That's a fine thing -- you've helped reduce his window of exposure to being robbed. However, you haven't (unless you later communicate with him) made him aware that there *was* a window of exposure. So if a criminal had created a backdoor (or planted a bomb or whatever), you've made things worse for your neighbor because now they have no reason to even look for something amiss.
If someone got there before you closed the door, then you're making things worse by concealing the fact that there could have been a break-in. Hence, leave a note.
In the cases you mention, clearly a note is redundant; you have full knowledge that an exploit has occurred. I have no intention of defending the exploiter.
But what if you came home and noticed nothing at all, except that unbeknownst to you, a criminal had come and left a hidden backdoor for themselves to come in later. If there were no note, you wouldn't have reason to suspect anything; you come home to the closed door believing it had never been open. In that case, the note is very useful because it indicates something may be amiss. If the criminal also left the note, well, they're not too slick. But if some other passerby has left the note, you might actively check to make sure nothing subtle is wrong.
Often people talk about a single hacker or "hack" event on a site, as this one; for all we know people have been hacking slashdot with this particular exploit for years without our knowledge. Receiving "the note" is by no means cause for the warm fuzzies; it's time for that "oh shit" stomach churn and damage control. Better that than continuing to get taken.
I don't think anyone's particularly happy that people are poking around their websites. However, if a stranger comes by and leaves a note that says "your front door was open", that is more helpful than nothing.
Of *course* you still have to do a risk assessment and decide if you might have been robbed while the door was open, possibly by the person leaving the note. That's true of the real-life front door to your house as well as a web site.
The person leaving the note has done two things for you, though: alerted you (and possibly others who visit your house while you're out) that there may have been a problem; and helped reduce the window of exposure to the threat. You do *not* get to conclude that therefore there was no exploit, in part because you don't know how long your front door has been sitting open.
Your IP/property comment strikes me as a non-sequitir; there is nothing wrong with leaving a note on someone's door in real life, so by your argument it should be fine to leave a note on someone's door on the internet.
I may have missed your point, though; if you're instead making an argument that "seeing an open vunerability on a web site is inherently *different* than seeing that someone's door is open in real life, and we should close our eyes on the internet lest we see open doors", well, I disagree. But it would make for a good discussion:)
If I left the front door to my house open accidentally, I'd prefer that some kind stranger came by, closed the door, and left me a note rather than walk by and leave it open for someone else to possibly take advantage of.
I might still have to behave as though I've been broken into; a criminal may have come along earlier, or the person leaving the note may be a particularly devious criminal, but that's still better than nothing, as it reduces the window of exploitability that Bruce Schneier likes to talk about.
... now VA needs to check the servers and maybe everything else behind the firewall. That's a drain on resources whichever way you look at it.
I think that's true regardless of whether there are any visible hacks to the site. Even if they had just emailed the slashdot crew a patch saying "this is broken and allows an exploit", slashdot or VA would still have to check the servers and maybe everything else on the possibility that someone has used the exploit. It doesn't make good security sense to say "well, I don't see any hacks even though there's this exploit, therefore I wasn't hacked into" -- especially on such a high-profile site.
This has fun implications for when you upgrade an OS (or anything else) to patch a security hole; if you're really security conscious, you have to do some risk analysis to decide whether to react as if someone has used the hole already to backdoor your system.
As much as I'd love to check the whole thing out, I'm sure as hell not spending the duckies necessary to acquire a G4...
Why not? They're only about $300 more than a comparable PC, they run Linux just great, and you can run MacOS concurrently with Linux at 95% speed -- which is plenty fast. And doing DV editing and graphics/design is way, way ahead of the windows and linux worlds.
Of course, if you really like Windows, by all means stick to the ia32's...
I believe Wilfredo [the lead for the core Darwin OS] answered this on the darwin-developers list. The problem is that if the basic installation of the OS depends on a GPL'd program, you're on shaky territory. It can be argued that the installer (or package tool, or whatever) is sufficiently "part of the OS" in the sense that the OS breaks if it's not there. Hence, no GPL install utility in MacOSX/Darwin.
In any case, the GPL is not about interoperating with other licenses; it is a strong political statement about rights and freedoms -- use accordingly!
Am I the only one who thinks these design decisions seem awfully similar to what MS choose to do for backwards copatability with DOS?
Quite possibly...
We now, once again, has a filesystem which is sort of compatible but loses information
You mean like Linux's support of the DOS filesystem? If I copy a Linux file to my DOS partition and back, I lose the permissions. With MacOS X, it's less radical than that; that only happens when someone uses the same physical volume on both MacOS 9 and MacOS X (which for most users will be exceedingly rare).
(compare long file NAM~1s).
That's not a good comparison; the NAM~1s creep up all over the Windows "experience", from FTP transfers and the like. Getting default permissions on a file instead of the real permissions? Bah, most users would hardly notice, especially if sensible defaults are used.
We have "special" directories which the user "should" not look into.
No, we have a UI that hides certain uncommmonly-user-manipulated directories from the user. Much like files beginning with a period in Unix. If you know they're there and want to muck with them, well, go ahead, but be sure you know what you're doing. Besides, the bsd-ish directories aren't hidden from MacOS X users in the shell window.
We even have the very same double-root kludge: the underlying os (DOS/unix) expects one structure, and the user another, so we have a "real" root which users are not supposed to know about, and then the friendly/usr/lib/desktop, no doubt.
MacOS X's structure is fairly elegant in this domain, please see the online docs at apple's website for a clue about how this is done.
And programs are supposed to move to a "package" model for un/installation, like the "add/remove program" item in the Control Panel. I predict it will take five years for Apple, too, to get that trick to work.
Well no, it's the "add/remove program" item and uninstaller type of nonsense that they're trying to get away from. Instead, they have all of an application's resources bundled up together in a single directory. This way, the user can do the intuitive thing: drag the Application from the installer disk onto their own disk, and it's installed. Drag it to the trash, and it's gone. No registry entries to clean up, no preferences folders or extensions or random little files laying around. One nice big handle to pick up a whole app by.
This is not to say that the problem could have been solved much better (although I personally think they should have discarded much more of the Unix side of the system -- they have no obligation to be backwards-compatible there!).
I think it's highly debatable whether Unix is something one is "backwards" compatible to, especially in this audience:) Going to a Unix-based OS is a very bold move, and rather than reinvinting the guts of a high performance scalable OS, they've chosen to adapt to one. With that decision comes the obligation to actually interoperate with said OS.
But the net result is a less elegant system than any of the ingredients (MacOS, Unix, NeXt) that went into the brew. This makes MacOS X a much less interesting OS alternative for me.
From what perspective is this less elegant? (and have you seen linux source code!?) It's far more elegant than letting these issues fall on the floor; instead the average user, and average developer, get a tightly integrated OS with some impressive functionality. Apple's been very good about smoothing technology transitions (e.g., x86->ppc), and this continues to be true.
That's not just the kernel, it's more like an entire precompiled freebsd distro. The kernel is just one linux-kernel-sized file inside that big ol' self-mounting image archive.
It's not always clear who the authors are. If there have been many contributions to a GPL'd project, it would be difficult to find, let alone convince, all of the authors. So a project either needs to have a clear policy that contributions back to the "main branch" have their ownership transferred to a single author (or some agency of the primary authors [or whoever] with the power to decide how to license it); or else it becomes "permanently GPL'd" because there's no way to figure out who owns copyright on what.
In the case of dynamic linking, the linked material must be present or the program won't run at all.
Not true; there's no reason you can't use dlopen or its equivalent to link the library if it's present during execution, and otherwise just continue on. For example, a [proprietary] program might link to the [GNU GPL'd] readline shared lib if it's there, and otherwise just use plain dumb tty handling.
In this scenario, one could try to make the argument that readline is being used as a "plug-in" to the application, which does not depend on it. This is perhaps why the topic of GPL'd plugins in non-GPL'd code is controversial.
This has some similarities (but is not identical) to a webpage with frames whose contents are found at another site (e.g. ask.com). However, it's pretty clear in my mind that "lazily" linking to readline from non-GPL code would be a violation of the GPL - and I infer from some of RMS' comments about the "next" GPL that this will be made more clear.
Re:What about Princess Mononoke?
on
Essential Anime
·
· Score: 1
Mononoke was ok, hardly "great". The animation is early 80's, the Earth Mother theme was weak, not well presented, and extremely heavy-handed.
This is only safe in a secure environment - everybody on your network will be able to do what they want with your Gnome components.
Isn't that true even if you use the magic cookie? It's pretty easy to snoop the IIOP message and grab the principal field; isn't that like sending the password in the clear?
The downside of XML, is that it's compatible with nothing out there browser-wise
Ah, but who says you have to present the clients with XML? You can use XSL/whatever-transformations-you-desire to spit it out as HTML (or XHTML) from the server side today, and later you can just start handing the markup sheet to browsers that understand it.
I for one think they make great pages. I can't stand reading things that go waaay across the page and only take up three lines with 256 characters per line. Perhaps you're reading it at 48pt.
> The top-end iMac ($1499) features digital video editing and authoring software built-in, > as well as FireWire (the only iMac to have it).
The $1299 models have those features as well. The extra $200 gets you 3 more GB of hard drive and a 128 MB DIMM instead of a 64 MB (or two 64 MB's, which costs $140 more on these models). And given, say, thechipmerchant's current prices, that's not a bad deal.
BTW, the notion that/.'ers aren't interested int he iMac is lame. I love my Linux (x86 and ppc) for Unix and programming, but MacOS is still way, way ahead on DTP/DV. Mix 'em and match 'em.
I've had pretty good luck with them so far. The initial setup went very quickly, and I've had very few problems with it. I run it through a Linux (P90) firewall to my apartment's lan, and it works great.
Especially Q3Test on my G3/400... [g]
2) Don't let them touch your computer
Of course not. Get your roommate's iMac and let them set it up on that, then call up and have the MAC addr changed. Or boot into windoze for the install. The techs are (probably wisely) phobic about Linux boxen. (i.e., there's a lot of possibly hard configuring to do given all the random distributions of Linux there are [or have been at one time on that poor P90])
4) Good luck getting your service back on-line in a timely fashion.
They did a good job here too; when the cable modem died (of course I rent it), they came in about a day or two, and had a new one hooked up pretty quickly. Yes, it was a couple phone calls to juggle the MAC addr, but they were perfectly able to do the job.
I was fairly amused when the guy who did the original install showed up with some buddies to harass^H^H^H^H^H^Help the guy who was diagnosing the modem, but whatever.
Of course, I'm probably about to get an unplesantly large shaft when I move apartments... anyone know what moving the service costs these days?
On another issue, NO I DON'T WATCH TV! Why do you oppress my bank account by making me pay for TV programming when I don't own a freaken TV!
Huh? I'm not paying for any cable TV with my modem, AFAIK...
Slashdot Mirror
If someone got there before you closed the door, then you're making things worse by concealing the fact that there could have been a break-in. Hence, leave a note.
But what if you came home and noticed nothing at all, except that unbeknownst to you, a criminal had come and left a hidden backdoor for themselves to come in later. If there were no note, you wouldn't have reason to suspect anything; you come home to the closed door believing it had never been open. In that case, the note is very useful because it indicates something may be amiss. If the criminal also left the note, well, they're not too slick. But if some other passerby has left the note, you might actively check to make sure nothing subtle is wrong.
Often people talk about a single hacker or "hack" event on a site, as this one; for all we know people have been hacking slashdot with this particular exploit for years without our knowledge. Receiving "the note" is by no means cause for the warm fuzzies; it's time for that "oh shit" stomach churn and damage control. Better that than continuing to get taken.
Of *course* you still have to do a risk assessment and decide if you might have been robbed while the door was open, possibly by the person leaving the note. That's true of the real-life front door to your house as well as a web site.
The person leaving the note has done two things for you, though: alerted you (and possibly others who visit your house while you're out) that there may have been a problem; and helped reduce the window of exposure to the threat. You do *not* get to conclude that therefore there was no exploit, in part because you don't know how long your front door has been sitting open.
Your IP/property comment strikes me as a non-sequitir; there is nothing wrong with leaving a note on someone's door in real life, so by your argument it should be fine to leave a note on someone's door on the internet.
I may have missed your point, though; if you're instead making an argument that "seeing an open vunerability on a web site is inherently *different* than seeing that someone's door is open in real life, and we should close our eyes on the internet lest we see open doors", well, I disagree. But it would make for a good discussion :)
I might still have to behave as though I've been broken into; a criminal may have come along earlier, or the person leaving the note may be a particularly devious criminal, but that's still better than nothing, as it reduces the window of exploitability that Bruce Schneier likes to talk about.
I think that's true regardless of whether there are any visible hacks to the site. Even if they had just emailed the slashdot crew a patch saying "this is broken and allows an exploit", slashdot or VA would still have to check the servers and maybe everything else on the possibility that someone has used the exploit. It doesn't make good security sense to say "well, I don't see any hacks even though there's this exploit, therefore I wasn't hacked into" -- especially on such a high-profile site.
This has fun implications for when you upgrade an OS (or anything else) to patch a security hole; if you're really security conscious, you have to do some risk analysis to decide whether to react as if someone has used the hole already to backdoor your system.
Why not? They're only about $300 more than a comparable PC, they run Linux just great, and you can run MacOS concurrently with Linux at 95% speed -- which is plenty fast. And doing DV editing and graphics/design is way, way ahead of the windows and linux worlds.
Of course, if you really like Windows, by all means stick to the ia32's...
In any case, the GPL is not about interoperating with other licenses; it is a strong political statement about rights and freedoms -- use accordingly!
Quite possibly...
We now, once again, has a filesystem which is sort of compatible but loses information
You mean like Linux's support of the DOS filesystem? If I copy a Linux file to my DOS partition and back, I lose the permissions. With MacOS X, it's less radical than that; that only happens when someone uses the same physical volume on both MacOS 9 and MacOS X (which for most users will be exceedingly rare).
(compare long file NAM~1s).
That's not a good comparison; the NAM~1s creep up all over the Windows "experience", from FTP transfers and the like. Getting default permissions on a file instead of the real permissions? Bah, most users would hardly notice, especially if sensible defaults are used.
We have "special" directories which the user "should" not look into.
No, we have a UI that hides certain uncommmonly-user-manipulated directories from the user. Much like files beginning with a period in Unix. If you know they're there and want to muck with them, well, go ahead, but be sure you know what you're doing. Besides, the bsd-ish directories aren't hidden from MacOS X users in the shell window.
We even have the very same double-root kludge: the underlying os (DOS/unix) expects one structure, and the user another, so we have a "real" root which users are not supposed to know about, and then the friendly /usr/lib/desktop, no doubt.
MacOS X's structure is fairly elegant in this domain, please see the online docs at apple's website for a clue about how this is done.
And programs are supposed to move to a "package" model for un/installation, like the "add/remove program" item in the Control Panel. I predict it will take five years for Apple, too, to get that trick to work.
Well no, it's the "add/remove program" item and uninstaller type of nonsense that they're trying to get away from. Instead, they have all of an application's resources bundled up together in a single directory. This way, the user can do the intuitive thing: drag the Application from the installer disk onto their own disk, and it's installed. Drag it to the trash, and it's gone. No registry entries to clean up, no preferences folders or extensions or random little files laying around. One nice big handle to pick up a whole app by.
This is not to say that the problem could have been solved much better (although I personally think they should have discarded much more of the Unix side of the system -- they have no obligation to be backwards-compatible there!).
I think it's highly debatable whether Unix is something one is "backwards" compatible to, especially in this audience :) Going to a Unix-based OS is a very bold move, and rather than reinvinting the guts of a high performance scalable OS, they've chosen to adapt to one. With that decision comes the obligation to actually interoperate with said OS.
But the net result is a less elegant system than any of the ingredients (MacOS, Unix, NeXt) that went into the brew. This makes MacOS X a much less interesting OS alternative for me.
From what perspective is this less elegant? (and have you seen linux source code!?) It's far more elegant than letting these issues fall on the floor; instead the average user, and average developer, get a tightly integrated OS with some impressive functionality. Apple's been very good about smoothing technology transitions (e.g., x86->ppc), and this continues to be true.
My $.02
That's not just the kernel, it's more like an entire precompiled freebsd distro. The kernel is just one linux-kernel-sized file inside that big ol' self-mounting image archive.
It's not always clear who the authors are. If there have been many contributions to a GPL'd project, it would be difficult to find, let alone convince, all of the authors. So a project either needs to have a clear policy that contributions back to the "main branch" have their ownership transferred to a single author (or some agency of the primary authors [or whoever] with the power to decide how to license it); or else it becomes "permanently GPL'd" because there's no way to figure out who owns copyright on what.
Not true; there's no reason you can't use dlopen or its equivalent to link the library if it's present during execution, and otherwise just continue on. For example, a [proprietary] program might link to the [GNU GPL'd] readline shared lib if it's there, and otherwise just use plain dumb tty handling.
In this scenario, one could try to make the argument that readline is being used as a "plug-in" to the application, which does not depend on it. This is perhaps why the topic of GPL'd plugins in non-GPL'd code is controversial.
This has some similarities (but is not identical) to a webpage with frames whose contents are found at another site (e.g. ask.com). However, it's pretty clear in my mind that "lazily" linking to readline from non-GPL code would be a violation of the GPL - and I infer from some of RMS' comments about the "next" GPL that this will be made more clear.
Not impressed. Points for dismemberment, though.
Isn't that true even if you use the magic cookie? It's pretty easy to snoop the IIOP message and grab the principal field; isn't that like sending the password in the clear?
Ah, but who says you have to present the clients with XML? You can use XSL/whatever-transformations-you-desire to spit it out as HTML (or XHTML) from the server side today, and later you can just start handing the markup sheet to browsers that understand it.
Semantic markup rules.
The cancellation has been reversed.
Read it at MacInTouch.
I for one think they make great pages. I can't stand reading things that go waaay across the page and only take up three lines with 256 characters per line. Perhaps you're reading it at 48pt.
Speaking of column, seen suck.com lately?
> The top-end iMac ($1499) features digital video editing and authoring software built-in,
/.'ers aren't interested int he iMac is lame. I love my Linux (x86 and ppc) for Unix and programming, but MacOS is still way, way ahead on DTP/DV. Mix 'em and match 'em.
> as well as FireWire (the only iMac to have it).
The $1299 models have those features as well. The extra $200 gets you 3 more GB of hard drive and a 128 MB DIMM instead of a 64 MB (or two 64 MB's, which costs $140 more on these models). And given, say, thechipmerchant's current prices, that's not a bad deal.
BTW, the notion that
perl -ne 'print map pack("B8",$_), split'
The group has a site at http://www.phs.uiuc.edu/4Is/
It includes a pretty spiffy mpeg of one of their scans. Cool.
1) They suck big time
I've had pretty good luck with them so far. The initial setup went very quickly, and I've had very few problems with it. I run it through a Linux (P90) firewall to my apartment's lan, and it works great.
Especially Q3Test on my G3/400... [g]
2) Don't let them touch your computer
Of course not. Get your roommate's iMac and let them set it up on that, then call up and have the MAC addr changed. Or boot into windoze for the install. The techs are (probably wisely) phobic about Linux boxen. (i.e., there's a lot of possibly hard configuring to do given all the random distributions of Linux there are [or have been at one time on that poor P90])
4) Good luck getting your service back on-line in a timely fashion.
They did a good job here too; when the cable modem died (of course I rent it), they came in about a day or two, and had a new one hooked up pretty quickly. Yes, it was a couple phone calls to juggle the MAC addr, but they were perfectly able to do the job.
I was fairly amused when the guy who did the original install showed up with some buddies to harass^H^H^H^H^H^Help the guy who was diagnosing the modem, but whatever.
Of course, I'm probably about to get an unplesantly large shaft when I move apartments... anyone know what moving the service costs these days?
On another issue, NO I DON'T WATCH TV! Why do you oppress my bank account by making me pay for TV programming when I don't own a freaken TV!
Huh? I'm not paying for any cable TV with my modem, AFAIK...
Peace,
Here's a link that has a cute orbital simulation, copies of the paper, and where to find Ups Andromidae in the sky. Much more info for the interested.
http://cfa-www.harvard.edu/afoe/upsAnd. html
Enjoy,