Actually, I want to point out that we do harbor terrorists - assassinating world leaders does tend to be a genuine passion for these people, and our CIA finally got out of the habit because it was causing too much political fallout.
I wonder when they(we)'re going to figure out that backing dictators and pseudo-military organizations is causing too much political (and physical) fallout.
Oh, and are Timothy McVeigh and Ted Kazynski (sp) terrorists? We harbored them. What about the donations to the IRA from US citizens? We certainly seem to be fostering terrorism overseas...
If you don't have anything to hide, why use encryption?
What is Terrorism? What is hacking? Am I hacking if I portscan you? Is there a legitimate use for having a portscanner? Is there a legitimate use for knowing how to write one? Should programmers be licensed? Should non-"compliant" compilers be outlawed? Should open source software be outlawed? (It helps teach people to write programs, and they can get ahold of a compiler!)
To really make a worm mess people up, it needs to get root access. That fact alone is enough to make Apache more secure than IIS, due to the fact that unless you're an idiot you run your Apache servers as a non-root user.
For a moment, this didn't ring true. Why? Because the capacity of a local user to utilize a local root exploit (and thus render your argument invalid) is high.
But then, I realized something. Open Source software encourages diversity. Apache may be running on Windows, Debian GNU/Linux, Redhat, OpenBSD, FreeBSD, etc... etc... And the root exploits are all different. Who are you going to pick on? All of them?
The worm we're seeing floating around the MS community are exploiting lots of known bugs in one fell swoop. Virtually all Windows installations except those secured by some smart users and some smart admins are vulnerable to one of these attacks. Thus, once again, the Open Source world could have a worm that used a collection of exploits to root many kinds of boxes, right?
Wrong. The memory footprint and coding skill this would take would make the worm look a lot more like "Microsoft Office for Every Platform" than the Morris Worm. That's because the vulnerabilities taken advantage of are most often in a variety of particular programs rather than some standard API or a few known awful (*cough*Outlook*cough) offenders. If a kernel version or the last few X11 versions had some huge flaws, or maybe Gnome or KDE, then we have a chance to worry. But you know what? The only one of those that Apache is involved in at all is the kernel. Server machines s often do not have X11, let alone Gnome, or KDE.. etc.. etc..
So my extremely longwinded point is: We aren't immune, but the kind of attack that we're seeing on Windows right now is hard against Open Source Software. Infinite Diversity in Infinite Combinations.
And in this case, it should be the next step for Linux security, but still.;)
Capabilities rock my world and provide the capability (pun not intended) for the sort of no-nonsense secure-by-default security that people dream of these days. I don't know how effectively they can be added to the linux platform in general, since we have a lot of existing software that could break given a sufficiently odd change to the general security model. But, capabilities are a good start for creating and maintaining a secure-by-default future for Linux. Pervasive use of capabilities would make me very happy, since then I might actually have some control over what programs will actually be allowed to DO!
Oh, yeah. I know what you're talking about. I was just marveling at the fact that ports lets you do something that you have to do by hand if using apt-get.. and apt-get would let you do something even cooler if it had non-root-user uses.;)
Actually, one fun thing that I have done before, too - tar gz an install of your favorite gnu/linux, save it somewhere. un-tar-gz it into a subdirectory somewhere, and play with chroot. It's nice. (It works best if you've got root on the box, though.) For a while I was running a hybrid of debian unstable and stable on the same box by having a chroot'd unstable install.;)
Something that no one seems to have made a big deal out of - ports allows you to run it _as a local user_ and have the programs effectively installed in your home directory.
<doubletake / >
That's right, you can have that IRC client of your VERY OWN! I hadn't realized that the ports system did this. On the box that I control, I add new software all the time. (apt-get install this-that-and-the-kitchen-sink)
As much as apt-get rocks, however, you've pretty much gotta be root, and it likes to install things in system-wide locations. So my friend Eugene who really likes links better than lynx has to come ask me to install it, or compile it from source by hand.
They have solved the problem of software management on a multi-user system, at least when the source is available. Keep in mind that one of the things that has made NT 4.0 horrible to deal with for a large number of people is this very thing. su is your friend.
Are you an administrator? Oh, well, you can't install this, because it wants to write a registry key HERE and it's not supposed to want to do that. Reboot, become Admin, install, return to being user - maybe software works, maybe it doesn't. (It's not _that_ bad with linux/deb or rpm.)
AFAIK (IANA Debian God) there is no way to get apt-get to install things in an automated way in the user's home directory. Sure, you can get the source there.. But the really cool thing would be if, not running as root, you ran apt-get and it installed everything in your home directory except that which was already on the system!
Ooooo... this is cool. Then, when root tries to install the same thing, maybe it could check the signature of the package the local user has downloaded and install it systemwide if the signature matches the one from the debian repository. <div voice="hick">Hee-HEE! Hawt damn!</div>
I do not trust our government, for reasons that another reply alluded to.
I will address the FBI and CIA in turn.
The FBI has repeatedly been involved in various actions against American people in the name of "National Security" and in spite of growing popular dissent against the view that the government held. For instance, J. Edgar Hoover's stance on the Mafia is one. The FBI infiltration and destruction of various civil rights oriented groups is another. The FBI has repeatedly shown itself to run amok without some form of oversight.
Therefore "Critical" information about the FBI is revealed to Congress quite often, and we have open records acts to reveal it to the people in time. In the wake of this tragedy, I have no reason to trust that the FBI has acted in our best interests without the information that will be revealed eventually. Did the FBI know anything about this? Has the FBI taken this as an opportunity to arrest members of unrelated groups due to the lack of political backlash for their actions? Is the FBI standing by NOT protecting Arab-Americans and others from attacks by outraged bigots?
When records of these days come under public scrutiny, the answer we will get will be little black marks on otherwise legible documents. We need more access to information at this time, not less.
The CIA has f*cked up in the middle east. We trained Osama bin Laden, armed the people who are now the Taliban, armed Saddam Hussein, destabilized any country which doesn't like us very much... Do you think that these things have served us, as citizens, well? I certainly don't. If, indeed, Osama bin Laden was behind the death of 5500 people (or his organization! Or hell, virtually anyone in the Middle East, to an extent!) we have a fairly large part in creating him and his status as a hero today. Without our intervention in Afghanistan in the name of the Cold War, there would be a very different Al Qa'ida, if any at all. We taught him counterespionage tactics to avoid Soviet Intelligence.
With that in mind, do you think I'd like to know what the CIA has been doing for the last year? Hell yeah! I'm sure Al Qa'ida wants to know, too. The question is: Who had ~5,500 people lost last week? Don't you think we have a right to know what our military terroist branch is doing these days?
The free flow of information is vital to a democracy. Under the attitudes you espouse, we would have no voice in a great part of our nation's foreign policy.
In this context, without information, we have no control. There is nothing to write letters about, no petitions to sign, if we are in the dark as to what we are doing. We can sit here in the dark until airliners come crashing down and buildings fall around us, and we still won't have any clue why these people hate us or what they are retaliating for.
We need more information about what our government is doing because this is a representative democracy. The day that we toss the constitution that makes us just that out the window, I move to someplace free, like the former Soviet Union.
I do believe that you are basically asserting that there is no reasoning with 'those people.' I agree. No reasoning with blacks, Jews, gays, feminists, or Muslims. They don't understand anything but a show of force, right? They're bent on exterminating our way of life! We have to stop them at all costs!
Ignoring your neo-McCarthyism, (Yes, I'm limp-wristed AND unAmerican, thanks for implying) I don't have any reason to believe that this wasn't in some way our own creation. If, indeed, Osama bin Laden, the Taliban, or Iraq were involved, we created those monsters. (The Taliban indirectly, the others MUCH more directly.) Do you know WHY we did this?
Iraq/Saddam Hussein - What a lovely pawn against Iran!
The Taliban/Osama bin Laden - What a lovely pawn against the Soviets! (The Taliban inherited the lions share of US training and weaponry after the Soviets pulled out.)
We didn't CREATE militant Islam, we just created a nice little corner of the world for it to survive and flourish in. Where Osama bin Laden lives now, and has his lackeys crash planes into buildings to thank us.
Ironic, isn't it? The thing that is spawning a new McCarthyism is a direct product of our policies spawned from an old one. History repeats itself like a virus replicating.
I don't object to a careful show of force. I don't really object to disarmring the Taliban piece by piece, as well as Osama bin Laden and Saddam Hussein. Just think of it as the US deciding it really didn't want to hand those people all those weapons after all.
What people like you don't realize (and it makes me sick!) is that we currently, right now, this very minute, have the capacity to win a new image for America - a nation who isn't the great Satan, and who does, at least, care about what goes on in the rest of the world. Carpet-bombing Afghanistan will not win this image for us.
I try not to complain without at least suggestions, but the actions we have taken so far have me pretty much stumped. Now, if we don't carpetbomb Iran... er... Iraq... er... Sudan... er... Afghanistan, we look like chumps on the world stage. Gu-reat. *sigh* If we do, we have the potential to ignite a conflict that will INVOLVE MILLIONS of the non-militant Muslims you seem to think we're living in peace with.
The unwillingness of you and people like you to recognize that the US has foreign policy, let alone that our foreign policy may not always be in the best interests of the American people... THAT sickens me.
**IE USERS - Parent link infected**
on
A New Kind of War
·
· Score: 1
The link in the parent tried to get me to download readme.eml. Yay. See the article about the new worm if you want to know why this is bad. NO ONE using Internet Explorer should click through that link.
Once upon a time, because all good stories begin once upon a time, the Evil Communist Threat (tm) invaded Afghanistan.
We, The Good Guys (tm), promptly decided that this must be STOPPED! So, we engaged in an alliance with the Saudi Arabian government (who also had something to lose if the Evil Communist Threat (tm) made it through Afghanistan. We, with American goods and training and some Saudi Money and bases, propped up the Mujahadeen (sp?) and taught Osama bin Laden (among others) how to go about defeating Soviet intelligence.
Now here's the fun part. Where did militant Islam come from, eh? Oh sure, there are militant people who are Islamic (in Palestine, for instance) but there are not actually all that many people in the whole Arab world who see Islam as in need of a grand unified army. (less than 2% by some estimations, but that's just speculation, AFAIK.)
What's NOT speculation - what's on the written record, actually - is that the particularly virulent strand of militant Islam that is BITING US IN THE ASS RIGHT NOW was disseminated by being broadcast over Radio Free * as a result of a policy decision by one Polish immigrant who really hated the soviets. A guy by the name of Brzezinski. Rather than backing secular or democratic forces in Afghanistan, we chose to use people's religion to get them whipped up into a fervor.
Wow, that worked really well.
So, please, vomit somewhere else. If I'm a boo-hoo apologist because OUR FOREIGN POLICY IS %100 TO BLAME for all of this mess, so be it. If I don't want to start, or fight in, World War III, and that makes me an apologist, so be it. If I don't want to kill several thousand Muslim people just 'cuz their Muslims (or Sikhs), and that makes me an apologist, so be it.
What you say is somewhat true. Many of the people on major projects are paid to work on it full time. Yay, them! But many people who start projects do so with a vigor that allows them to devote a ~40 hour week to it. They do work full time, not for money, because they need something.
Just because some people are lucky enough to get paid to do this doesn't mean that their projects are the only ones worthy of attention. Surprise, surprise - if you hire some people, the project goes faster, gets bigger, gets more attention.
Doesn't mean that the fabled Open Source project doesn't happen. Linux kernel, anyone? (NOW he gets paid for it, yeah;)
I had to view this in Lynx instead of my usual web browser (Galeon) - because for some reason, his site only turns up
<html>
<body>
</body>
</html>
(That's articles, front page, anything.)
Was it just a fluke? Or should I suggest that he send an HTML 4.0 compliant webpage as the default, since I'm sure that would work just fine? (If he's sensing browser types.;)
Oops. The update lost my preference for posting HTML and it made my message look like that. Sorry.;)
And as for you preview-it flamers, I tried to preview it - and my connection timed out. I tried again, figured it was a problem, checked over my work and hit submit. Worked fine.
I read these comments. I see that everyone is saying why this is so awful, because there is an effectively infinite supply of blah blah blah, and things don't degrade or blah blah blah...
Digital information does not degrade. You might make a case that something like degradation does happen to digital information. I doubt that you could make a case that the same metaphor doesn't extend to Everquest objects.
Digital information can be copied with very little cost. (I say very little, because it's not exactly none - in either case. Subscriptions to Everquest, anyone?)
After all, these Everquest objects (currency or players) are software - or at least, data.
Please, mock the study of these economics the next time you buy Windows (or even pay the MS tax.) The next time you buy a CD. The next time you download Free Software.
Pay a subscription fee for Everquest, value-add, sell your character for money. Pay a subscription fee for internet access, download a linux and value-add - sell your linux for money. Maybe it should be our new economic model!
Did it ever occur to you people to realize that anything less than full disclosure has a good chance of leading us down the road to a completely sealed market?
Let's assume for a moment that I know a hell of a lot about security. I want to set myself up as a security consultant and help people fix things. So, I decide that the information in "BugVault" is going to be valuable to my profession.
If they let me in, where's the less-than-full disclosure? If they don't let me in, how am I going to do my job?
I'm sure that a model could be created which allowed subscription under certain conditions - but how much work am I going to do for a 'real' security company before I'm allowed to take a look at the list of problems in the products I'm working with? Mmm... Indentured servitude...
And with Microsoft starting to eye the security market, ("Personal Firewall BUILT IN! You don't need that silly Zone Alarm!") how long will it be before it's just another "Play Nice with Microsoft to get your information" kind of situation?
Yup, have to agree with the person who WASN'T modded up in response to this: GMAFB.
Our country, economically, socially, and politically, is N times more a threat to the future of free software than any other country in the world. We're the ones holding the handbasket, and taking everyone along for the ride.
That's what's so frustrating about being a Free Software advocate: it's easy to tell people what Free Software is, how to use it, and why it's good. It's hard to get them to understand why every day it gets a little harder to make equivalent free software.
While this inability to understand is not strictly related to national borders, the laws, society, and economy which shove anything 'free' or 'Free' onto the back burner ARE.
Good grief.
Re:Linux will be just as bad...discuss....
on
Windows in 2020
·
· Score: 1
An answer to this, and to the anonymous coward who also responded:
Debian.
They already have signed package lists and a special security update server - just get the thing to try to run them at midnight.
Someone will set up an appliance box with two equal partitions. It will download security patches every day or so (and check the authenticity of all of its binary files, and install the correct packages to 'repair' any corrupted ones) and it will check their signature before installing them, eliminating the man in the middle attack. (Not only that, but probably downloading them over HTTPS at this point would be good...)
Then, copy partition 1 over partition 2, (you can be nicer, but we're going for secure), install the packages you've downloaded in partition 1, and check yourself. If you work, kill all non-authorized processes and keep chugging. If you don't work, copy partition 2 back over partition 1, kill all non-authorized processes, and page or call the network administrator phone numbers that you have. Enjoy!
Just to point out something others have pointed out before:
AFAIK, the patch doesn't work under certain conditions. (URL redirection.)
With that in mind, there is still a problem - the patch itself is inherently not 100% effective. We are not trying, in general, to limit the worm - we are trying to eliminate it. I'm sure there are some people for whom the URL redirection is critical, and, therefore, the worm is simply an annoyance.
For the first time in a LOOONG time a company has (had) been charged with fraud, in connection with activities that constitute... well... fraud.
Aside - if it had been a DMCA violation, we would have been executing^H^H^H^H^H^H^H^H^Hprosecuting employees by now.
In my mind, at least, it's going to be very hard to maintain that their patents are bogus if they are not fraudulent. I don't know much about how our appeals system works (never had to use it, thank gods) but I expect that the higher court to whom they appeal cannot effectively re-open the investigation of fraud without Infineon also appealing.
That means the next case is (probably) going to go like this:
These your patents? Yup.
This their RAM? Yup.
Pay 'em. Case closed.
AFAIK there is no viable way for the court to assert anything else without a _major_ break from precedent.
NEW ideas count as innovation; these are elusive things that have never ever been on the inside of the fence, so you see?, you don't really need the ladder..
Wow. My hat is off to you. That metaphor describes exactly what I think needs to be done in the world of Open Source today.
Forget what everyone else is doing. Do something completely new. Really, completely, new.
Slashdot Mirror
A sun workstation with built-in refrigerator?! I want one!
I wonder when they(we)'re going to figure out that backing dictators and pseudo-military organizations is causing too much political (and physical) fallout.
Oh, and are Timothy McVeigh and Ted Kazynski (sp) terrorists? We harbored them. What about the donations to the IRA from US citizens? We certainly seem to be fostering terrorism overseas...
What is Terrorism? What is hacking? Am I hacking if I portscan you? Is there a legitimate use for having a portscanner? Is there a legitimate use for knowing how to write one? Should programmers be licensed? Should non-"compliant" compilers be outlawed? Should open source software be outlawed? (It helps teach people to write programs, and they can get ahold of a compiler!)
Well, DUH, the answer is simple.
For a moment, this didn't ring true. Why? Because the capacity of a local user to utilize a local root exploit (and thus render your argument invalid) is high.
But then, I realized something. Open Source software encourages diversity. Apache may be running on Windows, Debian GNU/Linux, Redhat, OpenBSD, FreeBSD, etc... etc... And the root exploits are all different. Who are you going to pick on? All of them?
The worm we're seeing floating around the MS community are exploiting lots of known bugs in one fell swoop. Virtually all Windows installations except those secured by some smart users and some smart admins are vulnerable to one of these attacks. Thus, once again, the Open Source world could have a worm that used a collection of exploits to root many kinds of boxes, right?
Wrong. The memory footprint and coding skill this would take would make the worm look a lot more like "Microsoft Office for Every Platform" than the Morris Worm. That's because the vulnerabilities taken advantage of are most often in a variety of particular programs rather than some standard API or a few known awful (*cough*Outlook*cough) offenders. If a kernel version or the last few X11 versions had some huge flaws, or maybe Gnome or KDE, then we have a chance to worry. But you know what? The only one of those that Apache is involved in at all is the kernel. Server machines s often do not have X11, let alone Gnome, or KDE.. etc.. etc..
So my extremely longwinded point is: We aren't immune, but the kind of attack that we're seeing on Windows right now is hard against Open Source Software. Infinite Diversity in Infinite Combinations.
Capabilities rock my world and provide the capability (pun not intended) for the sort of no-nonsense secure-by-default security that people dream of these days. I don't know how effectively they can be added to the linux platform in general, since we have a lot of existing software that could break given a sufficiently odd change to the general security model. But, capabilities are a good start for creating and maintaining a secure-by-default future for Linux. Pervasive use of capabilities would make me very happy, since then I might actually have some control over what programs will actually be allowed to DO!
relevant capabilities link
Actually, one fun thing that I have done before, too - tar gz an install of your favorite gnu/linux, save it somewhere. un-tar-gz it into a subdirectory somewhere, and play with chroot. It's nice. (It works best if you've got root on the box, though.) For a while I was running a hybrid of debian unstable and stable on the same box by having a chroot'd unstable install. ;)
<doubletake / >
That's right, you can have that IRC client of your VERY OWN! I hadn't realized that the ports system did this. On the box that I control, I add new software all the time. (apt-get install this-that-and-the-kitchen-sink)
As much as apt-get rocks, however, you've pretty much gotta be root, and it likes to install things in system-wide locations. So my friend Eugene who really likes links better than lynx has to come ask me to install it, or compile it from source by hand.
They have solved the problem of software management on a multi-user system, at least when the source is available. Keep in mind that one of the things that has made NT 4.0 horrible to deal with for a large number of people is this very thing. su is your friend.
Are you an administrator? Oh, well, you can't install this, because it wants to write a registry key HERE and it's not supposed to want to do that. Reboot, become Admin, install, return to being user - maybe software works, maybe it doesn't. (It's not _that_ bad with linux/deb or rpm.)
AFAIK (IANA Debian God) there is no way to get apt-get to install things in an automated way in the user's home directory. Sure, you can get the source there.. But the really cool thing would be if, not running as root, you ran apt-get and it installed everything in your home directory except that which was already on the system!
Ooooo... this is cool. Then, when root tries to install the same thing, maybe it could check the signature of the package the local user has downloaded and install it systemwide if the signature matches the one from the debian repository. <div voice="hick">Hee-HEE! Hawt damn!</div>
Well, DUH, from OEM and Corporate sales.
<unthinking> Well, they should know! They installed it, right!? </unthinking>
reality sets in
So, as an aside, does anybody wanna go find out which OEMs ship Windows with IIS on by default and blame them? ;)
(And in case you didn't have the reality-setting-in part, most home users did not install windows on their machine from a cd. Supposedly.)
As I pointed out to someone above: <voice character="yoda">There will be. There will be</voice>
Ah. The question is not "How many do?" but, rather... "How many WILL?" ;)
BEGIN PGP MESSAGE
1985`jw6tioh2146;'4363n471=90ujq;abd' lkajhfg;)...
I do not trust our government, for reasons that another reply alluded to.
I will address the FBI and CIA in turn.
The FBI has repeatedly been involved in various actions against American people in the name of "National Security" and in spite of growing popular dissent against the view that the government held. For instance, J. Edgar Hoover's stance on the Mafia is one. The FBI infiltration and destruction of various civil rights oriented groups is another. The FBI has repeatedly shown itself to run amok without some form of oversight.
Therefore "Critical" information about the FBI is revealed to Congress quite often, and we have open records acts to reveal it to the people in time. In the wake of this tragedy, I have no reason to trust that the FBI has acted in our best interests without the information that will be revealed eventually. Did the FBI know anything about this? Has the FBI taken this as an opportunity to arrest members of unrelated groups due to the lack of political backlash for their actions? Is the FBI standing by NOT protecting Arab-Americans and others from attacks by outraged bigots?
When records of these days come under public scrutiny, the answer we will get will be little black marks on otherwise legible documents. We need more access to information at this time, not less.
The CIA has f*cked up in the middle east. We trained Osama bin Laden, armed the people who are now the Taliban, armed Saddam Hussein, destabilized any country which doesn't like us very much... Do you think that these things have served us, as citizens, well? I certainly don't. If, indeed, Osama bin Laden was behind the death of 5500 people (or his organization! Or hell, virtually anyone in the Middle East, to an extent!) we have a fairly large part in creating him and his status as a hero today. Without our intervention in Afghanistan in the name of the Cold War, there would be a very different Al Qa'ida, if any at all. We taught him counterespionage tactics to avoid Soviet Intelligence.
With that in mind, do you think I'd like to know what the CIA has been doing for the last year? Hell yeah! I'm sure Al Qa'ida wants to know, too. The question is: Who had ~5,500 people lost last week? Don't you think we have a right to know what our military terroist branch is doing these days?
The free flow of information is vital to a democracy. Under the attitudes you espouse, we would have no voice in a great part of our nation's foreign policy.
In this context, without information, we have no control. There is nothing to write letters about, no petitions to sign, if we are in the dark as to what we are doing. We can sit here in the dark until airliners come crashing down and buildings fall around us, and we still won't have any clue why these people hate us or what they are retaliating for.
We need more information about what our government is doing because this is a representative democracy. The day that we toss the constitution that makes us just that out the window, I move to someplace free, like the former Soviet Union.
Don't you guys remember? We promised that the LAWYERS would be first...
Ignoring your neo-McCarthyism, (Yes, I'm limp-wristed AND unAmerican, thanks for implying) I don't have any reason to believe that this wasn't in some way our own creation. If, indeed, Osama bin Laden, the Taliban, or Iraq were involved, we created those monsters. (The Taliban indirectly, the others MUCH more directly.) Do you know WHY we did this?
Iraq/Saddam Hussein - What a lovely pawn against Iran!
The Taliban/Osama bin Laden - What a lovely pawn against the Soviets! (The Taliban inherited the lions share of US training and weaponry after the Soviets pulled out.)
We didn't CREATE militant Islam, we just created a nice little corner of the world for it to survive and flourish in. Where Osama bin Laden lives now, and has his lackeys crash planes into buildings to thank us.
Ironic, isn't it? The thing that is spawning a new McCarthyism is a direct product of our policies spawned from an old one. History repeats itself like a virus replicating.
I don't object to a careful show of force. I don't really object to disarmring the Taliban piece by piece, as well as Osama bin Laden and Saddam Hussein. Just think of it as the US deciding it really didn't want to hand those people all those weapons after all.
What people like you don't realize (and it makes me sick!) is that we currently, right now, this very minute, have the capacity to win a new image for America - a nation who isn't the great Satan, and who does, at least, care about what goes on in the rest of the world. Carpet-bombing Afghanistan will not win this image for us.
I try not to complain without at least suggestions, but the actions we have taken so far have me pretty much stumped. Now, if we don't carpetbomb Iran... er... Iraq... er... Sudan... er... Afghanistan, we look like chumps on the world stage. Gu-reat. *sigh* If we do, we have the potential to ignite a conflict that will INVOLVE MILLIONS of the non-militant Muslims you seem to think we're living in peace with.
The unwillingness of you and people like you to recognize that the US has foreign policy, let alone that our foreign policy may not always be in the best interests of the American people... THAT sickens me.
The link in the parent tried to get me to download readme.eml. Yay. See the article about the new worm if you want to know why this is bad. NO ONE using Internet Explorer should click through that link.
We, The Good Guys (tm), promptly decided that this must be STOPPED! So, we engaged in an alliance with the Saudi Arabian government (who also had something to lose if the Evil Communist Threat (tm) made it through Afghanistan. We, with American goods and training and some Saudi Money and bases, propped up the Mujahadeen (sp?) and taught Osama bin Laden (among others) how to go about defeating Soviet intelligence.
Now here's the fun part. Where did militant Islam come from, eh? Oh sure, there are militant people who are Islamic (in Palestine, for instance) but there are not actually all that many people in the whole Arab world who see Islam as in need of a grand unified army. (less than 2% by some estimations, but that's just speculation, AFAIK.)
What's NOT speculation - what's on the written record, actually - is that the particularly virulent strand of militant Islam that is BITING US IN THE ASS RIGHT NOW was disseminated by being broadcast over Radio Free * as a result of a policy decision by one Polish immigrant who really hated the soviets. A guy by the name of Brzezinski. Rather than backing secular or democratic forces in Afghanistan, we chose to use people's religion to get them whipped up into a fervor.
Wow, that worked really well.
So, please, vomit somewhere else. If I'm a boo-hoo apologist because OUR FOREIGN POLICY IS %100 TO BLAME for all of this mess, so be it. If I don't want to start, or fight in, World War III, and that makes me an apologist, so be it. If I don't want to kill several thousand Muslim people just 'cuz their Muslims (or Sikhs), and that makes me an apologist, so be it.
The CIA is Al Qa'ida.
Osama Bin Laden is George Bush, Sr.
The civilians are just civilians. Both sides.
What you say is somewhat true. Many of the people on major projects are paid to work on it full time. Yay, them! But many people who start projects do so with a vigor that allows them to devote a ~40 hour week to it. They do work full time, not for money, because they need something.
Just because some people are lucky enough to get paid to do this doesn't mean that their projects are the only ones worthy of attention. Surprise, surprise - if you hire some people, the project goes faster, gets bigger, gets more attention.
Doesn't mean that the fabled Open Source project doesn't happen. Linux kernel, anyone? (NOW he gets paid for it, yeah ;)
<html> <body> </body> </html>
(That's articles, front page, anything.)Was it just a fluke? Or should I suggest that he send an HTML 4.0 compliant webpage as the default, since I'm sure that would work just fine? (If he's sensing browser types. ;)
And as for you preview-it flamers, I tried to preview it - and my connection timed out. I tried again, figured it was a problem, checked over my work and hit submit. Worked fine.
Digital information does not degrade. You might make a case that something like degradation does happen to digital information. I doubt that you could make a case that the same metaphor doesn't extend to Everquest objects.
Digital information can be copied with very little cost. (I say very little, because it's not exactly none - in either case. Subscriptions to Everquest, anyone?)
After all, these Everquest objects (currency or players) are software - or at least, data.
Please, mock the study of these economics the next time you buy Windows (or even pay the MS tax.) The next time you buy a CD. The next time you download Free Software.
Pay a subscription fee for Everquest, value-add, sell your character for money. Pay a subscription fee for internet access, download a linux and value-add - sell your linux for money. Maybe it should be our new economic model!
Did it ever occur to you people to realize that anything less than full disclosure has a good chance of leading us down the road to a completely sealed market?
Let's assume for a moment that I know a hell of a lot about security. I want to set myself up as a security consultant and help people fix things. So, I decide that the information in "BugVault" is going to be valuable to my profession.
If they let me in, where's the less-than-full disclosure? If they don't let me in, how am I going to do my job?
I'm sure that a model could be created which allowed subscription under certain conditions - but how much work am I going to do for a 'real' security company before I'm allowed to take a look at the list of problems in the products I'm working with? Mmm... Indentured servitude...
And with Microsoft starting to eye the security market, ("Personal Firewall BUILT IN! You don't need that silly Zone Alarm!") how long will it be before it's just another "Play Nice with Microsoft to get your information" kind of situation?
Mmm... Pay-per-bugtraq.
Our country, economically, socially, and politically, is N times more a threat to the future of free software than any other country in the world. We're the ones holding the handbasket, and taking everyone along for the ride.
That's what's so frustrating about being a Free Software advocate: it's easy to tell people what Free Software is, how to use it, and why it's good. It's hard to get them to understand why every day it gets a little harder to make equivalent free software.
While this inability to understand is not strictly related to national borders, the laws, society, and economy which shove anything 'free' or 'Free' onto the back burner ARE.
Good grief.
Debian.
They already have signed package lists and a special security update server - just get the thing to try to run them at midnight.
Someone will set up an appliance box with two equal partitions. It will download security patches every day or so (and check the authenticity of all of its binary files, and install the correct packages to 'repair' any corrupted ones) and it will check their signature before installing them, eliminating the man in the middle attack. (Not only that, but probably downloading them over HTTPS at this point would be good...)
Then, copy partition 1 over partition 2, (you can be nicer, but we're going for secure), install the packages you've downloaded in partition 1, and check yourself. If you work, kill all non-authorized processes and keep chugging. If you don't work, copy partition 2 back over partition 1, kill all non-authorized processes, and page or call the network administrator phone numbers that you have. Enjoy!
AFAIK, the patch doesn't work under certain conditions. (URL redirection.)
With that in mind, there is still a problem - the patch itself is inherently not 100% effective. We are not trying, in general, to limit the worm - we are trying to eliminate it. I'm sure there are some people for whom the URL redirection is critical, and, therefore, the worm is simply an annoyance.
Just my usdAside - if it had been a DMCA violation, we would have been executing^H^H^H^H^H^H^H^H^Hprosecuting employees by now.
In my mind, at least, it's going to be very hard to maintain that their patents are bogus if they are not fraudulent. I don't know much about how our appeals system works (never had to use it, thank gods) but I expect that the higher court to whom they appeal cannot effectively re-open the investigation of fraud without Infineon also appealing.
That means the next case is (probably) going to go like this:
These your patents? Yup. This their RAM? Yup. Pay 'em. Case closed.
AFAIK there is no viable way for the court to assert anything else without a _major_ break from precedent.
Remember, though. IANAL. I really hope I'm wrong.
Wow. My hat is off to you. That metaphor describes exactly what I think needs to be done in the world of Open Source today.
Forget what everyone else is doing. Do something completely new. Really, completely, new.