Why does the OS make a difference? Would your favorite be OS immune to rogue thumbprint scanners? And why would putting a biometric scanner on an OS that is already wide open to identity theft (e.g. Win9x) make a difference?
I wholly agree that two-factor authentication (something you have & know) is the way to go, but some of the hardware used can be vulnerable as well. Say for instance that you have an RSA key on a smartcard that has its own encryption. Now say that someone figures out how to sniff the key from the card via RF emissions. Poof. You are now vulnerable to having your identity stolen. ISTR reading a research paper that indicated hardware tokens were not as secure as advertised, although at the end of the day two-factor authetication is still better than one.
Community support. The mailling lists are key, but they are much less friendly. Advocacy isn't a priority. If there is a question answered somewhere in the documentation, you'll get told RTFM. If the docs aren't what you are looking for and need a different level of help (more/less tech than the man pages) you may or may not get it.
I have found that for most things if the man pages don't give the level of information you need you can read articles geared for FBSD/NBSD for whatever it is you are trying to figure out. The *BSDs are similar enough (for me anyway) that given the information already gleaned from the OBSD man pages something in the FBSD/NBSD docs/article will trigger the "ah ha!" effect and things will click into place.
MS has had IPv6 available from their research labs for quite some time, more than 2 years I think. The thing to remember is that research.microsoft.com isn't mainstream MS, it's their think tank doing exactly what they say...research.
ALL it would take is one news outlet to declare that the next release of Microsoft's web server will use IPv6, and that they've made an IPv6 upgrade available from such-and-such a site, and you can expect a mass migration to it.
You are pretty close here I think. MS has huge mindshare as well as market share, but I haven't seen IPv6 for any 16 bit or 9x kernels, only NT. Picture this: MS pushes as many as possible to upgrade to 2K/XP. After they milk it for what it's worth they release a supported IPv6 stack for 2K/XP(/NT?). If enough of the corporate desktops and consumer machines are running these OSes at that point I believe this will be the event that triggers widespread adoption of IPv6.
Also, keep in mind that many hardware vendors are prepared to support IPv6. Not all of them have released products, but it's safe to say that somewhere in their labs they have working IPv6 code. They claim that there's no demand for IPv6, and in a business sense they are right. But when suddenly a massive portion of the clients out there have IPv6 support they'll have that demand, or at least a viable market.
I never said it was for me to define, but one needs to have some idea of what the GPL really says before releasing code under it. My opinions and assumptions may be flat out wrong, in which case any code released under them may need to be opened or re-written or just tossed. Since I have yet to ever develop using any GPL'd code in any way, shape, or form it's all academic, but I may face these issues in the future. If I do, I'd like to be prepared.
How can _anyone_ release code under any license without examining all sides of the issues involved? What RMS intends the GPL to say and what it will be interpreted to say by a judge are not necessarily going to be the same thing. Here I have provided some examples that could indicate that defining what is and what is not derived work is not black and white in the presence of abstracted frameworks.
What gets decided in a court of law will most undoubtably be influenced by the arguments of not only lawyers, but also by the tesimony of "expert" witnesses. And you can bet your last dollar that the definition of what derived work is, and what constitutes linking, is going to be a significant factor.
It seems to me that the plugin\COM\CORBA paradigms might have enough of a decoupling between the main program and the GPL'd code to not violate the GPL. Each of them provide a generic abstraction to allow third-parties to extend, or even provide, core functionality. Here are a few examples of this.
Example 1. An application developer writes an application that allows given pieces of functionality to be provided by whatever module the user specifies via a framework and a registration mechanism, for instance a spell-checker in a document editor. Now the developer writes code for two spell-checking modules. The first is completely proprietary written from scratch, the second is based on a GPL'd spell-checker. The developer releases full source for all changes made to the GPL'd version as well as makes the framework API spec public, but the rest of the application remains closed-source. Does this comply? I'd say yes, assuming the GPL'd spell-checker isn't distributed with the application.
Example 2. A user of, say, MS Media Player comes across a audio|video type that doesn't have a MS codec for it, however there is a GPL library that supports it. They code the necessary changes to the GPL library to make it usable as a codec. They release all my changes to the source as GPL as well. Is MS now violating the GPL? I'd say no. Is the author violating the GPL? (Note: The author has no affiliation with MS other than using it's product.)
Example 3. A developer writes a client/server app. The server component is merely a GPL'd database with all supporting business logic coded as stored procs. The client talks to the DB through ODBC or some other framework. Is the client required to be open-sourced? I'd think not. How about the stored procs? I'm not sure...maybe.
It's been argued that level of functionality plays a role. What if, in Example 1, my document editor only worked with plain ASCII. Spell-checking now becomes a rather significant portion of the functionality. Does this change the rules? Is the document editor now in violation of the GPL?
It's also been argued that advertised and/or core fuctionality plays a role. MS Media Player's core functionality is the playback of audio/video media, and the GPL'd codec in Example 2 provides core functionality if you are playing that particular media type. Is MS in violation at the point the codec is loaded prior to playback? If so, this could be a rather sinister way to force closed-source apps to open their source. If nothing else it might cause closed-source developers the headache of examining every dynamically loaded module used and rejecting modules known to put the closed-source app at risk.
Given my (somewhat contrived but entirely possible) examples it seems to me that at some point if enough of an abstraction is introduced, either through an open framework whether API(e.g. plugins), library(e.g. COM, CORBA), or protocol based(e.g. HTTP, SOAP), between the closed-source and GPL'd code it could provide closed-source developers the means to legally use GPL'd code and keep their proprietary code closed.
Put simply, oBSD is the single most secure OS in existance
While a little fanatic, if you qualify it like "oBSD is the single most general purpose OS in existance" it rings closer to the truth. Of course, even the most secure OS in the world is worthless in the hands of an inept administrator.
She feels me I can taste her breath when she speaks.
Actually, the problem is the windows scripting host. If you have ActivePerl installed it could easily be a perl script rather than vbscript rampaging through your machine.
I can see an alternative though. Set up a website (or better yet, a voluntary series of mirrored sites) where users can go, and ASK to have their computer portscanned, and fixed if necessary. Make the "good" worms "sterile" (IE: unable to reproduce) so if the machine is infected, it can be automatically innoculated and patched against further infection.
Hmmm...sounds a lot like Windows Update (*shudder*)
Slashdot Mirror
I wholly agree that two-factor authentication (something you have & know) is the way to go, but some of the hardware used can be vulnerable as well. Say for instance that you have an RSA key on a smartcard that has its own encryption. Now say that someone figures out how to sniff the key from the card via RF emissions. Poof. You are now vulnerable to having your identity stolen. ISTR reading a research paper that indicated hardware tokens were not as secure as advertised, although at the end of the day two-factor authetication is still better than one.
Try NHL Center Ice. $129 for the year. At 82 games/year (sans playoffs) of your fav team its a great deal.
It doesn't seem to bother the guys over at sysinternals too much.
If the government funds the reference implementation then it should be public domain, not GPL'd.
You are pretty close here I think. MS has huge mindshare as well as market share, but I haven't seen IPv6 for any 16 bit or 9x kernels, only NT. Picture this: MS pushes as many as possible to upgrade to 2K/XP. After they milk it for what it's worth they release a supported IPv6 stack for 2K/XP(/NT?). If enough of the corporate desktops and consumer machines are running these OSes at that point I believe this will be the event that triggers widespread adoption of IPv6.
Also, keep in mind that many hardware vendors are prepared to support IPv6. Not all of them have released products, but it's safe to say that somewhere in their labs they have working IPv6 code. They claim that there's no demand for IPv6, and in a business sense they are right. But when suddenly a massive portion of the clients out there have IPv6 support they'll have that demand, or at least a viable market.
I never said it was for me to define, but one needs to have some idea of what the GPL really says before releasing code under it. My opinions and assumptions may be flat out wrong, in which case any code released under them may need to be opened or re-written or just tossed. Since I have yet to ever develop using any GPL'd code in any way, shape, or form it's all academic, but I may face these issues in the future. If I do, I'd like to be prepared.
How can _anyone_ release code under any license without examining all sides of the issues involved? What RMS intends the GPL to say and what it will be interpreted to say by a judge are not necessarily going to be the same thing. Here I have provided some examples that could indicate that defining what is and what is not derived work is not black and white in the presence of abstracted frameworks.
What gets decided in a court of law will most undoubtably be influenced by the arguments of not only lawyers, but also by the tesimony of "expert" witnesses. And you can bet your last dollar that the definition of what derived work is, and what constitutes linking, is going to be a significant factor.
It seems to me that the plugin\COM\CORBA paradigms might have enough of a decoupling between the main program and the GPL'd code to not violate the GPL. Each of them provide a generic abstraction to allow third-parties to extend, or even provide, core functionality. Here are a few examples of this.
Example 1. An application developer writes an application that allows given pieces of functionality to be provided by whatever module the user specifies via a framework and a registration mechanism, for instance a spell-checker in a document editor. Now the developer writes code for two spell-checking modules. The first is completely proprietary written from scratch, the second is based on a GPL'd spell-checker. The developer releases full source for all changes made to the GPL'd version as well as makes the framework API spec public, but the rest of the application remains closed-source. Does this comply? I'd say yes, assuming the GPL'd spell-checker isn't distributed with the application.
Example 2. A user of, say, MS Media Player comes across a audio|video type that doesn't have a MS codec for it, however there is a GPL library that supports it. They code the necessary changes to the GPL library to make it usable as a codec. They release all my changes to the source as GPL as well. Is MS now violating the GPL? I'd say no. Is the author violating the GPL? (Note: The author has no affiliation with MS other than using it's product.)
Example 3. A developer writes a client/server app. The server component is merely a GPL'd database with all supporting business logic coded as stored procs. The client talks to the DB through ODBC or some other framework. Is the client required to be open-sourced? I'd think not. How about the stored procs? I'm not sure...maybe. It's been argued that level of functionality plays a role. What if, in Example 1, my document editor only worked with plain ASCII. Spell-checking now becomes a rather significant portion of the functionality. Does this change the rules? Is the document editor now in violation of the GPL?
It's also been argued that advertised and/or core fuctionality plays a role. MS Media Player's core functionality is the playback of audio/video media, and the GPL'd codec in Example 2 provides core functionality if you are playing that particular media type. Is MS in violation at the point the codec is loaded prior to playback? If so, this could be a rather sinister way to force closed-source apps to open their source. If nothing else it might cause closed-source developers the headache of examining every dynamically loaded module used and rejecting modules known to put the closed-source app at risk.
Given my (somewhat contrived but entirely possible) examples it seems to me that at some point if enough of an abstraction is introduced, either through an open framework whether API(e.g. plugins), library(e.g. COM, CORBA), or protocol based(e.g. HTTP, SOAP), between the closed-source and GPL'd code it could provide closed-source developers the means to legally use GPL'd code and keep their proprietary code closed.
Put simply, oBSD is the single most secure OS in existance
While a little fanatic, if you qualify it like "oBSD is the single most general purpose OS in existance" it rings closer to the truth. Of course, even the most secure OS in the world is worthless in the hands of an inept administrator.
She feels me I can taste her breath when she speaks.
Actually, the problem is the windows scripting host. If you have ActivePerl installed it could easily be a perl script rather than vbscript rampaging through your machine.
I can see an alternative though. Set up a website (or better yet, a voluntary series of mirrored sites) where users can go, and ASK to have their computer portscanned, and fixed if necessary. Make the "good" worms "sterile" (IE: unable to reproduce) so if the machine is infected, it can be automatically innoculated and patched against further infection. Hmmm...sounds a lot like Windows Update (*shudder*)