The right solution for solving spam is not one of government. We don't need laws to make DOS attacks on spammers legal because they were never illegal to begin with.
Dude, that is like, what, +500 insightful? I wish I could un-post so that I could mod you up.
Before each of my children were one year old, they were familiar with Jump-Start Teddy. Before they (each) were two, they were able to start the computer and get JST running so that they could sit in a favorite aunt/uncle/parent's lap. My oldest sister did not know how to turn that particular PC on, but my 11 month old son did it for her one day. (I had a link for JST to start as soon as that computer was on.)
Children are looking up to you as their role model. Just like putting on daddy's shoes to tromp around the kitchen, they want to do things their parents do. The sooner they understand what they are and aren't allowed to do on your computer, the sooner you will have respectable uptime on your home web server.
The last thing I want is for my children to follow me into the computer industry. But they each have a solid understanding of how a computer is used as a tool. They also have a healthy respect for electrical dangers.
Vigilantism (sp? Is that even a word?) is legally risky at best. I would love to see lawmakers specifically exempt Lycos in the specific anti-spam effort. I'd also like to see lawmakers pass laws that increase spam penalties to death by slow and painful torture. Maybe that's just me.
But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn? My USA Lawmakers seem ignorant (at best) when it comes to technology issues. Furthermore, making an exception for spam only would likely open the door to tremendous abuse. Would GWB authorize DDOS against non-Republican affiliated endeavors?
It's a slippery slope. As much as I like the concept, my doubts are not being assuaged.
You forgot the part about how much cheaper they will be to manufacture than current technologies. Either they 1) use readily available raw materials, or 2) less raw materials, or 3) the classic standby: simpler manufacturing process (each of which is always eaten by exorbitant "unexpected" testing costs.)
I'm not sure what you mean by the variety being more complicated. Given that MS has about 90% of the desktop market it makes perfect sense that there are many more programs written for Windows than Linux.
There are about 200 Linux distributions (last time I checked.) You don't understand that 200 separate vendors is inherently more complicated than a single vendor? So you change the subject to an irrelevant questionable factoid?
I implied nothing of the sort...
You certainly did, in your earlier post. Go back and read it again.
I'm sure you're a fast typist but I wouldn't claim that all Linux excuse posting on Slashdot was done by you...
Cute. But I wasn't excusing Linux for anything. Perhaps all the other "excuses" you see posted are merely accurate respresentation of facts, and you are twisting them with your skewed perspective?
To your original post, I still don't see how there is any double standard here. The open source model allowed a preemptive approach to be taken here. That fact alone is a tremendous acheivement of the open source model.
If Microsoft could be as responsive, perhaps attitudes would be different. But I don't see how they ever can be, with their current closed source approach.
I'm not sure what you mean by "unknown" here. I'm sure in the last few years individuals within MS who didn't write the code are auditing it for security.
Fair enough. What I meant by "unknown" was partly as you point out, some parties not directly involved in code development. But the beauty of this particular Linux SMB audit is that it apparently did not originate from the same organization that developed it. A truly independent audit, with no financial incentive for pulling punches. Internal Microsoft audit results never get publicized (with interim work-arounds) until a patch is ready.
"MS with it's Billions of dollars simply can't be as responsive. Er, well they could be, but they choose not to be."
Well, the number of different programs running on Windows is probably an order of magnitude greater than on Linux so more care is required to make sure a patch will not mess things up. The Linux community can always fall back on the excuse that "it's free so you shouldn't complain". Obviously MS can't.
I disagree with your assessment on orders of magnitude. The variety that exists in the open source world is much more complicated than the Microsoft world. You imply that Linux patches are 100% untested - that is absurd. Also, not all Linux is free (as in beer.) Microsoft delays patch roll outs inexplicably.
I don't see much interest on Slashdot on breaking down a Windows security bug to see how difficult it would be to exploit,
WHOA! Are we reading the same/.?:-)
but there's always someone who will provide excuses for Linux here.
Now that is a loaded statement! Was I providing excuses? Are you now going to turn your statement on its head and say you mean "someone" but not me? {Sigh.}
No no, it's not excuses for Linux; it's more of an opportunity to bash Microsoft for having poor disclosure (even though that seems to be finally changing) and poor patch timeliness.
True. I dismissed that initially as ridiculous, but I guess it is possible. Not likely, but yes, possible that someone would remotely mount a share from an untrusted host.
I've seen other comments berating similar attitudes to yours on this thread, so I won't repeat those points. But I feel there are still a couple concepts that haven't been beaten to death yet...
(Although sometimes, I like to just piss them off, since they deserve it anyway... >:-)
Who made you the catcher-in-the-rye? This ENTIRE thread is about automation of automobiles. The single largest danger on the road is that the control of a 2000 lb weapon is left to the subjective perspective of each individual driver. Humans can be quite fickle.
What if the person behind you is racing to the labor ward of the local hospital? Your answer would be that they should crash, thereby enlisting a ride in an ambulance?!
You, in your car, have absolutely NO WAY of knowing why the person behind you is in a rush? What if it's a federal agent trying to prevent the detonation of a nuclear bomb? Do you KNOW it isn't?
When some asshat wants to pass me, I gratefully let him. I am not SO conceited that I think I am the fastest driver out there. And once he's past me, any trite fear of smokey pulling me over for being 5-10 MPH over the limit is gone: the speed trap over the next hill will give that passer their full attention for 5-20 minutes. If the patrol thinks their emergency is justified, they'll get an escort.
Lastly, different areas have different customs. 5 MPH over the speed limit in Oklahoma will usually get you a ticket (I've been in OK 4 times this year - far too much for my liking!) But on a southern California highway, anything less than 15MPH over the speed limit, and you'll get shot at. Gigantic soCal freeways have other quirks as well: right most lane SL+5MPH, 2nd lane from right SL+10MPH, 3rd lane from right SL+15MPH, etc. for many normal commuter trafic flows. The notable exception is the car pool lane, which attracts the like of you, who travel at approximately the speed limit so as to piss off everyone that paid for their speedpass.
All in all, I think removing the subjective human element from public roadways is a very good trend. 30 years from now, when engineers start removing safety margins that were implemented *because* of human subjectiveness, we'll start seeing some really dramatic throughput increases. For example, an array of 30 vehicles in the left-most lane all in electronic communication with the highway and each other, knowing that no car needs to get off this exit will be able to proceed at express speeds, with essentially no gap between the vehicles...resulting in thirty automated cars tailgaiting each other like a train, at 120MPH, each drafting the vehicle ahead of it.
Ultimately, such improvements will identify parking as the bottleneck to efficient traffic flow. Maybe then, we'll get personal transport pods as our public transport. (Wow, that sounds like 1950's Sci-Fi.)
ps. What measure were you using to put a dollar value on 'destruction of natural resources'?
My own personal (skewed? Surely!) empirical estimate, of a finite non-renewable once-it's-gone-it's-gone limited natural resource.
--
I've only spent a single vacation in England. I still remember how freaky it was when the trains would start moving SILENTLY. (I was living in NYC at the time.) The fares seemed reasonable in 1989. I didn't do much travel by bus...one silly double-decker ride a couple of blocks.
During an audit of the smb filesystem implementation within Linux
several vulnerabilities were discovered ranging from out of bounds
read accesses to kernel level buffer overflows.
To exploit any of these vulnerabilities an attacker needs control
over the answers of the connected smb server. This could be achieved
by man in the middle attacks or by taking over the smb server with
f.e. the recently disclosed vulnerability in Samba 3.x
While any of these vulnerabilities can be easily used as remote
denial of service exploits against Linux systems, it is unclear if
it is possible for a skilled local or remote attacker to use any of
the possible bufferoverflows for arbitrary code execution in kernel
space.
Gee, how often does Microsoft have unknown persons audit their code (besides the occasional code theft, of course.) I think that this exemplifies the power of open source. Some subtle exploits were turned up during an audit. As of now, securityfocus is reporting that there are no exploits developed for these errors. But vendors are already providing patches!
MS with it's Billions of dollars simply can't be as responsive. Er, well they could be, but they choose not to be.
The problems discovered require an a remotely mapped SAMBA share to be mounted (remotely! The lunacy!) and be subverted by a man-in-the-middle attack DURING a DOS.
Now, maybe www.sco.com could worry about this, but I just can't imaging too many linux admins leaving samba shares mapped remotely (especially DURING a DOS.) Joe-six-pack cannot set up a samba share without help. This is not something that is able to be exploited on just any-old default installation. You have to start SMB and have a mapped samba share! Is it any wonder that treating this code to a serious security review was a low priority?
I don't see how this is applying a double standard.
Hang on. So you telling me all this talk about "Speed Kills" is just propaganda?! And that they decided to irritate everyone with foolish speed limits instead of legislating improved fuel consumption targets?
I'm not sure I agree with the sentiment that '"Speed Kills" is just propaganda?!' but I do think it is terribly incorrect.
I'll subscribe to Slashdot as soon as I see one month w/o dupes, typos, or stories the editors didn't read.
I just want you to know, I think of your sig every time I see Posted by xxxxx in the Mysterious Future followed a few lines later by the small text See any serious problems with this article? Email our on-line editor. If article is a dup, please include the url.
I know that transportation is not optional for most people. I do agree that mass transit as it exists in most of the US is not a viable alternative. But it is an alternative that is usually not even considered.
Delivery systems existed long before we had paved roads.
What exists in the US today is a death spiral for mass transit. Artificially lowering the price of gasoline causes that to accelerate.
I strongly agree with your assertion that simply stamping a mass-transit tax on gasoline would take years to reap the desired rewards. More likely, I think it would take decades.
And I don't see what any of this has to do with driver training. Are you assuming that fewer drivers = better training? I don't see why that follows.
I was NOT suggesting that fewer drivers equates to better training. The contrary is probably true...most urban drivers are better at anticipating idiocy than rural drivers (at least in my observations.)
No, what I was suggesting is that if only 10% of people are licensed to drive, that 10% will be under much greater scrutiny. The obvious analogy is airline pilots. Pilots are subjected to much more rigorous testing than a class C automotive licensed driver. If only 10% could drive, it would obviously be a distinguished privilege to drive.
Right now in the US, what percentage of adults can drive? 90%? 95%? 98%? Only people who are clinically retarded, clinically psychotic, or physically disabled can't get a license. And even then, they often they can get permits to go to/from work.
In this case, I think it is obvious the carrot is not better than the stick. We live in the USA - where mass transit is occasionally directly bribed into obliviosn, more often subtly undermined, by the auto/oil industries. There is no way to add service lines when there is no demand for the service; having an artificially low priced alternative evaporates that demand.
Gas in the US costs *way* less than gas in Europe. Gas in the US costs way less than its porportionate destruction of consumed (finite) natural resources.
All mass transit systems are subsidized. If no one needs the service, the subsidy becomes untenable. This leads to the quagmire we have in most cities in the US - insufficient service when and where it's needed.
Why is NYC the only city in the US that has viable mass transit? I miss it dearly.
I believe the root cause of traffic is not poor training & testing, although those certainly are contributing factors!
The cause of traffic is the fact that gasoline is too cheap in the USA. If gasoline were $5/gallon we'd have less traffic. If it were $20/gallon we'd have significantly less traffic, viable mass transit options, tougher driver testing, better driver training, etc.
[Note: I am not affilliated with any oil/gas/refinery corporation - I am just a bicyclist. I do not think bicycles are the right answer for everyone, but when *I* ride, I have time to think, and observe.]
The artificially super-low gasoline prices in the USA for the last three or more decades have had strange secondary effects.
Is your command of the English language that poor? Why did you include the word "No" in your post? Every other part of your statement reinforces the parent post.
WP was the first WYSIWYG word processor I ever used (or saw) under VMS. Being first in that realm is kindof the opposite mindset, for a company believing GUIs were going away!
Slashdot Mirror
Well, I agree that enforcement is the problem. One could even say that that is the root cause of spam being what it is today.
But in the meantime, the innocent target website was taken down, and presumably did lose significant business.
Dude, that is like, what, +500 insightful? I wish I could un-post so that I could mod you up.
So if I hire a spamhaus to advertise my competitor's website...
Hmmmmm. Needs a little caution, methinks.
Before each of my children were one year old, they were familiar with Jump-Start Teddy. Before they (each) were two, they were able to start the computer and get JST running so that they could sit in a favorite aunt/uncle/parent's lap. My oldest sister did not know how to turn that particular PC on, but my 11 month old son did it for her one day. (I had a link for JST to start as soon as that computer was on.)
Children are looking up to you as their role model. Just like putting on daddy's shoes to tromp around the kitchen, they want to do things their parents do. The sooner they understand what they are and aren't allowed to do on your computer, the sooner you will have respectable uptime on your home web server.
The last thing I want is for my children to follow me into the computer industry. But they each have a solid understanding of how a computer is used as a tool. They also have a healthy respect for electrical dangers.
Take LOTS of pictures when they are young!
Vigilantism (sp? Is that even a word?) is legally risky at best. I would love to see lawmakers specifically exempt Lycos in the specific anti-spam effort. I'd also like to see lawmakers pass laws that increase spam penalties to death by slow and painful torture. Maybe that's just me.
But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn? My USA Lawmakers seem ignorant (at best) when it comes to technology issues. Furthermore, making an exception for spam only would likely open the door to tremendous abuse. Would GWB authorize DDOS against non-Republican affiliated endeavors?
It's a slippery slope. As much as I like the concept, my doubts are not being assuaged.
Thanks for changing the subject AGAIN. Thanks for partial quoting again.
Something you imply isn't something to be directly quoted. What you imply is the gestalt of your post(s), and that certainly was your implication.
IHBT. Ouch.
You forgot the part about how much cheaper they will be to manufacture than current technologies. Either they 1) use readily available raw materials, or 2) less raw materials, or 3) the classic standby: simpler manufacturing process (each of which is always eaten by exorbitant "unexpected" testing costs.)
Will that work for movies uploaded from a video camera? It looks like it only affects input from video capture cards.
There are about 200 Linux distributions (last time I checked.) You don't understand that 200 separate vendors is inherently more complicated than a single vendor? So you change the subject to an irrelevant questionable factoid?
You certainly did, in your earlier post. Go back and read it again.
Cute. But I wasn't excusing Linux for anything. Perhaps all the other "excuses" you see posted are merely accurate respresentation of facts, and you are twisting them with your skewed perspective?
To your original post, I still don't see how there is any double standard here. The open source model allowed a preemptive approach to be taken here. That fact alone is a tremendous acheivement of the open source model.
If Microsoft could be as responsive, perhaps attitudes would be different. But I don't see how they ever can be, with their current closed source approach.
I'm not sure what you mean by "unknown" here. I'm sure in the last few years individuals within MS who didn't write the code are auditing it for security.
/.? :-)
Fair enough. What I meant by "unknown" was partly as you point out, some parties not directly involved in code development. But the beauty of this particular Linux SMB audit is that it apparently did not originate from the same organization that developed it. A truly independent audit, with no financial incentive for pulling punches. Internal Microsoft audit results never get publicized (with interim work-arounds) until a patch is ready.
"MS with it's Billions of dollars simply can't be as responsive. Er, well they could be, but they choose not to be."
Well, the number of different programs running on Windows is probably an order of magnitude greater than on Linux so more care is required to make sure a patch will not mess things up. The Linux community can always fall back on the excuse that "it's free so you shouldn't complain". Obviously MS can't.
I disagree with your assessment on orders of magnitude. The variety that exists in the open source world is much more complicated than the Microsoft world. You imply that Linux patches are 100% untested - that is absurd. Also, not all Linux is free (as in beer.) Microsoft delays patch roll outs inexplicably.
I don't see much interest on Slashdot on breaking down a Windows security bug to see how difficult it would be to exploit,
WHOA! Are we reading the same
but there's always someone who will provide excuses for Linux here.
Now that is a loaded statement! Was I providing excuses? Are you now going to turn your statement on its head and say you mean "someone" but not me? {Sigh.}
No no, it's not excuses for Linux; it's more of an opportunity to bash Microsoft for having poor disclosure (even though that seems to be finally changing) and poor patch timeliness.
True. I dismissed that initially as ridiculous, but I guess it is possible. Not likely, but yes, possible that someone would remotely mount a share from an untrusted host.
There's no such thing as bad publicity. This is a simple publicity stunt for a pathetic website/company.
Who made you the catcher-in-the-rye? This ENTIRE thread is about automation of automobiles. The single largest danger on the road is that the control of a 2000 lb weapon is left to the subjective perspective of each individual driver. Humans can be quite fickle.
What if the person behind you is racing to the labor ward of the local hospital? Your answer would be that they should crash, thereby enlisting a ride in an ambulance?!
You, in your car, have absolutely NO WAY of knowing why the person behind you is in a rush? What if it's a federal agent trying to prevent the detonation of a nuclear bomb? Do you KNOW it isn't?
When some asshat wants to pass me, I gratefully let him. I am not SO conceited that I think I am the fastest driver out there. And once he's past me, any trite fear of smokey pulling me over for being 5-10 MPH over the limit is gone: the speed trap over the next hill will give that passer their full attention for 5-20 minutes. If the patrol thinks their emergency is justified, they'll get an escort.
Lastly, different areas have different customs. 5 MPH over the speed limit in Oklahoma will usually get you a ticket (I've been in OK 4 times this year - far too much for my liking!) But on a southern California highway, anything less than 15MPH over the speed limit, and you'll get shot at. Gigantic soCal freeways have other quirks as well: right most lane SL+5MPH, 2nd lane from right SL+10MPH, 3rd lane from right SL+15MPH, etc. for many normal commuter trafic flows. The notable exception is the car pool lane, which attracts the like of you, who travel at approximately the speed limit so as to piss off everyone that paid for their speedpass.
All in all, I think removing the subjective human element from public roadways is a very good trend. 30 years from now, when engineers start removing safety margins that were implemented *because* of human subjectiveness, we'll start seeing some really dramatic throughput increases. For example, an array of 30 vehicles in the left-most lane all in electronic communication with the highway and each other, knowing that no car needs to get off this exit will be able to proceed at express speeds, with essentially no gap between the vehicles...resulting in thirty automated cars tailgaiting each other like a train, at 120MPH, each drafting the vehicle ahead of it.
Ultimately, such improvements will identify parking as the bottleneck to efficient traffic flow. Maybe then, we'll get personal transport pods as our public transport. (Wow, that sounds like 1950's Sci-Fi.)
ps. What measure were you using to put a dollar value on 'destruction of natural resources'?
My own personal (skewed? Surely!) empirical estimate, of a finite non-renewable once-it's-gone-it's-gone limited natural resource.
--
I've only spent a single vacation in England. I still remember how freaky it was when the trains would start moving SILENTLY. (I was living in NYC at the time.) The fares seemed reasonable in 1989. I didn't do much travel by bus...one silly double-decker ride a couple of blocks.
FROM SECURITYFOCUS:
During an audit of the smb filesystem implementation within Linux
several vulnerabilities were discovered ranging from out of bounds
read accesses to kernel level buffer overflows.
To exploit any of these vulnerabilities an attacker needs control
over the answers of the connected smb server. This could be achieved
by man in the middle attacks or by taking over the smb server with
f.e. the recently disclosed vulnerability in Samba 3.x
While any of these vulnerabilities can be easily used as remote
denial of service exploits against Linux systems, it is unclear if
it is possible for a skilled local or remote attacker to use any of
the possible bufferoverflows for arbitrary code execution in kernel
space.
Gee, how often does Microsoft have unknown persons audit their code (besides the occasional code theft, of course.) I think that this exemplifies the power of open source. Some subtle exploits were turned up during an audit. As of now, securityfocus is reporting that there are no exploits developed for these errors. But vendors are already providing patches!
MS with it's Billions of dollars simply can't be as responsive. Er, well they could be, but they choose not to be.
The problems discovered require an a remotely mapped SAMBA share to be mounted (remotely! The lunacy!) and be subverted by a man-in-the-middle attack DURING a DOS.
Now, maybe www.sco.com could worry about this, but I just can't imaging too many linux admins leaving samba shares mapped remotely (especially DURING a DOS.) Joe-six-pack cannot set up a samba share without help. This is not something that is able to be exploited on just any-old default installation. You have to start SMB and have a mapped samba share! Is it any wonder that treating this code to a serious security review was a low priority?
I don't see how this is applying a double standard.
I can do quite a bit with their failry limited commands. And the database I do most of my work in has CLI mode access.
I'm not sure I agree with the sentiment that '"Speed Kills" is just propaganda?!' but I do think it is terribly incorrect.
The difference in speed is what kills.
I'll subscribe to Slashdot as soon as I see one month w/o dupes, typos, or stories the editors didn't read.
I just want you to know, I think of your sig every time I see Posted by xxxxx in the Mysterious Future followed a few lines later by the small text See any serious problems with this article? Email our on-line editor. If article is a dup, please include the url.
Delivery systems existed long before we had paved roads.
What exists in the US today is a death spiral for mass transit. Artificially lowering the price of gasoline causes that to accelerate.
I strongly agree with your assertion that simply stamping a mass-transit tax on gasoline would take years to reap the desired rewards. More likely, I think it would take decades.
I was NOT suggesting that fewer drivers equates to better training. The contrary is probably true...most urban drivers are better at anticipating idiocy than rural drivers (at least in my observations.)
No, what I was suggesting is that if only 10% of people are licensed to drive, that 10% will be under much greater scrutiny. The obvious analogy is airline pilots. Pilots are subjected to much more rigorous testing than a class C automotive licensed driver. If only 10% could drive, it would obviously be a distinguished privilege to drive.
Right now in the US, what percentage of adults can drive? 90%? 95%? 98%? Only people who are clinically retarded, clinically psychotic, or physically disabled can't get a license. And even then, they often they can get permits to go to/from work.
In this case, I think it is obvious the carrot is not better than the stick. We live in the USA - where mass transit is occasionally directly bribed into obliviosn, more often subtly undermined, by the auto/oil industries. There is no way to add service lines when there is no demand for the service; having an artificially low priced alternative evaporates that demand.
Gas in the US costs *way* less than gas in Europe. Gas in the US costs way less than its porportionate destruction of consumed (finite) natural resources.
All mass transit systems are subsidized. If no one needs the service, the subsidy becomes untenable. This leads to the quagmire we have in most cities in the US - insufficient service when and where it's needed.
Why is NYC the only city in the US that has viable mass transit? I miss it dearly.
I believe the root cause of traffic is not poor training & testing, although those certainly are contributing factors!
The cause of traffic is the fact that gasoline is too cheap in the USA. If gasoline were $5/gallon we'd have less traffic. If it were $20/gallon we'd have significantly less traffic, viable mass transit options, tougher driver testing, better driver training, etc.
[Note: I am not affilliated with any oil/gas/refinery corporation - I am just a bicyclist. I do not think bicycles are the right answer for everyone, but when *I* ride, I have time to think, and observe.]
The artificially super-low gasoline prices in the USA for the last three or more decades have had strange secondary effects.
P.S. I'm going to establish a charity for those who believe using a dollar sign in Microsofts name does anything other than diminish one's argument.
Well said. Point taken. But I'm still guilty. I just can't help it! {Takes a deep breat before trying} Micro...
Wait, wait. Let me try again.
Mirco........uuuuuughhh........aaaaaarrrrggggh.
I'm sorry, but that "$" is more addictive than nicotine.
Perhaps Microsft employees are paid bonuses to astrospam
</obvious>
Is your command of the English language that poor? Why did you include the word "No" in your post? Every other part of your statement reinforces the parent post.
Shit. I believe I have been trolled.
WP was the first WYSIWYG word processor I ever used (or saw) under VMS. Being first in that realm is kindof the opposite mindset, for a company believing GUIs were going away!