There is a free solution included with almost every X server -- lbx. If you want, you can even use lbx and tunnel it through ssh, although that doesn't improve things TOO much, as you add latency.
I beg to differ!
I work from home almost exclusively. I use a variety of tools to do my job, but a lot of them involve running a program remotely. I use exactly what you described: lbx over an ssh tunnel.
Let me say, lbx speeds things up tremendously in that scenario. I've occassionally skipped the lbx step, and it is slow as molassas. lbx really is what makes it remotely usable.
But that's almost a tautology: any C or Fortran program that doesn't contain "an ad-hoc, informally-specified bug-ridden slow implementation of half of Common Lisp" is clearly not "sufficiently-complicated";-)
Not really. Take P to be any program. As we know, most programs can be implemented with a variety of complexites, so we designate the complexity of a program as c, and P(c) is an implementation of P that has complexity c.
Now, Greenspuns's 10th states that for any P, there exists a program L, such that given any epsilon > 0, there exists a c0 such that, for any c > c0, |P(c)-L| < epsilon. (|P-L| is the difference between P(c) and L.) Furthermore (and this is the crux of Greenspun's 10th) such an L contains an ad-hoc, informally-specified bug-ridden slow implementation of half of Common Lisp.
In other words, the limit of any program (as complexity approaches infinity) is Emacs.
Remember that no matter what you do, there's risks. Encrypt a voice connection? A room bug will have no trouble listening to that. Even if the room itself has no transmitters, somebody can point a laser at the window and hear what's up. Besides, the encryption doesn't buy you great security: to the NSA, encrypted phone calls are pretty much a joke.
Email may be better. It stands up to cryptanalysis better, and room bugs don't get it. But, it is vulnerable to a lot of new problems: Van Eck emissions, screen flicker, and even a good ol' pair of binoculars across the street.
If you use these, remember that the security of the mechanism is only as good as the security of the computer. If you get 0wnz0r3d, then you're screwed.
Now, consider the idea of "proportional response". Right now, your dad gets phone taps. What do you think will happen if he starts encrypting communication? Sure, a regular phone tap falls apart under almost any sort of encryption. But start using encryption, and they're more likely to put more resources into finding out what you're up to. That's when the things like room bugs and Van Eck attacks come into play.
So, you have to figure out: how much of a risk does your dad represent to them? How much are they willing to spend to monitor his communications? That's the first step to deciding what appropriate encryption would be.
From what I can tell, it should work under transparent proxies. Of course, if you're in a position to control transparent proxies, you could just as easily nullroute that IP/AS (which a lot of NANOGers are doing) or somesuch.
But if you want to try my code with a transparent squid, feel free: antisearch 0.1
I've created a Squid redirector to deal with this problem. I tried to post it here, but couldn't get past the Slashdot lameness filter.
It catches anything going to a gTLD's wildcard response (there's about 15 gTLDs doing this!) and redirects it to google. It also does some other niceties that don't automatically happen when using a proxy, such as adding www. and.org/.com/.net if needed.
If anybody wants the code, then post a reply here and I'll set up a web page with it and post the URL. (I won't bother if nobody wants it.)
You may want to know, also, that some of the NANOG folks have patches for BIND to change these responses back into NXDOMAIN.
Regarding point a: My impression was that it does not need to be a
priviledged user; by exploiting as user mysql, you still get all the
access that mysql has, and may be able to use this to chain into a
privilege elevation attack.
Regarding point b: If RedHat does not, by default, have any "admin"
account, how are new users added?
Regarding point c: It is not unheard of, or even uncommon, for
there to be flaws in web pages allowing SQL access (sometimes within
certain limits).
While it's not the end of the world, and good layered security
should keep this from being a problem in most installs, it's a little
more serious, I think, than you imply. But just a little.
First rule of being a sysadmin: You NEVER put a compiler on a production server. Ever.
My biggest production app will compile and load code changes at runtime. Yes, changes are made on a dev server, but changes are compiled and loaded directly into the running system, to prevent the server going down for more than a second or two (long enough to load in the code once it's been compiled).
It's perfectly relevant, since thousands of/. readers are able to rationalize piracy in this way.
You mean by saying, "They won't provide easy downloads, so I'll download myself, and it's okay?"
Your assertion is that piracy is merely a "market pressure".
Technically, my assertion is that piracy is a manifestation of an unmet market pressure.
So isn't it relevant why this market pressure exists?
Sure. So why does it exist?
I personally think the demand for instant gratifiaction exists because modern society is getting accustomed to this in other areas of entertainment.
(It's not just limited to entertainment. Fast food, for example. But I'll restrict myself to entertainment for this argument.)
The proliferation of video rental stores means that people can drive just a few blocks and come back with the movie of their choice, practically before the popcorn's ready. The hundreds of cable channels expand on this, and with premium channels such as Showtime and HBO, you don't even have to leave your living room. With pay-per-view, you can pick up the recent releases not yet on video. Long distance rates are so low these days that you can chat with your friends anytime you want rather than using bulky old letters, and in the evenings, it's free on many cell plans.
The entry of the Internet into homes, and the commercial expansion of the web, means that you can have whatever entertainment you want at your fingertips. News, chat, comics, stories, humor, whatever you want, straight to you in milliseconds.
Well, almost whatever. There's still that pesky music thing. We can get so much instantly, but there's still precious few legitimate ways to get music over the net. One principle behind a capitalist society is that services will form to fill in demand. Nothing legitimate materialized, so illegal file-swapping became common.
As far as I'm concerned, the correct solution to that is lawsuits, not price cutting.
I'm not arguing prices. I'm arguing availability. People want instant gratification.
Heavy-handed market control is difficult. Anybody who deals with systems in nature (such as wildlife population or fluid dynamics) will tell you: systems that get near their operational limits become very difficult to control. It's going to be uphill work for the RIAA to control this. I don't see any way they can do it with lawsuits alone at this point. They need to put a release on the market pressure, provide a supply for the demand. Lawsuits can provide a little longer time, but only a little. Sooner or later, there's going to be more than they can handle.
Personally, I listen mostly to music from decades gone by. I have the albums, I play them. I have little use for any sort of downloading system. But there's a clear demand for it. If the RIAA doesn't fill the demand, things will only get worse.
Yes, I do understand rationalization. I try every day to recognize and avoid it. But that's irrelevant. You may note that I didn't say-- or even imply-- that sharing copyrighted music was just.
I just said that it was more prolific and more damaging to the RIAA because they're not acknowledging the market pressures.
The RIAA may know they are in trouble, but they are not prepared to merely roll over and accept the fact of piracy.
We don't want them to accept piracy. We want them to face facts of market demands.
The market demands convenience and instant gratification. This is America, for Pete's sake! People want to be able to think, "Hey, I want to hear a new song!" and a few clicks later, it's playing. The RIAA is so stuck on their old business model that they won't face up to the new reality of the market. And any business-minded person knows what happens to companies that don't follow changing markets.
The irony of this, what I find very funny in fact, is that it's getting worse for the RIAA the longer they wait. Had they provided online music downloads a long time ago, when the demand was first visible to the rest of us, then P2P would never have become such a haven for illegal music traders. But by quashing Napster instead of setting up a legit music download service, they caused lots of new P2P music trading to spring up.
Now, because they've waited so long, there is a well-known P2P music trading infrastructure. This means that they may feel the need to use DRM. Had they not given P2P a chance to spring up (by offering their own, legitimate and well-advertised service), then they would have never needed DRM. File sharing wouldn't be commonplace. You wouldn't have 12 year-old girls thinking that paying for KaZaA makes it all legal.
But they didn't, and now it's too late. Who knows what else they may lose if they keep waiting?
I have my own theory. I think that the next thing in line for them to lose is control over the bands. People are getting tired of RIAA-pushed ISO9000-manufactured everything-sounds-alike pop artists. Previously, since the RIAA controlled the radio, that was all that people got free samples of. But P2P provides a new first-sample distribution channel for independent artists. If the RIAA doesn't watch out, they'll lose their chokehold on which artists are coming to the public ear. And then, they'll have some real problems.
It's still a useful tool. Just not for the SCO case,
Why? Who do we think is going to cheat? Who would have incentive to force a mismatch?
Scenario one: Linux hackers change code to force a mismatch. But we have the kernel sources going a long time back, so an impartial judge simply has to pick sources from before SCO's initial annoucement. So this is ineffective.
Scenario two: SCO changes code to force a mismatch. But they are trying to prove a match, so this is contrary to their best interests.
Scenario three: Linux hackers change code to force a match. Besides being vulnerable to the issue listed in #1, it is contrary to their best interests, and also few Linux hackers have access to SCO's (current) source.
Scenario four: SCO changes code to force a match. In other words, they copy code from the Linux sources into their kernel before running shred. This is possible, but is no different that if they made the same copy without running shred.
My department, when preparing our Big Database Without Which We'd Be Screwed, seriously looked at PostgreSQL, MySQL, and Oracle. We decided that PostgreSQL was the way to go.
Slashdot Mirror
There is a free solution included with almost every X server -- lbx. If you want, you can even use lbx and tunnel it through ssh, although that doesn't improve things TOO much, as you add latency.
I beg to differ!
I work from home almost exclusively. I use a variety of tools to do my job, but a lot of them involve running a program remotely. I use exactly what you described: lbx over an ssh tunnel.
Let me say, lbx speeds things up tremendously in that scenario. I've occassionally skipped the lbx step, and it is slow as molassas. lbx really is what makes it remotely usable.
But that's almost a tautology: any C or Fortran program that doesn't contain "an ad-hoc, informally-specified bug-ridden slow implementation of half of Common Lisp" is clearly not "sufficiently-complicated" ;-)
Not really. Take P to be any program. As we know, most programs can be implemented with a variety of complexites, so we designate the complexity of a program as c, and P(c) is an implementation of P that has complexity c.
Now, Greenspuns's 10th states that for any P, there exists a program L, such that given any epsilon > 0, there exists a c0 such that, for any c > c0, |P(c)-L| < epsilon. (|P-L| is the difference between P(c) and L.) Furthermore (and this is the crux of Greenspun's 10th) such an L contains an ad-hoc, informally-specified bug-ridden slow implementation of half of Common Lisp.
In other words, the limit of any program (as complexity approaches infinity) is Emacs.
I agree. It's nothing like a nice lightweight embedded OS.
Erm... That link is to CitySearch's editorial review. I don't see any reason to believe it was written by the hotel itself.
Email may be better. It stands up to cryptanalysis better, and room bugs don't get it. But, it is vulnerable to a lot of new problems: Van Eck emissions, screen flicker, and even a good ol' pair of binoculars across the street.
If you use these, remember that the security of the mechanism is only as good as the security of the computer. If you get 0wnz0r3d, then you're screwed.
Now, consider the idea of "proportional response". Right now, your dad gets phone taps. What do you think will happen if he starts encrypting communication? Sure, a regular phone tap falls apart under almost any sort of encryption. But start using encryption, and they're more likely to put more resources into finding out what you're up to. That's when the things like room bugs and Van Eck attacks come into play.
So, you have to figure out: how much of a risk does your dad represent to them? How much are they willing to spend to monitor his communications? That's the first step to deciding what appropriate encryption would be.
You're welcome: antisearch 0.1
From what I can tell, it should work under transparent proxies. Of course, if you're in a position to control transparent proxies, you could just as easily nullroute that IP/AS (which a lot of NANOGers are doing) or somesuch.
But if you want to try my code with a transparent squid, feel free: antisearch 0.1
I don't know how to get around the lameness filter. Ironic, isn't it? Anyway, grab it: antisearch 0.1
Well, I couldn't find an appropriate newsgroup, so I'll just put it on a server: antisearch 0.1
I've created a Squid redirector to deal with this problem. I tried to post it here, but couldn't get past the Slashdot lameness filter.
It catches anything going to a gTLD's wildcard response (there's about 15 gTLDs doing this!) and redirects it to google. It also does some other niceties that don't automatically happen when using a proxy, such as adding www. and .org/.com/.net if needed.
If anybody wants the code, then post a reply here and I'll set up a web page with it and post the URL. (I won't bother if nobody wants it.)
You may want to know, also, that some of the NANOG folks have patches for BIND to change these responses back into NXDOMAIN.
Regarding point a: My impression was that it does not need to be a priviledged user; by exploiting as user mysql, you still get all the access that mysql has, and may be able to use this to chain into a privilege elevation attack.
Regarding point b: If RedHat does not, by default, have any "admin" account, how are new users added?
Regarding point c: It is not unheard of, or even uncommon, for there to be flaws in web pages allowing SQL access (sometimes within certain limits).
While it's not the end of the world, and good layered security should keep this from being a problem in most installs, it's a little more serious, I think, than you imply. But just a little.
First rule of being a sysadmin: You NEVER put a compiler on a production server. Ever.
My biggest production app will compile and load code changes at runtime. Yes, changes are made on a dev server, but changes are compiled and loaded directly into the running system, to prevent the server going down for more than a second or two (long enough to load in the code once it's been compiled).
It's perfectly relevant, since thousands of /. readers are able to rationalize piracy in this way.
You mean by saying, "They won't provide easy downloads, so I'll download myself, and it's okay?"
Your assertion is that piracy is merely a "market pressure".
Technically, my assertion is that piracy is a manifestation of an unmet market pressure.
So isn't it relevant why this market pressure exists?
Sure. So why does it exist?
I personally think the demand for instant gratifiaction exists because modern society is getting accustomed to this in other areas of entertainment.
(It's not just limited to entertainment. Fast food, for example. But I'll restrict myself to entertainment for this argument.)
The proliferation of video rental stores means that people can drive just a few blocks and come back with the movie of their choice, practically before the popcorn's ready. The hundreds of cable channels expand on this, and with premium channels such as Showtime and HBO, you don't even have to leave your living room. With pay-per-view, you can pick up the recent releases not yet on video. Long distance rates are so low these days that you can chat with your friends anytime you want rather than using bulky old letters, and in the evenings, it's free on many cell plans.
The entry of the Internet into homes, and the commercial expansion of the web, means that you can have whatever entertainment you want at your fingertips. News, chat, comics, stories, humor, whatever you want, straight to you in milliseconds.
Well, almost whatever. There's still that pesky music thing. We can get so much instantly, but there's still precious few legitimate ways to get music over the net. One principle behind a capitalist society is that services will form to fill in demand. Nothing legitimate materialized, so illegal file-swapping became common.
As far as I'm concerned, the correct solution to that is lawsuits, not price cutting.
I'm not arguing prices. I'm arguing availability. People want instant gratification.
Heavy-handed market control is difficult. Anybody who deals with systems in nature (such as wildlife population or fluid dynamics) will tell you: systems that get near their operational limits become very difficult to control. It's going to be uphill work for the RIAA to control this. I don't see any way they can do it with lawsuits alone at this point. They need to put a release on the market pressure, provide a supply for the demand. Lawsuits can provide a little longer time, but only a little. Sooner or later, there's going to be more than they can handle.
Personally, I listen mostly to music from decades gone by. I have the albums, I play them. I have little use for any sort of downloading system. But there's a clear demand for it. If the RIAA doesn't fill the demand, things will only get worse.
Yes, I do understand rationalization. I try every day to recognize and avoid it. But that's irrelevant. You may note that I didn't say-- or even imply-- that sharing copyrighted music was just.
I just said that it was more prolific and more damaging to the RIAA because they're not acknowledging the market pressures.
The RIAA may know they are in trouble, but they are not prepared to merely roll over and accept the fact of piracy.
We don't want them to accept piracy. We want them to face facts of market demands.
The market demands convenience and instant gratification. This is America, for Pete's sake! People want to be able to think, "Hey, I want to hear a new song!" and a few clicks later, it's playing. The RIAA is so stuck on their old business model that they won't face up to the new reality of the market. And any business-minded person knows what happens to companies that don't follow changing markets.
The irony of this, what I find very funny in fact, is that it's getting worse for the RIAA the longer they wait. Had they provided online music downloads a long time ago, when the demand was first visible to the rest of us, then P2P would never have become such a haven for illegal music traders. But by quashing Napster instead of setting up a legit music download service, they caused lots of new P2P music trading to spring up.
Now, because they've waited so long, there is a well-known P2P music trading infrastructure. This means that they may feel the need to use DRM. Had they not given P2P a chance to spring up (by offering their own, legitimate and well-advertised service), then they would have never needed DRM. File sharing wouldn't be commonplace. You wouldn't have 12 year-old girls thinking that paying for KaZaA makes it all legal.
But they didn't, and now it's too late. Who knows what else they may lose if they keep waiting?
I have my own theory. I think that the next thing in line for them to lose is control over the bands. People are getting tired of RIAA-pushed ISO9000-manufactured everything-sounds-alike pop artists. Previously, since the RIAA controlled the radio, that was all that people got free samples of. But P2P provides a new first-sample distribution channel for independent artists. If the RIAA doesn't watch out, they'll lose their chokehold on which artists are coming to the public ear. And then, they'll have some real problems.
It's still a useful tool. Just not for the SCO case,
Why? Who do we think is going to cheat? Who would have incentive to force a mismatch?
Scenario one: Linux hackers change code to force a mismatch. But we have the kernel sources going a long time back, so an impartial judge simply has to pick sources from before SCO's initial annoucement. So this is ineffective.
Scenario two: SCO changes code to force a mismatch. But they are trying to prove a match, so this is contrary to their best interests.
Scenario three: Linux hackers change code to force a match. Besides being vulnerable to the issue listed in #1, it is contrary to their best interests, and also few Linux hackers have access to SCO's (current) source.
Scenario four: SCO changes code to force a match. In other words, they copy code from the Linux sources into their kernel before running shred. This is possible, but is no different that if they made the same copy without running shred.
But it is just as likely that he left a trojan or backdoor in the system.
You imply that just because he had the means to do so, it is just as likely that he did so.
But I have the means to do this. So do you. So does anybody else. Does that mean that we should be accused of altering files?
What channel+net do CWIRCers hang out on?
That's what I do.
On the phone: "Whatcha doin?" "Playing Nintendo football." (I'm actually playing Madden NFL 2003, but I'm fine with the imprecision.)
While with a friend: "So, do you want to go catch a movie, or stay here and play Nintendo?"
Asking a friend: "What good Nintendo games are in the pipeline?"
Telling a friend: "Yeah, I'm off to Fry's to pick up a new memory card for my Nintendo. That Madden is such a memory hog."
Later: "Picked up a new Nintendo game while I was out."
Yup. Works fine for me.
So how long have you been saving that gag?
If they don't put down Mario, everybody will know that it's nothing but a farce, and Sony will lose face. Of course it'll have Mario!
School papers need one other important features: the ability to quickly repaginate after changing fonts, margins, and spacing!
Counterexample.
My department, when preparing our Big Database Without Which We'd Be Screwed, seriously looked at PostgreSQL, MySQL, and Oracle. We decided that PostgreSQL was the way to go.
The deliberately generic-sounding URLs for the service are publicized...through bulk e-mails that Anonymizer sends to addresses in the country.
Spamming for freedom!
"You have performed an illegal operation and will be terminated."