Then there's the one about the guy who tied the monster chain to his monster bumper. He throttled the gas and lost his bumper, along with his license plate...
It's rather unbelievable. At NSU, a smaller regional public school in Oklahoma, we had practically every dorm room, class room, and office wired to the net as early as '94. I can remember staring in amazement as I could download shareware from the Simtel repository at Norman at 70KB/s. I downloaded the kernel through my cable modem last night at 270KB/s!
UCITA has been introduced into the Oklahoma Senate Judiciary Comittee by Senator Glenn Coffee as SB 1337. You can track the status of the bill at www.lsb.state.ok.us.
Also, check out Richard Stallman's excellent critique at http://linuxtoday.com/stories/15948.html which includes links and contacts for those of you wanting to stay informed of the status of UCITA in your state.
Webmin is an excellent configuration tool that everyone should check out once. It's particularly good at configuring server processes such as sendmail and DNS.
It get the sense that this is something exclusive to the executive branch. I don't see congress getting involved except in some oversight manner, or possibly the supreme court if someone happens to bring suit against it.
After reading through several comments on this topic there seems to be a common thread - The goverment can't really be trusted, they must have some hidden agenda behind this announcement.
I have a different take on this. What's happened here is that the slow-moving beurocratic wheels of government are finally moving in the right direction. No, the governement is not made up entirely of men in black suits who take joy in hinding behind bushes and spying on you, or staying up late nights devising devious plans to control your computer usage.
The government is actually made up mostly of regular Joe's like you and me who have a day job to do. Do you think that there aren't men and women in the federal government who would like to see these rules revised just as much as you or I? Of course there are, and they're been advocating this for quite some time. The fact that it's finally happening doesn't require that there is a subversive mission in mind.
I think the inclussion of 'Open Source' in this announcement is a statement to how sucessful forumns like Slashdot have been in raising the issues of exporting encryption software to the world. No longer is encryption a munitions (product) to the government, but also a matter of free speech and free software.
I understand that, but 40-bit SSL encryption is nothing to get happy about. It's still an insecure medium allowing a man in the middle attack. This is still less secure than a properly implemented username/password scheme.
The reason that on-line merchants store credit cards on the server is mostly convinience, but partly to prevent the customer from repeatedly sending their credit card number through the insecure medium of the internet.
My electric company works in a similar way. I call them up and agree to pay this month's bill. I don't give them my credit card (which I only provided to them once). The service representative does not have access to my credit card number, they just enter the amount into the system and let it verify with the credit card company. Now granted, someone else might be able pose as me, but they're just paying my electric bill for the next few months.
The idea behind storing the number on a server is to transmit your number once, then send a username/password after that. A man in the middle looking for credit card numbers doesn't see yours, and at least presents him the challange of having to figure out where the username/password was headed and provides some way to track the person who stole it, since he can only buy from that vendor.
In that respect, I'd prefer to use vendors who store my credit information on the server and issue me a password. Of course, that's provided that they don't do something stupid like make the database server internet accessible.
Think Mozilla. It was beta (or pre-alpha as the case may be) when Netscape released it. For Inprise, open sourcing the next version instead of the current version allows then soom room for error should it backfire on them. We may see them rename it in the way Netscape did.
Trust me, they know. They were getting complaints from their Linux users earlier this month and called us up. Being affiliated with linux.com we're used to getting questions like this.
She explained that their Linux customers could not view citifi.com and wondered why. So I opened up a browser and was suprised to find the "Your Operating System" message. I explained to her that this was a limitation imposed by their web designers and asked if there was something on the page that would prevent linux from viewing it.
No, she wasn't aware of anything specific but inquired about javascript support in Linux. I said I'd do some research and get back to her, and politely asked to have their web designers call to resolve any problems. I sent her a link on Netscape and java/javascript but havn't heard anything back since...
If you'd like a contact in the company to send *polite* inquiries to, send me an email.
No. If you actually follow the link they provide, you'll see that a couple of posts actually include source code for decrypting/viewing DVD's.
It brings up an intersting question. Can slashdot be held liable for providing a public forumn which includes illegal posts? Does this present a first amendment issue?
Could a library be help liable for, say, having a book on RSA encryption on its shelf? Could a phone company be held liable for allowing proprietary information to be passed illegally between individuals? Where does the law (where is exists with respect to the net) apply here?
I believe you've completely missed my point and twisted this into another debate. I certainly wasn't advocating communism morally or otherwise. I figured my last sentence made that clear.
My point is that an idealistic (zealous) communist in a country such as China who is well versed in political theory would attempt to make parallels between his strong held beliefs and the sucesses of things which appear to go against the grain of capitalism. In this instance Linux, at least in his eyes.
If, however, we imbue all discussions of Communism with a clear and unrelenting focus on the EVIL of Communism, then we achieve true objectivity.
Do you really believe this? Marxian communism began as a discussion of how primitive communities operated, hence the word communism. His studies investigated how communities operated before we developed a sense of greed and the need to accumulate individual wealth (...the root of all evil)
In fact, one could argue that libertarian, capitalist beliefs harbor far more evil. What happens when we leave it up to natural forces to find equalibrium in our society? Darwanism, the strongest survive. We no longer are driven by any ethical or moral values, but lower ourselves to the pure animalistic urges to guide our society.
I know, that doesn't sound quite right. That's because our society in the US is where it is not because of capitalism, but from a strong moral middle class which keeps the balance. Libertarianism as well as a communistic planned society will never fly in the US. We constantly tweak our society and economy to produce just that right balance.
Communism strives to benefit the people by streamlining the production of goods. If there is no middle man to mark up the prices of goods, then the people benefit from lower prices. The people benefit from sharing resources on a massive scale rather than spliting them between competing individuals (economy of scale).
Linux strives to benefit end users by combining the efforts of many minds, rather than having small groups reinvent the wheel.
In capitalism, the workers are paid by, and directed by, a capitalist. The capitalist's primary concern is in producing a product which will enrich the owner, not in producing a product which will benefit the most people.
Linux is produced to benefit the most people. The development of Linux is not guided by monetary concerns. Those involved in coding the Linux kernel, for the most part, do so on their own time and are not managed by corporations to line the pockets of stock holders.
In a practical communist society, the development of goods is ultimately controlled by a small group (the party) for the 'good' of the people. Resources must be controlled by the party to take advantage of possible cost saving measures. The party can distribute the resources around in the most effective manner, thus a 'planned economy'. The party in turn is lead by a strong figure head to guide the party.
The Linux kernel in practice is controlled by a small group of developers which filter the production of the developers, to produce code in the most stable, efficient manner. This small group in turn is guided by a strong figure head, Linus.
Of course the communism described above is theoretical and doesn't work well in a complex society, and Linux benefits greatly from being developed in free, rich, technologically advanced countries such as the US, but one could see how an idealistic communist could make parallels betwen open source and communism.
Actually, spoofing is possible if the hijacker resides on a network along the route of the two other identities. Also, spoofing should be possible in one way attacks, like some denial of service attacks.
on a personal workstation, system files are the least important thing on it.
This is goes against my experience in large "Microsoft" shops. Users always kept important documents backed up on diskette or network server (which was backed up at least weekly).
The real problems happened when workstations crashed becuase of failed harddrives or virii. It took hours or days to get them back to a workable situation. Of course this is comming from the perspective of a support tech. We would always tell a user to back up data becuase a HD always seems to crash at the worst possible time.
Documents and important data can be backed up. System files usually aren't.
> Linux (and UNIX) is inherently more secure than Windows
wrong! they only protect the user from damaging the system but not their own stupidity. users can just as easly accidentally delete their own files under linux as they could under windows. you argument doesnt hold water because you dont seem to truely understand the problem.
Ouch! I guess this hit where it really hurts. You don't honestly expect us to believe Windows is as secure as UNIX...
While we're at it, here's my guess, which is based on badly blurred memories of 80486 documentation.
Memory reads and writes really aren't the difficult part. In protected mode, every process (or task) gets executed in its own 4GB (max) virtual memory space and gets translated by the processor into absolute memory space. The OS swaps out these task spaces to disk while they're not being used. One process should never be able to write to another processes space, which was the whole point of protetcted mode with the i386.
The real issues involve handling interrupts, and executing protected instructions. Take for instance writing directly to hardware through IO ports. The host OS absolutely can't let the hosted OS do what it wants in this area. But the interupt mechanisms of x86 architecture come to the rescue here.
Run the hosted OS in some unpriveledged level (not ring 0) and let the processor interrupt whenever there's a priveledged instruction executed. The host then examines the situation and recovers by implementing the priveledged instruction in an alternative way.
Registers also won't be a problem in most cases since they are saved and restored at a task state switch. Linux shouldn't care what NT does with the registers as long as they get restored when NT gets preempted.
The CORBA specification has long lacked the ability to pass objects by value rather than referrence. By creating this component specification, CORBA gains a much needed ability to pass complex objects between ORB's beyond arrays and structs. Remember that OMG's goal is to create a neutral platform for network programming between platform implementations. XML doesn't do the trick because unless the embedded objects are scripts or even java binaries, they are still tied to a platform. The EJB component specification is AN implementation of the specification, it certainly allows other bindings to be implemented in the future. Without this spec, CORBA will always lack the few advantages that DCOM has by allowing binaries to be passed around and used by other ORB's. The objects will of course need to be platform-independant. If they're not java objects, then the OMG would have to create some platform indepent binary specification, thus duplicating Sun's efforts with java.
Last I checked, IBM now ships their desktops with ethernet, and Compaq with a somewhat standard bios. Novell has seen the TCP/IP light. It's unfair to permanently label these companies because of past technologies (innovations?).
Considering how IBM has supported apache and linux in recent months this makes a lot of since. I think all these companies have a legitimate contribution to make to linux in the comming months and years and I'm expecting alot from IBM this year, I hope they don't let me down...
Slashdot Mirror
Then there's the one about the guy who tied the monster chain to his monster bumper. He throttled the gas and lost his bumper, along with his license plate...
It's rather unbelievable. At NSU, a smaller regional public school in Oklahoma, we had practically every dorm room, class room, and office wired to the net as early as '94.
I can remember staring in amazement as I could download shareware from the Simtel repository at Norman at 70KB/s. I downloaded the kernel through my cable modem last night at 270KB/s!
On the front page, don't click 'Read More', but
the ## of ## and you get threaded. At least it
works for me.
heh. I didn't catch that before. funny!
UCITA has been introduced into the Oklahoma Senate Judiciary Comittee by Senator Glenn Coffee as SB 1337. You can track the status of the bill at www.lsb.state.ok.us.
Also, check out Richard Stallman's excellent critique at http://linuxtoday.com/stories/15948.html which includes links and contacts for those of you wanting to stay informed of the status of UCITA in your state.
Webmin is an excellent configuration tool that everyone should check out once. It's particularly good at configuring server processes such as sendmail and DNS.
http://www.webmin.com
It get the sense that this is something exclusive to the executive branch. I don't see congress getting involved except in some oversight manner, or possibly the supreme court if someone happens to bring suit against it.
After reading through several comments on this topic there seems to be a common thread - The goverment can't really be trusted, they must have some hidden agenda behind this announcement.
I have a different take on this. What's happened here is that the slow-moving beurocratic wheels of government are finally moving in the right direction. No, the governement is not made up entirely of men in black suits who take joy in hinding behind bushes and spying on you, or staying up late nights devising devious plans to control your computer usage.
The government is actually made up mostly of regular Joe's like you and me who have a day job to do. Do you think that there aren't men and women in the federal government who would like to see these rules revised just as much as you or I? Of course there are, and they're been advocating this for quite some time. The fact that it's finally happening doesn't require that there is a subversive mission in mind.
I think the inclussion of 'Open Source' in this announcement is a statement to how sucessful forumns like Slashdot have been in raising the issues of exporting encryption software to the world. No longer is encryption a munitions (product) to the government, but also a matter of free speech and free software.
I understand that, but 40-bit SSL encryption is nothing to get happy about. It's still an insecure medium allowing a man in the middle attack. This is still less secure than a properly implemented username/password scheme.
The reason that on-line merchants store credit cards on the server is mostly convinience, but partly to prevent the customer from repeatedly sending their credit card number through the insecure medium of the internet.
My electric company works in a similar way. I call them up and agree to pay this month's bill. I don't give them my credit card (which I only provided to them once). The service representative does not have access to my credit card number, they just enter the amount into the system and let it verify with the credit card company. Now granted, someone else might be able pose as me, but they're just paying my electric bill for the next few months.
The idea behind storing the number on a server is to transmit your number once, then send a username/password after that. A man in the middle looking for credit card numbers doesn't see yours, and at least presents him the challange of having to figure out where the username/password was headed and provides some way to track the person who stole it, since he can only buy from that vendor.
In that respect, I'd prefer to use vendors who store my credit information on the server and issue me a password. Of course, that's provided that they don't do something stupid like make the database server internet accessible.
Think Mozilla. It was beta (or pre-alpha as the case may be) when Netscape released it. For Inprise, open sourcing the next version instead of the current version allows then soom room for error should it backfire on them. We may see them rename it in the way Netscape did.
Trust me, they know. They were getting complaints from their Linux users earlier this month and called us up. Being affiliated with linux.com we're used to getting questions like this.
She explained that their Linux customers could not view citifi.com and wondered why. So I opened up a browser and was suprised to find the "Your Operating System" message. I explained to her that this was a limitation imposed by their web designers and asked if there was something on the page that would prevent linux from viewing it.
No, she wasn't aware of anything specific but inquired about javascript support in Linux. I said I'd do some research and get back to her, and politely asked to have their web designers call to resolve any problems. I sent her a link on Netscape and java/javascript but havn't heard anything back since...
If you'd like a contact in the company to send *polite* inquiries to, send me an email.
No. If you actually follow the link they provide, you'll see that a couple of posts actually include source code for decrypting/viewing DVD's.
It brings up an intersting question. Can slashdot be held liable for providing a public forumn which includes illegal posts? Does this present a first amendment issue?
Could a library be help liable for, say, having a book on RSA encryption on its shelf? Could a phone company be held liable for allowing proprietary information to be passed illegally between individuals? Where does the law (where is exists with respect to the net) apply here?
That's a variation of fools mate:
:)
1. f4 e6
2. g4 qh4++
but alas, it doesn't involve a night or rook
My point is that an idealistic (zealous) communist in a country such as China who is well versed in political theory would attempt to make parallels between his strong held beliefs and the sucesses of things which appear to go against the grain of capitalism. In this instance Linux, at least in his eyes.
If, however, we imbue all discussions of Communism with a clear and unrelenting focus on the EVIL of Communism, then we achieve true objectivity.
Do you really believe this? Marxian communism began as a discussion of how primitive communities operated, hence the word communism. His studies investigated how communities operated before we developed a sense of greed and the need to accumulate individual wealth (...the root of all evil)
In fact, one could argue that libertarian, capitalist beliefs harbor far more evil. What happens when we leave it up to natural forces to find equalibrium in our society? Darwanism, the strongest survive. We no longer are driven by any ethical or moral values, but lower ourselves to the pure animalistic urges to guide our society.
I know, that doesn't sound quite right. That's because our society in the US is where it is not because of capitalism, but from a strong moral middle class which keeps the balance. Libertarianism as well as a communistic planned society will never fly in the US. We constantly tweak our society and economy to produce just that right balance.
Communism strives to benefit the people by streamlining the production of goods. If there is no middle man to mark up the prices of goods, then the people benefit from lower prices. The people benefit from sharing resources on a massive scale rather than spliting them between competing individuals (economy of scale).
Linux strives to benefit end users by combining the efforts of many minds, rather than having small groups reinvent the wheel.
In capitalism, the workers are paid by, and directed by, a capitalist. The capitalist's primary concern is in producing a product which will enrich the owner, not in producing a product which will benefit the most people.
Linux is produced to benefit the most people. The development of Linux is not guided by monetary concerns. Those involved in coding the Linux kernel, for the most part, do so on their own time and are not managed by corporations to line the pockets of stock holders.
In a practical communist society, the development of goods is ultimately controlled by a small group (the party) for the 'good' of the people. Resources must be controlled by the party to take advantage of possible cost saving measures. The party can distribute the resources around in the most effective manner, thus a 'planned economy'. The party in turn is lead by a strong figure head to guide the party.
The Linux kernel in practice is controlled by a small group of developers which filter the production of the developers, to produce code in the most stable, efficient manner. This small group in turn is guided by a strong figure head, Linus.
Of course the communism described above is theoretical and doesn't work well in a complex society, and Linux benefits greatly from being developed in free, rich, technologically advanced countries such as the US, but one could see how an idealistic communist could make parallels betwen open source and communism.
Actually, spoofing is possible if the hijacker resides on a network along the route of the two other identities. Also, spoofing should be possible in one way attacks, like some denial of service attacks.
on a personal workstation, system files are the least important thing on it.
This is goes against my experience in large "Microsoft" shops. Users always kept important documents backed up on diskette or network server (which was backed up at least weekly).
The real problems happened when workstations crashed becuase of failed harddrives or virii. It took hours or days to get them back to a workable situation. Of course this is comming from the perspective of a support tech. We would always tell a user to back up data becuase a HD always seems to crash at the worst possible time.
Documents and important data can be backed up. System files usually aren't.
> Linux (and UNIX) is inherently more secure than Windows
wrong! they only protect the user from damaging the system but not their own stupidity. users can just as easly accidentally delete their own files under linux as they could
under windows. you argument doesnt hold water because you dont seem to truely understand the problem.
Ouch! I guess this hit where it really hurts. You don't honestly expect us to believe Windows is as secure as UNIX...
I like it. Why don't we change the name to Denebian and craft a slime-devil for the logo :)
Quite elegantly put :)
While we're at it, here's my guess, which is based on badly blurred memories of 80486 documentation.
Memory reads and writes really aren't the difficult part. In protected mode, every process (or task) gets executed in its own 4GB (max) virtual memory space and gets translated by the processor into absolute memory space. The OS swaps out these task spaces to disk while they're not being used. One process should never be able to write to another processes space, which was the whole point of protetcted mode with the i386.
The real issues involve handling interrupts, and executing protected instructions. Take for instance writing directly to hardware through IO ports. The host OS absolutely can't let the hosted OS do what it wants in this area. But the interupt mechanisms of x86 architecture come to the rescue here.
Run the hosted OS in some unpriveledged level (not ring 0) and let the processor interrupt whenever there's a priveledged instruction executed. The host then examines the situation and recovers by implementing the priveledged instruction in an alternative way.
Registers also won't be a problem in most cases since they are saved and restored at a task state switch. Linux shouldn't care what NT does with the registers as long as they get restored when NT gets preempted.
- dw
The CORBA specification has long lacked the ability to pass objects by value rather than referrence. By creating this component specification, CORBA gains a much needed ability to pass complex objects between ORB's beyond arrays and structs. Remember that OMG's goal is to create a neutral platform for network programming between platform implementations. XML doesn't do the trick because unless the embedded objects are scripts or even java binaries, they are still tied to a platform.
The EJB component specification is AN implementation of the specification, it certainly allows other bindings to be implemented in the future. Without this spec, CORBA will always lack the few advantages that DCOM has by allowing binaries to be passed around and used by other ORB's. The objects will of course need to be platform-independant. If they're not java objects, then the OMG would have to create some platform indepent binary specification, thus duplicating Sun's efforts with java.
Last I checked, IBM now ships their desktops with ethernet, and Compaq with a somewhat standard bios. Novell has seen the TCP/IP light. It's unfair to permanently label these companies because of past technologies (innovations?).
Considering how IBM has supported apache and linux in recent months this makes a lot of since. I think all these companies have a legitimate contribution to make to linux in the comming months and years and I'm expecting alot from IBM this year, I hope they don't let me down...
- dw