And I repeat what I wrote in the message you're replying to:
With CDs this didn't matter. Anyone who could physically stamp a CD could afford to pay a royalty on it, simply rolling it into the cost. Anyone producing a CD player, likewise, merely needed to roll the royalty into the cost.
Show me how you can build a free and open infrastructure for the distribution of music where anyone can at any time put their hand up and say "Ok, we're now demanding royalties on..." clients, encoders, actual music, you name it.
There's a world of difference between an environment where the physical medium implies people having to make substantial investments and charge on a per-unit basis, and the type of free and open infrastructure that digital-only music requires.
Simply suggesting that because AAC, MWA, or MP3 are covered by patents (and therefore protected against unauthorized use) they are somehow inherently evil or less desirable than OGG is as goofy as assuming that all open source solutions are inherently technically superior to any closed-source solution.
No, it isn't. That's not a remotely fair comparison.
AAC, WMA, and MP3 are licensed formats. Someone without a license cannot produce a coder, media in that format, or player, or if they're able to do so now, they can't rely on the fact in the future.
With CDs this didn't matter. Anyone who could physically stamp a CD could afford to pay a royalty on it, simply rolling it into the cost. Anyone producing a CD player, likewise, merely needed to roll the royalty into the cost.
Show me how you can build a free and open infrastructure for the distribution of music where anyone can at any time put their hand up and say "Ok, we're now demanding royalties on..." clients, encoders, actual music, you name it.
You can't.
And I think you know that which is why you compared saying MP3 et al "are somehow {...} less desirable than OGG" to "all open source solutions are inherently technically superior to any closed-source solution". The latter is clearly hyperbole. The former is objectively correct when discussing the patent regime but at first glance sounds a bit like the latter. If you wanted to make a fair comparison, you'd have either said:
Simply suggesting that because AAC, MWA, or MP3 are covered by patents they are somehow technically inferior to OGG is as goofy as assuming that all open source solutions are inherently technically superior to any closed-source solution.
...which would have been right, but not relevent, or you'd have said:
Simply suggesting that because AAC, MWA, or MP3 are covered by patents (and therefore protected against unauthorized use) they are somehow inherently evil or less desirable than OGG is as goofy as assuming that FreeBSD is inherently more useful in an open environment to Windows 2003, SCO Unix, and DOS.
...which would have been clearly flawed as the latter isn't goofy at all.
Let's address your first point. No, you are unaware of which of those I'm proposing for one principle reason: I do not propose any. I addressed the specific instances of the lack of support for open formats. I did not address the positive support for closed/locked formats, nor propose that anything be done to closed/locked formats.
I proposed the absolute minimum because I do not consider myself, or anyone for that matter, a person whose views should be slavishly followed. I believe that we are all individuals, that we must all think for ourselves. And that, as Thomas Jefferson once said, it is far better to show someone the door, so that they may go through it. In many ways, we've lost sight of what leadership should be. Leadership is about trust, and freedom, and when people put their hands up and say "I believe! I believe! But I need YOU to tell me what to do! I need YOU to tell me what to write next!" then we don't lead, we dictate.
Every individual on Slashdot has their own view of how the world works, on how to best ensure that, say, Apple provides some sort of rational open format support. We can but tell our representatives that this is an important issue for us, and make our suggestions. They can then make the right decisions on the basis of the ideas and viewpoints expressed to them. I humbly request that my role solely be to initiate that process, by asking Slashdotters to contact those representatives.
As far as your second point goes, it's already a problem. We don't have that freedom with MP3 - we pretend to, but we can't even roll our own MP3 encoder without writing scripts for people who want it that grab sources from a German ftp site for dist11.zip, so that the authors can legitimately claim they're not shipping MP3 encoders themselves. It's a bad situation. It locks the open and free world out of MP3. It certainly makes it impossible to create an infrastructure for free and open music that works with existing players. What good is your infrastructure if it distributes Ogg and players play MP3?
AAC is the format Apple has adopted, and it is covered by numerous patents. It is therefore "their own patented format". (I do not suggest that the patent's are Apple's, I merely suggest that you do indeed need a license to implement it, and Apple has adopted it.)
As for AAC being "not good enough for music[sic]-based audio". That claim appears nowhere in my comment. Nor was music misspelt, either in what you quoted and followed by [sic], or in the instances of the word in my comment.
I did say that Dolby's AC3 is good, but not considered good enough for music based audio. AC3 is a codec oriented towards the requirements of movies. Regardless of whether you consider it an acceptable container for music (most, I suspect, would rather use Ogg, AAC, MP3, or WMA), it's patented, requires licensing, and therefore subject to the same complaints as AAC, MP3, and WMA.
Linux geeks? Well, then Apple wouldn't benefit from adding Ogg support, I mean, who ever heard of a Linux geek wanting a small, portable, music player + portable hard drive?
No no no, Apple doesn't want their money. They can give it to iRiver or someone.
It's about time! The thing is, a standard and completely open compressed-audio file format is a critical component of creating a usable, civil, electronic audio distribution system. Right now, Ogg is the only player. MP3 is covered by patents - in fairness to Fraunhoffer, they never intended it to be used the way it is. AAC is likewise. Dolby's AC3 system, while good, is neither open nor good enough for basic music-based audio. Ogg is the only player.
But producers of audio-playback devices are stuck with a problem: because the vast bulk of digital sound out there stored on PCs is in MP3 format, they have to support MP3, and both Microsoft and Apple are not helping by pushing users to their own particular patented formats, thus providing little incentive to support an open format. This causes problems: it encourages people to continue using the closed formats, and that in turn encourages manufacturers to only support the closed formats. This is wrong, seriously wrong, and serious issues of liberty - both personal and civil - are at stake here. For without an open format, the plug can be pulled.
This quagmire of open formats dying because they need to dominate the market before they can dominate the market will not disappear by itself. Resources need to be devoted, and unless people are
prepared to actually act, not just talk about it on Slashdot, nothing
will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that free and open music is important to you. Tell them that you appreciate the work
being done by the open source and free software communities to create an infrastructure that will support truly free - as in liberty - music, but that if the problem of lack of commercial support for open file formats is not resolved, you will be forced
to use less and less secure and intelligently designed alternatives.
Let them know that SMP may make or break whether you can efficiently
deploy OpenBSD on your workstations and servers. Explain the concerns
you have about freedom, openness, and choice, and how patented file formats harms all three. Let them
know that this is an issue that effects YOU directly, that YOU vote,
and that your vote will be influenced, indeed dependent, on their
policies on open file formats.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Well done Apple. This is the kind of action necessary to balance the interests of all sides in the digital music realm. On the one side you've had the users, who want a flexible, accessible, affordable method of downloading music. On the other, the music industry is panicy because it realizes that the digital medium provides a potential to bypass mechanisms to funnel payments to music creators on a scale never seen before. There will never be a perfect balance, the iTMS's limitation of 30 second clips still makes it hard to see people being able to sample music in the ways that Napster, Kazaa, and Gnutella have made possible. While independent publishers have cut into the burden, a large proportion of iTune's revenues still go to groups unrelated to the creation of the music it funds the creation of. Many artists are concerned because they want to ensure their works are bought and used as a whole, not as individual tracks, and the iTunes system isn't always optimized terribly well for that scenario.
But undeniably, this is a step in the right direction. The above issues, of course, need to be addressed. Solutions such as online radio may improve the ability of individuals to sample music, for example, but the RIAA has created tough conditions for low level online radio systems, keeping the medium for the most part under the heavy thumb of the cartels. This isn't, by itself, a bad thing: there's nothing to stop independent groups coming together and creating libraries of non-mainstream music that Internet radio stations can play cheaply, or without cost at all. It requires the will however, and the mechanisms to be created such that Internet radio's operators can easily find and thus negotiate directly with such libraries, avoiding the dangerous possibility of not doing so and hitting the defaults the RIAA offers.
Creating a huge, high quality, downloadable library, as Apple has done, and making it semi-platform-independent, is certainly a single brick that can be used as a plank to build a bigger concept, a better music platform than the bricks and mortar systems of the past. Without other bricks to form those additional planks, however, that concept will never be dreamt.
This quagmire of
downloadable music services requiring a substantial ancillary infrastructure to survive
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman [house.gov] or senator [senate.gov]. Tell them that
online music is important to you. Tell them that the infrastructure, both technical and organizational, must be built up to ensure the long term viability of online music. Tell them that you appreciate the work being done by
Apple and others to create download services
but that if the rest of the system is not built
you will be forced to use less and less secure and
intelligently designed alternatives. Let them know that SMP may make or
break whether you can efficiently deploy OpenBSD on your workstations
and servers. Explain the concerns you have about freedom, openness, and
choice, and how a lack of a viable music distribution network
harms all three. Let your
legislators know that this is an issue that effects YOU directly, that
YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning
downloadable music.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Companies have many things to consider when deciding where to sell a product. Targeted advertising, language, marketability, warranty considerations, local laws...
Which is exactly why a standardized distribution network would help. Companies could choose whether to market in a region or not, and if they chose not to, they could still sell into it to customers who want the product.
Right now it's all or nothing: You can either heavily promote a region, or you can pretty much make it all but impossible for someone to obtain your wares within that area. That's not good for anyone except the most cynical restrictive-practises type business. There has to be a better way.
You actually raise quite a serious point. Technical advantages in various countries are often limited to the people who live in those countries, and it's hard for both insiders and outsiders to share in those benefits. In Sony's case, this hardware requires a huge amount of investment for each market they intend to serve. Even Sony has to look at the bottom line and the immediate short-term future and determine whether a massive, cashflow squeezing, expansion is worth doing in the short term.
Technology needs to become more universal, but its expense in implementation costs makes that hard to do. If you, in the US, are having problems enough getting hold of this kind of thing, can you imagine how hard it is for someone in, say, Russia, Egypt, or Australia, to gain access? And yet there's no technical reason why they shouldn't, and there are people within those nations who can afford such equipment and see it as worth while. But we limit the marketing of technologies, slavishly obeying arbitrary national borders, because of the difficulties associated with expansion.
Expanding means creating new marketing networks and providing the means of transporting this equipment to other countries. This is expensive, though if done with a shared spirit of cooperation and determination, there's no reason why, say, an open distribution network shared by any number of vendors, might not make such things possible. Such a network is, for all intents and purposes, impossible, because it relies upon there already being a large enough momentum towards unfettered distribution to work.
This quagmire of
national boundaries restricting the flow of goods and services
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address
and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Windows NT,
at Microsoft. Tell them that
technologies and spreading the good they do to everyone, not just those in the very largest first world countries, is important to you. Tell them that open, standardized, distribution networks would help open up the free export of technologies across the world, bettering mankind. Tell them that you appreciate the work being done by individual manufacturers and individual store chains to try and provide some of this functionality
but that if the insistance of exclusivity and the lack of standardization in business practices are not dealt with
you will be forced to use less and less secure and
intelligently designed alternatives. Let them know that SMP may make or
break whether you can efficiently deploy OpenBSD on your workstations
and servers. Explain the concerns you have about freedom, openness, and
choice, and how a lack of a free and open technology distribution network
harms all three. Let your
legislators know that this is an issue that effects YOU directly, that
YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning
the distribution of technologies to everyone.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Rather than bitch about it, have you considered actually doing something about unemployment? If you, as you apparently do, believe that unemployment leads to people wasting time, then surely the way to create new and wonderful things is to do something about unemployment. Create jobs where people can create things of worth.
Not that this means I agree with you in your senseless flame of the person who put together this project, but I do have concerns when people do not themselves deal with issues. Creating jobs is creating something worthwhile, and I believe strongly that doing so will improve the situation for everyone.
This quagmire of
job creation being undermined by unnecessary flames and those in work seeing the work of those who are not as worthless
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address
and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Windows NT,
at Microsoft. Tell them that
unemployment is a critical issue for you. Tell them that the talents of people are being wasted by not providing them with jobs. Tell them that you appreciate the work being done to improve the economy
but that if unemployment continues to grow
you will be forced to use less and less secure and
intelligently designed alternatives. Let them know that SMP may make or
break whether you can efficiently deploy OpenBSD on your workstations
and servers. Explain the concerns you have about freedom, openness, and
choice, and how unemployment
harms all three. Let your
legislators know that this is an issue that effects YOU directly, that
YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning
job creation.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Groupware and the Microsoft Monopoly
on
Opengroupware
·
· Score: -1, Troll
Despite best-efforts by groups such as Lotus and GNOME, the truth is that a viable groupware system outside of the Exchange framework from Microsoft is still many years away. The problem isn't that the software doesn't exist - Notes, after all, predates Exchange in its present form (Exchange replaced Microsoft Mail which had some of the features but by no means got the cigar) - but that interoperability with the ingrained standard is virtually impossible, and that many of the current open standards are far from complete.
Exchange is a closed and entirely proprietry system, and with good reason: Microsoft knows that opening up the system entirely would be one area where its desktop monopoly could be threatened. Some proof of this can be seen in that this is the one area on the Mac where Microsoft has let their software lag behind - users of that platform can get an excellent office suite, a good web browser, internet access, all from MS. But users of Exchange are limited to bug ridden clients that have to be run under Classic, and while upgrades to Entourage, MS's Mac mail/group system, are in the works to support some interoperability with Exchange, these upgrades are a long time coming and will only scratch the surface of what's required.
Meanwhile, Internet email standards lag behind and cause interoperating clients and servers to appear crude and unprofessional. As an example, the Internet's "rich text" standard is HTML, which is usually entered using a crude unintuitive user interface, appears completely different on different viewers, and requires embedded objects to be located on a central server pre-arranged ahead of time. Some objects, such as line drawings, have no universally supported internet standard for embedding anyway.
Ironically, the crude and incomplete standards offered for interoperability means that Microsoft can safely support, for example, IMAP and LDAP, knowing full well that it will not produce an environment with full interoperability and that users of these systems will appear less professional to their Microsoft-user co-workers.
With unprofessional and unfinished standards, and with the dominant platform being essentially closed, entry into the groupware area is difficult.
This quagmire of closed standards making professional interoperability unviable, but open standards being to unprofessional and incomplete to support and persuade system administrators to switch to
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address
and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Exchange,
at Microsoft. Tell them that
viable, professional, open standards for groupware are important to you. Tell them that the current system must change, and that either Microsoft's excellent standards need to be opened up, or that new open standards need to be put into the public domain, and that Microsoft needs to adopt these standards in order to ensure that groupware really is group ware, not limited to a "group" that finds sharing a single platform viable. Tell them that you appreciate the work being done by the IETF to create open standards
but that if
these standards remain incomplete
you will be forced to use less and less secure and
intelligently designed alternatives. Let them know that SMP may make or
break whether you can efficiently deploy OpenBSD on your workstations
and servers. Explain the concerns you have about freedom, openness, and
choice, and how cl
Behind the obvious humor in the story behind the iLoo lies a more serious issue concerning universal access to a network that's steadily becoming more important to people's lives. The Internet continues to grow - at a slower rate, perhaps, than at the height of the tech bubble - but the massive amount of content on the Internet and the day-to-day reliance upon it as a disseminator of information is unquestionable and important.
The iLoo marks one attempt to create an environment where the internet is everywhere. It was a brave attempt - other attempts have focussed on relatively unusable systems such as bringing the internet to pocketable phones, an exceedingly expensive mechanism that does not deliver what it attempts to do due to the limitations of the medium. Airports have experimented, with moderate success, at providing Internet terminals, and also at 802.11 based systems - though in that case, taking advantage of the high number of laptops owned corporately and the high number of corporate users of air travel. More universal 802.11 solutions are doomed - at least until the development of a $199 Apple iBook.
Putting the Internet everywhere will be a difficult task. An environment needs to be fostered where relatively expensive equipment can be placed in public safely and profitably. This means thinking laterally, and Microsoft has, for once, done so with the iLoo. Systems may eventually be developed that provide usable Internet terminals on public transport or in shops or photobooths. The ideas about where cannot be limited except by trying and failing. But it's inevitable that ideas will not be tried if they're laughed at before they can even be tested.
This quagmire of laterally thought ideas not being raised for fear of ridicule
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that the Internet
is important to you, and that universal access, both geographically and sociologically, is vital to the Internet's future and to the many billions of people who rely upon the Internet in their daily lives. Tell them that you appreciate the work being done to bring the Internet out of the offices and homes to where it can be reached by everyone, by groups such as Microsoft, VoiceStream, Palm, and Apple
but that if they are unable to bring ideas even to the prototyping stage, you will be forced to
use less and less secure and intelligently designed alternatives. Let
them know that SMP may make or break whether you can efficiently deploy
OpenBSD on your workstations and servers. Explain the concerns you have
about freedom, openness, and choice, and how
cramping creativity when it comes to opening the Internet
harms all three. Let them know that this is an issue that effects YOU
directly, that YOU vote, and that your vote will be influenced, indeed
dependent, on their polices on Universal Internet Access .
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
I think in some way all the computer games I've ever played have affected me in some way. It was Space Invaders that got me into programming, I wanted to know how it worked. Ironically, I never did.
Computer games can affect people on many different levels. There's the meta-effect, where a person sees something occur in a computer programmer and thinks "What the blazes?" and is inspired to work out how it works, how it can be replicated, how the technique can be used in other applications. There's the deliberate effect, where a game can promote a point of view or a a view of the world that makes someone's mind click and say "I understand that". The great strategy games, with Sid Meyer standing proudly in the center, have influenced me there, but other, more ordinary games, can often influence in much the same way. Games can also mentally challenge - Lemmings taught us to solve puzzles in real time, adventures did similarly, and the games that have followed Doom and forerunners like
Hired Guns have provided us with a new level of real time problem solving.
The mind is exercised by those flashes of light on screen. Like a lightbulb appearing over one's head, computer games can illuminate the dark crevises of the mind, putting them to work for all of us. Unfortunately, not everyone sees the world that way. Efforts are often made to discredit computer gamery as a mind device. Attacks from procensorship groups are common, and while the games industry is not yet as heavily regulated (voluntarily or otherwise) as, say, the movie industry, it's merely a matter of time. Already computer games are typically more regulated than the music industry, and without an RIAA like organization to defend computer game manufacturers, that trend is likely to get worse. Indeed, whereas the RIAA, and Hilary Rosen, has done an astronishingly successful job of countering lobbying to censor music through a combination of token solutions ("Parental Advisory" labels and such) and aggressive pro-speech counter lobbying, the ASPA and ESPA and other similar groups have gone far beyond even the MPAA on self-labelling and have done little to promote the notion that games, like music, films, and literature, are a form of speech; indeed that you cannot "censor" without there being speech to censor.
The games industry lacks an affective defender, and without one, attacks on "violence" and sex in computer games will continue until a legislative disnification of games becomes inevitable. The choice between Sony, Microsoft, and Nintendo will become a fight where only the names are different.
This quagmire of games becoming censored in the absense of an affective lobbying organization which becomes more unlikely to be effective as games become more and more censored will not disappear by itself. Unless people are prepared to act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that computer games are a form of speech, that they impart ideas and ways of thinking, and that they inspire people to do things they'd otherwise never do. Tell them that you appreciate the work of groups like the ASPA and ESPA to combat attempts at censorship by the imposition of voluntary ratings
but that if
groups like these continue to fail to focus on the speech aspects inherent in computer games, and as such games merely become more and more neutered, you will be forced to
use less and less secure and intelligently designed alternatives. Tell them that you believe the world would be a better place with more groups following the lead of successful free speech lobbyests like the RIAA. Let
them know that SMP may make or break whether you can efficiently deploy
OpenBSD on your workstations and servers. Explain the concerns you have
about freedom, openness, and choice, and how
censorship everywhere, in computer games a
Apple had a straight port of Mac OS's old user interface in A/UX. IIRC though, apps generally used the Mac OS APIs.
NeXT, of course, had NextStep, and while the internals are what Mac OS X is based upon, the end user interface couldn't be more different. There are a few hang overs, the columner file selector and the "Services" thing are the only two that spring to mind however.
Torch, in the UK, apparently put a very good GUI in front of their Unix for their wierd BBC Micro based machines. (The BBC Micro was a 6502 based platform. Torch produced a machine that had a proper CPU in it but adopted much of the same hardware. I don't know how much of this was licenced and how much was just "we'll not sue". The machine tanked, largely because Torch wasn't some giant corp with the power to market these things.)
Mac OS X isn't the first Unix with a decent GUI. It's the first Unix that's been marketed properly to a wide audience that has a decent GUI. And, what with Mandrake and Lindows being the only other two I can think of off the top of my head, that's not that impressive.
I do love what Apple has done though, I have to say.
Quite. It's more like if you worked programming for a week, and at the end your boss announced he wasn't going to pay you, because the work was done anyway and it's not as if he was stealing because him having a copy of the software didn't mean you couldn't have a copy.
One of the major problems with most large organizations - be they telecommunication/entertainment powerhouses like DirecTV or consumable food & recreational drug giants like Altria (formerly Philip Morris) - is that there's a natural disconnect between them and the customers they serve. As layers of management increase, giant corporations find it more difficult to sense the needs and wishes of their customers. Usually this ends up being solved through countless customer surveys and marketing, but such research rarely has much affect in at least one major way - it doesn't tell corporations what questions are being asked, what is being expected of them: this type of research merely tells a company whether it is successful at what it believes itself to be successful at.
Getting feedback to companies like DirecTV is a tricky situation as it's rarely easy to determine who the information should go to. As if this isn't enough, for the most part any large company has little chance of telling apart sincere customer requests from background noise. If many customers suddenly demand a product be released, or another dropped, what's to say that this isn't because of a mention on talk radio, or because of the behaviour of a competitor?
This quagmire of companies being unable to ask all the questions they need, and of customers being unable to provide the kind of feedback giant corporations need to continue to provide quality goods and services at affordable prices
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that choice, quality services, and economical pricing is important to you, and that you worry that many businesses are crippled by being unable to understand what it is that their customers want. Tell them that you appreciate the work being done to promote loops of feedback, through clearly marked feedback email addresses and constant customer surveys
but that if
corporations continue to be unable to supply you with what you want and need because of a lack of awareness, you will be forced to
use less and less secure and intelligently designed alternatives. Let
them know that SMP may make or break whether you can efficiently deploy
OpenBSD on your workstations and servers. Explain the concerns you have
about freedom, openness, and choice, and how
poor communications, bad feedback loops, and talk radio harms all three. Let them know that this is an issue that effects YOU
directly, that YOU vote, and that your vote will be influenced, indeed
dependent, on their ability to make giant, unaccountable, corporations provide the goods and services that make this country great.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
What you're finding people not agreeing with is that it is NOT the responisiblity of the victim to make restitution for damages.
No, that's not what they were complaining about.
In my original, I made the consequences of (incompetently, I made the thing fair) of not securing your machine very, very, harsh indeed. Only one person actually protested about the method.
I actually, originally, wanted to make people think about vengence and the brutality people are willing to put up with done on their behalf in a supposedly civilized society. Unfortunately, it seemed all but one person - maybe two, a moderator mod'd the thing as troll but as they didn't reply... - were more concerned about the notion that a person who makes no effort to ensure their machine, connected to the public Internet, is secure and makes no effort to ensure that it causes as little disruption to others as possible - should in any way be responsible for what damange it does. Not "fully responsible", just responsible to some degree.
The punishment I was proposing wasn't that a sysadmin pay damages. I proposed that they have their balls cut off. Nobody protested about that aspect of my argument. We live in a society, it seems, where brutality is supported, but personal responsibility isn't. What a world.
When I wrote a proposal for keeping system administrators accountable - ensuring tht if someone puts a machine on the Internet, they take the necessary steps to secure it, it generated howls of outrage from people who clearly felt that there is no onus on admins to keep their machines secured and that blaming them in any way for the damage they cause is wrong.
Jokes about the RIAA aside, which has indeed asked for laws to allow it to do exactly what you deem jokeworthy, the fact is that most people consider their PCs their own property but not their own responsibility. The view appears to be that it's ok for someone to leave a machine on the Internet available for anyone to take over, that the person who puts it there has no responsibility, and that anyone who complains, tries to get it fixed, etc, is in the wrong.
Friends, I know that we all consider those who crack computers to be the ultimate culprits in any situation where a computer is damaged, but that doesn't mean that people shouldn't take responsibility their own parts in allowing this to happen. Someone who quite blatently leaves his or her keys in their car and parks outside bars would not be viewed by most people as completely blameless in the event that a drunk staggers out, takes the car, and drives it into a shop window.
Leaving a machine unsecured and unmonitored on the Internet is a sure-fire way of ensuring it is hacked and used to attack other machines. We know this. Yet people continue to do it. They do not secure their machines once hacked, and they allow their own machines to attack others once hacked. This is negligence, pure and simple.
This quagmire of
negligent sysadmins not securing their machines, not allowing their machines to be shut down by victims yet not willing to consider the consequences of their failure to secure their machines and to turn off machines that attack others
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them
that negligent sysadmins who are happy to keep their computers connected to the Internet all of the time but aren't willing to take basic, simple, security precautions to ensure they play with others are a danger to the security of the Internet, a menace to other 'net users, and cause billions of dollars of damage every year. Tell them that you appreciate the work being done by groups like Security Focus, BugTraq, and even the efforts made by Microsoft to secure their systems and provide easy ways of keeping their products secure,
but that if those responsible for computers that are on the Internet do not make use of the tools and features made available to them, you will be forced to
use less and less secure and intelligently designed alternatives. Let
them know that SMP may make or break whether you can efficiently deploy
OpenBSD on your workstations and servers. Explain the concerns you have
about freedom, openness, and choice, and how
incompetent system administration
harms all three. Let them know that this is an issue that effects YOU
directly, that YOU vote, and that your vote will be influenced, indeed
dependent, on whether or not they
are willing to propose laws that provide proper deterents to poor system administratorship and allow those attacked by poorly managed machines to fight back.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Further, my proposal treads a balance. Sysadmins have defenses, and if their incompetence is so bad it fails to have any defense, even then they face nothing more than a fine, and then only if their refusal to take responsibility and be a good Internet citizen has resulted in damage to a third party. Only if they repeat the offense do the consequences become more serious.
Someone who places a computer system on the Internet must expect any security holes in their system to be tested. Hackers have covered virtually every Internet IP address with attempted exploits: if you don't believe me, sit on one for a few hours running a webserver and examine your log afterwards for NIMDA attacks - I guarantee you'll have gotten a few. A person certainly isn't responsible for a random bullet, but they certainly wouldn't get any sympathy if they walked into the middle of a live shooting gallery without a bullet proof vest.
Unlike the bullet proof vest example however, it's not the person who's not worn his or her vest who ends up being the victim. DDoS attacks exploit insecure servers to attack a third party who literally cannot do anything about the attack.
There needs to be a degree of responsibility that currently isn't present. People who insist on putting up servers and, essentially, letting hackers do their worst with them need to realise that what they're doing is wrong. Reasonable deterents, in the forms of fines etc, will help deal with that. But, frankly, if these clueless admins continue, it's time to liberate, by hand, for the workers, their means of reproduction.
There are constitutional issues with any law that would deter an individual from bearing arms of any type. I doubt the Supreme Court would stand for a law that punishes a person for leaving a loaded gun lying around where anyone can pick them up.
These constitutional issues do not have any bearing on computers. There's no constitutional right to own a computer or have access to one, or have access to the Internet. As such, it is reasonable to make those who possess computers and maladminister them to the extent that they cause mayhem and real financial damage to third parties, accountable.
If I left my car keys hanging on a nail in a bar together with a description of my car in the bar's parking lot, there are few that would argue I bear some responsibility when it's subsequently used by drunks and is driven into an expensive diner across the street, causing thousands of dollars worth of damage.
Perhaps, rather than refusing to castrate equally irresponsible system administrators, we should consider the same types of punishment for people who leave their car keys in bars unsupervised. A fine for the first misuse that causes damage, followed by castration if they do it again.
This system works only if you assume most system administrators are employed or otherwise accountable to the people to whom damage has been done. Obviously, in the case of "Joe Blow" hooking up a Windows 2000 box to the Internet on his home DSL connection, enabling various server services, and not keeping up with the updates, there is no such accountability. If his machine is compromised, and then used to attack other machines as part of a DDoS attack, there's no way to hold him to account, at present or under your passive-punishment system.
This is why we need a proper system of accountability. A fine first. Then, if you still don't get the clue, your goolies in the blender.
This is not harsh or inhumane. As I point out, a defense of it not being reasonable that a flaw be fixed (for example, an exploit used before a patch is available, or within a week of a patch being announced, is clearly out of the control of the admin) would be available. Additionally, the admin would have had to be responsible for a machine that was exploited and then used to attack a third party - the example here of the current RIAA webmasters being disembowled is clearly bogus as only their own website was compromised. The punishment is a deterent not merely to administrators, but to those who would sell easily compromised software - who would face zero sales in a post-castrational environment, and even to hackers, the thought that their acts have serious consequences to others would deter all but the most sociopathic. Nor is it a bad punishment in comparison with modern US jail conditions. Many would feel comfortable sending a person to prison, depriving them of their liberties, endangering their safety, and exposing them to horrors that may well scar them mentally for life. I think a policy of fines, and in cases where the fines do not work and damage continues to be caused by the foolishness of the person responsible, removal of the reproduction abilities of the admin concerned, is infinitely more humane than the alternatives.
A solution that relies upon the free market clearly does not solve the problems mentioned. Someone who places an exploitable computer on the Internet for their own personal, private, non-commercial use has no incentive, without laws such as those I propose, to keep his or her machine secure beyond convenience. Current experience demands that that change. Cut their goolies off!
Again though, this goes back to making sure that people know that there are real victims of their actions.
Would operating systems be shipped in insecure forms, out of the box, with little help with system administration if to do so risked developing a reputation as a "newbie castrator"? Microsoft, of course, is tightening up security in their operating systems, so overall this issue will begin to disappear, but it certainly is an incentive to MS to ensure their OSes really are secure out of the box, that mechanisms exist that ensure customers are kept aware of security problems, and that security problems are not sat upon.
Hackers don't hack into hospitals. Microsoft would never have dreamed of recommending Windows 95 to run the computer inside of a dialysis machine. By creating real victims - and victims who certainly had control in the first place over whether they were at risk or not - it suddenly becomes imperative for all sides to ensure that security is kept paramount.
There simply will not be people leaving unprotected Windows 95 machines hooked up to directly to the Internet if fines followed by castration for second offenses becomes the norm. I'd have thought those who are the most at risk would think twice after the first fine...
Apologies if this comes as a repeat to some people, but I made these important points some time ago, and they bear repeating (especially as I doubt anyone did see the original discussion, it was posted late in the day.)
The
Internet's Achilie's heel is it's awesome complexity and size. The
result is that it's very east for a group to appear, do damage, and
then disappear, and never be traced. Worse still, the ease with which
this can be done is itself an incentive - a downtime of DNS, or of a
Microsoft server, or of Yahoo, is seen as unimportant, easy, and
untracable, and people - for whatever reasons, be they sociopathic,
vengeful, curious, or egocentric - are attracted to perform these kinds
of acts.
It's difficult for any reasonable person to know where to
begin solving these issues. Traditionally, nailing down machines and
networks so they are more secure has been seen as the best approach,
but there's little anyone can do about having bandwidth used up by
unaccountable "hacked" machines, as is seemingly more and more the
modus-operandi.
Attempts to trace crackers are frequently wastes of time, and
stiffer penalties for hackers are compromised by the fact that it's
hard to actually catch the hackers in the first place. The situation is
made worse that many of the most destructive hackers do not,
themselves, set up anything beyond sets of scripts distributed to and
run by suckers - so-called "script kiddies".
Given that hackers usually work by taking over other machines
and coopting them into damaging clusters that can cause all manner of
problems, less focus than you'd expect is put onto making machines
secure in the first place. The responsibility for putting a computer on
the Internet is that of a system administrator, but frequently system
administrators are incompetent, and will happily leave computers hooked
up to the Internet without ensuring that they're "good Internet
citizens". Bugs are left unpatched, if the system administrators have
even taken the trouble to discover if there are any problems in the
first place. This is, in some ways, the equivalent of leaving an open
gun in the middle of a street - even the most pro-gun advocates would
argue that such an act would be dangerously incompetent. But putting a
farm of servers on the Internet, and ignoring security issues
completely, has become a widespread disease.
There is a solution, and that's to make system adminstrators
responsible for their own computers. An administrator should be
assumed, by default, to be responsible for any damage caused by
hardware under his or her control unless it can be shown that there's
little the admin could reasonably have done to prevent their machine
from being hijacked. Clearly, a server unpatched a few days after a bug
report, or a compromise unpatched that has never been publically
documented, is not the fault of an admin, but leaving a server
unpatched years after a compromise has been documented and patches have
been available certainly is. Unlike hackers, it is easy to discover who
is responsible for a compromised computer system. So issues of
accountability are not a problem here.
Couple this with suitably harsh punishments, and not only will
system administrators think twice before, say, leaving IIS 4 out in the
wild vulnerable to NIMDA, but hackers too - for the same reasons as
they avoid attacking hospital systems, etc - will think twice about
compromising someone else's system. Fines for first offenses and very
minor breaches can be followed by bigger deterents. If you were going
to release a DoS attack into the wild, but knew that the result would
be that many, many, system administrators would be physically castrated
because of your actions, would you still do it?
Of course not. But even if you were, the fact that someone has
been willing to allow their system to be used to close the DNS system,
or take Yahoo offline, ought to be reason enough to be willing to
consider such drastic remedies. Castration may sound harsh, but
compared to modern American prison conditions, it's a relatively minor
penalty for the system administrator to pay, and will merely result in
discomfort combined with removal from the gene-pool. At the same time,
such an experience will ensure that they take better care of their
systems in future, without removing someone who might have skills
critical to their employer's well being from being taken out of the job
market.
The assumption has always been made that incompetent system
administrators deserve no blame when their systems are hijacked and
used for evil. This assumption has to change, and we must be willing to
force this epidemic of bad administration to be resolved. Only by
securing the systems of the Internet can we achieve a secure Internet.
Only by making the consequences of hacking real and brutal can we
create an adequate response to the notion that hacking, per-se, is not
wrong, that it causes no damage.
This quagmire of people considering system administrators the
innocents in computer security when they are themselves the most
responsible for problems and holes will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on Slashdot,
nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address
and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of
security systems built into operating systems like Windows NT, at
Microsoft. Tell them security is an important issue, and is being
compromised by a failure to make those responsible for security
accountable for their failures. Tell them that only by real, brutal,
justice meted out to those who are irresponsible on the Internet will
hacking be dealt with. Tell them that you believe it is a reasonable
response to hacking to ensure that administrators who fail time and
time again are castrated, and that castration is a reasonable
punishment that will ensure a minimal impact on an administrator's
employer while serving as a huge deterent against hackers and against
incompetence. Tell them that you appreciate the work being done to
patch servers by competent administrators but that if incompetent
admins are not kept accountable, you will be forced to use less and
less secure and intelligently designed alternatives. Let them know that
SMP may make or break whether you can efficiently deploy OpenBSD on
your workstations and servers. Explain the concerns you have about
freedom, openness, and choice, and how poor security harms all three.
Let your legislators know that this is an issue that effects YOU
directly, that YOU vote, and that your vote will be influenced, indeed
dependent, on their policies concerning maladministration of computer
systems connected to the public Internet.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
It's like the old joke: The great thing about America is that anyone can become President - but the bad thing about that is that anyone can become President.
Slashdot is like that. Anyone can become moderator - as long as they haven't been unlucky in metamoderation (which many of us who have always tried to be fair have) and moderation ultimately favours the trolls who set up a new account every week, post karma whoring stuff to raise their karma and then moderate according to opinions rather than to whether articles are any good.
Dealing with this issue would involve an overhaul of the Slashdot moderation system, but therein lies a dialema: while moderators who abuse the system have the upper hand, those who would do a good job are modded so that they can't ever get the karma necessary to moderate. Worse, the abusers have multiple metamoderation accounts too and can get good moderators kicked out of the system altogether.
This quagmire of poor moderators destroying the opportunity for good moderators to prevail will not disappear by itself. Resources need to be devoted, and unless people are
prepared to actually act, not just talk about it on Slashdot, nothing
will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that Slashdot is important to you, but that good moderation is a necessity. Tell them that you appreciate the work
being done to improve Slashdot's moderation system by Rob Malda and others, but that if the problem of poor moderators being out of touch and out of control is not resolved, you will be forced
to use less and less secure and intelligently designed alternatives.
Let them know that SMP may make or break whether you can efficiently
deploy OpenBSD on your workstations and servers. Explain the concerns
you have about freedom, openness, and choice, and how poor moderation harms all three. Let them
know that this is an issue that effects YOU directly, that YOU vote,
and that your vote will be influenced, indeed dependent, on their
policies on Slashdot moderation.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.
It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.
Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".
Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.
There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.
Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?
Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.
The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.
This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes
will not disappear by itself. Unless
people are prepared to actually act, not just talk about it on
Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator [senate.gov]. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address
and telephone number can be found at the About the MPAA page [mpaa.org]. Write too to Bill Gates
[mailto], Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT,
at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and
intelligently designed alternatives. Let them know that SMP may make or
break whether you can efficiently deploy OpenBSD on your workstations
and servers. Explain the concerns you have about freedom, openness, and
choice, and how poor security harms all three. Let your
legislators know that this is an issue that effects YOU directly, that
YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.
You CAN make a difference. Don't treat voting as a right,
treat it as a duty. Keep informed, keep your political representatives
informed on how you feel. And, most importantly of all, vote.
Slashdot Mirror
AAC, WMA, and MP3 are licensed formats. Someone without a license cannot produce a coder, media in that format, or player, or if they're able to do so now, they can't rely on the fact in the future.
With CDs this didn't matter. Anyone who could physically stamp a CD could afford to pay a royalty on it, simply rolling it into the cost. Anyone producing a CD player, likewise, merely needed to roll the royalty into the cost.
Show me how you can build a free and open infrastructure for the distribution of music where anyone can at any time put their hand up and say "Ok, we're now demanding royalties on..." clients, encoders, actual music, you name it.
You can't.
And I think you know that which is why you compared saying MP3 et al "are somehow {...} less desirable than OGG" to "all open source solutions are inherently technically superior to any closed-source solution". The latter is clearly hyperbole. The former is objectively correct when discussing the patent regime but at first glance sounds a bit like the latter. If you wanted to make a fair comparison, you'd have either said:
I proposed the absolute minimum because I do not consider myself, or anyone for that matter, a person whose views should be slavishly followed. I believe that we are all individuals, that we must all think for ourselves. And that, as Thomas Jefferson once said, it is far better to show someone the door, so that they may go through it. In many ways, we've lost sight of what leadership should be. Leadership is about trust, and freedom, and when people put their hands up and say "I believe! I believe! But I need YOU to tell me what to do! I need YOU to tell me what to write next!" then we don't lead, we dictate.
Every individual on Slashdot has their own view of how the world works, on how to best ensure that, say, Apple provides some sort of rational open format support. We can but tell our representatives that this is an important issue for us, and make our suggestions. They can then make the right decisions on the basis of the ideas and viewpoints expressed to them. I humbly request that my role solely be to initiate that process, by asking Slashdotters to contact those representatives.
As far as your second point goes, it's already a problem. We don't have that freedom with MP3 - we pretend to, but we can't even roll our own MP3 encoder without writing scripts for people who want it that grab sources from a German ftp site for dist11.zip, so that the authors can legitimately claim they're not shipping MP3 encoders themselves. It's a bad situation. It locks the open and free world out of MP3. It certainly makes it impossible to create an infrastructure for free and open music that works with existing players. What good is your infrastructure if it distributes Ogg and players play MP3?
As for AAC being "not good enough for music[sic]-based audio". That claim appears nowhere in my comment. Nor was music misspelt, either in what you quoted and followed by [sic], or in the instances of the word in my comment.
I did say that Dolby's AC3 is good, but not considered good enough for music based audio. AC3 is a codec oriented towards the requirements of movies. Regardless of whether you consider it an acceptable container for music (most, I suspect, would rather use Ogg, AAC, MP3, or WMA), it's patented, requires licensing, and therefore subject to the same complaints as AAC, MP3, and WMA.
No no no, Apple doesn't want their money. They can give it to iRiver or someone.
But producers of audio-playback devices are stuck with a problem: because the vast bulk of digital sound out there stored on PCs is in MP3 format, they have to support MP3, and both Microsoft and Apple are not helping by pushing users to their own particular patented formats, thus providing little incentive to support an open format. This causes problems: it encourages people to continue using the closed formats, and that in turn encourages manufacturers to only support the closed formats. This is wrong, seriously wrong, and serious issues of liberty - both personal and civil - are at stake here. For without an open format, the plug can be pulled.
This quagmire of open formats dying because they need to dominate the market before they can dominate the market will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that free and open music is important to you. Tell them that you appreciate the work being done by the open source and free software communities to create an infrastructure that will support truly free - as in liberty - music, but that if the problem of lack of commercial support for open file formats is not resolved, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how patented file formats harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on open file formats.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
But undeniably, this is a step in the right direction. The above issues, of course, need to be addressed. Solutions such as online radio may improve the ability of individuals to sample music, for example, but the RIAA has created tough conditions for low level online radio systems, keeping the medium for the most part under the heavy thumb of the cartels. This isn't, by itself, a bad thing: there's nothing to stop independent groups coming together and creating libraries of non-mainstream music that Internet radio stations can play cheaply, or without cost at all. It requires the will however, and the mechanisms to be created such that Internet radio's operators can easily find and thus negotiate directly with such libraries, avoiding the dangerous possibility of not doing so and hitting the defaults the RIAA offers.
Creating a huge, high quality, downloadable library, as Apple has done, and making it semi-platform-independent, is certainly a single brick that can be used as a plank to build a bigger concept, a better music platform than the bricks and mortar systems of the past. Without other bricks to form those additional planks, however, that concept will never be dreamt.
This quagmire of downloadable music services requiring a substantial ancillary infrastructure to survive will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman [house.gov] or senator [senate.gov]. Tell them that online music is important to you. Tell them that the infrastructure, both technical and organizational, must be built up to ensure the long term viability of online music. Tell them that you appreciate the work being done by Apple and others to create download services but that if the rest of the system is not built you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how a lack of a viable music distribution network harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning downloadable music.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Right now it's all or nothing: You can either heavily promote a region, or you can pretty much make it all but impossible for someone to obtain your wares within that area. That's not good for anyone except the most cynical restrictive-practises type business. There has to be a better way.
Technology needs to become more universal, but its expense in implementation costs makes that hard to do. If you, in the US, are having problems enough getting hold of this kind of thing, can you imagine how hard it is for someone in, say, Russia, Egypt, or Australia, to gain access? And yet there's no technical reason why they shouldn't, and there are people within those nations who can afford such equipment and see it as worth while. But we limit the marketing of technologies, slavishly obeying arbitrary national borders, because of the difficulties associated with expansion.
Expanding means creating new marketing networks and providing the means of transporting this equipment to other countries. This is expensive, though if done with a shared spirit of cooperation and determination, there's no reason why, say, an open distribution network shared by any number of vendors, might not make such things possible. Such a network is, for all intents and purposes, impossible, because it relies upon there already being a large enough momentum towards unfettered distribution to work.
This quagmire of national boundaries restricting the flow of goods and services will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Windows NT, at Microsoft. Tell them that technologies and spreading the good they do to everyone, not just those in the very largest first world countries, is important to you. Tell them that open, standardized, distribution networks would help open up the free export of technologies across the world, bettering mankind. Tell them that you appreciate the work being done by individual manufacturers and individual store chains to try and provide some of this functionality but that if the insistance of exclusivity and the lack of standardization in business practices are not dealt with you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how a lack of a free and open technology distribution network harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning the distribution of technologies to everyone.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Not that this means I agree with you in your senseless flame of the person who put together this project, but I do have concerns when people do not themselves deal with issues. Creating jobs is creating something worthwhile, and I believe strongly that doing so will improve the situation for everyone.
This quagmire of job creation being undermined by unnecessary flames and those in work seeing the work of those who are not as worthless will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Windows NT, at Microsoft. Tell them that unemployment is a critical issue for you. Tell them that the talents of people are being wasted by not providing them with jobs. Tell them that you appreciate the work being done to improve the economy but that if unemployment continues to grow you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how unemployment harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning job creation.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Exchange is a closed and entirely proprietry system, and with good reason: Microsoft knows that opening up the system entirely would be one area where its desktop monopoly could be threatened. Some proof of this can be seen in that this is the one area on the Mac where Microsoft has let their software lag behind - users of that platform can get an excellent office suite, a good web browser, internet access, all from MS. But users of Exchange are limited to bug ridden clients that have to be run under Classic, and while upgrades to Entourage, MS's Mac mail/group system, are in the works to support some interoperability with Exchange, these upgrades are a long time coming and will only scratch the surface of what's required.
Meanwhile, Internet email standards lag behind and cause interoperating clients and servers to appear crude and unprofessional. As an example, the Internet's "rich text" standard is HTML, which is usually entered using a crude unintuitive user interface, appears completely different on different viewers, and requires embedded objects to be located on a central server pre-arranged ahead of time. Some objects, such as line drawings, have no universally supported internet standard for embedding anyway.
Ironically, the crude and incomplete standards offered for interoperability means that Microsoft can safely support, for example, IMAP and LDAP, knowing full well that it will not produce an environment with full interoperability and that users of these systems will appear less professional to their Microsoft-user co-workers.
With unprofessional and unfinished standards, and with the dominant platform being essentially closed, entry into the groupware area is difficult.
This quagmire of closed standards making professional interoperability unviable, but open standards being to unprofessional and incomplete to support and persuade system administrators to switch to will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of systems like Exchange, at Microsoft. Tell them that viable, professional, open standards for groupware are important to you. Tell them that the current system must change, and that either Microsoft's excellent standards need to be opened up, or that new open standards need to be put into the public domain, and that Microsoft needs to adopt these standards in order to ensure that groupware really is group ware, not limited to a "group" that finds sharing a single platform viable. Tell them that you appreciate the work being done by the IETF to create open standards but that if these standards remain incomplete you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how cl
The iLoo marks one attempt to create an environment where the internet is everywhere. It was a brave attempt - other attempts have focussed on relatively unusable systems such as bringing the internet to pocketable phones, an exceedingly expensive mechanism that does not deliver what it attempts to do due to the limitations of the medium. Airports have experimented, with moderate success, at providing Internet terminals, and also at 802.11 based systems - though in that case, taking advantage of the high number of laptops owned corporately and the high number of corporate users of air travel. More universal 802.11 solutions are doomed - at least until the development of a $199 Apple iBook.
Putting the Internet everywhere will be a difficult task. An environment needs to be fostered where relatively expensive equipment can be placed in public safely and profitably. This means thinking laterally, and Microsoft has, for once, done so with the iLoo. Systems may eventually be developed that provide usable Internet terminals on public transport or in shops or photobooths. The ideas about where cannot be limited except by trying and failing. But it's inevitable that ideas will not be tried if they're laughed at before they can even be tested. This quagmire of laterally thought ideas not being raised for fear of ridicule will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that the Internet is important to you, and that universal access, both geographically and sociologically, is vital to the Internet's future and to the many billions of people who rely upon the Internet in their daily lives. Tell them that you appreciate the work being done to bring the Internet out of the offices and homes to where it can be reached by everyone, by groups such as Microsoft, VoiceStream, Palm, and Apple but that if they are unable to bring ideas even to the prototyping stage, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how cramping creativity when it comes to opening the Internet harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their polices on Universal Internet Access .
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Computer games can affect people on many different levels. There's the meta-effect, where a person sees something occur in a computer programmer and thinks "What the blazes?" and is inspired to work out how it works, how it can be replicated, how the technique can be used in other applications. There's the deliberate effect, where a game can promote a point of view or a a view of the world that makes someone's mind click and say "I understand that". The great strategy games, with Sid Meyer standing proudly in the center, have influenced me there, but other, more ordinary games, can often influence in much the same way. Games can also mentally challenge - Lemmings taught us to solve puzzles in real time, adventures did similarly, and the games that have followed Doom and forerunners like Hired Guns have provided us with a new level of real time problem solving.
The mind is exercised by those flashes of light on screen. Like a lightbulb appearing over one's head, computer games can illuminate the dark crevises of the mind, putting them to work for all of us. Unfortunately, not everyone sees the world that way. Efforts are often made to discredit computer gamery as a mind device. Attacks from procensorship groups are common, and while the games industry is not yet as heavily regulated (voluntarily or otherwise) as, say, the movie industry, it's merely a matter of time. Already computer games are typically more regulated than the music industry, and without an RIAA like organization to defend computer game manufacturers, that trend is likely to get worse. Indeed, whereas the RIAA, and Hilary Rosen, has done an astronishingly successful job of countering lobbying to censor music through a combination of token solutions ("Parental Advisory" labels and such) and aggressive pro-speech counter lobbying, the ASPA and ESPA and other similar groups have gone far beyond even the MPAA on self-labelling and have done little to promote the notion that games, like music, films, and literature, are a form of speech; indeed that you cannot "censor" without there being speech to censor.
The games industry lacks an affective defender, and without one, attacks on "violence" and sex in computer games will continue until a legislative disnification of games becomes inevitable. The choice between Sony, Microsoft, and Nintendo will become a fight where only the names are different.
This quagmire of games becoming censored in the absense of an affective lobbying organization which becomes more unlikely to be effective as games become more and more censored will not disappear by itself. Unless people are prepared to act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that computer games are a form of speech, that they impart ideas and ways of thinking, and that they inspire people to do things they'd otherwise never do. Tell them that you appreciate the work of groups like the ASPA and ESPA to combat attempts at censorship by the imposition of voluntary ratings but that if groups like these continue to fail to focus on the speech aspects inherent in computer games, and as such games merely become more and more neutered, you will be forced to use less and less secure and intelligently designed alternatives. Tell them that you believe the world would be a better place with more groups following the lead of successful free speech lobbyests like the RIAA. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how censorship everywhere, in computer games a
NeXT, of course, had NextStep, and while the internals are what Mac OS X is based upon, the end user interface couldn't be more different. There are a few hang overs, the columner file selector and the "Services" thing are the only two that spring to mind however.
Torch, in the UK, apparently put a very good GUI in front of their Unix for their wierd BBC Micro based machines. (The BBC Micro was a 6502 based platform. Torch produced a machine that had a proper CPU in it but adopted much of the same hardware. I don't know how much of this was licenced and how much was just "we'll not sue". The machine tanked, largely because Torch wasn't some giant corp with the power to market these things.)
Mac OS X isn't the first Unix with a decent GUI. It's the first Unix that's been marketed properly to a wide audience that has a decent GUI. And, what with Mandrake and Lindows being the only other two I can think of off the top of my head, that's not that impressive.
I do love what Apple has done though, I have to say.
Quite. It's more like if you worked programming for a week, and at the end your boss announced he wasn't going to pay you, because the work was done anyway and it's not as if he was stealing because him having a copy of the software didn't mean you couldn't have a copy.
Getting feedback to companies like DirecTV is a tricky situation as it's rarely easy to determine who the information should go to. As if this isn't enough, for the most part any large company has little chance of telling apart sincere customer requests from background noise. If many customers suddenly demand a product be released, or another dropped, what's to say that this isn't because of a mention on talk radio, or because of the behaviour of a competitor?
This quagmire of companies being unable to ask all the questions they need, and of customers being unable to provide the kind of feedback giant corporations need to continue to provide quality goods and services at affordable prices will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that choice, quality services, and economical pricing is important to you, and that you worry that many businesses are crippled by being unable to understand what it is that their customers want. Tell them that you appreciate the work being done to promote loops of feedback, through clearly marked feedback email addresses and constant customer surveys but that if corporations continue to be unable to supply you with what you want and need because of a lack of awareness, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor communications, bad feedback loops, and talk radio harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their ability to make giant, unaccountable, corporations provide the goods and services that make this country great.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
In my original, I made the consequences of (incompetently, I made the thing fair) of not securing your machine very, very, harsh indeed. Only one person actually protested about the method.
I actually, originally, wanted to make people think about vengence and the brutality people are willing to put up with done on their behalf in a supposedly civilized society. Unfortunately, it seemed all but one person - maybe two, a moderator mod'd the thing as troll but as they didn't reply... - were more concerned about the notion that a person who makes no effort to ensure their machine, connected to the public Internet, is secure and makes no effort to ensure that it causes as little disruption to others as possible - should in any way be responsible for what damange it does. Not "fully responsible", just responsible to some degree.
The punishment I was proposing wasn't that a sysadmin pay damages. I proposed that they have their balls cut off. Nobody protested about that aspect of my argument. We live in a society, it seems, where brutality is supported, but personal responsibility isn't. What a world.
Jokes about the RIAA aside, which has indeed asked for laws to allow it to do exactly what you deem jokeworthy, the fact is that most people consider their PCs their own property but not their own responsibility. The view appears to be that it's ok for someone to leave a machine on the Internet available for anyone to take over, that the person who puts it there has no responsibility, and that anyone who complains, tries to get it fixed, etc, is in the wrong.
Friends, I know that we all consider those who crack computers to be the ultimate culprits in any situation where a computer is damaged, but that doesn't mean that people shouldn't take responsibility their own parts in allowing this to happen. Someone who quite blatently leaves his or her keys in their car and parks outside bars would not be viewed by most people as completely blameless in the event that a drunk staggers out, takes the car, and drives it into a shop window.
Leaving a machine unsecured and unmonitored on the Internet is a sure-fire way of ensuring it is hacked and used to attack other machines. We know this. Yet people continue to do it. They do not secure their machines once hacked, and they allow their own machines to attack others once hacked. This is negligence, pure and simple.
This quagmire of negligent sysadmins not securing their machines, not allowing their machines to be shut down by victims yet not willing to consider the consequences of their failure to secure their machines and to turn off machines that attack others will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that negligent sysadmins who are happy to keep their computers connected to the Internet all of the time but aren't willing to take basic, simple, security precautions to ensure they play with others are a danger to the security of the Internet, a menace to other 'net users, and cause billions of dollars of damage every year. Tell them that you appreciate the work being done by groups like Security Focus, BugTraq, and even the efforts made by Microsoft to secure their systems and provide easy ways of keeping their products secure, but that if those responsible for computers that are on the Internet do not make use of the tools and features made available to them, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how incompetent system administration harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on whether or not they are willing to propose laws that provide proper deterents to poor system administratorship and allow those attacked by poorly managed machines to fight back.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Further, my proposal treads a balance. Sysadmins have defenses, and if their incompetence is so bad it fails to have any defense, even then they face nothing more than a fine, and then only if their refusal to take responsibility and be a good Internet citizen has resulted in damage to a third party. Only if they repeat the offense do the consequences become more serious.
Someone who places a computer system on the Internet must expect any security holes in their system to be tested. Hackers have covered virtually every Internet IP address with attempted exploits: if you don't believe me, sit on one for a few hours running a webserver and examine your log afterwards for NIMDA attacks - I guarantee you'll have gotten a few. A person certainly isn't responsible for a random bullet, but they certainly wouldn't get any sympathy if they walked into the middle of a live shooting gallery without a bullet proof vest.
Unlike the bullet proof vest example however, it's not the person who's not worn his or her vest who ends up being the victim. DDoS attacks exploit insecure servers to attack a third party who literally cannot do anything about the attack.
There needs to be a degree of responsibility that currently isn't present. People who insist on putting up servers and, essentially, letting hackers do their worst with them need to realise that what they're doing is wrong. Reasonable deterents, in the forms of fines etc, will help deal with that. But, frankly, if these clueless admins continue, it's time to liberate, by hand, for the workers, their means of reproduction.
These constitutional issues do not have any bearing on computers. There's no constitutional right to own a computer or have access to one, or have access to the Internet. As such, it is reasonable to make those who possess computers and maladminister them to the extent that they cause mayhem and real financial damage to third parties, accountable.
If I left my car keys hanging on a nail in a bar together with a description of my car in the bar's parking lot, there are few that would argue I bear some responsibility when it's subsequently used by drunks and is driven into an expensive diner across the street, causing thousands of dollars worth of damage.
Perhaps, rather than refusing to castrate equally irresponsible system administrators, we should consider the same types of punishment for people who leave their car keys in bars unsupervised. A fine for the first misuse that causes damage, followed by castration if they do it again.
It's time we took action.
This is why we need a proper system of accountability. A fine first. Then, if you still don't get the clue, your goolies in the blender.
This is not harsh or inhumane. As I point out, a defense of it not being reasonable that a flaw be fixed (for example, an exploit used before a patch is available, or within a week of a patch being announced, is clearly out of the control of the admin) would be available. Additionally, the admin would have had to be responsible for a machine that was exploited and then used to attack a third party - the example here of the current RIAA webmasters being disembowled is clearly bogus as only their own website was compromised. The punishment is a deterent not merely to administrators, but to those who would sell easily compromised software - who would face zero sales in a post-castrational environment, and even to hackers, the thought that their acts have serious consequences to others would deter all but the most sociopathic. Nor is it a bad punishment in comparison with modern US jail conditions. Many would feel comfortable sending a person to prison, depriving them of their liberties, endangering their safety, and exposing them to horrors that may well scar them mentally for life. I think a policy of fines, and in cases where the fines do not work and damage continues to be caused by the foolishness of the person responsible, removal of the reproduction abilities of the admin concerned, is infinitely more humane than the alternatives.
A solution that relies upon the free market clearly does not solve the problems mentioned. Someone who places an exploitable computer on the Internet for their own personal, private, non-commercial use has no incentive, without laws such as those I propose, to keep his or her machine secure beyond convenience. Current experience demands that that change. Cut their goolies off!
Who can disagree with that?
Would operating systems be shipped in insecure forms, out of the box, with little help with system administration if to do so risked developing a reputation as a "newbie castrator"? Microsoft, of course, is tightening up security in their operating systems, so overall this issue will begin to disappear, but it certainly is an incentive to MS to ensure their OSes really are secure out of the box, that mechanisms exist that ensure customers are kept aware of security problems, and that security problems are not sat upon.
Hackers don't hack into hospitals. Microsoft would never have dreamed of recommending Windows 95 to run the computer inside of a dialysis machine. By creating real victims - and victims who certainly had control in the first place over whether they were at risk or not - it suddenly becomes imperative for all sides to ensure that security is kept paramount.
There simply will not be people leaving unprotected Windows 95 machines hooked up to directly to the Internet if fines followed by castration for second offenses becomes the norm. I'd have thought those who are the most at risk would think twice after the first fine...
The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.
It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.
Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".
Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.
There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.
Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?
Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.
The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.
This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
Slashdot is like that. Anyone can become moderator - as long as they haven't been unlucky in metamoderation (which many of us who have always tried to be fair have) and moderation ultimately favours the trolls who set up a new account every week, post karma whoring stuff to raise their karma and then moderate according to opinions rather than to whether articles are any good.
Dealing with this issue would involve an overhaul of the Slashdot moderation system, but therein lies a dialema: while moderators who abuse the system have the upper hand, those who would do a good job are modded so that they can't ever get the karma necessary to moderate. Worse, the abusers have multiple metamoderation accounts too and can get good moderators kicked out of the system altogether.
This quagmire of poor moderators destroying the opportunity for good moderators to prevail will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that Slashdot is important to you, but that good moderation is a necessity. Tell them that you appreciate the work being done to improve Slashdot's moderation system by Rob Malda and others, but that if the problem of poor moderators being out of touch and out of control is not resolved, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor moderation harms all three. Let them know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies on Slashdot moderation.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.
It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.
Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".
Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.
There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.
Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?
Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.
The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.
This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator [senate.gov]. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page [mpaa.org]. Write too to Bill Gates [mailto], Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.
You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.