I've never understood how so many people (who I'll credit with probably being otherwise intelligent) can think like this. Why does the parent poster assume that EVERY workplace is like *his* workplace? Why does EVERY job have to be be as dull and stolid as *his* job? It must not have ever occurred to him that OTHER companies, with OTHER bosses and managers, aren't collapsing under their own bureacratic weight.
cubicledrone, do you work for the government, or something? Maybe you need to GET A NEW JOB! Try shopping around for an employer. If you haven't got the skills or experience needed to have the opportunity to comparison shop, then start making a point of getting them.
FYI, I have worked at companies that are exactly as you described. I have also worked at companies that know how to take good ideas and run with them, and who aren't run by lazy, incompetent MBAs. I just think you don't have a large enough sample size--classic error of logic.
Also, did you ever consider the possiblity that they didn't listen to your idea because it was lame? They could have rejected you because your proposal was a sure-fire loser, but you didn't know enough of what they knew to realize it. And it's to bad that nobody took the time to clue-bat you, either, because your ignorance has apparantly made you very bitter.
Slashdot's posting submission page should have a check box for "IANAL"--sorry to be catty, but you need to think about this a little harder.
A DERIVED work is just that--a brand-new work, with its own copyright (owned by the creator of this derived work), which happens to be inspired by an existing work. The creator of the original work does not gain any rights over this work, nor can he impose restrictions on the copyright of this work, merely by the fact that this work is a derived work.
HOWEVER, the LICENSE under which the original copyright owner grants access the the creator of the derived work can specify additional restrictions on derived works as a condition of the license. But this should be obvious--you could impose a condition that the licensee must dance the gavotte upon demand is you wanted, because the license is just a contact between two parties. You might be familiar with this concept from such notions as the GPL, or the BSD license (both of which impose requirements on derived works a condition of using the original work).
Please bear in mind--copyright basically just says that I have the right to legally ban you from copying my data if I so desire. Starting from this right, we use contracts (licenses) to create a fine-tuned relationship that obliges you to certain conditions in order to use my stuff. If you refuse the conditions, I can refuse you the right to use my data.
Oh, yeah--IANAL, but I work close to the legal profession.
Wait... Maybe someone can explain this to me: compiled-java is when you compile your bytecode into actual machine-language beforehand to allow it to execute faster, right? And in Java, the memory allocation and de-allocation (new() calls and garbage collection) is done by the JVM, right?
So is the JVM involved at all when you're running compiled-java, or not? It would seem like it would have to be, to handle memory, unless the compilation process builds in some kind of memory manager.
This poster has me confused--I always thought that the big slowdown when running Java was because the JVM had to handle memory. Is the translation from bytecode to machine-language really such a huge portion of JVM's workload that running compiled-java can be "indistinguishable from running C++ programs"?
I know it's off-topic, but PLEASE shed some light on this for me.
"the patches I get from Microsoft use a FIPS certified level 3 SSL connection so that the new code is certified by the source."
Exactly the point that many OSS people have been making for a while. I hit Windows Update every month or so to get patches for machines I maintain, and I'm amazed by the sheer number of security vulnerabilities they're fixing each month. And the flow never stops, even though Win2K has been out for three years, now! Sure, Linux and the OSS projects have security needs that have to be addressed (notice how newsworthy and *rare* even a local root vulnerability is in the kernel, let alone a remote), but Jesus Christ.
All I'm saying is, maybe it would be nice if some benevolent black hat broke into the MS development servers and started fixing code.
That Ramsey quote just sounds like doublespeak, doesn't it? WTF does he think that it means to "litigate everybody", if not to use lawsuits to force commercial relationships to happen the way you want them to happen?
Sure, he's not suing *everybody*. Like, duh. Barring South Park, his statement is a truism (how could one literally sue everybody?). So we take the colloquial meaning of "ligitate everybody", and we have the exact practice in which he's engaging.
Even if they have a legitimate case, who in the hell is going to read a quote like that and think "Yeah, this guy's being PERFECTLY up front."
For starters, your friend was undercutting every other X-Box retailer in the country by doing this. He wasn't selling 10 per day because the price was lower--he was selling them because they were cheaper than everybody else's price. Imagine if most retailers had followed his lead and lowered their price to $289 a box, also. He would have been selling the standard 3 per day, same as everybody else. So no, this ISN'T a good example of what you were trying to prove.
AMD is in a somewhat different situation because they sell ALL of the Athlon CPUs that are bought. They can't undercut anyone else to offer the same product for less money. Sure, you could argue that Intel's chips are similar to AMD's, but I think they're different enough. An Athlon64 is neither A) a simple replacement for an Intel P4 (because you have to buy a new mobo, at the very least), nor does it B) provide the same type of benefit to the consumer (the two types of CPUs perform differently on various loads).
Since a consumer can't automatically substitute an AMD chip for an Intel chip, AMD would have to drop their prices low enough to overcome the cost and hassle of the consumer buying a new motherboard to fit the other chip, unless the consumer is shopping for a board and chip at the same time (some do, some don't). Also, AMD would have to drop their prices low enough to overcome the perception in the market that their chip isn't as fast/good/special as the P4. And keep in mind, when your product is cheaper than the competition, people wonder WHY it's cheaper, and generally assume that it's because your product isn't as nice--"you get what you pay for" is true often enough.
Those X-Boxes are all exactly alike, unlike the P4 vs. Athlon64 argument--since there are differences between Athlon64 and the P4, a SIGNIFICANT price difference would have to exist for the effect you describe to exist.
Why the fuck do we always see all of the goddamned "This isn't useful to me," posts when brand-new, alpha-stage OSS projects open up? Dumbass--IF YOU CAN'T SEE A USE FOR THIS PROJECT YET, IT OBVIOUSLY ISN'T MEANT FOR YOU YET!!
What the fuck would you have done with Apache 0.0.1? Or perhaps even a pre-1.0 version of Linux? Nothing, that's what--because you were not a developer on those projects. But there are many, MANY people who did see value in using those early releases, primitive as they were.
Now, do you think, maybe (just maybe!), that there are developers who think that this *might someday*, with a lot more work and development, turn into a really useful project? Maybe not ever exactly as useful as the proprietary OS, but perhaps with different purposes, better at some things and worse at others?
You're a turd or a troll if you say that it's stupid to contribute to a project because YOU can't think of a potential future use for a more highly developed version. Yes, YOU, sir, are The Colloquial Deuce, unless IHBT.
Almost every single fucking OSS project that I use today, including Apache, Linux, Perl, Samba, and many more, started out as one of these "useless" projects. Want a GREAT example of this? Check out Familiar Linux on the iPAQ. A year ago, I would have had no use whatsoever because it wasn't stable or refined enough. Today, I have dozens of uses for the current version, and I contribute packages to it. But some of my co-workers have no use for it still--they might want to try it in another year, when the 1.0 comes out. And you know, there are STILL people who tell me that Linux on the iPAQ is useless, and I'm wasting my time with it, while I'm billing $250 an hour plus $75 for every hour that the iPAQ runs on a client job.
WinNT (or was it 2K?) earned a CC certification not all that long ago... Let's think carefully about what sort of security standard this could possibly be.
As I recall, CC is a measurement of the security of a particular configuration and patch combination of an OS, and has nothing whatsoever to say about the overall security model/software quality/break-in resistance of that OS generally.
So the patch level that was evaluated for NT to get the CC was the ONLY patch level for which the CC applies. If you add any additional patches, kiss the CC goodbye for that system. What? The additional patches were security updates to known, common, remote root vulnerabilities (like, say, an RPC exploit)? Oh, shit! Now, the "certified" system is provably INsecure!
Which just demonstrates why a multi-year testing process cannot possibly deal intelligently with the security issues surrounding OSes (including Linux and the Unices) that get patched on a weekly or monthly basis. CC is pretty useless, in the current age.
"I think we should be developing and improving this kind of solution FOR EVERYONE, and not spending millions to develope something that just a few ones will have."
What's this "we", white man? Are you a supercomputer developer? Because, I mean, if Seymour Cray rose from the grave, got a slashdot account, and wrote your post, I would believe that you have a point. But he didn't, so you don't.
"Supercomputers", a set which today includes the supercluster computers along with traditional supers (like Cray's stuff), generally stay in service for a hell of a lot longer than your average desktop PC. There's iron in military labs and DOD facilities left over from spending bills that Reagan signed, still doing useful computing work today. The fact that it's not the FASTEST and BESTEST machine in existence doesn't mean that it's not still useful.
You forget that a computer becoming obsolete doesn't mean that the computer gets any slower. A super is at least as fast on the day it's decommissioned as the day it was first booted.
The fact that the price has dropped somewhat is irrelevant. Today, I can buy a desktop PC for $2500 with the computing power of a DEC mini that cost $10 million in 1982 (~). But in 1982, that amount of computing power was WORTH $10 million (again, ~), because computing power was so scarce. Or are you saying that they should've waited until the price came down before buying? Because if they did, they would never be able to buy, because prices are always coming down.
If I have a computing need that can only be addressed by a super, and I have the money (or I can get the money) and believe that the computer is worth it, who are you to say shit? You don't have supercomputer-level needs--you have DESKTOP level needs. So go buy a desktop, overclock it, and live with the fact that you can't afford the fastest computers known to man.
What??? It's "not a security flaw" because it's a "byproduct of how multiplayer games are typically designed"? Um, if it's THAT obvious and easy to do, why the fuck is Luigi to blame for it, then? Dude--I've got a one-page bash script using netcat in my mind's eye that'll cause a DOS on it. I don't need no Eye-talians to make and hang TCP connections.
IF the typical design allows this to happen, it's the typical designer's fault--a la the input buffer overflows in MS products. If there is no other way to design the product so that it doesn't have the fault, it's the customer's/requirements author's fault for asking the impossible. That is, of course, unless you can live with the fault--in that case, it's an inconvenience more than a vulnerability.
Your attitude on this is exactly the problem. It's been demonstrated OVER and OVER again that if security researchers didn't reveal these bugs, then the black-hat side would discover and use them without telling anyone aboveground.
I can't change the fact that cars in NYC get broken into all the time, so I lock my car doors, I get an alarm, and I don't park outside at night in bad neighborhoods if I can help it. And then, I don't have to worry, because my car is absurdly unlikely to get cracked open. If you take care of your own shit, based on good information about what vulnerablities you have, then you're about as safe as you can get.
Anyone who I would trust to run my servers has to know that you can only count on your own machines and your own network. Everything else is assumed hostile, and you don't stick your head in the sand shouting about bug publications--you read the reports, patch often, and then you don't fucking worry about it.
See, if everybody patched/took offline vulnerable services then the public announcements were posted, how bad would that be? Not bad at all--there's a large enough community of researchers looking for and publishing bugs that they're more likely the find new vulns before the bad guys find them. If YOU had your way, there would be no white-hat researchers and we would all be at the mercy of crackers armed with exploits that we can't even know exist--unless you expect everybody to figure out every fucking vuln for themselves, in advance.
Or maybe you expect every software vendor to find every single bug and release a patch BEFORE the bad guys find it? No, you'd have to be an utter moron to expect that. Oh, wait...
Re:You Can't Fool Mother Nature
on
Hackers On Atkins
·
· Score: 4, Interesting
This old logical fallacy? Haven't you ever read "Candide", man? Modern civilization is THE TESTAMENT to the triumphs of technology over "Mother Nature". Try this on for size, ebusinessmedia1:
"Human beings did not evolve to hunt using guns, or to farm using plows. We evolved as hunter-gatherers who browsed and hunted for food without implements."
Fact is, evolution is NOT, NOT an intentional, planned affair, as your second sentence implies (and upon which your entire argument depends). Evolution produces, in each generation, an organism that can thrive in a range of possibile scenarios. The state of a current generation DOES depend on the conditions under which its parent population evolved, but that doesn't mean that the population can't deal with different conditions. Conditional changes occur in nature all the time that put organisms into environments that differ from the conditions under which those organisms evolved... in fact, that's what CAUSES evolution. They don't always deal well with it, but they thrive often enough.
So you build a "best of all possible worlds" fallacy on top of a confusion of "sufficient" conditions with "necessary" conditions, enough to reverse the factual relationship between the cause and the effect.
Look at the theoretical picture, by analyzing the whole class of phenomena: the human immune system didn't evolve in the presence of antibiotic treatments. But we're not objectively worse for the wear. Same thing with cars or horses (as opposed to walking). Sure, there are costs of these kinds of advances (pollution) or hidden risk-shifts (a population with substantially lower native bacterial resistance, after a while). And those costs may or may not outweigh the benefits of the technology. But by and large, technological advancement helps rather than hurts. As evidence, I would point out that the human race has generally exploited technology to minimize environmental threats and increase productivity, both of which contribute to a greater short-term and long-term survivability of the species.
I like the book "Hammer of the Gods" (ripped off as "Armageddon") for the super-example: the dinosaurs all died because they couldn't do anything about a massive asteroid impact. While humans may or may not be able to actually detect and prevent/minimize an asteroid impact, we can at least discuss the possibility and make a reasonable attempt. Give us 50-100 more years of technological growth, and we will certainly be able to stop an asteroid. We are the most successful organism in the history of the planet, because we have the potential to become nearly un-extinctable, as a species. All because we say "FUCK YOU!" and flip the finger to Mother Nature, and we try to take an active control over our destiny.
Oh, and for the record, I'm with you on the Atkins topic, specifically: they're just now starting to see cancer risk accumulations associated with regular pot smoking, but only over a 30-40 year span. I'll wait on Atkins until a substantially larger population has guinea-pigged it and found out the REAL risks.
What a day to be out of mod points
on
Take Back Your Time!
·
· Score: 2, Insightful
How did this get modded +4, Insightful? It's pure flamebait (my bet), or its a pretty awful misunderstanding of economics. People will always go for this shit more when the economy is down, too. Have IBT? Maybe. But I still like to argue.
I'm a little curious who this "french philosopher" is, but not really. Macroeconomic theory changed drastically in the late 19th century, which ties in to the birth of the field as an actual discipline in itself (instead of merely the province of bored clerks, philosophers, and suchlike). Suffice to say, we've come a long, long way since this argument held any water in serious discussion--it seems plausible, though, so people get away with it all the time amongst those who haven't taken any economic theory.
First problem: this theory assumes that labor (or work) is directly proportional to productivity, which is demonstrably not true. Productivity is a function of labor and CAPITAL (tools, training, materials, etc), such that the exact output is determined by "technology", loosely speaking (you could also say "technique"). Take Heinlein's great example of apple pie: a skilled chef can take raw ingredients and make a wonderfully valuable, tasty, expensive pie, while a clueless moron can turn those same ingredients (which already have some value) into a disgusting, inedible mess. Note also that the quality of the ingredients (e.g., good vs. rotten apples) or the quality of the tools (full restaurant kitchen vs. a hot plate and a paint stirrer) is a TREMENDOUS influence on the value of the pie that is the output.
An American costs a hell of a lot more to feed, clothe, and put in an SUV, it's true. But it's also true that the American produces a hell of a lot more wealth per hour of labor (generally, but not true for every case) than a Third-world counterpart. By the time we start working for a living, we mostly have better education and job skills than they do. Also, we tend to have longer working lives, because we live longer and stay healthier. It IS true that you will have a higher standard of living if you produce more value, so it's not surprising that we're materially better off.
Consider, also, the fact that capital (not just money, but all real property and knowledge) tends to accumulate over the years, given mostly stable circumstances. Millions of people every year cross the Brooklyn bridge, work in the Empire State Building, and drive on our interstate highway system. If you don't get how, consider that a trucker might make twice as many trips between customers per day on a nice superhighway than he would on a narrow cobblestone road, because he can go faster.
These valuable things, when injected into the American labor/capital function, enhance the amount that we can produce with a given amount of labor. All the cars, trucks, houses, offices, and roads all over the country are a part of this production function, enabling a much higher level of output. We have invested a hell of a lot over the years in building this capital stock, and it pays us back every day.
I'm not going to say that sweatshops are fair or unfair. "Exploitation", as it were, does exist in capitalist market economies, and it happens all the time, but it's not the reason why the modern First world is rich. I will pay an employee as much per hour as will maximize my profits. If the labor market is supply-heavy, I can get away with lower salaries because the workers have less choices, but it's true just as often that a worker can pick and choose, driving salaries up. The amount of power a worker has depends on how unique and productive he/she can be, meaning that you tend to make more money as a worker if you're educated and skilled.
In countries with masses of unskilled potential laborers, factory-type employers can usually pay a wage that's barely enough to make a worker better than they'd be without the factory jobs--some people call these sweatshops. Nobody has the power to bargain for a better wage because there's probably anoth
Dan Bernstein doesn't write "free software". If you'd stopped to read the licensing section of the manual as thoroughly as you read the quickstart, you might have noticed that DJB expressly forbids anyone from re-distributing modified versions of his code. You can download and use it freely, and you can modify it freely, but you cannot distribute a modification. And DJB is a bitch about taking patches--he wants his software to work "his" way. This is why the GNU has not, and probably never will, approve Bernstein's software as being "open source"--he doesn't even offer much of an explicit license for it.
And you know what else? "Free software" generally means "do whatever you want with it". It does NOT generally mean "I want someone to hand be a perfect solution, rent-free". DJB's software doesn't do what you want? Get the source code and re-write it.
Or, better yet: Try out this new invention called "Google", and look up the patches that other people have already written! See that? Someone already wrote the functionality that you were too lazy to STFW to find?
Fucking whiners.
About the technical aspects of this: so you're running Linux, right? Or some other OS that can alias multiple IP addresses to a single link-level interface?
Try this:
ifconfig eth0:a 10.0.0.240 netmask 255.255.255.0
on a machine that has eth0 up and running with an existing address. Then, do an 'ifconfig -a', do a 'ping 10.0.0.240', and whatever else you need to verify that the IP works correctly.
Then, run an instance of dnscache (the caching nameserver) on the original IP address, and run an instance of tinydns on the aliased IP address. This would probably be in the documentation, but Dan Bernstein is a Unix guy, and I'm not sure about the state of aliasing features in the Unices.
This stuff IS available on the web, and the mailing list archive.
You know, I grew up thinking that the US of A was a pretty fine place to live--sure, we have our turmoils, but we generally manage to get right in the end. I was proud to live in the free-est damn country in the world.
I swear, if this actually fucking works, I'm moving someplace where the state/legal system doesn't let particular interests hold up everybody else by buying laws.
So who wants to help my find a good Mandarin Chinese teacher in Manhattan?
Hate to burst your bubble on the fine line between a device "obviously intended for illegal remote access to a computer" and the rest, but you just aren't being imaginative.
Ever heard of using modified Trojans as remote management tools? Hell, the difference between BO/Netbus and Remote Desktop/VNC/SSH is pretty slim. Sometimes, in a pinch, a trojan is actually a helpful, useful tool.
And you forget that there are TONS of situations where spying on/remotely accessing another person's machine without permission is perfectly legal. If you suspect that one of your employees is doing Bad Things, and you've issued a general policy statement warning your users that they may be monitored, then you are well within your rights to peer over the worker's shoulder (so to speak).
The real problem with using traditional trojan software in these situations is that it tends to be buggy, insecure, and poorly written--so they won't be the first choice. But believe me, I've seen and used commercial security products that act JUST LIKE trojans, can be used maliciously, and are twice as sneaky at staying under the user's radar when installed. And these are $30,000 products, not some kind of wiggedy-wack wannabe shit.
Why the hell did this get modded troll? I mean, it might BE a troll, but the man's got a damn point. If you think I'm a fool, go ahead and look at MY comment history--I got whipped last week for being a "Linux elitist snob"--and I still think this guy has a point.
A few people in my firm run desktop linux installs, and nearly all of our servers are on linux. Unfortunately, to get a desktop Linux install running "just so" (as in, so that a receptionist-type user can work with it and not complain about not having Windows anymore) takes a LOT of time. My own laptop config was a two-week, on-and-off process.
The only way I could possibly justify getting paid for that is that I need Linux on my laptop for work--can't do my job without it. For $200, Windows usually sets up pretty smooth, and it's even easy to get a WinXP Pro machine logged into an AFS server, these days.
Do I LIKE Windows? No. Do I USE Windows? No, not normally. Will Windows get the job done right for a receptionist? Yes, more than likely. Can I spend a full day ($2000 of billable time) fucking with ACPI support on a Dell POS? No, I can't.
Windows is not flexible, it's not out-of-the-box secure (though you can help it along, if you know what you're doing), and it's certainly not the best tool for a lot of situations in which it is used. But that doesn't mean there is no reason for a true-blue OSS geek to ever have a Windows machines around.
Hahaha. Mind if I ask where YOU work? You need to be outsourced to India.
That said, the implication of your joke is that an organization that doesn't jump on a patch the second it comes out is lax. On my home machines, I can afford to break things by applying every patch the minute it comes out. I can also drop an SSH service for a while, because nobody dies or gets fired if it doesn't work.
Now, at work, this is an entirely different story. Not having SSH services means that business can't get done, which is real, real bad. If it comes down to "doing business insecurely" versus "not doing business at all", the answer here is obvious.
Or are you the kind of admin who just blindly runs patches on production boxes without testing them under load first?
BTW, did you get that email from Microsoft with the attached Windows patch? You should run it ASAP, before somebody roots you.
Not quite. First of all, this varies depending on jurisdiction--in some places, owning/possessing/carrying lock-opening tools is problematic (not illegal outright, though), and in other places it's perfectly acceptable.
In the places where it is trouble to carry lockpicks et al., you can't get busted for possession or ownership of the devices in the same way that you can get busted for possessing, say, pot or cocaine. Instead, the possession of those kinds of tools, WITHOUT a reasonable excuse, is considered prima facie evidence of an intent to commit wrongdoing. So if a cop catches you with lockpicks in one of these states, he can bust you for conspiring to commit a burgalary.
But remember, prima facie evidence only means anything in the absence of a countervailing explanation. If you're a locksmith on the way to a house call, you're obviously not planning to commit a crime, and so the cop can't assume that you have intent. Well, he could, but a good lawyer could get the whole beef thrown out in pretrial.
More to the point--I think this comparison fails because information and tools relating to virus/worm manufacture are even more "dual-use" than lockpicks. Lockpicks are for opening locks--the only question is whether you have permission to be opening those locks. Tools and information that could POTENTIALLY be used to code malware would include every CS textbook, compiler, and PC ever made. And my lecture notes from Data Structures in Java (which are already pretty criminal on the basis of the handwriting).
Even exploit code has a legit purpose. Am I going to take offline/patch every sshd in my organization because of a crappy rumor that there's a remote DOS overflow? Hells, no! I ain't gonna patch shit until somebody shows up with an actual, working exploit--you have to manage these risks based on the liklihood that a threat exists (potential threates get patched tomorrow morning, actual exploits get patched tonight) and the amount of shit required to fix it (will this break remote access to all my servers? Do I have the manpower to test and deploy the patch right now, when I'm still fucking around with Windows RPC stuff?).
ANother poster mentioned that this would be a really bad idea for Symantec because they stand to profit from MORE viruses and worms, and more illegal activity in general. If this were true, this fool would never have mentioned this idea in public, let alone made a serious proposal.
But it's NOT true that a law like this would diminish incidents of new viruses and worms. Like the article says, it's already illegal to hack, and yet we still have hackers. Why?
1) 99.9% (or some similar ridiculous figure) of damaging incidents never lead to a prosecution--too little monetary loss to justify law enforcement attention.
2) Lack of willingness by private sector companies to report (and therefore allow legal penalties to accrue) computer security incidents--they don't want the bad publicity.
The existing laws don't work because they're not enforced often enough when violations exist, either because the violators aren't caught or because prosecution/investigation isn't done. So a new law will do WONDERS, I'm sure, to further intimidate those script kiddies.
It's obvious, though, just how much Symantec could gain from this--goodbye non-commercial security clearinghouses! You'd violate the law to post to an open forum, so nobody will bother (I'm sure Synamtec would contribute resources to policing that aspect), and so there won't be any good open, public security resources. That gives Symantec the perfect market opportunity to fill the vacuum with a new pay-for-info service on pending bugs. The creation of a commercial relationship with subscribers gets them a free pass on the new law (it's not really public, more like those $1500 Gartner reports). And we all get fucked in the meantime.
This is so fucking transparent. I hope that boycott idead gets off the ground--I'd start it, but me and mine are all off Symantec, anyway.
Wha happen? You HAVE to be trolling. Come on--what?
Just because they both work with a BASH shell, they were both written in C, and they were both coded and championed by a geek clique don't make them both UNIX. Or are we going to say that BeOS is UNIX, too? Or how about Win2K with Cygwin? That looks a lot like UNIX, so it must be.
I really, really doubt that all of these efforts to push Linux onto the desktop will tend to attract more "developer"-type users, as opposed to more "user"-type users.
New developer-users make contributions, bug fixes, and give intelligent feedback on problems and solutions. Your secretary, on the other hand, will probably not be much use when it comes to putting out bug reports. So I'm not all that excited by Redhat's ever-onward desire to convert the masses. Actually, I'm a little bit DIS-excited.
Nobody hassles a thing when it's a fringe-user, ubergeek phenomenon. There's a reason why SCO is fucking around with Linux and not the BSDs--Linux is getting popular and widespread enough now that slimeballs like D and the boyz see opportunities to milk it. Sure, it's nice that IBM contributed all they did, but it wasn't a free ride.
(Not that the BSDs are dying, or anything--give them another couple of years, and maybe they'll get sued by a huge mulitnational... oh, wait.)
I'm NOT saying that it's a bad thing that more people use Linux, just that the next 10,000 users of RH's pre-packaged, duh-whats-a-compiler will be substantially less of a pure good thing for MY Linux experience than the the first 1,000 kernel contributors were. Even if nobody else whips out a lawsuit for a while (knock wood), the new luser influx will be at least temporarily troubling until people start getting up to speed. Go check out what's happened to the Samba listserv, if you don't know what I mean--I unsub'd entirely because of the 1:100 ratio of {sensible questions|useful answers} to droolers who can't find a fucking man page, let alone a step-by-step HOWTO.
I swear, if Redhat ever actually gets into the black, I'm switching to Apple, stat. Fuck market share--I want something where nobody will bother me with free tech support requests.
It does depend on who you are--it's the whole "time is money" point, again. If your time is worth $500+ an hour (a lawyer, for instance), you'd be less likely to fuck around with an OS installation at all. If you need a highly customized, tweaked-out configuration (with a hardware driver you wrote yourself), you're probably going to have to go with OSS--even if you ARE a $500/hour dude.
As to the SCO cd question, I wouldn't take a CD from SCO... or Mandrake, or Redhat, or SUSE. I roll my own. Heavily modified Slackware or Crux (god damn, I love Crux), with custom patched and compiled kernels. We take our linux very, VERY seriously where I come from.
Actually, I don't think that MS will ever be able to defeat OSS in general, and GNU/Linux in particular, specifically on the money issue. And on this point, I think that you and I are probably saying the same thing, but we're interpreting it through differing experiences.
Linux is cheaper, somewhat, because it's free. But as many have observed, this has little to do with how valuable it is in the shop. One Windows 2K Pro license costs ~$275, and a Server license is ~$700. My co-workers and I bill out at $250-350 per hour, so the license is a tiny portion of the overall cost on any project taking more than a day per machine.
The real costs associated with Windows are how much longer it takes to get work done, and how much more you can do with Linux (and the right OSS packages). With a tweaked disk image, I can have a brand new {djbdns|dhcpd|ntp|samba|afs|apache|ftp} server up and running, configured for the job, and tested in less than two hours. And that's if I'm not hurrying.
Example: I was at a client site last week, and we needed to drop a sniffer on a policy offender--but the offender was a server-room guy, and would notice a wacky service, an active span port, or anything like that. So we put a physical tap inside his wall plate and ran a cable to an empty office, and threw up a brand-new slackware installation. It took 15 minutes to get the box running, and 30 minutes to get the tap in place. Try THAT shit with Windows, right? Even with winpcap and windump, building the box from scratch is a long chore.
That's what makes OSS cheaper, and that has nothing to do with the coding quality. The wonderful things we generically associate with mature OSS projects (flexible, fast, secure, reliable, simple) are direct results of the philosophies at work in the movement. Many of the tools that allow non-OSS software to gain customers (FUD, advertising, slimy salescreatures, and lobbyists) are not present for OSS software, or are at least reduced. The fact that Linus's bottom line has nothing to do with how many new Linux servers go online today means that there's no incentive to behave like MS, using business technique to substitute for actual code quality. OSS is better because it HAS to be better, just to overcome the commercial advantage of having Sales and Marketing departments.
That is a philosophical phenomenon, but it translates directly into a cheaper, better solution for me. And you're right, MS will never, ever win on the philosophy.
Whoa, pally--for some of "us" (as in, people who read slashdot), it's NOT about a principle. At all. It's totally, entirely, wholly about money. And is that bad?
We use GNU/Linux at work because it works really well for the small-to-medium environment we have. There are a gazillion more choices with Linux than with MS, and it's rare (in my experience, anyway) to find any specific apps at this level where OS can't do it better or equally well.
Open source software (in our environment, for the tasks we have, and as we use it) installs fast, it's user friendly once you get to know it, and there's no license management, vendor contracts, or other ancillary bullshit to make headaches. It's just so simple, so easy, and it works so well.
That's about the money, BTW, because time is money. GNU/Linux is a cheaper, better alternative to MS, and that's why we use it.
Slashdot Mirror
I've never understood how so many people (who I'll credit with probably being otherwise intelligent) can think like this. Why does the parent poster assume that EVERY workplace is like *his* workplace? Why does EVERY job have to be be as dull and stolid as *his* job? It must not have ever occurred to him that OTHER companies, with OTHER bosses and managers, aren't collapsing under their own bureacratic weight.
cubicledrone, do you work for the government, or something? Maybe you need to GET A NEW JOB! Try shopping around for an employer. If you haven't got the skills or experience needed to have the opportunity to comparison shop, then start making a point of getting them.
FYI, I have worked at companies that are exactly as you described. I have also worked at companies that know how to take good ideas and run with them, and who aren't run by lazy, incompetent MBAs. I just think you don't have a large enough sample size--classic error of logic.
Also, did you ever consider the possiblity that they didn't listen to your idea because it was lame? They could have rejected you because your proposal was a sure-fire loser, but you didn't know enough of what they knew to realize it. And it's to bad that nobody took the time to clue-bat you, either, because your ignorance has apparantly made you very bitter.
Slashdot's posting submission page should have a check box for "IANAL"--sorry to be catty, but you need to think about this a little harder.
A DERIVED work is just that--a brand-new work, with its own copyright (owned by the creator of this derived work), which happens to be inspired by an existing work. The creator of the original work does not gain any rights over this work, nor can he impose restrictions on the copyright of this work, merely by the fact that this work is a derived work.
HOWEVER, the LICENSE under which the original copyright owner grants access the the creator of the derived work can specify additional restrictions on derived works as a condition of the license. But this should be obvious--you could impose a condition that the licensee must dance the gavotte upon demand is you wanted, because the license is just a contact between two parties. You might be familiar with this concept from such notions as the GPL, or the BSD license (both of which impose requirements on derived works a condition of using the original work).
Please bear in mind--copyright basically just says that I have the right to legally ban you from copying my data if I so desire. Starting from this right, we use contracts (licenses) to create a fine-tuned relationship that obliges you to certain conditions in order to use my stuff. If you refuse the conditions, I can refuse you the right to use my data.
Oh, yeah--IANAL, but I work close to the legal profession.
Wait... Maybe someone can explain this to me: compiled-java is when you compile your bytecode into actual machine-language beforehand to allow it to execute faster, right? And in Java, the memory allocation and de-allocation (new() calls and garbage collection) is done by the JVM, right?
So is the JVM involved at all when you're running compiled-java, or not? It would seem like it would have to be, to handle memory, unless the compilation process builds in some kind of memory manager.
This poster has me confused--I always thought that the big slowdown when running Java was because the JVM had to handle memory. Is the translation from bytecode to machine-language really such a huge portion of JVM's workload that running compiled-java can be "indistinguishable from running C++ programs"?
I know it's off-topic, but PLEASE shed some light on this for me.
"the patches I get from Microsoft use a FIPS certified level 3 SSL connection so that the new code is certified by the source."
Exactly the point that many OSS people have been making for a while. I hit Windows Update every month or so to get patches for machines I maintain, and I'm amazed by the sheer number of security vulnerabilities they're fixing each month. And the flow never stops, even though Win2K has been out for three years, now! Sure, Linux and the OSS projects have security needs that have to be addressed (notice how newsworthy and *rare* even a local root vulnerability is in the kernel, let alone a remote), but Jesus Christ.
All I'm saying is, maybe it would be nice if some benevolent black hat broke into the MS development servers and started fixing code.
That Ramsey quote just sounds like doublespeak, doesn't it? WTF does he think that it means to "litigate everybody", if not to use lawsuits to force commercial relationships to happen the way you want them to happen?
Sure, he's not suing *everybody*. Like, duh. Barring South Park, his statement is a truism (how could one literally sue everybody?). So we take the colloquial meaning of "ligitate everybody", and we have the exact practice in which he's engaging.
Even if they have a legitimate case, who in the hell is going to read a quote like that and think "Yeah, this guy's being PERFECTLY up front."
For starters, your friend was undercutting every other X-Box retailer in the country by doing this. He wasn't selling 10 per day because the price was lower--he was selling them because they were cheaper than everybody else's price. Imagine if most retailers had followed his lead and lowered their price to $289 a box, also. He would have been selling the standard 3 per day, same as everybody else. So no, this ISN'T a good example of what you were trying to prove.
AMD is in a somewhat different situation because they sell ALL of the Athlon CPUs that are bought. They can't undercut anyone else to offer the same product for less money. Sure, you could argue that Intel's chips are similar to AMD's, but I think they're different enough. An Athlon64 is neither A) a simple replacement for an Intel P4 (because you have to buy a new mobo, at the very least), nor does it B) provide the same type of benefit to the consumer (the two types of CPUs perform differently on various loads).
Since a consumer can't automatically substitute an AMD chip for an Intel chip, AMD would have to drop their prices low enough to overcome the cost and hassle of the consumer buying a new motherboard to fit the other chip, unless the consumer is shopping for a board and chip at the same time (some do, some don't). Also, AMD would have to drop their prices low enough to overcome the perception in the market that their chip isn't as fast/good/special as the P4. And keep in mind, when your product is cheaper than the competition, people wonder WHY it's cheaper, and generally assume that it's because your product isn't as nice--"you get what you pay for" is true often enough.
Those X-Boxes are all exactly alike, unlike the P4 vs. Athlon64 argument--since there are differences between Athlon64 and the P4, a SIGNIFICANT price difference would have to exist for the effect you describe to exist.
Why the fuck do we always see all of the goddamned "This isn't useful to me," posts when brand-new, alpha-stage OSS projects open up? Dumbass--IF YOU CAN'T SEE A USE FOR THIS PROJECT YET, IT OBVIOUSLY ISN'T MEANT FOR YOU YET!!
What the fuck would you have done with Apache 0.0.1? Or perhaps even a pre-1.0 version of Linux? Nothing, that's what--because you were not a developer on those projects. But there are many, MANY people who did see value in using those early releases, primitive as they were.
Now, do you think, maybe (just maybe!), that there are developers who think that this *might someday*, with a lot more work and development, turn into a really useful project? Maybe not ever exactly as useful as the proprietary OS, but perhaps with different purposes, better at some things and worse at others?
You're a turd or a troll if you say that it's stupid to contribute to a project because YOU can't think of a potential future use for a more highly developed version. Yes, YOU, sir, are The Colloquial Deuce, unless IHBT.
Almost every single fucking OSS project that I use today, including Apache, Linux, Perl, Samba, and many more, started out as one of these "useless" projects. Want a GREAT example of this? Check out Familiar Linux on the iPAQ. A year ago, I would have had no use whatsoever because it wasn't stable or refined enough. Today, I have dozens of uses for the current version, and I contribute packages to it. But some of my co-workers have no use for it still--they might want to try it in another year, when the 1.0 comes out. And you know, there are STILL people who tell me that Linux on the iPAQ is useless, and I'm wasting my time with it, while I'm billing $250 an hour plus $75 for every hour that the iPAQ runs on a client job.
WinNT (or was it 2K?) earned a CC certification not all that long ago... Let's think carefully about what sort of security standard this could possibly be.
As I recall, CC is a measurement of the security of a particular configuration and patch combination of an OS, and has nothing whatsoever to say about the overall security model/software quality/break-in resistance of that OS generally.
So the patch level that was evaluated for NT to get the CC was the ONLY patch level for which the CC applies. If you add any additional patches, kiss the CC goodbye for that system. What? The additional patches were security updates to known, common, remote root vulnerabilities (like, say, an RPC exploit)? Oh, shit! Now, the "certified" system is provably INsecure!
Which just demonstrates why a multi-year testing process cannot possibly deal intelligently with the security issues surrounding OSes (including Linux and the Unices) that get patched on a weekly or monthly basis. CC is pretty useless, in the current age.
"I think we should be developing and improving this kind of solution FOR EVERYONE, and not spending millions to develope something that just a few ones will have."
What's this "we", white man? Are you a supercomputer developer? Because, I mean, if Seymour Cray rose from the grave, got a slashdot account, and wrote your post, I would believe that you have a point. But he didn't, so you don't.
"Supercomputers", a set which today includes the supercluster computers along with traditional supers (like Cray's stuff), generally stay in service for a hell of a lot longer than your average desktop PC. There's iron in military labs and DOD facilities left over from spending bills that Reagan signed, still doing useful computing work today. The fact that it's not the FASTEST and BESTEST machine in existence doesn't mean that it's not still useful.
You forget that a computer becoming obsolete doesn't mean that the computer gets any slower. A super is at least as fast on the day it's decommissioned as the day it was first booted.
The fact that the price has dropped somewhat is irrelevant. Today, I can buy a desktop PC for $2500 with the computing power of a DEC mini that cost $10 million in 1982 (~). But in 1982, that amount of computing power was WORTH $10 million (again, ~), because computing power was so scarce. Or are you saying that they should've waited until the price came down before buying? Because if they did, they would never be able to buy, because prices are always coming down.
If I have a computing need that can only be addressed by a super, and I have the money (or I can get the money) and believe that the computer is worth it, who are you to say shit? You don't have supercomputer-level needs--you have DESKTOP level needs. So go buy a desktop, overclock it, and live with the fact that you can't afford the fastest computers known to man.
What??? It's "not a security flaw" because it's a "byproduct of how multiplayer games are typically designed"? Um, if it's THAT obvious and easy to do, why the fuck is Luigi to blame for it, then? Dude--I've got a one-page bash script using netcat in my mind's eye that'll cause a DOS on it. I don't need no Eye-talians to make and hang TCP connections.
IF the typical design allows this to happen, it's the typical designer's fault--a la the input buffer overflows in MS products. If there is no other way to design the product so that it doesn't have the fault, it's the customer's/requirements author's fault for asking the impossible. That is, of course, unless you can live with the fault--in that case, it's an inconvenience more than a vulnerability.
Your attitude on this is exactly the problem. It's been demonstrated OVER and OVER again that if security researchers didn't reveal these bugs, then the black-hat side would discover and use them without telling anyone aboveground.
I can't change the fact that cars in NYC get broken into all the time, so I lock my car doors, I get an alarm, and I don't park outside at night in bad neighborhoods if I can help it. And then, I don't have to worry, because my car is absurdly unlikely to get cracked open. If you take care of your own shit, based on good information about what vulnerablities you have, then you're about as safe as you can get.
Anyone who I would trust to run my servers has to know that you can only count on your own machines and your own network. Everything else is assumed hostile, and you don't stick your head in the sand shouting about bug publications--you read the reports, patch often, and then you don't fucking worry about it.
See, if everybody patched/took offline vulnerable services then the public announcements were posted, how bad would that be? Not bad at all--there's a large enough community of researchers looking for and publishing bugs that they're more likely the find new vulns before the bad guys find them. If YOU had your way, there would be no white-hat researchers and we would all be at the mercy of crackers armed with exploits that we can't even know exist--unless you expect everybody to figure out every fucking vuln for themselves, in advance.
Or maybe you expect every software vendor to find every single bug and release a patch BEFORE the bad guys find it? No, you'd have to be an utter moron to expect that. Oh, wait...
This old logical fallacy? Haven't you ever read "Candide", man? Modern civilization is THE TESTAMENT to the triumphs of technology over "Mother Nature". Try this on for size, ebusinessmedia1:
"Human beings did not evolve to hunt using guns, or to farm using plows. We evolved as hunter-gatherers who browsed and hunted for food without implements."
Fact is, evolution is NOT, NOT an intentional, planned affair, as your second sentence implies (and upon which your entire argument depends). Evolution produces, in each generation, an organism that can thrive in a range of possibile scenarios. The state of a current generation DOES depend on the conditions under which its parent population evolved, but that doesn't mean that the population can't deal with different conditions. Conditional changes occur in nature all the time that put organisms into environments that differ from the conditions under which those organisms evolved... in fact, that's what CAUSES evolution. They don't always deal well with it, but they thrive often enough.
So you build a "best of all possible worlds" fallacy on top of a confusion of "sufficient" conditions with "necessary" conditions, enough to reverse the factual relationship between the cause and the effect.
Look at the theoretical picture, by analyzing the whole class of phenomena: the human immune system didn't evolve in the presence of antibiotic treatments. But we're not objectively worse for the wear. Same thing with cars or horses (as opposed to walking). Sure, there are costs of these kinds of advances (pollution) or hidden risk-shifts (a population with substantially lower native bacterial resistance, after a while). And those costs may or may not outweigh the benefits of the technology. But by and large, technological advancement helps rather than hurts. As evidence, I would point out that the human race has generally exploited technology to minimize environmental threats and increase productivity, both of which contribute to a greater short-term and long-term survivability of the species.
I like the book "Hammer of the Gods" (ripped off as "Armageddon") for the super-example: the dinosaurs all died because they couldn't do anything about a massive asteroid impact. While humans may or may not be able to actually detect and prevent/minimize an asteroid impact, we can at least discuss the possibility and make a reasonable attempt. Give us 50-100 more years of technological growth, and we will certainly be able to stop an asteroid. We are the most successful organism in the history of the planet, because we have the potential to become nearly un-extinctable, as a species. All because we say "FUCK YOU!" and flip the finger to Mother Nature, and we try to take an active control over our destiny.
Oh, and for the record, I'm with you on the Atkins topic, specifically: they're just now starting to see cancer risk accumulations associated with regular pot smoking, but only over a 30-40 year span. I'll wait on Atkins until a substantially larger population has guinea-pigged it and found out the REAL risks.
How did this get modded +4, Insightful? It's pure flamebait (my bet), or its a pretty awful misunderstanding of economics. People will always go for this shit more when the economy is down, too. Have IBT? Maybe. But I still like to argue.
I'm a little curious who this "french philosopher" is, but not really. Macroeconomic theory changed drastically in the late 19th century, which ties in to the birth of the field as an actual discipline in itself (instead of merely the province of bored clerks, philosophers, and suchlike). Suffice to say, we've come a long, long way since this argument held any water in serious discussion--it seems plausible, though, so people get away with it all the time amongst those who haven't taken any economic theory.
First problem: this theory assumes that labor (or work) is directly proportional to productivity, which is demonstrably not true. Productivity is a function of labor and CAPITAL (tools, training, materials, etc), such that the exact output is determined by "technology", loosely speaking (you could also say "technique"). Take Heinlein's great example of apple pie: a skilled chef can take raw ingredients and make a wonderfully valuable, tasty, expensive pie, while a clueless moron can turn those same ingredients (which already have some value) into a disgusting, inedible mess. Note also that the quality of the ingredients (e.g., good vs. rotten apples) or the quality of the tools (full restaurant kitchen vs. a hot plate and a paint stirrer) is a TREMENDOUS influence on the value of the pie that is the output.
An American costs a hell of a lot more to feed, clothe, and put in an SUV, it's true. But it's also true that the American produces a hell of a lot more wealth per hour of labor (generally, but not true for every case) than a Third-world counterpart. By the time we start working for a living, we mostly have better education and job skills than they do. Also, we tend to have longer working lives, because we live longer and stay healthier. It IS true that you will have a higher standard of living if you produce more value, so it's not surprising that we're materially better off.
Consider, also, the fact that capital (not just money, but all real property and knowledge) tends to accumulate over the years, given mostly stable circumstances. Millions of people every year cross the Brooklyn bridge, work in the Empire State Building, and drive on our interstate highway system. If you don't get how, consider that a trucker might make twice as many trips between customers per day on a nice superhighway than he would on a narrow cobblestone road, because he can go faster.
These valuable things, when injected into the American labor/capital function, enhance the amount that we can produce with a given amount of labor. All the cars, trucks, houses, offices, and roads all over the country are a part of this production function, enabling a much higher level of output. We have invested a hell of a lot over the years in building this capital stock, and it pays us back every day.
I'm not going to say that sweatshops are fair or unfair. "Exploitation", as it were, does exist in capitalist market economies, and it happens all the time, but it's not the reason why the modern First world is rich. I will pay an employee as much per hour as will maximize my profits. If the labor market is supply-heavy, I can get away with lower salaries because the workers have less choices, but it's true just as often that a worker can pick and choose, driving salaries up. The amount of power a worker has depends on how unique and productive he/she can be, meaning that you tend to make more money as a worker if you're educated and skilled.
In countries with masses of unskilled potential laborers, factory-type employers can usually pay a wage that's barely enough to make a worker better than they'd be without the factory jobs--some people call these sweatshops. Nobody has the power to bargain for a better wage because there's probably anoth
Dan Bernstein doesn't write "free software". If you'd stopped to read the licensing section of the manual as thoroughly as you read the quickstart, you might have noticed that DJB expressly forbids anyone from re-distributing modified versions of his code. You can download and use it freely, and you can modify it freely, but you cannot distribute a modification. And DJB is a bitch about taking patches--he wants his software to work "his" way. This is why the GNU has not, and probably never will, approve Bernstein's software as being "open source"--he doesn't even offer much of an explicit license for it.
And you know what else? "Free software" generally means "do whatever you want with it". It does NOT generally mean "I want someone to hand be a perfect solution, rent-free". DJB's software doesn't do what you want? Get the source code and re-write it.
Or, better yet: Try out this new invention called "Google", and look up the patches that other people have already written! See that? Someone already wrote the functionality that you were too lazy to STFW to find?
Fucking whiners.
About the technical aspects of this: so you're running Linux, right? Or some other OS that can alias multiple IP addresses to a single link-level interface?
Try this:
ifconfig eth0:a 10.0.0.240 netmask 255.255.255.0
on a machine that has eth0 up and running with an existing address. Then, do an 'ifconfig -a', do a 'ping 10.0.0.240', and whatever else you need to verify that the IP works correctly.
Then, run an instance of dnscache (the caching nameserver) on the original IP address, and run an instance of tinydns on the aliased IP address. This would probably be in the documentation, but Dan Bernstein is a Unix guy, and I'm not sure about the state of aliasing features in the Unices.
This stuff IS available on the web, and the mailing list archive.
You know, I grew up thinking that the US of A was a pretty fine place to live--sure, we have our turmoils, but we generally manage to get right in the end. I was proud to live in the free-est damn country in the world.
I swear, if this actually fucking works, I'm moving someplace where the state/legal system doesn't let particular interests hold up everybody else by buying laws.
So who wants to help my find a good Mandarin Chinese teacher in Manhattan?
Hate to burst your bubble on the fine line between a device "obviously intended for illegal remote access to a computer" and the rest, but you just aren't being imaginative.
Ever heard of using modified Trojans as remote management tools? Hell, the difference between BO/Netbus and Remote Desktop/VNC/SSH is pretty slim. Sometimes, in a pinch, a trojan is actually a helpful, useful tool.
And you forget that there are TONS of situations where spying on/remotely accessing another person's machine without permission is perfectly legal. If you suspect that one of your employees is doing Bad Things, and you've issued a general policy statement warning your users that they may be monitored, then you are well within your rights to peer over the worker's shoulder (so to speak).
The real problem with using traditional trojan software in these situations is that it tends to be buggy, insecure, and poorly written--so they won't be the first choice. But believe me, I've seen and used commercial security products that act JUST LIKE trojans, can be used maliciously, and are twice as sneaky at staying under the user's radar when installed. And these are $30,000 products, not some kind of wiggedy-wack wannabe shit.
Why the hell did this get modded troll? I mean, it might BE a troll, but the man's got a damn point. If you think I'm a fool, go ahead and look at MY comment history--I got whipped last week for being a "Linux elitist snob"--and I still think this guy has a point.
A few people in my firm run desktop linux installs, and nearly all of our servers are on linux. Unfortunately, to get a desktop Linux install running "just so" (as in, so that a receptionist-type user can work with it and not complain about not having Windows anymore) takes a LOT of time. My own laptop config was a two-week, on-and-off process.
The only way I could possibly justify getting paid for that is that I need Linux on my laptop for work--can't do my job without it. For $200, Windows usually sets up pretty smooth, and it's even easy to get a WinXP Pro machine logged into an AFS server, these days.
Do I LIKE Windows? No. Do I USE Windows? No, not normally. Will Windows get the job done right for a receptionist? Yes, more than likely. Can I spend a full day ($2000 of billable time) fucking with ACPI support on a Dell POS? No, I can't.
Windows is not flexible, it's not out-of-the-box secure (though you can help it along, if you know what you're doing), and it's certainly not the best tool for a lot of situations in which it is used. But that doesn't mean there is no reason for a true-blue OSS geek to ever have a Windows machines around.
Hahaha. Mind if I ask where YOU work? You need to be outsourced to India.
That said, the implication of your joke is that an organization that doesn't jump on a patch the second it comes out is lax. On my home machines, I can afford to break things by applying every patch the minute it comes out. I can also drop an SSH service for a while, because nobody dies or gets fired if it doesn't work.
Now, at work, this is an entirely different story. Not having SSH services means that business can't get done, which is real, real bad. If it comes down to "doing business insecurely" versus "not doing business at all", the answer here is obvious.
Or are you the kind of admin who just blindly runs patches on production boxes without testing them under load first?
BTW, did you get that email from Microsoft with the attached Windows patch? You should run it ASAP, before somebody roots you.
I've got $10 that says the phrase "smoking crack" becomes the root of the Next Overused Slashdot Phrase. Anybody want to take me up on this? Anybody?
Not quite. First of all, this varies depending on jurisdiction--in some places, owning/possessing/carrying lock-opening tools is problematic (not illegal outright, though), and in other places it's perfectly acceptable.
In the places where it is trouble to carry lockpicks et al., you can't get busted for possession or ownership of the devices in the same way that you can get busted for possessing, say, pot or cocaine. Instead, the possession of those kinds of tools, WITHOUT a reasonable excuse, is considered prima facie evidence of an intent to commit wrongdoing. So if a cop catches you with lockpicks in one of these states, he can bust you for conspiring to commit a burgalary.
But remember, prima facie evidence only means anything in the absence of a countervailing explanation. If you're a locksmith on the way to a house call, you're obviously not planning to commit a crime, and so the cop can't assume that you have intent. Well, he could, but a good lawyer could get the whole beef thrown out in pretrial.
More to the point--I think this comparison fails because information and tools relating to virus/worm manufacture are even more "dual-use" than lockpicks. Lockpicks are for opening locks--the only question is whether you have permission to be opening those locks. Tools and information that could POTENTIALLY be used to code malware would include every CS textbook, compiler, and PC ever made. And my lecture notes from Data Structures in Java (which are already pretty criminal on the basis of the handwriting).
Even exploit code has a legit purpose. Am I going to take offline/patch every sshd in my organization because of a crappy rumor that there's a remote DOS overflow? Hells, no! I ain't gonna patch shit until somebody shows up with an actual, working exploit--you have to manage these risks based on the liklihood that a threat exists (potential threates get patched tomorrow morning, actual exploits get patched tonight) and the amount of shit required to fix it (will this break remote access to all my servers? Do I have the manpower to test and deploy the patch right now, when I'm still fucking around with Windows RPC stuff?).
ANother poster mentioned that this would be a really bad idea for Symantec because they stand to profit from MORE viruses and worms, and more illegal activity in general. If this were true, this fool would never have mentioned this idea in public, let alone made a serious proposal.
But it's NOT true that a law like this would diminish incidents of new viruses and worms. Like the article says, it's already illegal to hack, and yet we still have hackers. Why?
1) 99.9% (or some similar ridiculous figure) of damaging incidents never lead to a prosecution--too little monetary loss to justify law enforcement attention.
2) Lack of willingness by private sector companies to report (and therefore allow legal penalties to accrue) computer security incidents--they don't want the bad publicity.
The existing laws don't work because they're not enforced often enough when violations exist, either because the violators aren't caught or because prosecution/investigation isn't done. So a new law will do WONDERS, I'm sure, to further intimidate those script kiddies.
It's obvious, though, just how much Symantec could gain from this--goodbye non-commercial security clearinghouses! You'd violate the law to post to an open forum, so nobody will bother (I'm sure Synamtec would contribute resources to policing that aspect), and so there won't be any good open, public security resources. That gives Symantec the perfect market opportunity to fill the vacuum with a new pay-for-info service on pending bugs. The creation of a commercial relationship with subscribers gets them a free pass on the new law (it's not really public, more like those $1500 Gartner reports). And we all get fucked in the meantime.
This is so fucking transparent. I hope that boycott idead gets off the ground--I'd start it, but me and mine are all off Symantec, anyway.
Wha happen? You HAVE to be trolling. Come on--what?
Just because they both work with a BASH shell, they were both written in C, and they were both coded and championed by a geek clique don't make them both UNIX. Or are we going to say that BeOS is UNIX, too? Or how about Win2K with Cygwin? That looks a lot like UNIX, so it must be.
Can anyone believe this was at 5 (insightful)?
I really, really doubt that all of these efforts to push Linux onto the desktop will tend to attract more "developer"-type users, as opposed to more "user"-type users.
New developer-users make contributions, bug fixes, and give intelligent feedback on problems and solutions. Your secretary, on the other hand, will probably not be much use when it comes to putting out bug reports. So I'm not all that excited by Redhat's ever-onward desire to convert the masses. Actually, I'm a little bit DIS-excited.
Nobody hassles a thing when it's a fringe-user, ubergeek phenomenon. There's a reason why SCO is fucking around with Linux and not the BSDs--Linux is getting popular and widespread enough now that slimeballs like D and the boyz see opportunities to milk it. Sure, it's nice that IBM contributed all they did, but it wasn't a free ride.
(Not that the BSDs are dying, or anything--give them another couple of years, and maybe they'll get sued by a huge mulitnational... oh, wait.)
I'm NOT saying that it's a bad thing that more people use Linux, just that the next 10,000 users of RH's pre-packaged, duh-whats-a-compiler will be substantially less of a pure good thing for MY Linux experience than the the first 1,000 kernel contributors were. Even if nobody else whips out a lawsuit for a while (knock wood), the new luser influx will be at least temporarily troubling until people start getting up to speed. Go check out what's happened to the Samba listserv, if you don't know what I mean--I unsub'd entirely because of the 1:100 ratio of {sensible questions|useful answers} to droolers who can't find a fucking man page, let alone a step-by-step HOWTO.
I swear, if Redhat ever actually gets into the black, I'm switching to Apple, stat. Fuck market share--I want something where nobody will bother me with free tech support requests.
It does depend on who you are--it's the whole "time is money" point, again. If your time is worth $500+ an hour (a lawyer, for instance), you'd be less likely to fuck around with an OS installation at all. If you need a highly customized, tweaked-out configuration (with a hardware driver you wrote yourself), you're probably going to have to go with OSS--even if you ARE a $500/hour dude.
As to the SCO cd question, I wouldn't take a CD from SCO... or Mandrake, or Redhat, or SUSE. I roll my own. Heavily modified Slackware or Crux (god damn, I love Crux), with custom patched and compiled kernels. We take our linux very, VERY seriously where I come from.
Actually, I don't think that MS will ever be able to defeat OSS in general, and GNU/Linux in particular, specifically on the money issue. And on this point, I think that you and I are probably saying the same thing, but we're interpreting it through differing experiences.
Linux is cheaper, somewhat, because it's free. But as many have observed, this has little to do with how valuable it is in the shop. One Windows 2K Pro license costs ~$275, and a Server license is ~$700. My co-workers and I bill out at $250-350 per hour, so the license is a tiny portion of the overall cost on any project taking more than a day per machine.
The real costs associated with Windows are how much longer it takes to get work done, and how much more you can do with Linux (and the right OSS packages). With a tweaked disk image, I can have a brand new {djbdns|dhcpd|ntp|samba|afs|apache|ftp} server up and running, configured for the job, and tested in less than two hours. And that's if I'm not hurrying.
Example: I was at a client site last week, and we needed to drop a sniffer on a policy offender--but the offender was a server-room guy, and would notice a wacky service, an active span port, or anything like that. So we put a physical tap inside his wall plate and ran a cable to an empty office, and threw up a brand-new slackware installation. It took 15 minutes to get the box running, and 30 minutes to get the tap in place. Try THAT shit with Windows, right? Even with winpcap and windump, building the box from scratch is a long chore.
That's what makes OSS cheaper, and that has nothing to do with the coding quality. The wonderful things we generically associate with mature OSS projects (flexible, fast, secure, reliable, simple) are direct results of the philosophies at work in the movement. Many of the tools that allow non-OSS software to gain customers (FUD, advertising, slimy salescreatures, and lobbyists) are not present for OSS software, or are at least reduced. The fact that Linus's bottom line has nothing to do with how many new Linux servers go online today means that there's no incentive to behave like MS, using business technique to substitute for actual code quality. OSS is better because it HAS to be better, just to overcome the commercial advantage of having Sales and Marketing departments.
That is a philosophical phenomenon, but it translates directly into a cheaper, better solution for me. And you're right, MS will never, ever win on the philosophy.
Whoa, pally--for some of "us" (as in, people who read slashdot), it's NOT about a principle. At all. It's totally, entirely, wholly about money. And is that bad?
We use GNU/Linux at work because it works really well for the small-to-medium environment we have. There are a gazillion more choices with Linux than with MS, and it's rare (in my experience, anyway) to find any specific apps at this level where OS can't do it better or equally well.
Open source software (in our environment, for the tasks we have, and as we use it) installs fast, it's user friendly once you get to know it, and there's no license management, vendor contracts, or other ancillary bullshit to make headaches. It's just so simple, so easy, and it works so well.
That's about the money, BTW, because time is money. GNU/Linux is a cheaper, better alternative to MS, and that's why we use it.