One popular site dedicated to geekish errata features a game called Karma Whoring. The rules often change, and the system slowly adapts to ensure that older methods of gaining "karma" become less and less effective over time.
However, the methods involved in gaining these "karma points" often defy logic. From bashing large corporations to posting urban legends ("X is slow because it's network-transparent!") to the foolishly mundane ("You're new here, aren't you?"), there are many methods of gaining karma.
Unfortunately, the methods involved for losing karma are nearly as abundant. From asking why people care about a given topic to using in-game artifacts known as "flames", there are many ways of reducing your supply of karma points.
Sometimes previously positive actions will lead negative results. For instance, all searches for karma start with a story relating to something called an "article". Previously one could be assured a high karma bonus by locating an article (which to many adventurers is easier said than done) and making a copy of what it contained. However, the system seems to have adapted to this method of gaining karma and now generally uses an attack (known as "redundancy") to counteract it.
Sometimes methods can have unpredictable results, depending subtly on exactly how the move was executed (such as the increasingly popular "Michael is the suxx!"). Karma Whoring has an unpredictable scoring system and changing rules, yet is played by thousands on a daily basis.
Re:Slashdotted Reuters?
on
SCO Offline
·
· Score: 4, Informative
Did you read the paragraph preceding the one you cite from the article? It reflects my own initial thoughts on reading your post, and doesn't attempt to blame the OS for what really is a network problem:
If ISPs would begin adopting the practice of preventing the escape of fraudulently addressed packets from within their controlled networks, this potent attack, and its many cousins, would die overnight.
This seems much wiser a suggestion than the anti-MS paragraph which you chose to cite. Who better to set actual network policy than those responsible for managing those networks?
Microsoft including a raw socket API is about as evil as Microsoft supporting the creation of outgoing connections to any arbitrary mail servers -- sure, it's open to abuse (DDoS, spam, etc.), but removing the sort of API that traceroute and ping tools would use to perform useful work is not a security fix. It closer to asking Home Depot not to sell hammers because they can be used as weapons.
Further, having MS remove the raw socket API would lead those with cruel intentions to use non-Windows machines exclusively to do their evil deeds. Consider that the mind which concludes that the raw socket API must be removed because of the unpleasant actions of a few people probably isn't far from thinking that operating systems which are engineered in an open and flexible environment can be used for subversion as well. Suddenly those using "subversive" non-MS operating systems which haven't removed raw packet interfaces are a little more suspect in the public eye.
If ISPs would only permit traffic with sane source IP addresses to leave their networks, then the only effect sending such packets out would have would be to waste traffic between the would-be tricksters and their ISP's router(s).
It's funny how an honest question gets modded flamebait. I'm wondering how this actually affects anybody, and rather than answering or explaining what they think, I get accused of flaming.
I'm a little confused here as to why this matters to anyone here. Basically this boils down to "Some big Hollywood people liked the same movie I did! WHOOOOOOO!"
To me, that seems a little bit Howard Dean (or Steve Ballmer). Does this honestly make a difference to anyone, and does anyone really care how many useless awards a movie wins?
I agree totally. A friend who used to work for a "bulk mailing" company argued that it was electronic extortion, since you're harming a company's virtual neighbors in order to correct the actions of one individual.
I tend to agree more with the idea that these actions tend to nudge ISPs in the right direction, however. The ISP has the choice to either drop the customer in a somewhat timely manner or be identified as spam-friendly.
The idea of escalating a blacklist tips the economics of hosting back towards the side of good. There is an economic cost to devoting company resources towards pursuing the spammer. If that spammer is lost as a customer then the company loses out twice -- once in paying admins to pursue the matter, and again in cutting off a revenue stream.
Escalating a blacklist to include all of a spam-friendly (or spam-agnostic) ISPs customers brings forth the possibility of the ISP losing many more customers than just the spammer. Suddenly it makes more economic sense to drop the spammer in order to get off of the blacklist and retain the larger customer base.
Of course, if the ISPs customers consist mainly of spammers, then it would likely be cheaper and easier to let the legitimate customers seek hosting elsewhere. This also has its benefits -- by separating spammers and non-spammers, they will be easier to differentiate by hosting service.
I'd like to see people start citing instances in which SPEWS instated a large level-1 block without cause or provocation. Of course, I'd also like to see those who claim that X would be faster without network transparency cite benchmarks. Unfortunately, it seems that the knee-jerk reactions are in full effect here.
I just finished reading the article, and it's amazing how wrong many of his statements were. For somebody claiming to understand Linux users and the differences between Linux and BSD, the author would do well to do a little research before wasting his time writing up an article such as this one.
As a Debian user, I wouldn't claim to understand Slackware, or Redhat, or even BSD, despite the fact that I cut my teeth on Slackware, used Redhat for a while, and used to admin at a data center using exclusively FreeBSD. Each Linux distro is based upon different assumptions and philosophies. This is something especially apparent to me when running Debian.
Under Slackware, everything used to be DIY. (I say used to be because my experience with Slackware was in the mid-to-late 90's). There was the base system, and there were a whole lot of packages. Package management was nonexistant beyond scripts that would maintain a list of files associated with each package. It was minimalist, but had very nice defaults, and a bare Slackware installation had a personality to it that I've not seen since.
When I later tried Redhat (5.something, I don't recall) I felt that it aimed a bit higher than Slackware in terms of program selection, but finding packages was sometimes difficult, and the defaults often had a less usable feel.
Under Debian, the common tasks one would ask of a distribution are automated. Upgrades between packages are generally seamless, and the work has been taken out of finding packages and satisfying dependencies. Defaults are generally functional, but sometimes have the if-you-want-more-configure-it-your-damned-self feel that I used to get from FreeBSD. Unlike what the author suggests, you aren't limited to using the "blessed" version of Apache, BIND, etc. with the operating system -- you can run their 'testing' distribution, but install Apache from the stable branch, and let the package management system know that you'd like to keep the version of Apache you're using, even if a newer version is available from the testing repository.
Which brings me to FreeBSD -- great documentation, decently nice operating system. Moving away from ReiserFS was painful, especially when creating a Squid cache, but the base system is very nice, and is designed to work together.
However, I felt that FreeBSD's commitment to easy upgrades stops where the ports collection begins. There was no easy way to upgrade a package -- it was "remove old, install new". I recall a minor version number difference in MySQL forcing a manual database reload, which is something that Debian's maintainers would have likely had happen automatically (following what I see as Debian's "automate the mundane" philosophy).
I also couldn't find an obvious way to choose something other than Sendmail, as it was part of the "base system". Debian's system may state that an MTA is required, but FreeBSD tries to force you into using a specific one.
I also recall an upgrade that changed a default setting in SSH, without making it obvious that it very well could break existing configurations and disable logins. Sure, the answer is "read/sys/blahblahblah.txt when upgrading, moron", but this was also missed by my boss, who'd been using FreeBSD since before they were widespread enough for CERT to mention them in security advisories. Also, coming from Debian I'd have expected a note about the change during the upgrade process.
I suppose the point of this rambling is that each system has issues, and each system tries to make assumptions about the user's intent. While BSD may be "engineered", and supposedly all parts of the base system are meant to work together well, it also feels like BSD maintainers think that they have some divine right to tell you which MTA or DNS software to run. This is something that RedHat didn't try to pull in when I used it around 1999, and Debian definitely doesn't try to do today.
Then it seems that what you meant to say was something like "A firewall using NAT is at least as secure as one without NAT, perhaps even more so." You had stated that the vulnerabilities were equal between the two.
A non-NAT firewall will present the exact same security vulnerabilities as one that is using NAT.
Not quite.
A firewall either passes a packet on to the destination listed in its headers, or it doesn't. If you can trick the firewall into passing a packet which it shouldn't pass, that's a vulnerability, and you'll end up with packets forwarded to actual machines. This may include outside machines creating connections to services to which they shouldn't have access, etc.
NAT (sans port-forwarding) doesn't make the same do-I-pass-this-on-or-not type of decisions. What NAT does do is allow internal machines to make outgoing connections, and ensure that replies get to the intended machine. NAT (again, sans port-forwarding, which is how the average home networking equipment defaults) does not allow incoming connections, and there is no protocol which would allow incoming external packets to specify an internal destination host. Since all packets are addressed to the IP address of the NAT host itself, no internal machine will receive a packet unless it has already established a connection with an outside machine, thereby creating an association between a specific port on the NAT host and that particular port on the internal machine.
In other words, a broken firewall may allow unauthorized clients to create connections to internal services. A broken NAT machine can not, although it may be possible for an outside machine to highjack an outgoing connection made by the internal machine. In the worst case, a broken firewall will allow all traffic to pass unfiltered to the inside hosts. A NAT host cannot be tricked into doing this simply because there is no protocol to request that a packet addressed to the NAT machine be forwarded to an internal machine.
The UNIX command line allows for much flexibility; try something like:
sleep 8h aumix -v 50 mpg123 --list playlist.lst &
for i in `seq 50 10 100` do
aumix -v $i
sleep 30s done
You could even use cron to have such things happen at set times each day. Using bash and sleep for calculated delays and aumix to set the volume, you could even ramp up the volume, drop it back down for a "snooze" period, and then bring the volume back up (higher and higher...) until you wake up.
Then issue a press release yourself, then come back and talk about how much sense it makes for someone with no control over the actual direction of XFree86 to try to tell others what direction the project will take.
What they're saying is basically "we don't control or direct XFree86 development". As an open-source project they aren't required to designate an heir.
There is nothing in it about the future of X86, which would be mine and many others big concern.
Did you read the post? It basically said that the people involved in the "core team" aren't the ones driving XFree86 development.
Given that statement, why would you ask them to describe the future of XFree86, which is something over which they explicitly announced that they don't have control?
Few posts make me wish I had mod points like I do at the moment. It's quite annoying hearing people say "drop SMTP!" as though that would solve the problem entirely without offering an alternative suggestion (or better yet, quoting portions of the RFC which they feel are poorly designed).
Even centrally coordinated communications networks such as AOL's IM system can be used to send spam -- it's not as though SMTP has built-in deficiencies which make it especially vulnerable to such abuse. It's a system designed to allow arbitrary pairs of people to contact each other, often without advance knowledge of their desire to communicate.
I, too, would like to hear some actual suggestions instead of the typical "SMTP sucks" posts.
I had to pull the AC adapter and the battery to ungracefully shut down.
If it's an ATX motherboard (if you don't know, it probably is), you can always shut down via the power switch, and it's probably better for the hardware.
If the machine is hung hard, try holding the power button in for about 4 seconds -- the machine will shut off. I'd imagine that the resulting power-down is slightly nicer to the hardware than yanking the plug, since the motherboard gets to handle cutting power to devices.
Look, legal battles "ensue" for absolutely no reason at all in America (and scores of other countries, of course).
That's a copout. Anybody can try to sue anyone for anything they want. What makes it really hold water, however, is having a legal basis for the lawsuit.
That there might possibly be legal action over use of iTunes Music Store purchases shouldn't surprise you. [...] I'm unwilling to stop doing things for the mere supposition that it might break the law.
So why purchase music from iTunes at all? Why not just break the law and download MP3 files from IRC, or even go to Best Buy with a large jacket and some running shoes?
I'm likewise unwilling to hear people complain that the law somehow prevents them from doing something [...] mere curiosity is counter-productive to a realistic discussion of online music distribution.
Are you serious?
In my opinion, it's all bull, and the RIAA is has been stealing from the public domain for decades. Also in my opinion, speed limits are more like suggestions, and during optimal conditions exceeding them isn't that dangerous.
However, indignation won't get you very far in a court of law, especially when you've broken the laws which that court is intended to uphold. If we were talking about buying alcohol for minors (but it's done in Europe!), I wonder whether you'd so strongly advocate freely breaking the law in the name of moral superiority.
At any rate, the one advantage iTunes would provide me that I cannot get from downloading MP3 files from IRC is the fact that I can possess and use them legally. If you take that away, basically I'd paying $0.99 per song to break the law. That being the case, I can break the law for free. I fail to understand how being able to legally use what I've purchased isn't relevant to a discussion of the merits of various products.
I'd like to remind you:
"I want the freedom to use it on whatever device I want, with whatever software I choose.
God I hate all the moronic comments along these lines every time this topic comes up. YOU DO HAVE THAT FUCKING FREEDOM! At least as much as you do with a CD.
If I do have the freedom to legally use any software I like to listen to the songs represented in the media, then you are correct in your claims. Whether the right to use it legally is unimportant to you is irrelevant -- you said that AAC files provide "at least as much" freedom as with a CD. If this were true, this would include the right to listen to the music legally, without having to use Windows or MacOS. If not, then you are not correct in your claims.
However, when asked about something which is vital to the argument made in your original rant you dodge the question, saying that it lacks importance. Of course you ignores the fact that it was your rant making this claim in the first place.
So the question remains: Are you a liar, or can I legally use AAC files with Free software as I can CDs?
The fact is that AAC files can be copied without needing to circumvent any DRM. The fact is that AAC files decoded and played by their owner are not being used illegally. I have no idea what you imagine the terrible problem is, but your fears are not based on reality and you have what amounts to an unfounded phobia.
I wouldn't go so far as to call it "fear", merely curiosity.
One would think that DVDs when being "decoded and played by their owner are not being used illegally" as well. Of course, one would normally assume that they have the right to play media which they purchase, but legal battles still ensue.
Now do you see the basis for my curiosity, which you antagonistically call a "phobia"? DVDs are a form of media which the consumer should be free to consume. However, DeCSS is seen as a "circumvention device" in the eyes of the law, despite the fact that it is not intended (or often used) to allow copying of media. My question is whether similar stupid legal issues surround AAC files and the software decoding them.
Your point of view seems to be, "I think you can, don't be an ass", but when that naive point of view is applied to DVD playback, it is wrong.
If you don't know whether one can legally write and distribute playback software without express permission, fine, but please don't try to paint me as paranoid simply because I consider it a bad idea to invest time in writing software which is illegal to distribute.
Can you download and play music from Apple under Linux?
Support or non-support by a particular platform is unrelated to DRM issues.
Is it, though? What I suspect is that attempts to create software to play these files would be construed as a circumvention attempt, which is illegal.
Can Free software developers create and distribute software to play iTunes music?
You tell me. It seems like a lot of your arguments are from positions of ignorance.
You are half right on that one. I'm not arguing anything -- I am ignorant of Apple's implementation, and of some of the legal issues related to actually using DRM-enabled AAC files with software not provided (or licensed) by Apple.
Since the Slashdot party line seems to be that sharing information is generally a good thing, I thought it might be worth my time to ask a few questions of a fellow poster.
Instead of taking immediate offense at Apple [...] decide whether or not it is really the fault of Apple or the fault of the open software movement that it can't keep up [...] I'll be the first person to offer a pat on the back of the person who gets off their ass and writes a AAC->OGG converter for you.
I don't care what format it's in, as long as quality is good enough for my relatively untrained ears and I can legally encode and play it on my hardware without having to purchase a copy of Windows or an iPod. Furthermore, I'd imagine that an AAC-to-OGG converter would violate anti-circumvention laws.
That isn't intended to sound so bad, but [... a]nybody with a real understanding of the issues knows that DRM is not the reason to buy CDs over online music [... i]f the format support isn't solid on your platform, you have a valid complaint.
I'm not complaining, only asking for information which I haven't seen on Apple's website. I'm not even asking for solid Linux support -- I'm asking whether one can legally write and distribute software which allows AAC files to be played (and, more peripherally, purchased from the iTunes site) without Apple's consent, especially in light of the DRM and anti-circumvention laws.
With OGG format, one can take an existing decoder, hand-tune it in assembly for their given platform, and release the changes for the world to use and evaluate. In the case of a "simple" (ie, single-purpose) piece of software, this does tend to lead to better code, even if only for the fact that bug reports can often be more informative when the software vendor doesn't have to keep the source code secret. Also, vendors are relieved from the burden of compiling for every processor family out there for those users who want faster program execution.
DRM is simply not a factor for people buying from the iTunes Music Store. If you still think otherwise, give me a concrete example of something you can do with the bits on a CD that can't be done with the bits of an iTunes Music Store song.
That's actually the core of my question. As far as I am aware, I can legally purchase a CD. I can legally play a CD.
What I am not sure of is whether it is legal to write, distribute, and use Free software to allow one to use the iTunes store without Apple having to "bless" the software in some way.
What I am also not sure of is whether it is legal to write, distribute, and use Free software to allow one to play music from the iTunes store, especially with respect to anti-circumvention laws.
Can you download and play music from Apple under Linux? I don't have convenient access to non-Linux machines, and it's not really worth it to try VMware, because I'd still need a legit copy of Windows, which I neither own nor care to obtain.
Not to nitpick, but when you refer to "compression" with a CD, it's really just encoding a digital stream that roughly corresponds to an analog signal. It's not really compression, just a straight bit stream. A CD is a physical form of media, which was designed to work in any capable player without restriction. DRM attempts to apply artificial restrictions to media. Encoding a straightforward stream of data in a way that does not artificially limit use is not DRM.
CD is also a form of DRM
As far as I am aware, a CD has no features at all which are designed to limit one's ability to access the data etched across its face. I'm interested -- could you justify your statement? How do CDs artificially limit usage?
Given the assumption that Apple uses a non-standard format (which is fairly safe, since there doesn't seem to be a standard DRM-enabled format) it stands to reason that only devices or software designed with awareness of Apple's own format would be able to play the media.
When you say that we do have "at least as much [freedom] as [we] do with a CD" to iTunes music with any device or software, does this mean that Apple's format allows third-party device makers to add support for their music? I know that there are several Free CD ripping tools available. Can Free software developers create and distribute software to play iTunes music?
Probably too late for the mods, but what the hell...
By trying to justify downloading music with "it probably boosts CD sales", many seem to be implying that we somehow owe the RIAA a working business model.
As I see it, we should show as little concern for their business model as they show for the fact that extreme copyright terms rip off the public domain.
The RIAA can adapt and continue to make money, and yet we at least acknowledge the fact that they claim to be losing money due to theft through piracy.
We as citizens don't seem to be making a difference, and the RIAA won't even admit that the public is losing due to the loss of the public domain.
Download 'em all and let bankruptcy court sort 'em out.
Everyone has their own solution-du-jour to the media industry vs. filesharing problem. I'd like to see a solution which allows one to sample lower-quality (96k, say, or mono) music for free, and would allow one to purchase higher-quality versions for iTunes prices.
If a person decided that an album was worth owning in its entirety, they could opt to purchase it for a reasonable fee (~10 USD). This would allow them instant access to the high-quality version of the tracks, and the online service would mail the physical CD to the consumer at no cost.
This would be cheaper than buying CDs traditionally (item #1), and consumers could purchase individual tracks as they wanted (item #3) without having to shell out ~15 USD per album.
The convenience factor (item #2) would be there as well -- you could sample songs (item #4), you would gain gratification at speeds comparable to current P2P methods (item #5).
If the low-quality versions could be located more easily and reliably than current P2P, people would opt to use the industry-sanctioned delivery methods instead of dealing with less-reliable, less-organized P2P. The physical media could still be obtained, but the end-user would instantly reap the benefits of having purchased the album online (namely, instant gratification).
Slashdot Mirror
I really wish that when Darl stated that the GPL hadn't been tested in court, someone had pointed out that neither had SCO's assertions.
At least one argument they're using against the GPL can be used against the claim that anyone should pay them $699 per CPU.
One popular site dedicated to geekish errata features a game called Karma Whoring. The rules often change, and the system slowly adapts to ensure that older methods of gaining "karma" become less and less effective over time.
However, the methods involved in gaining these "karma points" often defy logic. From bashing large corporations to posting urban legends ("X is slow because it's network-transparent!") to the foolishly mundane ("You're new here, aren't you?"), there are many methods of gaining karma.
Unfortunately, the methods involved for losing karma are nearly as abundant. From asking why people care about a given topic to using in-game artifacts known as "flames", there are many ways of reducing your supply of karma points.
Sometimes previously positive actions will lead negative results. For instance, all searches for karma start with a story relating to something called an "article". Previously one could be assured a high karma bonus by locating an article (which to many adventurers is easier said than done) and making a copy of what it contained. However, the system seems to have adapted to this method of gaining karma and now generally uses an attack (known as "redundancy") to counteract it.
Sometimes methods can have unpredictable results, depending subtly on exactly how the move was executed (such as the increasingly popular "Michael is the suxx!"). Karma Whoring has an unpredictable scoring system and changing rules, yet is played by thousands on a daily basis.
This seems much wiser a suggestion than the anti-MS paragraph which you chose to cite. Who better to set actual network policy than those responsible for managing those networks?
Microsoft including a raw socket API is about as evil as Microsoft supporting the creation of outgoing connections to any arbitrary mail servers -- sure, it's open to abuse (DDoS, spam, etc.), but removing the sort of API that traceroute and ping tools would use to perform useful work is not a security fix. It closer to asking Home Depot not to sell hammers because they can be used as weapons.
Further, having MS remove the raw socket API would lead those with cruel intentions to use non-Windows machines exclusively to do their evil deeds. Consider that the mind which concludes that the raw socket API must be removed because of the unpleasant actions of a few people probably isn't far from thinking that operating systems which are engineered in an open and flexible environment can be used for subversion as well. Suddenly those using "subversive" non-MS operating systems which haven't removed raw packet interfaces are a little more suspect in the public eye.
If ISPs would only permit traffic with sane source IP addresses to leave their networks, then the only effect sending such packets out would have would be to waste traffic between the would-be tricksters and their ISP's router(s).
It's funny how an honest question gets modded flamebait. I'm wondering how this actually affects anybody, and rather than answering or explaining what they think, I get accused of flaming.
Blah.
I'm a little confused here as to why this matters to anyone here. Basically this boils down to "Some big Hollywood people liked the same movie I did! WHOOOOOOO!"
To me, that seems a little bit Howard Dean (or Steve Ballmer). Does this honestly make a difference to anyone, and does anyone really care how many useless awards a movie wins?
Aye, that was the point ;)
Thanks for the reply!
I agree totally. A friend who used to work for a "bulk mailing" company argued that it was electronic extortion, since you're harming a company's virtual neighbors in order to correct the actions of one individual.
I tend to agree more with the idea that these actions tend to nudge ISPs in the right direction, however. The ISP has the choice to either drop the customer in a somewhat timely manner or be identified as spam-friendly.
The idea of escalating a blacklist tips the economics of hosting back towards the side of good. There is an economic cost to devoting company resources towards pursuing the spammer. If that spammer is lost as a customer then the company loses out twice -- once in paying admins to pursue the matter, and again in cutting off a revenue stream.
Escalating a blacklist to include all of a spam-friendly (or spam-agnostic) ISPs customers brings forth the possibility of the ISP losing many more customers than just the spammer. Suddenly it makes more economic sense to drop the spammer in order to get off of the blacklist and retain the larger customer base.
Of course, if the ISPs customers consist mainly of spammers, then it would likely be cheaper and easier to let the legitimate customers seek hosting elsewhere. This also has its benefits -- by separating spammers and non-spammers, they will be easier to differentiate by hosting service.
I'd like to see people start citing instances in which SPEWS instated a large level-1 block without cause or provocation. Of course, I'd also like to see those who claim that X would be faster without network transparency cite benchmarks. Unfortunately, it seems that the knee-jerk reactions are in full effect here.
Cheers.
I just finished reading the article, and it's amazing how wrong many of his statements were. For somebody claiming to understand Linux users and the differences between Linux and BSD, the author would do well to do a little research before wasting his time writing up an article such as this one.
/sys/blahblahblah.txt when upgrading, moron", but this was also missed by my boss, who'd been using FreeBSD since before they were widespread enough for CERT to mention them in security advisories. Also, coming from Debian I'd have expected a note about the change during the upgrade process.
As a Debian user, I wouldn't claim to understand Slackware, or Redhat, or even BSD, despite the fact that I cut my teeth on Slackware, used Redhat for a while, and used to admin at a data center using exclusively FreeBSD. Each Linux distro is based upon different assumptions and philosophies. This is something especially apparent to me when running Debian.
Under Slackware, everything used to be DIY. (I say used to be because my experience with Slackware was in the mid-to-late 90's). There was the base system, and there were a whole lot of packages. Package management was nonexistant beyond scripts that would maintain a list of files associated with each package. It was minimalist, but had very nice defaults, and a bare Slackware installation had a personality to it that I've not seen since.
When I later tried Redhat (5.something, I don't recall) I felt that it aimed a bit higher than Slackware in terms of program selection, but finding packages was sometimes difficult, and the defaults often had a less usable feel.
Under Debian, the common tasks one would ask of a distribution are automated. Upgrades between packages are generally seamless, and the work has been taken out of finding packages and satisfying dependencies. Defaults are generally functional, but sometimes have the if-you-want-more-configure-it-your-damned-self feel that I used to get from FreeBSD. Unlike what the author suggests, you aren't limited to using the "blessed" version of Apache, BIND, etc. with the operating system -- you can run their 'testing' distribution, but install Apache from the stable branch, and let the package management system know that you'd like to keep the version of Apache you're using, even if a newer version is available from the testing repository.
Which brings me to FreeBSD -- great documentation, decently nice operating system. Moving away from ReiserFS was painful, especially when creating a Squid cache, but the base system is very nice, and is designed to work together.
However, I felt that FreeBSD's commitment to easy upgrades stops where the ports collection begins. There was no easy way to upgrade a package -- it was "remove old, install new". I recall a minor version number difference in MySQL forcing a manual database reload, which is something that Debian's maintainers would have likely had happen automatically (following what I see as Debian's "automate the mundane" philosophy).
I also couldn't find an obvious way to choose something other than Sendmail, as it was part of the "base system". Debian's system may state that an MTA is required, but FreeBSD tries to force you into using a specific one.
I also recall an upgrade that changed a default setting in SSH, without making it obvious that it very well could break existing configurations and disable logins. Sure, the answer is "read
I suppose the point of this rambling is that each system has issues, and each system tries to make assumptions about the user's intent. While BSD may be "engineered", and supposedly all parts of the base system are meant to work together well, it also feels like BSD maintainers think that they have some divine right to tell you which MTA or DNS software to run. This is something that RedHat didn't try to pull in when I used it around 1999, and Debian definitely doesn't try to do today.
Indeed.
Then it seems that what you meant to say was something like "A firewall using NAT is at least as secure as one without NAT, perhaps even more so." You had stated that the vulnerabilities were equal between the two.
A firewall either passes a packet on to the destination listed in its headers, or it doesn't. If you can trick the firewall into passing a packet which it shouldn't pass, that's a vulnerability, and you'll end up with packets forwarded to actual machines. This may include outside machines creating connections to services to which they shouldn't have access, etc.
NAT (sans port-forwarding) doesn't make the same do-I-pass-this-on-or-not type of decisions. What NAT does do is allow internal machines to make outgoing connections, and ensure that replies get to the intended machine. NAT (again, sans port-forwarding, which is how the average home networking equipment defaults) does not allow incoming connections, and there is no protocol which would allow incoming external packets to specify an internal destination host. Since all packets are addressed to the IP address of the NAT host itself, no internal machine will receive a packet unless it has already established a connection with an outside machine, thereby creating an association between a specific port on the NAT host and that particular port on the internal machine.
In other words, a broken firewall may allow unauthorized clients to create connections to internal services. A broken NAT machine can not, although it may be possible for an outside machine to highjack an outgoing connection made by the internal machine. In the worst case, a broken firewall will allow all traffic to pass unfiltered to the inside hosts. A NAT host cannot be tricked into doing this simply because there is no protocol to request that a packet addressed to the NAT machine be forwarded to an internal machine.
Surprisingly, at least two people seem to care -- vrioux and Cliff. I'm surprised.
Slow news day, eh?
An editor:
I think Pudge is the new anti-Michael! Whoo-hoo!
Then issue a press release yourself, then come back and talk about how much sense it makes for someone with no control over the actual direction of XFree86 to try to tell others what direction the project will take.
What they're saying is basically "we don't control or direct XFree86 development". As an open-source project they aren't required to designate an heir.
Given that statement, why would you ask them to describe the future of XFree86, which is something over which they explicitly announced that they don't have control?
Few posts make me wish I had mod points like I do at the moment. It's quite annoying hearing people say "drop SMTP!" as though that would solve the problem entirely without offering an alternative suggestion (or better yet, quoting portions of the RFC which they feel are poorly designed).
Even centrally coordinated communications networks such as AOL's IM system can be used to send spam -- it's not as though SMTP has built-in deficiencies which make it especially vulnerable to such abuse. It's a system designed to allow arbitrary pairs of people to contact each other, often without advance knowledge of their desire to communicate.
I, too, would like to hear some actual suggestions instead of the typical "SMTP sucks" posts.
If the machine is hung hard, try holding the power button in for about 4 seconds -- the machine will shut off. I'd imagine that the resulting power-down is slightly nicer to the hardware than yanking the plug, since the motherboard gets to handle cutting power to devices.
...yet I did provide one potential example -- the right to legally use the media.
So why purchase music from iTunes at all? Why not just break the law and download MP3 files from IRC, or even go to Best Buy with a large jacket and some running shoes?
Are you serious?
In my opinion, it's all bull, and the RIAA is has been stealing from the public domain for decades. Also in my opinion, speed limits are more like suggestions, and during optimal conditions exceeding them isn't that dangerous.
However, indignation won't get you very far in a court of law, especially when you've broken the laws which that court is intended to uphold. If we were talking about buying alcohol for minors (but it's done in Europe!), I wonder whether you'd so strongly advocate freely breaking the law in the name of moral superiority.
At any rate, the one advantage iTunes would provide me that I cannot get from downloading MP3 files from IRC is the fact that I can possess and use them legally. If you take that away, basically I'd paying $0.99 per song to break the law. That being the case, I can break the law for free. I fail to understand how being able to legally use what I've purchased isn't relevant to a discussion of the merits of various products.
I'd like to remind you:
If I do have the freedom to legally use any software I like to listen to the songs represented in the media, then you are correct in your claims. Whether the right to use it legally is unimportant to you is irrelevant -- you said that AAC files provide "at least as much" freedom as with a CD. If this were true, this would include the right to listen to the music legally, without having to use Windows or MacOS. If not, then you are not correct in your claims.
However, when asked about something which is vital to the argument made in your original rant you dodge the question, saying that it lacks importance. Of course you ignores the fact that it was your rant making this claim in the first place.
So the question remains: Are you a liar, or can I legally use AAC files with Free software as I can CDs?
From your original post:
Indeed.
One would think that DVDs when being "decoded and played by their owner are not being used illegally" as well. Of course, one would normally assume that they have the right to play media which they purchase, but legal battles still ensue.
Now do you see the basis for my curiosity, which you antagonistically call a "phobia"? DVDs are a form of media which the consumer should be free to consume. However, DeCSS is seen as a "circumvention device" in the eyes of the law, despite the fact that it is not intended (or often used) to allow copying of media. My question is whether similar stupid legal issues surround AAC files and the software decoding them.
Your point of view seems to be, "I think you can, don't be an ass", but when that naive point of view is applied to DVD playback, it is wrong.
If you don't know whether one can legally write and distribute playback software without express permission, fine, but please don't try to paint me as paranoid simply because I consider it a bad idea to invest time in writing software which is illegal to distribute.
You are half right on that one. I'm not arguing anything -- I am ignorant of Apple's implementation, and of some of the legal issues related to actually using DRM-enabled AAC files with software not provided (or licensed) by Apple.
Since the Slashdot party line seems to be that sharing information is generally a good thing, I thought it might be worth my time to ask a few questions of a fellow poster.
I don't care what format it's in, as long as quality is good enough for my relatively untrained ears and I can legally encode and play it on my hardware without having to purchase a copy of Windows or an iPod. Furthermore, I'd imagine that an AAC-to-OGG converter would violate anti-circumvention laws.
I'm not complaining, only asking for information which I haven't seen on Apple's website. I'm not even asking for solid Linux support -- I'm asking whether one can legally write and distribute software which allows AAC files to be played (and, more peripherally, purchased from the iTunes site) without Apple's consent, especially in light of the DRM and anti-circumvention laws.
With OGG format, one can take an existing decoder, hand-tune it in assembly for their given platform, and release the changes for the world to use and evaluate. In the case of a "simple" (ie, single-purpose) piece of software, this does tend to lead to better code, even if only for the fact that bug reports can often be more informative when the software vendor doesn't have to keep the source code secret. Also, vendors are relieved from the burden of compiling for every processor family out there for those users who want faster program execution.
That's actually the core of my question. As far as I am aware, I can legally purchase a CD. I can legally play a CD.
What I am not sure of is whether it is legal to write, distribute, and use Free software to allow one to use the iTunes store without Apple having to "bless" the software in some way.
What I am also not sure of is whether it is legal to write, distribute, and use Free software to allow one to play music from the iTunes store, especially with respect to anti-circumvention laws.
Not to nitpick, but when you refer to "compression" with a CD, it's really just encoding a digital stream that roughly corresponds to an analog signal. It's not really compression, just a straight bit stream. A CD is a physical form of media, which was designed to work in any capable player without restriction. DRM attempts to apply artificial restrictions to media. Encoding a straightforward stream of data in a way that does not artificially limit use is not DRM.
As far as I am aware, a CD has no features at all which are designed to limit one's ability to access the data etched across its face. I'm interested -- could you justify your statement? How do CDs artificially limit usage?
Given the assumption that Apple uses a non-standard format (which is fairly safe, since there doesn't seem to be a standard DRM-enabled format) it stands to reason that only devices or software designed with awareness of Apple's own format would be able to play the media.
When you say that we do have "at least as much [freedom] as [we] do with a CD" to iTunes music with any device or software, does this mean that Apple's format allows third-party device makers to add support for their music? I know that there are several Free CD ripping tools available. Can Free software developers create and distribute software to play iTunes music?
Probably too late for the mods, but what the hell...
By trying to justify downloading music with "it probably boosts CD sales", many seem to be implying that we somehow owe the RIAA a working business model.
As I see it, we should show as little concern for their business model as they show for the fact that extreme copyright terms rip off the public domain.
The RIAA can adapt and continue to make money, and yet we at least acknowledge the fact that they claim to be losing money due to theft through piracy.
We as citizens don't seem to be making a difference, and the RIAA won't even admit that the public is losing due to the loss of the public domain.
Download 'em all and let bankruptcy court sort 'em out.
Everyone has their own solution-du-jour to the media industry vs. filesharing problem. I'd like to see a solution which allows one to sample lower-quality (96k, say, or mono) music for free, and would allow one to purchase higher-quality versions for iTunes prices.
If a person decided that an album was worth owning in its entirety, they could opt to purchase it for a reasonable fee (~10 USD). This would allow them instant access to the high-quality version of the tracks, and the online service would mail the physical CD to the consumer at no cost.
This would be cheaper than buying CDs traditionally (item #1), and consumers could purchase individual tracks as they wanted (item #3) without having to shell out ~15 USD per album.
The convenience factor (item #2) would be there as well -- you could sample songs (item #4), you would gain gratification at speeds comparable to current P2P methods (item #5).
If the low-quality versions could be located more easily and reliably than current P2P, people would opt to use the industry-sanctioned delivery methods instead of dealing with less-reliable, less-organized P2P. The physical media could still be obtained, but the end-user would instantly reap the benefits of having purchased the album online (namely, instant gratification).