"In some sense, any secret must also be somewhat 'obscure' (otherwise it could hardly be secret!), but that's not quite what's meant by "security through obscurity." The implication of "security through obscurity" is that the system is NOT secure, and the obscurity exists merely to hide that fact."
You're making my point here. Read what you wrote, "that's not quite what is meant [...] the implication..." The definition of STO as I've always encountered it is simple: there is a secret. If the secret is revealed, your security is moot.
That's it. There's no "implication" or "not quite" or any such thing. It's a simple, concrete definition, but peoople seem to always want to bend the term so that it only means "the bad kind of security," which it does not.
Now, some such mechanisms are multi-layered, and some are not. For example, the password you use is a bit of obscurity. If I can social-engineer that password, I'm in. However, your system uses passwords in a generally secure way, and that extra layer makes me work harder (having to social engineer vs. just using some pre-fab intrusion tool). This is a good thing.
An example of a non-multi-layered STO would be using unusual port numbers. But even there you can add in a layer. Let's say you have some intrusion detection (snort-based, for example) and you automatically inject firewall rules to drop packets from hosts that port-scan. Now you have a bit of obscurity that is defended by a second layer. Of course, I can port-scan different ranges from different hosts until I find the correct one, but you've made me work for that small advantage, and I still need to get past the security in your application (which you again layer on more security for by frequently applying security updates, etc.)
An armed guard is not STO. A filtering firewall is not STO. Auditing is not STO. Security cameras are not STO. Re-writing multiple times and then degausing hard-drives is not STO.
STO is a very limited sub-set of security in which you keep a secret which, if known, defeats the security in question. Passwords, unpublished datacenter locations, public and private-key encryption, putting services on an unusual port, and using an OS that people don't use at home are all examples of security through obscurity. Some of them are very effective (encryption), some are only a partial solution (passwords) and some are effectively ignorable (unusual ports).
The problem is that people treat STO the same way they treat the word "script". It only refers to those thigns that I consider beneath my notice. Everything else is just "security" or a "program".
Yes, actually I am, and I stand behind my statement. I'll try not to just re-state it, but here's a scenario:
Young film student gets first serious gig. Has decent coin for the first time. Goes out to buy camara. Let's say that they have some lenses, but nothing really good because they could not afford them up until now. So, in this case there's little incentive to be loyal to any brand.
This person is going to buy on "gut feelings", and in this case Nikon has presented a strong reason to seek competition. You can claim that proprietary lock-in can't be broken because of proprietary lock-in all you like, but the bottom-line is that consumers are not a static group. In fact, in most "pro" markets, what you'll find is that there are more people entering the field with fresh cash to spend than there are existing people in the field at any given time. Why? Because so many of them fail.
Right now, the only decent options are those who are playing the lock-in game, but that creates a huge market advantage for someone who captures the students and "prosumer" buyers before they become entrenched pros.
"Sorry, "No security through obscurity!" is just something Slashbots repeat to sound smart..."
What's more, it's often dead wrong.
"Security through obscurity is no security at all" is often the mantra, and yet when pressed, you have to admit that having a password; having some systems be honeypots that feed DNSBLs; and many other valid security approaches are STO *and* are valid additions to your security framework.
The key to good security is layering. Put out your STO layer, and then add in your logical security layer, followed by your physical security layer, followed by your auditing layer. This is how you build good security.
At every point in your security model, you should have a sense that there's some ablative layer that can be compromised without a full failure of security. What's more, you should be auditing that intrusion to discover the failure, and ideally reacting to that information (e.g. by modifying firewall rules to stop the intruder).
Getting back to our friends... Google is showing you the first layer of their security approach: don't tell them what our security model is. Now, if that's their whole model, then they're screwed, but it seems reasonable to assume that it's not (else, why bother not telling you?)
You're assuming that the competition is for established photographers. What happens if this year's round of people buying NEW professional cameras don't buy a Nikon? I would think that would be a far more serious concern.
"But how does this make sense? The root hash is the hash of the hash of the hash (etc.) of parts of the file. If one of those parts is corrupted but still has the same hash (hash collision), then how would that affect the tree of hashes built from those hashes? The hash of the block in question is the same, after all."
"Umm.. no, because if they can create a block of data with the same hash as the original one, then they have acheived something far, far greater than just putzing around with tricking P2P apps."
Not really. It depends on your block-size. There is no guarantee that there's a conflict at the particular block-size you're looking at (e.g. you might have a 4k block, and there happens to be only one 4k data chunk that has your particular hash). This is unlikely in practice, however, growing increasingly improbable as your chunk size increases.
So the questions to ask are:
How big is your chunk size (C)
How much CPU time does the computation of a hash take (H)
Is there some linear reduction in hash computation time that can be used to short-circut the computation of hashes if they don't match (R)
How much CPU per unit time can the attacker afford to throw at the problem (A)
Is ((2^8^C)*H)/R/A (divided by 2 on average) less than the shelf-life of a file on a P2P network?
There are other optimizations that are hash-specific and might reduce the search space further (parallelization, known text weaknesses, etc). Anyone skilled at breaking hashes could put together an app to do this in a few days, I'm sure... the question is: is it practical to use it? How many cycles/sec is a RIAA or MPAA label willing to pay for in order to achive this on a per-file basis?
The mistake that people make with hashes is in assuming that they need to be broken quickly. If all you want to do is make file-sharing seem useless to the average downloader, you can corrupt fairly old files, so a year or two is fine.
Personally, I'm all for this. Get the music kiddies off my damn network, and let me download the stuff that no one is bothering to corrupt (old stuff that's not available elsewhere, legitimate software, etc.)
However, assuming that you're NOT ok with it, I would suggest using a hash of the original data at the file-level to re-assure yourself that you have a valid file.
Every country criticizes itself. If they don't they're not a healthy nation. We should constantly point out the flaws in our behavior both as individuals, as a nation and abroad. It's the only way that we will be reminded that we need to improve.
Look up the definition of kaizen sometime, it's a fun word and a sort of philosophy of life (and in the '80s, of business) that comes from the Japanese. It's a decent idea, and at its heart is the recognition that perfection is a process, not a goal. I feel the same way about people in the U.S. We're not perfect because we're not trying to be perfect... but if we keep being reminded that the path is there, we might someday start to take those first few steps.
We (that is those of us in the U.S.) have made decision, either directly or by proxy through our lawmakers to allow companies, to a certain extent, to decide to funnel money into charitable causes instead of into their tax bill. Companies do this because there's more PR in charities than paying your taxes.
If, every time a large corporation does this (and they all do), you're going to get scared of what horrible evil that PR is covering up, you're going to end up cowering in fear at every step. It's just one way of the government spending tax dollars that doesn't involve the government getting to decide HOW to spend those dollars. IMHO, that's a heck of a lot better than handing it to war-mongers.
What really boggles me is that a genuinely good company like Google (I've talked with several people there, and watched their business closely, and they ARE good) gets accused of having horrible malicious goals more than any 3 other companies I've ever heard of. I mean, for Pete's sake, GE makes NUKES! It's their job. They crank them out like candy. And yet, somehow it's Google that we focus our scrutiny on?!
"The majority of people on this site are so selfish it's absolutely incredible. You think you have the right to everything for free."
You misunderstand my position. I'm not saying that everything should be free. I'm simply browsing the World Wide Web, which (contrary to the group-think that surrounds our shopping-mall-crazed world) is not actually one giant mega-store. The World Wide Web is a collection of documents which can be addressed by URIs.
The fact that you put your shopping mall in my distributed hypertext database is, in fact, not my problem.
Telling me that I'm no longer allowed to control the presentation of the hypertext database's contents is absurd. It's just data. The fact that you have decided to try to see if you can build a business around a piece of that data is kind of cool and interesting, and I wish you lots of luck. I am not, however, required to play ball.
If you don't like that, then just block access to your site from anyone using a browser capable of altering the presentation of your data. It's pretty easy to do, and you have every right. Of course, that might render your business model even worse-off, but again: your lack of a workable business model is not my concern.
When did we become convinced that anyone who put up a storefront had a right to profit no matter how horrible their business model?
"Calling people who look at the adverts that keep the site running 'sheep' is just juvenile and pathetic."
I call people who respnd to herding by lowering their heads and marching forward sheep. This is neither juvenile nor pathetic, in my opinion, but you are welcome to yours.
I do use the World Wide Web for commercial transactions. I manage my bank account and credit cards using it, and I buy many products through the Web. I encourage others to do so as well. I just don't think that any of that requires looking at dancing monkeys or whatever else they're putting in banner ads these days (I honestly wouldn't know).
Keep in mind that nothing said in this article is new. When I worked for the DoT back in the late 90s, all of this was already the case. In fact, we were come down on for "single sourcing". Of course, we were doing so because we were trying to port an ancient product from HP/Apollo (obsolete) systems, and using the same hardware with a Unix OS was far easier than switching both OS and hardware platform, but we still had to spend months justifying that to the powers that be.
The biggest boon to breaking monopolies in terms of government procurement is, and always will be the presence of viable alternatives in the commercial market, but that doesn't mean that the process won't be huge and complex and involve mountains of paperwork.
Yes, I'm an American (I'm also a U.S. citizen), and what I posted above is what we Americans call humor... in this case, ironic humor.
Do I think that all U.S. citizens are dumb? Nope, not at all. I think about half of them are, but then half of the people in the world have a below-average intelligence.
That said, U.S. schools are slipping. We've spent a lot of time and money making sure that they are focused on exactly the opposite from the things that made U.S. schools work well in previous generations, so that's not shocking.
What's more, we're also a nation that feels deeply compelled to spend massive amounts of time in front of the television and eating junk-food. I'm no exception.
Does this lead to an apathetic social ethic? Yep. Does it mean we're incapable of change? Nope.
So the question is this: are there more people who will buy their product because they're NOT annoying than there are who will buy their product even though they ARE annoying? I think you'll find that there are more sheep than you think in this equation.
In some cases, not being annoying should not be the advertisers's choice, and I think the Web is one of them. Google demonstrates quite clearly that inobtrusive ads MAKE YOUR SITE MORE POPULAR! This is a hugely important point, and one which advertisers are going to really hate having to face. It's not that they get to make a financial call on the return on investment, it's that the sites with all the users will soon be the sites with the least annoying ads. THEN polite wins.
"Americans are lazy, undereducated about technology, and just don't give a shit about making their own lives better. As long as it is easy and they are told it's acceptable they are good to go."
That's not just wrong, I find that statement morally repugnant! I'm going to write my congressman about this!... well, maybe tomorrow, there's something good on tonight that I want to watch.
This is why you use a NetApp. Backups are atomic, guaranteeing filesystem integrity, so recovering from a restore is exactly identical to recovering from a system crash, except you have more guarantees about the state of your data. I've used NetApp snapshots (the fundamental building block upon which backups are based on a NetApp) to back up Oracle databases that were under heavy read/write load, and restored backups of same. No worries.
"I will give it to him that across distributions linux is not consistent but businesses use RHEL or Novell against which all major applications like Oracle are certified.Within these distributions things are largely consistent."
You're correct, but let me hone that point a bit: Linux is NOT a platform. Linux is an operating system kernel, and the term loosly applied to a variety of platforms. Saying that Linux is not consistent is like saying that cars are not consistent. It's a correct statement, but also largely ignorable. Linux-based products like TiVo and RHEL can be market winners without any interest in what Linux looks like elsewhere.
As for Linux vs. Windows: I don't think anyone who knows anything about how the OS market works is thinking Windows will be gone tomorrow or even in 10 years. However, it could well be the case that 5-10 years down the road continued pressure from Linux on the desktop and the obvious inroads that were made on the server-side will force Microsoft to assume an offensive enough stance that MacOS will have an edge, and that MacOS will then focus Microsoft's attention to the extent that certain Linux products will have an edge.
MacOS+Linux+misc could quite realistically have a market share approaching that of Windows in 5-10 years, and that would effectively remove Microsoft's ability to make and succesfully enforce their cart-blanche demands on hardware vendors and OEMs.
All I do "is run X Windows" (more correctly, "The X Window System"... there's some very old problems with calling it "X" or "X Windows" that MIT asked people to avoid by calling it by its full name)... of course, I run applications on top of it.
They range from gnome-terminal to firefox to music visualization to video games like Neverwinter Nights to 3D screensavers to Celestia.
I find that even for routine tasks like opaque movement of windows, a decent driver makes a huge difference, but of course for massive 3D applications like a modern video game, there's no question that you need the best acceleration you can get your hands on.
Until this announcement you were pretty much stuck with ATI or the binary-only driver for NVidia. I don't know how good the cards from these companies are, but if they're decent this could really open up the market. I only know via as a maker of on-motherboard chipsets, and I don't know XGI at all.
"The typical case involves a lot of outgoing connections on port 25 -- you can't really block this as well unless the user in question uses nothing but webmail."
"Eh? port 25 is for SMTP servers"
You missed the word "outgoing". For example, I want to send business email from home. I connect to port 25 on my company's MTA, step up to TLS encryption and authenticate as my work username (all transparently through my MUA which allows me to just pull down a list of "from addresses"). I can then send mail securely "from work" to our customers. Relaying such sensitive mail through my ISP who doesn't even support TLS is not an option.
"Checking your mail is done through POP3 and IMAP on ports 110 and 143, respectively. My ISP (Cox Cable) blocks port 25 on all non business level service, which pisses me off since I'd like to run my own server, but I'm sure it does help keep the spamming to a minimum."
I've been lazy about going out and buying DSL from Speakeasy, but the moment Comcast did this, I would drop them like a hot rock for Cable and Internet, and go with DSL+Dish instead. Back in the AT&T BI days, I had an understanding with the sysadmins that worked there. They officially discouraged home servers because they didn't want the masses doing it poorly, but the were fine with professionals like myself doing it well as long as we didn't mind getting smacked around if we did something stupid.
That policy is the assumption that I continue to operate under, and no amount of poorly configured blacklists or other silly external attempts to enforce an SLA that I am not held to by the company will convince me otherwise.
As for spamming from residential networks, it would evaporate if people carefully and correctly applied tools like greylisting, Spamhaus's excellent XBL and SpamAssassin.
Hey, more power to 'em! I hope they sue a few thousand more people.
Best thing the RIAA can do now is convince everyone to buy music only direct from artists with an agreement that file-sharing is cool. The RIAA can feel free to up the timetable on that process all they like.
I doubt there was ever any question as to the average Slashdotter being in the target audience.
The target audience is going to be that set of companies that consider finding and installing plugins to be difficult and worthy of a support contract.
You could have said the same for Linux, back when Red Hat started shipping CDs.
I think the only likely market for this would be companies who are now using IE and thinking about switching, but wanting a corporate "face". Nifty new features would be a nice selling point, but "we offer Firefox's security and extensibility as a supported product," is really what a lot of small to mid-size companies are looking for right now.
"people aren't going to shell out for things they don't really need."
Three words: supported, secure browser.
Medium sized companies that have had to purge about 20 rounds of viruses that snuck past firewalls, mail scanners and anti-virus programs (usually via social engineering) are just about as fed up as they'll ever get. They're moving to web-based mailers to avoid Outlook, and they're eyeing Firefox, but FF is just a browser... they want a company they can sink their teeth into. AOL's Netscape browser isn't a core product, and is in the "might be gone tomorrow" camp....
I think these guys have a serious niche, just as Red Hat did, back in the day.
"These people will find out the hard way that the types of people that thinks FireFox is just the most absolutely, unbelieveable, best thing EVER, are the same types of people that believe they should get everything for free."
Well, if those are his target customers then anyone could have told hime that he was doomed to failure (and probably would have).
I imagine that that's not at all the target. Instead, if I were him, I'd be targetting the mid-sized corporations that rely on IE now, and are just starting to think about looking for a way out.
There are things in life worth bullshitting over. This, my friend, ain't even near the edge of the list.
"How much are you claiming you used to pay for CDs?"
Hard to recall, but I think $6-10 was average at the time with some CDs being as much as $12. I then remember after I stopped buying CDs, something like $13 becoming a fairly common price and saying, "my God, that's insane!" Then they hit $20 before coming down a bit. I just took a look a the top recommendations for my account in music on Amazon. I see (as the discounted Amazon price): $14.99, $14.99, $6.98 (indie label), $17.98, $13.99, $13.49
"And what year did you stop buying them?"
Somewhere in the early to mid 90s. Don't recall exactly. It was around the time that multi-disc turn-table type players were just getting popular (you have probably never seen these, but they were reasonable to make at the time because the form-factor was the same as a Laser Disc player... then again you may have no idea what Pioneer's Laser Disc format was....
"As far as I can recall, CDs have always cost about $15-20 retail."
Some school puts out a depressing little list every year of items that establish the cultural context of the incoming class of freshmen. It's things like, "was not alive when casette tapes were popular" or "never saw a $10 CD in a store"... man, I feel old, and I'm only 35!
I was talking to a co-worker the other day. She's a musician, and she was saying that downloading of music has really hurt musicians. I told her that I didn't believe that, but only because of my personal situation. You see, I don't buy CDs. I used to. I used to buy at least 3-4 per month. But, then prices kept going up, and eventually it just stopped being worth it. I actually stopped buying CDs LONG before I was able to download music, and to this day, the music I listen too is almost entirely rips of MY old CDs, not downloaded music.
She said, "but $15 or $20 isn't that much for soemthing you enjoy." I agreed, but the problem is that that logic worked back when you bought a several oz. chunk of vinyl, took it home and played it start-to-finish. When I stopped buying music, I was buying CDs to put into shuffle-players (and of course, today, I put a thousand songs on shuffle-play). It's a differnt economy of scale, and sadly it favors music "product" over music "substance".
The only solution that I can see is for people to stop buying media as their primary source of music, and instead patronize live evnets, the smaller the better. I'd love to go back to the 50s where you never went ANYWHEERE that didn't have live musicians playing. Department stores had musicians. Bars had musicians. They were everywhere. A friend of mine who was in his 40s when I was a teen-ager once advised me to learn and instrument because I could always fall back on that if my career wasn't doing well. Today, that's horrible advice, but it SHOULDN'T be!
Slashdot Mirror
"In some sense, any secret must also be somewhat 'obscure' (otherwise it could hardly be secret!), but that's not quite what's meant by "security through obscurity." The implication of "security through obscurity" is that the system is NOT secure, and the obscurity exists merely to hide that fact."
You're making my point here. Read what you wrote, "that's not quite what is meant [...] the implication..." The definition of STO as I've always encountered it is simple: there is a secret. If the secret is revealed, your security is moot.
That's it. There's no "implication" or "not quite" or any such thing. It's a simple, concrete definition, but peoople seem to always want to bend the term so that it only means "the bad kind of security," which it does not.
Now, some such mechanisms are multi-layered, and some are not. For example, the password you use is a bit of obscurity. If I can social-engineer that password, I'm in. However, your system uses passwords in a generally secure way, and that extra layer makes me work harder (having to social engineer vs. just using some pre-fab intrusion tool). This is a good thing.
An example of a non-multi-layered STO would be using unusual port numbers. But even there you can add in a layer. Let's say you have some intrusion detection (snort-based, for example) and you automatically inject firewall rules to drop packets from hosts that port-scan. Now you have a bit of obscurity that is defended by a second layer. Of course, I can port-scan different ranges from different hosts until I find the correct one, but you've made me work for that small advantage, and I still need to get past the security in your application (which you again layer on more security for by frequently applying security updates, etc.)
*all* security is security through obscurity
Eh? No.
An armed guard is not STO. A filtering firewall is not STO. Auditing is not STO. Security cameras are not STO. Re-writing multiple times and then degausing hard-drives is not STO.
STO is a very limited sub-set of security in which you keep a secret which, if known, defeats the security in question. Passwords, unpublished datacenter locations, public and private-key encryption, putting services on an unusual port, and using an OS that people don't use at home are all examples of security through obscurity. Some of them are very effective (encryption), some are only a partial solution (passwords) and some are effectively ignorable (unusual ports).
The problem is that people treat STO the same way they treat the word "script". It only refers to those thigns that I consider beneath my notice. Everything else is just "security" or a "program".
"You're not listening, are you?"
Yes, actually I am, and I stand behind my statement. I'll try not to just re-state it, but here's a scenario:
Young film student gets first serious gig. Has decent coin for the first time. Goes out to buy camara. Let's say that they have some lenses, but nothing really good because they could not afford them up until now. So, in this case there's little incentive to be loyal to any brand.
This person is going to buy on "gut feelings", and in this case Nikon has presented a strong reason to seek competition. You can claim that proprietary lock-in can't be broken because of proprietary lock-in all you like, but the bottom-line is that consumers are not a static group. In fact, in most "pro" markets, what you'll find is that there are more people entering the field with fresh cash to spend than there are existing people in the field at any given time. Why? Because so many of them fail.
Right now, the only decent options are those who are playing the lock-in game, but that creates a huge market advantage for someone who captures the students and "prosumer" buyers before they become entrenched pros.
"Sorry, "No security through obscurity!" is just something Slashbots repeat to sound smart..."
What's more, it's often dead wrong.
"Security through obscurity is no security at all" is often the mantra, and yet when pressed, you have to admit that having a password; having some systems be honeypots that feed DNSBLs; and many other valid security approaches are STO *and* are valid additions to your security framework.
The key to good security is layering. Put out your STO layer, and then add in your logical security layer, followed by your physical security layer, followed by your auditing layer. This is how you build good security.
At every point in your security model, you should have a sense that there's some ablative layer that can be compromised without a full failure of security. What's more, you should be auditing that intrusion to discover the failure, and ideally reacting to that information (e.g. by modifying firewall rules to stop the intruder).
Getting back to our friends... Google is showing you the first layer of their security approach: don't tell them what our security model is. Now, if that's their whole model, then they're screwed, but it seems reasonable to assume that it's not (else, why bother not telling you?)
You're assuming that the competition is for established photographers. What happens if this year's round of people buying NEW professional cameras don't buy a Nikon? I would think that would be a far more serious concern.
"Umm.. no, because if they can create a block of data with the same hash as the original one, then they have acheived something far, far greater than just putzing around with tricking P2P apps."
Not really. It depends on your block-size. There is no guarantee that there's a conflict at the particular block-size you're looking at (e.g. you might have a 4k block, and there happens to be only one 4k data chunk that has your particular hash). This is unlikely in practice, however, growing increasingly improbable as your chunk size increases.
So the questions to ask are:
There are other optimizations that are hash-specific and might reduce the search space further (parallelization, known text weaknesses, etc). Anyone skilled at breaking hashes could put together an app to do this in a few days, I'm sure... the question is: is it practical to use it? How many cycles/sec is a RIAA or MPAA label willing to pay for in order to achive this on a per-file basis?
The mistake that people make with hashes is in assuming that they need to be broken quickly. If all you want to do is make file-sharing seem useless to the average downloader, you can corrupt fairly old files, so a year or two is fine.
Personally, I'm all for this. Get the music kiddies off my damn network, and let me download the stuff that no one is bothering to corrupt (old stuff that's not available elsewhere, legitimate software, etc.)
However, assuming that you're NOT ok with it, I would suggest using a hash of the original data at the file-level to re-assure yourself that you have a valid file.
Every country criticizes itself. If they don't they're not a healthy nation. We should constantly point out the flaws in our behavior both as individuals, as a nation and abroad. It's the only way that we will be reminded that we need to improve.
Look up the definition of kaizen sometime, it's a fun word and a sort of philosophy of life (and in the '80s, of business) that comes from the Japanese. It's a decent idea, and at its heart is the recognition that perfection is a process, not a goal. I feel the same way about people in the U.S. We're not perfect because we're not trying to be perfect... but if we keep being reminded that the path is there, we might someday start to take those first few steps.
We (that is those of us in the U.S.) have made decision, either directly or by proxy through our lawmakers to allow companies, to a certain extent, to decide to funnel money into charitable causes instead of into their tax bill. Companies do this because there's more PR in charities than paying your taxes.
If, every time a large corporation does this (and they all do), you're going to get scared of what horrible evil that PR is covering up, you're going to end up cowering in fear at every step. It's just one way of the government spending tax dollars that doesn't involve the government getting to decide HOW to spend those dollars. IMHO, that's a heck of a lot better than handing it to war-mongers.
What really boggles me is that a genuinely good company like Google (I've talked with several people there, and watched their business closely, and they ARE good) gets accused of having horrible malicious goals more than any 3 other companies I've ever heard of. I mean, for Pete's sake, GE makes NUKES! It's their job. They crank them out like candy. And yet, somehow it's Google that we focus our scrutiny on?!
"The majority of people on this site are so selfish it's absolutely incredible. You think you have the right to everything for free."
You misunderstand my position. I'm not saying that everything should be free. I'm simply browsing the World Wide Web, which (contrary to the group-think that surrounds our shopping-mall-crazed world) is not actually one giant mega-store. The World Wide Web is a collection of documents which can be addressed by URIs.
The fact that you put your shopping mall in my distributed hypertext database is, in fact, not my problem.
Telling me that I'm no longer allowed to control the presentation of the hypertext database's contents is absurd. It's just data. The fact that you have decided to try to see if you can build a business around a piece of that data is kind of cool and interesting, and I wish you lots of luck. I am not, however, required to play ball.
If you don't like that, then just block access to your site from anyone using a browser capable of altering the presentation of your data. It's pretty easy to do, and you have every right. Of course, that might render your business model even worse-off, but again: your lack of a workable business model is not my concern.
When did we become convinced that anyone who put up a storefront had a right to profit no matter how horrible their business model?
"Calling people who look at the adverts that keep the site running 'sheep' is just juvenile and pathetic."
I call people who respnd to herding by lowering their heads and marching forward sheep. This is neither juvenile nor pathetic, in my opinion, but you are welcome to yours.
I do use the World Wide Web for commercial transactions. I manage my bank account and credit cards using it, and I buy many products through the Web. I encourage others to do so as well. I just don't think that any of that requires looking at dancing monkeys or whatever else they're putting in banner ads these days (I honestly wouldn't know).
Keep in mind that nothing said in this article is new. When I worked for the DoT back in the late 90s, all of this was already the case. In fact, we were come down on for "single sourcing". Of course, we were doing so because we were trying to port an ancient product from HP/Apollo (obsolete) systems, and using the same hardware with a Unix OS was far easier than switching both OS and hardware platform, but we still had to spend months justifying that to the powers that be.
The biggest boon to breaking monopolies in terms of government procurement is, and always will be the presence of viable alternatives in the commercial market, but that doesn't mean that the process won't be huge and complex and involve mountains of paperwork.
Well, I guess I might as well feed the troll....
Yes, I'm an American (I'm also a U.S. citizen), and what I posted above is what we Americans call humor... in this case, ironic humor.
Do I think that all U.S. citizens are dumb? Nope, not at all. I think about half of them are, but then half of the people in the world have a below-average intelligence.
That said, U.S. schools are slipping. We've spent a lot of time and money making sure that they are focused on exactly the opposite from the things that made U.S. schools work well in previous generations, so that's not shocking.
What's more, we're also a nation that feels deeply compelled to spend massive amounts of time in front of the television and eating junk-food. I'm no exception.
Does this lead to an apathetic social ethic? Yep. Does it mean we're incapable of change? Nope.
So the question is this: are there more people who will buy their product because they're NOT annoying than there are who will buy their product even though they ARE annoying? I think you'll find that there are more sheep than you think in this equation.
In some cases, not being annoying should not be the advertisers's choice, and I think the Web is one of them. Google demonstrates quite clearly that inobtrusive ads MAKE YOUR SITE MORE POPULAR! This is a hugely important point, and one which advertisers are going to really hate having to face. It's not that they get to make a financial call on the return on investment, it's that the sites with all the users will soon be the sites with the least annoying ads. THEN polite wins.
"Americans are lazy, undereducated about technology, and just don't give a shit about making their own lives better. As long as it is easy and they are told it's acceptable they are good to go."
... well, maybe tomorrow, there's something good on tonight that I want to watch.
That's not just wrong, I find that statement morally repugnant! I'm going to write my congressman about this!
This is why you use a NetApp. Backups are atomic, guaranteeing filesystem integrity, so recovering from a restore is exactly identical to recovering from a system crash, except you have more guarantees about the state of your data. I've used NetApp snapshots (the fundamental building block upon which backups are based on a NetApp) to back up Oracle databases that were under heavy read/write load, and restored backups of same. No worries.
"I will give it to him that across distributions linux is not consistent but businesses use RHEL or Novell against which all major applications like Oracle are certified.Within these distributions things are largely consistent."
You're correct, but let me hone that point a bit: Linux is NOT a platform. Linux is an operating system kernel, and the term loosly applied to a variety of platforms. Saying that Linux is not consistent is like saying that cars are not consistent. It's a correct statement, but also largely ignorable. Linux-based products like TiVo and RHEL can be market winners without any interest in what Linux looks like elsewhere.
As for Linux vs. Windows: I don't think anyone who knows anything about how the OS market works is thinking Windows will be gone tomorrow or even in 10 years. However, it could well be the case that 5-10 years down the road continued pressure from Linux on the desktop and the obvious inroads that were made on the server-side will force Microsoft to assume an offensive enough stance that MacOS will have an edge, and that MacOS will then focus Microsoft's attention to the extent that certain Linux products will have an edge.
MacOS+Linux+misc could quite realistically have a market share approaching that of Windows in 5-10 years, and that would effectively remove Microsoft's ability to make and succesfully enforce their cart-blanche demands on hardware vendors and OEMs.
All I do "is run X Windows" (more correctly, "The X Window System"... there's some very old problems with calling it "X" or "X Windows" that MIT asked people to avoid by calling it by its full name)... of course, I run applications on top of it.
They range from gnome-terminal to firefox to music visualization to video games like Neverwinter Nights to 3D screensavers to Celestia.
I find that even for routine tasks like opaque movement of windows, a decent driver makes a huge difference, but of course for massive 3D applications like a modern video game, there's no question that you need the best acceleration you can get your hands on.
Until this announcement you were pretty much stuck with ATI or the binary-only driver for NVidia. I don't know how good the cards from these companies are, but if they're decent this could really open up the market. I only know via as a maker of on-motherboard chipsets, and I don't know XGI at all.
"The typical case involves a lot of outgoing connections on port 25 -- you can't really block this as well unless the user in question uses nothing but webmail."
"Eh? port 25 is for SMTP servers"
You missed the word "outgoing". For example, I want to send business email from home. I connect to port 25 on my company's MTA, step up to TLS encryption and authenticate as my work username (all transparently through my MUA which allows me to just pull down a list of "from addresses"). I can then send mail securely "from work" to our customers. Relaying such sensitive mail through my ISP who doesn't even support TLS is not an option.
"Checking your mail is done through POP3 and IMAP on ports 110 and 143, respectively. My ISP (Cox Cable) blocks port 25 on all non business level service, which pisses me off since I'd like to run my own server, but I'm sure it does help keep the spamming to a minimum."
I've been lazy about going out and buying DSL from Speakeasy, but the moment Comcast did this, I would drop them like a hot rock for Cable and Internet, and go with DSL+Dish instead. Back in the AT&T BI days, I had an understanding with the sysadmins that worked there. They officially discouraged home servers because they didn't want the masses doing it poorly, but the were fine with professionals like myself doing it well as long as we didn't mind getting smacked around if we did something stupid.
That policy is the assumption that I continue to operate under, and no amount of poorly configured blacklists or other silly external attempts to enforce an SLA that I am not held to by the company will convince me otherwise.
As for spamming from residential networks, it would evaporate if people carefully and correctly applied tools like greylisting, Spamhaus's excellent XBL and SpamAssassin.
Hey, more power to 'em! I hope they sue a few thousand more people.
Best thing the RIAA can do now is convince everyone to buy music only direct from artists with an agreement that file-sharing is cool. The RIAA can feel free to up the timetable on that process all they like.
"I know I'm not paying for any of those."
I doubt there was ever any question as to the average Slashdotter being in the target audience.
The target audience is going to be that set of companies that consider finding and installing plugins to be difficult and worthy of a support contract.
You could have said the same for Linux, back when Red Hat started shipping CDs.
I think the only likely market for this would be companies who are now using IE and thinking about switching, but wanting a corporate "face". Nifty new features would be a nice selling point, but "we offer Firefox's security and extensibility as a supported product," is really what a lot of small to mid-size companies are looking for right now.
"people aren't going to shell out for things they don't really need."
Three words: supported, secure browser.
Medium sized companies that have had to purge about 20 rounds of viruses that snuck past firewalls, mail scanners and anti-virus programs (usually via social engineering) are just about as fed up as they'll ever get. They're moving to web-based mailers to avoid Outlook, and they're eyeing Firefox, but FF is just a browser... they want a company they can sink their teeth into. AOL's Netscape browser isn't a core product, and is in the "might be gone tomorrow" camp....
I think these guys have a serious niche, just as Red Hat did, back in the day.
"These people will find out the hard way that the types of people that thinks FireFox is just the most absolutely, unbelieveable, best thing EVER, are the same types of people that believe they should get everything for free."
Well, if those are his target customers then anyone could have told hime that he was doomed to failure (and probably would have).
I imagine that that's not at all the target. Instead, if I were him, I'd be targetting the mid-sized corporations that rely on IE now, and are just starting to think about looking for a way out.
INSIGHTFUL?! I've seen some amazing moderator goofs, but this one takes the cake!
No, this is not insightful, this is called trolling. It's akin to, "have you stopped beating your wife?"
However -- to answer his question -- if you have nothing to hide, you keep you lips sealed if:
"I'm going to call you on your bullshit."
There are things in life worth bullshitting over. This, my friend, ain't even near the edge of the list.
"How much are you claiming you used to pay for CDs?"
Hard to recall, but I think $6-10 was average at the time with some CDs being as much as $12. I then remember after I stopped buying CDs, something like $13 becoming a fairly common price and saying, "my God, that's insane!" Then they hit $20 before coming down a bit. I just took a look a the top recommendations for my account in music on Amazon. I see (as the discounted Amazon price): $14.99, $14.99, $6.98 (indie label), $17.98, $13.99, $13.49
"And what year did you stop buying them?"
Somewhere in the early to mid 90s. Don't recall exactly. It was around the time that multi-disc turn-table type players were just getting popular (you have probably never seen these, but they were reasonable to make at the time because the form-factor was the same as a Laser Disc player... then again you may have no idea what Pioneer's Laser Disc format was....
"As far as I can recall, CDs have always cost about $15-20 retail."
Some school puts out a depressing little list every year of items that establish the cultural context of the incoming class of freshmen. It's things like, "was not alive when casette tapes were popular" or "never saw a $10 CD in a store"... man, I feel old, and I'm only 35!
I was talking to a co-worker the other day. She's a musician, and she was saying that downloading of music has really hurt musicians. I told her that I didn't believe that, but only because of my personal situation. You see, I don't buy CDs. I used to. I used to buy at least 3-4 per month. But, then prices kept going up, and eventually it just stopped being worth it. I actually stopped buying CDs LONG before I was able to download music, and to this day, the music I listen too is almost entirely rips of MY old CDs, not downloaded music.
She said, "but $15 or $20 isn't that much for soemthing you enjoy." I agreed, but the problem is that that logic worked back when you bought a several oz. chunk of vinyl, took it home and played it start-to-finish. When I stopped buying music, I was buying CDs to put into shuffle-players (and of course, today, I put a thousand songs on shuffle-play). It's a differnt economy of scale, and sadly it favors music "product" over music "substance".
The only solution that I can see is for people to stop buying media as their primary source of music, and instead patronize live evnets, the smaller the better. I'd love to go back to the 50s where you never went ANYWHEERE that didn't have live musicians playing. Department stores had musicians. Bars had musicians. They were everywhere. A friend of mine who was in his 40s when I was a teen-ager once advised me to learn and instrument because I could always fall back on that if my career wasn't doing well. Today, that's horrible advice, but it SHOULDN'T be!