This guy should have a look at Bruce Schnier's site, especially with regards to understanding pracitcal security. This seems enlightening:
Schneier invites us all to move beyond fear and to start thinking sensibly about security. He tells us why security is much more than cameras, guards, and photo IDs, and why expensive gadgets and technological cure-alls often obscure the real security issues. Using anecdotes from history, science, sports, movies, and the evening news, Beyond Fear explains basic rules of thought and action that anyone can understand and, most important of all, anyone can use. The benefits of Schneier's non-alarmist, common-sense approach to analyzing security will be immediate.
Schnier would probably concur that the author of this article is paranoid, but it is even more likely that Schnier would describe him as unreasonable.
These breaches really making me think... I'd like to run a server out of my home, and collect personal information from users (it's an online business). A host (no pun intended) of questions arise.
What kind of training do I need to learn how to keep my data safe?
What do I do if I find an intrusion?
What if I detect intrusion attempts? Should I report them?
Should I use FreeBSD, which has a better security history than Linux?
Those are just a few of the things that come immediately to mind, except that maybe I shouldn't run my own server...
"Debian Server / stable / testing / unstable
Debian User / stable / testing / unstable"
For a Debian Server distro, the current system is quite OK. For a Debian Desktop distro, well,... in my point of view, Ubuntu *is* Debian Desktop.
Posted by: Takis at April 11, 2005 07:54 PM
Musical content, works of art, etc. The person who creates these things should have control of how they are distributed. If they want DRM, let them have it. The notion of unrestricted access to everything is simply going to wash out any incentive for creating "works of art" of whatever format. Credit is important. Even financial credit.
Development tools should be free. The GPL is way to ensure that we all have the freedom to be creative, and to get credit, and even reimbursement in some cases...
Bruce is correct, and other developers are saying the same thing. I wanted to use VLC in conjunction with a Tcl/Tk app., and was surprised to suddenly find VLC missing from the "testing" Debian distro. A look at the VideoLan site revealed why:
You should not be using Debian testing unless you perfectly know what you are doing. It is almost impossible to support Debian testing and there are no plans to do it.
Kind of a shock to the system, but the problem seems to lie at least somewhere in/usr/lib...
If you look here you'll see not just that admins are having problems, but developers as well:
You should not be using Debian testing unless you perfectly know what you are doing. It is almost impossible to support Debian testing and there are no plans to do it.
This was kind of shock, but it's consistent with the notion of maintenance difficulties for Debian testing as a moving target; removing some uncommon architectures may actually provide some relief to package maintainers and developers as well as the admins.
This ridiculous, inhibitive patent suit should be thrown in the faces of the European Parliament prior to their ratification of software patents in Europe as an example of the damage that patents cause to businesses. If they don't see the problems with software patents now, they never will.
"I am in constant contact with the Danish minister of science. He seriously considers blocking the directive on Monday"
This is a discussion from Poland's representative. It looks like it will really be up to the Danish and German representatives to establish a clear majority to remove the patents item from the A-List.
Once I've paid for Flash MX 2004 Studio Professional and spent time and money developing an application it it, I don't want my potential clients to see MY work as being associated with third-party advertisers.
A developer's concern about MM's move could be equally that of "brand promotion" in addition to concerns about spyware. What if the developer doesn't like Yahoo? What if it had been an MSN search bar? And what if the developer thinks that MS is a sick company? Again, the benefits of FOSS are clear because you can't be taken along with incompatible agenda... It's much more than an issue of spyware at stake.
I was talking to a friend the other day about the feelings that I got from large US corporations: Walmart, Microsoft, you name it. He is a lawyer, and he described them as "angry machines." It's consistent with what I feel when I think about what kind of machinations are going on behind the scenes to push patents through in Europe. How do we, Free Software advocates (and advocates of freedom and cooperation) match the intensity of these folks? Deep in despair, because I see the demise of Free Software in the bowels of these decisions, I wonder how the Nazis, those incredibly angry and strong fanatics, were defeated... What impulse was necessary to counter their hate? Whatever it was, we need it now. Peace signs and hippie love ain't cutting it.
Looks like the major differences between Moz. 1.0 and 1.8 are found in the CSS rendering engine. Somewhere on the order of 15x improvement. I assume that's where Gecko comes in...
Have a look at Tcl sometime and you'll see that this technology is not new. For example, Eolas (yeah, the folks who tried for the browser patent case against MS) was the home of Tcl dp_rpc (Distributed Processing / Remote Procedure Calls). The license contains the following line:
# Implements a tclDP compatible portable RPC library atop of the
# Tcl ver. >= 7.5 socket command.
# Originally developed by Steve Wahl for Eolas Technologies Inc.
# Copyright (C) 1995-2003 Eolas Technologies Inc, All Rights Reserved
# Freely distributable/modifiable under the BSD license
# Documentation can be found at http://www.eolas.com/tcl/spynergy/rpc
So, it looks like there's been an implementation of this around for at least a decade. Just hope they don't have a patent on the idea:)
Hardware-level security. At least, this seems to be the way to push for it. "Prove" that security can't be maintained at the software-level, then push for "Trusted Computing" or some such BS. Right now, it is to MS's advantage to prove that security through software is inherently flawed and impossible, then use that to their advantage in locking out other operating systems with hardware-level components. "Run for your lives!" -> "Run to the MS bunker!"
That would just be paranoia, but how does a user get a rootkit in the first place? Visiting a site with a malformed URL?
Linux suffers from a similar vulnerability. A Sourceforge project checkps confirms it:
checkps is a program to detect rootkits by detecting falsified output and similar anolomies. The ps check should work on anything with/proc, the (currently incomplete) netstat check is more linux specific
One of the great things (among others) is that the Mac uses the opengl graphics layer for gaming. Thankfully, so does Linux. Mac popularity is preventing opengl from dying on the vine as a "Linux-only API" that would have to compete directly with DirectX. *sigh of relief*
Check out this resume, and notice who he currently works for... . Let's get him!;) Just kidding, it's good to have you on board, and maybe if we're nice we can bring you over to the light side. In the mean time, I'd like to ask you a few questions about Bill Gates... I also liked your comment about the chipset.
Macromedia released Director 8.5 with 3D support. It has a tool for creating interactive 3D using Lingo (the Director language). Most of the stuff that's being produced is kinda crappy, but you should check out the Lego site for an awesome example of a game. More to come, you can be sure...
And, it is said, many people major in elementary education for precisely that reason. Our elementary school teachers are therefore not only ignorant of science; they are hostile to science. That hostility must, inevitably, rub off on the young people they teach.
This is a logic error: non sequitur. It may be said that many people major in education for that reason, but that certainly does not necessitate hostility towards science, and as a doctoral student in educational psychology, I'd like to see the citations you are referencing when you make those statements, Dr. Goodstein.
For that to happen, we would have to pay teachers more, at least as much as what graduating doctoral students get. And they should be paid more. But that's not the whole answer. Just as important, schools would have to learn to treat these teachers with professional respect, and society would have to afford them the honor and admiration that professionals expect.
Is paying teachers more, or "treating teachers with respect" really going to do anything about our problems in education? There is a curious omission that I've seen in nearly every discussion of increasing the effectiveness of our educational systems: better methods of teaching. These problems were all quite successfully addressed with programmed instruction, or the application of basic principles of the experimental analysis of behavior to the problem of instructional design. The problem has been solved; the solution hasn't been accepted.
Several years ago I adapted a program of instruction called The Analysis of Behavior: A Program for Self-Instruction for the Internet. Over six hundred people have used the program quite succesfully, and I haven't worried one iota about the amount of respect that I get from those individuals. How they interact with their environments is another question.
Another reason for excluding Java from Windows XP wasn't mentioned by Cringley but was hinted at by Prasad. It would seem that Eolas's successes against Microsoft in court pose the threat of competition to.NET in the form of a Java-based open-source distributed application environment.
Brian Behlendorf has a nice chapter in "Open Sources" at the O'Reilly site that summarizes each of the various licenses. He describes various business models and suggests what licenses are most appropriate for each. I especially liked the following comment:
The open-source approach is not a magic bullet for every type of software development project. Not only do the conditions have to be right for conducting such a project, but there is a tremendous amount of real work that has to go into launching a successful project that has a life of its own. In many ways you, as the advocate for a new project, have to act a little like Dr. Frankenstein, mixing chemicals here, applying voltage there, to bring your monster to life.
I believe that you are correct about implementing J2EE in competition with.NET. Your arguments and the arguments of Prasad suggest that Java is David's weapon against Goliath. What really convinces me that this is true (sort of icing on the cake) is that Microsoft has said that they will not be including the Java Virtual Machine in Windows XP. I think the folks at Microsoft are thinking along the same lines.
Slashdot Mirror
These breaches really making me think... I'd like to run a server out of my home, and collect personal information from users (it's an online business). A host (no pun intended) of questions arise.
- What kind of training do I need to learn how to keep my data safe?
- What do I do if I find an intrusion?
- What if I detect intrusion attempts? Should I report them?
- Should I use FreeBSD, which has a better security history than Linux?
Those are just a few of the things that come immediately to mind, except that maybe I shouldn't run my own server...Any ideas?
From the blog...
"Debian Server / stable / testing / unstable
Debian User / stable / testing / unstable"
For a Debian Server distro, the current system is quite OK. For a Debian Desktop distro, well,
Posted by: Takis at April 11, 2005 07:54 PM
He's back in the running, and I just tossed him my vote, and you should, too:
http://www.debian.org/vote/2005/platforms/branden
Wow, really exciting stuff there. I guess the really interesting stuff is under the hood, i.e., DRM, Trusted Computing, prorietary XML documents...
Musical content, works of art, etc. The person who creates these things should have control of how they are distributed. If they want DRM, let them have it. The notion of unrestricted access to everything is simply going to wash out any incentive for creating "works of art" of whatever format. Credit is important. Even financial credit.
Development tools should be free. The GPL is way to ensure that we all have the freedom to be creative, and to get credit, and even reimbursement in some cases...
This ridiculous, inhibitive patent suit should be thrown in the faces of the European Parliament prior to their ratification of software patents in Europe as an example of the damage that patents cause to businesses. If they don't see the problems with software patents now, they never will.
This is a discussion from Poland's representative. It looks like it will really be up to the Danish and German representatives to establish a clear majority to remove the patents item from the A-List.
A developer's concern about MM's move could be equally that of "brand promotion" in addition to concerns about spyware. What if the developer doesn't like Yahoo? What if it had been an MSN search bar? And what if the developer thinks that MS is a sick company? Again, the benefits of FOSS are clear because you can't be taken along with incompatible agenda... It's much more than an issue of spyware at stake.
I was talking to a friend the other day about the feelings that I got from large US corporations: Walmart, Microsoft, you name it. He is a lawyer, and he described them as "angry machines." It's consistent with what I feel when I think about what kind of machinations are going on behind the scenes to push patents through in Europe. How do we, Free Software advocates (and advocates of freedom and cooperation) match the intensity of these folks? Deep in despair, because I see the demise of Free Software in the bowels of these decisions, I wonder how the Nazis, those incredibly angry and strong fanatics, were defeated... What impulse was necessary to counter their hate? Whatever it was, we need it now. Peace signs and hippie love ain't cutting it.
Looks like the major differences between Moz. 1.0 and 1.8 are found in the CSS rendering engine. Somewhere on the order of 15x improvement. I assume that's where Gecko comes in...
And then install Ubuntu
Hardware-level security. At least, this seems to be the way to push for it. "Prove" that security can't be maintained at the software-level, then push for "Trusted Computing" or some such BS. Right now, it is to MS's advantage to prove that security through software is inherently flawed and impossible, then use that to their advantage in locking out other operating systems with hardware-level components. "Run for your lives!" -> "Run to the MS bunker!"
That would just be paranoia, but how does a user get a rootkit in the first place? Visiting a site with a malformed URL?
One of the great things (among others) is that the Mac uses the opengl graphics layer for gaming. Thankfully, so does Linux. Mac popularity is preventing opengl from dying on the vine as a "Linux-only API" that would have to compete directly with DirectX. *sigh of relief*
Check out this resume, and notice who he currently works for... . Let's get him! ;) Just kidding, it's good to have you on board, and maybe if we're nice we can bring you over to the light side. In the mean time, I'd like to ask you a few questions about Bill Gates... I also liked your comment about the chipset.
After examining your resume, I noticed that you do a lot of .NET work. Anything interesting to say on the subject with regards to chipsets?
Macromedia released Director 8.5 with 3D support. It has a tool for creating interactive 3D using Lingo (the Director language). Most of the stuff that's being produced is kinda crappy, but you should check out the Lego site for an awesome example of a game. More to come, you can be sure...
And, it is said, many people major in elementary education for precisely that reason. Our elementary school teachers are therefore not only ignorant of science; they are hostile to science. That hostility must, inevitably, rub off on the young people they teach.
This is a logic error: non sequitur. It may be said that many people major in education for that reason, but that certainly does not necessitate hostility towards science, and as a doctoral student in educational psychology, I'd like to see the citations you are referencing when you make those statements, Dr. Goodstein.
For that to happen, we would have to pay teachers more, at least as much as what graduating doctoral students get. And they should be paid more. But that's not the whole answer. Just as important, schools would have to learn to treat these teachers with professional respect, and society would have to afford them the honor and admiration that professionals expect.
Is paying teachers more, or "treating teachers with respect" really going to do anything about our problems in education? There is a curious omission that I've seen in nearly every discussion of increasing the effectiveness of our educational systems: better methods of teaching. These problems were all quite successfully addressed with programmed instruction, or the application of basic principles of the experimental analysis of behavior to the problem of instructional design. The problem has been solved; the solution hasn't been accepted.
Several years ago I adapted a program of instruction called The Analysis of Behavior: A Program for Self-Instruction for the Internet. Over six hundred people have used the program quite succesfully, and I haven't worried one iota about the amount of respect that I get from those individuals. How they interact with their environments is another question.
Another reason for excluding Java from Windows XP wasn't mentioned by Cringley but was hinted at by Prasad. It would seem that Eolas's successes against Microsoft in court pose the threat of competition to .NET in the form of a Java-based open-source distributed application environment.
I believe that you are correct about implementing J2EE in competition with .NET. Your arguments and the arguments of Prasad suggest that Java is David's weapon against Goliath. What really convinces me that this is true (sort of icing on the cake) is that Microsoft has said that they will not be including the Java Virtual Machine in Windows XP. I think the folks at Microsoft are thinking along the same lines.