He certainly does think it would be a good idea to require a reverse firewall before connecting to the internet.
Actually my argument is somewhat longer than CNET would give me words for. The original article was 1500 words.
I think that every cable modem, router should have a reverse firewall capability and that it should be turned on by default.
I definitely think it should be possible to turn off rate capping for SMTP etc. If someone wants to run a mailing list from home that is good. One of the original reasons for making the proposal was that I wanted to propose something less drastic than disabling SMTP
When it comes to sending spoofed source address packets or SYN flooding or DDoSing core DNS I am less sure that it should be possible to turn it off. It might be needed for performance, but I think we could have an honest debate on that one.
I'm pretty sure that most folks see the little "Allow this application to connect?" dialog and click OK automatically. That's what Windows has been teaching them to do for eons... try and delete something, then click Ok. Try and close a program, then click Ok.
Granted there are pinhead end users. But you are stuck in the mindset that if there is any possible flaw in a security scheme then it cannot be any use at all. This is the type of thinking that has led us to the current situation.
First off I am proposing firewalls at the network edge because it is much harder for end users to be gulled into over-riding them. I have plenty of complaints from people telling me that their kids have mucked up their PC.
Secondly even if some people turn off the controls they can still have a real reduction in fraud losses and in propagation of viruses. If only 80% of systems have the rules turned on that still reduces the fraud losses to a fifth of what they would be. In the case of virus propagation (x/5)^n is a much friendlier exponent to deal with than x^n. If x 5 then the virus quickly dies.
May be true of some of his speeches, but a speech delivered to parliament is a matter of public record and may be freely quoted anywhere, I believe.
Hansard is crown copyright which is kind of interesting because it is perpetual and royalty free, the only restriction being that you cannot change the content. This is why many publishers still print the King James Bible and keep in known typos - "to strain at a gnat" was meant to be "strain out a gnat", etc.
But most of Churchills most famous speeches, including the 'fight them on the beaches' and 'end of the beginning' were recorded and broadcast by the BBC.
Incidentally it is known that Churchill did not actually deliver all the wartime speeches himself, several were delivered by a stand in. But he did actually write most of them himself.
On a Cisco PIX... from the wee little 506 to the desktop size 535 for BIG enterprises... its called an outbound access list... nothing new...
Nope, nothing new, but when you have 750 words for the complete article you can hardly express every last nuance. Its hard enough to do that in the book where I have 50,000 words. The original article was twice as long.
Sure others have pointed out the same thing, I was discussing the problem with Vint Cerf a few weeks ago. But there is a big difference between having the original idea and turning that into a reality. I had the piece placed in CNET because I wanted the idea out there, to start the ball rolling.
The real point I was trying to make here is that we need to put limits on outgoing traffic, its the old firehouse model, fire regulations are not there to protect your house from fire, they are there to stop the fire at your house spreading to the next one along.
How that is achieved is not important. Port 25 blocking stops spam, but there are also DDoS attacks and other nasties that I would like to stop. Blocking port 25 completely is a serious loss of functionality for some, when I lobby ISPs to put these checks in place they start to whine about the load on their routers. So pushing out the task to the cable modem or the wirless gateway / router box is a way to counter the whine.
When you look at the behavior of a zombie performing an attack and the behavior of an uncompromised system the difference between the two is usually very clear. There is no reason for any machine on the Internet to be sending spoofed source address packets, no reason for any machine to perform a SYN flood, no reason for any machine to DDoS a DNS server. Spam is actually the hardest case since there are machines that legitimately send out hundreds of thousands of emails a day. But even if someone was hosting the cypherpunks mailing list on his broadband connection they would probably use far less resources than a spammer would.
Sure Checkpoint and Cisco have this functionality in $2000++ firewalls. What I am proposing is putting the technology in $70 wireless routers and turning it on by default.
I will be speaking at BlackHat next week on phishing which is one of the nastier criminal scams taking place on the Internet. One of the effects of the phishing scam is that it has forced people to act with whatever security is available here and now, there is no time to wait to develop perfect systems. In the process it has become clear that simple systems with flaws are much more effective than cryptographically perfect but unusable systems.
The academics have taken us on a ride the past 20 years. Even if they were deployed today IPSEC and DNSSEC would do absolutely nothing against the phishing attacks. OK thats not what they are designed to do, but then again what is there that can be used? S/MIME and PGP don't really deliver the goods here either.
We need iPod security, security that serves the 98% of Internet users who are not technical or don't want to spend their time doing sysadmin work. So far its been security for gearheads, not security for real users.
You and I disagree on many points, mainly in degrees, and I am sure agree on many points. Either way, I enjoy a rational, reasoned opinion, particularly when it differs from mine.
Yes, it has to be said that the internet does suck when it comes to having something that approaches a high level debate like you would get at the Oxford Union.
Unfortunately the even sadder fact is that the quality of debate on the Internet is vastly higher than in the traditional media. During the 2000 campaign the only good interview of Bush was with David Letterman.
The over-managed campaign heads don't want to see their guy in a tight spot so they only select pussycat interviewers. Dean came off much better from being attacked by Chris Mathews than Bush did from getting easy pussycat questions.
I call FUD on you. He said they didn't apply to the people at GITMO, he NEVER said they were invalid.
Bush has made many claims and insinuations about the 'applicability' of the Geneva conventions. He has not come out and told the US people straight that he was not going to obey them, but that is what his administration has done.
The US Supreme court has directly contradicted the administration claims with respect to the applicability of US law at GITMO. Perhaps it did not help that hours after the solicitor general personally asserts that no torture is going on the pictures from Abu Ghraib and the Taguba report start comming out.
He also said the the UN is at risk of becoming irrelevent, which some would argue is a bit late.
You are right, it is way too late to make that assertion. At this point anyone with a brain can see that it will be at least one and more likely two decades before the US goes in for another unilateral adventure. Far from proving the 'irrelevance' of the UN Bush is now clinging to the hope that the UN can sort out the mess his adventure has left. Meanwhile there are reports comming out that suggest that Allawi has been murdering prisoners in cold blood which suggests that it is quite likely that once the US troops leave he will turn out to be little different to Saddam.
Meanwhile amongst the costs of the adventure are the loss of all the existing US bases in Saudi Arabia, the loss of pretty much every reliable aly the US had appart from Australia and the UK and the emergence of Iran as the new regional superpower with the democracy movement crushed and the mullahs back firmly in control. Even if you don't care about the 899 US lives lost (Republicans don't its a fact) or the $350 billion spent (how else could Halliburton make profits?) the adventure is a failure in terms of pure politics, Saddam in his box was nowhere near the treat that the nuclear armed mullahs are going to be, or Bin Laden has been all along come to that.
He parses his words carefully, and I wish people would quit misinterpreting them intentionally.
Bush speaks with a forked tongue, he parses his words very carefully, you can tell when he is lying because the only time he is coherent is when he is using some Whitehouse legaleeze that is even more hairsplitting than Clintons 'it depends what the definition of is is'.
The poster might have mis-stated Bush's actual words on the Geneva convention but he clearly got the sense completely right. Bush is not claiming the Geneva accords are invalid, he is just claiming that they can be ignored when it is convenient. Before Bush the standard that the US always applied when dealling with prisoners was whether the treatment they received would be considered grounds for a complaint if a US serviceman was subject to it. The US govt obeys the Geneva conventions to protect US servicemen who are caputured, thats the whole purpose. But the GOP would rather fly POW/MIA flags and tell the fables about missing Vietnam vets that piss off McCain and the real veterans in Congress.
Bush has made it clear from the start that he does not want to have his power constrained by pesky treaties or pesky laws like Habeas Corpus, even when the constitution states that treeaties are the law of the land and habeas can only be set asside by vote of Congress.
"Insightful" is more like claiming that left-wing extremists like MoveOn.org are right in connecting Bush with Hitler.
MovOn.org never made the claim, two anti-bush ads uploaded to a weblog/competition on moveon made the comparison and they were deleted as soon as moveon were told about them. Its a bit like saying that Slashdot is pro-goatsex.
The tenuous nature of the claim has not stopped the Bush campaign making an ad that intercuts shots of Kerry with shots of Hitler taken from the deleted contributions.
Clearly SCO are learning nothing from the Bush administration, if you substitute Bush administration for SCO and Bin Laden for Linux what you would get is something like:
Act One: Bin Linux initiates hostilities against SCO, SCO retaliates with massive lawsuit, then after a couple of months gets bored. Daryl McBride survives assasination attempt by a rogue pretzel.
Act Two: SCO gets bored with Bin Linux, decides that emacs is a copy of emacs, threatens to sue unless RMS releases sauce code.
Act Three: Despite protestations from RMS that he has already released the sauce code for emacs and the presence of code inspectors SCO applies for court injunction, RMS is thrown in jail.
Act Four: SCO hires company run by Daryl's brother to maintain the source code, company hires a hundred fresh out of college students, then bills SCO $5,000 per day each for their services.
Act Five: Report comes out stating that the grounds for the injuction were lies, SCO argues that the real Bin Linux threat comes from Iran.
Fact is, if SCO was learning from the Bush administration everything they did would be a complete incompetent Cheney-up from start to finish.
Hello, this is Darl McBride,
I'm sorry to inform you, but this Winston Churchill quote has been acquired by SCO through a series of acquisitions and mergers. As with the linux operating system, we require that you license this quote from us for the low price of $699 a post.
Actually while he was an ordinary MP Churchill spent a lot of time on copyright matters. He made sure he kept the copyright on all his speeches. The BBC have to pay a substantial fee every time they use them. Its probably at leas 500 quid by now.
They could be Zimbabwean as an example, or maybe they're Kenyan - hell, maybe they're South African like me. For that matter, what if they're Tibetan?
I have regular contact with the FBI on spam related frauds. The gangs behind the vast majority of the advance fee frauds come from Nigeria.
Sure some of the frauds mention other countries, the gangs have started to find that people are very suspicious of anything from Nigeria. There was a recent spate of advance fee frauds that did come out of South Africa. The authorities quickly arrested a Nigerian gang.
Since Tibet is currently occupied by the PROC I don't think it likely that the gangs would want to operate from there and face their type of justice.
No, the scams are only possible if you have a failed state that does not have functioning law enforcement. The FBI have been working with the Nigerian govt. to get standard laws on the books to allow money transfers etc to be traced and money impounded. The govt. has been much better at this than catching the criminals.
What, you thought they were going to donate them to the Vatican or something?
Lets see, the Vatican was complicit in the persecution of the Hugenots and Jews in France during the 17th century, slavery in Latin America during the 18th and 19th century and now failing to denounce fascism and coddling pedophiles in the 20th century... so they might well be up for a spot of 'outsourced' suppression of open source heresy.
The memo itself looks to me to be nothing more than a standard slashdot style rant by a mid level manager at HP. His title was "Vice President of strategic architecture, HP Office of the CTO", that would mean he was reporting to the CTO, and certainly not an 'executive' as advertised. Executive has a very precise meaning in a company, most CTOs are not executives. The title VP at a company the size of HP does not mean a great deal, there are usually hundreds if not thousands of VPs at a company that size.
As for the accuracy of the rant, its a bit like finding a note from Paul Revere saying 'The British are Comming' two years after the fact, only in this case the memo is saying more like 'better be prepared on the offchance that the British come'.
Sometimes mods will mark something "redundant" when they feel that the point has been made a million other times and is perfectly well understood, even if the point hasn't been made on this particular story.
It's better than an "overrated" mod, isn't it?
And what part of this particular debate has not been thrashed to death years ago?
On the moderation front I suspect that the moderators are trying to avoid meta-moderation. I get a lot of 'redundant' and 'over-rated' mods when what the person really means is 'I don't want this statement to be heard'.
I think that after all these years the number of slashdotters who actually know RMS has steadily increased and there are enough people who now understand that RMS is to the free source movement what Ralph Nader is to the environmentalist movement - liable to take absolutist points of view that are 100% counter-productive.
I think that there are actually two separate issues here. The first is that there is a real role for public goods in the software industry. It makes no sense at all for everyone to start from square one. It is especially bad when public research money is used to create software that is then somehow diverted for private gain.
The second issue is that there are many areas where OSS is simply not even close to competative to commercial and likely never will be. The vast bulk of OSS software is simply copies of prior commercial work and the OSS code that is on the leading edge (Apache, PHP) is as likely as not to be BSD style rather than GPL.
The whole idea of GPL is to force people into developing free software by making everything that touches the GPL to become GPL.
I'd say you have a right not to be threatened with assassination by scammers online.
So would the FBI, looks to me like the 419 gangs have passed way over the line here, if it can be verified.
The situation in Nigeria is that bad as the government is, the alternatives are worse. The religious fruitcakes in the north want to impose Sharia law first then massacre the Christian population or force them to convert. The current government was installed after a series of brutal military dictatorships.
The 419 gangs have murdered quite a few people over the years, but these were mostly people who had become embroiled in their schemes and thought they were helping with illegal money transfers.
Threatening murder is the type of crime that rates calling the ambassador for that country in to account and issuing an ultimatum.
Actually, according to some reports, it was not proved. There was considerable quibble over the gas used, with the CIA apparently concluding it was Iranian gas, not Iraqi gas, that did the deed.
There is currently an open question as to whether a particular General was responsible for using chemicaql weapons against civilians. The issue here being whether it can be proved in a law court.
There is no dispute as to the fact that BOTH Iraq and Iran used chemical weapons during the Iran/Iraq war.
You mean like sending Rumsfeld to Iraq to shake the hand of Saddam Hussein while he was (allegedly) gassing Kurds?
It wasn't 'alleged', it was proved.
The US became so embarrassed by the reports of Saddam's attrocities that the CIA spent a lot of time and effort peddling the claim that 'yellow rain' was in fact the result of swarms of bees shitting at the same time and that the connection made with planes was purely coincidental.
Not a clue, I'm afraid. It's been there at least a year, I can't speak for before that. And to be honest, although it has a faded CERN sticker on it, one NeXT cube looks very much like another....
It was the cube, not the pizza box? If so that would be the original programming machine.
The whole Web thing was a plot to introduce next into cern...
To anyone with an interest in the birth of the web, one of the CERN NeXT Cubes used by Lee can be viewed in the Science Museum in London.
Any idea how they got hold of it? Tim had been asking CERN for it for several years. Last time I saw info.cern.ch it was sitting in an office with a note on it saying that Tim would really like to have it.
Actually not, as a US citizen Bill Gates is not entitled to use the honorific, he is due to be knighted sometime later this year as shown in this BBC story
Re:Changed the view of the US?
on
Bobby Fischer Found
·
· Score: 2, Insightful
]Why do athletes, that contribute NOTHING to society, get paid the most?
Now, I'm no sportsfan, but to assert that sports are worthless is absurd
Even if they were useless are they any more useless than others who get paid equally obscene amounts of money? Tiger Woods does way more work in a year than a screen actor. Michael Schmacher, the world highest paid sportsman risks his life every time he takes to the track. Without his services and the services of other great drivers like Fangio before him there would be far, far less demand for Ferraris.
Fisher is a wanted criminal because he broke US law by aiding an abbetting a state who was at the time conducting genocide. The only reason he was being paid $3.3 million was to give the Serbian govt. the appearance of legitimacy.
In the aftermath of WW II, the British hung william Joyce 'Lord Haw Haw' as a traitor for doing the same sort of thing. Fischer deserves what is comming to him.
You know I would have a lot more sympathy when geeks complain about outsourcing if they had shown a bit more solidarity with manufaturing workers facing the same in the past, or wal mart workers getting paid minimum wage etc.
After all most geeks spend their time replacing people with machines, so why the great outrage when they turn out to be free market loosers?
The global supply of skilled labor is usually demand driven. Until recently the US had a major shortage of IT people and was issuing H1B visas to allow companies to recruit from abroad. It was only to be expected that restricting the supply of visas would cause the jobs to move abroad.
I don't accept the doomsday scenarios being depicted. At the end of the day there is only so much work that is self contained enough for someone to do from the other side of the world. It is one thing to outsource customer service, admin etc, quite another to outsource product design and development.
There are certainly Indian programmers who are every bit as good as US coders. But the combination of US based architect sending a design to a coder based in Dehli does not work half as well as when they are sitting next to each other.
The other factor that makes outsourcing self regulating is the fact that salaries in India are not actually low. If you look in terms of living standards a programmer working in Dehli can easily earn enough to support a large household with several servants. The only reason the salaries are cheap in dollar terms is that the exchange rates do not reflect purchasing power. As work is outsourced, demand for the Rupee rises and the exchange rates adjust accordingly. In the immediate aftermath of the collapse of the USSR you could go to Moscow and buy a case of Vodka for $2, this did not last very long (the price, not the case of vodka, Dufus).
The real problem for US based coders is the fact that a lot of jobs are not actually very skilled and there is quite a large supply of those skills in the wake of the dotcom boom.
Do you have some crazy notion that graphical applications on Linux all manipulate commandline equivalents behind the scenes?
Hey I wrote plenty of UNIX and VMS application code. A word processor is not a thin layer over legacy code (unless we are talking about emacs), but pretty much all the 'GUI' operating systems utilities are.
And if you bothered to read what I wrote you will see that I had said that the UNIX model is the one that gives greater visibility if something goes wrong. the only downside being that the greater visibility is useless unless you already know what you are doing. UNIX sure as heck ain't going to do anything to help you.
My experience has been that people who have never used windows before have an even easier time taking to linux distributions than people who used to use windows. Instead of adapting your ways, you're learning fresh...
Pretty much the same could be said of any computing system - including acknowledged crap like MVS. Nobody claims that the mainframe o/s like MVS are ideal any more, but ten years ago there were still people arround who had never used anything else and thought that the MVS way of doing things was perfect.
Linux is essentially architected the same way a modern mainframe O/S are architected. You have a reasonable user interface that is connected to a terrible one via pushrods. All the work gets done by the cruft underneath, which does not matter much most of the time, but when something goes wrong you have to start fiddling with the engine.
Windows has a unitary design that is much closer to the way a car is designed, in windows the UI is the O/S, there is no underlying layer, most users never look at the registry, let alone start editing it.
From a pure architecture perspective the Windows approach is the right one, there is much less to go wrong. With Linux you have two places where things can go wrong, the O/S itself or the pushrods holding up the UI. This means it is much more likely something would go wrong, but if something does go wrong you have a lot more visibility into the problem and it is more likely that you can fix it - if you know what you are doing.
The last part is the kicker as far as being a real new computer user goes. It is very easy to learn UNIX if you have a large support community who can get you out of trouble, if you are at university or whatever. If you don't have that support structure you are not going to do UNIX for very long if there is an alternative.
Back in the early 90s the incentive for learning UNIX was that you could buy two SUN sparcstations for less than the cost of a slower VMS box. So it was worth putting up with the poor documentation and user interface. Today I just don't see the incentive, even though Linux is a major advance on SunOS or ULTRIX, the improvement there is nothing like the improvement of Windows over VMS.
Despite the claims made about OSS and innovation the fact is that in the last ten years the OSS movement has not done much more than write a copy of a 1970s O/S and layer on a 1980s window system.
It's a great vision, but in a world where every single computer is expected to have a firewall - Peer-to-Peer computing -- worldwide -- isn't going to happen.
Thats only true if you insist that the messages that pass between the computers have to be executable code. In the real world I don't think that is necessary or desirable.
This was actually the subject of a long conversation Uri Rabinski and I had with Alan he spoke at the Darmstat WWW conference. Alan had been pushing the idea that PDF was a better model for information interchange than HTML because in PDF the content was encapsulated with the code that interpreted it and gave it semantics. Tim Berners-Lee later joined in the conversation but did not get any further with Alan than Uri and I.
Needless to say I did not agree with this idea, and at the time it would be impossible to move PDFs arround as the core of the Web since they are typically five to ten times the size of the equivalent HTML and a fast modem was 28.8Kb/sec. But at a more fundamental level, with HTML google is possible, with PDF you are reduced to screen scraping technologies. HTML can render well to almost any output device (or rather could before being bastardized by netscape) PDF renders badly to anything other than paper the same size as the original rendering.
If you exchange declarative statements rather than programs firewalls don't represent a barrier. This is exactly what we have in the biological world (which Alan had used as analogy), cells do not accept raw DNA from the outside and run it. Viruses have to bypass these defenses.
I am not sure what Alan is up to here, the person who wrote the article clearly has a much less good idea of what Alan is up to than Alan.
Sure there are problems with most software. Word sucks, as do most HTML editors, despite all the pretty graphics sloshed into HTML there are still no good tools for producing printed output. Open source alternatives suck even worse, we get a bad copy of Word and several bad HTML editors. Same for Excel and spreadsheets.
If Wolfram had spent the last ten years doing something more important than writing a book that claims he is the modern Newton, mathematica might have gone somewhere interesting. Unfortunately it has gone from being a niche market tool for scientists to being a niche market tool for scientists and some engineers.
In 1988, I interviewed with a recruiter for EDS. When I asked him where he saw PCs, he said EDS would never develop on them or for them, and that they would never catch on (how wrong he was).
Hah, that was not an uncommon attitude back in 1980 or 1984, but by 1988 PC clones had spread through pretty much every company and pretty much every manager had one on his desk.
By 1988 it was pretty obvious to anyone with a clue that the mainframe systems were not going to control their companies any more. There was a huge change going on in the way that companies worked. Before the PC the corporate IT depts were real powers to be reconed with, if they refused to give you the information you needed there was no way you could work.
It is hardly surprising that EDS would be one of the last companies to change their view. They were heavily rooted in the old corporate mainframe culture.
The parent was a joke. The point was you don't really need all that to program, and alot of *nix programmers look down on using complicated graphical tools.
I don't need a Jaguar XK8 to drive arround in either. That does not mean I am about to trade it in for a Trabant.
Actually most of that is available in *nix environments, and yes you can even view a function parameters in vim(it tags where all of them are and you can just skip to it and back).
And Linux has a desktop that is just as good as Windows 95. Yeah, I have heard it all before.
You've obviously never used vim with gcc. I mean, it has syntax highlighting. I'd like to see your fancy schmancy Windows editor do that!
Yawn, LSE had that back in 1990. Thats why it was called LANGUAGE SENSITIVE Editor...
The syntax sensitive part is actually something of a drag. Much more useful is the feature set that was carried over to Visual Studio, things like the editor telling you the parameter lists for a subroutine call as you type them, ability to navigate forward or backwards through references, having documentation generated automatically from code.
Slashdot Mirror
Actually my argument is somewhat longer than CNET would give me words for. The original article was 1500 words.
I think that every cable modem, router should have a reverse firewall capability and that it should be turned on by default.
I definitely think it should be possible to turn off rate capping for SMTP etc. If someone wants to run a mailing list from home that is good. One of the original reasons for making the proposal was that I wanted to propose something less drastic than disabling SMTP
When it comes to sending spoofed source address packets or SYN flooding or DDoSing core DNS I am less sure that it should be possible to turn it off. It might be needed for performance, but I think we could have an honest debate on that one.
Granted there are pinhead end users. But you are stuck in the mindset that if there is any possible flaw in a security scheme then it cannot be any use at all. This is the type of thinking that has led us to the current situation.
First off I am proposing firewalls at the network edge because it is much harder for end users to be gulled into over-riding them. I have plenty of complaints from people telling me that their kids have mucked up their PC.
Secondly even if some people turn off the controls they can still have a real reduction in fraud losses and in propagation of viruses. If only 80% of systems have the rules turned on that still reduces the fraud losses to a fifth of what they would be. In the case of virus propagation (x/5)^n is a much friendlier exponent to deal with than x^n. If x 5 then the virus quickly dies.
Hansard is crown copyright which is kind of interesting because it is perpetual and royalty free, the only restriction being that you cannot change the content. This is why many publishers still print the King James Bible and keep in known typos - "to strain at a gnat" was meant to be "strain out a gnat", etc.
But most of Churchills most famous speeches, including the 'fight them on the beaches' and 'end of the beginning' were recorded and broadcast by the BBC.
Incidentally it is known that Churchill did not actually deliver all the wartime speeches himself, several were delivered by a stand in. But he did actually write most of them himself.
Nope, nothing new, but when you have 750 words for the complete article you can hardly express every last nuance. Its hard enough to do that in the book where I have 50,000 words. The original article was twice as long.
Sure others have pointed out the same thing, I was discussing the problem with Vint Cerf a few weeks ago. But there is a big difference between having the original idea and turning that into a reality. I had the piece placed in CNET because I wanted the idea out there, to start the ball rolling.
The real point I was trying to make here is that we need to put limits on outgoing traffic, its the old firehouse model, fire regulations are not there to protect your house from fire, they are there to stop the fire at your house spreading to the next one along.
How that is achieved is not important. Port 25 blocking stops spam, but there are also DDoS attacks and other nasties that I would like to stop. Blocking port 25 completely is a serious loss of functionality for some, when I lobby ISPs to put these checks in place they start to whine about the load on their routers. So pushing out the task to the cable modem or the wirless gateway / router box is a way to counter the whine.
When you look at the behavior of a zombie performing an attack and the behavior of an uncompromised system the difference between the two is usually very clear. There is no reason for any machine on the Internet to be sending spoofed source address packets, no reason for any machine to perform a SYN flood, no reason for any machine to DDoS a DNS server. Spam is actually the hardest case since there are machines that legitimately send out hundreds of thousands of emails a day. But even if someone was hosting the cypherpunks mailing list on his broadband connection they would probably use far less resources than a spammer would.
Sure Checkpoint and Cisco have this functionality in $2000++ firewalls. What I am proposing is putting the technology in $70 wireless routers and turning it on by default.
I will be speaking at BlackHat next week on phishing which is one of the nastier criminal scams taking place on the Internet. One of the effects of the phishing scam is that it has forced people to act with whatever security is available here and now, there is no time to wait to develop perfect systems. In the process it has become clear that simple systems with flaws are much more effective than cryptographically perfect but unusable systems.
The academics have taken us on a ride the past 20 years. Even if they were deployed today IPSEC and DNSSEC would do absolutely nothing against the phishing attacks. OK thats not what they are designed to do, but then again what is there that can be used? S/MIME and PGP don't really deliver the goods here either.
We need iPod security, security that serves the 98% of Internet users who are not technical or don't want to spend their time doing sysadmin work. So far its been security for gearheads, not security for real users.
Yes, it has to be said that the internet does suck when it comes to having something that approaches a high level debate like you would get at the Oxford Union.
Unfortunately the even sadder fact is that the quality of debate on the Internet is vastly higher than in the traditional media. During the 2000 campaign the only good interview of Bush was with David Letterman.
The over-managed campaign heads don't want to see their guy in a tight spot so they only select pussycat interviewers. Dean came off much better from being attacked by Chris Mathews than Bush did from getting easy pussycat questions.
Bush has made many claims and insinuations about the 'applicability' of the Geneva conventions. He has not come out and told the US people straight that he was not going to obey them, but that is what his administration has done.
The US Supreme court has directly contradicted the administration claims with respect to the applicability of US law at GITMO. Perhaps it did not help that hours after the solicitor general personally asserts that no torture is going on the pictures from Abu Ghraib and the Taguba report start comming out.
He also said the the UN is at risk of becoming irrelevent, which some would argue is a bit late.
You are right, it is way too late to make that assertion. At this point anyone with a brain can see that it will be at least one and more likely two decades before the US goes in for another unilateral adventure. Far from proving the 'irrelevance' of the UN Bush is now clinging to the hope that the UN can sort out the mess his adventure has left. Meanwhile there are reports comming out that suggest that Allawi has been murdering prisoners in cold blood which suggests that it is quite likely that once the US troops leave he will turn out to be little different to Saddam.
Meanwhile amongst the costs of the adventure are the loss of all the existing US bases in Saudi Arabia, the loss of pretty much every reliable aly the US had appart from Australia and the UK and the emergence of Iran as the new regional superpower with the democracy movement crushed and the mullahs back firmly in control. Even if you don't care about the 899 US lives lost (Republicans don't its a fact) or the $350 billion spent (how else could Halliburton make profits?) the adventure is a failure in terms of pure politics, Saddam in his box was nowhere near the treat that the nuclear armed mullahs are going to be, or Bin Laden has been all along come to that.
He parses his words carefully, and I wish people would quit misinterpreting them intentionally.
Bush speaks with a forked tongue, he parses his words very carefully, you can tell when he is lying because the only time he is coherent is when he is using some Whitehouse legaleeze that is even more hairsplitting than Clintons 'it depends what the definition of is is'.
The poster might have mis-stated Bush's actual words on the Geneva convention but he clearly got the sense completely right. Bush is not claiming the Geneva accords are invalid, he is just claiming that they can be ignored when it is convenient. Before Bush the standard that the US always applied when dealling with prisoners was whether the treatment they received would be considered grounds for a complaint if a US serviceman was subject to it. The US govt obeys the Geneva conventions to protect US servicemen who are caputured, thats the whole purpose. But the GOP would rather fly POW/MIA flags and tell the fables about missing Vietnam vets that piss off McCain and the real veterans in Congress.
Bush has made it clear from the start that he does not want to have his power constrained by pesky treaties or pesky laws like Habeas Corpus, even when the constitution states that treeaties are the law of the land and habeas can only be set asside by vote of Congress.
MovOn.org never made the claim, two anti-bush ads uploaded to a weblog/competition on moveon made the comparison and they were deleted as soon as moveon were told about them. Its a bit like saying that Slashdot is pro-goatsex.
The tenuous nature of the claim has not stopped the Bush campaign making an ad that intercuts shots of Kerry with shots of Hitler taken from the deleted contributions.
Clearly SCO are learning nothing from the Bush administration, if you substitute Bush administration for SCO and Bin Laden for Linux what you would get is something like:
Act One: Bin Linux initiates hostilities against SCO, SCO retaliates with massive lawsuit, then after a couple of months gets bored. Daryl McBride survives assasination attempt by a rogue pretzel.
Act Two: SCO gets bored with Bin Linux, decides that emacs is a copy of emacs, threatens to sue unless RMS releases sauce code.
Act Three: Despite protestations from RMS that he has already released the sauce code for emacs and the presence of code inspectors SCO applies for court injunction, RMS is thrown in jail.
Act Four: SCO hires company run by Daryl's brother to maintain the source code, company hires a hundred fresh out of college students, then bills SCO $5,000 per day each for their services.
Act Five: Report comes out stating that the grounds for the injuction were lies, SCO argues that the real Bin Linux threat comes from Iran.
Fact is, if SCO was learning from the Bush administration everything they did would be a complete incompetent Cheney-up from start to finish.
Actually while he was an ordinary MP Churchill spent a lot of time on copyright matters. He made sure he kept the copyright on all his speeches. The BBC have to pay a substantial fee every time they use them. Its probably at leas 500 quid by now.
I have regular contact with the FBI on spam related frauds. The gangs behind the vast majority of the advance fee frauds come from Nigeria.
Sure some of the frauds mention other countries, the gangs have started to find that people are very suspicious of anything from Nigeria. There was a recent spate of advance fee frauds that did come out of South Africa. The authorities quickly arrested a Nigerian gang.
Since Tibet is currently occupied by the PROC I don't think it likely that the gangs would want to operate from there and face their type of justice.
No, the scams are only possible if you have a failed state that does not have functioning law enforcement. The FBI have been working with the Nigerian govt. to get standard laws on the books to allow money transfers etc to be traced and money impounded. The govt. has been much better at this than catching the criminals.
Lets see, the Vatican was complicit in the persecution of the Hugenots and Jews in France during the 17th century, slavery in Latin America during the 18th and 19th century and now failing to denounce fascism and coddling pedophiles in the 20th century... so they might well be up for a spot of 'outsourced' suppression of open source heresy.
The memo itself looks to me to be nothing more than a standard slashdot style rant by a mid level manager at HP. His title was "Vice President of strategic architecture, HP Office of the CTO", that would mean he was reporting to the CTO, and certainly not an 'executive' as advertised. Executive has a very precise meaning in a company, most CTOs are not executives. The title VP at a company the size of HP does not mean a great deal, there are usually hundreds if not thousands of VPs at a company that size.
As for the accuracy of the rant, its a bit like finding a note from Paul Revere saying 'The British are Comming' two years after the fact, only in this case the memo is saying more like 'better be prepared on the offchance that the British come'.
And what part of this particular debate has not been thrashed to death years ago?
On the moderation front I suspect that the moderators are trying to avoid meta-moderation. I get a lot of 'redundant' and 'over-rated' mods when what the person really means is 'I don't want this statement to be heard'.
I think that after all these years the number of slashdotters who actually know RMS has steadily increased and there are enough people who now understand that RMS is to the free source movement what Ralph Nader is to the environmentalist movement - liable to take absolutist points of view that are 100% counter-productive.
I think that there are actually two separate issues here. The first is that there is a real role for public goods in the software industry. It makes no sense at all for everyone to start from square one. It is especially bad when public research money is used to create software that is then somehow diverted for private gain.
The second issue is that there are many areas where OSS is simply not even close to competative to commercial and likely never will be. The vast bulk of OSS software is simply copies of prior commercial work and the OSS code that is on the leading edge (Apache, PHP) is as likely as not to be BSD style rather than GPL.
The whole idea of GPL is to force people into developing free software by making everything that touches the GPL to become GPL.
So would the FBI, looks to me like the 419 gangs have passed way over the line here, if it can be verified.
The situation in Nigeria is that bad as the government is, the alternatives are worse. The religious fruitcakes in the north want to impose Sharia law first then massacre the Christian population or force them to convert. The current government was installed after a series of brutal military dictatorships.
The 419 gangs have murdered quite a few people over the years, but these were mostly people who had become embroiled in their schemes and thought they were helping with illegal money transfers.
Threatening murder is the type of crime that rates calling the ambassador for that country in to account and issuing an ultimatum.
There is currently an open question as to whether a particular General was responsible for using chemicaql weapons against civilians. The issue here being whether it can be proved in a law court.
There is no dispute as to the fact that BOTH Iraq and Iran used chemical weapons during the Iran/Iraq war.
It wasn't 'alleged', it was proved.
The US became so embarrassed by the reports of Saddam's attrocities that the CIA spent a lot of time and effort peddling the claim that 'yellow rain' was in fact the result of swarms of bees shitting at the same time and that the connection made with planes was purely coincidental.
And no, I am not making the above up.
It was the cube, not the pizza box? If so that would be the original programming machine.
The whole Web thing was a plot to introduce next into cern...
Any idea how they got hold of it? Tim had been asking CERN for it for several years. Last time I saw info.cern.ch it was sitting in an office with a note on it saying that Tim would really like to have it.
Actually not, as a US citizen Bill Gates is not entitled to use the honorific, he is due to be knighted sometime later this year as shown in this BBC story
Now, I'm no sportsfan, but to assert that sports are worthless is absurd
Even if they were useless are they any more useless than others who get paid equally obscene amounts of money? Tiger Woods does way more work in a year than a screen actor. Michael Schmacher, the world highest paid sportsman risks his life every time he takes to the track. Without his services and the services of other great drivers like Fangio before him there would be far, far less demand for Ferraris.
Fisher is a wanted criminal because he broke US law by aiding an abbetting a state who was at the time conducting genocide. The only reason he was being paid $3.3 million was to give the Serbian govt. the appearance of legitimacy.
In the aftermath of WW II, the British hung william Joyce 'Lord Haw Haw' as a traitor for doing the same sort of thing. Fischer deserves what is comming to him.
You know I would have a lot more sympathy when geeks complain about outsourcing if they had shown a bit more solidarity with manufaturing workers facing the same in the past, or wal mart workers getting paid minimum wage etc.
After all most geeks spend their time replacing people with machines, so why the great outrage when they turn out to be free market loosers?
The global supply of skilled labor is usually demand driven. Until recently the US had a major shortage of IT people and was issuing H1B visas to allow companies to recruit from abroad. It was only to be expected that restricting the supply of visas would cause the jobs to move abroad.
I don't accept the doomsday scenarios being depicted. At the end of the day there is only so much work that is self contained enough for someone to do from the other side of the world. It is one thing to outsource customer service, admin etc, quite another to outsource product design and development.
There are certainly Indian programmers who are every bit as good as US coders. But the combination of US based architect sending a design to a coder based in Dehli does not work half as well as when they are sitting next to each other.
The other factor that makes outsourcing self regulating is the fact that salaries in India are not actually low. If you look in terms of living standards a programmer working in Dehli can easily earn enough to support a large household with several servants. The only reason the salaries are cheap in dollar terms is that the exchange rates do not reflect purchasing power. As work is outsourced, demand for the Rupee rises and the exchange rates adjust accordingly. In the immediate aftermath of the collapse of the USSR you could go to Moscow and buy a case of Vodka for $2, this did not last very long (the price, not the case of vodka, Dufus).
The real problem for US based coders is the fact that a lot of jobs are not actually very skilled and there is quite a large supply of those skills in the wake of the dotcom boom.
Hey I wrote plenty of UNIX and VMS application code. A word processor is not a thin layer over legacy code (unless we are talking about emacs), but pretty much all the 'GUI' operating systems utilities are.
And if you bothered to read what I wrote you will see that I had said that the UNIX model is the one that gives greater visibility if something goes wrong. the only downside being that the greater visibility is useless unless you already know what you are doing. UNIX sure as heck ain't going to do anything to help you.
Pretty much the same could be said of any computing system - including acknowledged crap like MVS. Nobody claims that the mainframe o/s like MVS are ideal any more, but ten years ago there were still people arround who had never used anything else and thought that the MVS way of doing things was perfect.
Linux is essentially architected the same way a modern mainframe O/S are architected. You have a reasonable user interface that is connected to a terrible one via pushrods. All the work gets done by the cruft underneath, which does not matter much most of the time, but when something goes wrong you have to start fiddling with the engine.
Windows has a unitary design that is much closer to the way a car is designed, in windows the UI is the O/S, there is no underlying layer, most users never look at the registry, let alone start editing it.
From a pure architecture perspective the Windows approach is the right one, there is much less to go wrong. With Linux you have two places where things can go wrong, the O/S itself or the pushrods holding up the UI. This means it is much more likely something would go wrong, but if something does go wrong you have a lot more visibility into the problem and it is more likely that you can fix it - if you know what you are doing.
The last part is the kicker as far as being a real new computer user goes. It is very easy to learn UNIX if you have a large support community who can get you out of trouble, if you are at university or whatever. If you don't have that support structure you are not going to do UNIX for very long if there is an alternative.
Back in the early 90s the incentive for learning UNIX was that you could buy two SUN sparcstations for less than the cost of a slower VMS box. So it was worth putting up with the poor documentation and user interface. Today I just don't see the incentive, even though Linux is a major advance on SunOS or ULTRIX, the improvement there is nothing like the improvement of Windows over VMS.
Despite the claims made about OSS and innovation the fact is that in the last ten years the OSS movement has not done much more than write a copy of a 1970s O/S and layer on a 1980s window system.
Thats only true if you insist that the messages that pass between the computers have to be executable code. In the real world I don't think that is necessary or desirable.
This was actually the subject of a long conversation Uri Rabinski and I had with Alan he spoke at the Darmstat WWW conference. Alan had been pushing the idea that PDF was a better model for information interchange than HTML because in PDF the content was encapsulated with the code that interpreted it and gave it semantics. Tim Berners-Lee later joined in the conversation but did not get any further with Alan than Uri and I.
Needless to say I did not agree with this idea, and at the time it would be impossible to move PDFs arround as the core of the Web since they are typically five to ten times the size of the equivalent HTML and a fast modem was 28.8Kb/sec. But at a more fundamental level, with HTML google is possible, with PDF you are reduced to screen scraping technologies. HTML can render well to almost any output device (or rather could before being bastardized by netscape) PDF renders badly to anything other than paper the same size as the original rendering.
If you exchange declarative statements rather than programs firewalls don't represent a barrier. This is exactly what we have in the biological world (which Alan had used as analogy), cells do not accept raw DNA from the outside and run it. Viruses have to bypass these defenses.
I am not sure what Alan is up to here, the person who wrote the article clearly has a much less good idea of what Alan is up to than Alan.
Sure there are problems with most software. Word sucks, as do most HTML editors, despite all the pretty graphics sloshed into HTML there are still no good tools for producing printed output. Open source alternatives suck even worse, we get a bad copy of Word and several bad HTML editors. Same for Excel and spreadsheets.
If Wolfram had spent the last ten years doing something more important than writing a book that claims he is the modern Newton, mathematica might have gone somewhere interesting. Unfortunately it has gone from being a niche market tool for scientists to being a niche market tool for scientists and some engineers.
Hah, that was not an uncommon attitude back in 1980 or 1984, but by 1988 PC clones had spread through pretty much every company and pretty much every manager had one on his desk.
By 1988 it was pretty obvious to anyone with a clue that the mainframe systems were not going to control their companies any more. There was a huge change going on in the way that companies worked. Before the PC the corporate IT depts were real powers to be reconed with, if they refused to give you the information you needed there was no way you could work.
It is hardly surprising that EDS would be one of the last companies to change their view. They were heavily rooted in the old corporate mainframe culture.
I don't need a Jaguar XK8 to drive arround in either. That does not mean I am about to trade it in for a Trabant.
Actually most of that is available in *nix environments, and yes you can even view a function parameters in vim(it tags where all of them are and you can just skip to it and back).
And Linux has a desktop that is just as good as Windows 95. Yeah, I have heard it all before.
Yawn, LSE had that back in 1990. Thats why it was called LANGUAGE SENSITIVE Editor...
The syntax sensitive part is actually something of a drag. Much more useful is the feature set that was carried over to Visual Studio, things like the editor telling you the parameter lists for a subroutine call as you type them, ability to navigate forward or backwards through references, having documentation generated automatically from code.