On LinuxWorld Paul Murphy wrote an article comparing Unix and Windows
I'd like to see some unbiased sources say something about how good one is over the other. There must be some out there, but I guarantee that "LinuxWorld" isn't one of them.
I like the idea. Keep processors 1-generation-previous compatible. By the time the next generation comes out, emulators should be able to run the old programs at their full speed.
TV's/Monitors that enforce DRM, and have another invisible "color" over the images dictating the copyright. New cameras wouldn't record anything that they weren't allowed to.
I'm not saying it would happen, I'm just saying that it's not really technically difficult.
Supporters of information anarchy claim that publishing full details on exploiting vulnerabilities actually helps security...and bringing pressure on software vendors to address the vulnerabilities. These may be their intentions, but in practice information anarchy is antithetical to all three goals.
All three goals? There's some on this later - but assuming that he's right with the rest of the entire essay, you'd expect there to be some pressure to address the vulnerabilities, would there not? He even goes further, saying that pulished exploits are antithetical to getting patches out. Brilliant logic.
Providing a recipe for exploiting a vulnerability doesn't aid administrators in protecting their networks. In the vast majority of cases, the only way to protect against a security vulnerability is to apply a fix that changes the system behavior and eliminates the vulnerability; in other cases, systems can be protected through administrative procedures. But regardless of whether the remediation takes the form of a patch or a workaround, an administrator doesn't need to know how a vulnerability works in order to understand how to protect against it, any more than a person needs to know how to cause a headache in order to take an aspirin.
I love this analogy. It actually works. For example - if I knew that the cause of my headaches was an allergy to certain foods, I could avoid those foods, and not have to take aspirin. If I know how an exploit works, I can prevent it with my own tools - firewall, etc. and not have to worry too much about the dubious patches.
Likewise, if information anarchy is intended to spur users into defending their systems, the worms themselves conclusively show that it fails to do this. Long before the worms were built, vendors had delivered security patches that eliminated the vulnerabilities.
Here he's not talking about e-mail "viruses", but worms. Specifically, worms targetting systems people did not know they had on their system. There was plenty of buzz about Code Red before most people had it, and the patch was applied to thousands of computers as people got worried. I'm not an advocate of having people upgrade through fear, but this still disproves his point.
Now - here's his reason for published exploits to take pressure off of vendors to publish fixes :
Finally, information anarchy threatens to undo much of the progress made in recent years with regard to encouraging vendors to openly address security vulnerabilities. At the end of the day, a vendor's paramount responsibility is to its customers, not to a self-described security community. If openly addressing vulnerabilities inevitably leads to those vulnerabilities being exploited, vendors will have no choice but to find other ways to protect their customers.
Crap...I'm trying to find a problem with the logic, but I can't actually understand the argument - anyone? What other ways are there for vendors to protect their customers than put out fixes?
Anyway, that said, I'd just like to express my condolences to the author. Did you see his title? "Manager of Microsoft Security Response Center" Poor guy is probably blamed for half the bugs in code he's never heard of. Can blame him for venting a little. I just wouldn't have done it as publicly.
Let's look at the most recent huge hole - the IIS server. If someone had only released a small amount of information - like "it happens at port 80", no one would know how to block the damn thing without affecting other services. By knowing the exact form of the exploit, people were able to block it. You can't help but publish exploit code (or enough code to give anyone a general idea) in cases like this. The code is an easy way to find out how to prevent the attack.
I say give the most information possible to the security people who need it. If people aren't worried enough about security to find out about the holes, then they shouldn't complain.
True. God did invent this - and it appears that IBM's closing the gap. A giant tower of technology reaching for the heavens with IBM at the peak. It's only a matter of time before programmers around the world are struck down with a curse of multiple languages and different protocols so that they will no longer be able to communi....aw crap.
Bah! Remember - ya foreigner - back in old country, trolls made more than doctors. Get back to wherever ya came from if you don't like the free economy of the West.
Christ - I get here and there are 15 trolls to the 0 useful comments.
Anyway - not knowing much about hardware - how much of a bottleneck is the bus right now? In terms of power usage is it a hog? In terms of heat does it create that much more than the rest of the hardware?
Of course, I'm not complaining about tech advances, I'm just wondering if this is "Woohoo! Problem solved!", or just "keeping ahead of the game".
Currently, the plan is to transition those customers who:
Have Qwest.net Internet Access using an analog dial-up line, Qwest DSL 256, Qwest DSL Select, or Qwest DSL Deluxe connection and,
Use the Windows operating system.
MAC Customers: MSN is working on a MAC solution for your Internet access needs. Until that time, there will not be any changes to your Qwest.net Internet Access service.
No mention of Linux, but I'd assume they'll treat non-Windows the same (until they have a Mac-only fix, of course).
Hmmm - taking a second look at the capitalization on "MAC", it looks like they don't have a "solution" for anyone using a network card:)
What about something similar, but it would "telescope", so that it would act as a regular controller if you wanted it, but you could pull it out for keyboard functionality? Just another stupid idea.
Or on the desktop like a regular keyboard. All I'd need is a keyboard with "wings" that flip up so it's like using a regular controller, with different halves in each hand.
I just went there to see if I could get my own music on there, and found out that they only accept signed bands. I was really disappointed, as it appears that they're immediately dismissing half of the music out there.
Better yet - is there any online repository of *solely* free-music, that artists have made free? I see a lot of MP3s on a lot of artist sites, but no central place where they can be searched/downloaded. I'd like to move from the mainstream, but it's so hard since Napster closed - there aren't enough people on any of the other services to reach the critical mass that it had.
But faith can be based on a tried and true methodology - visions/symbols/signs. Just because it's not the scientific method doesn't mean that it's not based on some other method. The scientific method itself is based on the unproven, no-evidence-for belief that the past is an indication of the future.
And as I said before, a lot of science is taken on "faith" by most of the general population. I've never seen direct evidence of DNA. All I have are the assurances of geneticists (read "spiritual leaders") that this is how life is organized. For all I know, there could be a tiny computer chip inside each cell, or a soul for that matter. It's purely faith that leads me to believe the scientists who tell me these things. I don't believe that there is any difference between the feelings of faith today's populace has for scientists and the faith yesterday's populace had for spiritual leaders. Of course, to truly find the answer, there'd have to be a psychological study done on the brain activity at, say, a mass and a physics lecture. And even then, I'd have to verify the results:)
As I said, it's a matter of how "faith" is defined. If you define it as a sort of loyalty to a concept - be it God or any other - then there is a difference. But it was "knowledge" 500 years ago that the world was flat, and creation myths have been believed literally for millenia. Does that mean that there was no faith involved in this belief? Was their faith in their priests any different than our own faith in our scientists to interpret the causes of reactions? 500 years from now will people look at the "faith-based" religion of thermodymanics?
Slashdot Mirror
On LinuxWorld Paul Murphy wrote an article comparing Unix and Windows
I'd like to see some unbiased sources say something about how good one is over the other. There must be some out there, but I guarantee that "LinuxWorld" isn't one of them.
I like the idea. Keep processors 1-generation-previous compatible. By the time the next generation comes out, emulators should be able to run the old programs at their full speed.
TV's/Monitors that enforce DRM, and have another invisible "color" over the images dictating the copyright. New cameras wouldn't record anything that they weren't allowed to.
I'm not saying it would happen, I'm just saying that it's not really technically difficult.
After years of hard work - my karma is finally at a level to give me +1! Yayayayay!
:= karma - 3;
karma
Canadian, I'm afraid...
Supporters of information anarchy claim that publishing full details on exploiting vulnerabilities actually helps security...and bringing pressure on software vendors to address the vulnerabilities. These may be their intentions, but in practice information anarchy is antithetical to all three goals.
All three goals? There's some on this later - but assuming that he's right with the rest of the entire essay, you'd expect there to be some pressure to address the vulnerabilities, would there not? He even goes further, saying that pulished exploits are antithetical to getting patches out. Brilliant logic.
Providing a recipe for exploiting a vulnerability doesn't aid administrators in protecting their networks. In the vast majority of cases, the only way to protect against a security vulnerability is to apply a fix that changes the system behavior and eliminates the vulnerability; in other cases, systems can be protected through administrative procedures. But regardless of whether the remediation takes the form of a patch or a workaround, an administrator doesn't need to know how a vulnerability works in order to understand how to protect against it, any more than a person needs to know how to cause a headache in order to take an aspirin.
I love this analogy. It actually works. For example - if I knew that the cause of my headaches was an allergy to certain foods, I could avoid those foods, and not have to take aspirin. If I know how an exploit works, I can prevent it with my own tools - firewall, etc. and not have to worry too much about the dubious patches.
Likewise, if information anarchy is intended to spur users into defending their systems, the worms themselves conclusively show that it fails to do this. Long before the worms were built, vendors had delivered security patches that eliminated the vulnerabilities.
Here he's not talking about e-mail "viruses", but worms. Specifically, worms targetting systems people did not know they had on their system. There was plenty of buzz about Code Red before most people had it, and the patch was applied to thousands of computers as people got worried. I'm not an advocate of having people upgrade through fear, but this still disproves his point.
Now - here's his reason for published exploits to take pressure off of vendors to publish fixes :
Finally, information anarchy threatens to undo much of the progress made in recent years with regard to encouraging vendors to openly address security vulnerabilities. At the end of the day, a vendor's paramount responsibility is to its customers, not to a self-described security community. If openly addressing vulnerabilities inevitably leads to those vulnerabilities being exploited, vendors will have no choice but to find other ways to protect their customers.
Crap...I'm trying to find a problem with the logic, but I can't actually understand the argument - anyone? What other ways are there for vendors to protect their customers than put out fixes?
Anyway, that said, I'd just like to express my condolences to the author. Did you see his title? "Manager of Microsoft Security Response Center" Poor guy is probably blamed for half the bugs in code he's never heard of. Can blame him for venting a little. I just wouldn't have done it as publicly.
Let's look at the most recent huge hole - the IIS server. If someone had only released a small amount of information - like "it happens at port 80", no one would know how to block the damn thing without affecting other services. By knowing the exact form of the exploit, people were able to block it. You can't help but publish exploit code (or enough code to give anyone a general idea) in cases like this. The code is an easy way to find out how to prevent the attack.
I say give the most information possible to the security people who need it. If people aren't worried enough about security to find out about the holes, then they shouldn't complain.
Apparently I came in late - but what's a Beowulf cluster?
And, once again, to beat the trolls to the punch, I've already found the one link over here.
True. God did invent this - and it appears that IBM's closing the gap. A giant tower of technology reaching for the heavens with IBM at the peak. It's only a matter of time before programmers around the world are struck down with a curse of multiple languages and different protocols so that they will no longer be able to communi....aw crap.
Yep - variety is the spice of life, my friend.
Garrr - "flamebait" - I meant to have the tags around it.
Meh - my bad.
Bah! Remember - ya foreigner - back in old country, trolls made more than doctors. Get back to wherever ya came from if you don't like the free economy of the West.
Christ - I get here and there are 15 trolls to the 0 useful comments.
Anyway - not knowing much about hardware - how much of a bottleneck is the bus right now? In terms of power usage is it a hog? In terms of heat does it create that much more than the rest of the hardware?
Of course, I'm not complaining about tech advances, I'm just wondering if this is "Woohoo! Problem solved!", or just "keeping ahead of the game".
Never underestimate the power of stupid people in large groups.
Hmm...fits well with
The intelligence of a mob is calculated by taking the lowest individual IQ in the mob, and dividing it by the number of people
From the article :
:)
Currently, the plan is to transition those customers who:
Have Qwest.net Internet Access using an analog dial-up line, Qwest DSL 256, Qwest DSL Select, or Qwest DSL Deluxe connection and,
Use the Windows operating system.
MAC Customers: MSN is working on a MAC solution for your Internet access needs. Until that time, there will not be any changes to your Qwest.net Internet Access service.
No mention of Linux, but I'd assume they'll treat non-Windows the same (until they have a Mac-only fix, of course).
Hmmm - taking a second look at the capitalization on "MAC", it looks like they don't have a "solution" for anyone using a network card
What about something similar, but it would "telescope", so that it would act as a regular controller if you wanted it, but you could pull it out for keyboard functionality? Just another stupid idea.
Or on the desktop like a regular keyboard. All I'd need is a keyboard with "wings" that flip up so it's like using a regular controller, with different halves in each hand.
That just lets them know that your phone line is a regularly used one. Best to just ignore it.
Try include
Stupid "Plain Old Text"...
Thanks, I will :-)
Yep - we're now workin' on it. I'm trying to find out where you register, how much it costs, etc.
I just went there to see if I could get my own music on there, and found out that they only accept signed bands. I was really disappointed, as it appears that they're immediately dismissing half of the music out there.
Better yet - is there any online repository of *solely* free-music, that artists have made free? I see a lot of MP3s on a lot of artist sites, but no central place where they can be searched/downloaded. I'd like to move from the mainstream, but it's so hard since Napster closed - there aren't enough people on any of the other services to reach the critical mass that it had.
But faith can be based on a tried and true methodology - visions/symbols/signs. Just because it's not the scientific method doesn't mean that it's not based on some other method. The scientific method itself is based on the unproven, no-evidence-for belief that the past is an indication of the future.
:)
And as I said before, a lot of science is taken on "faith" by most of the general population. I've never seen direct evidence of DNA. All I have are the assurances of geneticists (read "spiritual leaders") that this is how life is organized. For all I know, there could be a tiny computer chip inside each cell, or a soul for that matter. It's purely faith that leads me to believe the scientists who tell me these things. I don't believe that there is any difference between the feelings of faith today's populace has for scientists and the faith yesterday's populace had for spiritual leaders. Of course, to truly find the answer, there'd have to be a psychological study done on the brain activity at, say, a mass and a physics lecture. And even then, I'd have to verify the results
As I said, it's a matter of how "faith" is defined. If you define it as a sort of loyalty to a concept - be it God or any other - then there is a difference. But it was "knowledge" 500 years ago that the world was flat, and creation myths have been believed literally for millenia. Does that mean that there was no faith involved in this belief? Was their faith in their priests any different than our own faith in our scientists to interpret the causes of reactions? 500 years from now will people look at the "faith-based" religion of thermodymanics?