As the meme goes... you must be new here. Slashdot has always had some aspect of pop culture fanboyism. Anime, comics, movies... all fodder for the occasional Slashdot "article". Granted - Anime doesn't show up much anymore. And I suppose there's still some burn from the whole Star Wars thing. But I hardly find it surprising when a trailer for something as fan-frenzy-feeding as a wolverine-centric movie gains Slashdot attention. Even if it's just a leaked movie (from Comicon - as a certain Clever Nickname'd reader refered to as "geek prom").
Unlike the famous companies in the.com bubble, Google is actually making money. And lots of it. More than a billion dollars a quarter, to go along with their $12 billion in cash and zero debt.
Anyone have some insight as to what is the source of this income? I would expect it's not just from advertising alone. I know Google has other business interests. How do they stack up?
The specific example I have in mind is the Google search appliance. I've seen these things dropped in to a couple environments with great success. In fact, one employer had spent several years and no small amount of budget on an internally developed search system that had severe performance issues. Replacing it with a Google box greatly improved performance (although no silver bullet). Are more enterprises quietly purchasing Google tech for internal use?
I always wonder if Google's public projects, all those beta apps that people like to scoff at, aren't simply test beds for Enterprise products. What better way to test and develop than to invite the Internet to provide test data.
I wonder what sparked this at Microsoft. Granted, they have no real prospects besides the usual Windows/Office cash cows, but they're not exactly bleeding money.
This isn't about Linux. It's about Windows. Or more specifically, making applications that were strengths for Linux become strengths for Windows.
Which, of course, means it really IS about Linux too. Linux (and BSD) offers some frightening parallels to Microsoft's history. Microsoft profited greatly by being a major part of the comoditization of computer hardware. What do they do if Linux is the start of commoditizing the OS (even software in general)? Is Microsoft the next IBM?
Maybe they finally got tired of being wrong. This is surprisingly clueful behaviour, and should be encouraged.
Sure. But actions are where it's at. Let's see what Microsoft does with this. They've got a long history (up to recent events) of doing Bad Things.
Maybe this is a turning point. I hope it is. But the cynic in me believes Micrsoft is holding something behind their back.
My guess is this is simply another shot at figuring out Linux's air supply. The old standby of sales didn't work. Copyrights and patents haven't really provided any handholds. Businesses have been resistant - and really, it's just a different angle on sales. So the new tact is to go after the LAMP stack (or the general idea that LAMP represents).
Sure - "developers, developers, developers" still holds true. But now it extends to "applications, applications, applications."
No kidding! If this was a Microsoft-hosted blogging service, there'd already be 20 posts about the lack of commentary if this were a Google-hosted service. Which it is. Which means there's not.
If briannica.com is losing lots of traffic to wikipedia, then GOOD!
Agreed. I didn't notice all the ugliness as I block most of that by default. I would have looked for something more suitable had I been aware. The only reason I went with Britannica is to avoid the "Wikipedia information is suspect" diversion.:P
If I were to adopt the stance that I would only run Linux on my work laptop and reject equipment that did not support Linux, we would not be able to complete our jobs and would have a hard time explaining to the customer why we could not complete the job.
Or you could be running VMWare to boot Windows for work. That's what I do. But then again, I'm also doing a lot of Unix work. And I got tired of trying to make my Windows desktop behave like a Unix one (the Compiz flash is just gravy).
But hey - ya know. To each their own. I wish there were native Linux versions of Quicken and Photoshop. I wish hardware manufacturers put more effort towards Linux compatibility. That way if you wanted to try toying with Linux again, it wouldn't be as unfamiliar. And when I wanted to buy a new camera or balance my checkbook, I'd have more choice too.
Such a package is indeed a matter of convenience, so I'm willing to leave that to personal preference; but I will keep insisting that no package should touch conffiles unasked.
The more I think about it, the more I've come to decide that the other key part to this is what you've touched on. There's an expected behavior that isn't followed in this situation. Most of the time, config. are handled in the manner you noted. But because in this case the package IS config files, we get unexpected behavior that is obviously likely to take some by surprise. Because of this, the normal behavior of only replacing unmodified configs should be followed.
The advantage here is that the admin who installs this package without understanding what it is (or picks up responsibility of the box w/out realizing the package is installed) won't be suprised come update time. Likewise, the admin who wants to maintain a cache proxy with little fuss can still automagically have their configs updated as long as they don't touch them (and really - the intent of this package is so you don't HAVE to do any configs). Seems to be the best of both worlds. Or at least a suitable compromise.
I'm not keen to bash RedHat about for the way things are. But I do agree that there's an opportunity for them to improve the current situation.
We're getting the same sort of wagon-circling that we saw when Hans Reiser was charged. No one seems willing to admit that some of us "geeks" are self-important prima donas who border on pathologically criminal behavior. This guy is clearly a criminal.
You just did a great job at summing up the situation. But I don't think it was intentional.
The point to this is that, at least to some minds, the case is not so clear. Sure there are those who can't see beyond identifying with the individual. But there are also those who have experienced really screwy situations and think "there but for the grace of God go I."
As more information comes out, the actual situation should start to clear up. Either this guy really is the psycopathic BOF poster boy the prosecution would have us believe (and consequently those who can't admit it will really stand out). Or we'll discover that this guy really is the victim of overzelous incompetence.
MMOs are popular, not because they're better than single player RPGs, but because they have a good gimmick. To the hardcore fan, the single player, turn based, often tactical CRPG is obviously superior.
It depends on what you expect to get out of the game. I would suggest that MMOs are popular because they offer something different than the single player CRPG.
Having said that, too many people go in to MMOs with the idea that they get to be the wunderkind center of the world. Or that they get to "win" the game. Or any number of other artifacts of single-player games.
What is the point of encrypting the communication if you don't know who you are talking to? It could be your bank or it could be your bank, through a middle-man or it could be anyone else. If the certificate does not identify the website you're connecting to, the connection is not really more secure than if it was not encrypted.
That's it right there. It's not a matter of trusting whoever is running that site. It's a question of whether you are really talking to the site you think you are. That's all. Whether or not you can trust the site owner is an entirely different issue.
But wouldn't having this switch require the aforementioned clueless admin to know about it and make use of it? And if so, isn't it the same issue as having the knowledge to know whether you should have the caching DNS package installed or not?
Red Hat would save themselves some trouble by just correcting this on their end (perhaps something in system-config-bind for toggling between serving records and just caching...similar to the "switchmail" app for toggling between Sendmail and Postfix). If the flag for serving records is checked, then the system will protect named.conf regardless of whether caching-nameserver is installed.
Or the sysadmin could simply remove the caching-nameserver package. I might be missing something but it would seem to be just as easy as what you're describing.
I'm not familiar with the package in question, but I assume it also installed some binaries. If it found that there already was a configfile of that name, it should have asked what to do.
If setting up the caching-nameserver was a matter of changing config options, you don't need a package for that, you need a HOWTO.
I would hazard to guess that unfamiliarity with the package is the real root cause of this. From the package description for caching-nameserver-7.3-3 (which could be a very old version):
The caching-nameserver package includes the configuration files which will make BIND, the DNS name server, act as a simple caching nameserver. Many users on dialup connections use this package along with BIND for such a purpose.
If you would like to set up a caching name server, you'll need to install the caching-nameserver package; you'll also need to install bind.
And so there we have it - a package designed to install and maintain the very generic files needed to configure a caching DNS server. DNS server not included.
And sure - this could be a HOWTO. But making a package allows for quick-and-simple configuration. And since this kind of thing is so generic, it really lends itself to packaging. I disagree that it should only be a HOWTO.
It is a bug when an update overwrites your configuration file.
Normally I'd say you've got a valid point. The problem here is that the config file seems to be part of the intent of the package (please correct me if I'm wrong).
A rough example would be if someone replaced a packaged binary with a custom-compiled version and then complained when the package update overwrote that modified binary.
The point is that these tools are produced very much outside Microsoft's realm of control. I'm skeptical how strong an argument this makes against a "my way or the highway" mentality at Microsoft.
Having said that... I definitely agree that the mentality exists at Apple. It always has (or at least - it has since the Mac took over from the Apple II). Its the ultimate reason I never had any interest in Macs. It's not that I ever thought that IBM's architecture was better (or Microsoft had better software). It was simply because the design had become a commodity platform. And that opens a lot of possibilities.
I'd like to offer one last thing to consider. You can compare and contrast control with Apple and Microsoft. Upgrading that video card on an Apple system requires getting one with special firmware - limiting your choices. Generic "PC" platforms generally offer dozens of choices. Meanwhile it's nice that you can place a MacOS-like launcher on your Windows system. But MacOS X users can also install alternative launchers and other UI mods.
The fewer people who know about a vulnerability, the fewer that can exploit it, and that means that users have a lower chance of being exploited.
Two things to consider:
1) All it takes is one person to exploit your vulnerability. And that one person doesn't even have to know you exist and target you specifically. Most cases involve targets of opportunity.
2) These things don't remain secret. How fast the knowledge is spread only depends on the particulars of the situation. But the knowledge will spread. Sometimes very fast. You're unlikely to be dealing with just one potential attacker.
That's actually an important point about security. You cannot make a useful system without any vulnerabilities. You can only maker it harder to exploit the vulnerabilities, meaning that fewer will be able to exploit them. For example, you cannot make an uncrackable and useful code, but you can make a code so hard to break that very few will even try.
It depends on what kind of vulnerability we're dealing with. There are known trade-offs in the design of a system and then there's failures in the design or implementation.
Security is never absolute by design. There are always trade-offs being made (inverse relationship between usability and security, investment of resources vs. value of what's being protected, etc.). Hopefully designers understand the issues and have made wise choices. But even the most well thought out system will ultimately have left some possibility of subverting it. Thus exists the concept that security is not an absolute.
Bugs and design flaws are a different issue. These are not trade-offs but unintentional mistakes or miscalculations. These are unintentional flaws. It is entirely possible to design or implement a system without flaws. But of course, designing something without flaws or implementing without bugs is difficult.
Slashdot Mirror
A story about a leaked fucking trailer?
As the meme goes... you must be new here. Slashdot has always had some aspect of pop culture fanboyism. Anime, comics, movies... all fodder for the occasional Slashdot "article". Granted - Anime doesn't show up much anymore. And I suppose there's still some burn from the whole Star Wars thing. But I hardly find it surprising when a trailer for something as fan-frenzy-feeding as a wolverine-centric movie gains Slashdot attention. Even if it's just a leaked movie (from Comicon - as a certain Clever Nickname'd reader refered to as "geek prom").
Unlike the famous companies in the .com bubble, Google is actually making money. And lots of it. More than a billion dollars a quarter, to go along with their $12 billion in cash and zero debt.
Anyone have some insight as to what is the source of this income? I would expect it's not just from advertising alone. I know Google has other business interests. How do they stack up?
The specific example I have in mind is the Google search appliance. I've seen these things dropped in to a couple environments with great success. In fact, one employer had spent several years and no small amount of budget on an internally developed search system that had severe performance issues. Replacing it with a Google box greatly improved performance (although no silver bullet). Are more enterprises quietly purchasing Google tech for internal use?
I always wonder if Google's public projects, all those beta apps that people like to scoff at, aren't simply test beds for Enterprise products. What better way to test and develop than to invite the Internet to provide test data.
One of these two OS environments was designed to be on a XO and one wasn't. That's why they're being compared - and why the comparison is valid.
New Slashdot mod option: Fed.
Childs' defense attorney has got to be happy about this.
"Your Honor.. I would like to direct the Court's attention to Exhibit A; the mere existence of which proves our case..."
I wonder what sparked this at Microsoft. Granted, they have no real prospects besides the usual Windows/Office cash cows, but they're not exactly bleeding money.
Once again... being the cynic...
This isn't about Linux. It's about Windows. Or more specifically, making applications that were strengths for Linux become strengths for Windows.
Which, of course, means it really IS about Linux too. Linux (and BSD) offers some frightening parallels to Microsoft's history. Microsoft profited greatly by being a major part of the comoditization of computer hardware. What do they do if Linux is the start of commoditizing the OS (even software in general)? Is Microsoft the next IBM?
Maybe they finally got tired of being wrong. This is surprisingly clueful behaviour, and should be encouraged.
Sure. But actions are where it's at. Let's see what Microsoft does with this. They've got a long history (up to recent events) of doing Bad Things.
Maybe this is a turning point. I hope it is. But the cynic in me believes Micrsoft is holding something behind their back.
My guess is this is simply another shot at figuring out Linux's air supply. The old standby of sales didn't work. Copyrights and patents haven't really provided any handholds. Businesses have been resistant - and really, it's just a different angle on sales. So the new tact is to go after the LAMP stack (or the general idea that LAMP represents).
Sure - "developers, developers, developers" still holds true. But now it extends to "applications, applications, applications."
Lord Apathy (584315):
Surprising.
No... wait... the other thing: tedious.
No kidding! If this was a Microsoft-hosted blogging service, there'd already be 20 posts about the lack of commentary if this were a Google-hosted service. Which it is. Which means there's not.
Profit.
If briannica.com is losing lots of traffic to wikipedia, then GOOD!
Agreed. I didn't notice all the ugliness as I block most of that by default. I would have looked for something more suitable had I been aware. The only reason I went with Britannica is to avoid the "Wikipedia information is suspect" diversion. :P
Or you could be running VMWare to boot Windows for work. That's what I do. But then again, I'm also doing a lot of Unix work. And I got tired of trying to make my Windows desktop behave like a Unix one (the Compiz flash is just gravy).
But hey - ya know. To each their own. I wish there were native Linux versions of Quicken and Photoshop. I wish hardware manufacturers put more effort towards Linux compatibility. That way if you wanted to try toying with Linux again, it wouldn't be as unfamiliar. And when I wanted to buy a new camera or balance my checkbook, I'd have more choice too.
http://www.britannica.com/EBchecked/topic/449585/penal-colony
Such a package is indeed a matter of convenience, so I'm willing to leave that to personal preference; but I will keep insisting that no package should touch conffiles unasked.
The more I think about it, the more I've come to decide that the other key part to this is what you've touched on. There's an expected behavior that isn't followed in this situation. Most of the time, config. are handled in the manner you noted. But because in this case the package IS config files, we get unexpected behavior that is obviously likely to take some by surprise. Because of this, the normal behavior of only replacing unmodified configs should be followed.
The advantage here is that the admin who installs this package without understanding what it is (or picks up responsibility of the box w/out realizing the package is installed) won't be suprised come update time. Likewise, the admin who wants to maintain a cache proxy with little fuss can still automagically have their configs updated as long as they don't touch them (and really - the intent of this package is so you don't HAVE to do any configs). Seems to be the best of both worlds. Or at least a suitable compromise.
I'm not keen to bash RedHat about for the way things are. But I do agree that there's an opportunity for them to improve the current situation.
We're getting the same sort of wagon-circling that we saw when Hans Reiser was charged. No one seems willing to admit that some of us "geeks" are self-important prima donas who border on pathologically criminal behavior. This guy is clearly a criminal.
You just did a great job at summing up the situation. But I don't think it was intentional.
The point to this is that, at least to some minds, the case is not so clear. Sure there are those who can't see beyond identifying with the individual. But there are also those who have experienced really screwy situations and think "there but for the grace of God go I."
As more information comes out, the actual situation should start to clear up. Either this guy really is the psycopathic BOF poster boy the prosecution would have us believe (and consequently those who can't admit it will really stand out). Or we'll discover that this guy really is the victim of overzelous incompetence.
What do you expect from a nation founded by thieves and other criminals?
To be fair, that only happened because England's other penal colony had a revolution.
I suppose the Australian government should be more grateful of the US and follow their lead a bit more when it comes to content industry initiatives?
MMOs are popular, not because they're better than single player RPGs, but because they have a good gimmick. To the hardcore fan, the single player, turn based, often tactical CRPG is obviously superior.
It depends on what you expect to get out of the game. I would suggest that MMOs are popular because they offer something different than the single player CRPG.
Having said that, too many people go in to MMOs with the idea that they get to be the wunderkind center of the world. Or that they get to "win" the game. Or any number of other artifacts of single-player games.
The two are very different vehicles.
What is the point of encrypting the communication if you don't know who you are talking to? It could be your bank or it could be your bank, through a middle-man or it could be anyone else. If the certificate does not identify the website you're connecting to, the connection is not really more secure than if it was not encrypted.
That's it right there. It's not a matter of trusting whoever is running that site. It's a question of whether you are really talking to the site you think you are. That's all. Whether or not you can trust the site owner is an entirely different issue.
Is the caching-nameserver package installed by default?
But wouldn't having this switch require the aforementioned clueless admin to know about it and make use of it? And if so, isn't it the same issue as having the knowledge to know whether you should have the caching DNS package installed or not?
Red Hat would save themselves some trouble by just correcting this on their end (perhaps something in system-config-bind for toggling between serving records and just caching...similar to the "switchmail" app for toggling between Sendmail and Postfix). If the flag for serving records is checked, then the system will protect named.conf regardless of whether caching-nameserver is installed.
Or the sysadmin could simply remove the caching-nameserver package. I might be missing something but it would seem to be just as easy as what you're describing.
I'm not familiar with the package in question, but I assume it also installed some binaries. If it found that there already was a configfile of that name, it should have asked what to do.
If setting up the caching-nameserver was a matter of changing config options, you don't need a package for that, you need a HOWTO.
I would hazard to guess that unfamiliarity with the package is the real root cause of this. From the package description for caching-nameserver-7.3-3 (which could be a very old version):
The file contents show:
And so there we have it - a package designed to install and maintain the very generic files needed to configure a caching DNS server. DNS server not included.
And sure - this could be a HOWTO. But making a package allows for quick-and-simple configuration. And since this kind of thing is so generic, it really lends itself to packaging. I disagree that it should only be a HOWTO.
It is a bug when an update overwrites your configuration file.
Normally I'd say you've got a valid point. The problem here is that the config file seems to be part of the intent of the package (please correct me if I'm wrong).
A rough example would be if someone replaced a packaged binary with a custom-compiled version and then complained when the package update overwrote that modified binary.
The point is that these tools are produced very much outside Microsoft's realm of control. I'm skeptical how strong an argument this makes against a "my way or the highway" mentality at Microsoft.
Having said that... I definitely agree that the mentality exists at Apple. It always has (or at least - it has since the Mac took over from the Apple II). Its the ultimate reason I never had any interest in Macs. It's not that I ever thought that IBM's architecture was better (or Microsoft had better software). It was simply because the design had become a commodity platform. And that opens a lot of possibilities.
I'd like to offer one last thing to consider. You can compare and contrast control with Apple and Microsoft. Upgrading that video card on an Apple system requires getting one with special firmware - limiting your choices. Generic "PC" platforms generally offer dozens of choices. Meanwhile it's nice that you can place a MacOS-like launcher on your Windows system. But MacOS X users can also install alternative launchers and other UI mods.
I wasn't aware Microsoft produces video cards or owns Stardock. Amazing the things you learn reading /.
The fewer people who know about a vulnerability, the fewer that can exploit it, and that means that users have a lower chance of being exploited.
Two things to consider:
1) All it takes is one person to exploit your vulnerability. And that one person doesn't even have to know you exist and target you specifically. Most cases involve targets of opportunity.
2) These things don't remain secret. How fast the knowledge is spread only depends on the particulars of the situation. But the knowledge will spread. Sometimes very fast. You're unlikely to be dealing with just one potential attacker.
That's actually an important point about security. You cannot make a useful system without any vulnerabilities. You can only maker it harder to exploit the vulnerabilities, meaning that fewer will be able to exploit them. For example, you cannot make an uncrackable and useful code, but you can make a code so hard to break that very few will even try.
It depends on what kind of vulnerability we're dealing with. There are known trade-offs in the design of a system and then there's failures in the design or implementation.
Security is never absolute by design. There are always trade-offs being made (inverse relationship between usability and security, investment of resources vs. value of what's being protected, etc.). Hopefully designers understand the issues and have made wise choices. But even the most well thought out system will ultimately have left some possibility of subverting it. Thus exists the concept that security is not an absolute.
Bugs and design flaws are a different issue. These are not trade-offs but unintentional mistakes or miscalculations. These are unintentional flaws. It is entirely possible to design or implement a system without flaws. But of course, designing something without flaws or implementing without bugs is difficult.