I hardly think that this enhances the spy potential of the average sysadmin. After all, it's just Perl scripts running tcpdump, and it's not like those aren't already available.
It won't help your ISP at all--it is designed for the output from an ETHERNET packet sniffer, and your ISP is almost certainly using fiber. Your "shool of fish" defense is illusory as well. One of the things computers do really really well is filter large amounts of data, picking a fish out of a school. Even the FBI's Carnivore wasn't startling because of its tech, but because it was going to be installed in formerly open waters.
I also doubt this will ever be usefull for "security", although network analysis certainly can be (see the Intrusion Detection Working Group of the IETF). However, it might be possible to write a client that gives you traffic analysis that could be used to make your network more effecient. Sniffing is legitimate for more than just security--network flow design and protocol debugging are actually probably more widespread.
I'm still not sure I really like this program, though. As the artist says in his NY Times interview, he wants people to become more comfortable with the idea of survellience. I'm not sure I like that. On the other hand, it might decrease the demonization of packet sniffers, which would be a good thing. On the gripping hand, it's out there, check and see if it's running on _your_ network.
It is interesting that you use schadenfreude in your post. I've seen it before in an argument against the Sapir-Whorf hypothesis. Do you really think Americans have no concept of "taking pleasure in the misfortune of others"? Admittedly, it is more difficult to convey, perhaps "like watching Wiley Coyote run into the cliff again."
Therefore, I wouldn't agree that you can extinguish a concept by eliminating the word. However, you certainly can limit the beauty and power of a language by limiting its vocabulary. A word does evoke a whole melange of related words and concepts, perhaps even a gestalt. Hence the frequency of German terms in discussions of this sort.
On a lighter note, does anyone else find it ironic that Microsoft won't let you find the word "idiot" but still treats you like one?
Sure, an application error in a Unix derived system is much less likely to bring down the whole system. But that's no excuse for not dealing with error conditions correctly.
Also "errors" don't just occur from bad code. Running Linux gives you no protection against drive failures, network flakiness, or plain old user error.
Sure, if the error messages is misleading you can look in the source to find out what actually caused the error. Heck, even if it SEGVs you can compile it with debugging symbols and let GDB tell you what line it's failing at.
However, the open source community will NEVER attract mainstream users with that kind of attitude. Furthermore, even hardcore geeks should have better things to do fix up crud in supposedly release quality code. Hey, it's one thing if I'm working on something clearly under development, but it's nice to be able to get stable stuff to.
That said, I don't find open source to be any worse than the commercial stuff I've worked with. With, say, Microsoft stuff, it is just much harder to distinguish bad error handling code from bad code even when no error conditions are encountered.
You make a good point about the difference in what drives proprietary vs. open source software. Whether or not one outpaces the other depends on how well the different drives work.
Linux (and *BSD) do better in areas where individuals can easily contribute (for example, a few people writing a driver for a kernel). They also are great for providing choice. Linux supports several different, well developed GUI models.
However, there are some areas I think the model works less well in. For instance, game development is hard under an open source model. Sure, there are some great games for Linux, but they tend to be simpler and shorter. Modern mainstream games are huge and involve a lot of effort by non-programmers. It's like the difference between small independant films and big studio productions.
However, bringing this back to the story, there is no reason not to mix the two models. There's no reason not to try to make Linux run proprietary apps designed for Windows. In fact, I think we should be able to make them run better.
A 10mbps LAN is plenty to run most of the applications I use over that network, and that's even with it tunneling through SSH.
xv and Netscape are both pretty pokey, but one is nothing but graphics and the other is a bloated monstrosity.
I can even run StarOffice across machines once it starts up, I just can't move or resize the main window without waiting for several seconds.
Oh, I'll be glad to be able to do faster direct rendering, but I'll be running some kind of Xserver on my machines for a long time.
It's reassuring to note that the new moderater has been standing in for sometime. Moderating BugTraq must be difficult at times, but it's been really nice to see such an important list run so well.
Google Image search strikes again
on
Bert Is Evil
·
· Score: 5, Interesting
A search for "bin laden" shows Bert and Osama on the second page of pictures. If the protestors made their collage out of that, it would explain a lot.
Hmm, I guess it would be proof if the two random people showed up on the poster as well.
It only is that way when some platform specific, propreitary method becomes the de facto standard. That's the whole reason for the IETF standards process.
Standards should enhance choice by providing inter-operability for certain components while allowing customization of others. As the best and biggest example, TCP/IP is highly standardized and yet you can choose from a bewildering variety of stacks for different operating systems.
We did a lot of group projects in my college, and I thought it was really valuable. Submitting documentation of who did what seems useful as well, although if the project was conceptually hard but not too heavy on actual code it seems that planning could get undervalued.
Putting this documentation in a commented out section in code is a waste though. CVS log will do a mutch better job and ensure that at least something is put in every time a change is made. And you don't have to scroll down past it every time you want to read the code.
Acutally, it is Cluely, someone from a firm called Sophos, who claims IIS is being targetted because it is widespread.
The only Microsoft quote is from some Peon saying "IIS is as secure as our competitors' products, and what differentiates Microsoft is our industry-leading response process"
Now, as to the first point, as some earlier poster pointed out Apache is still a leading webserver as hasn't had nearly the compromise. Sure, crackers will go after widespread targets. But they'll also go after the easier ones.
As to Microsoft being distinguished by its response process, I couldn't agree more. Few other companies respond with as much hot air (This flaw would be very technically difficult to exploit...) and as cruddy patches. Just read through SecurityFocus.
How wonderful. So if they ever shut down enough of the good online file sharing systems, making life less convienent for the rest of us, you'll just go back to slicing the anti-theft tags of CDs at your local record store.
Ashcroft is quoted as saying his definition of terrorism is "broad enough to include...assaults designed to change the purpose of government."
So does that mean that these sweeping bills that he's been pushing are themselves a terrorist attack?
I can see a great Rube Goldberg device being made out of this...
The bird pecks at the seed, lightening a balance that releases a catch, allowing a blade to swing down and remove the heatsink from an Athalon.
The Athalon reaches several hundred degress within a second, lighting a fuse which --you get the picture.
Hey, using signed numbers in your bug tracker is a great feature.
I can just see a marketing type out there saying:
"And our product is so good, it has negative bugs!"
Entrapment is a difficult issue, but I think encouraging infiltration is far less problematic than wiretapping.
Encouraging inflitration in and of itself does not "deprive ourselves of our rights"--when you talk in a group you should always realize that your words or actions might be reported. Unlike an email among people personally known to me, I have no expectation of privacy when I post to a message board our speak at a meeting whose attendance was advertised.
It depends what you mean by "the government"
I'm sure the Senators who passed the bill didn't have have any intention of creating "a giant evil spy machine." The problem is that once the mechanism is established, the potential for abuse is always there--all it would take is another president like Nixon.
On the other hand, if there really are appropriate protections to keep this an emergency measure only, I would say that it's not so bad.
The government not being allowed to read our mail was one of the basic principles behind the "no unreasonable search and seizure" but few would argue that post office workers don't have the right to call the bomb squad on a suspicious package.
It's much worse than that. The bill would apply to any device whose primary purpose is the storage, transmission, etc. etc. of digital information.
So copy control would have to be implemented on every digital cordless phone, digital cell phone, every one of the thousands of computer boards the telcos use to route your phone calls, the little chips inside your car that tune your engine...
Slashdot Mirror
I hardly think that this enhances the spy potential of the average sysadmin. After all, it's just Perl scripts running tcpdump, and it's not like those aren't already available.
It won't help your ISP at all--it is designed for the output from an ETHERNET packet sniffer, and your ISP is almost certainly using fiber. Your "shool of fish" defense is illusory as well. One of the things computers do really really well is filter large amounts of data, picking a fish out of a school. Even the FBI's Carnivore wasn't startling because of its tech, but because it was going to be installed in formerly open waters.
I also doubt this will ever be usefull for "security", although network analysis certainly can be (see the Intrusion Detection Working Group of the IETF). However, it might be possible to write a client that gives you traffic analysis that could be used to make your network more effecient. Sniffing is legitimate for more than just security--network flow design and protocol debugging are actually probably more widespread.
I'm still not sure I really like this program, though. As the artist says in his NY Times interview, he wants people to become more comfortable with the idea of survellience. I'm not sure I like that. On the other hand, it might decrease the demonization of packet sniffers, which would be a good thing. On the gripping hand, it's out there, check and see if it's running on _your_ network.
Therefore, I wouldn't agree that you can extinguish a concept by eliminating the word. However, you certainly can limit the beauty and power of a language by limiting its vocabulary. A word does evoke a whole melange of related words and concepts, perhaps even a gestalt. Hence the frequency of German terms in discussions of this sort.
On a lighter note, does anyone else find it ironic that Microsoft won't let you find the word "idiot" but still treats you like one?
Bullshit.
Sure, an application error in a Unix derived system is much less likely to bring down the whole system. But that's no excuse for not dealing with error conditions correctly.
Also "errors" don't just occur from bad code. Running Linux gives you no protection against drive failures, network flakiness, or plain old user error.
Sure, if the error messages is misleading you can look in the source to find out what actually caused the error. Heck, even if it SEGVs you can compile it with debugging symbols and let GDB tell you what line it's failing at.
However, the open source community will NEVER attract mainstream users with that kind of attitude. Furthermore, even hardcore geeks should have better things to do fix up crud in supposedly release quality code. Hey, it's one thing if I'm working on something clearly under development, but it's nice to be able to get stable stuff to.
That said, I don't find open source to be any worse than the commercial stuff I've worked with. With, say, Microsoft stuff, it is just much harder to distinguish bad error handling code from bad code even when no error conditions are encountered.
You make a good point about the difference in what drives proprietary vs. open source software. Whether or not one outpaces the other depends on how well the different drives work.
Linux (and *BSD) do better in areas where individuals can easily contribute (for example, a few people writing a driver for a kernel). They also are great for providing choice. Linux supports several different, well developed GUI models.
However, there are some areas I think the model works less well in. For instance, game development is hard under an open source model. Sure, there are some great games for Linux, but they tend to be simpler and shorter. Modern mainstream games are huge and involve a lot of effort by non-programmers. It's like the difference between small independant films and big studio productions.
However, bringing this back to the story, there is no reason not to mix the two models. There's no reason not to try to make Linux run proprietary apps designed for Windows. In fact, I think we should be able to make them run better.
A 10mbps LAN is plenty to run most of the applications I use over that network, and that's even with it tunneling through SSH. xv and Netscape are both pretty pokey, but one is nothing but graphics and the other is a bloated monstrosity. I can even run StarOffice across machines once it starts up, I just can't move or resize the main window without waiting for several seconds. Oh, I'll be glad to be able to do faster direct rendering, but I'll be running some kind of Xserver on my machines for a long time.
An article with some similar information is available here and not slashdotted yet.
It's reassuring to note that the new moderater has been standing in for sometime. Moderating BugTraq must be difficult at times, but it's been really nice to see such an important list run so well.
Hmm, I guess it would be proof if the two random people showed up on the poster as well.
It only is that way when some platform specific, propreitary method becomes the de facto standard. That's the whole reason for the IETF standards process.
Standards should enhance choice by providing inter-operability for certain components while allowing customization of others. As the best and biggest example, TCP/IP is highly standardized and yet you can choose from a bewildering variety of stacks for different operating systems.
Putting this documentation in a commented out section in code is a waste though. CVS log will do a mutch better job and ensure that at least something is put in every time a change is made. And you don't have to scroll down past it every time you want to read the code.
Acutally, it is Cluely, someone from a firm called Sophos, who claims IIS is being targetted because it is widespread. The only Microsoft quote is from some Peon saying "IIS is as secure as our competitors' products, and what differentiates Microsoft is our industry-leading response process" Now, as to the first point, as some earlier poster pointed out Apache is still a leading webserver as hasn't had nearly the compromise. Sure, crackers will go after widespread targets. But they'll also go after the easier ones. As to Microsoft being distinguished by its response process, I couldn't agree more. Few other companies respond with as much hot air (This flaw would be very technically difficult to exploit...) and as cruddy patches. Just read through SecurityFocus.
How wonderful. So if they ever shut down enough of the good online file sharing systems, making life less convienent for the rest of us, you'll just go back to slicing the anti-theft tags of CDs at your local record store.
Ashcroft is quoted as saying his definition of terrorism is "broad enough to include...assaults designed to change the purpose of government." So does that mean that these sweeping bills that he's been pushing are themselves a terrorist attack?
I can see a great Rube Goldberg device being made out of this... The bird pecks at the seed, lightening a balance that releases a catch, allowing a blade to swing down and remove the heatsink from an Athalon. The Athalon reaches several hundred degress within a second, lighting a fuse which --you get the picture.
Hey, using signed numbers in your bug tracker is a great feature. I can just see a marketing type out there saying: "And our product is so good, it has negative bugs!"
Entrapment is a difficult issue, but I think encouraging infiltration is far less problematic than wiretapping. Encouraging inflitration in and of itself does not "deprive ourselves of our rights"--when you talk in a group you should always realize that your words or actions might be reported. Unlike an email among people personally known to me, I have no expectation of privacy when I post to a message board our speak at a meeting whose attendance was advertised.
It depends what you mean by "the government" I'm sure the Senators who passed the bill didn't have have any intention of creating "a giant evil spy machine." The problem is that once the mechanism is established, the potential for abuse is always there--all it would take is another president like Nixon. On the other hand, if there really are appropriate protections to keep this an emergency measure only, I would say that it's not so bad. The government not being allowed to read our mail was one of the basic principles behind the "no unreasonable search and seizure" but few would argue that post office workers don't have the right to call the bomb squad on a suspicious package.
It's much worse than that. The bill would apply to any device whose primary purpose is the storage, transmission, etc. etc. of digital information. So copy control would have to be implemented on every digital cordless phone, digital cell phone, every one of the thousands of computer boards the telcos use to route your phone calls, the little chips inside your car that tune your engine...