Of course old equipment is still badged with the Sun name. Whatever Oracle's doing is getting the opposite of advertising.
Running away from them as fast as possible.
Very interesting. In that case, it's almost humorous, is it not? (Well, not for your needs, I realize, but the general notion that they're doing more to damage their reputation certainly is!)
Note that your point stands on the "if configured incorrectly" while the parent's is "it should be distrubuted on such a state that the sysadmin would be forced to do *any* kind of configuration prior for it to work" (thus giving the option to even "configure" it, either correctly or incorrectly).
No, you're just splitting hairs. My point is that software can be configured incorrectly and that it isn't the developers' fault if that happens. I believe the parent's point of view (and the general view espoused further up the comment chain) was that software should be distributed in such a manner that it cannot be configured insecurely. I'm hoping I just misunderstood what you wrote and that you were simply disagreeing for the sake of, well, disagreement. Or trolling. Regardless, I'd encourage you to read up the chain so you may better understand my point (the parent was just convenient fodder since his view was mentioned numerous times, and I got fed up with this notion that it's the responsibility of the developers to ensure no configuration can be abused).
N.B. that if I were to split hairs, I'd point out that your comment that implies (I think? You may have missed a word or two while typing it out) that sysadmins shouldn't be forced to do anything to make a particular software install work. That's a fairly short order--almost all software works out of the box as expected, but whether it works securely across all "default" installs is another matter entirely and one that, again, is the responsibility of the user to verify. But the point goes far beyond that, and I'm somewhat disappointed that you seem to agree with the general sentiment that post-install configuration should almost never happen except in rare outlying circumstances (hint: this isn't likely to happen, particularly with the vast array of requirements, disparate hardware, and so forth). Note, also, that if this notion of "secure by default" is taken to the extreme, you wind up with OpenBSD. OpenBSD is secure by default. You also cannot use it without installing and configuring additional software (thus no longer having a "default" install), because it comes with only OpenSSH installed by default! In other words, we're just encountering a difference of philosophies, and I ascribe to the one that makes the burden of configuration your responsibility as a user, not mine as a developer.
And really, this point it doesn't matter at all, because someone will still find a way to configure it incorrectly, regardless of how well it was written (don't believe me? you'd be surprised what lurks out there in the wild) or how strict the default configuration is. There are people out there who will tinker with things, including things they may not fully understand, and configure it in a manner that is suddenly insecure. That is my fundamental point; the point of the OP and those subsequently up the chain is that the responsibility should rest upon the shoulders of the developers to ensure their software cannot be configured incorrectly--that's the whole point many of the posts here are arguing against Memcached for! There seems to be so much heartache that Memcached (which doesn't require authentication) can be configured in a manner that it exposes sensitive data to the Interwebs. Guess what? If it does, that is the fault of the administrator and not the fault of Memcached or its developers.
I'm not sure how else to state that more clearly. But I'll try:
Responsibility rests on the person who installs the software to ensure it is configured securely for their needs, not the developers nor the package maintainers. The only point in time, IMO, where such responsibility is the developers' is when it becomes an issue of out-of-band behavior; e.g. something that is unexpected and unintended (a bug or security flaw) and not fundamentally something that is the result of a misconfiguration. In short:
Misconfigurations = user's responsibility (even if t
I agree with everything you said. I just want to emphasize this point you made since I'm sure some zealot is going to come around, misread it, and start crying foul:
I like linux just swell, use it exclusively. never tried any of the BSDs but I assume they work fine as well. so now you have to ask the question, why having totally free stuff doesn't work, and the only credible answer is, it isn't a real mainstream business, and there is no credible mainstream retail level business to be made from it.
I missed the "retail" part when I first read your comment and thought "But wait, what about Red Hat? They're a pretty mainstream B2B provider..."
Then I got hit with the clue-stick, and I hope anyone who comes by and reads your comment realizes the same.
Short of that, small mom and pop "linux installed" sales, and a few enthusiasts, and that's it. And half the enthusiasts (right here on slashdot for one example) still use windows and apple themselves, they double or triple boot, they are only half hard core about it. For a specific I have sen mentioned here a thousand times, they simply refuse to give up their windows games, so they keep buying windows, which tells the manufacturers that windows still sells perfectly fine as it is. So no change there either.
Great post, and you're absolutely right. I fall exactly into this category. I love Linux (and BSD), but outside of the server realm, I sincerely don't believe it'll ever succeed. I've used Gentoo on my desktop for over two years as my primary OS--maybe a bit longer--and eventually had to switch back to Windows for some classes I was taking. I never did look back. I still have that install, but KDE 3.5 feels old and klunky (but it's still really reliable), and I hate Gnome. KDE 4 looks nice, but the stability issues and general usability have left me disappointed. And, no doubt, Wine played many of the games I enjoy just fine. It also didn't work at all with many others. (That said, my file server runs Linux.)
On the other hand, any time I have a requirement to use an oddball OS, I just fire up VirtualBox anymore. Why bother myself with the trouble of booting into another OS when I can fire one right up without interrupting my work flow?
I believe the point here is that software designers should assume that in terms of security their users are complete idiots and WILL install and setup the program in an unsecure manner unless they are specifically beat over the head with the notion that what they are doing is BAD!
Perhaps utilities like rm should be rewritten to use -i (or similar) by default then? Or how about we ought to remove them outright since they might be used incorrectly?
Honestly, it's not up to the developer to make any such assumptions. Any piece of software can be used "insecurely" if configured incorrectly (yes, even IIS). Ultimately, you as the user bare the responsibility for ensuring that your system and your data are correctly secured.
As far as beaten over the head, the default configuration for Memcached that ships with Gentoo has this note immediately over the configuration for what interfaces it should listen on:
#Listen for connections on what address? # If this is empty, memcached will listen on 0.0.0.0 # be sure you have a firewall in place!
Well, just so you know, I've got you on my friend's list because I find your posts interesting. So, while it is a form of censorship, at least I get to enjoy reading through them regardless of what the moderators might do.;)
I do find it disappointing that negative moderation is used as a -1, Disagree; I guess some people are insecure enough with their beliefs that they feel the first thing they should do is squelch you from voicing your own.
(I should note that I have a few people on my friend's list with whom I disagree simply because I find their opinions enlightening, and I'll even periodically upvote them in spite of my disagreement if they make a decent enough point--if not, I just won't do anything. I tend to agree with your opinions, however.)
I had a similar experience at Staples once when I was looking for USB cables (for a printer). Unfortunately, they had reorganized the store in the months prior to my previous visit, so I had absolutely no idea where to find the cables. Rather than doing the Manly Thing and going off on a 3 day expedition to find the cables myself, I elected to ask an employee (he was headed in my direction, so I figured I'd cut him off and say something first) where to find them.
Big mistake.
First, he lead me to the cables and pointed them out. For this, I was thankful. When he started pointing to some $50 (no, not kidding) 3' long USB cables, I was somewhat annoyed. I informed him that I was simply going to plug these into a printer and that I had no need for superfluous metal plating. He told me something roughly similar to the Best Buy employee in your example: "The gold plating will make it work faster so you can print faster."
"Given the age of the printer and that it's a USB 1.x device, I don't think a thin plating of gold is going to do squat for the pages per minute out of my printer even if it weren't a marketing gimmick," I told him.
Fortunately, he didn't say anything else (which I expected) when I picked up the $10 5' cable, and went about my business. Maybe I'm a jerk, and maybe I should consider that these guys aren't paid to do much more than spit out what they're told so they can sell the higher priced goods, but at the very least it made me feel better. I was annoyed anyway.
Thanks to emulation, many of these older games have secured their spot in the memory of a digital society. Shame that the current generation of consoles is locked down in every way imaginable; perhaps historical obscurity is getting what they deserve. They will be remembered for their litigiousness rather than their art.
I can almost see it...
Son: Daddy, what's that? Father: That, son, is your grandfather's NES. It still works. Let me show you. Son: COOL! *some time later* Son: Daddy, what's that? Father: That, son, is your grandfather's SNES. It still works. Let me show you. Son: COOL! *some time later* Son: Daddy, what's that? Father: That, son, is your grandfather's XBOX 360. He said it was broken, but I think gaming consoles just took a huge step backward and that it's actually a game box where you have to play with three red lights on the front and maybe make them change to some other color...
Oracle, why didn't you just operate Sun as a subsidiary and brand instead of trying to merge it all in?
That's actually not a bad idea, and I'm surprised they didn't do this. Well, mostly, but it does depend on how, exactly the other company was involved in the merger/acquisition. I wouldn't be too surprised if in a few years, Oracle spins off Sun as a wholly-own Subsidiary. But don't expect much; it's worth more to Oracle to be able to put their company logo on machines sitting in your data center. Free advertising is a powerful thing.
On the other hand, it might not be such a bad idea for established IP like Java, and maybe not retaining some of the Sun branding is more damaging (dependencies notwithstanding).
Yes and no. While it's not the best practice to rely on some field assuming it'll forever remain static, if you read the bug report in TFA (surprise, surprise), you'll find this:
This causes a severe regression for programs that need to identify the Sun/Oracle HostSpot VM such that they know whether the "-XX:MaxPermSize" argument needs to be used or not.
So, the reason they examine it in the first place is to know whether or not they need to set specific values that are supported by the Sun/Oracle JVM. It's not optimal, but I can't exactly fault them for that.
I seem to remember some applications not fully working with Blackdown and possibly others facing some breakage with other JVMs. So while it's stupid to rely on the vendor field in general, I can sort of understand why they'd examine it for purposes of compatibility. It goes both ways.
Given the modern correlation between functionality and royalty, a more capable mouse should probably be called the "Bill Gates of Mice" or, if it is shiny the "Steve Jobs of Mice".
Steve Jobs would be appalled considering his propensity for single-button mice. In fact, I'm almost certain he would consider this one an outright blasphemy.
...Joe Lieberman isn't actually in the Democratic party. He got voted out. And then conservative voters plus incumbent recognizance plus Democratic party cowardice got him reelected under a third party he invented.
Mindless rant ahead:
Any Republicans who voted for him have no right to call themselves Republicans, IMO. Admittedly, my own party would probably label me as a heretic, but I don't mind (I'm registered as Republican)!
This is what I find unnerving: There are individuals who claim they are conservative either by way of whom they vote for or by way of what policies they support whenever they're in office. They claim they support "smaller government" or some such ridiculous fable. Then, once elected, they push measures that would expand the control and authority of government over all of us and increase spending by a significant factor over their predecessors!
People like that are not, in my mind, conservative. They are neocon political hacks who use the term simply to woo the voters into electing them to Congress where they then live a life of political elitism.
I should also admit I'm a political cynic. The entire system is out of control, and both parties are largely one and the same. Given the way the system works, those of us who are grossly disgusted with everyone in power have nowhere to turn. Third party candidates seldom win, and our system is designed to punish those who refuse to rise to power via either of the two major political parties.
I was once opposed to any change made to our two-party system, but I admit I was wrong. Both parties are out of control. There used to be a saying along the lines of: "The Republicans are only fiscally conservative when they're out of power, and the Democrats are only for the working man when they're out of power. When either is in power, we're all screwed." I tend to believe that now.
Joe Lieberman is a republican mole in the Democratic party. This much should be obvious from everything that he has done so far, his stance on the health insurance is a good example.
I'm a Republican, and I really can't stand the guy. Remember, this is the same Joe Lieberman who has supported in the past activities that involved censorship of specific media (music albums, etc.).
I'm currently reading the bill as was linked from this comment, and it reads as though it were crafted by Symantec, McAfee, Sophos, and all the other "security" vendors who would very much like to be granted a fantastic revenue stream required by law to line their pockets (aside: I suspect it was crafted by them or by lobbyists for their industry)! What I mean specifically can be best explained by reading a small snippet of S. 3480:
develop and acquire predictive analytic tools to evaluate threats, vulnerabilities, traffic, trends, incidents, and anomalous activities;
This is on page 49 of the PDF. There's 10 pages of recommendations about acquiring "tools" to achieve specific goals--in other words, purchasing the required devices from recommended vendors. The entire bill if it survives as it is written is nothing other than a government-issued directive to dump a significant amount of taxpayer money into various security firms in effort to protect national resources. Though, what worries me is that there appears to be mandates for federal oversight of private systems to ensure that they're following best practices. Coming from the same government that has used the password "password" to protect critical systems, I can only fear that such a mandate would be much more harmful than any sort of purported "cyberattack."
If you read the FAQ the Senate has posted relating to the bill it is clear that no one on the panel has any understanding of what "security" really is. Worse, while the FAQ claims that this bill restricts the powers given to the President under the Communications Act of 1934, I can't help but read into S. 3480 that it is going to involve so much government oversight that we might be swamped simply trying to implement all of the requirements. I hope I'm wrong; I am not a Congress critter, so it's feasible this language might be directed exclusively toward Federal networks.
The Slashdot summary appears to be incorrect. It appears that the time limit placed upon such measures is 30 days. However, I can't help but think that it can be extended indefinitely. From the bill:
(1) IN GENERAL.--Any emergency measure or action developed under this section shall cease to have effect not later than 30 days after the date on which the President issued the declaration of a national cyber emergency, unless--
* (A) the Director affirms in writing that the emergency measure or action remains necessary to address the identified national cyber emergency; and
* (B) the President issues a written order or directive reaffirming the national cyber emergency, the continuing nature of the national cyber emergency, or the need to continue the adoption of the emergency measure or action.
** (2) EXTENSIONS.--An emergency measure or action extended in accordance with paragraph (1) may--
*** (A) remain in effect for not more than 30 days after the date on which the emergency measure or action was to cease to have effect; and
*** (B) be extended for additional 30-day periods, if the requirements of paragraph (1) and subsection (d) are met.
I really hope that doesn't imply such an action could be extended indefinitely, but the way I'm reading it sort of suggests that if the President or the director of the office this bill creates d
Apple would lose their place in the IT market, the scientific market, the music market, the video market with a limited lockdown system. They would lose their margins with a high level of control and supervision for a highly capable system. Yes they would love to have the control and the homogeneity. So would Microsoft, so would Linux. Its just that the order on computers is:
Easy: They'd simply make the IOS/OSX combiOS something that is generally sold on cheaper Macs (I can see the Mac Mini being turned into an iAppliance, for instance). Then, if the consumer wanted to upgrade it to a full fledged OSX install, they'd have to pay a steeper fee. Artificial market segmentation isn't anything new, and I can see traditional markets being forced into purchasing more expensive devices (not that it would really be any different from what they typically do).
So no, I think the OP is right. Apple won't lose their place, they'll just do what every other company (MS included) has been doing for years. In other words:
Cheap Macs = iAppliance Expensive Macs = full fledged computing device with a "real" OS.
And really, what do most people use their computers for? E-mail and the web. That's it. No, I'm not talking about us; I'm talking about people like your grandmother, your neighbor across the street who isn't much of a techy, and so forth.
Oops! Good catch. Replace that with CDR, please. If you had only posted that while logged in, I'd give you some karma down the road.
Thanks! That'll teach me to post when running on a few hours' sleep. At least it wasn't nearly as bad as my other lengthy one with a fleet of horrible grammatical errors and incorrect usages.
Do I think the Government Inc.orporations will allow the average consumer to print stuff on 3D? HELL NO! I'm with you on that.
Definitely. There's no way they'd want the average consumer to express the freedoms that we'd very much like to have.
And please, don't take my original post as a suggestion that I thought your ideas were foolish. They're fantastic. I just simply have little faith in our society as it currently exists to do anything that would grant us consumers more freedom. Freedom is, after all, a dangerous thing.
If they make 3D nanoscale printers illegal, with one obtained on the "pirate network" side of things, is enough to print all other copies. If they keep locking down the internet, via ISPs and regulations: we can combat with better anonymity, a parallel "quasi" internet running p2p, sneaker nets (100 Terabytes of transfer? Why not? Just give the guy a hard disk/solidState drive).
That would actually be a rather humorous plot to a cyberpunk thriller of sorts. 3D printing (and the items printed from them) become illegal contraband, but there'd be the darker corners of the 'net that those with the 3D printers could obtain blueprints from. It's very plausible, and it's not much of a stretch to see something like that happening. Sadly.:(
You're right, though. There's a lot more at stake than simply a handful of MP3s, and that's why I do agree with the fundamental point of your original post. Though, it's a shame that there are forces in the world that see this sort of freedom as a hazard.
Not that that's ever stopped anyone before. Freedom of the serfs is a dangerous thing!
Yeah, yeah, and humans with their brains represent a risk to the very core of larger animals' dominance.
Doesn't matter how much you boldface your "dire warnings", they're just that: warnings, not reality.
Okay...
The reality is, people will develop nano-scale printers wherever and whenever they can, because there are benefits to the individuals creating it (which includes groups, which includes corporations -- one corporation can achieve leverage over another by judicious use of technology, which nano-scale printers most certainly are).
And how, exactly, are individuals going to afford the capability for manipulating stuff on the atomic level if they're not part of a research institution or corporation? Money doesn't grow on trees.
I feel sorry for people who look at Star Trek as silly fiction.
Star Trek is largely based around a universe that holds a much more utopian view of life than I think it otherwise should. I won't go into my rationale for why I feel this is the case, though, since I suspect that my karma might take a hit from beating on one of Slashdot's more favorite fictional universes.
We are already there, for the class of "digital goods". We're witnessing the turmoil right now. I remember back around Napster days, the companies that sold sewing patterns made press announcements that "The Internet Is Killing Our Business!" The mulch manufacturers will be complaining in short order.
You do raise a good point here, since effectively being able to copy physical goods as readily as an MP3 creates an identical crisis to the business world. The difference though is a matter of 1) creating exact physical copies of an object is not exactly possible on an atomic scale and will require significant advancements to make it affordable 2) it wouldn't be affordable even if it were possible and 3) it would consume a finite number of other resources (e.g. bulk matter) to produce. Copying a digital good such as an MP3 requires virtually no cost except for a small fraction of bandwidth and storage, it's an identical copy of the good, and it requires virtually no upfront investment even if you factor in storage.
What would be the point of paying someone a "subscription fee" when they wouldn't really need to spend the money on anything? They'd have printers too, y'know. (Am I wasting my time arguing with a troll?)
If I were trolling, you probably wouldn't know it.
On the other hand, that you feel compelled to ask this question indicates that I didn't really connect the dots as well as I should have in my post, and thus it may have been too difficult to follow. If so, I apologize. As another poster pointed out, the only "real" thing the US has of economic advantage is its intellectual property. Since IP laws won't go away overnight, even if you did have something that could print virtually any object, I can easily see that various manufacturers would charge a subscription fee to access the basic digital blueprints for fabricating items of interest. So, even if the manufacturers have their own printers (e.g. "we print to higher tolerances than you do!"), if you purchased a consumer grade one, it's not too much of a stretch to imagine that companies would offer their products to you for a small fee to print yourself.
It's a poor analogy, but it's sort of like printing out your own postage. You still pay for the postage, but you have the convenience of printing it at home.
OT, but Slashdot, c'mon: "Read the rest of this comment..." -- the only rest was the dude's signature!
Ugh, tell me about it. I've fiddled with the cut off settings, and sometimes that doesn't even seem to work. It's really pretty damn annoying, because about 70% of the posts with "read more" seem to just show (drum roll, please) the signature.
I do like your suggested solution, though. That's clever.
BTW, on my machine Opera behaves much better than Firefox with 20+ tabs open (I have 57 right now), it's still snappy and Firefox would be crawling and taking up loads of RAM. But of course YMMV.
Opera's UI doesn't handle >200 tabs gracefully at all, regardless of how much better behaved it is. In fact, I have yet to find a browser besides Firefox that handles multiple hundreds of tabs in a manner that is relatively easy to navigate (I take that back, I think Arora behaves very similarly to Firefox). That's not to say Firefox doesn't have its issues: Since 3.0 was released, I haven't been able to keep > 300 tabs up without Firefox crashing fairly regularly whereas the 2.x branch was able to maintain about 500 tabs fairly well (if sluggishly) and rarely ever crashed.
Now, I know what you're going to say: "more than 100 tabs? That's crazy and pointless. Don't do it."
Yeah, well, it's my particular use case, and judging by previous comments on/., I know I'm not alone because I know of one particular poster who ousted me with more than 800 tabs on a regular basis. Since I know someone is going to tell me that there's absolutely no reason to have more than 20 tabs open at a time, I'll explain: It's easy. People like myself and the other guy who had an average of 2 times more tabs open than me are the sort who middle-click on any story or item that might be vaguely interesting, and we therefore use open tabs as sort of an active history of information we're in the process of digesting. My last 300+ tab session I closed through had probably 40 tabs open to Slashdot stories over the course of about 2 months, at least 60 Wikipedia articles I'd opened over a similar period, various news articles, at least 20 abandoned Google searches. I also had ~100 tabs opened to various pages of documentation/manual mirrors hosted locally that I'd largely forgotten about. The other 80ish tabs were a mix of stories and other miscellaneous links I had followed. I find that JS-heavy sites like Gmail tend to kill Firefox if it's been running for about a day with 250-300 tabs open, so I don't hold out a great deal of hope that out-of-process support for Flash will completely fix the problem. If nothing else, I can at least go back to viewing Youtube; though, I tend to do that in Chrome or Opera simply because they do lack the sluggishness and jerkiness that is becoming of viewing online video in Firefox when it's under undue stress.
For anyone who doesn't browse in this fashion, you won't understand why it's so appealing, but I find it more efficient for my particular use case. My memory for specific sites isn't all that great, but my memory for recalling approximate locations/proximities of tabs and items of interest is pretty good. So, I let the application do what applications do best: I let it remember all the details for me, and then simply return to what I was doing before with regards to reading or researching. Besides, bookmarks don't really cut it for me, and I'm sure we've all been there: Dozens of bookmarked sites and not a damn clue where you'd found that one thing that was really neat. So, you troll your browsing history for a half hour and finally relent that you should have simply Googled it in the first place! Really, bookmarks (and even Google Bookmarks to a small degree) always seem to do this: They bring me straight back to having to use a search engine or other search utility (yay, grep!) to find something I may have accidentally closed a meager two hours previous, and if I didn't browse in the rather odd fashion that I do, I'd imagine I'd have to resort to searching a lot more frequently. As it stands, I generally only close my plethora of tabs whenever a) Firefox becomes too unstable to continue (I hope this gets fixed) and/or b) I'm fairly certain those tabs will no longer have a great deal of utility in the near future. Once they degrade to B status and haven't been bookmarked, I bookmark them.
I'm of the mindset that the media industry at large is hurting not so much because of piracy but because of quality and the inability to adapt. Me? I used to by CDs whenever I'd hunt for music. Now, I just purchase it from Amazon if it's available; if not, I do without. (Before anyone whines about lossy codecs, I might remind you that this is simply an anecdote; I honestly can't tell the difference between FLAC and MP3 for the majority of what I own except in very rare circumstances. If you can tell the difference, by all means purchase something you can encode in the format you desire.) I don't watch a lot of movies anymore, and the most recent thing I watched was an old series I enjoyed that Hulu happened to have.
So, it's great that they have the average consumer in mind.
But, I feel Ars missed something of value in this statement by Espinel (a copyright Czar? seriously? we have an entire legal framework put in place to enforce copyright, and we now need a copyright Czar to watch over all of this?):
"The Administration believes that it is essential for the private sector, including content owners, Internet service providers, advertising brokers, payment processors and search engines, to work collaboratively, consistent with the antitrust laws, to address activity that has a negative economic impact and undermines US businesses, and to seek practical and efficient solutions to address infringement." (Emphasis added.)
(Original emphasis is not mine.)
Read that quote. Got it?
Now, I want you to read it again--carefully this time. Specifically, minus the distracting bits:
"The Administration believes that it is essential for... Internet service providers,... and search engines, to work collaboratively, consistent with the antitrust laws, to address activity that has a negative economic impact and undermines US businesses, and to seek practical and efficient solutions to address infringement."
Emphasis mine.
I don't know about you, but that sounds a lot like a subtle (or maybe not to subtle) hint to industry that it needs to start cracking down on illicit behavior. Specifically, I'm talking about deep packet inspection. More importantly, her words imply to me that even Google would need to filter its results for potentially illegal download links.
But wait, there's more!
The plan says the government will soon begin trading samples of "circumvention devices" with the content industry "to assist in determining whether such devices violate an import prohibition." Obviously MPAA and RIAA don't like modchips that allow users to end run DRM restrictions. Groups like Public Knowledge, on the other hand, point out that educators can't exercise fair use rights if they can't access technologies to help them extract video content from DVDs.
Judging by the reaction of Public Knowledge, I suspect that all such "circumvention devices" are indeed software applications that might help pull content off otherwise DRM-protected discs. Really, this statement better reads as "We're going to let the RIAA and MPAA look at all of this stuff and tell us whether it violates the DMCA. If it does, then we'll punish the authors."
To me, though, the most comical bit was this:
The report also promises more vigilance against "foreign-based and foreign-controlled websites and web services" that "infringe American intellectual property rights," but acknowledges that there isn't much the US can do about them.
Oh really? We have all these fanciful ideas and if any one of those evil pirates overseas is in an area where we can't enforce our IP laws, we're screwed!
So tell me, aside from the little blurb about online pharmacies (which I do think ought to be shut down, but that's another rant entirely mainly because I suspect they pay for a vast majority of spam delivery), what part of this sounds as if it's not simply a thinly veiled attempt at selling ISP-level packet filtering?
Slashdot Mirror
Very interesting. In that case, it's almost humorous, is it not? (Well, not for your needs, I realize, but the general notion that they're doing more to damage their reputation certainly is!)
For that distribution. Some distributions default to all available interfaces, thus the Memcached default.
This is also why it is important to verify software configurations before running them.
No, you're just splitting hairs. My point is that software can be configured incorrectly and that it isn't the developers' fault if that happens. I believe the parent's point of view (and the general view espoused further up the comment chain) was that software should be distributed in such a manner that it cannot be configured insecurely. I'm hoping I just misunderstood what you wrote and that you were simply disagreeing for the sake of, well, disagreement. Or trolling. Regardless, I'd encourage you to read up the chain so you may better understand my point (the parent was just convenient fodder since his view was mentioned numerous times, and I got fed up with this notion that it's the responsibility of the developers to ensure no configuration can be abused).
N.B. that if I were to split hairs, I'd point out that your comment that implies (I think? You may have missed a word or two while typing it out) that sysadmins shouldn't be forced to do anything to make a particular software install work. That's a fairly short order--almost all software works out of the box as expected, but whether it works securely across all "default" installs is another matter entirely and one that, again, is the responsibility of the user to verify. But the point goes far beyond that, and I'm somewhat disappointed that you seem to agree with the general sentiment that post-install configuration should almost never happen except in rare outlying circumstances (hint: this isn't likely to happen, particularly with the vast array of requirements, disparate hardware, and so forth). Note, also, that if this notion of "secure by default" is taken to the extreme, you wind up with OpenBSD. OpenBSD is secure by default. You also cannot use it without installing and configuring additional software (thus no longer having a "default" install), because it comes with only OpenSSH installed by default! In other words, we're just encountering a difference of philosophies, and I ascribe to the one that makes the burden of configuration your responsibility as a user, not mine as a developer.
And really, this point it doesn't matter at all, because someone will still find a way to configure it incorrectly, regardless of how well it was written (don't believe me? you'd be surprised what lurks out there in the wild) or how strict the default configuration is. There are people out there who will tinker with things, including things they may not fully understand, and configure it in a manner that is suddenly insecure. That is my fundamental point; the point of the OP and those subsequently up the chain is that the responsibility should rest upon the shoulders of the developers to ensure their software cannot be configured incorrectly--that's the whole point many of the posts here are arguing against Memcached for! There seems to be so much heartache that Memcached (which doesn't require authentication) can be configured in a manner that it exposes sensitive data to the Interwebs. Guess what? If it does, that is the fault of the administrator and not the fault of Memcached or its developers.
I'm not sure how else to state that more clearly. But I'll try:
Responsibility rests on the person who installs the software to ensure it is configured securely for their needs, not the developers nor the package maintainers. The only point in time, IMO, where such responsibility is the developers' is when it becomes an issue of out-of-band behavior; e.g. something that is unexpected and unintended (a bug or security flaw) and not fundamentally something that is the result of a misconfiguration. In short:
Misconfigurations = user's responsibility (even if t
I agree with everything you said. I just want to emphasize this point you made since I'm sure some zealot is going to come around, misread it, and start crying foul:
I missed the "retail" part when I first read your comment and thought "But wait, what about Red Hat? They're a pretty mainstream B2B provider..."
Then I got hit with the clue-stick, and I hope anyone who comes by and reads your comment realizes the same.
Great post, and you're absolutely right. I fall exactly into this category. I love Linux (and BSD), but outside of the server realm, I sincerely don't believe it'll ever succeed. I've used Gentoo on my desktop for over two years as my primary OS--maybe a bit longer--and eventually had to switch back to Windows for some classes I was taking. I never did look back. I still have that install, but KDE 3.5 feels old and klunky (but it's still really reliable), and I hate Gnome. KDE 4 looks nice, but the stability issues and general usability have left me disappointed. And, no doubt, Wine played many of the games I enjoy just fine. It also didn't work at all with many others. (That said, my file server runs Linux.)
On the other hand, any time I have a requirement to use an oddball OS, I just fire up VirtualBox anymore. Why bother myself with the trouble of booting into another OS when I can fire one right up without interrupting my work flow?
Perhaps utilities like rm should be rewritten to use -i (or similar) by default then? Or how about we ought to remove them outright since they might be used incorrectly?
Honestly, it's not up to the developer to make any such assumptions. Any piece of software can be used "insecurely" if configured incorrectly (yes, even IIS). Ultimately, you as the user bare the responsibility for ensuring that your system and your data are correctly secured.
As far as beaten over the head, the default configuration for Memcached that ships with Gentoo has this note immediately over the configuration for what interfaces it should listen on:
I'm sure other distros have similar notes.
Well, just so you know, I've got you on my friend's list because I find your posts interesting. So, while it is a form of censorship, at least I get to enjoy reading through them regardless of what the moderators might do. ;)
I do find it disappointing that negative moderation is used as a -1, Disagree; I guess some people are insecure enough with their beliefs that they feel the first thing they should do is squelch you from voicing your own.
(I should note that I have a few people on my friend's list with whom I disagree simply because I find their opinions enlightening, and I'll even periodically upvote them in spite of my disagreement if they make a decent enough point--if not, I just won't do anything. I tend to agree with your opinions, however.)
I had a similar experience at Staples once when I was looking for USB cables (for a printer). Unfortunately, they had reorganized the store in the months prior to my previous visit, so I had absolutely no idea where to find the cables. Rather than doing the Manly Thing and going off on a 3 day expedition to find the cables myself, I elected to ask an employee (he was headed in my direction, so I figured I'd cut him off and say something first) where to find them.
Big mistake.
First, he lead me to the cables and pointed them out. For this, I was thankful. When he started pointing to some $50 (no, not kidding) 3' long USB cables, I was somewhat annoyed. I informed him that I was simply going to plug these into a printer and that I had no need for superfluous metal plating. He told me something roughly similar to the Best Buy employee in your example: "The gold plating will make it work faster so you can print faster."
"Given the age of the printer and that it's a USB 1.x device, I don't think a thin plating of gold is going to do squat for the pages per minute out of my printer even if it weren't a marketing gimmick," I told him.
Fortunately, he didn't say anything else (which I expected) when I picked up the $10 5' cable, and went about my business. Maybe I'm a jerk, and maybe I should consider that these guys aren't paid to do much more than spit out what they're told so they can sell the higher priced goods, but at the very least it made me feel better. I was annoyed anyway.
I like that approach. Then I can forget about who I was supposed to blame!
I can almost see it...
Son: Daddy, what's that?
Father: That, son, is your grandfather's NES. It still works. Let me show you.
Son: COOL!
*some time later*
Son: Daddy, what's that?
Father: That, son, is your grandfather's SNES. It still works. Let me show you.
Son: COOL!
*some time later*
Son: Daddy, what's that?
Father: That, son, is your grandfather's XBOX 360. He said it was broken, but I think gaming consoles just took a huge step backward and that it's actually a game box where you have to play with three red lights on the front and maybe make them change to some other color...
That's actually not a bad idea, and I'm surprised they didn't do this. Well, mostly, but it does depend on how, exactly the other company was involved in the merger/acquisition. I wouldn't be too surprised if in a few years, Oracle spins off Sun as a wholly-own Subsidiary. But don't expect much; it's worth more to Oracle to be able to put their company logo on machines sitting in your data center. Free advertising is a powerful thing.
On the other hand, it might not be such a bad idea for established IP like Java, and maybe not retaining some of the Sun branding is more damaging (dependencies notwithstanding).
Yes and no. While it's not the best practice to rely on some field assuming it'll forever remain static, if you read the bug report in TFA (surprise, surprise), you'll find this:
So, the reason they examine it in the first place is to know whether or not they need to set specific values that are supported by the Sun/Oracle JVM. It's not optimal, but I can't exactly fault them for that.
I seem to remember some applications not fully working with Blackdown and possibly others facing some breakage with other JVMs. So while it's stupid to rely on the vendor field in general, I can sort of understand why they'd examine it for purposes of compatibility. It goes both ways.
Let's just blame everyone and get it over with.
Off-topic, but your name is highly (and oddly) very applicable to this discussion. :)
Steve Jobs would be appalled considering his propensity for single-button mice. In fact, I'm almost certain he would consider this one an outright blasphemy.
Mindless rant ahead:
Any Republicans who voted for him have no right to call themselves Republicans, IMO. Admittedly, my own party would probably label me as a heretic, but I don't mind (I'm registered as Republican)!
This is what I find unnerving: There are individuals who claim they are conservative either by way of whom they vote for or by way of what policies they support whenever they're in office. They claim they support "smaller government" or some such ridiculous fable. Then, once elected, they push measures that would expand the control and authority of government over all of us and increase spending by a significant factor over their predecessors!
People like that are not, in my mind, conservative. They are neocon political hacks who use the term simply to woo the voters into electing them to Congress where they then live a life of political elitism.
I should also admit I'm a political cynic. The entire system is out of control, and both parties are largely one and the same. Given the way the system works, those of us who are grossly disgusted with everyone in power have nowhere to turn. Third party candidates seldom win, and our system is designed to punish those who refuse to rise to power via either of the two major political parties.
I was once opposed to any change made to our two-party system, but I admit I was wrong. Both parties are out of control. There used to be a saying along the lines of: "The Republicans are only fiscally conservative when they're out of power, and the Democrats are only for the working man when they're out of power. When either is in power, we're all screwed." I tend to believe that now.
I'm a Republican, and I really can't stand the guy. Remember, this is the same Joe Lieberman who has supported in the past activities that involved censorship of specific media (music albums, etc.).
I'm currently reading the bill as was linked from this comment, and it reads as though it were crafted by Symantec, McAfee, Sophos, and all the other "security" vendors who would very much like to be granted a fantastic revenue stream required by law to line their pockets (aside: I suspect it was crafted by them or by lobbyists for their industry)! What I mean specifically can be best explained by reading a small snippet of S. 3480:
This is on page 49 of the PDF. There's 10 pages of recommendations about acquiring "tools" to achieve specific goals--in other words, purchasing the required devices from recommended vendors. The entire bill if it survives as it is written is nothing other than a government-issued directive to dump a significant amount of taxpayer money into various security firms in effort to protect national resources. Though, what worries me is that there appears to be mandates for federal oversight of private systems to ensure that they're following best practices. Coming from the same government that has used the password "password" to protect critical systems, I can only fear that such a mandate would be much more harmful than any sort of purported "cyberattack."
If you read the FAQ the Senate has posted relating to the bill it is clear that no one on the panel has any understanding of what "security" really is. Worse, while the FAQ claims that this bill restricts the powers given to the President under the Communications Act of 1934, I can't help but read into S. 3480 that it is going to involve so much government oversight that we might be swamped simply trying to implement all of the requirements. I hope I'm wrong; I am not a Congress critter, so it's feasible this language might be directed exclusively toward Federal networks.
The Slashdot summary appears to be incorrect. It appears that the time limit placed upon such measures is 30 days. However, I can't help but think that it can be extended indefinitely. From the bill:
I really hope that doesn't imply such an action could be extended indefinitely, but the way I'm reading it sort of suggests that if the President or the director of the office this bill creates d
Easy: They'd simply make the IOS/OSX combiOS something that is generally sold on cheaper Macs (I can see the Mac Mini being turned into an iAppliance, for instance). Then, if the consumer wanted to upgrade it to a full fledged OSX install, they'd have to pay a steeper fee. Artificial market segmentation isn't anything new, and I can see traditional markets being forced into purchasing more expensive devices (not that it would really be any different from what they typically do).
So no, I think the OP is right. Apple won't lose their place, they'll just do what every other company (MS included) has been doing for years. In other words:
Cheap Macs = iAppliance
Expensive Macs = full fledged computing device with a "real" OS.
And really, what do most people use their computers for? E-mail and the web. That's it. No, I'm not talking about us; I'm talking about people like your grandmother, your neighbor across the street who isn't much of a techy, and so forth.
Good point.
Oops! Good catch. Replace that with CDR, please. If you had only posted that while logged in, I'd give you some karma down the road.
Thanks! That'll teach me to post when running on a few hours' sleep. At least it wasn't nearly as bad as my other lengthy one with a fleet of horrible grammatical errors and incorrect usages.
Sigh.
Definitely. There's no way they'd want the average consumer to express the freedoms that we'd very much like to have.
And please, don't take my original post as a suggestion that I thought your ideas were foolish. They're fantastic. I just simply have little faith in our society as it currently exists to do anything that would grant us consumers more freedom. Freedom is, after all, a dangerous thing.
That would actually be a rather humorous plot to a cyberpunk thriller of sorts. 3D printing (and the items printed from them) become illegal contraband, but there'd be the darker corners of the 'net that those with the 3D printers could obtain blueprints from. It's very plausible, and it's not much of a stretch to see something like that happening. Sadly. :(
You're right, though. There's a lot more at stake than simply a handful of MP3s, and that's why I do agree with the fundamental point of your original post. Though, it's a shame that there are forces in the world that see this sort of freedom as a hazard.
Not that that's ever stopped anyone before. Freedom of the serfs is a dangerous thing!
Okay...
And how, exactly, are individuals going to afford the capability for manipulating stuff on the atomic level if they're not part of a research institution or corporation? Money doesn't grow on trees.
Star Trek is largely based around a universe that holds a much more utopian view of life than I think it otherwise should. I won't go into my rationale for why I feel this is the case, though, since I suspect that my karma might take a hit from beating on one of Slashdot's more favorite fictional universes.
You do raise a good point here, since effectively being able to copy physical goods as readily as an MP3 creates an identical crisis to the business world. The difference though is a matter of 1) creating exact physical copies of an object is not exactly possible on an atomic scale and will require significant advancements to make it affordable 2) it wouldn't be affordable even if it were possible and 3) it would consume a finite number of other resources (e.g. bulk matter) to produce. Copying a digital good such as an MP3 requires virtually no cost except for a small fraction of bandwidth and storage, it's an identical copy of the good, and it requires virtually no upfront investment even if you factor in storage.
If I were trolling, you probably wouldn't know it.
On the other hand, that you feel compelled to ask this question indicates that I didn't really connect the dots as well as I should have in my post, and thus it may have been too difficult to follow. If so, I apologize. As another poster pointed out, the only "real" thing the US has of economic advantage is its intellectual property. Since IP laws won't go away overnight, even if you did have something that could print virtually any object, I can easily see that various manufacturers would charge a subscription fee to access the basic digital blueprints for fabricating items of interest. So, even if the manufacturers have their own printers (e.g. "we print to higher tolerances than you do!"), if you purchased a consumer grade one, it's not too much of a stretch to imagine that companies would offer their products to you for a small fee to print yourself.
It's a poor analogy, but it's sort of like printing out your own postage. You still pay for the postage, but you have the convenience of printing it at home.
I'd wager they pay for a majority of spam as a method of advertising their illicit services. That's not something I want.
Ugh, tell me about it. I've fiddled with the cut off settings, and sometimes that doesn't even seem to work. It's really pretty damn annoying, because about 70% of the posts with "read more" seem to just show (drum roll, please) the signature.
I do like your suggested solution, though. That's clever.
Opera's UI doesn't handle >200 tabs gracefully at all, regardless of how much better behaved it is. In fact, I have yet to find a browser besides Firefox that handles multiple hundreds of tabs in a manner that is relatively easy to navigate (I take that back, I think Arora behaves very similarly to Firefox). That's not to say Firefox doesn't have its issues: Since 3.0 was released, I haven't been able to keep > 300 tabs up without Firefox crashing fairly regularly whereas the 2.x branch was able to maintain about 500 tabs fairly well (if sluggishly) and rarely ever crashed.
Now, I know what you're going to say: "more than 100 tabs? That's crazy and pointless. Don't do it."
Yeah, well, it's my particular use case, and judging by previous comments on /., I know I'm not alone because I know of one particular poster who ousted me with more than 800 tabs on a regular basis. Since I know someone is going to tell me that there's absolutely no reason to have more than 20 tabs open at a time, I'll explain: It's easy. People like myself and the other guy who had an average of 2 times more tabs open than me are the sort who middle-click on any story or item that might be vaguely interesting, and we therefore use open tabs as sort of an active history of information we're in the process of digesting. My last 300+ tab session I closed through had probably 40 tabs open to Slashdot stories over the course of about 2 months, at least 60 Wikipedia articles I'd opened over a similar period, various news articles, at least 20 abandoned Google searches. I also had ~100 tabs opened to various pages of documentation/manual mirrors hosted locally that I'd largely forgotten about. The other 80ish tabs were a mix of stories and other miscellaneous links I had followed. I find that JS-heavy sites like Gmail tend to kill Firefox if it's been running for about a day with 250-300 tabs open, so I don't hold out a great deal of hope that out-of-process support for Flash will completely fix the problem. If nothing else, I can at least go back to viewing Youtube; though, I tend to do that in Chrome or Opera simply because they do lack the sluggishness and jerkiness that is becoming of viewing online video in Firefox when it's under undue stress.
For anyone who doesn't browse in this fashion, you won't understand why it's so appealing, but I find it more efficient for my particular use case. My memory for specific sites isn't all that great, but my memory for recalling approximate locations/proximities of tabs and items of interest is pretty good. So, I let the application do what applications do best: I let it remember all the details for me, and then simply return to what I was doing before with regards to reading or researching. Besides, bookmarks don't really cut it for me, and I'm sure we've all been there: Dozens of bookmarked sites and not a damn clue where you'd found that one thing that was really neat. So, you troll your browsing history for a half hour and finally relent that you should have simply Googled it in the first place! Really, bookmarks (and even Google Bookmarks to a small degree) always seem to do this: They bring me straight back to having to use a search engine or other search utility (yay, grep!) to find something I may have accidentally closed a meager two hours previous, and if I didn't browse in the rather odd fashion that I do, I'd imagine I'd have to resort to searching a lot more frequently. As it stands, I generally only close my plethora of tabs whenever a) Firefox becomes too unstable to continue (I hope this gets fixed) and/or b) I'm fairly certain those tabs will no longer have a great deal of utility in the near future. Once they degrade to B status and haven't been bookmarked, I bookmark them.
I li
I'm of the mindset that the media industry at large is hurting not so much because of piracy but because of quality and the inability to adapt. Me? I used to by CDs whenever I'd hunt for music. Now, I just purchase it from Amazon if it's available; if not, I do without. (Before anyone whines about lossy codecs, I might remind you that this is simply an anecdote; I honestly can't tell the difference between FLAC and MP3 for the majority of what I own except in very rare circumstances. If you can tell the difference, by all means purchase something you can encode in the format you desire.) I don't watch a lot of movies anymore, and the most recent thing I watched was an old series I enjoyed that Hulu happened to have.
So, it's great that they have the average consumer in mind.
But, I feel Ars missed something of value in this statement by Espinel (a copyright Czar? seriously? we have an entire legal framework put in place to enforce copyright, and we now need a copyright Czar to watch over all of this?):
(Original emphasis is not mine.)
Read that quote. Got it?
Now, I want you to read it again--carefully this time. Specifically, minus the distracting bits:
Emphasis mine.
I don't know about you, but that sounds a lot like a subtle (or maybe not to subtle) hint to industry that it needs to start cracking down on illicit behavior. Specifically, I'm talking about deep packet inspection. More importantly, her words imply to me that even Google would need to filter its results for potentially illegal download links.
But wait, there's more!
Judging by the reaction of Public Knowledge, I suspect that all such "circumvention devices" are indeed software applications that might help pull content off otherwise DRM-protected discs. Really, this statement better reads as "We're going to let the RIAA and MPAA look at all of this stuff and tell us whether it violates the DMCA. If it does, then we'll punish the authors."
To me, though, the most comical bit was this:
Oh really? We have all these fanciful ideas and if any one of those evil pirates overseas is in an area where we can't enforce our IP laws, we're screwed!
So tell me, aside from the little blurb about online pharmacies (which I do think ought to be shut down, but that's another rant entirely mainly because I suspect they pay for a vast majority of spam delivery), what part of this sounds as if it's not simply a thinly veiled attempt at selling ISP-level packet filtering?