(like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere)
Interesting, but... There's a distinction between operating a receiver and operating a transmitter (and yes I know, receivers DO transmit;) You don't need an operator's license to use the US Postal Service (OK, well kinda, sorta)
the users who are keeping malware authors in business are total noobs Except, if you follow the line of reasoning you have started on, you discover that they are the smart ones. The computer is useful if they get something useful out of it. More than they put into it. Just like growing stuff in a garden, there are a few things you care about, and almost everything that is going on, you are blissfully unaware of. You can grow stuff, and live off of it, without understanding all the biochemistry and ecology that has to be going on.
The problem is that the white hats think they can control everything and make everything safe. The computer is useful if it does SOMETHING useful. Useful enough. The computer does not have to do everything or everything well. Seems like one critical part of smarts is knowing the limitations of the smarts you have.
The users cannot be trusted, so the OS needs to make it impossible to do something stupid.
Hogwash. A few years of this approach and compromised computers are going for five cents each. (Must be big money in (lots of) very cheap computers)
Trying to make it impossible to do something stupid actually works like this. The apparent burden is shifted from the user (who probably has priorities not easily guessed correctly by the OS) to the OS which can handle a very few cases, and those rather poorly.
"Are you sure?" Sure of what? If the OS asks that general a question (to determine whether to proceed or not), this assumes that the user is competent enough to divine the context in which the question occurs as well as somehow knowing the correct answer. All of this WITHOUT any clue from the OS as to what is going on. ?? This is the OS that is going to make it impossible to do something stupid ??
There are things that can be done to somewhat de-booby-trap the system, and these are useful and should be done. They make things a bit safer. They cannot make things safe. When you get enough accidents, you do things to as cheaply and easily as possible prevent those kinds of accidents from repeating readily.
Methinks that assorted attempts to make whatever safe are never really going to work.
Main advantage of email is that it allows reasonable contact rather than playing phone-tag or such. No reason not to have attachments.
The email CLAIMS to be from so-and-so. The email CLAIMS to have an attachment title whatever.
What is wrong is: First) Hiding filename extensions. This should not even be an option. Certainly not the default. Second) Hiding the equivalent of postmarks. (Yeah I know, right-click and Options to view the internet headers.) Third) Insisting on showing nicknames instead of email addresses. There's gotta be a lot of fun to be had in scrambling nicknames and the thingee named.
"Don't open attachements from strangers" You expect to get email only from people claiming to be strangers? Look, If I'm gonna send out something bad, I'm gonna put YOUR name on it, not mine.
If my understanding is correct, parodies, especially disrespectful parodies, are very well protected from problems with copyright infringement. Any strange "modern" art (Is it still called that?) just has to be an open invitation to all sorts of vile parody.
Miro, Miro on the wall, who's the dumbest paint of all?
The root word is lever and the basic idea is that you use something under your control to effect control over what would normally be outside your control. Like a very long handle on a pipe wrench.
The money aspect you refer to has to do with debt financing whereby you manage to use your equity to finance something larger than your equity. I don't think the article is referring to corporate finance.
In a perfect world you would use a few people who would recognize and fix the bugs. These people would never talk to the users. They would have no need to and neither would gain from the experience. In the world that I exist in, users are the ones who spot the bugs, specifically the circumstances under which the bugs exhibit themselves. I use my user's eyes to leverage {user's eyes, my skills}.
If all you mean is "improve", you would not use a word which essentially demands a discrepancy in the metrics between cause and effect.
b. To supplement (money, for example) with leverage. If you add money to an account because of a margin call, does this increase or decrease your leverage? That is a horrible excuse for a definition.
Look at it this way. He is good enough to get away with saying and doing EXACTLY what he pleases. Neither you nor I could even consider doing that and surviving. He would be much richer if he were pleasant and produced insecure code.
It's like a homeless guy with a puppy and a knife at the puppy's throat. "I'm HUNGRY. Give me money, or the puppy will DIE!".
The homeless guy has a source of food, the puppy. And some peoples do eat dogs for food.
OpenSSH is not really a different business entity. To a slight degree, the OpenSSH that is not integral to OpenBSD, which is done separately and after the development of OpenSSH as an integral part of OpenBSD, is a bit separated and as such the OpenSSH that you are using could be dropped from the OpenBSD repetoire without any damage to OpenSSH on OpenBSD.
You can of course port OpenSSH from OpenBSD, but be aware that there are changes every 6 months to the released stuff and probably some tight integration between the parts of the OpenBSD system, OpenSSH included.
Methinks the dichotomy is not all that false. If OpenBSD has to cut back, one of the places is the extra cost of exporting OpenSSH to a form which is usable outside of OpenBSD. At least it needs to be compilable and not dependent on system features which are only available in OpenBSD.
The thing is that OpenSSH came into existence only because of the attitude of OpenBSD. OpenSSH is one thing that has come out of OpenBSD of which you are aware. OpenSSH will almost certainly keep on even if OpenBSD does not.
However, if security matters to you, even if there is a remote chance that it might matter to you, it is rather short-sighted to not care about OpenBSD. You can try to play catch-up -- which doesn't really work -- Is a default installation of Microsoft Windows safer now than it was five years ago? -- Hmmm, why not?
There is an objective metric for system security. That is the going rate for compromised machines. Last I heard, there was big bucks in five-cent compromised machines. And that is the best that Microsoft can do.
It's the image of an unarmed student facing down a tank that sticks in our consciousness. Like the slow-speed police chase of OJ Simpson. The live broadcast somehow makes the thing a defining moment. Massacres have always gone on all the time. and are news, but hardly momentous.
Just watch the next dozsen failed projects around your work and try figure out why they failed. ( or considered failures anyway )
I know there are various mechanisms for snatching defeat from the jaws of victory, but why would I want to? It does me no good to be surrounded by failed projects.
I know the limits of my knowledge, but I hate dealing with people who don't.
This is nitpicking sniping but: 1) You know the limits of your knowledge. Incredible. The limits of your knowledge is the boundary between what you know and what you do not know. Placing that boundary requires knowledge that you by definition do not have. Semantic trickery, but has the essentials of a paradox in that there is something fundamentally wrong with the basis your reasoning is coming from.
2) You hate dealing with people who don't. 2a) don't know the limits of your knowledge. 2b) don't know the limits of their own knowledge. There is a difference.
Being smarter than the average (genius+) and working for the clueless and/or stupid is frustrating.
This one always amazes me. You have certain priorities and bases for judgements. You seem to be objecting because other people are basing their decisions on their own priorities and bases rather than on your own (bviously superior (to you)) priorities and bases.
Seems like the ability to buffer print jobs way back in the old days of DOS. Reverse engineering brought about the mess of TSRs.
Rather deceptive message if Windows (3.2?) was loaded on top of DR DOS.
There is a rather thick book of PC interrupts. Microsoft is hardly the only one using undocuments system features.
I would be extremely surprised if with windows, everything used was documented and documented correctly and that documentation was accessible externally.
Flaws in Microsoft products have no greater danger than equivalent flaws in any other Windows application.
They should have no greater danger. They do have no greater danger is a much different statement, and is almost certainly false.
Do you really think some Microsoft munchkin will resist the opportunity to use some specialized knowledge or hook into the system to make him or herself look better to his or her supervisors? Third party software tends to be a wee bit more paranoid about having the rug pulled out from under them, so the scope of what an exploit would be able to do tends to be rather smaller.
Any DLL shared between Microsof apps that is not know/used by third-party apps is a refutation of your argument.
It's kinda like there are treen in the Black Forest. I have no idea what kind(s) or how they are spaced, etc.
No progress. The going rate for a compromised machine went DOWN.
Now Microsoft has done some stuff that looks like they are trying. That is not at all the same thing as succeeding.
Since the default is still to hide file extensions, the assumption has to be that Microsoft does not actually care about anything resembling actual security.
but for a large group the mean and the median is almost identical.
Actually no.
Group 1. variable x Group 2. variable is x^2
Both groups are exactly the same size.
If one group is normal, the other is not.
You may be confusing a large group with the sum of a large number of distributions. The sum of a large number of distributions (which need not be at all normal) goes to a normal distribution as the number of distributions in the family goes to infinity. It is the infinite tail of the family that is normal, not the front end that has the distributions of interest.
Normal distributions are well understood and readily calculated. Most studies assume the distribution is normal because they do not know how to calculate anything else, and in many ways a normal distribution is a "safe" choice.
Now you know why lots of us just read the comments. If there's anything interesting or useful that should have been in the article, it's probably in the comments. If the article is actually worth reading, that too is probably in the comments.
But maybe the conservqatives fear that their fragile ecosystem of importance, references and reviews would all fall down when the web equalises it. Suddenly bright young studends will have as much esteem as a good-for-nothing professor
That and all the stupid young students will have as much esteem as the wise old professors.
Slashdot Mirror
(like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere)
Interesting, but...
There's a distinction between operating a receiver and operating a transmitter (and yes I know, receivers DO transmit;)
You don't need an operator's license to use the US Postal Service (OK, well kinda, sorta)
the users who are keeping malware authors in business are total noobs
Except, if you follow the line of reasoning you have started on, you discover that they are the smart ones.
The computer is useful if they get something useful out of it. More than they put into it. Just like growing stuff in a garden, there are a few things you care about, and almost everything that is going on, you are blissfully unaware of. You can grow stuff, and live off of it, without understanding all the biochemistry and ecology that has to be going on.
The problem is that the white hats think they can control everything and make everything safe.
The computer is useful if it does SOMETHING useful. Useful enough. The computer does not have to do everything or everything well.
Seems like one critical part of smarts is knowing the limitations of the smarts you have.
The users cannot be trusted, so the OS needs to make it impossible to do something stupid.
Hogwash.
A few years of this approach and compromised computers are going for five cents each. (Must be big money in (lots of) very cheap computers)
Trying to make it impossible to do something stupid actually works like this. The apparent burden is shifted from the user (who probably has priorities not easily guessed correctly by the OS) to the OS which can handle a very few cases, and those rather poorly.
"Are you sure?" Sure of what? If the OS asks that general a question (to determine whether to proceed or not), this assumes that the user is competent enough to divine the context in which the question occurs as well as somehow knowing the correct answer. All of this WITHOUT any clue from the OS as to what is going on.
?? This is the OS that is going to make it impossible to do something stupid ??
There are things that can be done to somewhat de-booby-trap the system, and these are useful and should be done. They make things a bit safer. They cannot make things safe. When you get enough accidents, you do things to as cheaply and easily as possible prevent those kinds of accidents from repeating readily.
Why are reactionary IT fuckwits always trying to fix what isn't broken?
1)It gives them a sense of accomplishment.
2)They do not have a clue what they're doing.
3)They are incompetent and want to feel in control.
You didn't really think that what makes for PHBs was restricted to just management, did you?
Methinks that assorted attempts to make whatever safe are never really going to work.
Main advantage of email is that it allows reasonable contact rather than playing phone-tag or such.
No reason not to have attachments.
The email CLAIMS to be from so-and-so.
The email CLAIMS to have an attachment title whatever.
What is wrong is:
First) Hiding filename extensions. This should not even be an option. Certainly not the default.
Second) Hiding the equivalent of postmarks.
(Yeah I know, right-click and Options to view the internet headers.)
Third) Insisting on showing nicknames instead of email addresses. There's gotta be a lot of fun to be had in scrambling nicknames and the thingee named.
"Don't open attachements from strangers"
You expect to get email only from people claiming to be strangers? Look, If I'm gonna send out something bad, I'm gonna put YOUR name on it, not mine.
If my understanding is correct, parodies, especially disrespectful parodies, are very well protected from problems with copyright infringement.
Any strange "modern" art (Is it still called that?) just has to be an open invitation to all sorts of vile parody.
Miro, Miro on the wall,
who's the dumbest paint of all?
Try the video BIOS.
Should be lots and lots of room for stuff in rather non-obvious places.
The root word is lever and the basic idea is that you use something under your control to effect control over what would normally be outside your control. Like a very long handle on a pipe wrench.
The money aspect you refer to has to do with debt financing whereby you manage to use your equity to finance something larger than your equity. I don't think the article is referring to corporate finance.
In a perfect world you would use a few people who would recognize and fix the bugs. These people would never talk to the users. They would have no need to and neither would gain from the experience.
In the world that I exist in, users are the ones who spot the bugs, specifically the circumstances under which the bugs exhibit themselves. I use my user's eyes to leverage {user's eyes, my skills}.
If all you mean is "improve", you would not use a word which essentially demands a discrepancy in the metrics between cause and effect.
b. To supplement (money, for example) with leverage.
If you add money to an account because of a margin call, does this increase or decrease your leverage? That is a horrible excuse for a definition.
Look at it this way. He is good enough to get away with saying and doing EXACTLY what he pleases. Neither you nor I could even consider doing that and surviving.
He would be much richer if he were pleasant and produced insecure code.
The problem is that what makes OpenBSD so necessary to everybody else is strongly related to the fact that their primary interest is NOT fundraising.
This kind (calibre) of stuff comes about only because.
1) They can.
2) It's there.
What the OpenBSD developers have is their own OS, done to their own priorities and whims. You cannot buy that. Nobody can.
It's like a homeless guy with a puppy and a knife at the puppy's throat. "I'm HUNGRY. Give me money, or the puppy will DIE!".
The homeless guy has a source of food, the puppy. And some peoples do eat dogs for food.
OpenSSH is not really a different business entity. To a slight degree, the OpenSSH that is not integral to OpenBSD, which is done separately and after the development of OpenSSH as an integral part of OpenBSD, is a bit separated and as such the OpenSSH that you are using could be dropped from the OpenBSD repetoire without any damage to OpenSSH on OpenBSD.
You can of course port OpenSSH from OpenBSD, but be aware that there are changes every 6 months to the released stuff and probably some tight integration between the parts of the OpenBSD system, OpenSSH included.
Methinks the dichotomy is not all that false.
If OpenBSD has to cut back, one of the places is the extra cost of exporting OpenSSH to a form which is usable outside of OpenBSD. At least it needs to be compilable and not dependent on system features which are only available in OpenBSD.
The thing is that OpenSSH came into existence only because of the attitude of OpenBSD. OpenSSH is one thing that has come out of OpenBSD of which you are aware. OpenSSH will almost certainly keep on even if OpenBSD does not.
However, if security matters to you, even if there is a remote chance that it might matter to you, it is rather short-sighted to not care about OpenBSD. You can try to play catch-up -- which doesn't really work -- Is a default installation of Microsoft Windows safer now than it was five years ago? -- Hmmm, why not?
There is an objective metric for system security.
That is the going rate for compromised machines.
Last I heard, there was big bucks in five-cent compromised machines.
And that is the best that Microsoft can do.
quite the opposite of what any government in its right mind would teach you.
The subtle ways in which language influences our thinking.
There is a certain amount of emotional baggage that goes along with the terminology.
The question is if anarchy is or can be peaceful and productive.
The OED definition doesn't quite say impossible, but it gives a pretty strong hint.
It's the image of an unarmed student facing down a tank that sticks in our consciousness. Like the slow-speed police chase of OJ Simpson. The live broadcast somehow makes the thing a defining moment. Massacres have always gone on all the time. and are news, but hardly momentous.
Just watch the next dozsen failed projects around your work and try figure out why they failed. ( or considered failures anyway )
I know there are various mechanisms for snatching defeat from the jaws of victory, but why would I want to? It does me no good to be surrounded by failed projects.
I know the limits of my knowledge, but I hate dealing with people who don't.
This is nitpicking sniping but:
1) You know the limits of your knowledge.
Incredible.
The limits of your knowledge is the boundary between what you know and what you do not know. Placing that boundary requires knowledge that you by definition do not have. Semantic trickery, but has the essentials of a paradox in that there is something fundamentally wrong with the basis your reasoning is coming from.
2) You hate dealing with people who don't.
2a) don't know the limits of your knowledge.
2b) don't know the limits of their own knowledge.
There is a difference.
Being smarter than the average (genius+) and working for the clueless and/or stupid is frustrating.
This one always amazes me.
You have certain priorities and bases for judgements.
You seem to be objecting because other people are basing their decisions on their own priorities and bases rather than on your own (bviously superior (to you)) priorities and bases.
Seems like the ability to buffer print jobs way back in the old days of DOS.
Reverse engineering brought about the mess of TSRs.
Rather deceptive message if Windows (3.2?) was loaded on top of DR DOS.
There is a rather thick book of PC interrupts. Microsoft is hardly the only one using undocuments system features.
I would be extremely surprised if with windows, everything used was documented and documented correctly and that documentation was accessible externally.
my point. - that an exploit is an exploit regardless of weather ...
weather: (whether it's raining or sunny?)
As is all exploits are created equal.
As in all diseases are created equal. It doesn't matter which you have.
As in all storms are created equal.
Flaws in Microsoft products have no greater danger than equivalent flaws in any other Windows application.
They should have no greater danger.
They do have no greater danger is a much different statement, and is almost certainly false.
Do you really think some Microsoft munchkin will resist the opportunity to use some specialized knowledge or hook into the system to make him or herself look better to his or her supervisors?
Third party software tends to be a wee bit more paranoid about having the rug pulled out from under them, so the scope of what an exploit would be able to do tends to be rather smaller.
Any DLL shared between Microsof apps that is not know/used by third-party apps is a refutation of your argument.
It's kinda like there are treen in the Black Forest.
I have no idea what kind(s) or how they are spaced, etc.
No progress.
The going rate for a compromised machine went DOWN.
Now Microsoft has done some stuff that looks like they are trying.
That is not at all the same thing as succeeding.
Since the default is still to hide file extensions,
the assumption has to be that Microsoft does not actually care about anything resembling actual security.
Except that large groups of humans do NOT exhibit normal distributions.
Annual income.
If the distribution is normal,
"The rich get richer and the poor get poorer"
is an impossibility.
Average income and median income should be extremely close to each other.
Life Expectncy -- everybody dies eventually
I don't think that is anything like normal.
What IS tending toward normal is to add up all these various distributions.
What that would wbe good for, I have no idea.
but for a large group the mean and the median is almost identical.
Actually no.
Group 1. variable x
Group 2. variable is x^2
Both groups are exactly the same size.
If one group is normal, the other is not.
You may be confusing a large group with the sum of a large number of distributions. The sum of a large number of distributions (which need not be at all normal) goes to a normal distribution as the number of distributions in the family goes to infinity. It is the infinite tail of the family that is normal, not the front end that has the distributions of interest.
Normal distributions are well understood and readily calculated.
Most studies assume the distribution is normal because they do not know how to calculate anything else, and in many ways a normal distribution is a "safe" choice.
Now you know why lots of us just read the comments.
If there's anything interesting or useful that should have been in the article, it's probably in the comments.
If the article is actually worth reading, that too is probably in the comments.
Ergo, include removal as part of your recompense for damages in the suit.
Nah, what you want are indirect and consequential damages, such as lost profits, etc.
But maybe the conservqatives fear that their fragile ecosystem of importance, references and reviews would all fall down when the web equalises it. Suddenly bright young studends will have as much esteem as a good-for-nothing professor
That and all the stupid young students will have as much esteem as the wise old professors.
Much easier to tear down than build up.