"There *is* a reason for speed limits, and there *is* a reason to enforce them!"
Yes, to get more money. Safety doesn't come into it (you can't legislate for stupidity). Just like when I look at excessive amounts of traffic lights, speed-reducing measures and the like, I don't see any attempt to improve traffic flow, I see measures to slow us all down.
There are at least two reasons for being able to go over the limit:
1) the limit is bogus. We all know that when you see a sign saying "max speed 30" you can take the corner at 40 with impunity.
2) you need to be able to go over the limit in order to get out of messy situations. Otherwise, quite simply, you'll have everyone sitting at 38mph in front of you and won't be able to overtake to do 40 - and why the heck should I settle for them imposing their slowness on me? (For the yanks reading, the UK is full of roads where you need a good clear 10mph over folks to overtake before something comes round the next corner.)
I think the government would be *much* better off dedicating its time to making traffic flow a more fluid affair than trying to make a quick buck and endangering more folks. ~Tim
-- .|` Clouds cross the black moonlight,
I don't think "most linux boxes" is a valid count. Years ago I was arguing the toss over making linux a desktop OS and, in particular, letting hordes of wailing newbies loose at it and the degenerate GUI-dependence that'll ensue.
As far as I'm concerned, "most linux boxes" is a concept from that arena, and they can all go to pot.
Datapoint: of my 4 main linux boxes, 1 dual-boots into the dark side of the Force, and that's all. And with better support for the Psion 5mx in the open-source world, I'd be 100% M$loth-Free.
MacOS on PPC won't let you do that, of course; but then we're not talking MacOS here, we're talking MacOS-X or Linux/PPC. If you can run MOL, you can run MacOS 9 on linux, you can run the Windoze emulator in MOL, you can run windoze on your powerbook. That's the theory, anyway: why I've not done it is plain simple, I can't be arsed and don't have any need, but don't let that stop you. ~Tim
-- .|` Clouds cross the black moonlight,
I can see why you say that, but I'd personally hesitate over calling it `good', rather than `not quite as bad as it could be'.
In the example given, the solution is more likely to make life faster so you can dump the whole frame down to people, or guarantee that they won't drop a packet in time. Kill the problem at source, don't work around it.
Ever wondered how ssh and gpg manage to be secure if the sources are available, the private key passphrase and data gets stored in memory? ~Tim
-- .|` Clouds cross the black moonlight,
"Advertising just needs to look at the model used in television, you don't just see adverts for other TV channels - this is purely the internet method. No, you see advertisments for washing powers, cloths, consumables, household objects. Real stuff that you can touch and feel."
Agreed, on both points you're making: the 'Net is currently very self-referencing, and when you get there, it's all air-head trivia. I believe the correct term is `e-commerce'.
"Until the internet reaches this level of advertising, it'll still be an immature media."
`Medium', singluar, HTH.
But otherwise, you're right. Of course it's immature. It's all too entertainment-biassed as well; and you look at the UK government implementing the RIP B[iu]ll and wonder, what is their definition of `e-commerce' that they think it's protecting? ~Tim
-- .|` Clouds cross the black moonlight,
"Worse, if you are a consulting firm basing your assessment services on these products, you better have some system in place to cover for their shortcomings, as these products don't cut it."
Er, yeah? A security consulting firm that uses only a few of these as anything more than a starting-point for further hole-research and criticism is doing nothing that I couldn't do myself, and will not seen on my Pigsty. When I consult, I expect to give proper service, and if I get consultants in, I expect perfection.
"Because all the products failed to identify key vulnerabilities, none of them received our Editor's Choice award."
If a company relies on an Editor's Choice Award to distinguish good from mediocre from bad, it has altogether too many other problems...! ~Tim
-- .|` Clouds cross the black moonlight,
Er, since when? Don't forget we now have the RIP bill, which means there can never be a Verisign in the UK. Er, yeah, gee thanks for that, especially for trying to pull the wool over our eyes with "it'll protect e-commerce".
Me, I want Scotland to get a complete sense of independence; at least there's decent scenery there. ~Tim
-- .|` Clouds cross the black moonlight,
"And there comes a point where too much security slows down the system. Hey, yeah, we could go to 4096-bit encryption, but what's the point? "
Go? I'm already there for the more secure stuff...;)
It all boils down to the concept of an `identity'. There is the identity that pays my enormous phone bills, one that writes this here and now, one that drives the car, another one that exists on my driving license, and a few GPG/PGP identities as well. Tying them all together into one is possible, but legally necessary. I think that's where the problem lies. ~Tim
-- .|` Clouds cross the black moonlight,
You should always double-check identity for yourself instead of taking someone's word for it. Anyone can ask Thawte or Verisign for a certificate; the money does not by security of identity for later transactions, unless you're a very gullible PHB, basically.
Oops, there goes "e-commerce", oh well.
This applies even more so to SSH, where you really must check the server's fingerprint before connecting. If that means phoning up the sysadmin remotely to confirm it, go ahead. ~Tim
-- .|` Clouds cross the black moonlight,
But the article doesn't say anything new at all. I've long-since known about the possibility of interception, and when it comes to signed documents, the presence of a digital signature on a document, even one that matches someone else's signature, does not mean that that person wrote that document. (It means there exists at least one person out there who knows the private key password for that identity and/or chose to apply it to the document; if you go around signing things you didn't even write yourself willy-nilly, the whole concept loses any strength it had.)
Again, this is a luser-space problem. There is no security vulnerability in ssh that's been discovered, this is an "if you abuse it you'll lose it" article. Well woopie-doo. ~Tim
-- .|` Clouds cross the black moonlight,
I think if you want to get hung up on calling things "Debian GNU/Linux" then you will be correct; you're only likely to offend others when they expect correctness and you don't give it.
Maybe the GNU bit goes hand in hand with it being a port of Debian (versions of GNU s/ware packaged the Debian way) with a Hurd kernel. ~Tim
-- .|` Clouds cross the black moonlight,
Quite so. HTML4.x is dead easy to produce - especially if you've got a decent editor like Xemacs with its psgml mode - a simple right-click in the document will show you only the tags that the DTD says are valid in the current context. What could be nicer? ~Tim
-- .|` Clouds cross the black moonlight,
You're saying it's relative, like an expectation<->frustration relationship? ("Just reduce your expectations, no more frustration";)
That makes sense, I like it.
What I want to know is, why should we bother? Let nature happen, let mankind pollute, see what happens. ~Tim
-- .|` Clouds cross the black moonlight,
Simple. Find their MD's and postmaster's email addresses, and set up a procmail rule to forward it all, automatically, straight back to them. Worked for me with the Harris Poll pillocks, anyway;) ~Tim
-- .|` Clouds cross the black moonlight,
Ah, you noticed. UUnet have the beginnings of a history of being crap.
I report Usenet spams from UUnet more often than not; all I get back is unrelated automated crap from them, with no personal followup later - ever. UUnet ought to have their plug pulled until they wise up.
(General point: go easy on spamcop, btw. Speaking as a sysadmin at a site that occasionally sends out bulk mails, it *is* still the case that bulk mail is not unsolicited, ie reporting us to spamcop.net just because you can't be arsed unsubscribing will not endear you.) ~Tim
-- .|` Clouds cross the black moonlight,
Sure, yeah, you're only one amongst many other merkins, but don't you get the option to spoil the ballot paper? Send in a mouldy hamster instead, do something creative?
You're just a lazy ass like me, otherwise;p ~Tim
-- .|` Clouds cross the black moonlight,
Huh? Moron, look, read the flipping headline: " "IBM has released the source code to AFS for AIX 4.2, Digital/Compaq UNIX 4.0, Red Hat Linux 6.2, Solaris 2.6 and 2.7, and Windows NT 4.0. "
Obviously, IBM have offices in St Petersburg, yeah? ~Tim
-- .|` Clouds cross the black moonlight,
> I'm a Linux user in all, but if MS fall I want
> them to fall the right way and no other
Precisely, couldn't agree more. Let them hang themselves, rather than someone coming along assassinating them.
(Mind you, if it can be shown to have been an M$ product that was cracked, I'd feel justified in saying they had hung themselves:)
> It's Illegal all I have to say about it...
Well, there might be that.
I think it's more to the point that you'd be breaking the license agreement by so doing, myself; laws come and go and we've got a shed-load of stupid ones doing the rounds just to prove the point, but settle for "right" and "wrong" instead. If you're doing what the license at the top of the source file says you shouldn't, you're doing the Wrong Thing(TM). ~Tim
-- .|` Clouds cross the black moonlight,
Slashdot Mirror
"There *is* a reason for speed limits, and there *is* a reason to enforce them!"
.|` Clouds cross the black moonlight,
Yes, to get more money. Safety doesn't come into it (you can't legislate for stupidity). Just like when I look at excessive amounts of traffic lights, speed-reducing measures and the like, I don't see any attempt to improve traffic flow, I see measures to slow us all down.
There are at least two reasons for being able to go over the limit:
1) the limit is bogus. We all know that when you see a sign saying "max speed 30" you can take the corner at 40 with impunity.
2) you need to be able to go over the limit in order to get out of messy situations. Otherwise, quite simply, you'll have everyone sitting at 38mph in front of you and won't be able to overtake to do 40 - and why the heck should I settle for them imposing their slowness on me? (For the yanks reading, the UK is full of roads where you need a good clear 10mph over folks to overtake before something comes round the next corner.)
I think the government would be *much* better off dedicating its time to making traffic flow a more fluid affair than trying to make a quick buck and endangering more folks.
~Tim
--
Bit dubious.
.|` Clouds cross the black moonlight,
I don't think "most linux boxes" is a valid count. Years ago I was arguing the toss over making linux a desktop OS and, in particular, letting hordes of wailing newbies loose at it and the degenerate GUI-dependence that'll ensue.
As far as I'm concerned, "most linux boxes" is a concept from that arena, and they can all go to pot.
Datapoint: of my 4 main linux boxes, 1 dual-boots into the dark side of the Force, and that's all. And with better support for the Psion 5mx in the open-source world, I'd be 100% M$loth-Free.
MacOS on PPC won't let you do that, of course; but then we're not talking MacOS here, we're talking MacOS-X or Linux/PPC. If you can run MOL, you can run MacOS 9 on linux, you can run the Windoze emulator in MOL, you can run windoze on your powerbook. That's the theory, anyway: why I've not done it is plain simple, I can't be arsed and don't have any need, but don't let that stop you.
~Tim
--
I can see why you say that, but I'd personally hesitate over calling it `good', rather than `not quite as bad as it could be'.
.|` Clouds cross the black moonlight,
In the example given, the solution is more likely to make life faster so you can dump the whole frame down to people, or guarantee that they won't drop a packet in time. Kill the problem at source, don't work around it.
Ever wondered how ssh and gpg manage to be secure if the sources are available, the private key passphrase and data gets stored in memory?
~Tim
--
"Advertising just needs to look at the model used in television, you don't just see adverts for other TV channels - this is purely the internet method. No, you see advertisments for washing powers, cloths, consumables, household objects. Real stuff that you can touch and feel."
.|` Clouds cross the black moonlight,
Agreed, on both points you're making: the 'Net is currently very self-referencing, and when you get there, it's all air-head trivia. I believe the correct term is `e-commerce'.
"Until the internet reaches this level of advertising, it'll still be an immature media."
`Medium', singluar, HTH.
But otherwise, you're right. Of course it's immature. It's all too entertainment-biassed as well; and you look at the UK government implementing the RIP B[iu]ll and wonder, what is their definition of `e-commerce' that they think it's protecting?
~Tim
--
You have a very unrealistic, unhelpful and unnecessarily cynical attitude brought on by reading too much Dilbert.
.|` Clouds cross the black moonlight,
Don't bother waking me when you've grown up.
~Tim
--
"Worse, if you are a consulting firm basing your assessment services on these products, you better have some system in place to cover for their shortcomings, as these products don't cut it."
.|` Clouds cross the black moonlight,
Er, yeah? A security consulting firm that uses only a few of these as anything more than a starting-point for further hole-research and criticism is doing nothing that I couldn't do myself, and will not seen on my Pigsty. When I consult, I expect to give proper service, and if I get consultants in, I expect perfection.
"Because all the products failed to identify key vulnerabilities, none of them received our Editor's Choice award."
If a company relies on an Editor's Choice Award to distinguish good from mediocre from bad, it has altogether too many other problems...!
~Tim
--
"the government here are OK "
.|` Clouds cross the black moonlight,
Er, since when? Don't forget we now have the RIP bill, which means there can never be a Verisign in the UK. Er, yeah, gee thanks for that, especially for trying to pull the wool over our eyes with "it'll protect e-commerce".
Me, I want Scotland to get a complete sense of independence; at least there's decent scenery there.
~Tim
--
"And there comes a point where too much security slows down the system. Hey, yeah, we could go to 4096-bit encryption, but what's the point? "
;)
.|` Clouds cross the black moonlight,
Go? I'm already there for the more secure stuff...
It all boils down to the concept of an `identity'. There is the identity that pays my enormous phone bills, one that writes this here and now, one that drives the car, another one that exists on my driving license, and a few GPG/PGP identities as well. Tying them all together into one is possible, but legally necessary. I think that's where the problem lies.
~Tim
--
And I forgot to carry on ranting... ;)
.|` Clouds cross the black moonlight,
You should always double-check identity for yourself instead of taking someone's word for it. Anyone can ask Thawte or Verisign for a certificate; the money does not by security of identity for later transactions, unless you're a very gullible PHB, basically.
Oops, there goes "e-commerce", oh well.
This applies even more so to SSH, where you really must check the server's fingerprint before connecting. If that means phoning up the sysadmin remotely to confirm it, go ahead.
~Tim
--
"In the end nothing is 100% secure... "
.|` Clouds cross the black moonlight,
Of course. I knew that.
But the article doesn't say anything new at all. I've long-since known about the possibility of interception, and when it comes to signed documents, the presence of a digital signature on a document, even one that matches someone else's signature, does not mean that that person wrote that document. (It means there exists at least one person out there who knows the private key password for that identity and/or chose to apply it to the document; if you go around signing things you didn't even write yourself willy-nilly, the whole concept loses any strength it had.)
Again, this is a luser-space problem. There is no security vulnerability in ssh that's been discovered, this is an "if you abuse it you'll lose it" article. Well woopie-doo.
~Tim
--
In that case, maybe it is a good comparison. Note that the chap got the two the wrong way round ;)
.|` Clouds cross the black moonlight,
~Tim
--
I think if you want to get hung up on calling things "Debian GNU/Linux" then you will be correct; you're only likely to offend others when they expect correctness and you don't give it.
.|` Clouds cross the black moonlight,
Maybe the GNU bit goes hand in hand with it being a port of Debian (versions of GNU s/ware packaged the Debian way) with a Hurd kernel.
~Tim
--
Hey, if I wanted that, I'd leave the computer screen behind! ;)
.|` Clouds cross the black moonlight,
(Besides, I don't get any UV off an LCD, do I?)
~Tim
--
Quite so. HTML4.x is dead easy to produce - especially if you've got a decent editor like Xemacs with its psgml mode - a simple right-click in the document will show you only the tags that the DTD says are valid in the current context. What could be nicer?
.|` Clouds cross the black moonlight,
~Tim
--
You're saying it's relative, like an expectation<->frustration relationship? ("Just reduce your expectations, no more frustration" ;)
.|` Clouds cross the black moonlight,
That makes sense, I like it.
What I want to know is, why should we bother? Let nature happen, let mankind pollute, see what happens.
~Tim
--
"Scalability. I want to be able to treat a set of packages as a single unit."
.|` Clouds cross the black moonlight,
apt-get install task-python-dev
"source access. "
apt-get -b source foo
"Source Format."
Note that apt-get source uses 3 files:
xemacs21-gtk_20001018-1.diff.gz
xemacs21-gtk_20001018-1.dsc
xemacs21-gtk_20001018.orig.tar.gz
or whatever.
"Source code references."
I don't know how this is possible in general terms. But doesn't MD5sum help?
~Tim
--
How close is this to the funky glasses in _SnowCrash_, though?
.|` Clouds cross the black moonlight,
~Tim
--
And why exactly is "fractal compression" so much better than wavelet-based?
.|` Clouds cross the black moonlight,
~Tim
--
Simple. Find their MD's and postmaster's email addresses, and set up a procmail rule to forward it all, automatically, straight back to them. Worked for me with the Harris Poll pillocks, anyway ;)
.|` Clouds cross the black moonlight,
~Tim
--
Ah, you noticed. UUnet have the beginnings of a history of being crap.
.|` Clouds cross the black moonlight,
I report Usenet spams from UUnet more often than not; all I get back is unrelated automated crap from them, with no personal followup later - ever. UUnet ought to have their plug pulled until they wise up.
(General point: go easy on spamcop, btw. Speaking as a sysadmin at a site that occasionally sends out bulk mails, it *is* still the case that bulk mail is not unsolicited, ie reporting us to spamcop.net just because you can't be arsed unsubscribing will not endear you.)
~Tim
--
Sure, yeah, you're only one amongst many other merkins, but don't you get the option to spoil the ballot paper? Send in a mouldy hamster instead, do something creative?
;p
.|` Clouds cross the black moonlight,
You're just a lazy ass like me, otherwise
~Tim
--
"Do they support Open Source or not? "
.|` Clouds cross the black moonlight,
Huh? Moron, look, read the flipping headline: " "IBM has released the source code to AFS for AIX 4.2, Digital/Compaq UNIX 4.0, Red Hat Linux 6.2, Solaris 2.6 and 2.7, and Windows NT 4.0. "
Obviously, IBM have offices in St Petersburg, yeah?
~Tim
--
For flip's sake, wake up and smell the coffee, get a sense of humour!!
.|` Clouds cross the black moonlight,
~Tim
--
MS SQL Server: connects fast, goes downhill from then onwards.
;8^)
.|` Clouds cross the black moonlight,
Oracle: doesn't connect, stays that good from then onwards.
So sue me, M$loth - I've let the cat out of the bag now...
~Tim
--
> I'm a Linux user in all, but if MS fall I want
:)
.|` Clouds cross the black moonlight,
> them to fall the right way and no other
Precisely, couldn't agree more. Let them hang themselves, rather than someone coming along assassinating them.
(Mind you, if it can be shown to have been an M$ product that was cracked, I'd feel justified in saying they had hung themselves
> It's Illegal all I have to say about it...
Well, there might be that.
I think it's more to the point that you'd be breaking the license agreement by so doing, myself; laws come and go and we've got a shed-load of stupid ones doing the rounds just to prove the point, but settle for "right" and "wrong" instead. If you're doing what the license at the top of the source file says you shouldn't, you're doing the Wrong Thing(TM).
~Tim
--