If historical data is a requirement for MRTG, for a small installation, you can easily script a daily or weekly archive of the MRTG HTML (and data) directories. Presto -- historical archive, with picures and everything.
But the point of the article was to provide a way to visualize the (native, uncompressed) bandwidth of the eye, not to draw any comparisons between cutting edge technology and the human eye. Most desktop users are familiar with 10/100 ethernet rather than with gig and 10-gig ethernet, so 10/100 forms a better basis of comparison.
With the increasing popularity of MPLS, WAN interfaces are being replaced by ethernet, anyway.
But if you really need ATM, Fore/Marconi/Ericsson sells Forerunner OC-3 and OC-12 ATM NICs. The higher end cards support a lot of VPi and VCi numbers. I have been happy with them under Solaris. Linux is not listed as a supported OS under the datasheet, but then, that's not surprising.
Doom was not just a game, it was a whole new genre. While it wasn't quite the first first-person-shooter, it was the first one to do 3D reasonably well. When it came out, no one had seen anything like it. The game design was OK, the plot was basically non-existent, but it had no FPS competition because no one else had written one that even approached Doom. Considering that 3D accelerator cards didn't exist, and this all had to be done in software, there weren't too many people at the time who could write a competing FPS engine even if they had thought of it. So the lack of fancy levels and other aspects of the game design didn't matter much; the only thing the level design needed to do was showcase all the cool engine features.
If there is any doubt as to whether it was the FPS concept and engine or the details of the game, consider what happened next. Other FPSs were released -- licensing the Doom and then the Quake engines, not the Doom and the Quake levels.
Lots of people are debating the technical merits of interpreted vs. compiled performance. But the technical reality isn't what drives success. Perception and marketing often matter more.
There is a common belief in the market that native code runs somewhat faster than interpreted code. This means that a product that is native is perceived to run faster than a product that is interpreted, on the same hardware. Is this true? Maybe, maybe not. But so long as people believe this to be true, c-level people making strategic decisions will pick platforms based on their ability to market the product. While there are plenty of times when a product is sold to run on an overpowered systems, there are always customers who want to scale a product to the point where performance is an issue, or who want to be able to scale the product; such customers will shop on performance, and native vs. interpreted can be an issue.
Two-factor authentication has been recommended over passwords for quite some time. And with good reason: passwords are static. Draconian password policies are intended to prevent password guessing, but when a password can somehow be intercepted without guessing, the password can be trivially replayed. Passwords often can be intercepted in other ways; anyone who has ever had a trojan or virus on a PC could potentially have lost every password accessed from the PC. Viruses and trojans can install a keystroke logger, so even a randomly-generated 500-character password can be intercepted. Similarly, if you use the same password on more than one system, and one system is compromised, the compromise can be leveraged to attack other systems. In the real world, passwords are bad. Policies like the one described above are somewhat inane attempts to workaround the problem with password guessability, but they cannot solve the other inherent problems of passwords.
Then combine this with the fact that humans themselves are a weak point in any password scheme. If you require letters and numbers, people will try to use words and numbers that are meaningful to them -- names and birthdays, for examples -- even if the policies forbid them. Ot they will write passwords down and tape them to their monitors, or under their keyboards, or inside a desk drawer. Or they will http://news.bbc.co.uk/1/hi/technology/3639679.stm give away their passwords for chocolate.
Two-factor systems work around the "replay" problem. They are not perfect because they are still subject to session hijacking. And they cost more money to implement -- you need to buy extra hardware. But they beat passwords any day.
One-time passwords are another solution to some of the problems, but IME, are harder for users to deal with.
Astroturfing, by definition, is "fake grass roots" -- when a company gets people to write or post opinions on the company's behalf while claiming to be independent citizens. The articles noted that the source of this information are company representatives. So the company reps are acknowledging that the information comes from the company; this is not astroturfing. Astroturfing would be 5 guys writing letters to the editor saying "we're network guys, and we think bad things are going to happen unless people buy packet shaping technologies", and later, we find out that the five "network guys" actually work for Packeteer.
That doesn't Packeteer is right, just that they're not astroturfing. The existence of two articles quoting one obscure guy is suspicious. This usually means someone issued a press release.
The article from the Register does not take the Packeteer guy very seriously. They didn't fall for it. However, the vnunet staff are being non-critical in that they are writing stories based on the input of vendors without getting sanity checks. The vnunet article accepts the two network vendors' claims at face value without asking someone else if there might not be an opposing point of view. In my book, that's bad journalism.
Unix has and/or had lots of standards. POSIX, CDE, Openboot, and OSF are some of the big names that leap to mind.
It is somewhat simplistic to assume that the relative lack of success for Unix is due to any single factor. Unix has lots of things working for and against it -- price, maturity, perception, marketing, legal history, fragmentation, ISV support, etc. However, it's worth noting that having standards really does not prevent fragmentation. Most vendors don't ship a minimal product with only standard features. Instead, vendors ship "value-added" tools and APIs along with the standard. Any ISVs (independent software vendors) that target a platform have to worry about any ways in which they drift from the standard. The Linux LSB does not solve this particular problem -- despite the LSB, ISVs continue to target specific Linux distributions.
X.org has been modular for a while -- X11R7.0 was already modular in December 2005. The real news here is that X.org released X11R7.1, not that they've gone modular.
One thing I'd like to see is an ordered list of dependencies. I still do manual builds on one system, to stay in practice. Building X11R7.0 was so painful, I stuck with X11R6.9. When using a distro that does the heavy lifting, X11R7.0 is great, but sorting out the dependencies in dozens of modules is a PITA if you're trying to build it manually. I bet the distro maintainers are cursing the X.org people.
If you are not running anti-virus software, how do you know that you are not infected right now? Some viruses, trojans, and other malware go to a lot of effort to hide themselves and not consume too much resources, so they can harvest passwords and credit card numbers.
This is an example of a logical fallacy. User says "X is not a problem because I've never detected it." Admin says "What detection program are you using?" User says "I'm not using a detection program." Admin says "Why aren't you using a detection program?" User says "Because X is not problem." See the fallacy?
Even if you are running detection software, past history is not a guarantee of future success, as any SEC filing will tell you. The state of the art for defensive software improves, but so does the state of the art for attacks. And this is another classic fallacy. Philosopher 1: "I am immortal." Philosopher 2: "How do you know?" Philosopher 1: "Because in my entire life, in my entire experience, I have never died."
Given that anti-virus software can be obtained for free on Windows, if you're going to use Windows, you really should use anti-virus.
There are various ways to deal with dynamic users. First, you need strong auth -- strong passwords, OTP, or best of all, two-factor auth. Apply it to a network firewall that allows authenticated users from anywhere, or to an ssh bastion host, and you're done.
It's better still to have a VPN and/or ACLs that restrict access to known static IP ranges, but we can't have everything.
We geeks have a tendency to learn the definitions of things, and assume that other people have, too. Guess what? When a business owner says "I have a virus problem with these devices", chances are good that the business user has not, in fact, read geek references that clarify the virus vs. worm distinction. If you work with non-technical people, when one of them describes a problem, you have to assume that they are being imprecise (perhaps because they don't know correct terminology, perhaps because they don't even understand the technology or the problem.) The first step in troubleshooting is figuring out what the real problem is.
I have users who say "the email server is having problems" when the reality is that their dialup is down; they don't understand networking or email, so if they can't reach the mail server, they tell me what it means to them (ie. they can't reach their email.) "My VPN won't work" could mean that their DHCP is out. "My firewall rule doesn't work" could mean that they haven't actually asked for the firewall rule yet. After you've troubleshot enough user problems, you learn that you cannot take users' up-front complaints too literally.
So I would not be surprised to hear that the real problem here is network intrusions/worms rather than viruses.
The good news is that if the problem really is worms, the easiest solution is a host-based firewall that blocks access to all ports except the ones that are actually needed. The more recent Windows products come with one built in, and various free alternatives also exist. I'm coming to like wipfw; it's free, stateful, and unlike the Windows built-ins, you can allow some sources and deny others. wipfw might be a bit too new for production use, though; kerio (hit google) has reasonably nice server- and desktop- class firewalls that can also restrict access to known IPs.
If Symantec is trying to teach people to "trust" the Internet, they're doing people a disservice. The Internet is a way for people to communicate with other people; any communication includes the possibility of lies and fraud. Yes, the Internet introduces new technical types of ways for people to cheat and attack each other (phishing, OS vulnerabilities, viruses, trojan horses, etc.) but even if you solve all the technical issues, you still fundamentally have people communicating with each other. Strangers should not blindly trust each other regardless of context.
If Jane AOLer meets Joe MSNer on IRC, even if she has "Genesis" and "Leviticus" too, should she trust him any more than if she met him in real life? No. If Jane AOLer shops at FuzzySlippersOnline, should she trust them any more than she trusts her local brick and mortar CoolBootsEmporium? Of course not. The online world is not to be trusted, any more than the big blue room outside is to be trusted.
I strongly disagree. If you think something is wrong, don't do it. Just because someone else is willing to do it in your place does not excuse you. Following moral principles is not just about changing the world, it's about making sure that you don't do something wrong that taints you, your honor, and your self-respect. Even if you can't stop the action, if you really feel that patents are wrong, you shouldn't participate.
If your boss asks you to shoot someone, and you know that if you don't, you will be fired and a willing co-worker will do the shooting instead, do you think it's right for you to do the shooting? If you think patents are morally wrong, then the difference is solely a matter of degree. Don't taint yourself, your honor, and your self-worth by doing something you think is wrong.
Regardless of your decision today, someday, you will leave your current job. Will you take your self-respect with you?
Note that I, personally, am not convinced that software patents are morally wrong. But I have been in similar situations with other moral dilemmas, and have drawn my line in the sand.
[Of course, these kinds of decisions are relatively easy for people with lots of savings, a spouse who works, and no dependents. People who have kids and who live in dire financial straits have to make somewhat harder decisions, weighing the degree of moral repugnance against the risk to their dependents. Shooting someone is very wrong, even weighed against a job that feeds the kids, while software patents might be more tolerable.]
Do you need the server to be up 24x7, or is some amount of downtime acceptable?
Do you mind rebuilding your server when you change jobs?
Do you mind rebuilding your server when you change hosting providers?
What budget do you need to stay under?
Do you have time to perform backups, routine software upgrades, and other maintenance?
If your backups are in someone else's hands, will you want to perform periodic secondary backups in case their backups become inaccessible to you?
How much do you want to learn, vs. having it Just Work?
Will your employer get pissed off at you if you use your company's resources?
How much bandwidth, CPU, and other resources do you need?
Do you want physical access to the server, or is some virtual setup good enough?
This is a multivariable optimization problem. There is no right answer for all circumstances. Which is why some people host their own sites, some host at their employers' sites, some use colocated servers, some use virtual servers, etc.
I can't speak for other slashdotters. But my personal belief is that "information wants to be free" is an observation about reality, not a preference.
Ie. my beliefs (and at least some would disagree):
* "Information wants to be free." This means that information tends to leak whether the owner likes it or not, and whether society views the leak as good or bad.
* Information "creators" legitimately have some minimal control (ie. copyright) over the information they create.
* Open-source produces good, convenient software. That doesn't mean that commercial software is bad, or that all software should be free.
So to me, "information wants to be free" in no way contradicts "I want to control my private information" or "I want to control my programs." My private information does want to be free whether I want it to or not -- that's exactly why I have to go to some effort (ie. SSL, proxies, and the like) to protect it when I want such protection. Such efforts will not necessarily be successful, and my information may free itself anyway. By the same token programs, media, and the like also want to be free -- that's exactly why companies go to considerable effort to copy-protect media and software, and still have to sue individuals when those protections fail. Even government and corporate secrets want to be free -- that's why you find them splashed all over the evening news.
One of the biggest problems with monitoring something is that you inevitably affect it, a la Heisenberg in the Physics world. The more closely you try to monitor something, the more you affect it. This is a basic principle of monitoring.
Vulnerabilities come in many favours. Linux's and Windows' relative vulnerability depends on what you look at.
Are Linux desktops in general more or less vulnerable to email viruses? Probably less, because (1) most Linux mail clients are smart enough to not execute code sent as an attachment; and (2) most Linux processes run as an unprivileged user rather than as root/administrator.
Are Linux servers more or less vulnerable to service exploits and service worms? Probably more, because (1) Linux comes with a lot more services, and a lot more services tend to be installed; and (2) most Linux variants make it more difficult to patch a Linux system and don't provide patches as long.
Are Linux systems more or less vulnerable to trojan horses? That's out of scope -- trojan horses are a human issue. Both Linux variants and Windows have/plan to have a notion of a signed package, but the system doesn't require it, so a determined human can install a trojan horse.
Are Linux systems more or less vulnerable to privilege elevation exploits? Probably more -- Windows systems don't privilege elevate as much as Linux.
Are Linux systems more or less vulnerable to physical attacks? That's out of OS scope -- with physical access, any OS can be preempted. [Cryptography in the FS can guard the data and/or OS install, but isn't usually used, and is impractical for the OS as a whole in most scenarios.]
The statistic that started this was website defacements. Note that apache has an unusually high percentage of websites per www.netcraft.com (63.98% for August 2003), so it's not surprising that Linux has an unusually high percentage of defacements.
You made an implicit assumption that you should reveal this discovery. What about ethics? If your discovery truly will shatter society, should you reveal it and go down in history in infamy, or should you keep your mouth shut and avoid the history books altogether? As wonderful as it is to be famous (or infamous) for a revolutionary new idea, do you really want to be responsible for widespread havoc?
Someone else will eventually have the same idea. Maybe even next week -- see Newton and Leibniz. Perhaps other discoverers, too, will have the good sense to keep their mouths shut. But when eventually one blabs, you will at least have the satisfaction of knowing that you were not the one who destroyed society.
BTW: Asimov once wrote a story called The Dead Past that explores this theme.
Of course, your certificate wasn't signed by a
known CA, but getting a certificate signed
by a CA only says "this certificate really belongs
to this person", it doesn't say "this person is
trustworthy" or "this person knows how to code a
website that can't be hacked." And really, the
latter two are much more important. Most users
don't get this, so for an e-commerce website,
getting an official cert is a good idea. Heck, for ecommerce, $150 for a cert is a relatively small business expense. But for your own use, you may as well just stick with
self-signed certs.
I have two DVDs Universal DVDs that will play on
my Apex in region 1 mode, but give a region-
related error when played in region bypass mode.
Five of my other Universal DVDs have no problems.
Note that the error looks different than when I
try to play, say, one of these disks while in
region 2 mode. When I try to play region 1 in
region 2, the player itself gives me an error, ie.
I see the error on the Apex backdrop, before
the disc finished loading. When I load one of
these in region bypass, I get an error from
the DVD itself, with a universal logo.
Interestingly, the two Universal DVDs I have that
do this are relatively old. Their more recent
releases don't have this problem. My guess is
that a lot of people with regionless players
(many of the original players were regionless)
complained.
How this blocking works: DVDs actually do have a
programming language on them, and a standard for
running it. This is so menus and
interactive features can work without the
DVD consortium predefining all the special
features a DVD could have. If you've
ever looked at a DVD's filesystem, the video
is in.VOB files, while the code is in.IFO files.
Players include interpreters for this code.
That's why DVDs like the Matrix sometimes cause
problems for some players -- they push the
envelope of the programming language, and expose
bugs in the player implementation.
In case anyone is curious, the Universal DVDs
that have this problem are:
Andromeda Strain
Army of Darkness
The Universal DVDs I have that don't have this
are:
Being John Malkovich
Battlestar Galactica
Erin Brockovich
Happy Gilmore
Sneakers
I've had a.us address since 1997. In Maryland,.us domains were free, which is a Good Thing
when you're in college. As I recall, that was
part of the point of.us -- in an era when
Network Solutions had the.com registration monopoly
and charged $100 for a domain,
the charter for.us explicitly called for a TLD
where registration would be free or very cheap (I think $10 was mentioned as acceptable.) The
implicit assumption was that.us was not very
user-friendly (longer domain names, slower
registration turn-around), so it would mostly be used
by people to whom budget mattered more than service.
The need for a cheap TLD has largely gone away.
The major TLDs now actually have competitive
registrars, which means we can get domains names
with low prices *and* good service. Why not just
toss.us in with the other commercial TLDs and
have done with it?
(Of course, please grandfather in those of
us who already have our.us domains.:) )
Before you can discuss if something should be protected by free speech, it helps to know what free speech protections really mean. "Free speech" is not a carte blanche to do things with no consequences. A whole lot of really nasty things are allowed by the First Amendment -- bomb making books like the Anarchists' Cookbook, the MIT Lockpicking Guide, pamphlets that advocate the overthrow of our government, and Ku Klux Klan rallies. As bad as virii are, they won't ruin your day in quite the same way as a letter bomb would. Just because you can post virus code on the net doesn't mean that you're allowed to actually attack a system with a virus, any more than you're allowed to blow people up. If the speech itself leads directly to harm, that's covered too -- according to a WW1-era Supreme Court ruling, "you can't shout 'fire' in a crowded theatre.
Allowing virus code to spread sounds awful. But remember, the point of the First Amendment is not to protect speech that society likes anyway. Rather, it is to protect speech that society would natually want to ban.
"Free Speech" has other limitations as well, the most famous being copyright. If someone else produces a book, you can't copy it, even if you acknowledge the original author. If someone else hires you to produce a book for them, they have the copyright, and you lose your original rights to the work. The same should be true for code. So programmers can continue to work in an age where code is "Free speech."
Slashdot Mirror
If historical data is a requirement for MRTG, for a small installation, you can easily script a daily or weekly archive of the MRTG HTML (and data) directories. Presto -- historical archive, with picures and everything.
Don't forget 10-gig ethernet.
But the point of the article was to provide a way to visualize the (native, uncompressed) bandwidth of the eye, not to draw any comparisons between cutting edge technology and the human eye. Most desktop users are familiar with 10/100 ethernet rather than with gig and 10-gig ethernet, so 10/100 forms a better basis of comparison.
With the increasing popularity of MPLS, WAN interfaces are being replaced by ethernet, anyway.
But if you really need ATM, Fore/Marconi/Ericsson sells Forerunner OC-3 and OC-12 ATM NICs. The higher end cards support a lot of VPi and VCi numbers. I have been happy with them under Solaris. Linux is not listed as a supported OS under the datasheet, but then, that's not surprising.
Doom was not just a game, it was a whole new genre. While it wasn't quite the first first-person-shooter, it was the first one to do 3D reasonably well. When it came out, no one had seen anything like it. The game design was OK, the plot was basically non-existent, but it had no FPS competition because no one else had written one that even approached Doom. Considering that 3D accelerator cards didn't exist, and this all had to be done in software, there weren't too many people at the time who could write a competing FPS engine even if they had thought of it. So the lack of fancy levels and other aspects of the game design didn't matter much; the only thing the level design needed to do was showcase all the cool engine features.
If there is any doubt as to whether it was the FPS concept and engine or the details of the game, consider what happened next. Other FPSs were released -- licensing the Doom and then the Quake engines, not the Doom and the Quake levels.
Lots of people are debating the technical merits of interpreted vs. compiled performance. But the technical reality isn't what drives success. Perception and marketing often matter more.
There is a common belief in the market that native code runs somewhat faster than interpreted code. This means that a product that is native is perceived to run faster than a product that is interpreted, on the same hardware. Is this true? Maybe, maybe not. But so long as people believe this to be true, c-level people making strategic decisions will pick platforms based on their ability to market the product. While there are plenty of times when a product is sold to run on an overpowered systems, there are always customers who want to scale a product to the point where performance is an issue, or who want to be able to scale the product; such customers will shop on performance, and native vs. interpreted can be an issue.
Two-factor authentication has been recommended over passwords for quite some time. And with good reason: passwords are static. Draconian password policies are intended to prevent password guessing, but when a password can somehow be intercepted without guessing, the password can be trivially replayed. Passwords often can be intercepted in other ways; anyone who has ever had a trojan or virus on a PC could potentially have lost every password accessed from the PC. Viruses and trojans can install a keystroke logger, so even a randomly-generated 500-character password can be intercepted. Similarly, if you use the same password on more than one system, and one system is compromised, the compromise can be leveraged to attack other systems. In the real world, passwords are bad. Policies like the one described above are somewhat inane attempts to workaround the problem with password guessability, but they cannot solve the other inherent problems of passwords.
Then combine this with the fact that humans themselves are a weak point in any password scheme. If you require letters and numbers, people will try to use words and numbers that are meaningful to them -- names and birthdays, for examples -- even if the policies forbid them. Ot they will write passwords down and tape them to their monitors, or under their keyboards, or inside a desk drawer. Or they will http://news.bbc.co.uk/1/hi/technology/3639679.stm
give away their passwords for chocolate.
Two-factor systems work around the "replay" problem. They are not perfect because they are still subject to session hijacking. And they cost more money to implement -- you need to buy extra hardware. But they beat passwords any day.
One-time passwords are another solution to some of the problems, but IME, are harder for users to deal with.
Astroturfing, by definition, is "fake grass roots" -- when a company gets people to write or post opinions on the company's behalf while claiming to be independent citizens. The articles noted that the source of this information are company representatives. So the company reps are acknowledging that the information comes from the company; this is not astroturfing. Astroturfing would be 5 guys writing letters to the editor saying "we're network guys, and we think bad things are going to happen unless people buy packet shaping technologies", and later, we find out that the five "network guys" actually work for Packeteer.
That doesn't Packeteer is right, just that they're not astroturfing. The existence of two articles quoting one obscure guy is suspicious. This usually means someone issued a press release.
The article from the Register does not take the Packeteer guy very seriously. They didn't fall for it. However, the vnunet staff are being non-critical in that they are writing stories based on the input of vendors without getting sanity checks. The vnunet article accepts the two network vendors' claims at face value without asking someone else if there might not be an opposing point of view. In my book, that's bad journalism.
Unix has and/or had lots of standards. POSIX, CDE, Openboot, and OSF are some of the big names that leap to mind.
It is somewhat simplistic to assume that the relative lack of success for Unix is due to any single factor. Unix has lots of things working for and against it -- price, maturity, perception, marketing, legal history, fragmentation, ISV support, etc. However, it's worth noting that having standards really does not prevent fragmentation. Most vendors don't ship a minimal product with only standard features. Instead, vendors ship "value-added" tools and APIs along with the standard. Any ISVs (independent software vendors) that target a platform have to worry about any ways in which they drift from the standard. The Linux LSB does not solve this particular problem -- despite the LSB, ISVs continue to target specific Linux distributions.
X.org has been modular for a while -- X11R7.0 was already modular in December 2005. The real news here is that X.org released X11R7.1, not that they've gone modular.
One thing I'd like to see is an ordered list of dependencies. I still do manual builds on one system, to stay in practice. Building X11R7.0 was so painful, I stuck with X11R6.9. When using a distro that does the heavy lifting, X11R7.0 is great, but sorting out the dependencies in dozens of modules is a PITA if you're trying to build it manually. I bet the distro maintainers are cursing the X.org people.
If you are not running anti-virus software, how do you know that you are not infected right now? Some viruses, trojans, and other malware go to a lot of effort to hide themselves and not consume too much resources, so they can harvest passwords and credit card numbers.
This is an example of a logical fallacy. User says "X is not a problem because I've never detected it." Admin says "What detection program are you using?" User says "I'm not using a detection program." Admin says "Why aren't you using a detection program?" User says "Because X is not problem." See the fallacy?
Even if you are running detection software, past history is not a guarantee of future success, as any SEC filing will tell you. The state of the art for defensive software improves, but so does the state of the art for attacks. And this is another classic fallacy. Philosopher 1: "I am immortal." Philosopher 2: "How do you know?" Philosopher 1: "Because in my entire life, in my entire experience, I have never died."
Given that anti-virus software can be obtained for free on Windows, if you're going to use Windows, you really should use anti-virus.
There are various ways to deal with dynamic users. First, you need strong auth -- strong passwords, OTP, or best of all, two-factor auth. Apply it to a network firewall that allows authenticated users from anywhere, or to an ssh bastion host, and you're done.
It's better still to have a VPN and/or ACLs that restrict access to known static IP ranges, but we can't have everything.
We geeks have a tendency to learn the definitions of things, and assume that other people have, too. Guess what? When a business owner says "I have a virus problem with these devices", chances are good that the business user has not, in fact, read geek references that clarify the virus vs. worm distinction. If you work with non-technical people, when one of them describes a problem, you have to assume that they are being imprecise (perhaps because they don't know correct terminology, perhaps because they don't even understand the technology or the problem.) The first step in troubleshooting is figuring out what the real problem is.
I have users who say "the email server is having problems" when the reality is that their dialup is down; they don't understand networking or email, so if they can't reach the mail server, they tell me what it means to them (ie. they can't reach their email.) "My VPN won't work" could mean that their DHCP is out. "My firewall rule doesn't work" could mean that they haven't actually asked for the firewall rule yet. After you've troubleshot enough user problems, you learn that you cannot take users' up-front complaints too literally.
So I would not be surprised to hear that the real problem here is network intrusions/worms rather than viruses.
The good news is that if the problem really is worms, the easiest solution is a host-based firewall that blocks access to all ports except the ones that are actually needed. The more recent Windows products come with one built in, and various free alternatives also exist. I'm coming to like wipfw; it's free, stateful, and unlike the Windows built-ins, you can allow some sources and deny others. wipfw might be a bit too new for production use, though; kerio (hit google) has reasonably nice server- and desktop- class firewalls that can also restrict access to known IPs.
If Symantec is trying to teach people to "trust" the Internet, they're doing people a disservice. The Internet is a way for people to communicate with other people; any communication includes the possibility of lies and fraud. Yes, the Internet introduces new technical types of ways for people to cheat and attack each other (phishing, OS vulnerabilities, viruses, trojan horses, etc.) but even if you solve all the technical issues, you still fundamentally have people communicating with each other. Strangers should not blindly trust each other regardless of context.
If Jane AOLer meets Joe MSNer on IRC, even if she has "Genesis" and "Leviticus" too, should she trust him any more than if she met him in real life? No. If Jane AOLer shops at FuzzySlippersOnline, should she trust them any more than she trusts her local brick and mortar CoolBootsEmporium? Of course not. The online world is not to be trusted, any more than the big blue room outside is to be trusted.
I strongly disagree. If you think something is wrong, don't do it. Just because someone else is willing to do it in your place does not excuse you. Following moral principles is not just about changing the world, it's about making sure that you don't do something wrong that taints you, your honor, and your self-respect. Even if you can't stop the action, if you really feel that patents are wrong, you shouldn't participate.
If your boss asks you to shoot someone, and you know that if you don't, you will be fired and a willing co-worker will do the shooting instead, do you think it's right for you to do the shooting? If you think patents are morally wrong, then the difference is solely a matter of degree. Don't taint yourself, your honor, and your self-worth by doing something you think is wrong.
Regardless of your decision today, someday, you will leave your current job. Will you take your self-respect with you?
Note that I, personally, am not convinced that software patents are morally wrong. But I have been in similar situations with other moral dilemmas, and have drawn my line in the sand.
[Of course, these kinds of decisions are relatively easy for people with lots of savings, a spouse who works, and no dependents. People who have kids and who live in dire financial straits have to make somewhat harder decisions, weighing the degree of moral repugnance against the risk to their dependents. Shooting someone is very wrong, even weighed against a job that feeds the kids, while software patents might be more tolerable.]
This is a multivariable optimization problem. There is no right answer for all circumstances. Which is why some people host their own sites, some host at their employers' sites, some use colocated servers, some use virtual servers, etc.
I can't speak for other slashdotters. But my personal belief is that "information wants to be free" is an observation about reality, not a preference.
Ie. my beliefs (and at least some would disagree):
* "Information wants to be free." This means that information tends to leak whether the owner likes it or not, and whether society views the leak as good or bad.
* Information "creators" legitimately have some minimal control (ie. copyright) over the information they create.
* Open-source produces good, convenient software. That doesn't mean that commercial software is bad, or that all software should be free.
So to me, "information wants to be free" in no way contradicts "I want to control my private information" or "I want to control my programs." My private information does want to be free whether I want it to or not -- that's exactly why I have to go to some effort (ie. SSL, proxies, and the like) to protect it when I want such protection. Such efforts will not necessarily be successful, and my information may free itself anyway. By the same token programs, media, and the like also want to be free -- that's exactly why companies go to considerable effort to copy-protect media and software, and still have to sue individuals when those protections fail. Even government and corporate secrets want to be free -- that's why you find them splashed all over the evening news.
One of the biggest problems with monitoring something is that you inevitably affect it, a la Heisenberg in the Physics world. The more closely you try to monitor something, the more you affect it. This is a basic principle of monitoring.
Vulnerabilities come in many favours. Linux's and Windows' relative vulnerability depends on what you look at.
Are Linux desktops in general more or less vulnerable to email viruses? Probably less, because (1) most Linux mail clients are smart enough to not execute code sent as an attachment; and (2) most Linux processes run as an unprivileged user rather than as root/administrator.
Are Linux servers more or less vulnerable to service exploits and service worms? Probably more, because (1) Linux comes with a lot more services, and a lot more services tend to be installed; and (2) most Linux variants make it more difficult to patch a Linux system and don't provide patches as long.
Are Linux systems more or less vulnerable to trojan horses? That's out of scope -- trojan horses are a human issue. Both Linux variants and Windows have/plan to have a notion of a signed package, but the system doesn't require it, so a determined human can install a trojan horse.
Are Linux systems more or less vulnerable to privilege elevation exploits? Probably more -- Windows systems don't privilege elevate as much as Linux.
Are Linux systems more or less vulnerable to physical attacks? That's out of OS scope -- with physical access, any OS can be preempted. [Cryptography in the FS can guard the data and/or OS install, but isn't usually used, and is impractical for the OS as a whole in most scenarios.]
The statistic that started this was website defacements. Note that apache has an unusually high percentage of websites per www.netcraft.com (63.98% for August 2003), so it's not surprising that Linux has an unusually high percentage of defacements.
You made an implicit assumption that you should reveal this discovery. What about ethics? If your discovery truly will shatter society, should you reveal it and go down in history in infamy, or should you keep your mouth shut and avoid the history books altogether? As wonderful as it is to be famous (or infamous) for a revolutionary new idea, do you really want to be responsible for widespread havoc?
Someone else will eventually have the same idea. Maybe even next week -- see Newton and Leibniz. Perhaps other discoverers, too, will have the good sense to keep their mouths shut. But when eventually one blabs, you will at least have the satisfaction of knowing that you were not the one who destroyed society.
BTW: Asimov once wrote a story called The Dead Past that explores this theme.
openssl req -new > new.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 3650
Of course, your certificate wasn't signed by a known CA, but getting a certificate signed by a CA only says "this certificate really belongs to this person", it doesn't say "this person is trustworthy" or "this person knows how to code a website that can't be hacked." And really, the latter two are much more important. Most users don't get this, so for an e-commerce website, getting an official cert is a good idea. Heck, for ecommerce, $150 for a cert is a relatively small business expense. But for your own use, you may as well just stick with self-signed certs.
- Morty
RedHat has had something similar for quite some
time: rpm --checksig.
Note that the error looks different than when I try to play, say, one of these disks while in region 2 mode. When I try to play region 1 in region 2, the player itself gives me an error, ie. I see the error on the Apex backdrop, before the disc finished loading. When I load one of these in region bypass, I get an error from the DVD itself, with a universal logo.
Interestingly, the two Universal DVDs I have that do this are relatively old. Their more recent releases don't have this problem. My guess is that a lot of people with regionless players (many of the original players were regionless) complained.
How this blocking works: DVDs actually do have a programming language on them, and a standard for running it. This is so menus and interactive features can work without the DVD consortium predefining all the special features a DVD could have. If you've ever looked at a DVD's filesystem, the video is in .VOB files, while the code is in .IFO files.
Players include interpreters for this code.
That's why DVDs like the Matrix sometimes cause
problems for some players -- they push the
envelope of the programming language, and expose
bugs in the player implementation.
In case anyone is curious, the Universal DVDs that have this problem are:
Andromeda Strain
Army of Darkness
The Universal DVDs I have that don't have this are:
Being John Malkovich
Battlestar Galactica
Erin Brockovich
Happy Gilmore
Sneakers
The need for a cheap TLD has largely gone away. The major TLDs now actually have competitive registrars, which means we can get domains names with low prices *and* good service. Why not just toss .us in with the other commercial TLDs and
have done with it?
(Of course, please grandfather in those of us who already have our .us domains. :) )
bash-httpd
But writing one is postscript is cool. :)
Allowing virus code to spread sounds awful. But remember, the point of the First Amendment is not to protect speech that society likes anyway. Rather, it is to protect speech that society would natually want to ban.
"Free Speech" has other limitations as well, the most famous being copyright. If someone else produces a book, you can't copy it, even if you acknowledge the original author. If someone else hires you to produce a book for them, they have the copyright, and you lose your original rights to the work. The same should be true for code. So programmers can continue to work in an age where code is "Free speech."