Back when I was in high school, I was a script kiddie. I would DDoS my classmates to show how k-RaD I was. I had an extensive network of trin00 and BO2k zombies at my disposal. It was fun. For a while.
The best thing I learned from my experiences as a skript kiddie is that BUGTRAQ, BoS, and every other sysadmin-visited list was the last to hear about new security flaws. Sure, on occasion, @stake or the ISS X-Force would come up with something novel. But the majority of the time, I would see sploits circulated by my Russian friends on IRC weeks before anyone even mentioned the vulnerability on BUGTRAQ. Consider the BIND 8.2.2-P5 flaw: I had the ADM sploit for it weeks before an advisory was even issued.
Stopping full disclosure won't hurt the script kiddies. It will hurt the admins, who won't have enough information to patch their source base to fix the problem. (As a FreeBSD admin with a good grasp of C, patching a security hole takes on the order of minutes now.) But it will help this cartel to keep privileged information to themselves, so that hapless admins like myself will not have the information we need to defend ourselves. And it helps Microsoft, who can honestly claim that their systems are more secure than UNIX when the UNIX admins can't defend themselves more quickly than the M$ admins can anymore. It's just capitalism at work.
One of my former roommates works at Microsoft now in the Windows Media division. He said that, although he can't attest to malicious/anticompetitive conduct on the part of his employer, the WM division was very slow in delivering the specs and code that the ZapMedia people needed to support the WM[AV] formats. Supposedly, the ZapStation was ready sans WM support several months ago, and was held up mostly by licensing and delivery delays on Microsoft's end.
I'm not trying to imply a conspiracy, but isn't it interesting that Microsoft may have been withholding critical information to give the Xbox a leg up? Something tells me that they are still concerned about the Xbox's success in the marketplace, even when competing with more expensive rivals. I guess that's just one of the risks of letting a single company control so much technology.
Whether the dispute be over bragging rights (as it is in this case), patent rights, or any other motivation, it is astounding to see how many talented techies are tying themselves up by squabbling over trivial matters like credit and ego.
This kind of thing, though human nature, does little to counter the commonly-held image of the technology industry as being run by a bunch of self-absorbed, egotistical credit hogs. That's really a shame. It would be so much more productive to society if these people would concentrate more on innovating, applying their talents, and other productive activities. Not on taking credit for what happened 30 years ago. What a terrible waste. As somebody who has his name on several patents but would never waste his time fighting for them, I am ashamed.
My brother used to work as a contractor for Cirrus. He said that the PIN encryption was a private joke amongst all of the engineers there. The suits all believed that cryptographic mumbo-jumbo and really expensive chips sold by "connected" salespeople at IBM would protect the banks' assets. But, he said, the problems with the PIN were nearly impossible to solve. Consider:
The PIN is four decimal digits = 10,000 combinations ~= somewhere between 13 and 14 bits of security. It is entirely feasible for a quick P4 to encrypt every single PIN within an hour, with time left over to play Unreal Tournament.
There is no trusted path between the user's memory and the bank. Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims. Do you *really trust* every single PIN keypad at every shady gas station, grocery store, and Wal-Mart, not to have logging devices installed? Replay attacks are not rocket science.
Embedding DES keys inside a chip will inevitably lead to compromise. One needs to look no farther than the DirecTV access cards (particularly the H and F cards) to see the amount of damage that a few determined hobbyists can do. Imagine if there are billions of dollars at stake rather than just a little free TV.
Regardless, this is not a widespread problem. It is a weak system and it was always a weak system. But it's not worth thieves' time to steal PINs yet (for the most part anyway) just because PINless credit card fraud is still so easy.
-CT
What they don't tell you
on
80 Gig MP3 Player
·
· Score: 4, Interesting
This is even better than it sounds. One of my buddies bought the do-it-yourself kit and he found that they send you full source code listings for the entire unit (under a "do not distribute" license of course), which allows you to erase and re-burn the firmware EEPROMs. Very handy. He has already experimented with recompiling them to change some of the prompts and things look encouraging.
It would be *very* nice if other manufacturers followed suit, but I'm not holding my breath... (It would also be nice if the sources were GPL, but I'm not complaining.)
Radio Shack used to sell these chips years ago. I once built an automated model rocket launcher that used the chip to announce the countdown - pretty damn slick, if you ask me. I believe the same chip was also used in the old TI-99/4A speech synthesizers (if anyone else remembers those).
There's really nothing new about this product, except for its ability to speak Mandarin. And given the state of the Chinese economy, it's not very likely that many citizens over there will be in the market for talking electronic devices anytime soon. Most of them are still trying to get phone service and running water.
Currently the vast majority of email travels unencrypted through the Internet, ripe for eavesdropping by Carnivore/DCS1000/Echelon/etc. This is a bit of a "last mile" problem, as I can't reasonably expect my grandmother on AOL to be able to read my PGP-encrypted messages to her unless encryption is made into a standard part of the infrastructure. Otherwise 99% of the users won't bother and that's the situation we have now.
What do you see as being the catalyst that forces the majority of software and service providers to make encrypted email standard equipment? Will it be public outrage over eavesdropping, bribery of ISPs and Microsoft by Verisign or Thawte, or something else altogether? And do you forsee more success for a decentralized standard, like OpenPGP, or for a centralized standard like S/MIME?
The excite link was slashdotted but here is a summary of what it said:
The registry will go on-line on December 15th, 2001
Neustar will be partially subsidized by the US government, and will charge users $5/domain/year for.us domains
Neustar will be selling x.509 certificates (similar to what Verisign does) for.us domains for $75/domain/year. They have a deal with Thawte that allows them to use the Thawte certificates in most browsers today.
Pre-registration starts November 30th, 2001, at www.neustar.us
This change bothers me. A lot. VA is Just Another Software Company(tm) now. Not a Linux company and not a company that has a vested interest in promoting open source. Back in the day, VA's success rested on the success of the Open Source movement. Not any longer - as a software company, they are going to be producing commercial wares that compete with open source solutions. Overnight, they have changed from our friend to our enemy.
Many of us saw this coming, but that's beside the point. But personally, I'd rather see VA fold than become a commercial software house. What does VA's new focus mean to us? Well:
Say goodbye to OSDN. And I don't just mean OSDN, as in, "VA hires a bunch of people to write Linux software." I mean, VA has no reason to support Slashdot, Sourceforge, Themes.org, and other very expensive sites that produce zero revenue. They will probably just sell the sites off to the highest bidder (who will just want the accumulated customer data, and shut the sites down). As we have seen in the past, privacy policies mean squat after a business has been sold.
Say goodbye to UNIX support. It's expensive to develop for UNIX compared to Windows. VB programmers are a dime a dozen and can be hired for $30k a year, so why would a software company want to hire anyone else? The former "LNUX" will soon be in bed with Microsoft before we know it.
The removal of the "LNUX" ticker symbol will be another vote of non-confidence in Linux to pointy-haired managers who watch CNBC all day but don't have a clue about technology. Really. The business community will believe "Linux is dead" and it will be an uphill struggle to regain their confidence.
Augustin et al are willing to sell out their friends and scam anyone in order to make a quick buck. One needs to look no farther than the unscrupulous activities that happened on LNUX opening day to see what a shady company VA is. Our trust has been misplaced.
The future is looking bleak. Our biggest cheerleader has switched sides on us and we are going to be in serious trouble. I certainly hope the Linux community can survive this ordeal.
For anyone out there (myself included) who got the hankering to monitor their CPU fan speeds under Linux, try out wmalms, a handy dock applet that reads the I2C bus and reports fan activity. It could save your CPU.
There are many factors that have contributed to the delays surrounding 3G availability. Indeed, one needs to look no farther than the FCC spectrum allocation mess and the technological issues to see why the rollout hasn't happened yet. However there are some very real reasons under the surface that help explain why the Federal government doesn't want 3G to exist at all. For instance:
3G will start a new wave of competition amongst the major phone companies. If Sprint offers 3G services and SBC doesn't, Sprint's market share will increase, so SBC and the other competitors need to keep up. Now take a look at the money flowing to powerful people in Washington and see who the top contributors are - BellSouth and SBC are pretty high up there. It is not in their best interest to see 3G happen and they are paying off Congressmen left and right to make sure it doesn't happen (in this lifetime at least).
Law enforcement regards 3G as a nightmare. Think about it - cell phones that have enough bandwidth to transmit encrypted datastreams between phones. And not the cheesy 40-bit breakable encryption that they use on current PCS systems, either. They're worried about people loading 128 bit Blowfish or IDEA encoders onto their phones and using them to communicate securely. Roving wiretaps are useless if all you can gather from them is white noise. No wiretaps == no control, and law enforcement exists to control.
If 3G service is commoditized (think "Tracfone") and potentially anonymous, what's to keep criminals, ACLU members and privacy nuts, and WTO protestors from using disposable phones to communicate securely? By the time they traced one phone, the subject will have moved onto another one. Anonymous voice services are "bad enough" for The Man, but anonymous data services will wrestle even more control away from authority.
3G service is difficult to disrupt when making a covert search of somebody's apartment or office. If FBI agents can't knock all of your computers off the network, you can see everything they do if you have a few $30 webcams planted around the joint. The FBI wants you to have a broadband service that they can monitor, but disconnect at will as well (preferably by cutting a cable). It is a known fact that on most covert searches (such as the Scarfo search) the FBI cuts off communication lines prior to the search. 3G or Ricochet is difficult to work with on their end, and their excuse for opposing it is that it will give the Scarfos of the world a leg up on law enforcement.
The guys at MIT have done an admirable job in merging several of these cutting-edge technologies into a seamless system. Their OS looks fascinating and I'd definitely like to take it out for a spin. But it's worth noting that most of what they offer is already available under Linux. As far as I'm concerned, they're re-inventing the wheel.
Perhaps I was not clear in my post. The problems we had with the OO system and original system were:
The OO system was designed around Windows 2000 and used the proprietary COM/Java interfaces. Porting it to any sort of UNIX system would be nearly impossible. And stability was a huge issue and we had reasons to believe it was the JRE and/or OS, not the software.
The old system was running on aging hardware, which was expensive to maintain and support. But since we obtained the source code, we were able to easily recompile it to run on Linux.
We really didn't have a choice. Porting the original system to Linux was the most cost-effective option available.
And yes, we did accomplish everything within a few months. Our developers spend significant amounts of time doing actual work (it's part of the corporate culture) and very little time playing your alleged "troll busting" game on Slashdot. That goes a long way toward explaining our unusually high productivity.
I searched GNUtella for "star wars" and the full Ep2 trailer came up. Might be something to take a look at. I will post it on Freenet as soon as it finishes downloading.
A couple of months ago, my employer got bit by the "OO bug" and decided to move several of our internal systems to Java-based solutions. Naturally, they hired several Java zealots who insisted that our DBMS will need to be converted to an OODBMS in order for their programs to work correctly (read: they were too lazy to implement a conversion layer). Although they were able to move things off our old HP 9000 servers and onto cheap PCs running Win2k, the JRE was rather unstable and slow compared to the old system (which, by the way, worked just fine).
After several weeks of dealing with growing pains and general brokenness, my manager wisely decided to transition our systems back to a UNIX environment. I worked in the group that was responsible for this, and after obtaining source code to several of our accounting and inventory applications, we moved the operation over to a Linux 2.2 (Debian potato) system. Things have worked flawlessly since then, and the OODBMS and Java developers are long gone. The promise of an OO architecture was great, but it just didn't work out in the real world - Linux was the solution for us.
-CT
Cool stuff, but beware of Dillo
on
GNU-Darwin Goes Beta
·
· Score: 2, Informative
A few of my friends have installed this package and they've generally been very impressed. The applications are speedy and rock-solid. The one exception that they mention is Dillo: "a replacement for any major web browser." Although Dillo renders quickly and doesn't have a bloated UI, its support for major features such as JavaScript 2 and CSS is lacking, to be kind. Many web pages, such as MSN and Tom's Hardware, look very cluttered and misrendered in it - if they even come up at all.
Dillo is a neat little effort, a cool side project, but no replacement for a real browser like Galeon or Konqueror. It is beyond a shadow of a doubt, the lowest point of the GNU-Darwin package.
I have worked in an environment like this and one of two things inevitably happened on each workstation:
Employees spend large amounts of time circumventing the access controls. Some are caught and disciplined (though very infrequently). If the systems rely on Tivoli or some other sort of automatic updating, the "free" developers often need to copy software from their co-workers so that they have (for instance) the latest version of the development environment. After the restrictions are successfully removed, the programmer can usually go for several months before having to "defend" his machine from a recovery CD or otherwise tweak it to keep the controls out. Net result: productivity goes down.
Or, the user learns to work within the constraints of the system. They are on a first-name basis with the administrative support staff, whose intervention is needed to change the system time or screen saver delays. Very little time is spent developing software and a lot of time is spent on trivial matters. Systems support staff all get large raises, lots of overtime, and increased budgets because of their heavier workloads, and less actual work gets done. Net result: productivity goes down.
The moral of the story is simple: programmers want to be free.
Most open source software is not designed to be used by the average, clueless user. It is designed to be used by experienced power users, who know the difference between right and wrong and don't do stupid things to upset the machine. Furthermore, Linux supplies many powerful diagnostic tools (gdb, strace, ltrace, dmesg, etc.) which would cost hundreds or thousands of dollars on other platforms (that means you too, Sun). Those tools are there for a reason: if you have an application failure, you will be able to figure out what caused it very quickly - IF you know what you're doing.
For instance, I know many "average" users who eject floppy disks and CD-ROMs from the drive while they are being read. Any Linux user who tries a stunt like that deserves a seg fault (or worse). The more error-handling and anti-stupidity measures that are added to a piece of software, the less versatile that software is. Flexibility comes at the expense of simplicity, and lesser users do not deserve the rich functionality that open source has to offer if they do not know how to handle themselves with a computer.
Voluntary ratings are a good idea, but the biggest problem in any voluntary scheme is convincing pr0n site operators to play by the rules. If there is no direct penalty to them for mis-rating their site, why would they rate it accurately? After all, Congress isn't going to censor the entire industry for the actions of one operator. The voluntary system needs the cooperation of the majority of site operators to work correctly. And it doesn't help that "cheating" (mis-labeling their site) might work to their financial benefit.
I hate to say it, but government regulation is the best way to go. At the very least, porn sites in the U.S. should be compelled by law to disclose that they have potentially objectionable content on them. Perhaps some DMCA-like law should be used: force the upstream ISP or web hosting service to take the page or site offline if it is in violation of the labelling law.
Ratings systems don't hurt freedom of speech - they just help classify the speech for the end-user. Imagine if every spam message were required to have a special identifying header - wouldn't that be great? That's how Ralph Reed and friends feel about porn sites right now. Well, since every telemarketing caller needs to identify itself as such (for example), this change in the law wouldn't be a big leap but it would stop the censors dead in their tracks.
Then I guess the moral of the story is, "don't live in America." Think about it:
You can be stopped, searched, and arrested anytime you're in public if a police officer doesn't like the way you look. If you're lucky, your case will get thrown out or the cop will be nice. Cops have the right to tear your car apart looking for drugs, and not pay for damage if they don't find any.
Civil forfeiture means that if you break any of the millions of anal, petty laws in the U.S., you can lose your house, your car, or any other property you own. Watch the first 20 minutes of Traffic to see how it works.
Software and media piracy can land you in prison for five years and subject you to up to $250,000 in fines, per violation. (Naturally this bill was signed by our Democratic friend, Bill Clinton). It's a steep penalty for something so trivial.
"Disorderly conduct" is a catch-all crime which can be used to arrest people for a reason of the officer's choosing. Ask any minority about it and you're certain to hear a few stories.
Many forms of sexual activity (such as oral or anal sex) are banned in several states. Most people in the country (besides the Slashdot crowd) are guilty of one or more of these offenses.
It is widely known that most powerful politicians can trigger an IRS audit on their political enemies.
The ATA has made it legal for authorities to detain foreign nationals indefinitely, without presenting evidence of a crime or making a formal arrest.
The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.
I've always been impressed with Steve Wozniak - ever since I was a kid. I remember reading his autobiography several years ago, and he was frighteningly accurate in predicting many of the trends that have since hit the PC industry.
I found it interesting that in this interview, he acknowledges that the industry has shifted to cheap, commodity hardware and that Apple continues to suffer from it - but he was absolutely correct in pointing out that blind brand loyalty by "artsy types" was keeping them in business. Though Steve's strengths are obviously technical in nature, he possesses an innate understanding of a lot of issues on the business side of things that helped to keep him ahead of the curve.
SSSCA was doomed to fail from the start because it was too far-reaching. Too many monied interests (starting with PC companies and ending with toaster makers) would oppose it on cost grounds alone. It is sponsored by people who keep the details secret, because they know the details don't make sense and people will laugh at them. Let's face it - the Senate is no more prepared to make technical decisions than they are to engineer a new CPU.
As an avid media and software pirate, though, I am deeply concerned that the FSF, the Slashdot community, et al, will focus too much of their attention on SSSCA, and when a more modest measure (such as CPRM) reaches Capitol Hill, the powers that be will view us as naysayers. We need to be careful not to express too much dissent for hopeless measures like the SSSCA, so that we do not stand accused of crying wolf later. Because any hinderance to the free exchange of copyrighted materials hurts us all and strikes another blow to the First Amendment.
The premise behind this article is patently ridiculous. Spambots are voluntarily identifying themselves, and any spambot author with an ounce of common sense will simply change their user-agent string to the standard "Mozilla 4.0 (Microsoft Internet Explorer 5.5)" string that every Windows client uses. A well-designed spambot is indistinguishable from a valid user, or Google, or ht://dig.
On the other hand, there are ways to fight spambots; they just don't rely on trusting the user. Here's one way:
Buy a domain.
Set up a cgi that generates a unique email address @ that domain for every visitor. Log the address used, the date/time of visit, the visitor's IP, and other characteristics (user-agent?) of the visitor.
Use the logged data to block the user when spam mail gets sent to one of the random accounts.
Use the logged data as evidence to present to the offender's ISP, to get their fast connection pulled.
Find a way to automate this on a large scale, then get a bunch of sysadmins together to sue and prosecute the spammer for abuse of resources.
There are good ways to deal with spammers but this isn't one of them. It *might* work on a small scale and it definitely won't work on a medium or large scale. It's about as useful as the Sendmail "MX/domain validation" trick that Eric Raymond and the rest of the Sendmail team thought would stop spammers dead in its tracks. (It didn't.) Instead he was "surprised by spam."
My friend worked on the Linux binary compatibility for SCO Unixware a little while back. I asked him about the licensing implications of the effort at the time, and he told me that there were a couple of main points that kept them out of trouble:
Limiting the emulation environment to Linux kernel syscalls was very safe legally and quite trivial. Why? You can't copyright or patent an interface. And the Linux syscall interface, while symantically slightly different from other Unices, does essentially the same thing as other Unices. Support for Linux sysctls and other oddball features was not considered, mostly because the only software that used Linux sysctls and other oddball features were the system startup scripts. For the most part, applications used the standard file, process control (fork, exec, getpid, ctime), and socket syscalls, and making a translation layer for those was cake.
libc posed a bit of a potential problem because it is GPL. Fortunately, there is nothing keeping SCO or anyone else from bundling GPL software with their product, as long as they ship the source too and don't like closed-source binaries against the GPL libraries. Sun ships 'less' and GNOME with Solaris now, and nobody's talked about suing them for it.
Statically linked binaries were ideal. They didn't need libc, the Linux loader, or any supporting files at all to run those things. All they needed was kernel support for Linux ELF files (which are a skewed version of standard ELF - check out the specs sometime). No problem there.
In all likelihood, the Linux ABI will become a standard for all non-Microsoft x86 operating systems. It is simple and legal to implement, and very robust and powerful.
If you pay by credit card, you will not have to pay for fraudulent charges because it is the merchant's burden of proof to show that you got what you paid for. Almost all banks are extremely sympathetic to customers who are victims of fraud, because banks (who make about 2% commission on every single purchase on your card, in addition to interest) want to keep you as their customer. They don't have any reservations about sticking it to a bad merchant. And yes, if you paid through PayPal, you can still dispute the charge and win (regardless of what PayPal tries to tell you). I've done it before - because PayPal's customer service takes weeks to respond and my bank (MBNA) is much faster and nicer.
If you paid by check or money order, though, you're just plain silly. Just because a seller has a fancy auction page or a good feedback rating doesn't mean you should send a check for $400-1000 to a total stranger somewhere else in the country and expect the seller to make good on it. Where's your common sense? People get busted for that all of the time and auction sites account for the majority of fraudulent online activity. So think before you pay next time, and good luck getting your money back.
Slashdot Mirror
The best thing I learned from my experiences as a skript kiddie is that BUGTRAQ, BoS, and every other sysadmin-visited list was the last to hear about new security flaws. Sure, on occasion, @stake or the ISS X-Force would come up with something novel. But the majority of the time, I would see sploits circulated by my Russian friends on IRC weeks before anyone even mentioned the vulnerability on BUGTRAQ. Consider the BIND 8.2.2-P5 flaw: I had the ADM sploit for it weeks before an advisory was even issued.
Stopping full disclosure won't hurt the script kiddies. It will hurt the admins, who won't have enough information to patch their source base to fix the problem. (As a FreeBSD admin with a good grasp of C, patching a security hole takes on the order of minutes now.) But it will help this cartel to keep privileged information to themselves, so that hapless admins like myself will not have the information we need to defend ourselves. And it helps Microsoft, who can honestly claim that their systems are more secure than UNIX when the UNIX admins can't defend themselves more quickly than the M$ admins can anymore. It's just capitalism at work.
-CT
I'm not trying to imply a conspiracy, but isn't it interesting that Microsoft may have been withholding critical information to give the Xbox a leg up? Something tells me that they are still concerned about the Xbox's success in the marketplace, even when competing with more expensive rivals. I guess that's just one of the risks of letting a single company control so much technology.
-CT
Whether the dispute be over bragging rights (as it is in this case), patent rights, or any other motivation, it is astounding to see how many talented techies are tying themselves up by squabbling over trivial matters like credit and ego.
This kind of thing, though human nature, does little to counter the commonly-held image of the technology industry as being run by a bunch of self-absorbed, egotistical credit hogs. That's really a shame. It would be so much more productive to society if these people would concentrate more on innovating, applying their talents, and other productive activities. Not on taking credit for what happened 30 years ago. What a terrible waste. As somebody who has his name on several patents but would never waste his time fighting for them, I am ashamed.
</rant>
-CT
Regardless, this is not a widespread problem. It is a weak system and it was always a weak system. But it's not worth thieves' time to steal PINs yet (for the most part anyway) just because PINless credit card fraud is still so easy.
-CT
It would be *very* nice if other manufacturers followed suit, but I'm not holding my breath... (It would also be nice if the sources were GPL, but I'm not complaining.)
-CT
There's really nothing new about this product, except for its ability to speak Mandarin. And given the state of the Chinese economy, it's not very likely that many citizens over there will be in the market for talking electronic devices anytime soon. Most of them are still trying to get phone service and running water.
-CT
Mr. Young,
Currently the vast majority of email travels unencrypted through the Internet, ripe for eavesdropping by Carnivore/DCS1000/Echelon/etc. This is a bit of a "last mile" problem, as I can't reasonably expect my grandmother on AOL to be able to read my PGP-encrypted messages to her unless encryption is made into a standard part of the infrastructure. Otherwise 99% of the users won't bother and that's the situation we have now.
What do you see as being the catalyst that forces the majority of software and service providers to make encrypted email standard equipment? Will it be public outrage over eavesdropping, bribery of ISPs and Microsoft by Verisign or Thawte, or something else altogether? And do you forsee more success for a decentralized standard, like OpenPGP, or for a centralized standard like S/MIME?
-CT
-CT
Many of us saw this coming, but that's beside the point. But personally, I'd rather see VA fold than become a commercial software house. What does VA's new focus mean to us? Well:
The future is looking bleak. Our biggest cheerleader has switched sides on us and we are going to be in serious trouble. I certainly hope the Linux community can survive this ordeal.
-CT
-CT
-CT
The guys at MIT have done an admirable job in merging several of these cutting-edge technologies into a seamless system. Their OS looks fascinating and I'd definitely like to take it out for a spin. But it's worth noting that most of what they offer is already available under Linux. As far as I'm concerned, they're re-inventing the wheel.
-CT
We really didn't have a choice. Porting the original system to Linux was the most cost-effective option available.
And yes, we did accomplish everything within a few months. Our developers spend significant amounts of time doing actual work (it's part of the corporate culture) and very little time playing your alleged "troll busting" game on Slashdot. That goes a long way toward explaining our unusually high productivity.
-CT
-CT
After several weeks of dealing with growing pains and general brokenness, my manager wisely decided to transition our systems back to a UNIX environment. I worked in the group that was responsible for this, and after obtaining source code to several of our accounting and inventory applications, we moved the operation over to a Linux 2.2 (Debian potato) system. Things have worked flawlessly since then, and the OODBMS and Java developers are long gone. The promise of an OO architecture was great, but it just didn't work out in the real world - Linux was the solution for us.
-CT
Dillo is a neat little effort, a cool side project, but no replacement for a real browser like Galeon or Konqueror. It is beyond a shadow of a doubt, the lowest point of the GNU-Darwin package.
-CT
The moral of the story is simple: programmers want to be free.
-CT
For instance, I know many "average" users who eject floppy disks and CD-ROMs from the drive while they are being read. Any Linux user who tries a stunt like that deserves a seg fault (or worse). The more error-handling and anti-stupidity measures that are added to a piece of software, the less versatile that software is. Flexibility comes at the expense of simplicity, and lesser users do not deserve the rich functionality that open source has to offer if they do not know how to handle themselves with a computer.
-CT
I hate to say it, but government regulation is the best way to go. At the very least, porn sites in the U.S. should be compelled by law to disclose that they have potentially objectionable content on them. Perhaps some DMCA-like law should be used: force the upstream ISP or web hosting service to take the page or site offline if it is in violation of the labelling law.
Ratings systems don't hurt freedom of speech - they just help classify the speech for the end-user. Imagine if every spam message were required to have a special identifying header - wouldn't that be great? That's how Ralph Reed and friends feel about porn sites right now. Well, since every telemarketing caller needs to identify itself as such (for example), this change in the law wouldn't be a big leap but it would stop the censors dead in their tracks.
-CT
The DMCA is only one of the many laws which make the USA into a police state. AC's intentions are good but he's got a lot more battles in front of him before the U.S. can be considered safe from authority abuse.
-CT
I found it interesting that in this interview, he acknowledges that the industry has shifted to cheap, commodity hardware and that Apple continues to suffer from it - but he was absolutely correct in pointing out that blind brand loyalty by "artsy types" was keeping them in business. Though Steve's strengths are obviously technical in nature, he possesses an innate understanding of a lot of issues on the business side of things that helped to keep him ahead of the curve.
-CT
As an avid media and software pirate, though, I am deeply concerned that the FSF, the Slashdot community, et al, will focus too much of their attention on SSSCA, and when a more modest measure (such as CPRM) reaches Capitol Hill, the powers that be will view us as naysayers. We need to be careful not to express too much dissent for hopeless measures like the SSSCA, so that we do not stand accused of crying wolf later. Because any hinderance to the free exchange of copyrighted materials hurts us all and strikes another blow to the First Amendment.
-CT
On the other hand, there are ways to fight spambots; they just don't rely on trusting the user. Here's one way:
There are good ways to deal with spammers but this isn't one of them. It *might* work on a small scale and it definitely won't work on a medium or large scale. It's about as useful as the Sendmail "MX/domain validation" trick that Eric Raymond and the rest of the Sendmail team thought would stop spammers dead in its tracks. (It didn't.) Instead he was "surprised by spam."
-CT
In all likelihood, the Linux ABI will become a standard for all non-Microsoft x86 operating systems. It is simple and legal to implement, and very robust and powerful.
-CT
If you paid by check or money order, though, you're just plain silly. Just because a seller has a fancy auction page or a good feedback rating doesn't mean you should send a check for $400-1000 to a total stranger somewhere else in the country and expect the seller to make good on it. Where's your common sense? People get busted for that all of the time and auction sites account for the majority of fraudulent online activity. So think before you pay next time, and good luck getting your money back.
-CT