Um, what? No, no, no. You leave your doors open, and it's -your- fault that someone comes in and blows up your house? That is laughably false. About the only difference is that the hypothetical bomber may not have committed break-and-enter (here I believe it was referred to as the "thin man" exception -- if you're thin enough to get in the door without pushing it open, then you haven't committed a B&E. I've heard they've since tightened this up so that even a "thin man" can be charged).
You're seriously mixing up negligence and criminal responsibility. If I left my sidewalk icy and unshovelled, I may be negligent if someone slipped and fell. That person, through no fault of their own, was hurt because I didn't do something that I may be responsible for doing. You're mixing this up with criminal responsibility by saying, "Ah but you are responsible for locking your doors and keeping your house break-in proof! It's your fault that this person broke into your house and bombed the neighbourhood" Um, no, definitely not. The -bomber- is the only person who is responsible for the bomb going off. People are responsible for ensuring that they themselves DON'T BREAK THE LAW, period. My securing of my house is merely helping honest people stay honest. That bomber deliberately chose to bomb the neighbourhood, and break those laws.
It's exactly the same with computers. Some idiot l33t kid decided to root my box and use it to attack other people. That l33t kid is the criminal, not me. End of story.
Are you SERIOUS? It's my fault if someone else breaks into my computer? Holy cow is that ever ridiculous. How about if we made it YOUR fault if someone breaks into your house whie you're away on holidays, breaks a gas line or something, and then the house explodes and devastates the neighbourhood? After all, why didn't you secure your home?
Yes, you have to secure your computer. But it's really no different at -all- from securing your home. Security is never going to be perfect, and now you're saying that unless their security is perfect, they're responsible? Remember, folks, that security is NEVER perfect, and that there will always be a possibility of a break-in. So, then, it's always possible that anyone's computer will be rooted. Thus, you have zero chance of ever being completely safe from being sued from these damages.
Nah, the 12" pb is SUPER. I'm not sure why people think of the 12" computers as a "sub" notebook. It's not really that small, especially compared to the smallest eg. Vaio computers. The new pb won't be significantly smaller than the 12" iBook, which is what I have right now. It's the perfect size, I think. The keyboard is full size, the screen runs at 1024x768, the cdrom is built in.
I personally think the 17" pb will be the one to go "cube". It's just too big! That'll be like carrying around a pizza box! I guess it works as a semi-mobile desktop though.
Nope. Those are _MICRO_Sieverts, not millisieverts. That's 0.0001 mSv/hr. You'll still see it on that watch, supposedly.
However, if memory serves me, the average north american feels between 360 and 640 millerem annually (depending on whether or not you smoke). A rem is 0.01 Sievert, so 360 millirem = 3.6 mSv. There are about 8760 hours / year, which gives about 0.0004 mSv/hr. (Did I screw anything up there?)
However, the most important thing in my mind is that the wearer of the watch will become very aware of just how pervasive and natural a small amount of radiation really is. Maybe if everyone wore one, we wouldn't have the misinformed paranoia that accompanies the word "radioactive":)
I dunno. I mean, I see your point, and in a way I -almost- even agree that GPL is "less free" than BSD. I don't think the limitations of the GPL are at all arbitrary and unjustified though.
I believe that the BSD and GPL have very different goals in mind. The BSD license is meant to just get the software out there and get it used, period. It is concerned with the freedom of the user to use that particular piece of software in whatever way the user deems fit. The GPL, on the other hand, seems to be geared towards the freedom of software *in general*, slightly at the expense of the immediate user of a particular piece of software. You're right that there is an agenda in mind, but I believe that agenda is the ultimate freedom of all users to use all software in the way that many believe users should be able to. (RMS correct me if I'm wrong here). Ultimately, they're both about freedom -- there's no trickery going on here.
So, then, vastly different scopes. BSD -> small scale practical freedom. GPL -> large scale freedom. Which is more "right"? Neither! I'm a firm believer in the merits of both licenses (and others as well).
Yep, that's a sticky wicket alrighty, not being able to change the licensing terms to GPL software. It just flies in the face of true freedom!
Kinda like how murder is illegal. I mean, in a truly free society, wouldn't I be free to chop some other person's head off if I wanted to? It's a bit of a misnomer, this "free" society idea then, isn't it?
The lesson of this exaggerated and sensationalist example: in the real world, there is no such thing as *absolute* freedom. Any useful and practical freedom necessarily has limitations.
Security is about risk management, nothing more. Is it possible that some kid can break your connection? Yeah. Sure. Are they going to? I *seriously* doubt it. Why would they bother? To sniff your traffic? Ooooh. They'll see me reading slashdot. They may even get my slashdot password! Darn. They'll steal my Visa number! Um, nope, because that's over SSL. And my terminal connections are SSH. Email? Maybe, but I consider that a "public postcard" anyways, and I can and do use GPG when necessary. There is no traffic from my network that would make me a deliberate target of a snoop. Nobody would ever -plan- to hit my network and snoop my traffic or attack my boxes. Of course, if I was a business or had some kind of trade secrets, maybe they would (and this would change the situation).
So what does that leave? That leaves people who happen on my network at random, and decide to try to use it for access or for kicks.
Maybe your area is different, but in my neighbourhood, I can't drive more than half a block without finding a completely wide-open wireless lan. The usual density is much higher -- three or four to a block. And this is just me driving with my iBook propped open! Imagine if I actually used an external antenna! What does this mean? Nobody is going to go bother randomly cracking my network just to get bandwidth, when they can simply select another network and get it instantly.
The moral of the story? Consider your risks. I feel I have very little to risk: I have no "intellectual property" to protect, really. My email is essentially public anyhow. My boxes are up to date and as secure as they can be (I think). Wireless network has the benefit of amazing convenience. It is a small risk that I mitigate to an acceptable level. Therefore, it's a managed risk. That's all that matters in security.
Well, I'd say I'm a "medium"-core BSD-er. I spent a lot of time with Linux -- I cut my teeth on the late 1.x/early 2.0 kernels in the Slackware days. I moved on to try Redhat, SuSE, and Mandrake seriously (and many others fleetingly). Then about two or three years ago, I tried FreeBSD and I've never looked back since. It all happened when I tried to upgrade to a new version of glibc (remember that?). Holy cow was that ever a mess... I was so pissed off that I wiped the drive and installed FreeBSD -- it was purely a rage-induced reaction.
After that, I was hooked. Don't get me wrong, Linux is tons of fun. But that's just it -- maintaining a current system can be a hobby unto itself. I honestly think that's why so many people really dig it. There's always hacking and work to be done. There's always some stuff that is broken and needs to be fixed. It seems like a Linux installation stays fresh and good for about a year at the most, and then you have to wipe and reinstall from scratch due to accumulated annoyances. For bleeding edge hacker types, that sort of thing isn't a problem -- they do it anyhow, and think of it as fun. I did for a while too, but then I got tired of it.
FreeBSD was such a welcome release. It just -works-. Between the base system and the ports, it's all flawless. With every new release, I'd run the ol' "make buildworld" and a whole new system would magically appear an hour later. In three years of updating, the update never failed once. I've never had to reinstall from scratch, and so I'm still running the system that I installed all those years ago.
Anyhow, I know it's possible to stay stable with linux. Debian appears to do this quite well, and if I were to run Linux again, I'm sure I'd be happy with Debian. It's just.. I dunno. There's nothing -wrong- with Linux, it's just not my style any more. FreeBSD has this incredible simplicity that I've never found anywhere else (FWIW, I do find the same things with Net/OpenBSD, I just find that FreeBSD is a friendlier desktop).
Seriously, this is (IMHO) the perfect opportunity for another nice and easy application of strong cryptography. The idea is you want to store your own bookmarks, address book, and all sorts of personal information. And you want to be able to access it anywhere, right? So why not just store it somewhere reasonably decentralized (maybe a few redundant server farms) as a block of data encrypted with a symmetric algorithm? It wouldn't be more than maybe a couple of megs at the absolute MOST (that's a TON of addresses). I'd pay a few bucks a month for that service. In a sense, I already do, as I store a copy of my bookmarks, address books, and more on my Apple.mac iDisk in an encrypted disk image.
You're the only one who ever needs your own personal information, right? So this way you don't have to trust anyone with it. Your Mozilla will pull the block from the server, decrypt it with your pass phrase, and load it into the application. You'll could keep it locally cached if you like.
It doesn't require any new technology. The data could be served up by web servers. The back-end databases would use the usual replication and high-availability stuff.
If you could build it so Mozilla, Evolution, KMail, and all sorts of other applications can load the block or blocks (just an HTTP GET), decrypt (via the OpenSSL libraries), and parse (XML), you're done. When you make a change, you push the new versions back to the server.
The weak link, as usual, is the strength of the passwords.
Well, that's a reasonable (if unethical) strategy as long as the stakes aren't very high. Really, you're doing a crude form of risk management as well. You're saying that the losses due to these unaddressed problems will be *less* than the cost of implementing anything more than having a paper-certified fall-guy. But the risk that you'll be sued for negligence is *more* than the cost of said paper-certified fall guy.
As long as you've truly researched things, and have a good handle on what your risks truly are, Bravo.:)
Nope, actually I don't believe in CISSP so much. Some of their ideas are good, but they have a weird mixture of trivia and outdated risk management strategies. Their heart is in the right place, but their approach is a bit immature and unrealistic.
Sounds like you don't like the entire risk-management angle though. What would you recommend? How do you deal with complicated corporate information security issues?
It isn't lazy admins. It's lazy management. There is one exception -- home servers. In that case, it's a lazy (or ignorant) user-turned-admin.
Security is about risk management. It's about process, procedure, and diligence. Security is not a technology problem, and it is not solved by geeks.
You can have a secure server farm running virtually any kind of software out there (including M$ products). How? By having a tight, auditable system. You carefully install the systems, documenting your procedure and following best practices (even if you develop them -- the important thing is to have a process). You maintain them on a schedule, leaving nothing to chance. You document the configuration thoroughly, and you enforce rigorous change control.
You might not even have OpenSSL upgraded even though it's vulnerable! You have to decide how much risk is acceptable and worthwhile, but the trick is to consciously and deliberately evaluate the risk, and decide how you're going to deal with it.
This applies to everything. You don't leave it up to your sysadmins to decide whether or not they should upgrade -- it's a part of a checklist that must be done, and can be independently verified at any time. It's part of a procedure that will allow new upgrades to be thoroughly tested and carefully rolled out to avoid downtimes due to unexpected incompatibilities between new and old versions. Imagine someone unwittingly upgrading apache from 1.3 to 2.0, without full testing on a major production system or even realizing that there may be configuration differences.... Nightmarish.
The only way to truly run a secure system is to realize that it has to be extremely carefully planned and managed. It's a hell of a lot of work, and it costs a lot of money. So it quickly becomes an exercise in traditional risk management. This is where the suits and the high-priced consultants often come in. You have to find out how much everything is worth, and what kind of risk you're willing to tolerate (or conversely, how much security you can afford given your environment). You will never be 100% mathematically inpenetrable, but you can reduce your risk to a level that you're comfortable with.
Obviously, this kind of thing scales. If you have a simple system, your plans and procedures can be fairly simple as well. As long as you have a solid verifiable plan, and you stick to it, you'll be fine. If you have a complicated system, your security management is going to be complicated as well.
Sounds like a job for the Mozilla calendar project. They already have a system that works quite well. Check out http://mozilla.org/projects/calendar to see what they have.
I'm not a programmer, but I would imagine that it would be relatively straight-forward to put the required support into that project to deal completely and seamlessly with iCal. vCalendar is pretty simple to parse, and I don't imagine webdav would be tough to put in. Maybe I'm wrong though, since (as I say) I'm not a programmer.
Re:"Share your calenders online!"
on
Apple Releases iCal
·
· Score: 4, Informative
Ummm... I think you're missing the point. It's not just for other people to a "admire", it's for them to use. You can have a shared calendar that other people subscribe to for their scheduling. For example, one soccer mom can make up the master carpooling schedule, and all the other soccer moms in her group can subscribe to the published version. Or you can publish all of your indie band's concert dates, so all your groupies can be sure to attend. I'm sure you can think of lots of examples where groups of people share a common event calendar.
It's a way to publish a single calendar to lots of people at the same time, and have it integrate into their iCal seamlessly. Maybe you won't have a use for it, but I sure do.
Raymond Serway's text, "Physics for Scientists and Engineers (with modern physics)" has EVERYTHING that a beginning physics student needs. All that you need to bring to the table is some basic math skills (you can even get by without calculus if necessary). This is (was?) the workhorse textbook for virtually every first-year "real" physics course that I've ever seen. Heck, we used it in two first year courses, and three second year courses. It's a great book. When I did my physics degree (graduated 2000) I used this book clear through to my senior years as an overall reference. I used the 3rd edition, but I'm sure newer editions are just as good.
It is clear, concise, complete, and easily available on the cheap. I'm very sure you could go to your local college or university and buy it in the used textbook store. Don't worry if it's five or ten years old -- first-year physics hasn't changed much in ten years:)
I can't give you a detailed comparison. I'll tell you what I've learned so far though.
First, some background. My education is physics and mathematics. My wife is a dentist. About two years ago, I attended a lecture by a visiting professor who was doing work building things like dental lasers -- the so-called sub-picosecond-pulse lasers. It was an excellent lecture and he really knew his stuff. Naturally, I came home all abuzz, and started talking to my wife about it.
It turns out that many dentists think the lasers may be cool and all, but they'll probably never use them for drilling out teeth. Cutting softer tissue, sure, but not drilling the actual tooth. She says that a huge part of the drilling process is feel. While you're drilling, you can feel when you're drilling softer, infected enamel and dentin versus hard, clean tooth. Taking that feel away would severely compromise her ability to be sure that she's drilled out all the decay, without drilling out too much of the tooth and possibly compromising its integrity or perforating into the pulp.
My wife has left for her office already, so I can't get her to comment directly. I'd love to hear from any other dentists, though. What do you think? Is feel really that important when you're drilling?
Nah, it's not like that. I'll get rid of the iBook just to get some cash back. Happily, Apple hardware seems to hold a fair bit of value. I'll easily get enough off of this to buy myself a really nice new tower loaded up with fast-but-cheap commodity hardware.
Unless it's running Mac OS X, I don't really see much benefit in having the Apple hardware. I'm not really a power CPU user or anything like that, I don't care whether it's a G3 or a K6-II, as long as I have lots of ram and disk space:)
Yeah, this is the kind of thing I was used to dealing with on Linux and later FreeBSD, and it's the kind of thing that should not be necessary with a consumer-ready operating system. I mean, seriously, this is how it's supposed to "just work"? Please. This is the type of apologism that I simply will not tolerate. For Linux and FreeBSD: sure, that's part of the culture. But for Mac OS?
This has nothing to do with RTFM. These problems should NOT be happening in the first place. This isn't me not reading the manuals, this isn't me incorrectly installing software, and this isn't me messing around where I have no business messing around. This is me trying to use my computer precisely how I was told I would be able to use it. It doesn't work.
And no, incorrect file permissions wasn't the issue. After many years of professional Unix administration, I've learned that Unix problems are often as simple as permissions, so those are the first things I checked. As for the Directory Setup, that was something that I did long ago -- a tip from someone who was intimately acquainted with MacOS X. Yeah, it helped, but not enough.
I've been looking for solutions to each of my problems for weeks -- to no avail. Apple's support channels have no answers, and less formal channels can't come up with solutions either. I find it disturbing that I get better help from macosxhints.com than I do from Apple.
This is exactly why I maintain that 10.1.5 isn't done. I paid Apple for an operating system that works, and they haven't delivered yet. Now I know they never will (unless, of course, I fork over another CAN$195). I was happy to wait, knowing that eventually they'd fix the major bugs and let me do what I need to do with my computer. Now I find I was nothing more than a beta tester (and I had to pay for that privilege).
Yeah, the two and a half months warning is better than nothing, but by warning I'd like six months or a year. I expect my computer software to be good for at least a good year -- and since iTools was sold to me as part of the package, I'd be ok with the iTools shutdown if it was, say, the end of 2002.
About the 10.1.5... Well, I have had a lot of annoying little problems. My printer doesn't work -- and not only that, my Print Center program "unexpectedly quit"s every time I try to add a printer. Ugh. Then there's the unacceptable Finder sluggishness. And the odd tendency for my rebooting into OS 9 to put my system in a completely unusable state (as mentioned in another post) so that I have to boot manually from firmware. It works, and the features are there, but there are a lot of bugs. In my software development, I'd call it a late beta release (but definitely beta).
Honestly, I wouldn't mind a bit paying for the Jaguar upgrade. All those new pieces of software look cool. What bugs me is that I must buy it just to get the updates and bug fixes. M$ still updates '98 and Sun still releases patch clusters for Solaris 7. That's all I'm mad about -- that I won't get bug fixes and patches and stuff unless I fork over for 10.2. (and once again, I'll happily and profusely apologize if I am wrong and Apple does keep updating it).
What I think is "evil" and where I got "hooked" is that iTools and the updating of Mac OS X was sold to me as a feature -- a reason to buy Apple. I got used to it and I liked it. I don't necessarily expect it all to go forever, but I do think there should have been a lot more warning -- especially with iTools. Also, as I said in another post, I don't think 10.1.5 is finished enough to call it a "product". Admittedly, I will happily and profusely apologize if Apple continues to release bug fixes and updates to 10.1 even after 10.2 is released (just like M$ still releases '98 updates despite 2k and XP). I'm not too hopeful though.
So now that they've made some real advances on the OS, they're putting it with all this other glitzy stuff that, while interesting, isn't what I want. They bundle it all together and make me buy this glitz along with the unglamourous upgrades/bugfixes that I really want.
I still might buy it all, as I am quite locked in. In any case, I'll run Mac OS X for a bit. When I get all my data off, I'll try to sell this computer, and if I can't do that I'll try Darwin. I'm a FreeBSD guy at heart, so it wouldn't be much of a stretch.
They took away iTools, a selling feature. No, they didn't promise it forever, but I would have thought they'd give me a bit of warning. I'm certainly not the only one who is shocked and surprised by this move.
As for the continuous upgrades.. Well, I used to get that for Windows, back when I used it. I imagine M$ is probably still issuing patches and updates to '98. Will Apple do that for 10.1.5?
As for "self-contained" I mean "a complete product". For me, 10.1.5 works just well enough that I can get my day to day work done, with kludges -- about the same as Windows, actually.
But programs still crash, my System Prefs still hangs, my finder is painfully slow, occasionally everything locks up.... It's just not done. I was willing to put up with that, as I was under the (mistaken) impression that I was sold a work in progress, and that Apple would let me upgrade it when it was (reasonably) finished. I'm certainly not interested in unlimited free upgrades -- just the bonehead things. Like why is it that occasionally (twice in two months) when I try to reboot into OS 9, I completely lose my system folder settings, and have to boot manually from the firmware? And this was on 10.1.5. Show-stoppers like that aren't acceptable.
As I say, the deal is that I get a computer that works. I was willing to put up with it while they built it. Part of the deal was that I would run OS X, and pay fully for all of it, and then I would get a nice running system. I'm almost there... And just when I can see the end, and just when the OS seems finished.... They hit me with another bill to pay.
They devalued what I bought by taking away my iTools, and by not finishing my operating system. With Windows, I expect it to be buggy, but I also know that what I buy is what I get. With OS X, though, I was promised a system that just works, and upgrades until they get it right. It's not right yet, but they want me to pay more.
Yeah, I was naive. But, I won't make that mistake again. I'm going back to FreeBSD.
When I was sold an iBook, part of the package was "free access to iTools" and "free updates as they become available". Nothing there said it was temporary -- only good until they decide to charge for it.
When I was sold an iBook, I was given three coupons for free upgrades to the operating system. Part of my concern was that it is a young operating system. I was repeatedly reassured that these coupons were my ticket for free upgrades. Maybe I'd have to pay $19.99 for media and shipping, but essentially free. "Fair enough," I thought.
And, "nominal fee" ?? Is this a joke? How can you seriously consider over a hundred bucks nominal? $19.99 to cover shipping and handling of a cd package is a "nominal fee". I was happy to pay that.
Mac OS X 10.1.5 is not self-contained. The operating system is not complete and fully stable. It works fairly well, but it has a lot of polish left (eg my "supported" printer *still* doesn't work properly, and I get some odd performance issues). But, while 10.1.5 may not be self-contained, 10.1.5 with a commitment to upgrades as they become available is self contained. This is what I have lost.
People keep telling me "But this isn't just bug fixes!! It's upgrades and new software!!" Guess what? I don't want that. All I want is to have everything working properly on my system. I don't CARE about all these new products, and I'd be happy to buy them if I did.
What I object to is that Apple changed their deal with me after I committed. No, it wasn't a legal deal, and there was no contract. I was sold on the idea that Apple takes care of its customers, and that everything "just works" and that there are "no surprises". I took their word for it on a handshake alone. Naive? Maybe. But I'm not saying I'm gonna try to sue them. I'm just getting out.
Yeah, that's exactly it. You completely lose the email and everything if you don't pay the $100. I think I might buy my own domain name and just use that for my email address. That way I am a lot more flexible and I probably won't ever have to give it up. I'll have to pay for it, but at least it'll be mine then.
Nah, I'll still buy it to use while I figure out how I get off my Mac. Plus I suppose it'll help my resale value when I sell this thing as soon as I get the exit strategy worked out. At least macs retain some kind of value after six months or a year.
Now I know, however, how they have decided to operate. I won't get myself further locked into their systems and software. I won't convert my scheduling and contact info into iCal and iSync unless I know exactly how to get it all OUT again very easily, for example.
In the future, I'll stick to cheaper and lower quality commodity hardware and FreeBSD -- at least I know what I'm paying for, and I don't get strong-armed into forking over hundreds of dollars whenever FreeBSD decides it needs to improve its cash flow (even if they do give me extra toys for it, and even if the "value" is more than I'm paying. If I wanted it, I'd buy it myself). Yeah, I'm giving up an excellent operating system, but it just isn't worth it any more.
Well, I do need to pay for.Mac, because it would cost me a lot of time and effort to switch away from my @mac.com email address -- friends, family, mailing lists, everything is structured around my mac.com address. I also use my homepage.mac.com website a fair bit too. The main thing, however, is the use of the email address.
See, when I bought my iBook (two short months ago), it was Unix that brought me to the store. Then I found the laptop -- the 12" 20GB one -- and I loved its small size (I hate big notebooks). Then I started using it, and got fully hooked by the bundled apps. When I bought it, it was all "self-contained". I didn't need to go out and buy *anything*, which is the only reason I could justify spending CAN$2500 on the "budget" notebook.
I spent a large chunk of money, and quite a bit of time, getting into this laptop. Now I find that I have to fork over CAN$350 to stay current on the operating system (which *is* still developing, and does have annoyances) and to keep my email address. The alternative is that I try to switch off the email address, and my laptop languishes in its current OS revision.
I -will- fork it over, but only to buy me an extra year to find my exit strategy. Hopefully by then, FreeBSD will support my digital camera and have decent software for it (and I can barely type that without giggling madly).
Even with the wonderful interface, cool hardware, and interesting approach to computing, Apple was cutting my "value" judgement very thinly. By piling another CAN$350 onto the bill, they've pushed me over the line. It is a great operating system, on very cool hardware, but to me it just isn't worth what they want me to pay for it. The reason I'm bitter is that they've made me discover that after I started paying for it.
Slashdot Mirror
Um, what? No, no, no. You leave your doors open, and it's -your- fault that someone comes in and blows up your house? That is laughably false. About the only difference is that the hypothetical bomber may not have committed break-and-enter (here I believe it was referred to as the "thin man" exception -- if you're thin enough to get in the door without pushing it open, then you haven't committed a B&E. I've heard they've since tightened this up so that even a "thin man" can be charged).
You're seriously mixing up negligence and criminal responsibility. If I left my sidewalk icy and unshovelled, I may be negligent if someone slipped and fell. That person, through no fault of their own, was hurt because I didn't do something that I may be responsible for doing. You're mixing this up with criminal responsibility by saying, "Ah but you are responsible for locking your doors and keeping your house break-in proof! It's your fault that this person broke into your house and bombed the neighbourhood" Um, no, definitely not. The -bomber- is the only person who is responsible for the bomb going off. People are responsible for ensuring that they themselves DON'T BREAK THE LAW, period. My securing of my house is merely helping honest people stay honest. That bomber deliberately chose to bomb the neighbourhood, and break those laws.
It's exactly the same with computers. Some idiot l33t kid decided to root my box and use it to attack other people. That l33t kid is the criminal, not me. End of story.
Are you SERIOUS? It's my fault if someone else breaks into my computer? Holy cow is that ever ridiculous. How about if we made it YOUR fault if someone breaks into your house whie you're away on holidays, breaks a gas line or something, and then the house explodes and devastates the neighbourhood? After all, why didn't you secure your home?
Yes, you have to secure your computer. But it's really no different at -all- from securing your home. Security is never going to be perfect, and now you're saying that unless their security is perfect, they're responsible? Remember, folks, that security is NEVER perfect, and that there will always be a possibility of a break-in. So, then, it's always possible that anyone's computer will be rooted. Thus, you have zero chance of ever being completely safe from being sued from these damages.
Sorry, but that's ridiculous.
Nah, the 12" pb is SUPER. I'm not sure why people think of the 12" computers as a "sub" notebook. It's not really that small, especially compared to the smallest eg. Vaio computers. The new pb won't be significantly smaller than the 12" iBook, which is what I have right now. It's the perfect size, I think. The keyboard is full size, the screen runs at 1024x768, the cdrom is built in.
I personally think the 17" pb will be the one to go "cube". It's just too big! That'll be like carrying around a pizza box! I guess it works as a semi-mobile desktop though.
Nope. Those are _MICRO_Sieverts, not millisieverts. That's 0.0001 mSv/hr. You'll still see it on that watch, supposedly.
:)
However, if memory serves me, the average north american feels between 360 and 640 millerem annually (depending on whether or not you smoke). A rem is 0.01 Sievert, so 360 millirem = 3.6 mSv. There are about 8760 hours / year, which gives about 0.0004 mSv/hr. (Did I screw anything up there?)
However, the most important thing in my mind is that the wearer of the watch will become very aware of just how pervasive and natural a small amount of radiation really is. Maybe if everyone wore one, we wouldn't have the misinformed paranoia that accompanies the word "radioactive"
I dunno. I mean, I see your point, and in a way I -almost- even agree that GPL is "less free" than BSD. I don't think the limitations of the GPL are at all arbitrary and unjustified though.
I believe that the BSD and GPL have very different goals in mind. The BSD license is meant to just get the software out there and get it used, period. It is concerned with the freedom of the user to use that particular piece of software in whatever way the user deems fit. The GPL, on the other hand, seems to be geared towards the freedom of software *in general*, slightly at the expense of the immediate user of a particular piece of software. You're right that there is an agenda in mind, but I believe that agenda is the ultimate freedom of all users to use all software in the way that many believe users should be able to. (RMS correct me if I'm wrong here). Ultimately, they're both about freedom -- there's no trickery going on here.
So, then, vastly different scopes. BSD -> small scale practical freedom. GPL -> large scale freedom. Which is more "right"? Neither! I'm a firm believer in the merits of both licenses (and others as well).
Yep, that's a sticky wicket alrighty, not being able to change the licensing terms to GPL software. It just flies in the face of true freedom!
Kinda like how murder is illegal. I mean, in a truly free society, wouldn't I be free to chop some other person's head off if I wanted to? It's a bit of a misnomer, this "free" society idea then, isn't it?
The lesson of this exaggerated and sensationalist example: in the real world, there is no such thing as *absolute* freedom. Any useful and practical freedom necessarily has limitations.
Security is about risk management, nothing more. Is it possible that some kid can break your connection? Yeah. Sure. Are they going to? I *seriously* doubt it. Why would they bother? To sniff your traffic? Ooooh. They'll see me reading slashdot. They may even get my slashdot password! Darn. They'll steal my Visa number! Um, nope, because that's over SSL. And my terminal connections are SSH. Email? Maybe, but I consider that a "public postcard" anyways, and I can and do use GPG when necessary. There is no traffic from my network that would make me a deliberate target of a snoop. Nobody would ever -plan- to hit my network and snoop my traffic or attack my boxes. Of course, if I was a business or had some kind of trade secrets, maybe they would (and this would change the situation).
So what does that leave? That leaves people who happen on my network at random, and decide to try to use it for access or for kicks.
Maybe your area is different, but in my neighbourhood, I can't drive more than half a block without finding a completely wide-open wireless lan. The usual density is much higher -- three or four to a block. And this is just me driving with my iBook propped open! Imagine if I actually used an external antenna! What does this mean? Nobody is going to go bother randomly cracking my network just to get bandwidth, when they can simply select another network and get it instantly.
The moral of the story? Consider your risks. I feel I have very little to risk: I have no "intellectual property" to protect, really. My email is essentially public anyhow. My boxes are up to date and as secure as they can be (I think). Wireless network has the benefit of amazing convenience. It is a small risk that I mitigate to an acceptable level. Therefore, it's a managed risk. That's all that matters in security.
Well, I'd say I'm a "medium"-core BSD-er. I spent a lot of time with Linux -- I cut my teeth on the late 1.x/early 2.0 kernels in the Slackware days. I moved on to try Redhat, SuSE, and Mandrake seriously (and many others fleetingly). Then about two or three years ago, I tried FreeBSD and I've never looked back since. It all happened when I tried to upgrade to a new version of glibc (remember that?). Holy cow was that ever a mess... I was so pissed off that I wiped the drive and installed FreeBSD -- it was purely a rage-induced reaction.
After that, I was hooked. Don't get me wrong, Linux is tons of fun. But that's just it -- maintaining a current system can be a hobby unto itself. I honestly think that's why so many people really dig it. There's always hacking and work to be done. There's always some stuff that is broken and needs to be fixed. It seems like a Linux installation stays fresh and good for about a year at the most, and then you have to wipe and reinstall from scratch due to accumulated annoyances. For bleeding edge hacker types, that sort of thing isn't a problem -- they do it anyhow, and think of it as fun. I did for a while too, but then I got tired of it.
FreeBSD was such a welcome release. It just -works-. Between the base system and the ports, it's all flawless. With every new release, I'd run the ol' "make buildworld" and a whole new system would magically appear an hour later. In three years of updating, the update never failed once. I've never had to reinstall from scratch, and so I'm still running the system that I installed all those years ago.
Anyhow, I know it's possible to stay stable with linux. Debian appears to do this quite well, and if I were to run Linux again, I'm sure I'd be happy with Debian. It's just.. I dunno. There's nothing -wrong- with Linux, it's just not my style any more. FreeBSD has this incredible simplicity that I've never found anywhere else (FWIW, I do find the same things with Net/OpenBSD, I just find that FreeBSD is a friendlier desktop).
Seriously, this is (IMHO) the perfect opportunity for another nice and easy application of strong cryptography. The idea is you want to store your own bookmarks, address book, and all sorts of personal information. And you want to be able to access it anywhere, right? So why not just store it somewhere reasonably decentralized (maybe a few redundant server farms) as a block of data encrypted with a symmetric algorithm? It wouldn't be more than maybe a couple of megs at the absolute MOST (that's a TON of addresses). I'd pay a few bucks a month for that service. In a sense, I already do, as I store a copy of my bookmarks, address books, and more on my Apple .mac iDisk in an encrypted disk image.
You're the only one who ever needs your own personal information, right? So this way you don't have to trust anyone with it. Your Mozilla will pull the block from the server, decrypt it with your pass phrase, and load it into the application. You'll could keep it locally cached if you like.
It doesn't require any new technology. The data could be served up by web servers. The back-end databases would use the usual replication and high-availability stuff.
If you could build it so Mozilla, Evolution, KMail, and all sorts of other applications can load the block or blocks (just an HTTP GET), decrypt (via the OpenSSL libraries), and parse (XML), you're done. When you make a change, you push the new versions back to the server.
The weak link, as usual, is the strength of the passwords.
Well, that's a reasonable (if unethical) strategy as long as the stakes aren't very high. Really, you're doing a crude form of risk management as well. You're saying that the losses due to these unaddressed problems will be *less* than the cost of implementing anything more than having a paper-certified fall-guy. But the risk that you'll be sued for negligence is *more* than the cost of said paper-certified fall guy.
:)
As long as you've truly researched things, and have a good handle on what your risks truly are, Bravo.
Nope, actually I don't believe in CISSP so much. Some of their ideas are good, but they have a weird mixture of trivia and outdated risk management strategies. Their heart is in the right place, but their approach is a bit immature and unrealistic.
Sounds like you don't like the entire risk-management angle though. What would you recommend? How do you deal with complicated corporate information security issues?
It isn't lazy admins. It's lazy management. There is one exception -- home servers. In that case, it's a lazy (or ignorant) user-turned-admin.
Security is about risk management. It's about process, procedure, and diligence. Security is not a technology problem, and it is not solved by geeks.
You can have a secure server farm running virtually any kind of software out there (including M$ products). How? By having a tight, auditable system. You carefully install the systems, documenting your procedure and following best practices (even if you develop them -- the important thing is to have a process). You maintain them on a schedule, leaving nothing to chance. You document the configuration thoroughly, and you enforce rigorous change control.
You might not even have OpenSSL upgraded even though it's vulnerable! You have to decide how much risk is acceptable and worthwhile, but the trick is to consciously and deliberately evaluate the risk, and decide how you're going to deal with it.
This applies to everything. You don't leave it up to your sysadmins to decide whether or not they should upgrade -- it's a part of a checklist that must be done, and can be independently verified at any time. It's part of a procedure that will allow new upgrades to be thoroughly tested and carefully rolled out to avoid downtimes due to unexpected incompatibilities between new and old versions. Imagine someone unwittingly upgrading apache from 1.3 to 2.0, without full testing on a major production system or even realizing that there may be configuration differences.... Nightmarish.
The only way to truly run a secure system is to realize that it has to be extremely carefully planned and managed. It's a hell of a lot of work, and it costs a lot of money. So it quickly becomes an exercise in traditional risk management. This is where the suits and the high-priced consultants often come in. You have to find out how much everything is worth, and what kind of risk you're willing to tolerate (or conversely, how much security you can afford given your environment). You will never be 100% mathematically inpenetrable, but you can reduce your risk to a level that you're comfortable with.
Obviously, this kind of thing scales. If you have a simple system, your plans and procedures can be fairly simple as well. As long as you have a solid verifiable plan, and you stick to it, you'll be fine. If you have a complicated system, your security management is going to be complicated as well.
Sounds like a job for the Mozilla calendar project. They already have a system that works quite well. Check out http://mozilla.org/projects/calendar to see what they have.
I'm not a programmer, but I would imagine that it would be relatively straight-forward to put the required support into that project to deal completely and seamlessly with iCal. vCalendar is pretty simple to parse, and I don't imagine webdav would be tough to put in. Maybe I'm wrong though, since (as I say) I'm not a programmer.
Ummm... I think you're missing the point. It's not just for other people to a "admire", it's for them to use. You can have a shared calendar that other people subscribe to for their scheduling. For example, one soccer mom can make up the master carpooling schedule, and all the other soccer moms in her group can subscribe to the published version. Or you can publish all of your indie band's concert dates, so all your groupies can be sure to attend. I'm sure you can think of lots of examples where groups of people share a common event calendar.
It's a way to publish a single calendar to lots of people at the same time, and have it integrate into their iCal seamlessly. Maybe you won't have a use for it, but I sure do.
Raymond Serway's text, "Physics for Scientists and Engineers (with modern physics)" has EVERYTHING that a beginning physics student needs. All that you need to bring to the table is some basic math skills (you can even get by without calculus if necessary). This is (was?) the workhorse textbook for virtually every first-year "real" physics course that I've ever seen. Heck, we used it in two first year courses, and three second year courses. It's a great book. When I did my physics degree (graduated 2000) I used this book clear through to my senior years as an overall reference. I used the 3rd edition, but I'm sure newer editions are just as good.
:)
It is clear, concise, complete, and easily available on the cheap. I'm very sure you could go to your local college or university and buy it in the used textbook store. Don't worry if it's five or ten years old -- first-year physics hasn't changed much in ten years
I can't give you a detailed comparison. I'll tell you what I've learned so far though.
First, some background. My education is physics and mathematics. My wife is a dentist. About two years ago, I attended a lecture by a visiting professor who was doing work building things like dental lasers -- the so-called sub-picosecond-pulse lasers. It was an excellent lecture and he really knew his stuff. Naturally, I came home all abuzz, and started talking to my wife about it.
It turns out that many dentists think the lasers may be cool and all, but they'll probably never use them for drilling out teeth. Cutting softer tissue, sure, but not drilling the actual tooth. She says that a huge part of the drilling process is feel. While you're drilling, you can feel when you're drilling softer, infected enamel and dentin versus hard, clean tooth. Taking that feel away would severely compromise her ability to be sure that she's drilled out all the decay, without drilling out too much of the tooth and possibly compromising its integrity or perforating into the pulp.
My wife has left for her office already, so I can't get her to comment directly. I'd love to hear from any other dentists, though. What do you think? Is feel really that important when you're drilling?
Nah, it's not like that. I'll get rid of the iBook just to get some cash back. Happily, Apple hardware seems to hold a fair bit of value. I'll easily get enough off of this to buy myself a really nice new tower loaded up with fast-but-cheap commodity hardware.
:)
Unless it's running Mac OS X, I don't really see much benefit in having the Apple hardware. I'm not really a power CPU user or anything like that, I don't care whether it's a G3 or a K6-II, as long as I have lots of ram and disk space
Yeah, this is the kind of thing I was used to dealing with on Linux and later FreeBSD, and it's the kind of thing that should not be necessary with a consumer-ready operating system. I mean, seriously, this is how it's supposed to "just work"? Please. This is the type of apologism that I simply will not tolerate. For Linux and FreeBSD: sure, that's part of the culture. But for Mac OS?
This has nothing to do with RTFM. These problems should NOT be happening in the first place. This isn't me not reading the manuals, this isn't me incorrectly installing software, and this isn't me messing around where I have no business messing around. This is me trying to use my computer precisely how I was told I would be able to use it. It doesn't work.
And no, incorrect file permissions wasn't the issue. After many years of professional Unix administration, I've learned that Unix problems are often as simple as permissions, so those are the first things I checked. As for the Directory Setup, that was something that I did long ago -- a tip from someone who was intimately acquainted with MacOS X. Yeah, it helped, but not enough.
I've been looking for solutions to each of my problems for weeks -- to no avail. Apple's support channels have no answers, and less formal channels can't come up with solutions either. I find it disturbing that I get better help from macosxhints.com than I do from Apple.
This is exactly why I maintain that 10.1.5 isn't done. I paid Apple for an operating system that works, and they haven't delivered yet. Now I know they never will (unless, of course, I fork over another CAN$195). I was happy to wait, knowing that eventually they'd fix the major bugs and let me do what I need to do with my computer. Now I find I was nothing more than a beta tester (and I had to pay for that privilege).
Yeah, the two and a half months warning is better than nothing, but by warning I'd like six months or a year. I expect my computer software to be good for at least a good year -- and since iTools was sold to me as part of the package, I'd be ok with the iTools shutdown if it was, say, the end of 2002.
About the 10.1.5... Well, I have had a lot of annoying little problems. My printer doesn't work -- and not only that, my Print Center program "unexpectedly quit"s every time I try to add a printer. Ugh. Then there's the unacceptable Finder sluggishness. And the odd tendency for my rebooting into OS 9 to put my system in a completely unusable state (as mentioned in another post) so that I have to boot manually from firmware. It works, and the features are there, but there are a lot of bugs. In my software development, I'd call it a late beta release (but definitely beta).
Honestly, I wouldn't mind a bit paying for the Jaguar upgrade. All those new pieces of software look cool. What bugs me is that I must buy it just to get the updates and bug fixes. M$ still updates '98 and Sun still releases patch clusters for Solaris 7. That's all I'm mad about -- that I won't get bug fixes and patches and stuff unless I fork over for 10.2. (and once again, I'll happily and profusely apologize if I am wrong and Apple does keep updating it).
What I think is "evil" and where I got "hooked" is that iTools and the updating of Mac OS X was sold to me as a feature -- a reason to buy Apple. I got used to it and I liked it. I don't necessarily expect it all to go forever, but I do think there should have been a lot more warning -- especially with iTools. Also, as I said in another post, I don't think 10.1.5 is finished enough to call it a "product". Admittedly, I will happily and profusely apologize if Apple continues to release bug fixes and updates to 10.1 even after 10.2 is released (just like M$ still releases '98 updates despite 2k and XP). I'm not too hopeful though.
So now that they've made some real advances on the OS, they're putting it with all this other glitzy stuff that, while interesting, isn't what I want. They bundle it all together and make me buy this glitz along with the unglamourous upgrades/bugfixes that I really want.
I still might buy it all, as I am quite locked in. In any case, I'll run Mac OS X for a bit. When I get all my data off, I'll try to sell this computer, and if I can't do that I'll try Darwin. I'm a FreeBSD guy at heart, so it wouldn't be much of a stretch.
They took away iTools, a selling feature. No, they didn't promise it forever, but I would have thought they'd give me a bit of warning. I'm certainly not the only one who is shocked and surprised by this move.
As for the continuous upgrades.. Well, I used to get that for Windows, back when I used it. I imagine M$ is probably still issuing patches and updates to '98. Will Apple do that for 10.1.5?
As for "self-contained" I mean "a complete product". For me, 10.1.5 works just well enough that I can get my day to day work done, with kludges -- about the same as Windows, actually.
But programs still crash, my System Prefs still hangs, my finder is painfully slow, occasionally everything locks up.... It's just not done. I was willing to put up with that, as I was under the (mistaken) impression that I was sold a work in progress, and that Apple would let me upgrade it when it was (reasonably) finished. I'm certainly not interested in unlimited free upgrades -- just the bonehead things. Like why is it that occasionally (twice in two months) when I try to reboot into OS 9, I completely lose my system folder settings, and have to boot manually from the firmware? And this was on 10.1.5. Show-stoppers like that aren't acceptable.
As I say, the deal is that I get a computer that works. I was willing to put up with it while they built it. Part of the deal was that I would run OS X, and pay fully for all of it, and then I would get a nice running system. I'm almost there... And just when I can see the end, and just when the OS seems finished.... They hit me with another bill to pay.
They devalued what I bought by taking away my iTools, and by not finishing my operating system. With Windows, I expect it to be buggy, but I also know that what I buy is what I get. With OS X, though, I was promised a system that just works, and upgrades until they get it right. It's not right yet, but they want me to pay more.
Yeah, I was naive. But, I won't make that mistake again. I'm going back to FreeBSD.
When I was sold an iBook, part of the package was "free access to iTools" and "free updates as they become available". Nothing there said it was temporary -- only good until they decide to charge for it.
When I was sold an iBook, I was given three coupons for free upgrades to the operating system. Part of my concern was that it is a young operating system. I was repeatedly reassured that these coupons were my ticket for free upgrades. Maybe I'd have to pay $19.99 for media and shipping, but essentially free. "Fair enough," I thought.
And, "nominal fee" ?? Is this a joke? How can you seriously consider over a hundred bucks nominal? $19.99 to cover shipping and handling of a cd package is a "nominal fee". I was happy to pay that.
Mac OS X 10.1.5 is not self-contained. The operating system is not complete and fully stable. It works fairly well, but it has a lot of polish left (eg my "supported" printer *still* doesn't work properly, and I get some odd performance issues). But, while 10.1.5 may not be self-contained, 10.1.5 with a commitment to upgrades as they become available is self contained. This is what I have lost.
People keep telling me "But this isn't just bug fixes!! It's upgrades and new software!!" Guess what? I don't want that. All I want is to have everything working properly on my system. I don't CARE about all these new products, and I'd be happy to buy them if I did.
What I object to is that Apple changed their deal with me after I committed. No, it wasn't a legal deal, and there was no contract. I was sold on the idea that Apple takes care of its customers, and that everything "just works" and that there are "no surprises". I took their word for it on a handshake alone. Naive? Maybe. But I'm not saying I'm gonna try to sue them. I'm just getting out.
I just thought apple would be different.
Yeah, that's exactly it. You completely lose the email and everything if you don't pay the $100. I think I might buy my own domain name and just use that for my email address. That way I am a lot more flexible and I probably won't ever have to give it up. I'll have to pay for it, but at least it'll be mine then.
:)
Ah well.
Nah, I'll still buy it to use while I figure out how I get off my Mac. Plus I suppose it'll help my resale value when I sell this thing as soon as I get the exit strategy worked out. At least macs retain some kind of value after six months or a year.
Now I know, however, how they have decided to operate. I won't get myself further locked into their systems and software. I won't convert my scheduling and contact info into iCal and iSync unless I know exactly how to get it all OUT again very easily, for example.
In the future, I'll stick to cheaper and lower quality commodity hardware and FreeBSD -- at least I know what I'm paying for, and I don't get strong-armed into forking over hundreds of dollars whenever FreeBSD decides it needs to improve its cash flow (even if they do give me extra toys for it, and even if the "value" is more than I'm paying. If I wanted it, I'd buy it myself). Yeah, I'm giving up an excellent operating system, but it just isn't worth it any more.
Well, I do need to pay for .Mac, because it would cost me a lot of time and effort to switch away from my @mac.com email address -- friends, family, mailing lists, everything is structured around my mac.com address. I also use my homepage.mac.com website a fair bit too. The main thing, however, is the use of the email address.
See, when I bought my iBook (two short months ago), it was Unix that brought me to the store. Then I found the laptop -- the 12" 20GB one -- and I loved its small size (I hate big notebooks). Then I started using it, and got fully hooked by the bundled apps. When I bought it, it was all "self-contained". I didn't need to go out and buy *anything*, which is the only reason I could justify spending CAN$2500 on the "budget" notebook.
I spent a large chunk of money, and quite a bit of time, getting into this laptop. Now I find that I have to fork over CAN$350 to stay current on the operating system (which *is* still developing, and does have annoyances) and to keep my email address. The alternative is that I try to switch off the email address, and my laptop languishes in its current OS revision.
I -will- fork it over, but only to buy me an extra year to find my exit strategy. Hopefully by then, FreeBSD will support my digital camera and have decent software for it (and I can barely type that without giggling madly).
Even with the wonderful interface, cool hardware, and interesting approach to computing, Apple was cutting my "value" judgement very thinly. By piling another CAN$350 onto the bill, they've pushed me over the line. It is a great operating system, on very cool hardware, but to me it just isn't worth what they want me to pay for it. The reason I'm bitter is that they've made me discover that after I started paying for it.