I completely agree on your IP argument, but not the political argument (maybe this story should be in politics:) Beyond the absurd idea that conservatives only favor big corporations and liberals only favor "the people", there are very few politicians, liberal or conservative who aren't trying to create stronger IP laws. The DMCA passed unanimously (IIRC, there may have been a few dissenters). Both Replicans and Democrats voted for it en masse. It was signed by a Democrat president. I'm not trying to pick on either party here -- they're both guilty. And whenever both parties agree so completely on something, you know it has to be bad news:)
Besides, the biggest groups going after stronger IP laws are the RIAA and MPAA -- both Hollywood and big Democrat strongholds. If anything, the liberals are the ones leading leading the fight for stronger IP laws, not conservatives (though they're certainly going along with it).
Also, strong IP laws only help IP owners (mostly corporations, I'll admit, but not entirely). Most companies in this country do not make IP, and are only negatively affected by stronger IP laws. How many offices around the country would love to not pay for Windows, for example? I'm not advocating piracy, but there are a lot more companies paying for IP than there are making money off of IP. Many of those companies pay huge amounts of money for that IP. Strong IP laws do not favor big companies in general, they only favor those that control the IP.
In another perspective, think of prescription drugs. They're expensive for the same reason software is. The first pill is insanely expensive to make, but all the rest are relatively inexpensive. IP laws (patents in this case) protect the drug companies from "pirates" (who get the much nicer name of "generics" in the drug industry), but everyone else pays for that protection, big corporations and the little guy. We (Americans) put up with it because we not only want the current drug, but also the next one that will work even better. This is the same reason we generally accept IP laws for software and other media as well.
So, please don't think that conservatives somehow favor stronger IP laws more than liberals, or that big corporations benefit more from stronger IP laws than everyone else. Frankly, IP laws favor a select few, and IP laws have never been (and probably will never be) an election issue.
Another poster mentioned that you could use a simple "make" instead of "make World" to restart the build. IIRC, "make World" is the same something like "make Makefile Makefiles includes depends all" or something like that, so if you already got to the compiling (the "all"), redoing all the others would be wasteful.
I don't understand, however, why you think Imake is so bad. The project I'm on at work uses Imake to build the Makefiles, and it works wonderfully on 4 different platforms (Sun, SGI, Linux, and win32). We've probably tweaked it a lot, but for our purposes, it works very well. Realistically, Imake and autoconf try to solve the same problem (making Makefiles), but through different means. Imake uses a system of def files setup by the user to describe their platform and autoconf tries to guess by trying different things. As someone who uses Gentoo, I know that a great deal of time spent emerging (especially on smaller packages) is spent configuring. Sometimes, it can take longer to configure than it actually does to compile! It would be great if somehow that information could be captured (say in a def file) for use in all packages. Unfortunately, that's just not feasible, since it would require way too much cooperation between packages.
However, Imake can be extremely useful if you know how to use it. The project I mentioned before has thousands of Imakefiles, each of which are small and easy to manage. The Makefiles that are produced are at least 30K in size, and provide numerous make targets for different purposes. Since our systems are setup consistently (and make extensive use of NFS mounts, so common applications are always in the same place), Imake def files work great for the minimal time we spent setting them up.
Imake may not work great for open source projects since the target platforms can be extremely varied, but that doesn't mean it's a "piece of shit". It's a useful tool that unfortunately doesn't quite fit the requirements of the open source world.
I think you're right. They said it was about 60,000 movies. Well, at 700 MB/movie (can't fit more than that on a standard CDR), that's 42,000,000 MB == 41015.625 GB == 40.05 TB. While 40 TB is still a lot, it's a far cry from 40 PB.
Have you tried PuTTY? Whenever I happen to find myself on Windows and need to ssh, that's the first (and usually only) thing I think of. Just Feel Lucky for putty at google and it'll take you right there. And the best thing about PuTTY is that it doesn't require any sort of install -- just download and run. I've yet to find a simpler and more feature complete SSH client for Windows.
Thanks for the great link! That was one of the funniest things I've read in a while. Sure the sarcasm was subtle, but it was so over the top, the author couldn't have been serious. I especially liked the part about how it's wrong and dehumanizing to order troops around and "make 'em do anything". And comparing all Christians to Nazis was a nice touch, too. Really put it over the top.
What? The author was serious? Wow... and I thought Bush was an idiot.
Now watch me get modded down as a troll for mocking something posted on the great Michael Moore's website. Actually, the author did make some good points, but so much of it was such an extreme liberal rant with no basis in reality that anything valid was obscured. But I guess even raving lunatics can say something profound every once in a while.
I was actually thinking about this the other day, and realized that Stargate would make a very interesting MMORPG. Lots of different worlds and races, and a lot of conflict to induce fights. The biggest disadvantage is that there aren't a lot of classes (fighter, medic, scientist, anything else?) and no real magic system (though varying levels of technology could be considered magic).
I have an ftp port open using the Microsoft/IIS ftp server.
I guess you can chalk not being hacked up to shear luck, since every time you use your FTP server remotely, you're sending your username and password in the clear. This is nothing specific to Microsoft -- every FTP server is like this (except SFTP, of course). You really should consider using SSH and SCP instead. For Windows, I'd recommend using Cygwin's version of OpenSSH (plus, that gives you a working shell program, as opposed to the atrocity that is cmd.exe).
Personally, my Linux box has been directly connected to the Internet for the last 6 years, and it's never been hacked either. I see the occasional SSH login attempt (that's been happening a lot lately, probably some script since it's always the same user like 'test' and 'admin' and 'root'), and the occasional port scan, but nothing serious. But you're right -- if you don't look like an easy target or make some wrong enemies online, you should be fairly safe.
While I agree that Win2k and XP are usually very stable, Microsoft's choice to disable the BSOD is, quite frankly, disingenuous, and causes people like the poster above to say things like the "BSOD is history". Sure, it's history because most people don't see it anymore -- their computer just spontaneously reboots. I know that was one of the first things I changed back when I upgraded to 2k (though to be fair to MS, I don't think it ever did BSOD, except when I had some bad memory, and that's hardly Windows' fault). If Windows dies, I want to know that. If the computer just reboots, I start thinking there's some sort of weird hardware problem. I don't know if that was Microsoft's intention, or if it was to just reduce the number of appearences of BSOD's to the general public.
In any case, it doesn't really matter to me, since I only run Linux at home now:)
...more people hit the highways the government stepped in and started requiring everyone to at least show a basic level of competence before getting behind the wheel.
So we should license Internet users, or at least license the people responsible for connecting a machine to the Internet? That's an idea that's been floated before, but I don't think it's ever gone anywhere (the intellectuals don't like it because it goes against freedom, and the idiots don't like it because then they couldn't get teh Intarweb). Personally, I'm not firmly against an idea like this, but I think it would be difficult to implement.
If we're going to let any person connect to it, we need to put systems in place to protect those people from the predators that exist there.
Wow. Of course, the people you say are the ones who need protecting are the ones I would call the predators -- after all, they're the ones launching attacks against my machines, and probably infecting others. Though really the term "zombie" applies, since they aren't really in control of their actions, but there still are a lot of them causing trouble. Maybe it's a little unfair to blame them for being "bitten" so to speak, but then again, a great many of them don't seem to care or try to fix the situation.
Grandma's now got Bebopper installed. Whose fault is it now? Grandma?
Yep, she installed the software, and if it tries to attack other people, then its her responsibility. A computer cannot think on its own. If you own a computer and it does something, it is acting on your behalf, and you should be responsible for its actions.
If good old Grandma got a letter in the mail that said in order to read the greeting card from her son she had to breath this white powder, do you think she'd do it? It should be common sense (though often it's not), that installing untrusted binaries from just anywhere is risky behavior. If we started educating these Grandmas instead of treating them (and everyone else) like children, maybe we wouldn't have so many problems.
That includes the admins of the e-mail systems of ISPs.
How many ISPs have had their email systems compromised by viruses or worms? Unless they happen to be using Exchange as a mail server (and I can't think of a good reason for an ISP to do that), I'd guess not many. And I don't blame mail admins for not stripping out various attachments that users open and infect themselves with. Especially now that many worms have started putting themselves in encrypted zip files to prevent detection, and users still find a way to get infected (and yet somehow, Linux is too hard to use for the average person:) ). If we start placing blame on mail admins, how long until we start expecting Internet routers to filter out worms? (which will fundamentally break the Internet even more, btw -- the middle of the Internet is supposed to be a bunch of dumb routers, not smart filters)
Maybe if there were some reprocussions for distributing worms and viruses, including those who were infected by the malware, people might start being more careful with their systems (or start using systems less likely to be infected). Let's face it -- people with systems at home connected to the Internet are responsible for their own administration. If they can't do that, then they need to pay someone to do it for them, not claim that they're not responsible.
Now watch me get flamed for suggesting that poor, "innocent" Grandma on her cable connection should be held responsible for the attacks her computer launches on other Internet hosts...
Oh, come on. Do you really believe that the bloated piece of junk known as Netscape 4 was somehow better than IE4? Microsoft may have cheated in the first browser wars, but Netscape sure helped by putting out a terrible product. (Of course, anyone who claims that IE is still the superior browser is clearly deluding themselves.)
It will take similar bad decisions by Google for MS to gain the upper hand in searching. "Google" is practically a verb (though I'm sure Google's lawyers don't like that), and that sort of mindshare is very difficult to topple.
And so what if MSN gets a bigger marketshare? Google isn't going away as long as there are people using it (and thus people buying ads on it). The only "risk" is that MSN's search will be better than Google, but it's up to Google to compete to make sure that doesn't happen. As long as Google provides value to Internet users, there will be people who use it (and advertisers to advertise to them).
How do you know it wasn't one of the worms that sends itself in a password protected (i.e., encrypted enough to prevent trivial scanning) zip file? Should mail admins ban all ZIP files now?
Personally, I'm annoyed when I can't send EXE files to people. A guy at work once asked me to build an EXE for him (he didn't have a development environment setup), but to send it to him, I had to change the extension. Nothing big, but annoying. I don't really blame the admins, since the real fault lies with the idiots that blindly run stuff they receive in the mail. I wonder if those idiots received an envelope filled with white powder how many would taste some it?
More, on topic, these types of phishing scams aren't limited to email. I've gotten several official looking letters, some masquerading as late notices to bills, trying to get me to sign up for various forms of insurance. I often get telemarketing calls (just got a new number and the DNC list hasn't kicked in for it yet) trying to get me to sign up for some scam or another (though they would call it marketing, it's just a scam to try to get my money). And these are more or less legitimate companies preying on people.
...it doesn't follow that all users are developers.
True enough. I was responding to the idea that the OSS developers need more contact with the users. I claim the developers are the users, though you're right, there are other users who aren't developers. And projects that try to cater to that latter group of users should try to get lots of contact with them.
As far as OSS kicking Windows off the desktop, that will never happen until major OEMs ship all new computers with Linux. If that happened, Windows would lose dominence practically overnight, but for a number of reasons (consumer education and expectation being primary among them), I don't see that happening anytime soon.
As a side note, I don't mind being in the extreme minority here. Helps keep the dredge of society (spammers/scammers/malware writers/marketers) generally away since I'm not worth the effort (spammers still send me mail, but they don't try to trojan my machine). Of course, this is why I'm sure to thank all diehard IE users for taking the numerous bullets for me:)
Acrobat takes down the web browser, and somehow that's Windows's fault?
In the same way OpenOffice not being able to perfectly read a Word file is somehow Gnome's fault, or a great hinderence to its success. I think that was the OP's point.
I'm not too impressed by this review, especially this comment (which the OP also hit on):
If the Microsoft Word document someone emails the user must be opened in an application that does not display it correctly, the user will assume that the system is at fault.
Then why do users blame me when I send them OpenOffice sxw files? Or blame me when I PGP/MIME sign my mail and their client doesn't know how to handle the signature? I think user's expectations are a little out of whack in that they expect Windows and MS software to always do the right thing (but they aren't surprised when it doesn't), and expect Linux to be broken and buggy. Now, I'm not immune to that -- I'm usually surprised when I can do something new in Linux with minimal hassle, but a lot of these usability studies assume a fundamental knowledge of Windows, and if the system isn't Windows like and doesn't mimic Windows software perfectly, it doesn't pass muster.
Linux (and Gnome/KDE and other software) do not have to be clones of Windows to be good. In fact, I'd prefer if they weren't:)
What you're talking about isn't a usability problem per se, but an interface difference. And you're right -- Linux and Linux programs are different from Windows. KDE is similar, but it's not the same. And it will never be. Some things will always be different -- either because of design differences or because Windows just does the wrong thing. And that's not a bad thing either.
For me, the best way to really learn Linux is two get a second computer and put Linux on it (if you're really adventerous, put it on your only computer, but I wouldn't recommend that). Don't dual (or as I call it "duel") boot, because you'll always fall into the trap of "I know how to do this in Windows, so I'll just use that". There's still that temptation with two computers, but IMO, it's not as bad since you still have the Linux one up to use. Gradually, you'll learn more and more about Linux and how it operates (it actually is fairly logical and intuitive -- just not the same as Windows).
You may want to use something like Putty to ssh to the Linux computer from Windows and use both at the same time. You'll learn about Linux while using the more comfortable (for you) Windows GUI.
One other thing to remember -- you can't hurt the Linux computer while you're not root (unless, as root, you give your user account permission to hurt it). So don't be afraid to poke around (especially in places like/proc) to learn more.
Personally, I don't think Linux has as many usability problems (at least not in general) as people claim. After all, most Linux softare is OSS, and most OSS developers actually use the software they're developing. So, the developers are the users. In that case there is tremendous user feedback and interaction in the development of OSS. It may not be usable for everyone (it may not even be usable for most people), but it is usable for someone. For example, gcc is a very difficult to use program. In fact, most developers rarely execute it directly, except for very simple compilations. Usually, the gcc command line is built by make through a Makefile (at work, we use imake to make exceedingly complex Makefiles from Imakefiles). Some compile command lines can be dozens of terminal lines long, and would be difficult to type in by hand. But gcc (and other compilers) are powerful tools intended only for experts. They really aren't intended for average users, and thus don't need to be usable for them. But they are usable (or usable enough) for developers, and work exactly as developers want.
I think most of the perceived usability problems with Linux (and KDE/Gnome/etc) are because of different expectations by the users. KDE and Gnome are certainly very usable (I only run Linux at home now). But different expectations lead to this perceived "crisis" in usability that can apparently be fixed (I'm not sure it can ever be completely addressed). While some tools could use improvement (especially integrating with hardware), there are a lot of tools that do have good (or at least usable) interfaces.
Hmm... I'm pretty sure that everyone (myself included) is overreacting to each other's posts. I never advocated not having firewalls at all -- only that throwing one big firewall in front of users (no matter how clueless) whose machines are not owned by the firewall owner was a stopgap measure at best and uncalled for at worst. I never said (or meant to say) that software firewalls for your system were a bad thing (I only have a select few ports open on my system), or that hardware firewalls for your own equipment was a bad thing. But firewalling people who purchase Internet service from you isn't very nice.
The other thing I take issue with is the assumption is that a public IP is somehow a security hole. Perhaps it's a security risk and it may be risky to put some systems on a public, unfirewalled IP, but it's not inherently a hole as the OP claimed.
Finally, I agree that prevention is the best method. That's why I advocated user education over babying college students (shouldn't those be the most able to learn??) by slapping a big firewall in front of all of them.
Heh, my comment was overrated, and this is informative? Must be a few BOFH's with mod points today. Or maybe people who don't like my more libertarian bent.
Any unfettered access to ports that aren't being used IS a security disaster, period.
Uh, huh. And who exactly is IS? That's much easier to define in a corporate setting than in an educational setting. Frankly, for an individual user, they are IS for themselves. Maybe this isn't a good thing if they can't handle it, but that's the way it is. Just deciding that you're going to take that away from everyone because a few (well, ok, most) can't handle it is not the right way to go.
This practice by ISP's is one of the biggest reasons beyond Microsoft for the spread of Code Red, Blaster and all the other IP scanning worms/viruses out there.
LOL! And somehow, it's not the user's fault for running an insecure system, or Microsoft's fault for providing said insecure system? You're right. The ISP should be "protecting" the users from the big, bad Internet. And they shouldn't run servers or contribute to teh intarweb either. It should really be more like TV.
And I'm not sure how it's rediculous that user's be responsible for their actions or their computer's security online. It sure isn't their provider's responsibility like you're advocating. Quite frankly, you're responsible for anything your computer does. It's acting on your behalf. If it's spreading some worm or virus, IMO, that's the same as you spreading it. A couple of arrests of infected people might just convince users they should start taking security a little more seriously. We don't let people drive around on public roads with cars spewing pollution -- why do we let people connect to our (mostly) public Internet spewing digital pollution?
Here is a cluestick for you--NAT.
Are you seriously advocating NAT as the end all, be all of security? Sure, I use it myself, but I don't delude myself into thinking that it protects from everything! It does make stuff harder, that's true, but it's not fullproof. You can't assume that the inside is trusted, or that something can't get through by other means. The web server itself should make sure it rejects packets to port 7754. Or do you firewall every machine separately, just in case?
Cluestick #2--VPN.
Ah, the Windows solution. Judging from your post, that must be what you use, since you seem to think that there's just no possiblity that a computer could be secure by itself (here's a cluestick -- most UNIX systems are very secure provided they are properly maintained). And it's not like thousands of worms and viruses haven't been transmitted through the supposedly secure VPN before. Finally, I'm not sure what magical VPN setup you're using, but there has to be at least one server with a public IP to take the intial connection! How is that different from ssh'ing to the server in the first place?
In short, your post seems to advocate a lot of technologies that bandaid over problems without addressing the core issues. First, systems should be secure by themselves. Those that aren't should be taken off the Internet and fixed, or at least quarentened to a firewalled area (yes, there are legitmate uses for firewalls -- I was arguing that a big firewall around the whole school was stupid). Second, users must be educated. Users who don't know what they're doing are the biggest security hole, no matter what other precautions are taken. Placing a big firewall over everything means that users won't be educated, and security violations are more likely to take place in the future. It's a stopgap measure that will work for a while (unless it's an inside job), but will probably introduce bigger problems in the long run.
-All students getting unfirewalled public IPs (I shit you not)
I shit you not, this is not a security hole -- this is how the Internet works! I get an unfirewalled, public IP from my ISP. In fact, that's the primary reason I pay them. The same thing was true when I was in college. It is up to the student to make sure they're protected. If they can't do that (or pay someone to do it for them), then they shouldn't be online.
-All servers having unfirewalled public IPs
Um, firewalled servers with private IPs aren't exactly very useful. If www.university.edu isn't pointed at a webserver with a public IP listening on port 80, people have a hard time getting to it. And any decent webserver shouldn't need a "firewall" since it would be secure itself.
Even other resources such as UNIX servers are desirable to access off campus. Not everyone is on campus 24/7. Professors and students who live off campus might want to do work from home. If they can't get the the server, that's a problem.
Your other problems are legitimate.
The result? A firewall was installed in a matter of days and public IPs went private.
That's so sad. How much stuff was broken because of this? How many people were running servers before that now couldn't? Totally the wrong solution to a perceived, but not true, problem. This is the Internet equivalent of burning books you don't like. Putting up a firewall solves nothing -- it's just a band-aid on the real problem of Internet users ignorant (not in a bad way) of security. Why didn't you (or the university) try to educate them? That would have been the correct solution to the problem.
What if I send out a message claiming to be from you and don't sign it? How does your email server know that my message is forged?
That's a very good point, and I see that difference now. However, I'd argue that this is a matter of policy. Public PGP keys are published just like SPF records are, so if you send a message with my address, but don't sign it, whatever verifier will see that I have a public key, but didn't sign the message, and then do whatever is necessary from there based on the receiver's policy (bounce or accept). But I do see your point.
Maybe we need an SPF for the PGP record (signed by the public key, of course) in the PKI. The interesting thing about that is that it would be per user and not per domain. So bob@example.com maybe works from home, so he adds his home and work mail server IPs to the SPF list of his PGP record, while fred@example.com never mails from home, so only has the work IP in his SPF list.
Hmmm... I'm going to have to think about this one...
PGP is just as good a method for spam fighting as SPF. It gives you the same information -- the difference is what you do with it. I think we agree that in the absence of either a PGP signature or an SPF record, normal filtering rules apply, and this case isn't really interesting. The question is what to do with an SPF or PGP success or failure.
With SPF success, the mail is accepted as usual, and with SPF failure, the message is (I assume) bounced. Correct me if that's incorrect.
With PGP success (verified signature), the mail is accepted and authenticated. With PGP failure (bad verification), then the message is almost certainly forged (who would incorrectly sign a legitmate message?). There is a third case where the message is signed, but the public key is not available. However, this case is essentially the same as the not having a signature at all, so it doesn't really apply (it would be the same as having a malformed SPF record).
Your contention is that !authentic != forged, which is not true. You're right that PGP and SPF attempt to solve the different problems you identified, but I don't think that end result is any different. PGP and other crypto signature schemes were explicitly designed to detect forgery -- that's why they're there! If a message fails PGP, it is not authentic, and therefore forged (or otherwise can't be trusted).
Setting up the PKI and getting everyone to use PGP is a tremendous task, but it is worth it, since PGP has a number of benefits (such as encryption) and very few of the disadvantages of SPF (mail forwarding is broken). It's only real disadvantage is the inherent loss of anonymity, though that is lessened since nothing necessairly ties a PGP key to a real person.
...more like this crappy insecure non-authenticated protocol called SMTP would die.
Well, then, why don't you authenticate? Until you start PGP/MIME signing all your emails, you have no place to complain about SMTP's "insecurities". HTTP is just as "insecure", but people use it for web commerce every day. How? They added a level of security over the HTTP transport layer. Do the same with SMTP. SMTP works just fine, and will never be replaced (and if by some chance it is, the replacement will have the same vulnerabilities).
The first step to ending spam is PGP/MIME signing your email. If everyone did that, the spammers would quickly be out of business. Even if they *did* sign their emails, it would take more processor time (think hashcash) and would be more easily filterable.
Slashdot Mirror
I completely agree on your IP argument, but not the political argument (maybe this story should be in politics :) Beyond the absurd idea that conservatives only favor big corporations and liberals only favor "the people", there are very few politicians, liberal or conservative who aren't trying to create stronger IP laws. The DMCA passed unanimously (IIRC, there may have been a few dissenters). Both Replicans and Democrats voted for it en masse. It was signed by a Democrat president. I'm not trying to pick on either party here -- they're both guilty. And whenever both parties agree so completely on something, you know it has to be bad news :)
Besides, the biggest groups going after stronger IP laws are the RIAA and MPAA -- both Hollywood and big Democrat strongholds. If anything, the liberals are the ones leading leading the fight for stronger IP laws, not conservatives (though they're certainly going along with it).
Also, strong IP laws only help IP owners (mostly corporations, I'll admit, but not entirely). Most companies in this country do not make IP, and are only negatively affected by stronger IP laws. How many offices around the country would love to not pay for Windows, for example? I'm not advocating piracy, but there are a lot more companies paying for IP than there are making money off of IP. Many of those companies pay huge amounts of money for that IP. Strong IP laws do not favor big companies in general, they only favor those that control the IP.
In another perspective, think of prescription drugs. They're expensive for the same reason software is. The first pill is insanely expensive to make, but all the rest are relatively inexpensive. IP laws (patents in this case) protect the drug companies from "pirates" (who get the much nicer name of "generics" in the drug industry), but everyone else pays for that protection, big corporations and the little guy. We (Americans) put up with it because we not only want the current drug, but also the next one that will work even better. This is the same reason we generally accept IP laws for software and other media as well.
So, please don't think that conservatives somehow favor stronger IP laws more than liberals, or that big corporations benefit more from stronger IP laws than everyone else. Frankly, IP laws favor a select few, and IP laws have never been (and probably will never be) an election issue.
Another poster mentioned that you could use a simple "make" instead of "make World" to restart the build. IIRC, "make World" is the same something like "make Makefile Makefiles includes depends all" or something like that, so if you already got to the compiling (the "all"), redoing all the others would be wasteful.
I don't understand, however, why you think Imake is so bad. The project I'm on at work uses Imake to build the Makefiles, and it works wonderfully on 4 different platforms (Sun, SGI, Linux, and win32). We've probably tweaked it a lot, but for our purposes, it works very well. Realistically, Imake and autoconf try to solve the same problem (making Makefiles), but through different means. Imake uses a system of def files setup by the user to describe their platform and autoconf tries to guess by trying different things. As someone who uses Gentoo, I know that a great deal of time spent emerging (especially on smaller packages) is spent configuring. Sometimes, it can take longer to configure than it actually does to compile! It would be great if somehow that information could be captured (say in a def file) for use in all packages. Unfortunately, that's just not feasible, since it would require way too much cooperation between packages.
However, Imake can be extremely useful if you know how to use it. The project I mentioned before has thousands of Imakefiles, each of which are small and easy to manage. The Makefiles that are produced are at least 30K in size, and provide numerous make targets for different purposes. Since our systems are setup consistently (and make extensive use of NFS mounts, so common applications are always in the same place), Imake def files work great for the minimal time we spent setting them up.
Imake may not work great for open source projects since the target platforms can be extremely varied, but that doesn't mean it's a "piece of shit". It's a useful tool that unfortunately doesn't quite fit the requirements of the open source world.
No, no, the code had to work :)
(This is mostly a joke, but I do use the reboot button on my iPaq much more than several of the other buttons)
I think you're right. They said it was about 60,000 movies. Well, at 700 MB/movie (can't fit more than that on a standard CDR), that's 42,000,000 MB == 41015.625 GB == 40.05 TB. While 40 TB is still a lot, it's a far cry from 40 PB.
Another incompatible instant messaging system? Ick. I'd much prefer people just started using Jabber instead.
Have you tried PuTTY? Whenever I happen to find myself on Windows and need to ssh, that's the first (and usually only) thing I think of. Just Feel Lucky for putty at google and it'll take you right there. And the best thing about PuTTY is that it doesn't require any sort of install -- just download and run. I've yet to find a simpler and more feature complete SSH client for Windows.
Actually, I heard something like what the original poster said on NPR the other day. And a quick Google News search reveals more sources:
4 35-2004Jul26.html o nid=1258&storyid=1787674
http://www.washingtonpost.com/wp-dyn/articles/A16
http://dailytelegraph.news.com.au/story.jsp?secti
So, yes, invading Iraq and overthrowing Saddam, even if done for the wrong reasons, did actually have some good consequences.
You're not familar with Vonnegut are you? He was ... being sarcastic and satirical in that essay.
No, I'm not familiar with the author's work. If that is the case, then I take back what I said in my previous post.
Thanks for the great link! That was one of the funniest things I've read in a while. Sure the sarcasm was subtle, but it was so over the top, the author couldn't have been serious. I especially liked the part about how it's wrong and dehumanizing to order troops around and "make 'em do anything". And comparing all Christians to Nazis was a nice touch, too. Really put it over the top.
What? The author was serious? Wow... and I thought Bush was an idiot.
Now watch me get modded down as a troll for mocking something posted on the great Michael Moore's website. Actually, the author did make some good points, but so much of it was such an extreme liberal rant with no basis in reality that anything valid was obscured. But I guess even raving lunatics can say something profound every once in a while.
I was actually thinking about this the other day, and realized that Stargate would make a very interesting MMORPG. Lots of different worlds and races, and a lot of conflict to induce fights. The biggest disadvantage is that there aren't a lot of classes (fighter, medic, scientist, anything else?) and no real magic system (though varying levels of technology could be considered magic).
I have an ftp port open using the Microsoft/IIS ftp server.
I guess you can chalk not being hacked up to shear luck, since every time you use your FTP server remotely, you're sending your username and password in the clear. This is nothing specific to Microsoft -- every FTP server is like this (except SFTP, of course). You really should consider using SSH and SCP instead. For Windows, I'd recommend using Cygwin's version of OpenSSH (plus, that gives you a working shell program, as opposed to the atrocity that is cmd.exe).
Personally, my Linux box has been directly connected to the Internet for the last 6 years, and it's never been hacked either. I see the occasional SSH login attempt (that's been happening a lot lately, probably some script since it's always the same user like 'test' and 'admin' and 'root'), and the occasional port scan, but nothing serious. But you're right -- if you don't look like an easy target or make some wrong enemies online, you should be fairly safe.
While I agree that Win2k and XP are usually very stable, Microsoft's choice to disable the BSOD is, quite frankly, disingenuous, and causes people like the poster above to say things like the "BSOD is history". Sure, it's history because most people don't see it anymore -- their computer just spontaneously reboots. I know that was one of the first things I changed back when I upgraded to 2k (though to be fair to MS, I don't think it ever did BSOD, except when I had some bad memory, and that's hardly Windows' fault). If Windows dies, I want to know that. If the computer just reboots, I start thinking there's some sort of weird hardware problem. I don't know if that was Microsoft's intention, or if it was to just reduce the number of appearences of BSOD's to the general public.
:)
In any case, it doesn't really matter to me, since I only run Linux at home now
...more people hit the highways the government stepped in and started requiring everyone to at least show a basic level of competence before getting behind the wheel.
So we should license Internet users, or at least license the people responsible for connecting a machine to the Internet? That's an idea that's been floated before, but I don't think it's ever gone anywhere (the intellectuals don't like it because it goes against freedom, and the idiots don't like it because then they couldn't get teh Intarweb). Personally, I'm not firmly against an idea like this, but I think it would be difficult to implement.
If we're going to let any person connect to it, we need to put systems in place to protect those people from the predators that exist there.
Wow. Of course, the people you say are the ones who need protecting are the ones I would call the predators -- after all, they're the ones launching attacks against my machines, and probably infecting others. Though really the term "zombie" applies, since they aren't really in control of their actions, but there still are a lot of them causing trouble. Maybe it's a little unfair to blame them for being "bitten" so to speak, but then again, a great many of them don't seem to care or try to fix the situation.
Grandma's now got Bebopper installed. Whose fault is it now? Grandma?
Yep, she installed the software, and if it tries to attack other people, then its her responsibility. A computer cannot think on its own. If you own a computer and it does something, it is acting on your behalf, and you should be responsible for its actions.
If good old Grandma got a letter in the mail that said in order to read the greeting card from her son she had to breath this white powder, do you think she'd do it? It should be common sense (though often it's not), that installing untrusted binaries from just anywhere is risky behavior. If we started educating these Grandmas instead of treating them (and everyone else) like children, maybe we wouldn't have so many problems.
While I agree with you...
:) ). If we start placing blame on mail admins, how long until we start expecting Internet routers to filter out worms? (which will fundamentally break the Internet even more, btw -- the middle of the Internet is supposed to be a bunch of dumb routers, not smart filters)
That includes the admins of the e-mail systems of ISPs.
How many ISPs have had their email systems compromised by viruses or worms? Unless they happen to be using Exchange as a mail server (and I can't think of a good reason for an ISP to do that), I'd guess not many. And I don't blame mail admins for not stripping out various attachments that users open and infect themselves with. Especially now that many worms have started putting themselves in encrypted zip files to prevent detection, and users still find a way to get infected (and yet somehow, Linux is too hard to use for the average person
Maybe if there were some reprocussions for distributing worms and viruses, including those who were infected by the malware, people might start being more careful with their systems (or start using systems less likely to be infected). Let's face it -- people with systems at home connected to the Internet are responsible for their own administration. If they can't do that, then they need to pay someone to do it for them, not claim that they're not responsible.
Now watch me get flamed for suggesting that poor, "innocent" Grandma on her cable connection should be held responsible for the attacks her computer launches on other Internet hosts...
Oh, come on. Do you really believe that the bloated piece of junk known as Netscape 4 was somehow better than IE4? Microsoft may have cheated in the first browser wars, but Netscape sure helped by putting out a terrible product. (Of course, anyone who claims that IE is still the superior browser is clearly deluding themselves.)
It will take similar bad decisions by Google for MS to gain the upper hand in searching. "Google" is practically a verb (though I'm sure Google's lawyers don't like that), and that sort of mindshare is very difficult to topple.
And so what if MSN gets a bigger marketshare? Google isn't going away as long as there are people using it (and thus people buying ads on it). The only "risk" is that MSN's search will be better than Google, but it's up to Google to compete to make sure that doesn't happen. As long as Google provides value to Internet users, there will be people who use it (and advertisers to advertise to them).
How do you know it wasn't one of the worms that sends itself in a password protected (i.e., encrypted enough to prevent trivial scanning) zip file? Should mail admins ban all ZIP files now?
Personally, I'm annoyed when I can't send EXE files to people. A guy at work once asked me to build an EXE for him (he didn't have a development environment setup), but to send it to him, I had to change the extension. Nothing big, but annoying. I don't really blame the admins, since the real fault lies with the idiots that blindly run stuff they receive in the mail. I wonder if those idiots received an envelope filled with white powder how many would taste some it?
More, on topic, these types of phishing scams aren't limited to email. I've gotten several official looking letters, some masquerading as late notices to bills, trying to get me to sign up for various forms of insurance. I often get telemarketing calls (just got a new number and the DNC list hasn't kicked in for it yet) trying to get me to sign up for some scam or another (though they would call it marketing, it's just a scam to try to get my money). And these are more or less legitimate companies preying on people.
...it doesn't follow that all users are developers.
:)
True enough. I was responding to the idea that the OSS developers need more contact with the users. I claim the developers are the users, though you're right, there are other users who aren't developers. And projects that try to cater to that latter group of users should try to get lots of contact with them.
As far as OSS kicking Windows off the desktop, that will never happen until major OEMs ship all new computers with Linux. If that happened, Windows would lose dominence practically overnight, but for a number of reasons (consumer education and expectation being primary among them), I don't see that happening anytime soon.
As a side note, I don't mind being in the extreme minority here. Helps keep the dredge of society (spammers/scammers/malware writers/marketers) generally away since I'm not worth the effort (spammers still send me mail, but they don't try to trojan my machine). Of course, this is why I'm sure to thank all diehard IE users for taking the numerous bullets for me
Acrobat takes down the web browser, and somehow that's Windows's fault?
:)
In the same way OpenOffice not being able to perfectly read a Word file is somehow Gnome's fault, or a great hinderence to its success. I think that was the OP's point.
I'm not too impressed by this review, especially this comment (which the OP also hit on):
If the Microsoft Word document someone emails the user must be opened in an application that does not display it correctly, the user will assume that the system is at fault.
Then why do users blame me when I send them OpenOffice sxw files? Or blame me when I PGP/MIME sign my mail and their client doesn't know how to handle the signature? I think user's expectations are a little out of whack in that they expect Windows and MS software to always do the right thing (but they aren't surprised when it doesn't), and expect Linux to be broken and buggy. Now, I'm not immune to that -- I'm usually surprised when I can do something new in Linux with minimal hassle, but a lot of these usability studies assume a fundamental knowledge of Windows, and if the system isn't Windows like and doesn't mimic Windows software perfectly, it doesn't pass muster.
Linux (and Gnome/KDE and other software) do not have to be clones of Windows to be good. In fact, I'd prefer if they weren't
What you're talking about isn't a usability problem per se, but an interface difference. And you're right -- Linux and Linux programs are different from Windows. KDE is similar, but it's not the same. And it will never be. Some things will always be different -- either because of design differences or because Windows just does the wrong thing. And that's not a bad thing either.
/proc) to learn more.
:)
For me, the best way to really learn Linux is two get a second computer and put Linux on it (if you're really adventerous, put it on your only computer, but I wouldn't recommend that). Don't dual (or as I call it "duel") boot, because you'll always fall into the trap of "I know how to do this in Windows, so I'll just use that". There's still that temptation with two computers, but IMO, it's not as bad since you still have the Linux one up to use. Gradually, you'll learn more and more about Linux and how it operates (it actually is fairly logical and intuitive -- just not the same as Windows).
You may want to use something like Putty to ssh to the Linux computer from Windows and use both at the same time. You'll learn about Linux while using the more comfortable (for you) Windows GUI.
One other thing to remember -- you can't hurt the Linux computer while you're not root (unless, as root, you give your user account permission to hurt it). So don't be afraid to poke around (especially in places like
Personally, I don't think Linux has as many usability problems (at least not in general) as people claim. After all, most Linux softare is OSS, and most OSS developers actually use the software they're developing. So, the developers are the users. In that case there is tremendous user feedback and interaction in the development of OSS. It may not be usable for everyone (it may not even be usable for most people), but it is usable for someone. For example, gcc is a very difficult to use program. In fact, most developers rarely execute it directly, except for very simple compilations. Usually, the gcc command line is built by make through a Makefile (at work, we use imake to make exceedingly complex Makefiles from Imakefiles). Some compile command lines can be dozens of terminal lines long, and would be difficult to type in by hand. But gcc (and other compilers) are powerful tools intended only for experts. They really aren't intended for average users, and thus don't need to be usable for them. But they are usable (or usable enough) for developers, and work exactly as developers want.
I think most of the perceived usability problems with Linux (and KDE/Gnome/etc) are because of different expectations by the users. KDE and Gnome are certainly very usable (I only run Linux at home now). But different expectations lead to this perceived "crisis" in usability that can apparently be fixed (I'm not sure it can ever be completely addressed). While some tools could use improvement (especially integrating with hardware), there are a lot of tools that do have good (or at least usable) interfaces.
Anyway, sorry for the rant
Hmm... I'm pretty sure that everyone (myself included) is overreacting to each other's posts. I never advocated not having firewalls at all -- only that throwing one big firewall in front of users (no matter how clueless) whose machines are not owned by the firewall owner was a stopgap measure at best and uncalled for at worst. I never said (or meant to say) that software firewalls for your system were a bad thing (I only have a select few ports open on my system), or that hardware firewalls for your own equipment was a bad thing. But firewalling people who purchase Internet service from you isn't very nice.
The other thing I take issue with is the assumption is that a public IP is somehow a security hole. Perhaps it's a security risk and it may be risky to put some systems on a public, unfirewalled IP, but it's not inherently a hole as the OP claimed.
Finally, I agree that prevention is the best method. That's why I advocated user education over babying college students (shouldn't those be the most able to learn??) by slapping a big firewall in front of all of them.
Heh, my comment was overrated, and this is informative? Must be a few BOFH's with mod points today. Or maybe people who don't like my more libertarian bent.
Any unfettered access to ports that aren't being used IS a security disaster, period.
Uh, huh. And who exactly is IS? That's much easier to define in a corporate setting than in an educational setting. Frankly, for an individual user, they are IS for themselves. Maybe this isn't a good thing if they can't handle it, but that's the way it is. Just deciding that you're going to take that away from everyone because a few (well, ok, most) can't handle it is not the right way to go.
This practice by ISP's is one of the biggest reasons beyond Microsoft for the spread of Code Red, Blaster and all the other IP scanning worms/viruses out there.
LOL! And somehow, it's not the user's fault for running an insecure system, or Microsoft's fault for providing said insecure system? You're right. The ISP should be "protecting" the users from the big, bad Internet. And they shouldn't run servers or contribute to teh intarweb either. It should really be more like TV.
And I'm not sure how it's rediculous that user's be responsible for their actions or their computer's security online. It sure isn't their provider's responsibility like you're advocating. Quite frankly, you're responsible for anything your computer does. It's acting on your behalf. If it's spreading some worm or virus, IMO, that's the same as you spreading it. A couple of arrests of infected people might just convince users they should start taking security a little more seriously. We don't let people drive around on public roads with cars spewing pollution -- why do we let people connect to our (mostly) public Internet spewing digital pollution?
Here is a cluestick for you--NAT.
Are you seriously advocating NAT as the end all, be all of security? Sure, I use it myself, but I don't delude myself into thinking that it protects from everything! It does make stuff harder, that's true, but it's not fullproof. You can't assume that the inside is trusted, or that something can't get through by other means. The web server itself should make sure it rejects packets to port 7754. Or do you firewall every machine separately, just in case?
Cluestick #2--VPN.
Ah, the Windows solution. Judging from your post, that must be what you use, since you seem to think that there's just no possiblity that a computer could be secure by itself (here's a cluestick -- most UNIX systems are very secure provided they are properly maintained). And it's not like thousands of worms and viruses haven't been transmitted through the supposedly secure VPN before. Finally, I'm not sure what magical VPN setup you're using, but there has to be at least one server with a public IP to take the intial connection! How is that different from ssh'ing to the server in the first place?
In short, your post seems to advocate a lot of technologies that bandaid over problems without addressing the core issues. First, systems should be secure by themselves. Those that aren't should be taken off the Internet and fixed, or at least quarentened to a firewalled area (yes, there are legitmate uses for firewalls -- I was arguing that a big firewall around the whole school was stupid). Second, users must be educated. Users who don't know what they're doing are the biggest security hole, no matter what other precautions are taken. Placing a big firewall over everything means that users won't be educated, and security violations are more likely to take place in the future. It's a stopgap measure that will work for a while (unless it's an inside job), but will probably introduce bigger problems in the long run.
-All students getting unfirewalled public IPs (I shit you not)
I shit you not, this is not a security hole -- this is how the Internet works! I get an unfirewalled, public IP from my ISP. In fact, that's the primary reason I pay them. The same thing was true when I was in college. It is up to the student to make sure they're protected. If they can't do that (or pay someone to do it for them), then they shouldn't be online.
-All servers having unfirewalled public IPs
Um, firewalled servers with private IPs aren't exactly very useful. If www.university.edu isn't pointed at a webserver with a public IP listening on port 80, people have a hard time getting to it. And any decent webserver shouldn't need a "firewall" since it would be secure itself.
Even other resources such as UNIX servers are desirable to access off campus. Not everyone is on campus 24/7. Professors and students who live off campus might want to do work from home. If they can't get the the server, that's a problem.
Your other problems are legitimate.
The result? A firewall was installed in a matter of days and public IPs went private.
That's so sad. How much stuff was broken because of this? How many people were running servers before that now couldn't? Totally the wrong solution to a perceived, but not true, problem. This is the Internet equivalent of burning books you don't like. Putting up a firewall solves nothing -- it's just a band-aid on the real problem of Internet users ignorant (not in a bad way) of security. Why didn't you (or the university) try to educate them? That would have been the correct solution to the problem.
What if I send out a message claiming to be from you and don't sign it? How does your email server know that my message is forged?
That's a very good point, and I see that difference now. However, I'd argue that this is a matter of policy. Public PGP keys are published just like SPF records are, so if you send a message with my address, but don't sign it, whatever verifier will see that I have a public key, but didn't sign the message, and then do whatever is necessary from there based on the receiver's policy (bounce or accept). But I do see your point.
Maybe we need an SPF for the PGP record (signed by the public key, of course) in the PKI. The interesting thing about that is that it would be per user and not per domain. So bob@example.com maybe works from home, so he adds his home and work mail server IPs to the SPF list of his PGP record, while fred@example.com never mails from home, so only has the work IP in his SPF list.
Hmmm... I'm going to have to think about this one...
PGP is just as good a method for spam fighting as SPF. It gives you the same information -- the difference is what you do with it. I think we agree that in the absence of either a PGP signature or an SPF record, normal filtering rules apply, and this case isn't really interesting. The question is what to do with an SPF or PGP success or failure.
With SPF success, the mail is accepted as usual, and with SPF failure, the message is (I assume) bounced. Correct me if that's incorrect.
With PGP success (verified signature), the mail is accepted and authenticated. With PGP failure (bad verification), then the message is almost certainly forged (who would incorrectly sign a legitmate message?). There is a third case where the message is signed, but the public key is not available. However, this case is essentially the same as the not having a signature at all, so it doesn't really apply (it would be the same as having a malformed SPF record).
Your contention is that !authentic != forged, which is not true. You're right that PGP and SPF attempt to solve the different problems you identified, but I don't think that end result is any different. PGP and other crypto signature schemes were explicitly designed to detect forgery -- that's why they're there! If a message fails PGP, it is not authentic, and therefore forged (or otherwise can't be trusted).
Setting up the PKI and getting everyone to use PGP is a tremendous task, but it is worth it, since PGP has a number of benefits (such as encryption) and very few of the disadvantages of SPF (mail forwarding is broken). It's only real disadvantage is the inherent loss of anonymity, though that is lessened since nothing necessairly ties a PGP key to a real person.
...more like this crappy insecure non-authenticated protocol called SMTP would die.
Well, then, why don't you authenticate? Until you start PGP/MIME signing all your emails, you have no place to complain about SMTP's "insecurities". HTTP is just as "insecure", but people use it for web commerce every day. How? They added a level of security over the HTTP transport layer. Do the same with SMTP. SMTP works just fine, and will never be replaced (and if by some chance it is, the replacement will have the same vulnerabilities).
The first step to ending spam is PGP/MIME signing your email. If everyone did that, the spammers would quickly be out of business. Even if they *did* sign their emails, it would take more processor time (think hashcash) and would be more easily filterable.
I sign all my email -- why don't you?