This isn't a development kernel or an "release candidate" system, it's the official Win2K software that will hit the stores in a few weeks. OEMs got it early so they can get their systems ready for "first-day" sales of systems preloaded with the software. Even if MS had sat on the software until the 17th, these holes would have been discovered within days.
Meanwhile, you grossly misstate the maturity of our community. The 2.2.0 kernel had a significant bug in it, and everyone laughed because it we remembered the long fights between those who insisted the 2.2.0.pre-X kernel was ready and those who wanted just a bit more testing. Linus had to make a choice, and he jumped just a hair too soon. C'est la vive!
However, as I recall Linus never made a big deal out of how Linux 2.2.0 was going to finally start taking security seriously. In contrast, I've seen a lot of press recently about how MS is finally taking security seriously. That makes the discovery of *two* security bugs so quickly quite amusing.
I agree with you that Mitnick faces the burden of proof on all material regarding criminal acts involved in his plea bargains (N.B., not convictions obtained by demonstrating overwhelming evidence - an important distinction when a person is held in jail, without bond, for something like 80% of their eventual prison time), but that says nothing about incidental data being held by the feds.
To give an (hopefully) ludicrious example, let's assume that the disk also contains hundreds of encrypted kiddie porn pictures. He was never charged with possession of such pictures, never even suspected of possessing them, and has surrendered no presumption of innocence regarding possession of such pictures. Yet turning over his encryption key would inevitable result in prosecution for possession of contraband material.
IMHO (and highly non-legal one), I think it's reasonable for the feds to demand the encryption key to be confident that "criminal tools" aren't returned to Mitnick. At the same time, I think they are crazy to expect anyone to agree to that without a blanket immunity against the material being used in further persecution... sorry, prosecution. And that may be precisely the point - to make an offer which looks reasonable in a 12-second sound bite in the evening news, but which could never be accepted in the real world.
IANAL, but from the other material posted it sounds like you can still make archival copies by reading the block device.
In a true irony which I hope the BMG executives consider when deciding whether to keep the bozo who conned them into this scheme, the only way most of us will be able to listen to this music is to read the corrupted data from the block device, run a repair program on it, then burn it to CD-R. Unlike DVD, the original disk is worthless and millions of consumers have CD-R burners. And those of us who use ours for data archive, not CDA mastering, will make an exception in this case - a CD-R is *far* cheaper than a new CD player.
A lot of stores have strict return policies - if you open the CD then you can't return it. At most, you can exchange it with an identical album.
The rationale is simple, and compelling in college towns (such as where I live) - the store is trying to prevent students from buying a disk, ripping it to tape (or MP3 nowadays), then returning the album for a full refund.
Of course, that policy will *not* work if a label starts defrauding the public by using an incompatible format without clearly labeling it as such. The obvious solution which other people have suggested - filing criminal fraud charges against the record store and label - are unlikely to go anywhere because no DA will prosecute a case where the loss is the cost of a CD. Individuals will probably win in small claims court, but that's a hassle and BMG will continue to rake in money from the public -- and harm the reputation of its artists.
The only way to stop BMG sppears to be a class action civil lawsuit (hmm, is fraud = breach of contract and subject to treble damages?), a successful boycott, or sending the Norwegian police to arrest the president of BMG for "economic crimes."
A quick history & science lesson. The first "trojan" objects discovered where clusters of asteroids in Jupiter's orbit, but 60 degrees ahead and behind of it. The name "trojan" refers to mythology (since Troy was considered a myth at the time), but I don't recall the details of why that name was picked.
This cluster wasn't hard to explain - the "three body problem" can't be analytically solved for the general case, but it can be easily solved for cases where M1 >= M2 >> M3. This solution shows five points there the gravitational attraction of the two large bodies balance. IIRC all of these points are "stable," but objects can orbit those points for billions of years before friction with the solar wind, gravitational attraction from other objects, etc., cause the object to return to a normal orbit.
The five Lagrange points are named L1-L5. As I recall, if M1 >> M2 then
L1 = on M1-M2 line, opposite of M2 (e.g., "counter-earth")
L2 = on M1-M2 line, between M1 and M2, (e.g., the solar observer satellite)
L3 = on M1-M2 line, beyond M2
L4 = 60 degrees ahead of M2 on M2's orbit
L5 = 60 degrees behind M2 on M2's orbit
Since it's been twenty years since I thought about this, I might have L1-L3 permuted and L4-L5 reversed.
Seriously, simply tossing in tripwire (and kin) is *not* adequate -- and in fact it leads to a false sense of security. The problem is that anyone with root access could modify the files, reinitialize the database, and the changes are indetectable.
Even if your database is safe (e.g., CD-R, or r/o NFS directory), are you sure that tripwire hasn't een tampered with? That the crontab entry hasn't been tampered with? That the tripwire reports aren't disappearing down a rabbit hole?
Don't get me wrong - tripwire is an extremely valuable tool, but unless the sysadmins knows what they're doing it can be easily circumvented by any knowledgable person with root access. Or by any script writer who knows how to check for the existence of local tripwire databases, for the times it runs as root and can do something nasty.
Microsoft has to do the big advertising blitz precisely because Windows is an established product.
Businesses will not undertake an upgrade lightly - the cost per system can easily hit several kilobucks after you include the Win2k upgrade license, the third party product upgrades (for products that break under W2K), the IT staff to install the software, the staff to retrain employees, the lost productivity of employees in training classes and for the next N days, etc. Few shops will pay less than $1000/system to upgrade, some might pay upwards of $5000/system.
These upgrades tend to be "all-or-nothing" affairs. While you could run one group under NT4 and another group under W2K, that involves a duplication of effort that might be more costly than simply pushing everything over to the new OS. Again, that is a strong disincentive to upgrading quickly, esp. with Microsoft's hard-earned reputation for poor quality initial releases. Few IT managers will rush to upgrade today... and twice again in the next six months as service packs are released.
So the target audience of W2K knows that the cost of switching is significant - and the cost of the software license is only a small part of the total. They have to be convinced that the cost is worth it - and that's where the advertising blitz comes in.
As a secondary effect, don't forget that some managers will be comparing the cost of upgrading from NT4 to W2K (esp. if it requires a major hardware upgrade) to the cost of switching from NT4 to Linux. I'm sure a lot of the marketing will focus on how much is the same (low cost of transfer), not how much is different (so the cost of conversion to Netware or Linux is comparable to the cost of conversion to Win2K).
Several other people have called for people to join the EFF and ACLU, but they forget the most obvious connection.
Subscribe to 2600! Today
Hell, take just part of the cost of DVD player you've put off buying and buy a lifetime subscription to 2600, then send a copy of the check (with an explanation) to the MPAA!
We're just farting in the wind when we debate what the First Amendment "really" means. Fortunately, a cable TV show answers our questions. (Freedom of Assembly comments follow summary of the show.)
The History of the Nazi Party in America provides a hard, historical overview of what Freedom of Speech means in the US over a 60-year period. A 1940(or so) rally in Madison Square Garden, complete with swastikas and a huge portrait of George Washington, is acceptable. So are the hecklers in the audience.
A post-war Nazi party is acceptable... and the guy who murdered the leader for claiming that paler whites were superior to darker-hued whites was still charged with murder.
A 70's era Nazi march through a Chicago suburb with a large death camp survivor population is acceptable... but everyone agreed that public safety would be better served by moving the parade into another suburb. The Nazis even agreed, after they won a surprising Supreme Court victory. (These Nazis were later immortalized in the Blues Brothers.)
A 80's era neo-Nazi group that robs banks to fund the revolution, and murders radio talk show hosts who mock them, is not acceptable. All of the members are serving life sentences or killed during capture.
I doubt anyone here would argue that *anything* posted to Slashdot is a fraction as offensive as acts which have been held to be constitutionally protected for years. Arguing about Free Speech, in capitalized letters, is a red herring.
On the other hand, Freedom of Assembly does not mean that every assembly (such as slashdot) must accept every Juan, Dick and Cheri that comes along and demands entry. Groups may restrict access to people with a common interest -- and expel the jerk who tries to sell life insurance in a knitting circle.
Ignoring the non-trivial fact that Slashdot, as a private organization, is not subject to Constitutional restrictions... I believe that Slashdot moderation and metamoderation fall under the "assembly" umbrella, not the "speech" umbrella, in the same manner that nobody cries out "Freedom of Speech!" when stiffled by Robert's Rules of Order.
Katz's observations are not an attempt to impose censorship, but rather a plea that Slashdot act more like a drunken college frat party than a drunken high school lockerroom brawl.
It's extra-legal, but I wouldn't be surprised if the reason that the lawyers acted was that these domains were going to be AUCTIONED.
Individual consultants with "linux" in the name have a single domain name, and they don't make a beef about representing THE Linux, only the collection of HOWTOs, programs, limited distros, etc. packaged in a convenient place for the reader. (This allows the Linux material to survive reorganization of the sponsor's main web site - obviously the material can be collected on that page, but a reorg could break links.) The fine print inevitably refers people to Linux International for THE Linux.
In contrast, with an auction you don't know what you're going to get. As others have pointed out, the feeding frenzy for anything with "Linux" in it suggests that you'll find porn sites, scam sites, and worst. That's something that no trademark holder can afford to ignore.
So my impression is that this is much ado about nothing -- and it's certainly not illegal for his lawyers to focus on extra-legal factors like whether the domain name is being publicly auctioned.
No, that's a valid way of determining people's values. The guy who paid the bill did it for selfish reasons - he wanted the web page to work - but a lot of people I know would have simply bitched and not acted at all.
I know who *I* want working behind the scenes of the products I use!
As for Bill Gates, the rules are very different for anyone with that much money. If I donated 10% of my net worth to charity over a few years, I wouldn't starve but I might be forced to stay in a condo, instead of a detached house, for an extra few years. But anyone with a net worth in the billion dollar range could lose 50% of that worth without it affecting their life.
So while Bill Gates' contributions are impressive, they don't leave him deciding to make a noticeable sacrifice in his own life in order to help others who have far less.
(IANAL, but...) Microsoft wasn't close to losing this domain name, but in general it would probably fall under the rules for abandoned property.
A trademark is *not* an absolute IP right, it has to be defended. That's why they send out "cease and dissent" orders for trivial infringements, like the "Dummy's Guide to my roommate's most annoying habits." If the IP owner doesn't defend their rights, they become unenforceable.
A domain name can be defended by trademarks, of course, but the flip side is that a domain name is the most trivial thing to defend - the cost of an annual renewal is far less than the cost of consulting with your lawyer for an hour. If a company not only didn't pay the fee while the domain was "on hold," but actually let it slip entirely, a judge is unlikely to feel that they exercised due diligence in defending their IP property. It depends on how tightly the domain is tied to the company, of course, but I would not be surprised if domains with only loose connections ("passport" = Microsoft?) be declared legally abandoned and open to whoever paid the bill.
Some sites are now offering "online checks" for people who aren't willing to trust their credit card to the net.
As others have pointed out in different responses, it's *worse* since credit cards have fraud limits - and that limit applies to all fradulent charges. Checks, in theory, will be fully refunded if you file the paperwork to claim fraud. In practice, most banks have quietly changed their fine print to say that if someone has your account number the presumption is that you have authorized *any* access, and it is damn hard to get them to stop honoring debits. In practice you must close the account, something that's far more disruptive with checks than with a credit card.
I can understand why the banks did this - they probably got tired of being caught in the middle between customers and health club finance companies - but the practical effect is that checks are now far less secure than credit cards.
I mention this only because I've already seen some sites advertising that they offer "online checks" as a "secure" alternative to credit cards, and stories like this will only make things worse.
One of Debian's primary goals is system *stability*. This is boring for the technically competent home user, but utterly critical in the enterprise.
Potato will lose little by not providing the new kernel by default - it is easy to upgrade your system later. However it keeps a kernel with a year's worth of field testing on it. Bugs undoubtably still remain, but it will be many months before 2.4 is as stable as 2.2 today.
The same thing applies to XFree86 4. By staying with the current XFree86 3.3 version Debian will lose some new features, but it will have a well tested X subsystem. If things go well people can upgrade later, while corporate users aren't affected by 4.0 (relative) flakiness.
Finally, an analogy I often use is to hiking gear. The whole purpose of hiking gear isn't to "look cool" (although that's always nice), it's to get me into the remote backcountry *and back.* That's why I might test out new gear on local trails, but I use ratty old gear when I'm going to be many hours away from help. The cost of a shoe falling apart isn't $100, it's a bloody foot torn to shreds by hiking barefoot in the Rockies for miles, so I stick with things I know are reliable even if they're slightly outdated.
As a packager, and someone who lives in the same small town as Phil Zimmermann (Boulder, Colorado), let me be the first to congratulate you on being responsible for denying others Debian packages for MIT Kerberos for almost two years.
YOU can "take a stand" because it's not your fat ass on the line. The unfortunate fact is that if I make packages available when I know that some people plan to violate the law, I know that the feds can come after me. They DON'T have to actually file charges to make my life a living hell, and in fact they will do everything possible to *avoid* filing charges since certain legal protections only kick in to defendents, not people "merely" under investigation for committing a crime.
Since Phil Zimmermann lived in Boulder at the time (and may still live here, although I haven't seen him for awhile) the local press covered his story long after the national press dropped it. This is not an obscure risk that happened to someone, sometime, this is a concrete risk that happened to someone I (casually) know and which caused him a large amount of inconvenience and significant personal expense.
If you want to take a stand, grow some balls and take your own fscking stand. BUT DON'T ACT IN AN IRRESPONSIBLE MANNER THAT EXPOSES OTHERS TO SIGNIFICANT LEGAL RISK JUST SO YOUR SPINELESS SOUL CAN SLEEP WELL AT NIGHT!
Finally, never forget that your zealotry made it risky (even impossible) for many of us moderates to work from within the system. The Feds do not make examples out of well-financed opponents with good connections, they try to cut out the weaker members of the herd. That's why most of the court cases have focused on graduate students. We could have tried to quietly loosen our restrictions to the point that the government would realize that liberalization was a fait accompli, but because of European airheads we were never "out of the spotlight" enough to take big risks.
Granted, but in that case you're using the firewall to accomplish a specific task - prevent DoS attacks, instead of using it as Magic Condom that will protect your site from your own recklessness.
Unfortunately, in the real world there are a lot of MIS and IT directors who believe that the average run-of-the-mill MSCE actually knows what he's talking about... and is more grounded in reality than his "ivory tower" Unix sysadmins. So they refuse to use "sudo" or "crack" and depend on a firewall for all of their security. *Those* are the people who should add a firewall last.
Kerberos 5 changed the protocol in a significant manner in order to prevent certain attacks, although I can't recall if was "man in the middle" off of the top of my head. That's why it's Kerberos 5, instead of 4.1.:-)
As for encryption, I've been using encrypted ktelnet, kftp, krlogin and cvs without any problems. It's possible that the package was built with user-level encryption turned off for some reason.
Take a step back and consider not-so-distant history.
In the past, if someone wanted something like Kerberos they would have to *mail* a request to the authors and request physical media back. Even after web browsers became common, they had to email a request to the authors who would then explicitly decide whether to grant access.
In contrast, most crypto sites today allow you to fill out an online form and you are granted immediate access. However the license now adds that restrictive clause.
If people started openly violating the terms of the license the authors would not say "oh well, we didn't really care about it anyway." They would say "damn it!" and remove web access to the material. You want a copy of the source code, you'll have to mail a copy of your passport & and signed statement of intent to comply with the laws. The alternative is to have the Feds take it to court and have even stricter limits put on access to the material, e.g., the person must show up in person to get the material.
Here's a quick comparison of Kerberos & SSH, suitable for viewgraphs for PHBs.:-)
Kerberos provides strong mutual authentication, plus limited encryption. SSH provides strong encryption, but limited authentication. (SSH authenticates hosts during initial connection, and optionally users connecting to sshd, but not arbitrary client/server authentication.)
Kerberos uses three-party authentication - client, server and domain controller. SSH uses two-party authentication - client and server. (Prior to the government's attempts to escrow encryption keys and Phil Zimmermann's response, three-party authentication was the norm. With Kerberos, the KDC can be run by the employer, university, or household!)
Local Kerberos security breaches (e.g., exposure of/etc/krb5.keytab) can be handled globally by a single change at the KDC. Local SSH security breaches (e.g., exposure of/etc/ssh/ssh_host_key) must be handled at each site which connects to it.
Global Kerberos security breaches (e.g., exposure of a */admin password) affect everyone within the domain, so good KDC security is crucial. Global SSH security breaches are impossible.
Kerberos uses DES session encryption by default, although some implementations support 3DES and IDEA. SSH uses IDEA (iirc), so SSH encryption is somewhat stronger "out of the box."
Kerberos does not support "tunneling". SSH does.
Kerberos PAM modules exist, but all I have seen to date violate the Kerberos security model and should never be used. I'm not sure if SSH PAM modules exist, but again I'm sure they violate the SSH security model and should never be used.
Kerberos access can be mediated by "digital certificates" and smart cards. I expect the same could be same of SSH, although I am not certain.
Finally, Kerberos-enhanced SSH exists although I am not familiar with the details of it. However, the important thing is that a site may use both SSH and Kerberos, if desired.
That's just the beginning - the real power of Kerberos is that it defines an API which can be added to *any* application that wants strong mutual authentication between the client and server.
This means that kerberos-enhanced CVS allows the CVS server to identify you -- and you to be sure that your CVS server wasn't hijacked via DNS or TCP/IP attacks.
It allows your printer to confirm your identity... and you to confirm that your remote printer hasn't been hijacked by a competitor.
It allows you to know exactly what system is feeding your remote tape backup drive... or requesting to restore sensitive accounting information or source code.
It allows your database to know who is access it... and the user to know that the database hasn't been hijacked by a rogue site offering ludicrious information designed to drive your customers away... or you into backruptcy.
And all of these applications can negotiate session-based encryption.
I could continue, but my fingers are getting tired. The point should be clear: Kerberos packages, by themselves, are best viewed as enabling tools, not the final destination.
BTW, the best description I've seen of a fully Kerberized site is that it doesn't require a firewall -- all of the applications have been sufficiently armored that a firewall offers no additional benefit. That's a bit harsh, but it does reflect the conservative approach that the firewall should be the *last* thing added to your network security model, not the first.
First, a bit of background information that you may be missing. Kerberos *NEVER* sends any password across the network in plaintext, and only transmits the encrypted password when the password is actively changed. Kerberos uses an encrypted challenge/response technique between the user's host and the Kerberos domain controller, so any file-based approach like NIS distributed password files will never be kerberized.
One of the major changes in Kerberos 5 is support for X authentication "MIT-KERBEROS-5". This allows you to use Kerberos principal names to control access to your system, e.g.,
$ xhost +:krb5:coyote@LOCAL
This grants access to your system to a particular user regardless of location. The other authentication methods generally grant access to all users of a particular system, or require that you manually exchange authentication information.
Kerberos 5 XDM should also acquire Kerberos 5 credentials for you, if properly configured.
HOWEVER, before you run off and start recompiling xfree86 you should be aware that the current version has been "broken" for some time, at least with the current MIT Kerberos API. You might be able to get it to work with an older version, but that would force you to retain known security bugs as well.
Because of XFree86 4 and the changing US export rules some of us are revisiting the problem and XDM patches should be available soon. MIT-KERBEROS-5 support is a different matter, since one of the biggest items on everyone's wish list is the ability to specify Kerberos encryption on the wire. This would people working from home to use encrypted wire protocol when connecting to their office via xDSL or cable modems.
Kerberos 4 does not support MIT-KERBEROS-5 authentication, although it might be patched to collect a Kerberos credentials for you.
Finally, I'm sure it's possible to modify NIS to require Kerberos authentication (and encryption), but AFAIK nobody's done it. However, in this case NIS would be an application with Kerberos enhancements, not a Kerberos login mechanism.
MIT Kerberos may become exportable in the next few weeks; I'm sure the lawyers are looking at it. It's definitely "free software" and primarily uses DES encryption (56 bit symmetric keys).
Also, I have put up unofficial Debian packages on my web site, and I know that someone at the MIT site is looking at updating the "contrib" section to include the recent work.
So don't rule out MIT Kerberos yet... or packages you haven't heard about. I first offered my MIT Kerberos packages probably close to two years ago but my packages were rejected because 1) I'm an American and 2) Debian's maintainer process was beginning it's long descent until the innermost circle of Hell. Among other things, that means that I have a lot of experience with a Linux-based KDC (many other packagers are using foreign KDCs) and Kerberos-enhanced Linux packages. Top of my plate - either converted or soon to convert, are CVS, LPRNG, Postgresql, and possibly XDM (to acquire ticket but not set up MIT-KERBEROS-5 authentication.)
But anyone who uses it violates the terms of the MIT license since it explicitly requires that the users be domestic (US and Canada) or have acquired it via a legal export.
It's easy to say "well, I don't care I'm gonna run it anyway!", but then where do you stop? Do you use GPL (not LGPL) libraries because you can? Do you reuse GPL source in your proprietary code?
If we want our licenses to be respected by others, we MUST respect the licenses ourself. Otherwise we'll find ourself in the same position as the proprietary software known to pirate other companies' software -- an obvious hyprocrite who has absolutely no moral grounds to complain when it's our ox being gored.
No, Hawking radiation explains why we aren't constantly being bombarded with micro-blackholes left over from the big bang. These micro-holes would have been very light - I think the event horizons would have been far smaller than the "interaction cross-section" of protons and neutrons, and rarely mass more than a few grams - and even that might be overstating the mass by many orders of magnitude.
In contrast, any black hole we observe from earth will have a stellar mass and will *not* evaporate. At least, not until long after the last star has reached thermal equalibrium with the rest of the universe.
Slashdot Mirror
This isn't a development kernel or an "release candidate" system, it's the official Win2K software that will hit the stores in a few weeks. OEMs got it early so they can get their systems ready for "first-day" sales of systems preloaded with the software. Even if MS had sat on the software until the 17th, these holes would have been discovered within days.
Meanwhile, you grossly misstate the maturity of our community. The 2.2.0 kernel had a significant bug in it, and everyone laughed because it we remembered the long fights between those who insisted the 2.2.0.pre-X kernel was ready and those who wanted just a bit more testing. Linus had to make a choice, and he jumped just a hair too soon. C'est la vive!
However, as I recall Linus never made a big deal out of how Linux 2.2.0 was going to finally start taking security seriously. In contrast, I've seen a lot of press recently about how MS is finally taking security seriously. That makes the discovery of *two* security bugs so quickly quite amusing.
I agree with you that Mitnick faces the burden of proof on all material regarding criminal acts involved in his plea bargains (N.B., not convictions obtained by demonstrating overwhelming evidence - an important distinction when a person is held in jail, without bond, for something like 80% of their eventual prison time), but that says nothing about incidental data being held by the feds.
To give an (hopefully) ludicrious example, let's assume that the disk also contains hundreds of encrypted kiddie porn pictures. He was never charged with possession of such pictures, never even suspected of possessing them, and has surrendered no presumption of innocence regarding possession of such pictures. Yet turning over his encryption key would inevitable result in prosecution for possession of contraband material.
IMHO (and highly non-legal one), I think it's reasonable for the feds to demand the encryption key to be confident that "criminal tools" aren't returned to Mitnick. At the same time, I think they are crazy to expect anyone to agree to that without a blanket immunity against the material being used in further persecution... sorry, prosecution. And that may be precisely the point - to make an offer which looks reasonable in a 12-second sound bite in the evening news, but which could never be accepted in the real world.
IANAL, but from the other material posted it sounds like you can still make archival copies by reading the block device.
In a true irony which I hope the BMG executives consider when deciding whether to keep the bozo who conned them into this scheme, the only way most of us will be able to listen to this music is to read the corrupted data from the block device, run a repair program on it, then burn it to CD-R. Unlike DVD, the original disk is worthless and millions of consumers have CD-R burners. And those of us who use ours for data archive, not CDA mastering, will make an exception in this case - a CD-R is *far* cheaper than a new CD player.
A lot of stores have strict return policies - if you open the CD then you can't return it. At most, you can exchange it with an identical album.
The rationale is simple, and compelling in college towns (such as where I live) - the store is trying to prevent students from buying a disk, ripping it to tape (or MP3 nowadays), then returning the album for a full refund.
Of course, that policy will *not* work if a label starts defrauding the public by using an incompatible format without clearly labeling it as such. The obvious solution which other people have suggested - filing criminal fraud charges against the record store and label - are unlikely to go anywhere because no DA will prosecute a case where the loss is the cost of a CD. Individuals will probably win in small claims court, but that's a hassle and BMG will continue to rake in money from the public -- and harm the reputation of its artists.
The only way to stop BMG sppears to be a class action civil lawsuit (hmm, is fraud = breach of contract and subject to treble damages?), a successful boycott, or sending the Norwegian police to arrest the president of BMG for "economic crimes."
This cluster wasn't hard to explain - the "three body problem" can't be analytically solved for the general case, but it can be easily solved for cases where M1 >= M2 >> M3. This solution shows five points there the gravitational attraction of the two large bodies balance. IIRC all of these points are "stable," but objects can orbit those points for billions of years before friction with the solar wind, gravitational attraction from other objects, etc., cause the object to return to a normal orbit.
The five Lagrange points are named L1-L5. As I recall, if M1 >> M2 then
L1 = on M1-M2 line, opposite of M2 (e.g., "counter-earth")
L2 = on M1-M2 line, between M1 and M2, (e.g., the solar observer satellite)
L3 = on M1-M2 line, beyond M2
L4 = 60 degrees ahead of M2 on M2's orbit
L5 = 60 degrees behind M2 on M2's orbit
Since it's been twenty years since I thought about this, I might have L1-L3 permuted and L4-L5 reversed.
Of course, the obvious response is to run MS Office as root... in a chroot jail! It will be worth the hassles to have the obvious desktop icon.
Script kiddies love you. :-)
Seriously, simply tossing in tripwire (and kin) is *not* adequate -- and in fact it leads to a false sense of security. The problem is that anyone with root access could modify the files, reinitialize the database, and the changes are indetectable.
Even if your database is safe (e.g., CD-R, or r/o NFS directory), are you sure that tripwire hasn't een tampered with? That the crontab entry hasn't been tampered with? That the tripwire reports aren't disappearing down a rabbit hole?
Don't get me wrong - tripwire is an extremely valuable tool, but unless the sysadmins knows what they're doing it can be easily circumvented by any knowledgable person with root access. Or by any script writer who knows how to check for the existence of local tripwire databases, for the times it runs as root and can do something nasty.
Microsoft has to do the big advertising blitz precisely because Windows is an established product.
Businesses will not undertake an upgrade lightly - the cost per system can easily hit several kilobucks after you include the Win2k upgrade license, the third party product upgrades (for products that break under W2K), the IT staff to install the software, the staff to retrain employees, the lost productivity of employees in training classes and for the next N days, etc. Few shops will pay less than $1000/system to upgrade, some might pay upwards of $5000/system.
These upgrades tend to be "all-or-nothing" affairs. While you could run one group under NT4 and another group under W2K, that involves a duplication of effort that might be more costly than simply pushing everything over to the new OS. Again, that is a strong disincentive to upgrading quickly, esp. with Microsoft's hard-earned reputation for poor quality initial releases. Few IT managers will rush to upgrade today... and twice again in the next six months as service packs are released.
So the target audience of W2K knows that the cost of switching is significant - and the cost of the software license is only a small part of the total. They have to be convinced that the cost is worth it - and that's where the advertising blitz comes in.
As a secondary effect, don't forget that some managers will be comparing the cost of upgrading from NT4 to W2K (esp. if it requires a major hardware upgrade) to the cost of switching from NT4 to Linux. I'm sure a lot of the marketing will focus on how much is the same (low cost of transfer), not how much is different (so the cost of conversion to Netware or Linux is comparable to the cost of conversion to Win2K).
Several other people have called for people to join the EFF and ACLU, but they forget the most obvious connection.
Subscribe to 2600! Today
Hell, take just part of the cost of DVD player you've put off buying and buy a lifetime subscription to 2600, then send a copy of the check (with an explanation) to the MPAA!
We're just farting in the wind when we debate what the First Amendment "really" means. Fortunately, a cable TV show answers our questions. (Freedom of Assembly comments follow summary of the show.)
The History of the Nazi Party in America provides a hard, historical overview of what Freedom of Speech means in the US over a 60-year period. A 1940(or so) rally in Madison Square Garden, complete with swastikas and a huge portrait of George Washington, is acceptable. So are the hecklers in the audience.
A post-war Nazi party is acceptable... and the guy who murdered the leader for claiming that paler whites were superior to darker-hued whites was still charged with murder.
A 70's era Nazi march through a Chicago suburb with a large death camp survivor population is acceptable... but everyone agreed that public safety would be better served by moving the parade into another suburb. The Nazis even agreed, after they won a surprising Supreme Court victory. (These Nazis were later immortalized in the Blues Brothers.)
A 80's era neo-Nazi group that robs banks to fund the revolution, and murders radio talk show hosts who mock them, is not acceptable. All of the members are serving life sentences or killed during capture.
I doubt anyone here would argue that *anything* posted to Slashdot is a fraction as offensive as acts which have been held to be constitutionally protected for years. Arguing about Free Speech, in capitalized letters, is a red herring.
On the other hand, Freedom of Assembly does not mean that every assembly (such as slashdot) must accept every Juan, Dick and Cheri that comes along and demands entry. Groups may restrict access to people with a common interest -- and expel the jerk who tries to sell life insurance in a knitting circle.
Ignoring the non-trivial fact that Slashdot, as a private organization, is not subject to Constitutional restrictions... I believe that Slashdot moderation and metamoderation fall under the "assembly" umbrella, not the "speech" umbrella, in the same manner that nobody cries out "Freedom of Speech!" when stiffled by Robert's Rules of Order.
Katz's observations are not an attempt to impose censorship, but rather a plea that Slashdot act more like a drunken college frat party than a drunken high school lockerroom brawl.
It's extra-legal, but I wouldn't be surprised if the reason that the lawyers acted was that these domains were going to be AUCTIONED.
Individual consultants with "linux" in the name have a single domain name, and they don't make a beef about representing THE Linux, only the collection of HOWTOs, programs, limited distros, etc. packaged in a convenient place for the reader. (This allows the Linux material to survive reorganization of the sponsor's main web site - obviously the material can be collected on that page, but a reorg could break links.) The fine print inevitably refers people to Linux International for THE Linux.
In contrast, with an auction you don't know what you're going to get. As others have pointed out, the feeding frenzy for anything with "Linux" in it suggests that you'll find porn sites, scam sites, and worst. That's something that no trademark holder can afford to ignore.
So my impression is that this is much ado about nothing -- and it's certainly not illegal for his lawyers to focus on extra-legal factors like whether the domain name is being publicly auctioned.
No, that's a valid way of determining people's values. The guy who paid the bill did it for selfish reasons - he wanted the web page to work - but a lot of people I know would have simply bitched and not acted at all.
I know who *I* want working behind the scenes of the products I use!
As for Bill Gates, the rules are very different for anyone with that much money. If I donated 10% of my net worth to charity over a few years, I wouldn't starve but I might be forced to stay in a condo, instead of a detached house, for an extra few years. But anyone with a net worth in the billion dollar range could lose 50% of that worth without it affecting their life.
So while Bill Gates' contributions are impressive, they don't leave him deciding to make a noticeable sacrifice in his own life in order to help others who have far less.
(IANAL, but...) Microsoft wasn't close to losing this domain name, but in general it would probably fall under the rules for abandoned property.
A trademark is *not* an absolute IP right, it has to be defended. That's why they send out "cease and dissent" orders for trivial infringements, like the "Dummy's Guide to my roommate's most annoying habits." If the IP owner doesn't defend their rights, they become unenforceable.
A domain name can be defended by trademarks, of course, but the flip side is that a domain name is the most trivial thing to defend - the cost of an annual renewal is far less than the cost of consulting with your lawyer for an hour. If a company not only didn't pay the fee while the domain was "on hold," but actually let it slip entirely, a judge is unlikely to feel that they exercised due diligence in defending their IP property. It depends on how tightly the domain is tied to the company, of course, but I would not be surprised if domains with only loose connections ("passport" = Microsoft?) be declared legally abandoned and open to whoever paid the bill.
Some sites are now offering "online checks" for people who aren't willing to trust their credit card to the net.
As others have pointed out in different responses, it's *worse* since credit cards have fraud limits - and that limit applies to all fradulent charges. Checks, in theory, will be fully refunded if you file the paperwork to claim fraud. In practice, most banks have quietly changed their fine print to say that if someone has your account number the presumption is that you have authorized *any* access, and it is damn hard to get them to stop honoring debits. In practice you must close the account, something that's far more disruptive with checks than with a credit card.
I can understand why the banks did this - they probably got tired of being caught in the middle between customers and health club finance companies - but the practical effect is that checks are now far less secure than credit cards.
I mention this only because I've already seen some sites advertising that they offer "online checks" as a "secure" alternative to credit cards, and stories like this will only make things worse.
One of Debian's primary goals is system *stability*. This is boring for the technically competent home user, but utterly critical in the enterprise.
Potato will lose little by not providing the new kernel by default - it is easy to upgrade your system later. However it keeps a kernel with a year's worth of field testing on it. Bugs undoubtably still remain, but it will be many months before 2.4 is as stable as 2.2 today.
The same thing applies to XFree86 4. By staying with the current XFree86 3.3 version Debian will lose some new features, but it will have a well tested X subsystem. If things go well people can upgrade later, while corporate users aren't affected by 4.0 (relative) flakiness.
Finally, an analogy I often use is to hiking gear. The whole purpose of hiking gear isn't to "look cool" (although that's always nice), it's to get me into the remote backcountry *and back.* That's why I might test out new gear on local trails, but I use ratty old gear when I'm going to be many hours away from help. The cost of a shoe falling apart isn't $100, it's a bloody foot torn to shreds by hiking barefoot in the Rockies for miles, so I stick with things I know are reliable even if they're slightly outdated.
As a packager, and someone who lives in the same small town as Phil Zimmermann (Boulder, Colorado), let me be the first to congratulate you on being responsible for denying others Debian packages for MIT Kerberos for almost two years.
YOU can "take a stand" because it's not your fat ass on the line. The unfortunate fact is that if I make packages available when I know that some people plan to violate the law, I know that the feds can come after me. They DON'T have to actually file charges to make my life a living hell, and in fact they will do everything possible to *avoid* filing charges since certain legal protections only kick in to defendents, not people "merely" under investigation for committing a crime.
Since Phil Zimmermann lived in Boulder at the time (and may still live here, although I haven't seen him for awhile) the local press covered his story long after the national press dropped it. This is not an obscure risk that happened to someone, sometime, this is a concrete risk that happened to someone I (casually) know and which caused him a large amount of inconvenience and significant personal expense.
If you want to take a stand, grow some balls and take your own fscking stand. BUT DON'T ACT IN AN IRRESPONSIBLE MANNER THAT EXPOSES OTHERS TO SIGNIFICANT LEGAL RISK JUST SO YOUR SPINELESS SOUL CAN SLEEP WELL AT NIGHT!
Finally, never forget that your zealotry made it risky (even impossible) for many of us moderates to work from within the system. The Feds do not make examples out of well-financed opponents with good connections, they try to cut out the weaker members of the herd. That's why most of the court cases have focused on graduate students. We could have tried to quietly loosen our restrictions to the point that the government would realize that liberalization was a fait accompli, but because of European airheads we were never "out of the spotlight" enough to take big risks.
Granted, but in that case you're using the firewall to accomplish a specific task - prevent DoS attacks, instead of using it as Magic Condom that will protect your site from your own recklessness.
Unfortunately, in the real world there are a lot of MIS and IT directors who believe that the average run-of-the-mill MSCE actually knows what he's talking about... and is more grounded in reality than his "ivory tower" Unix sysadmins. So they refuse to use "sudo" or "crack" and depend on a firewall for all of their security. *Those* are the people who should add a firewall last.
Kerberos 5 changed the protocol in a significant manner in order to prevent certain attacks, although I can't recall if was "man in the middle" off of the top of my head. That's why it's Kerberos 5, instead of 4.1. :-)
As for encryption, I've been using encrypted ktelnet, kftp, krlogin and cvs without any problems. It's possible that the package was built with user-level encryption turned off for some reason.
Take a step back and consider not-so-distant history.
In the past, if someone wanted something like Kerberos they would have to *mail* a request to the authors and request physical media back. Even after web browsers became common, they had to email a request to the authors who would then explicitly decide whether to grant access.
In contrast, most crypto sites today allow you to fill out an online form and you are granted immediate access. However the license now adds that restrictive clause.
If people started openly violating the terms of the license the authors would not say "oh well, we didn't really care about it anyway." They would say "damn it!" and remove web access to the material. You want a copy of the source code, you'll have to mail a copy of your passport & and signed statement of intent to comply with the laws. The alternative is to have the Feds take it to court and have even stricter limits put on access to the material, e.g., the person must show up in person to get the material.
Kerberos provides strong mutual authentication, plus limited encryption. SSH provides strong encryption, but limited authentication. (SSH authenticates hosts during initial connection, and optionally users connecting to sshd, but not arbitrary client/server authentication.)
Kerberos uses three-party authentication - client, server and domain controller. SSH uses two-party authentication - client and server. (Prior to the government's attempts to escrow encryption keys and Phil Zimmermann's response, three-party authentication was the norm. With Kerberos, the KDC can be run by the employer,
university, or household!)
Local Kerberos security breaches (e.g., exposure of /etc/krb5.keytab) can be handled globally by a single change at the KDC. Local SSH security breaches (e.g., exposure of /etc/ssh/ssh_host_key) must be handled at each site which connects to it.
Global Kerberos security breaches (e.g., exposure of a */admin password) affect everyone within the domain, so good KDC security is crucial. Global SSH security breaches are impossible.
Kerberos uses DES session encryption by default, although some implementations support 3DES and IDEA. SSH uses IDEA (iirc), so SSH encryption is somewhat stronger "out of the box."
Kerberos does not support "tunneling". SSH does.
Kerberos PAM modules exist, but all I have seen to date violate the Kerberos security model and should never be used. I'm not sure if SSH PAM modules exist, but again I'm sure they violate the SSH security model and should never be used.
Kerberos access can be mediated by "digital certificates" and smart cards. I expect the same could be same of SSH, although I am not certain.
Finally, Kerberos-enhanced SSH exists although I am not familiar with the details of it. However, the important thing is that a site may use both SSH and Kerberos, if desired.
That's just the beginning - the real power of Kerberos is that it defines an API which can be added to *any* application that wants strong mutual authentication between the client and server.
This means that kerberos-enhanced CVS allows the CVS server to identify you -- and you to be sure that your CVS server wasn't hijacked via DNS or TCP/IP attacks.
It allows your printer to confirm your identity... and you to confirm that your remote printer hasn't been hijacked by a competitor.
It allows you to know exactly what system is feeding your remote tape backup drive... or requesting to restore sensitive accounting information or source code.
It allows your database to know who is access it... and the user to know that the database hasn't been hijacked by a rogue site offering ludicrious information designed to drive your customers away... or you into backruptcy.
And all of these applications can negotiate session-based encryption.
I could continue, but my fingers are getting tired. The point should be clear: Kerberos packages, by themselves, are best viewed as enabling tools, not the final destination.
BTW, the best description I've seen of a fully Kerberized site is that it doesn't require a firewall -- all of the applications have been sufficiently armored that a firewall offers no additional benefit. That's a bit harsh, but it does reflect the conservative approach that the firewall should be the *last* thing added to your network security model, not the first.
First, a bit of background information that you may be missing. Kerberos *NEVER* sends any password across the network in plaintext, and only transmits the encrypted password when the password is actively changed. Kerberos uses an encrypted challenge/response technique between the user's host and the Kerberos domain controller, so any file-based approach like NIS distributed password files will never be kerberized.
One of the major changes in Kerberos 5 is support for X authentication "MIT-KERBEROS-5". This allows you to use Kerberos principal names to control access to your system, e.g.,
$ xhost +:krb5:coyote@LOCAL
This grants access to your system to a particular user regardless of location. The other authentication methods generally grant access to all users of a particular system, or require that you manually exchange authentication information.
Kerberos 5 XDM should also acquire Kerberos 5 credentials for you, if properly configured.
HOWEVER, before you run off and start recompiling xfree86 you should be aware that the current version has been "broken" for some time, at least with the current MIT Kerberos API. You might be able to get it to work with an older version, but that would force you to retain known security bugs as well.
Because of XFree86 4 and the changing US export rules some of us are revisiting the problem and XDM patches should be available soon. MIT-KERBEROS-5 support is a different matter, since one of the biggest items on everyone's wish list is the ability to specify Kerberos encryption on the wire. This would people working from home to use encrypted wire protocol when connecting to their office via xDSL or cable modems.
Kerberos 4 does not support MIT-KERBEROS-5 authentication, although it might be patched to collect a Kerberos credentials for you.
Finally, I'm sure it's possible to modify NIS to require Kerberos authentication (and encryption), but AFAIK nobody's done it. However, in this case NIS would be an application with Kerberos enhancements, not a Kerberos login mechanism.
MIT Kerberos may become exportable in the next few weeks; I'm sure the lawyers are looking at it. It's definitely "free software" and primarily uses DES encryption (56 bit symmetric keys).
Also, I have put up unofficial Debian packages on my web site, and I know that someone at the MIT site is looking at updating the "contrib" section to include the recent work.
So don't rule out MIT Kerberos yet... or packages you haven't heard about. I first offered my MIT Kerberos packages probably close to two years ago but my packages were rejected because 1) I'm an American and 2) Debian's maintainer process was beginning it's long descent until the innermost circle of Hell. Among other things, that means that I have a lot of experience with a Linux-based KDC (many other packagers are using foreign KDCs) and Kerberos-enhanced Linux packages. Top of my plate - either converted or soon to convert, are CVS, LPRNG, Postgresql, and possibly XDM (to acquire ticket but not set up MIT-KERBEROS-5 authentication.)
But anyone who uses it violates the terms of the MIT license since it explicitly requires that the users be domestic (US and Canada) or have acquired it via a legal export.
It's easy to say "well, I don't care I'm gonna run it anyway!", but then where do you stop? Do you use GPL (not LGPL) libraries because you can? Do you reuse GPL source in your proprietary code?
If we want our licenses to be respected by others, we MUST respect the licenses ourself. Otherwise we'll find ourself in the same position as the proprietary software known to pirate other companies' software -- an obvious hyprocrite who has absolutely no moral grounds to complain when it's our ox being gored.
No, Hawking radiation explains why we aren't constantly being bombarded with micro-blackholes left over from the big bang. These micro-holes would have been very light - I think the event horizons would have been far smaller than the "interaction cross-section" of protons and neutrons, and rarely mass more than a few grams - and even that might be overstating the mass by many orders of magnitude.
In contrast, any black hole we observe from earth will have a stellar mass and will *not* evaporate. At least, not until long after the last star has reached thermal equalibrium with the rest of the universe.