Horrors!
Thoughts:
The author is a BSD fanatic who is trying to disparage Linux without being obvious about it. He failed, even though he did try to cover his tracks by saying "Linux doesn't suck."
Resource exhaustion is not a serious issue when most/all Unix desktop machines are used by one person. And with servers -- either you tune your box or you have a nice big cluster. And you've secured it so that a script kiddie like the author can't run arbitrary forkbomb code.
Something "peeked" his interest? Does he really think it's spelled that way? Piqued! Reminds me of people writing about how the "ownness" is on someone. Onus! I fear for our future.
In the article comments on the original page, the author makes the point that choosing usability over security is not a very good idea. That's a common and sophomoric idea; the same people also try to say that security-by-obscurity is useless. In the real world, you have to make intelligent compromises, and here, keeping system limits liberal for practical purposes -- even while allowing forkbombing -- is often more important than being paranoid. If a user can forkbomb your server and actually do damage to your business or important hobby machine, you have other problems. Forkbomb-ability would be a symptom of a big underlying problem, not a problem itself.
(Security by obscurity is not something you should ever rely upon solely, but it doesn't hurt as part of an overall security plan.)
Fedora Core 3+ have SELinux turned on by fault. You should be able to set limits using this which are more effective than just using ulimit, but more flexible than compiling arbitrarily low limits into the kernel.
The forkbomb "problem" is not a kernel issue; it's a ulimit issue.
It is not practical to set resource limits radically low on an OS meant for general desktop use.
It is not practical to set resource limits radically low on an OS meant for general server use.
This author has never worked in the real world, or has been has wreaked havoc with his impractical ideas.
Also, he's a *BSD zealot; did I mention that? Has anyone told him the *BSDs are dying while Linux is bigger than ever? Hmm, maybe he's heard that, and that's why he wrote this FUD.
It didn't suck. Some of the effects shots were downright stunning -- if they were in an actual hollywood movie I'd be impressed.
The problem with fan productions always seems to be the acting; it reminds me of how the problem with open source GUI apps is always the GUI. It's the human part that the geeks have trouble getting right.
In the case of this trailer: the actors just don't look right for the parts, and their acting isn't very convincing. It's not horrible, just not good enough. There's a reason directors insist on take after take; a lot of the time it's so there is enough footage to piece together a decent scene.
Outside of the actual acted scenes, everything else looked superb and downright amazing -- including the live shots with the stormtroopers etc.
You're not writing textbooks, so if you have a point to make, you need to make it clear.
Worse, you don't know how to spell "independent." Use a dictionary, genius.
Worst of all, you mislead all of us when you bury the word "independent" in an otherwise inflamatory screed about how the artists get paid by iTunes and how we should all shut the fuck up.
Shut the fuck up.
Take another hit, man. That joint must be good.
.1%. So your estimate of 65 cents/download is way, way off.
Record companies make 99.9% of all profits on all music sold. Artists make
Also, the particulars of how each record company distributes profits is individual to the companies. Apple can't dictate that 65 cents goes to artists even it was feeling magnanimous. And all available evidence is to the contrary; artists frequently end up *owing* money to record companies unless they become Britney or Justin.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
This has to be a joke, right? It was Yoda who said that, and Mr. Spock is not a Doctor. Dr. Benjamin Spock was a pediatrician whose books were popular in the last century.
If you play Everquest, City of Heroes, Asheron's Call, or any of the other myriad MMORPGs, you don't need television.
But just watching TV, you can't be ganked. =:-O
It surprises me that they don't just compress upon saving. Text compresses really well. Shrug.
If I buy Pro Tools I'll be as good as Quincy Jones or Nile Rogers?
Perhaps not, but until Quincy and Nile start producing every album that's released, your point is pointless.
The guy's argument here is that many big-name producers are really just Pro Tools jockeys, and he's probably right.
Music prices are freefalling. Looks like they're making an effort.
I quote the article in full, below. A 4% drop does not qualify for "freefalling," nor does it seem like much of an effort. (I'm presuming this article is legit and not just an RIAA-sponsored smokescreen.)
$12.95 is too expensive for what you get on a CD. I'd be willing to pay maybe $1.99 for the average CD. $1.50 might be more reasonable, but I'd go as high as $1.99.
Report: Average CD Price Drops 4% in Q3 2004 to $12.95
Posted 15. November 2004 17:51
CD prices hit a new low in the third quarter of 2004, when the average retail price of a CD fell to $12.95, a 4% decline from the same period a year ago, according to data from New York-based market research firm NPD Group.
Is free the only fair price?
Your whole paradigm is wrong; music is not property.
Where this all ends: a new business model will be developed in which artists can make money making music. This will, in all likelihood, spell the end of the RIAA and music companies as we know them. The RIAA knows this, and is just trying to hold off that day as long as it can; Hilary Rosen (former head of RIAA) has admitted this in interviews.
People deserve whatever renumeration they can negotiate for their time, talent and effort.
People deserve whatever other people are willing to pay for their time, talents, and efforts.
In this case, that's close to nothing, mostly because of a lack of scarcity. End of story.
If you want to "support your artists," then you shouldn't give money to the RIAA companies. Fact is that the vast majority of the money you pay for CDs doesn't go to the artists, but to the corporate coffers.
Want to support your artists? Send them a check, directly. Don't kid yourself into thinking that buying music at that mall CD store is doing them any good.
Why do we like breaking DRM? Because if I pay for something, I might want do things with it. You know, throw it on a few computers, play it in my stereo downstairs and also have a copy up at my summer home (I'm dreaming). The Constitution gives us that right, and calls it Fair Use. DRM attempts to defeat our constitutional rights, something that nerds don't like, you dig?
Ok, you're trolling and everyone knows it, but I'll bite anyway.
Music is not property. There is no provision in the US Constitution for considering music as property. And you cannot steal something if it isn't property.
The Constitution does provide for a temporary monopoly on creative works in order to motivate authors to do more creating.
Temporary monopoly: that's a far cry from some kind of authorization to treat music as property. And by the way, it's not "theft" if you still have your original "property." It's just copying.
What's wrong with that is that there is no support for your concepts in the US Constitution.
... to this end, copyright assures authors the right to their original expression, but encourages others to build freely upon the ideas and information conveyed by a work. This result is neither unfair nor unfortunate. It is the means by which copyright advances the progress of science and art."
Quoting Supreme Court Justice Sandra Day O'Connor (lifted the quote from the hymns website):
"The primary objective of copyright is not to reward the labor of authors, but [t]o promote the Progress of Science and useful Arts
Among other things, it means if I buy a song, I have rights.
The website mentioned that the patents relate to encoding and not decoding (playback.)
Sorry if we all seem ungrateful, but give your reputation as a closet spyware company, it's going to be a while before we trust you. And there are enough smart people here not to be fooled for long by neat-o semantic tricks.
Or maybe you're doing this to press the issue of the MP3 patent. Press hard enough and maybe Fraunhofer (sp) will start suing the open source projects that support MP3, and then your spyware (aka Realplayer) will be the only allowable MP3 player on Linux.
What a brilliant scheme your lawyers have hatched.