Since we are waving around MSDS data, it might be instructive to take a look at the MSDS for regular unleaded gasoline.
The oral LD50 in rats is approximately 5ml/kg.
INGESTION:
Because of the low viscosity of this substance, it can directly enter the lungs if it is swallowed (this is called aspiration). This can occur during the act of swallowing or when vomiting the substance. Once in the lungs, the substance is very difficult to remove and can cause severe injury to the lungs and death.
More scary MSDS stuff:
This product presents an extreme fire hazard. Liquid very quickly evaporates, even at low temperatures, and forms vapor (fumes) which can catch fire and burn with explosive violence. Invisible vapor spreads easily and can be set on fire by many sources such as pilot lights, welding equipment, and electrical motors and switches.
The point is, gasoline is an inherently dangerous substance, probably much more so than the proposed borate solution.
In spite of that, we have devised means of handling it that make the risk manageable, and that is what we will do here as well. So if the concept is ultimately rejected, safety is the least likely reason IMO.
You forgot option 4, "attend on opening night dressed as CowboyNeal."
But seriously, I've talked about it with my similarly inclined pals, and the consensus is to go see the film. Several of us are planning to reread the books (again) as support/reinforcement/penance. But an effort like this deserves an honest, open-minded look. See it in the theater.
Point taken, but this is a long way from cruising around in the family geek wagon scanning for vulnerable networks.
If two companies just happened to set up overlapping networks and they both used the default key or same password for encryption, then it could be argued that this communication was "readily accesible to the general public", as descirbed in the act:
g) It shall not be unlawful under this chapter or chapter 121
of this title for any person -
(i) to intercept or access an electronic
communication made through an electronic communication system
that is configured so that such electronic communication is
readily accessible to the general public;
But once you have loaded up your favorite sniffing program and started exploiting weaknesses in the 802.11b implementation, I think whatever sympathy the court may have had is going to vaporize.
Just because it is easy doesn't mean it is legal. I am not a lawyer, but I believe the Electronic Communicastions Privacy Act (http://floridalawfirm.com/privacy.html) expressly prohibits the "interception and disclosure" of various forms of electronic communications.
It is against the law to eavesdrop on phone communications, for example, with a scanner. Since +/- 1994 scanner manufacturers have been forced to modify their scanners to skip the frequency ranges commonly populated by cellular telephone traffic.
Also, I believe the law differentiates between snooping an analog signal and snooping a digital one because it could be argued that this signal is "scrambled or encrypted".
Since you need (more) specialized equipment to decode the digital signal and the setup is nontrivial for most folks, you would have a tough time claiming you "accidentally" intercepted LAN traffic from XYZ Corp.
Of course that may not help them once their sensitive information has been leaked to the press or the competition, but it would be naieve to think that you wouldn't be prosecuted if you were caught.
If you believe that a centralized data repository is a bad idea, and many of us do, then at least having other players in the game can produce enough fragmentation to keep us from being locked in to any one implementation.
I find the idea of either of these groups becoming "the standard" equally repugnant, but as long as they continue to battle it out in the market place each protects us from domination by the other(s).
I would like to see it splinter into eight or nine competing implementations, in hopes that we won't see any (more) "You must sign up with A to use B, C, D,..."
That way, even if it does ultimately happen it will happen slowly enough that we can hope for a better implementation in the end.
Believe it or not, designing a bridge is enormously complicated. One only has to look at some of the more famous bridge failures (Tacoma Narrows, for example) to see what can happen if subtle details aren't tracked through design and construction. Vibration analysis was one of those things no one thought of before a catastrophe pointed out the importance of it. I can't think of a software analogue (I'm sure there is something), but the complexity is there from the construction side.
Simply put, the consequences of a software failure are perceived to be small. Compared to the almost inevitable loss of life connected with a bridge collapse, this is usually true. And that, I think, is the most important difference between the two endeavors and, IMHO, why software usually DOES suck.
It has been well established that if your software crashes the market will not punish you for it. On the other hand, if you're late to market you might as well not bother shipping it.
The reason there is no good software out there is because it DOESN'T PAY to spend the time/money to turn beta software into a finished product before you release it. Ship it today and patch it tomorrow or someone else will.
I think this is what makes free software solid in comparison to the commercial offerings. Free software developers can afford to take the time to make things right. Commercial developers can't afford this luxury because the market isn't sophisticated enough to expect it, nor is it (according to marketing and management) willing to wait.
It's all driven by market expectations. If you need further proof, look at all the software in embedded systems the world over that doesn't suck. The market will put up with a lot, but no one is willing to reboot their TV during the big game.
When the market demands more, software developers will deliver it.
Although we would certainly seed the "meta-optimizer" with the best we can come up with, the optimizer would necessarily be free to combine our raw material in ways we did not anticipate.
Further, these "mutations", provided they score well, would later be combined with each other as well as the best performers from the original seed material.
The end result would be something we could never have predicted from the outset (or else why bother), and in the worst case might be so complex that we don't even understand HOW it works even though we may be able to satisfy ourselves that it DOES work. That will be the beginning of just trusting that the machine will work it out, and our role will gradually be reduced to just "checking that the answer sounds reasonable".
Of course we will have to be careful then, but the potential benefits are so great that we won't stop pushing things forward.
I think a better way to say it would be "This bike is more aerodynamic and therefore lets you attain a higher speed with the same energy input from the rider."
In the slower (but lighter) bike, more of the rider's (driver's?) energy is consumed by drag.
The energy the rider supplies should be viewed as nearly constant, and then you can compare different bikes by looking at how much performance you can get for the energy the rider has to invest.
I am sure someone will correct me if I am wrong, but I think the sticking point for Mr. Perens is the source code disclosure which the GPL and similar licenses would require (and which the FreeBSD license, AFAIK, does not).
I'm not clear on how we get from "you have to pay for it" to "we won't let you open source your implementation of it", though. But maybe it is not unreasonable to expect that kind of requirement from the owners of proprietary protocols and formats. Then you might be left unable to write an Apache module to support the new standard. Pretty scary territory, if you ask me.
I was hoping that I would get some responses in this vein.
I often wonder if I am guilty of clinging to the tools I think I know as opposed to learning appropriate tools for the job at hand.
I have often thought that learning VB could make my job *much* easier, because VB and its variations very much seem to be Microsoft's answer to automation (I don't believe other options have the object model support you need to be truly useful, except maybe Perl::OLE). I have been hacking Perl for a while, and I am learning Python now to let me play with Zope on a more functional level.
I have made one abortive attempt to learn VBA from one of O'Reilly's nutshell books (I have had great luck with these), and I found the syntax annoyed me to the point that I lost interest fairly quickly.
I have always been a self-taught programmer, but it seems like my knowledge builds critical mass much faster with other tools than with VB. Is there an unfair bias here? I would like to think that there isn't, and that the following two things are generally true:
1. The windows automation object model is fairly complex, and there is a steep learning curve. It seems like you have to know an awful lot of it to get past the "cut and paste" coding level. I also believe certain components (is IIS server configuration one of them?) are not exposed (documented?) for script manipulation.
2. Most of the documentation out there is geared more towards the "cut and paste" approach than the "understand everything that is happening" approach. For better or for worse, I am wired to resist the former and embrace the latter.
One of the things that really scared me off of VB were the negative comments I ran across in the book I was learning from. Things like "sometimes this works, sometimes it doesn't, no one knows why" and "Performance problems can result if you don't perform some other operations in between these two."
The more I see out there, the more I feel like my prejudices might be making life harder on me than it should be. I have been working from the assumption that automating Windows takes a lot of knowledge, a lot of code (as in many lines of code to do simple things), and in the end it still falls short in comparison to other platforms. I prolly need quit whining and dig in to the resource kits and reams of paper/ electronic docs.
I would *really* appreciate pointers to a good, basic WSH or VBA primer (bonus points if it is available online/free.) I hope that with just the right piece of information I will suddenly "get it", and then Windows will take a giant step towards being a tool I am neutral towards rather than biased against.
Still, I think there is a lot more effort required to administer Windows than Unix. As an example, I would offer the Microsoft knowledge base article on changing the name of an Exchange Server. It is several pages of procedure and requires that you have two machines. On Unix? Edit/etc/hostname or some similar and you can go home.
As I went from desk to desk here applying patches to our various IE versions, I began to fantasize about what this job would be like if the clients had a different operating system, one which I could start a remote shell on. It would be great if I could use one of the several scripting languages I know to write a script which would run from my machine and patch all of the clients. It would be great if I could trust the patch to run from a logon script. Maybe I will learn Visual Basic some day. I still don't think that will get me there, though, because I have no idea what many of the patches I apply are actually doing. I keep seeing security advisories on Microsoft's support site that say you can: a. Change the following three registry entries or b. Apply this 3 meg patch.
HTF can those be equivalent actions? What exactly am I turning on or off with these cryptic registry keys?
But life with Microsoft is not so easy, is it? They keep sending you patches that require you to physically sit at each machine and click your way through dialog boxes, and you don't have time for that.
Where your Apache admin, who has fewer machines to patch and fewer patches to apply, can write a PERL script to do the job for him, you have to sit at each IIS box, open the control panel for each site, and click your way through the changes. Wouldn't it be great if you could SSH in and apply patches or make configuration changes from home while you watch the ball game? Of course it would.
I feel your pain, because I am dealing with it every day. The hardest decision I ever made here was to sit down with my boss, put my reputation (and job) on the line, and get permission to bring in some free technology on a trial basis. After some testing and configuration, I have replaced three NT boxes with Linux. Samba and the smb_auth libraries have made it possible to replace many NT services completely transparently. The main difference is I no longer have to come in on the weekends for "maintenance reboots" or just to make sure everything is working. My current hurdle is figuring out how to replace Exchange in a way that won't irritate my users and/or bosses. Every NT box I pull the plug on reduces my workload. What are you doing about yours?
I am not trying to be combative, but you did mention that your boss has asked you for things that used to be easy to get from his old VAX cluster. Have you explained to him the limitations imposed by the decision to move from VMS or Unix (free or otherwise) to NT? What is NT giving you guys that other systems do not? Make sure your evalutation of NT includes an accurate picture of the increased administration effort it requires.
You sound like you are pretty high in the food chain over there-- politely ask for the tools you need to make your job easier. The push for better technology has got to come from our end-- management will not do it for us. As Linux and FreeBSD gain more market share, it forces Microsoft to evolve. Believe me, they have the resources. They aren't writing cheesy hacks because they can't do any better. They are writing chessy hacks because it pays a lot more than sweating the details does. Show them you won't settle for that and we can all go back to the good old days of sysadmins who had time for the occasional game of DOOM.
This is an interesting question. I would think that source code (even just headers and data structures) would be considered more than just a "list of facts". I think you're right that we may not want to dig too deeply here, or we may end up establishing some legal precedents that will hurt the open source community in the long run. It seems like it is in the best interest of all parties concerned to settle this outside the court room.
I wonder whether this copyright omission ocurred as a simple oversight or if it is a manifestation of Red Hat's need to "brand" themselves. Life as a commercial entity with a responsibility to shareholders creates a lot of pressure. I hope Red Hat remains successful at balancing that pressure against the needs of the community.
As we've seen with the failures of some other companies, it's a tough job.
IANAL, but as far as I know, holding someone in contempt would enable a judge to keep him or her in prison indefinitely.
This might be even worse because you could extend this to apply to witnesses in a given case or grand jury proceeding, which would mean that the state would no longer have to bother to secure an indictment to put perceived bad guys in jail.
I concede the point that this may not get us any closer to the terrorist leader in another country or give us useful information to help disrupt a group's operations, but individual cells could be rendered inoperative based on their intercepted communications, even if we never obtain the clear text of the message. (Does the message appear to contain random data? If yes is there a proper key registered? If no, release hounds. If yes, decrypt. Are contents still random? If no, read message. If yes, release hounds.)
Understand that I don't have any illusions that this would be of net benefit to society. Like anti-terrorist sponsored civil rights violations in other countries, it is doomed to devolve into being used against Joe Average, because that is who it would be most effective against. Most likely it would be used against drug dealers and mafia types who have proven difficult to build cases against as a test case for extending it past its stated purpose. Then a little later against someone who is gay, or having an affair, or reading books that have been banned.
I believe completely that this should be resisted every step of the way, but I am not sure technical issues are the best platform from which to attack it. Attack it on the basis that it is fundamentally wrong.
The government may not necessarily *need* to decrypt the data.
If someone encrypts an encrypted message as you suggest, he can be locked up just for hiding the message content. No need to prove he is a terrorist or mob boss-- we can just lock him up for refusing to decrypt his message for us and prove his innocence. It is this reversal of a fundamental principle (innocent until proven guilty) of our justice system that troubles me the most.
"Suitable" penalties for refusing to turn over encryption keys that really work to retrieve clear data could make any protection afforded by encryption moot.
I've seen the "We're not sure where this is headed, we're making it up as we go along" rap from these guys before.
It's hard for me to believe that it's true that Microsoft is "betting the farm" on their Hailstorm strategy but at the same time they haven't taken the time to develop a roadmap for its deployment and maintenance.
It's too important to them and they have too many resources devoted to it for there not to be a plan. Given that, it makes me nervous that they don't seem to be willing to share the details of that plan. That seems to indicate that they are pretty sure we won't like it.
The best protection is to insist on open, documented interfaces to all of the components of this technology. We need to make sure that the rest of the industry remains free to develop their own components of the Hailstorm/.Net architecture with the assurance that they will interoperate. The problem is, it would take a lot of cooperation for the industry to reject any offering that doesn't meet these requirements.
My boss has a Linksys wireless router. I helped her with some setup problems and learned an interesting thing: The router has a built-in firewall which AFAIK cannot be configured. While you can designate one machine as a "DMZ HOST", which will allow all traffic to pass through to it, you cannot do this for a whole subnet.
The upshot of all this is that I think (someone please correct me if this isn't true) for certain things, eg online gaming or software that uses a port other than one of the common ones, one and only one machine on your home LAN at a time will be able to receive return traffic to a designated port. If you want to play whizkill 2002 from a different machine next time, you will have to designate that one as the DMZ host-- and two people can't play at the same time.
This may or may not be a big deal, and I have no idea how other manufacturers approach this. The router has thus far performed completely as advertised, and the documentation and support from Linksys has been great.
The router can act as a DHCP server, and you can limit the address ranges to allow you to have static IP's and dynamic IP's on the same network (alhtough with only one DMZ host you may not need more than one static IP, lol). It would be great to be able to set up an unrestricted subnet.
I used to *love* hacking my Commodore 64. I had a programmer's guide for it that documented it down to the circuit board wiring diagrams, and I learned 6502 assembly language with that book and a monitor cartridge. Feeling some nostalgia for programming, and having a neato idea that involved some low level CD-ROM access, I decided to make a go of it again. I went down to the local computer store and shelled out $100.00 for a C compiler. I needed some documentation, so I shelled out another $50.00 for what looked like a decent programming book. I banged out some examples of pretty run of the mill stuff (all those books seem to have the same kinds of things, maybe because the API very much encourages one kind of program), and then the next thing you know the book ended. Still not feeling like I knew what I needed, I spent some more money on another book-- I learned some painful lessons about API's and how the internal OS functions aren't documented any more (at least not by Microsoft) no matter how much you spend.
By the time I finished working my way through the second book, I knew enough to know that all my problems would be solved if I just registered as a developer and paid $100 for a device driver kit (I know they are free now, but they weren't then.) So here I am, on the verge of being $300.00 in the hole, still not any closer to implementing my silly little afternoon idea. The cost outweighed my interest in learning at that point. I just ran out of steam. Programming for me had always been fun, not work! At about the same time, I installed Linux kernel 1.2.13 for the first time. Docs and HOWTO's for miles! Fully documented system calls, and even the source code for the OS itself if I am willing to spend the time to get my head around it. Free compilers for any langauge you care to mention-- I have learned several scripting languages, learned more about C/C++, and even dabbled with some 32 bit assembly without having to part with any cash or "development tax", as I have come to call the cost of entry into the windows programming market. Hobbyist programming and hacking only exists in the windows market as ports from open source projects. I could put more than one kid through college for the money it would cost me to learn as much as I have on open source tools if I bought comparable Win32 tools (where they exist). I feel a debt to the community for giving me the highest quality tools to hack with, and I'm sure many other fledgling developers do, too. Meanwhile the competition has stooped to prosecuting schools in an effort to extract maximum profits.
2. Economics
If you write commercial software, it has to be a successful venture in order to survive. Microsoft has agressively destroyed or absorbed competitors in the PC market. The only way to compete is to give it away-- if you actually start making money, you show up on the radar and get clobbered. I think Netscape is a good example here, everything was fine until it actually started to look like they could make money. Soon after that, they got sucked into a war they didn't have the resources to survive. You just can't compete. So a lot of developers don't. They write solid code and put it out there. There is no room in the comercial market for their artistry unless they are willing to market and litigate their way in, and the ugly nature of competing with a monster sucks the joy out of programming for them. So they pay the bills during the day writing uninteresting things, and then they write what they want on their own time. Of course, students are good at finding time to contribute, too. I work as a system administrator, and hack code when I get time here and there. We find ways to do what we like to do, and part of the joy is having some other people with similar interests look at it and think, "Gee, that's pretty cool."
I think you could solve the computer hunting and fatal attack problems making it cue on motion detection rather than heat. If they stop moving, it stops whapping them. You're right about the cat not appreciating it, though. That's what slows me down.
I guess you would also have to be careful not to leave the ceiling fan on, or it might destroy the house. Maybe we need heat and motion detection?
Re:How to open the govenrment comm link
on
Microsoft vs. Ximian
·
· Score: 2, Interesting
Get involved. Write letters. They *do* get counted, even if they don't count for anything until they hit critical mass. They may not read your letter any longer than it takes to tally another count for the open source zealot column, but they are at least going to do that. No one likes to lose a vote.
Be aware that in a majority rule system, it is hard for a minority (informed computer users) to find a voice. But the "ruling class" always seem to manage OK, and there aren't many of them. How do they do it? They make noise and they spend money.
So, donate to EFF, buy products based on open source, and encourage your company to do the same. For example, I order new systems with commercial Linux distro's on them even though they will most likely end up with Debian installed by the time they go into service. Sure, it's a drop in the bucket (we are a very small company) but we do what we can. I try to buy switches and hubs that have the "works with linux" stickers on the box. I know there isn't really any difference, but I want to reinforce the idea for hardware manufacturers that "support for linux = more $$$".
Hopefully Red Hat and others will eventually have enough cash to grease a few wheels. It only takes one lunch with a Senator where someone says "Please don't put us out of business... and by the way did you see that we contributed a little something to Furman's computer lab? Doesn't little Margory go to Furman? What a pleasant coincidence. I do hope to see you at the next campaign rally" to swing a vote at the next committee meeting.
I'm one of those people who believes that lobbyists exert far too much leverage with our representatives, and most of it does not work in our favor.
Lobbyists do what they do with CASH. I am not sure that Linux and related technology needs to be commercialized to survive, but we (the community) do need to buy or beg at least enough influence to make sure we don't get patented and DMCA'ed out of the game. I just moved the last vestiges of our file services off of NT, and I am now enjoying reduced maintenance time while I brace for the first SAMBA patent infringement lawsuit. I will lose "boy genius" status with my boss in a heartbeat when that hits the papers.
I don't car if Linux never gets more than 25% of the corporate server market-- as long as there still *is* a Linux, and as long as there remains enough incentive and legal freedom to allow the kernel hackers, the Gnu guys, the Samba team, and the Apache team to keep doing what they have been doing for us for all this time. (I am not leaving KDE/Gnome and others out on purpose, I just already feel like I am starting to ramble.) In a lot of ways I think the changes needed to make Linux suitable for mass consumption are in danger of making it unsuitable for people like me. But that is another story-- as long as the config files stay "human readable" and documented we will all be OK.
One thing to keep in mind is that some people consider punishment for the crime committed as an important part of the "prison experience".
You dismiss the "they broke the social contract" argument in your post, but it *does* have direct bearing here.
If someone spends time in jail being denied the rights which those of us on the outside allegedly enjoy and which we like to think separate us from "lesser democracies"-- and privacy is chief among these, then he or she may spend that time considering the importance of these rights, and how to keep from losing those rights again in the event he or she gets them back.
I think the relationship between the state and the prisoner *has* to be fundamentally different from the relationship between the state and the "upstanding citizen" for as long as the prisoner is in jail paying his or her debt to society. Now whether it is fair to change the rules for this person after their release is another matter, because committing a crime should not necessarily disqualify a person from good citizen status for life-- especially when it comes to the "consensual crimes" which are tying up so much of our jail space and other resources.
It doesn't sound too good to me. If you try to see it from the point of view of third-parties who contributed code to this project in anticipation of being able to use the finished product, then it starts to look like Sistina is telling these people that they have acquired precisely nothing for their contribution.
In other words, Sistina has (actually, I should say may have, because I have no idea how much of the code base was developed by the community) leveraged the benefit of the community's contribution fully, then reneged on the long-term benefit to the community side of the equation.
Heck, even quality testing and bug reporting has great value, and many of these users were probably working under the impression that they would be entitled to make use of the end result as they see fit.
If companies keep doing this kind of end-run around the GPL, extracting maximum value for themselves and then refusing to let the community extract all the benefit it can derive, this may lead to restrictions against these practices being written into the GPL. It's already a tough sell as it is!
I hope companies will exercise great care with how they use the community resources. I know open source software has made a big difference in my life, and I don't want the well to run dry.
This is an almost hopelessly naieve point of view. The people in government responsible for making these decisions are just that, people. In the aggregate, they make up that "software market" we keep hearing so much about. (Particularly the informed decisions the market tends to make.) Most of them simply don't have the technical depth in this area necessary to make what we self-described techno-elite types would consider the "only right choice".
The sad truth is there is a tremendous shortage of people who really understand how computers work in the world. Among people who have been using computers for less than five or even ten years, the percentage who are aware that someone other than Microsoft or Apple writes operating system software is disturbingly small.
To make matters worse, the government pays less than private industry for computer talent, and therefore is at a loss competing with private industry for job candidates. Hell, many of the management types who have a lot of say in the matter aren't really "computer people" at all. Remember when blue screens paralyzed one of the Navy's new ships? Government branches have settled on Win32 platforms in the past and will likely continue to do so. It sucks, and I wish they would take better care of my tax dollars, but that's how it is.
According to UniSys (http://www.unisys.com/home/enterprise/), the Coast Guard has standardized on Windows NT for relaying mission critical search and rescue data. As a sailor who is planning on cutting the dock lines for good one day, this frightens me.
I think Linus is wrong not to be paranoid about this de facto tax collector issue. The government will be more than happy to let Microsoft collect revenue any way they can, because the government will collect taxes from them in the end. Why go to the trouble to figure out how to tax and collect on internet transactions (not to mention pushing the legislation through) if Microsoft can figure out how to do it for them and they can collect from Microsoft by taxing their revenue? After all, as far as most of our Congresspersons are concerned, Microsoft represents the best and brightest in computer innnovation. And they have the campaign contributions to prove it.
Re:Web services ARE client/server
on
Shirky On P2P
·
· Score: 1
I think we're looking at this from pretty much the same viewpoint. On the one hand, it's exciting to think about, but on the other hand it's hard to see this as being immediately useful in most environments.
Still, every time our CAD operators start to bump against the storage limits on our file server, I start to think about all the unused drive space on their client machines. They have 5-10 GB apiece I am always telling them not to use because it's not secure and doesn't get backed up.
In the "wouldn't it be great" department, it would be nice if I could organize their unused space and processor cycles into a kind of "storage hive" which would appear to them (and my backup scripts) as a network file system. We have the LAN bandwidth to spare, but I am not sure how much cost would be associated with leaving all the workstations on all the time.
Then there are the problems associated with the reliability of a certain operating system they are all running. It seems to self destruct if you don't reboot it fairly regularly.
I think this differs from a SAN (storage area network) in some subtle but important ways, and it's as close as I can get to a "killer P2P app" for business.
Essentially, ditch the server and distribute its tasks among the under utilized clients. The whole server is replaced with a cluster of processes running on client machines.
Sounds great to me, but I don't think it can be built with the pieces we have today. I am not about to bet the bank on a swarm of Win98 boxen...
As FreeNet progresses, I find myself wondering how hard it would be to write a client for it that would present a CIFS (Samba, SMB) interface to applications.
Slashdot Mirror
Since we are waving around MSDS data, it might be instructive to take a look at the MSDS for regular unleaded gasoline.
The oral LD50 in rats is approximately 5ml/kg.
INGESTION:
Because of the low viscosity of this substance, it can directly enter the lungs if it is swallowed (this is called aspiration). This can occur during the act of swallowing or when vomiting the substance. Once in the lungs, the substance is very difficult to remove and can cause severe injury to the lungs and death.
More scary MSDS stuff:
This product presents an extreme fire hazard. Liquid very quickly evaporates, even at low temperatures, and forms vapor (fumes) which can catch fire and burn with explosive violence. Invisible vapor spreads easily and can be set on fire by many sources such as pilot lights, welding equipment, and electrical motors and switches.
The point is, gasoline is an inherently dangerous substance, probably much more so than the proposed borate solution.
In spite of that, we have devised means of handling it that make the risk manageable, and that is what we will do here as well. So if the concept is ultimately rejected, safety is the least likely reason IMO.
You forgot option 4, "attend on opening night dressed as CowboyNeal."
But seriously, I've talked about it with my similarly inclined pals, and the consensus is to go see the film. Several of us are planning to reread the books (again) as support/reinforcement/penance. But an effort like this deserves an honest, open-minded look. See it in the theater.
Point taken, but this is a long way from cruising around in the family geek wagon scanning for vulnerable networks.
If two companies just happened to set up overlapping networks and they both used the default key or same password for encryption, then it could be argued that this communication was "readily accesible to the general public", as descirbed in the act:
g) It shall not be unlawful under this chapter or chapter 121
of this title for any person -
(i) to intercept or access an electronic
communication made through an electronic communication system
that is configured so that such electronic communication is
readily accessible to the general public;
But once you have loaded up your favorite sniffing program and started exploiting weaknesses in the 802.11b implementation, I think whatever sympathy the court may have had is going to vaporize.
Just because it is easy doesn't mean it is legal. I am not a lawyer, but I believe the Electronic Communicastions Privacy Act (http://floridalawfirm.com/privacy.html) expressly prohibits the "interception and disclosure" of various forms of electronic communications.
It is against the law to eavesdrop on phone communications, for example, with a scanner. Since +/- 1994 scanner manufacturers have been forced to modify their scanners to skip the frequency ranges commonly populated by cellular telephone traffic.
Also, I believe the law differentiates between snooping an analog signal and snooping a digital one because it could be argued that this signal is "scrambled or encrypted".
Since you need (more) specialized equipment to decode the digital signal and the setup is nontrivial for most folks, you would have a tough time claiming you "accidentally" intercepted LAN traffic from XYZ Corp.
Of course that may not help them once their sensitive information has been leaked to the press or the competition, but it would be naieve to think that you wouldn't be prosecuted if you were caught.
If you believe that a centralized data repository is a bad idea, and many of us do, then at least having other players in the game can produce enough fragmentation to keep us from being locked in to any one implementation.
..."
I find the idea of either of these groups becoming "the standard" equally repugnant, but as long as they continue to battle it out in the market place each protects us from domination by the other(s).
I would like to see it splinter into eight or nine competing implementations, in hopes that we won't see any (more) "You must sign up with A to use B, C, D,
That way, even if it does ultimately happen it will happen slowly enough that we can hope for a better implementation in the end.
Believe it or not, designing a bridge is enormously complicated. One only has to look at some of the more famous bridge failures (Tacoma Narrows, for example) to see what can happen if subtle details aren't tracked through design and construction. Vibration analysis was one of those things no one thought of before a catastrophe pointed out the importance of it. I can't think of a software analogue (I'm sure there is something), but the complexity is there from the construction side.
Simply put, the consequences of a software failure are perceived to be small. Compared to the almost inevitable loss of life connected with a bridge collapse, this is usually true. And that, I think, is the most important difference between the two endeavors and, IMHO, why software usually DOES suck.
It has been well established that if your software crashes the market will not punish you for it. On the other hand, if you're late to market you might as well not bother shipping it.
The reason there is no good software out there is because it DOESN'T PAY to spend the time/money to turn beta software into a finished product before you release it. Ship it today and patch it tomorrow or someone else will.
I think this is what makes free software solid in comparison to the commercial offerings. Free software developers can afford to take the time to make things right. Commercial developers can't afford this luxury because the market isn't sophisticated enough to expect it, nor is it (according to marketing and management) willing to wait.
It's all driven by market expectations. If you need further proof, look at all the software in embedded systems the world over that doesn't suck. The market will put up with a lot, but no one is willing to reboot their TV during the big game.
When the market demands more, software developers will deliver it.
Although we would certainly seed the "meta-optimizer" with the best we can come up with, the optimizer would necessarily be free to combine our raw material in ways we did not anticipate.
Further, these "mutations", provided they score well, would later be combined with each other as well as the best performers from the original seed material.
The end result would be something we could never have predicted from the outset (or else why bother), and in the worst case might be so complex that we don't even understand HOW it works even though we may be able to satisfy ourselves that it DOES work. That will be the beginning of just trusting that the machine will work it out, and our role will gradually be reduced to just "checking that the answer sounds reasonable".
Of course we will have to be careful then, but the potential benefits are so great that we won't stop pushing things forward.
I think a better way to say it would be "This bike is more aerodynamic and therefore lets you attain a higher speed with the same energy input from the rider."
In the slower (but lighter) bike, more of the rider's (driver's?) energy is consumed by drag.
The energy the rider supplies should be viewed as nearly constant, and then you can compare different bikes by looking at how much performance you can get for the energy the rider has to invest.
I am sure someone will correct me if I am wrong, but I think the sticking point for Mr. Perens is the source code disclosure which the GPL and similar licenses would require (and which the FreeBSD license, AFAIK, does not).
I'm not clear on how we get from "you have to pay for it" to "we won't let you open source your implementation of it", though. But maybe it is not unreasonable to expect that kind of requirement from the owners of proprietary protocols and formats. Then you might be left unable to write an Apache module to support the new standard. Pretty scary territory, if you ask me.
The Scene:
A busy interstate highway cluttered with burning wreckage.
Local News Reporter:
Oh the Humanity!
So pop your severed finger in the microwave for a few secs and give it a healthy sqeeze every so often during the logon...
I guess it might take some trial and error to get the microwave times right.
Logon failed... you should see a doctor.
I was hoping that I would get some responses in this vein.
/etc/hostname or some similar and you can go home.
I often wonder if I am guilty of clinging to the tools I think I know as opposed to learning appropriate tools for the job at hand.
I have often thought that learning VB could make my job *much* easier, because VB and its variations very much seem to be Microsoft's answer to automation (I don't believe other options have the object model support you need to be truly useful, except maybe Perl::OLE). I have been hacking Perl for a while, and I am learning Python now to let me play with Zope on a more functional level.
I have made one abortive attempt to learn VBA from one of O'Reilly's nutshell books (I have had great luck with these), and I found the syntax annoyed me to the point that I lost interest fairly quickly.
I have always been a self-taught programmer, but it seems like my knowledge builds critical mass much faster with other tools than with VB. Is there an unfair bias here? I would like to think that there isn't, and that the following two things are generally true:
1. The windows automation object model is fairly complex, and there is a steep learning curve. It seems like you have to know an awful lot of it to get past the "cut and paste" coding level. I also believe certain components (is IIS server configuration one of them?) are not exposed (documented?) for script manipulation.
2. Most of the documentation out there is geared more towards the "cut and paste" approach than the "understand everything that is happening" approach. For better or for worse, I am wired to resist the former and embrace the latter.
One of the things that really scared me off of VB were the negative comments I ran across in the book I was learning from. Things like "sometimes this works, sometimes it doesn't, no one knows why" and "Performance problems can result if you don't perform some other operations in between these two."
The more I see out there, the more I feel like my prejudices might be making life harder on me than it should be. I have been working from the assumption that automating Windows takes a lot of knowledge, a lot of code (as in many lines of code to do simple things), and in the end it still falls short in comparison to other platforms. I prolly need quit whining and dig in to the resource kits and reams of paper/ electronic docs.
I would *really* appreciate pointers to a good, basic WSH or VBA primer (bonus points if it is available online/free.) I hope that with just the right piece of information I will suddenly "get it", and then Windows will take a giant step towards being a tool I am neutral towards rather than biased against.
Still, I think there is a lot more effort required to administer Windows than Unix. As an example, I would offer the Microsoft knowledge base article on changing the name of an Exchange Server. It is several pages of procedure and requires that you have two machines. On Unix? Edit
As I went from desk to desk here applying patches to our various IE versions, I began to fantasize about what this job would be like if the clients had a different operating system, one which I could start a remote shell on. It would be great if I could use one of the several scripting languages I know to write a script which would run from my machine and patch all of the clients. It would be great if I could trust the patch to run from a logon script. Maybe I will learn Visual Basic some day. I still don't think that will get me there, though, because I have no idea what many of the patches I apply are actually doing. I keep seeing security advisories on Microsoft's support site that say you can: a. Change the following three registry entries or b. Apply this 3 meg patch.
HTF can those be equivalent actions? What exactly am I turning on or off with these cryptic registry keys?
But life with Microsoft is not so easy, is it? They keep sending you patches that require you to physically sit at each machine and click your way through dialog boxes, and you don't have time for that.
Where your Apache admin, who has fewer machines to patch and fewer patches to apply, can write a PERL script to do the job for him, you have to sit at each IIS box, open the control panel for each site, and click your way through the changes. Wouldn't it be great if you could SSH in and apply patches or make configuration changes from home while you watch the ball game? Of course it would.
I feel your pain, because I am dealing with it every day. The hardest decision I ever made here was to sit down with my boss, put my reputation (and job) on the line, and get permission to bring in some free technology on a trial basis. After some testing and configuration, I have replaced three NT boxes with Linux. Samba and the smb_auth libraries have made it possible to replace many NT services completely transparently. The main difference is I no longer have to come in on the weekends for "maintenance reboots" or just to make sure everything is working. My current hurdle is figuring out how to replace Exchange in a way that won't irritate my users and/or bosses. Every NT box I pull the plug on reduces my workload. What are you doing about yours?
I am not trying to be combative, but you did mention that your boss has asked you for things that used to be easy to get from his old VAX cluster. Have you explained to him the limitations imposed by the decision to move from VMS or Unix (free or otherwise) to NT? What is NT giving you guys that other systems do not? Make sure your evalutation of NT includes an accurate picture of the increased administration effort it requires.
You sound like you are pretty high in the food chain over there-- politely ask for the tools you need to make your job easier. The push for better technology has got to come from our end-- management will not do it for us. As Linux and FreeBSD gain more market share, it forces Microsoft to evolve. Believe me, they have the resources. They aren't writing cheesy hacks because they can't do any better. They are writing chessy hacks because it pays a lot more than sweating the details does. Show them you won't settle for that and we can all go back to the good old days of sysadmins who had time for the occasional game of DOOM.
This is an interesting question. I would think that source code (even just headers and data structures) would be considered more than just a "list of facts". I think you're right that we may not want to dig too deeply here, or we may end up establishing some legal precedents that will hurt the open source community in the long run. It seems like it is in the best interest of all parties concerned to settle this outside the court room.
I wonder whether this copyright omission ocurred as a simple oversight or if it is a manifestation of Red Hat's need to "brand" themselves. Life as a commercial entity with a responsibility to shareholders creates a lot of pressure. I hope Red Hat remains successful at balancing that pressure against the needs of the community.
As we've seen with the failures of some other companies, it's a tough job.
IANAL, but as far as I know, holding someone in contempt would enable a judge to keep him or her in prison indefinitely.
This might be even worse because you could extend this to apply to witnesses in a given case or grand jury proceeding, which would mean that the state would no longer have to bother to secure an indictment to put perceived bad guys in jail.
I concede the point that this may not get us any closer to the terrorist leader in another country or give us useful information to help disrupt a group's operations, but individual cells could be rendered inoperative based on their intercepted communications, even if we never obtain the clear text of the message. (Does the message appear to contain random data? If yes is there a proper key registered? If no, release hounds. If yes, decrypt. Are contents still random? If no, read message. If yes, release hounds.)
Understand that I don't have any illusions that this would be of net benefit to society. Like anti-terrorist sponsored civil rights violations in other countries, it is doomed to devolve into being used against Joe Average, because that is who it would be most effective against. Most likely it would be used against drug dealers and mafia types who have proven difficult to build cases against as a test case for extending it past its stated purpose. Then a little later against someone who is gay, or having an affair, or reading books that have been banned.
I believe completely that this should be resisted every step of the way, but I am not sure technical issues are the best platform from which to attack it. Attack it on the basis that it is fundamentally wrong.
The government may not necessarily *need* to decrypt the data.
If someone encrypts an encrypted message as you suggest, he can be locked up just for hiding the message content. No need to prove he is a terrorist or mob boss-- we can just lock him up for refusing to decrypt his message for us and prove his innocence. It is this reversal of a fundamental principle (innocent until proven guilty) of our justice system that troubles me the most.
"Suitable" penalties for refusing to turn over encryption keys that really work to retrieve clear data could make any protection afforded by encryption moot.
I've seen the "We're not sure where this is headed, we're making it up as we go along" rap from these guys before.
It's hard for me to believe that it's true that Microsoft is "betting the farm" on their Hailstorm strategy but at the same time they haven't taken the time to develop a roadmap for its deployment and maintenance.
It's too important to them and they have too many resources devoted to it for there not to be a plan. Given that, it makes me nervous that they don't seem to be willing to share the details of that plan. That seems to indicate that they are pretty sure we won't like it.
The best protection is to insist on open, documented interfaces to all of the components of this technology. We need to make sure that the rest of the industry remains free to develop their own components of the Hailstorm/.Net architecture with the assurance that they will interoperate. The problem is, it would take a lot of cooperation for the industry to reject any offering that doesn't meet these requirements.
My boss has a Linksys wireless router. I helped her with some setup problems and learned an interesting thing: The router has a built-in firewall which AFAIK cannot be configured. While you can designate one machine as a "DMZ HOST", which will allow all traffic to pass through to it, you cannot do this for a whole subnet.
The upshot of all this is that I think (someone please correct me if this isn't true) for certain things, eg online gaming or software that uses a port other than one of the common ones, one and only one machine on your home LAN at a time will be able to receive return traffic to a designated port. If you want to play whizkill 2002 from a different machine next time, you will have to designate that one as the DMZ host-- and two people can't play at the same time.
This may or may not be a big deal, and I have no idea how other manufacturers approach this. The router has thus far performed completely as advertised, and the documentation and support from Linksys has been great.
The router can act as a DHCP server, and you can limit the address ranges to allow you to have static IP's and dynamic IP's on the same network (alhtough with only one DMZ host you may not need more than one static IP, lol). It would be great to be able to set up an unrestricted subnet.
1. A sense of obligation to the community
I used to *love* hacking my Commodore 64. I had a programmer's guide for it that documented it down to the circuit board wiring diagrams, and I learned 6502 assembly language with that book and a monitor cartridge. Feeling some nostalgia for programming, and having a neato idea that involved some low level CD-ROM access, I decided to make a go of it again. I went down to the local computer store and shelled out $100.00 for a C compiler. I needed some documentation, so I shelled out another $50.00 for what looked like a decent programming book. I banged out some examples of pretty run of the mill stuff (all those books seem to have the same kinds of things, maybe because the API very much encourages one kind of program), and then the next thing you know the book ended. Still not feeling like I knew what I needed, I spent some more money on another book-- I learned some painful lessons about API's and how the internal OS functions aren't documented any more (at least not by Microsoft) no matter how much you spend.
By the time I finished working my way through the second book, I knew enough to know that all my problems would be solved if I just registered as a developer and paid $100 for a device driver kit (I know they are free now, but they weren't then.) So here I am, on the verge of being $300.00 in the hole, still not any closer to implementing my silly little afternoon idea. The cost outweighed my interest in learning at that point. I just ran out of steam. Programming for me had always been fun, not work! At about the same time, I installed Linux kernel 1.2.13 for the first time. Docs and HOWTO's for miles! Fully documented system calls, and even the source code for the OS itself if I am willing to spend the time to get my head around it. Free compilers for any langauge you care to mention-- I have learned several scripting languages, learned more about C/C++, and even dabbled with some 32 bit assembly without having to part with any cash or "development tax", as I have come to call the cost of entry into the windows programming market. Hobbyist programming and hacking only exists in the windows market as ports from open source projects. I could put more than one kid through college for the money it would cost me to learn as much as I have on open source tools if I bought comparable Win32 tools (where they exist). I feel a debt to the community for giving me the highest quality tools to hack with, and I'm sure many other fledgling developers do, too. Meanwhile the competition has stooped to prosecuting schools in an effort to extract maximum profits.
2. Economics
If you write commercial software, it has to be a successful venture in order to survive. Microsoft has agressively destroyed or absorbed competitors in the PC market. The only way to compete is to give it away-- if you actually start making money, you show up on the radar and get clobbered. I think Netscape is a good example here, everything was fine until it actually started to look like they could make money. Soon after that, they got sucked into a war they didn't have the resources to survive. You just can't compete. So a lot of developers don't. They write solid code and put it out there. There is no room in the comercial market for their artistry unless they are willing to market and litigate their way in, and the ugly nature of competing with a monster sucks the joy out of programming for them. So they pay the bills during the day writing uninteresting things, and then they write what they want on their own time. Of course, students are good at finding time to contribute, too. I work as a system administrator, and hack code when I get time here and there. We find ways to do what we like to do, and part of the joy is having some other people with similar interests look at it and think, "Gee, that's pretty cool."
I think you could solve the computer hunting and fatal attack problems making it cue on motion detection rather than heat. If they stop moving, it stops whapping them. You're right about the cat not appreciating it, though. That's what slows me down.
I guess you would also have to be careful not to leave the ceiling fan on, or it might destroy the house. Maybe we need heat and motion detection?
Get involved. Write letters. They *do* get counted, even if they don't count for anything until they hit critical mass. They may not read your letter any longer than it takes to tally another count for the open source zealot column, but they are at least going to do that. No one likes to lose a vote.
Be aware that in a majority rule system, it is hard for a minority (informed computer users) to find a voice. But the "ruling class" always seem to manage OK, and there aren't many of them. How do they do it? They make noise and they spend money.
So, donate to EFF, buy products based on open source, and encourage your company to do the same. For example, I order new systems with commercial Linux distro's on them even though they will most likely end up with Debian installed by the time they go into service. Sure, it's a drop in the bucket (we are a very small company) but we do what we can. I try to buy switches and hubs that have the "works with linux" stickers on the box. I know there isn't really any difference, but I want to reinforce the idea for hardware manufacturers that "support for linux = more $$$".
Hopefully Red Hat and others will eventually have enough cash to grease a few wheels. It only takes one lunch with a Senator where someone says "Please don't put us out of business... and by the way did you see that we contributed a little something to Furman's computer lab? Doesn't little Margory go to Furman? What a pleasant coincidence. I do hope to see you at the next campaign rally" to swing a vote at the next committee meeting.
I'm one of those people who believes that lobbyists exert far too much leverage with our representatives, and most of it does not work in our favor.
Lobbyists do what they do with CASH. I am not sure that Linux and related technology needs to be commercialized to survive, but we (the community) do need to buy or beg at least enough influence to make sure we don't get patented and DMCA'ed out of the game. I just moved the last vestiges of our file services off of NT, and I am now enjoying reduced maintenance time while I brace for the first SAMBA patent infringement lawsuit. I will lose "boy genius" status with my boss in a heartbeat when that hits the papers.
I don't car if Linux never gets more than 25% of the corporate server market-- as long as there still *is* a Linux, and as long as there remains enough incentive and legal freedom to allow the kernel hackers, the Gnu guys, the Samba team, and the Apache team to keep doing what they have been doing for us for all this time. (I am not leaving KDE/Gnome and others out on purpose, I just already feel like I am starting to ramble.) In a lot of ways I think the changes needed to make Linux suitable for mass consumption are in danger of making it unsuitable for people like me. But that is another story-- as long as the config files stay "human readable" and documented we will all be OK.
One thing to keep in mind is that some people consider punishment for the crime committed as an important part of the "prison experience".
You dismiss the "they broke the social contract" argument in your post, but it *does* have direct bearing here.
If someone spends time in jail being denied the rights which those of us on the outside allegedly enjoy and which we like to think separate us from "lesser democracies"-- and privacy is chief among these, then he or she may spend that time considering the importance of these rights, and how to keep from losing those rights again in the event he or she gets them back.
I think the relationship between the state and the prisoner *has* to be fundamentally different from the relationship between the state and the "upstanding citizen" for as long as the prisoner is in jail paying his or her debt to society. Now whether it is fair to change the rules for this person after their release is another matter, because committing a crime should not necessarily disqualify a person from good citizen status for life-- especially when it comes to the "consensual crimes" which are tying up so much of our jail space and other resources.
It doesn't sound too good to me. If you try to see it from the point of view of third-parties who contributed code to this project in anticipation of being able to use the finished product, then it starts to look like Sistina is telling these people that they have acquired precisely nothing for their contribution.
In other words, Sistina has (actually, I should say may have, because I have no idea how much of the code base was developed by the community) leveraged the benefit of the community's contribution fully, then reneged on the long-term benefit to the community side of the equation.
Heck, even quality testing and bug reporting has great value, and many of these users were probably working under the impression that they would be entitled to make use of the end result as they see fit.
If companies keep doing this kind of end-run around the GPL, extracting maximum value for themselves and then refusing to let the community extract all the benefit it can derive, this may lead to restrictions against these practices being written into the GPL. It's already a tough sell as it is!
I hope companies will exercise great care with how they use the community resources. I know open source software has made a big difference in my life, and I don't want the well to run dry.
This is an almost hopelessly naieve point of view. The people in government responsible for making these decisions are just that, people. In the aggregate, they make up that "software market" we keep hearing so much about. (Particularly the informed decisions the market tends to make.) Most of them simply don't have the technical depth in this area necessary to make what we self-described techno-elite types would consider the "only right choice".
The sad truth is there is a tremendous shortage of people who really understand how computers work in the world. Among people who have been using computers for less than five or even ten years, the percentage who are aware that someone other than Microsoft or Apple writes operating system software is disturbingly small.
To make matters worse, the government pays less than private industry for computer talent, and therefore is at a loss competing with private industry for job candidates. Hell, many of the management types who have a lot of say in the matter aren't really "computer people" at all. Remember when blue screens paralyzed one of the Navy's new ships? Government branches have settled on Win32 platforms in the past and will likely continue to do so. It sucks, and I wish they would take better care of my tax dollars, but that's how it is.
According to UniSys (http://www.unisys.com/home/enterprise/), the Coast Guard has standardized on Windows NT for relaying mission critical search and rescue data. As a sailor who is planning on cutting the dock lines for good one day, this frightens me.
I think Linus is wrong not to be paranoid about this de facto tax collector issue. The government will be more than happy to let Microsoft collect revenue any way they can, because the government will collect taxes from them in the end. Why go to the trouble to figure out how to tax and collect on internet transactions (not to mention pushing the legislation through) if Microsoft can figure out how to do it for them and they can collect from Microsoft by taxing their revenue? After all, as far as most of our Congresspersons are concerned, Microsoft represents the best and brightest in computer innnovation. And they have the campaign contributions to prove it.
I think we're looking at this from pretty much the same viewpoint. On the one hand, it's exciting to think about, but on the other hand it's hard to see this as being immediately useful in most environments.
Still, every time our CAD operators start to bump against the storage limits on our file server, I start to think about all the unused drive space on their client machines. They have 5-10 GB apiece I am always telling them not to use because it's not secure and doesn't get backed up.
In the "wouldn't it be great" department, it would be nice if I could organize their unused space and processor cycles into a kind of "storage hive" which would appear to them (and my backup scripts) as a network file system. We have the LAN bandwidth to spare, but I am not sure how much cost would be associated with leaving all the workstations on all the time.
Then there are the problems associated with the reliability of a certain operating system they are all running. It seems to self destruct if you don't reboot it fairly regularly.
I think this differs from a SAN (storage area network) in some subtle but important ways, and it's as close as I can get to a "killer P2P app" for business.
Essentially, ditch the server and distribute its tasks among the under utilized clients. The whole server is replaced with a cluster of processes running on client machines.
Sounds great to me, but I don't think it can be built with the pieces we have today. I am not about to bet the bank on a swarm of Win98 boxen...
As FreeNet progresses, I find myself wondering how hard it would be to write a client for it that would present a CIFS (Samba, SMB) interface to applications.