On the other hand, the Russians and Chinese can penetrate virtually risk-free.
The Law is security theatre, not security. This is the one fault I find when reading Schneier's blog - he'll correctly diagnose security theatre and then call for more laws or regulations to 'deal' with it (paper over it, that is).
On my wife's van it was a discrete package, but I just pulled the fuse (visible wires). Somebody told me it's more integrated into the electronics now.
Because I really want to have to get a 'computer license' to connect to the internet and have to provide my ID every time I use an internet cafe or public wifi network, obliterating the last shreds of anonymity we have on the internet.
That's a matter of implementation. The wireless AP at the coffee shop can certainly negotiate with your PC as to its level of protection (e.g. Kaspersky would attest to its security), and no names are required.
This would probably imply making Tor illegal, too.
Outlawing anything is never productive. Passing Tor traffic probably should cost more, though, because it's more risky. Part of those costs should go to cover liability for the provider, who can choose to absorb the risk, if that's the contract you sign.
Even if Linux came with a much lower premium, most people would look at the little box in their room as too much liability, and unplug it. Free Wi-fi would disappear from coffee shops--too much liability.
Cars are much more risky, liability-wise, yet most people who can have one choose to do so. Similarly, shopping centers have parking lots, so people actually come in and shop. They buy insurance to cover incidents in the parking lot.
Personally, I'm fine with having to buy a coffee to get WiFi at a coffee shop. I don't see why anybody demands 'free' Internet (thought Free Internet is grand, of course). If coffee receipts come with a code for 2 hours of WiFi that works for Mac and Linux but to use Windows there costs an extra 20 cents, that's not a problem either. The coffee shops already have to deal with the headaches involved with getting shut off by their ISP because a client is spewing malware, and that sure isn't free.
How exactly is liability in the computer industry artificially limited by the government?
Computer owners are not held liable by the 'justice' system for the actions that it takes. When was the last time you heard of Botnet-infested PC owner having to pay for the damage it caused?
Standard liability works out fine for motor vehicles. Even if the vehicle is stolen, some liability goes with the vehicle. That's one reason people carry insurance.
Its just a shame the contractors smelt money and decided to milk it for all it was worth rather than bother to deliver a working system
Naturally, just don't presume that the more benign outcome was the original goal. All of these big contracts are designed to transfer money from the working poor to the well-connected. Everything else is just window dressing.
When I see a government contract that is fixed-price with milestone payments and penalties for late delivery (with a fair change-order process, of course) then I'll change my mind.
Right. It needs to be strictly civil liability - the government could really hose this up if they attach criminal penalties.
The computer industry has set a terrible precedent here, which I hope is stopped. That person running an unpatched XP in a botnet should be just as liable as the person riding in his car, for the damage his car does and for the damage his PC does. Kaspersky should be selling combination AV/Insurance packages.
People wonder why linux doesn't catch on despite being so much more secure than Windows. One of the factors is that Windows doesn't have to be as good because liability is artificially limited by the government, and that's a direct subsidy. Absent that protection, either Windows would get better or it'd become too expensive to run.
You need a better post office. One of the groups I volunteer for can go 3-4 months between checking the box. Never a problem. As long as it' doesn't overfill (in a small town they're likely to notify you)
How do you get notified where you are? Here a regular-sized box will overflow with "Current Resident" junk mail in about 2 weeks. They put a notice in your box that they're holding the rest of your mail in the back.
You worry about the certification for other software, but not the base OS?
This doesn't make sense. Of course all the software in the OS is certified to work in the OS.
The issue at hand here is if you run a vendor's software stack on your OS if they're going to support it. Certification can be a per-requisite for support.
If the certification is important, then it would be BETTER to use the proper RHEL and not a free 'knockoff'....
Technically there's no difference, but if your vendor insists on an active RHEL license so he can get support on the machine, then sure, you get the license and count that as part of the cost of the app. That said, most vendors support CentOS because it keeps the apparent cost of their software down, which is good for their bottom line.
Close, but there are a few important points to add:
First, compiling CentOS 6 wasn't just a matter of re-compiling the SRPM's. The big patches don't make recompiling harder, it makes support harder (which is meant to hurt Oracle, as you said).
What killed the release of CentOS 6 in a timely manner was all the build dependencies. To get an exact binary-compatible RPM for foo.el6 you needed to build it on, say, Fedora 13, with libbar-verisonX.Y.Z.fc13 installed. It wasn't self-hosting or documented how to build el6. Scientific Linux came out much more quickly because they didn't care about binary compatibility.
Why is this important? To validate the security of both RHEL and CentOS. If you can reproduce the binary from source you're an order of magnitude better off than trusting a blob. If you have all the same dependencies as your upstream, you can get third parties to also certify you.
After some initial handwringing about protecting Redhat's interests, CentOS agreed to disclose the build process so others could validate their work. The arguments about how it was going to happen lasted a few months, but came out on the side of openness.
I can't imagine that CentOS will abandon this transparence for el7, because they would lose the community's trust in the code. So the leverage against Oracle has to be something else. There are other ways to marginalize Oracle's offering, and Oracle itself participates in that to a certain degree.
Except it is not a clearly labeled button, it is a button which has a function far beyond its label.
Strictly speaking, this isn't so. 'Like' is a well-defined word. That Facebook grants extra access to people who like certain things doesn't change the meaning of the word.
You have to like a group or product just to be able to post on the page about it and be part of the discussion. So, if I see something I don't like, if I see a product that is a scam or that didn't work as advertised, I can't even post in a group discussing it unless i hit "like"
Facebook might argue thusly:
* You don't have a right to post on a page. * Facebook restricts posting on a page to people who like that page. (literal sense). * People who 'like' a page who don't really like the page, are clicking the 'like' button fraudulently. * There is no contractual obligation to protect the interests of users who are fraudulently using the service.
Either the customer pays for it, or the website pays for it
To play devil's advocate, YouTube can get a better deal on bandwidth from AT&T than the user can. In theory, YouTube could pass those costs along as a charge on the user's YouTube account and the monthly cell phone bill would be lower than paying it directly to AT&T.
This would almost be useful if we had a web of automated micropayments established. One Satoshi is still too big, though, and all that billing effort is waste heat.
That's unpossible! All my libertarian friends assure me that getting the government off the backs of our noble corporations will result in more freedom and openness, a free market utopia!
Because mega-corporations like AT&T, kept in a hegemonic position by the FCC, fits the libertarian ideal, amirite?
How about we get rid of the corporate form (again, like it was pre-1870) and the FCC, and let radios auto-negotiate spectrum, let individuals put up mesh towers on their homes, barns, and vehicles, and let them earn micropayments based on their node's network path value, paid via bitcoin, by users who roam onto their infrastructure instead of paying a monthly cell phone bill to the cartel?
Nah, I'd rather have AT&T enforce a pay to play model on its users and internet sites under a dysfunctional regulatory regime.
On the other hand, the Russians and Chinese can penetrate virtually risk-free.
The Law is security theatre, not security. This is the one fault I find when reading Schneier's blog - he'll correctly diagnose security theatre and then call for more laws or regulations to 'deal' with it (paper over it, that is).
a hypothetical interpretation of reality meant to foster vigorous discussion of various subjects and hypothetical constructs
I'm nominating this to replace "News for Nerds. Stuff that Matters."
On my wife's van it was a discrete package, but I just pulled the fuse (visible wires). Somebody told me it's more integrated into the electronics now.
Probably for the same reason we find sharks with license plates
bah - they don't even get fishing licenses!
Indeed, a free currency needs more fees. Want to pay? Pay for the paying. Don't forget a fee for the pay for the pay...
Remember, Facebook sucks because you're not paying for it, but bitcoin sucks because you have to pay for it.
Because I really want to have to get a 'computer license' to connect to the internet and have to provide my ID every time I use an internet cafe or public wifi network, obliterating the last shreds of anonymity we have on the internet.
That's a matter of implementation. The wireless AP at the coffee shop can certainly negotiate with your PC as to its level of protection (e.g. Kaspersky would attest to its security), and no names are required.
This would probably imply making Tor illegal, too.
Outlawing anything is never productive. Passing Tor traffic probably should cost more, though, because it's more risky. Part of those costs should go to cover liability for the provider, who can choose to absorb the risk, if that's the contract you sign.
Even if Linux came with a much lower premium, most people would look at the little box in their room as too much liability, and unplug it. Free Wi-fi would disappear from coffee shops--too much liability.
Cars are much more risky, liability-wise, yet most people who can have one choose to do so. Similarly, shopping centers have parking lots, so people actually come in and shop. They buy insurance to cover incidents in the parking lot.
Personally, I'm fine with having to buy a coffee to get WiFi at a coffee shop. I don't see why anybody demands 'free' Internet (thought Free Internet is grand, of course). If coffee receipts come with a code for 2 hours of WiFi that works for Mac and Linux but to use Windows there costs an extra 20 cents, that's not a problem either. The coffee shops already have to deal with the headaches involved with getting shut off by their ISP because a client is spewing malware, and that sure isn't free.
How exactly is liability in the computer industry artificially limited by the government?
Computer owners are not held liable by the 'justice' system for the actions that it takes. When was the last time you heard of Botnet-infested PC owner having to pay for the damage it caused?
Standard liability works out fine for motor vehicles. Even if the vehicle is stolen, some liability goes with the vehicle. That's one reason people carry insurance.
why is unifying their data between services inherently illegal?
Seems like a backdoor to un-approve M&A arrangements after they've happened.
"Yeah, that's fine for you to buy this other company. :wait: Oh, you can't share data from the new business unit with the rest of your company."
Can it be traced to a person or circle of people? What is / are their identity(ies)?
IIRC, the head of R&D at F-Secure.
What, "incentives matter"? These days that's enough to get you labeled an anarchist.
Its just a shame the contractors smelt money and decided to milk it for all it was worth rather than bother to deliver a working system
Naturally, just don't presume that the more benign outcome was the original goal. All of these big contracts are designed to transfer money from the working poor to the well-connected. Everything else is just window dressing.
When I see a government contract that is fixed-price with milestone payments and penalties for late delivery (with a fair change-order process, of course) then I'll change my mind.
Determining your car's software version would be too much work for them and cut into profits.
Empirical data points to the opposite: http://fitguide.installernet.com/progressive/
Right. It needs to be strictly civil liability - the government could really hose this up if they attach criminal penalties.
The computer industry has set a terrible precedent here, which I hope is stopped. That person running an unpatched XP in a botnet should be just as liable as the person riding in his car, for the damage his car does and for the damage his PC does. Kaspersky should be selling combination AV/Insurance packages.
People wonder why linux doesn't catch on despite being so much more secure than Windows. One of the factors is that Windows doesn't have to be as good because liability is artificially limited by the government, and that's a direct subsidy. Absent that protection, either Windows would get better or it'd become too expensive to run.
You need a better post office. One of the groups I volunteer for can go 3-4 months between checking the box. Never a problem. As long as it' doesn't overfill (in a small town they're likely to notify you)
How do you get notified where you are? Here a regular-sized box will overflow with "Current Resident" junk mail in about 2 weeks. They put a notice in your box that they're holding the rest of your mail in the back.
Husband/wife? This is slashdot you know...
Dude, do not interrupt the LeeLoo Dallas Mooltipass vibe we got goin' on here.
You worry about the certification for other software, but not the base OS?
This doesn't make sense. Of course all the software in the OS is certified to work in the OS.
The issue at hand here is if you run a vendor's software stack on your OS if they're going to support it. Certification can be a per-requisite for support.
If the certification is important, then it would be BETTER to use the proper RHEL and not a free 'knockoff'....
Technically there's no difference, but if your vendor insists on an active RHEL license so he can get support on the machine, then sure, you get the license and count that as part of the cost of the app. That said, most vendors support CentOS because it keeps the apparent cost of their software down, which is good for their bottom line.
Weapons Systems That Kill According To Algorithms Are Coming. What To Do?
Give it your clothes, your boots, and your motorcycle.
Close, but there are a few important points to add:
First, compiling CentOS 6 wasn't just a matter of re-compiling the SRPM's. The big patches don't make recompiling harder, it makes support harder (which is meant to hurt Oracle, as you said).
What killed the release of CentOS 6 in a timely manner was all the build dependencies. To get an exact binary-compatible RPM for foo.el6 you needed to build it on, say, Fedora 13, with libbar-verisonX.Y.Z.fc13 installed. It wasn't self-hosting or documented how to build el6. Scientific Linux came out much more quickly because they didn't care about binary compatibility.
Why is this important? To validate the security of both RHEL and CentOS. If you can reproduce the binary from source you're an order of magnitude better off than trusting a blob. If you have all the same dependencies as your upstream, you can get third parties to also certify you.
After some initial handwringing about protecting Redhat's interests, CentOS agreed to disclose the build process so others could validate their work. The arguments about how it was going to happen lasted a few months, but came out on the side of openness.
I can't imagine that CentOS will abandon this transparence for el7, because they would lose the community's trust in the code. So the leverage against Oracle has to be something else. There are other ways to marginalize Oracle's offering, and Oracle itself participates in that to a certain degree.
Except it is not a clearly labeled button, it is a button which has a function far beyond its label.
Strictly speaking, this isn't so. 'Like' is a well-defined word. That Facebook grants extra access to people who like certain things doesn't change the meaning of the word.
Are we ready for Tonika yet?
And from a ground-based camera...
Oh, wait, what?! And here I was remarking that the image of Europa was fantastic for an Earth-orbit telescope.
I'll see your 'breathtaking' and raise you one 'astonishing'.
You have to like a group or product just to be able to post on the page about it and be part of the discussion. So, if I see something I don't like, if I see a product that is a scam or that didn't work as advertised, I can't even post in a group discussing it unless i hit "like"
Facebook might argue thusly:
* You don't have a right to post on a page.
* Facebook restricts posting on a page to people who like that page. (literal sense).
* People who 'like' a page who don't really like the page, are clicking the 'like' button fraudulently.
* There is no contractual obligation to protect the interests of users who are fraudulently using the service.
Is that any different from technologists opining on economic or sociopolitical issues they don't understand?
When was the last time a Slashdotter threatened to put a gun to your head if you didn't agree with his misinformed rant?
Either the customer pays for it, or the website pays for it
To play devil's advocate, YouTube can get a better deal on bandwidth from AT&T than the user can. In theory, YouTube could pass those costs along as a charge on the user's YouTube account and the monthly cell phone bill would be lower than paying it directly to AT&T.
This would almost be useful if we had a web of automated micropayments established. One Satoshi is still too big, though, and all that billing effort is waste heat.
That's unpossible! All my libertarian friends assure me that getting the government off the backs of our noble corporations will result in more freedom and openness, a free market utopia!
Because mega-corporations like AT&T, kept in a hegemonic position by the FCC, fits the libertarian ideal, amirite?
How about we get rid of the corporate form (again, like it was pre-1870) and the FCC, and let radios auto-negotiate spectrum, let individuals put up mesh towers on their homes, barns, and vehicles, and let them earn micropayments based on their node's network path value, paid via bitcoin, by users who roam onto their infrastructure instead of paying a monthly cell phone bill to the cartel?
Nah, I'd rather have AT&T enforce a pay to play model on its users and internet sites under a dysfunctional regulatory regime.