offering to use NSA SELinux (because of the NSA's "approved" cachet) really seems to open a lot of doors for Linux.
While stipulating that SELinux is the best design I've see *by far* for linux;
NSA has absolutely not 'approved' this for any use, nor do they represent it as a system that's either in any production operation at NSA, nor that it is an appropriate system for such use.
As said in posts above SELinux is a research project / reference implementation. Yes many folks are planning on offering commercial solutions based on SELinux, and for good reason, it's a fine design with good attention to detail.
There is a serious set of issues involved in applying SELinux to a production environment. SEL development (and LSM on which it depends) tracks the stable and -dev kernels. This means the platform is updated often and no
attempts are being made to maintain fixes/changes compatible with prior releases / kernels.
Also all versions since the first reference impelementations are based on the Linux Security Modules LSM
which are an attempt by the security industry to build a common interface for securing / auditing Linux's security - relevant interfaces.
LSM is an impressive piece of work, and has come a long way in the roughly 1 year that they've been coding! When one of the participants (IBM) provides a programmatic analysis tool that finds there are some oversights in the design, you know that this is still a work in progress / and I hope that any serious security implementer will take these things into consideration.
The upside of course is that these tools are being built and both LSM and SELinux are doing very good detail work on thinking about how to get Unix (Linux in this implementation) to a place where the OS itself can eliminate the reliance on root-privilege. WinNT was supposed to be such an implementation, I think most observers agree that intent didn't make it into the release code due to the complexity and competing design objectives.
It won't be soon, 'cause the hardware to do this is
still too pricey but I'd be very glad to wire my PDA into something that'd display onto regular (or custom) glasses. If they're gonna get the 2nd order ergo's right then with ability to display to either eye, right for left-brain tasks such as reading code, left for right-brain things like reading email from SO / partner.
Generally making external display possible / easy would be a fine thing, an external flat-panel / svga is cheap enough these days.
Building this at 1024/786 or better res would be just great. I'm ok with the minimal screen palm and palm knockoffs put on their units, but it's pretty useless for web access, browsing code or real emails.
As I don't want to sacrifice battery life, I don't care too much about adding CPU-intensive features. I can get wireless or 802.11 or GPS now so keeping the CPU-function back on my home servers is easy enough.
There's some nifty-enough mapping apps for Palm, but really integrating those with an add-on GPS would be a fine thing, especially with an HUD. Just show me where the hell I am on a map / chart:-).
These and other additions:
external display
Heads-up display
call-home if it thinks it's been lost/stolen function in firmware
stackable (piggy-back) add-on interface
solar-cell charger on back of unit:-)
add-on storage large enough to cache say a CD or so of data
saftey wire hole / loop (lost my first palm out pocket of motorcycle bag:-( )/ul
>Why do they have a right to broadband
I dunno, maybe because most of your food was produced by these people?
If you continue to treat rural folk as a second class
Well, not only does agriculture pay well, it is enshrined in federal subsidy programs... Why?
It has been suggested that this is due to the fact that 'agriculture states', which are states
with tiny populations effectively control the senate (roughly 1/3 of the senate is described as 'ag states'. These politicians therefor represent a constituency whose main priority is agribusiness. (Being as they are politicians you'll often see their pet bills being sold to the voters as 'good for family farms'... Guess what? Many very large ag businesses are family farms)
So what we get is a voting block in the senate which represents a tiny fraction of the voting population, yet is large enough to cut political deals with very large benefits for thier constituents. (These low-pop states btw also get an 2 electoral college votes per state toward the presidential election.)
This observation comes from some interesting university research which looked at power balance in the US system from a mathmatical perspective. Google didn't find the study (which was written more than 10 years ago) but the obvious google keywords will turn up lots of interesting links (like why we subsidze Ethanol for motor-fuel).
So I'm sorry but a pitch for tossing any more of my tax money toward the ag-states doesn't sit very well with me...
By the way, I grew up and worked on a a small farm and know very well what rewarding and diffucult work it can be.
How many of us are quick to insult people who don't know the difference between root and another user?
Sure insults are rarely called for, and sometimes humor is in poor taste... btw most lusers can tell root when: <BOFH>she decides to clear their disk quotas </BOFH>-)
How many of us call the repair guy because we don't know how to repair the air conditioner, refrigerator, or our car?
Not this geek, I do all the maintenance on both my motorcycles, replaced the furnace / steam boiler that broke down this winter and regularly repair things that go wrong with my major appliances. I just call that being an all-round geek.
Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40.
Trust me the mechanics are chuckling that you're exemplifying by oil viscosity, (as opposed say to not knowing the difference between metric, english and whitworth) And they take people to the cleaners regularly 'cause the average driver knows less about his/her car than his/her computer / os.
So yeah I don't laugh in peoples faces, tho sometimes I get mighty frustrated. I don't usually even chuckle behind their backs, 'cause it's not polite. I occaisionally help 'em out when things break (mazdas or servers).
Hoewver lusers get no more guarantee of my respect than the guys that plunk down 20k for that new harley and don't have the first clue how it runs or how to fix it when it breaks.
Anderson never stood a chance against Regan and basically no one listened to Anderson but enough people felt strongly about making a statement to get him up to the 5% of popular vote / federal election funding point.
Ross Perot succeded in being the spoiler who (the election from G. Bush Senior, giving us Clinton. I don't listen to him but enough people do or did to have a substantial effect in that election (and a lesser effect since).
Nader sure as hell gave this election to GWB (yes I know the greens don't agree.. flames >/dev/null). OMB will listen. They may not act. It doesn't matter that his 3% won't win funding, just that he profoundly influenced who's in power.
Fortunately times have changed since the mid-90's when bascially no competitors or PC manufacturers could be found who would testify against MS due to their oft demonstrated willingness to adjust licensing terms to the detriment of people who.
Yes it looks like GWB did his best to call off DOJ's will to actually enforce the law by meting out an actual penalty. Hopefully the narrowness of Bush's victory(sic) is one element of why the dogs haven't been *totally* called off.
Fortunately this in effect means that the non-settling states and the various coalitions who believe are in fact not listening to GWB (Mr "I believe in innovation").
So like nader, I do not. Be glad that Nader is going to push this on OMB, I am.
Ohh and if you havent' noticed there are a certain fraction of 'publicans who do engage in wearing fruity clothing (classic preppy-wear).
DDoS attacks use spoofed addresses. This generates traffic asymetry in the upstream routers (e.g. more SYNs than ACKs come through the routers that are gating the DDoS, more ACKs than SYNs return toward the spoofed IPs. Using this for isolating DDoS sources was presented at the '01 Usenix security symposium.
This is one way to both identify and isolate the problem at a distance from the DDoS targets, that information can now be used to shut off the flood closer to the sources. How close is a matter of how deeply you arrange your defense.
I don't know if this is an element of what NetDeflect is using, they mention symmetry of connect creation/teardown. This is more expensive in terms of detection, but also more applicableto the local permiter.
"We don't take papers from private addresses."
on
A New Kind of Science
·
· Score: 1
Ok proof by counter-example
The subject was Nature's response to James Lovelock's first paper submission after leaving industry / academia.
James Lovelock manages to practice research independently in part du to holding patents in gas chromotography. As in independent thinker he has been able to ask questions that are hard to ask within academia.
Today Nature is happy to charge me $15 to read a trivial and uninformative review of Wolfram's book or charge me a couple hundred $US for a subscription. Acacemic presses are well supported by tax and corporate research funds. Yes this is a luxury I peronally can do without.
Lovelock's co-author Lynn Margulis remains in academia but has the scars to show just how poor the academic model can be for recognizing important new work. Her key discovery that eukariotic cell structure originated in a symbiotic relationship between prokariotic cells and bacteria was initially derided by her peers, and took years to be recognized as one of the more important results of modern biology.
Neither of these individuals is especially comfortable with their celebrity status. Lovelock is quick to point out that many people in the green movements 'not only don't understand science, they hate science'. Margulis remains a professional biologist who is extrarodinarily dedicated to teaching and to furthering the science of 'simple(sic)' organisms.
Three other examples who spring to mind are authors JRR Tolkein, JK Rowling and Robert Pirsig. All three created works that are important in that they have become part of the wider culture, and were all rejected by 20-30 publishers.
Pirsig in particular is entirely ignored by academic philosophy. His unique synthesis has had influence in both mainstream and academic thought, yet academia dismisses his work. Pirsig draws heavily on Poincare who's work included many of the key ideas of relativity a couple of decades before Einstein and others developed the necessary frameworks for fully understanding these.
Whether or not Wolfram is important either within academia or in the larger context of society in any case will not be determined on/., and pinning thei idea that he is some sort of luser based on his inevitable notoriety herein is hardly a solid hypothesis imo.
First, how is the storm center new?! the site's been up for more than a year.
According to this survey ofglobal
and asian
internet-connected systems the US/Can have 181M systems online vs 33M in china.
do the math: Current stats from the ISS say the ratio of systems is about the same as the reatio of attack traffic.
Attack traffic: CN=42291 / US 222907 =.1897
Connected sys's: cn=33M / us=181M =.1823
From following incidents.org and my own experience I'd say that.cn has a rep more becuase when you deal with an attack from asia in general the problems of contacting the admins to notify / etc are much more difficult.
My own experiences have been mixed, Contacting site owners in asia has been more spotty than for US/EC sites, and in the event of something serious its a lot more expensive to pick up the 'phone and call china to discuss a problem.
arin.net, ripe.net, apnic.net all work well for tracking down system owners, but the contact problems across continents remain.
See also this MS propaganda. Wherein they bitch about MIT Econ prof F. Fisher who was IBM's key economic witness in their antitrust case (and co-author of "folded, spindled and mutilated US vs IBM").
Ok so MS actually thinks their business can not be characterized as "high prices and inferior products", and is taking issue with what they see as a turnabout by somone they might wish to see as an ally.
Clearly MS is very chipped off that the people who largely won IBM's defense in that case now are giving testimony suggesting that MS is in violation of antitrust law.
I attended a lecture by Fisher in the mid-80s where he delineated that IBM had:
Made coporate policy back in the '30s that they wanted to become *big*
and were not going to screw that up by running afould of anti-trust laws
Never lost a private antitrust suit (as of '84) - there had been 25 or so
The government's case (brought in the closing days of the Johnson administration) had been seriously flawed (e.g. claiming that IBM 'controlled' 70% of the US computing market, they included plug-compatible competitors in IBM's market share while not counting the 2nd largest manufacturer of the time (DEC) in the caculation)
One difference here of course is that MS *has* been found to be a monopoly and (imo) has based much of its strategy on hurting competitors instead of helping customers. Personally I think MS has beleived from the beginning that if they are simply 'excellent' and compete hard they will win, and the notion that they have indeed been found in violation of antitrust is just a foreign idea.
IBM is a tough competitor in many areas, but they mostly seem to behave themselves in the manners that a potentially monopoly player is required under US law and regulation: They license IP, they publish detailed specs, they do not pre-announce products in a manner that would be found to be anti-competitive (and yes there's been a lot of controversy on this last one).
As for pulling witnesses 'Because the trial is going so well'... ok they're doing better then in the actual trial but clearly the non-settling states had plans to get more mileage still from MS's witnesses than MS would gain.
Just hoping this judge manages more than a wrist-slap. MS bullied the govt' out of their first forray in '95 and then proceeded to wiggle around the few penalties that were set... maybe it'll be different this time
as early as 1998 there were EXPLICIT instructions to all MS employees not to even LOOK at open-source code
So you're saying that the incorporation of zlib (non-gpl lic.) was prior to '98?
Anyhow my understanding per an earlier/. is that a large number of universities and others have source licenses for all versions of winblows. (see list of who's who) I'm sure that the NDA's associated preclude actually saying anything about it but if CIFS has samba code these source-licensed groups would be able to find it.
You're welcome to strip them out yourself, but the car company certainly won't support that
Specifically if you install aftermarket parts or if you install them yourself the manufacturer will (probably) consider your warranty void. So Of course, we'd expect that modular windows will not be covered under the MS limite warranty
... Ooops wait that's right software basically has no warranty;-).
To be serious, if you document and keep receipts auto manufacturers allow that you can do your own basic maintenance without losing warranty coverage.
Just as others have pointed out I can (and do) save myself a lot of money on my vehicles buying only used cars and doing my own work.
What I like in microsoft's argument is the assertions that letting 3rd parties 'under the hood' will destroy windows and make it less reliable. I actually find it hard to imagine that independent groups who will ultimately be judged by the market on whether they add value for their customers don't stand a pretty good chance of assembling a more reliable system that MS has so far managed to do.
Also on the automotive theme, note that auto makers get most of their profit from selling *parts*, not vehicles. The auto itself is mostly sold at cost.
By the same token I *think* (no solid numbers here) that the industry of *supporting* MS windows is much larger than MS's business of selling the code itself. MS mostly plays in this arena in (pricy) corporate support and in enticing lusers and strongarming enterprises into the continuous upgrade model.
Dnet claims to have around 17 Tflops worth of CPU's running, mostly on boxes that are good at integer and (relatively) weak on FP.
AsciiWhite is running 512 nodes of a cpu that is very much tailored to run FP computation. According to Netlib this box is running 8000 discrete CPU's capable of a net thruput of 12000 Gflops.
For comparison FP throughput on a 66 mhz Power2
system runs at 130 MFLOPS (260 peak), however it's Dnet throughput is on the order of 350 Kkeys / sec. Compare this to a PIII/1000 which produces the same 130 MFLOPS but runs 4500 Kkeys / sec.
So yeah 512 nodes of 375 Mhz Power3 cpus are going to produce plenty of Kkeys per second. And it could probably do that in full parallel with the FP work but I wouldn't count on them diverting the cycles to Dnet.
1) How do you work around the complete lack of server-side productivity software on Linux...
For starters if I'm managing hundreds, let alone
thousands of users / systems I'll take powerful scripting tools over rich 'gui' tools anyday.
having everyone click to confirm the meeting, which is then added to everyone's calendar. There is no solution like this without using Exchange (and I've looked.)
True, this probably doesn't exist, otoh I can write a calendaring app in PHP/SQL in a couple of days that will work just fine (and won't open my entire network ot the email virus-du-jour exploit.)
2) How do you work around the lack of group policy controls in SAMBA?
Easy, deploy AFS. it scales better than SMB, has full ACL controls and costs less. I imagine there are poeple who deploy terabyte scale network storage in win2k but there's no question which one I'd rather run, especially over a widely distributed enterprise.
As I read the article ML might be doing the whole shebang. I don't think the details come across very well in forbes-speak but "Merrill can write an application once and then deploy it with minimal work on mainframes, minicomputers, desktops, laptops and handhelds" sure sounds like they're looking at linux everywhere.
companies that are migrating to Linux as a workgroup server (i.e. replacing Windows NT/2000 Server with Linux) did not have a cohesive Windows network.... [Linux is] perhaps 25% of the way to replacing a Windows 2000 primary domain controller's capabilities.
I know people who work at ML, they undertand how to deploy nt/w2k. As for Linux/unix vs an nt/w2k domain controller from my POV you have the equation backward.
MS finally deployed DNS in place of WINS long after it became abundantly clear that WINS doesn't scale for large (or for that matter medium) enterprises.
Similarly, kerberos has run on unix for decades. NT4 should have been deployed with Kerberos in 1995, but MS seems to only want to adopt open standards when all other options have failed.
Curiously the 3.5 eval was just weeks after I reported NT's vulnerable management of passwords over network links to CERT. CERT's reply was "well not enough people are using NT on the internet for this to be an issue.
I also forwarded my data to the TSEC evaluators. They indicated that since the evaluated version of the OS(sic) had had all networking capabilities removed (orange-book doen't cover network security), that the evaluation would not be affected by this hole.
As it happened the vulnerability I'd found was
further tied to the internal storage of passwords
in the NT Reigisty, later examined in L0ptCrack.
Anyhow enough people want to use NT in secure
environments that MS will continue to seek these
certifications.
This was addressed in the SF Gate article, to wit:
Microsoft objected to Tiemann's accusations, repeating their complaint that new accusations are not appropriate for the current hearing,
Kollar-Kotelly refused to throw out Tiemann's testimony, though she said she would not view it as a new violation.
As plenty of other folks have pointed out in this thread MS has been found guilty, the question now at hand for this trial is what's to be done about it. The RH testimony bears directly at ongoing practices by MS which are when exercised by a monopoly (imo) illegally enforce that monopoly.
Yes MS objected on the gounds you state, and the judge clearly agrees that no this is not a new crime for which they will be tried but that it is evidence which bears on the penalty-phase of this trial.
My aix box has had a frontpanel load average monitor for ages, nice to be able to just glance at the box and quickly assess how busy it is:-)
Older RS/6000 boxes included a 3 digit LED on the
front of the case, Intended for diagnostics, it would show (lots!) of codes as the system ran thru
the boot sequence.
So naturally a hacker in.fi put together a set of tools that included the ability to drop the load average to the LED.
The coolest thing about this was the inevitable reaction if an IBM-er were ever in to do support work.
Normally you see the LED would be blank after boot *unless* the system crashed in which case it was used to display diagnostic codes (the dreaded 'flashing 888').
So the IBM-ers would always do a big double-take, 'cause that meant 'dead-box' to them;-).
Kerberos developed at MIT and used in many (most?) large-scale production systems. Source available.
Kerberos has been around since '88, opensource (MIT license). It is not developed at the breakneck pace of the more modern SSH and to my knowlege has had fewer exploit bugs in 14 years than the assembled flavors of (commercial *&* open) SSH have exhibited in the last 2 years.
Krb5 is not slick as SSH, you can't use it for a poor-man's VPN; it uses a more expensive cypher (3DES) for both auth and fully encyphered network connections. Rsh, rlogin rcp all available with strong encryption. It's not as easy to setup, nor well suited to very small networks but for my money where applicable it's a far more solid solution.
And yeah OpenSSH's seriously checkered security record has done very little to make me think of applying OpenBSD.. thoughts?
I dearly hope the supreme court will overturn this law. When Mickey is finaly released from the bondage of Disney maybe we'll see
Air Pirates funnies re-published!
Then I could send a copy to the Disney CEO replete with Mickey humping Minnie;-)
'course I expect Minnie's a good bit younger than Mickey, so I'll be waiting for her release. (That Mickey is such a cradle-robber!)
lets say I purchased a registered copy of Eudora and implimented it in my company instead of Outlook, and people found a way to exploit it.
Does that change things?
If that happened no I don't think it should change things, with the proviso that as a monopoly MS will be held to a different standard.
However this is demonstrably not the case, at a time when IIS accounted for less than 25% of website servers against apache's 60% IIS represented 65% of defacements to Apache's 25%.
Today many NT/IIS servers have been compromised behind firewalls by virus/worm code vectored by email (Nimda). Microsoft's business model has to include security because even if endusers don't understand the implications, the corporate customers require it (and even MS's most loyal large accounts are not happy about their record at this point).
If MS had not acted with such incredible arrogance they probably could have succeeded in finessing this whole case.
And while I expect they are going to wind up with just a slap on the wrist it will be a harder slap than it would have been if they would simply focus on writing solid code in the first place.
If MS would compete on simply the merits of their product there would be no issue here at all. And I don't believe for a minute that they would have taken February for trying to cleanup their security problems if Bill didn't see clearly that their abysmal reputation is affecting the outcome of this case.
And that by the way is a positive outcome imo, I remain skeptical that they will actually succeed in improving quality. (having had my first experience with a serious bug in an MS Fortran compiler in 1983 and having made one of the earliest NT vulnerability reports to CERT in '95 I have little patience with the quality of their products)
A legal system has certain economic biases. In addition to doing 'what's right' one of the functions that the law provides is simple economic incentive. A fundamental rule of economics:: Whatever you subsidise you will get more of.
At present the law subsidizes software by allowing software makers reduced liability. Hence we are saddled with bug-ridden software which is relatively expensive to operate securely.
Unfortunately the nature of the beast (complexity) exacerbates this. Writing secure code is not easy. Writing secure code that solves complex problems is less easy. (Although I would note that we're getting much better at that, the tremendous growth in software complexity is keeping system-security people busy.)
Microsoft really is (imo) the bad actor here. They have historically written systems of byzantine complexity. And they have historicaly written to proprietary interfaces. I have never looked at a proprietary interface that didn't prove to have serious security problems, ranging from DOS potential to root exploits. I am sure they exist but I've yet to encounter one in the wild.
I beleive this is because when we code thinking that we own both ends of the interface we tend to think less about possible 'what if' consequences Again, this is one of Microsoft's failings, they've always written code as if only MS would ever presume to interface to it. (Remember the smbclient cd.. command which could pop you into an MS lanman c:\drive and MS declaring that the flaw lay with a program executing 'illegal instructions'? [doh!])
Microsoft is changing its practices solely because it now *has* to. They've been determined by the courts to be a monopoly and I believe they're beginning to take that seriously. Opening their patented extensions to Kerberos is an example, Taking February to work on security issues is another. It may just be PR but it's PR which will almost certainly influence their treatment in the courts.
As software becomes ever more pervasive the costs of crack-able systems will grow higher. I for one don't ever want to be run over by a Cadillac that went out of control because its computer recieved an executable email attachment.
*Should* US (EC, jp...) law / policy begin to put incentives on software venodors to build security into their systems? Absolutely. What approach will be used? I haven't the slightest.
I'd love to see more of the vandals and scriptkiddies being taken into custody, but I also want to see the IT industry working proactively to make their designs less vulnerable in the first place.
If Microsoft wasn't so intent on feeding software buyers email with executable attachements, the need for virus protection would be substantially reduced. It's expensive in the short term to create a solid system, it's more expensive imo to add security to fix this cr*p after the fact.
Well yeah that was like year 1 for aix 3 / rs6000. The rev1 compiler was awful - that got fixed by the ibm mainframe compiler group by '93.
I've run numerical analysis on rs6000's for a decade now and put the boxes thru their paces. month-long computations with daily operational stuff still chugging along fine. Uptimes typically 6-12 months between reboots.
I had no beefs with AIX for stability, and I've yet to see a linux on which I could pull out one failed (non-raid) disk, swap in another, allocate space, mount and continue operations all without a reboot. and that was back in '94.
IRIX otoh oi! our indigo's used to crash when you looked at 'em crosseyed. I'm sure there were good things about them but their reliability was never my idea of rock-solid
The company I used to work for threw $80million! into a SAPR3 system. Andersen Consulting had the contract and they just put the hardware out to lowest bid, no critical eval of capacity to actually achieve better than 99.9% uptime. Sun won the bid.
Now I'm sure that Solaris *can* do this better but this installation was awful. You could count on a 15 minute outage at least once a month. That meant 4000 employees US, EC, japan etc. unable to access the systems, and it was usually a hardware problem on some Solaris database server.
Worse, about 2x in a year the whole shebang would go down for a _whole_day_ due to a problem in the cluster. And the (very expensive) full duplicate backup systems never once were able to pickup the load.
Sorry I didn't think much of sun/Solaris before that, thought much less of 'em after.
I make that system's uptime based on experience to have been 99.4%. nowhere near good enough for what we paid.
I mean, it says something that the world's largest gov't decided to pick Linux instead of..
China and much of the rest of the world do not have the huge existing investment in existing systems, that coupled with an economy that can less well afford the rates that some software vendors can levy.
GPL? not at all sure about your point? GPL may not even be enforceable in the US let alone China. Presumabley the server code that extends RF's commercial server versions are not opensource.. (like RH) the list prices look pretty steep. And notably there is no price listed on their secured linux. I wonder
if that is even available to non-governmental people?
Slashdot Mirror
While stipulating that SELinux is the best design I've see *by far* for linux;
NSA has absolutely not 'approved' this for any use, nor do they represent it as a system that's either in any production operation at NSA, nor that it is an appropriate system for such use.
As said in posts above SELinux is a research project / reference implementation. Yes many folks are planning on offering commercial solutions based on SELinux, and for good reason, it's a fine design with good attention to detail.
There is a serious set of issues involved in applying SELinux to a production environment. SEL development (and LSM on which it depends) tracks the stable and -dev kernels. This means the platform is updated often and no attempts are being made to maintain fixes/changes compatible with prior releases / kernels.
Also all versions since the first reference impelementations are based on the Linux Security Modules LSM which are an attempt by the security industry to build a common interface for securing / auditing Linux's security - relevant interfaces.
LSM is an impressive piece of work, and has come a long way in the roughly 1 year that they've been coding! When one of the participants (IBM) provides a programmatic analysis tool that finds there are some oversights in the design, you know that this is still a work in progress / and I hope that any serious security implementer will take these things into consideration.
The upside of course is that these tools are being built and both LSM and SELinux are doing very good detail work on thinking about how to get Unix (Linux in this implementation) to a place where the OS itself can eliminate the reliance on root-privilege. WinNT was supposed to be such an implementation, I think most observers agree that intent didn't make it into the release code due to the complexity and competing design objectives.
Generally making external display possible / easy would be a fine thing, an external flat-panel / svga is cheap enough these days.
Building this at 1024/786 or better res would be just great. I'm ok with the minimal screen palm and palm knockoffs put on their units, but it's pretty useless for web access, browsing code or real emails.
As I don't want to sacrifice battery life, I don't care too much about adding CPU-intensive features. I can get wireless or 802.11 or GPS now so keeping the CPU-function back on my home servers is easy enough.
There's some nifty-enough mapping apps for Palm, but really integrating those with an add-on GPS would be a fine thing, especially with an HUD. Just show me where the hell I am on a map / chart :-).
These and other additions:
I dunno, maybe because most of your food was produced by these people?
If you continue to treat rural folk as a second class
Well, not only does agriculture pay well, it is enshrined in federal subsidy programs ... Why?
It has been suggested that this is due to the fact that 'agriculture states', which are states with tiny populations effectively control the senate (roughly 1/3 of the senate is described as 'ag states'. These politicians therefor represent a constituency whose main priority is agribusiness. (Being as they are politicians you'll often see their pet bills being sold to the voters as 'good for family farms' ... Guess what? Many very large ag businesses are family farms)
So what we get is a voting block in the senate which represents a tiny fraction of the voting population, yet is large enough to cut political deals with very large benefits for thier constituents. (These low-pop states btw also get an 2 electoral college votes per state toward the presidential election.)
This observation comes from some interesting university research which looked at power balance in the US system from a mathmatical perspective. Google didn't find the study (which was written more than 10 years ago) but the obvious google keywords will turn up lots of interesting links (like why we subsidze Ethanol for motor-fuel).
So I'm sorry but a pitch for tossing any more of my tax money toward the ag-states doesn't sit very well with me ...
By the way, I grew up and worked on a a small farm and know very well what rewarding and diffucult work it can be.
Sure insults are rarely called for, and sometimes humor is in poor taste ... btw most lusers can tell root when: <BOFH>she decides to clear their disk quotas </BOFH> ;-)
How many of us call the repair guy because we don't know how to repair the air conditioner, refrigerator, or our car?
Not this geek, I do all the maintenance on both my motorcycles, replaced the furnace / steam boiler that broke down this winter and regularly repair things that go wrong with my major appliances. I just call that being an all-round geek.
Would you like it if your mechanic said, "I can't believe you don't know the difference between 10W30 and 10W40.
Trust me the mechanics are chuckling that you're exemplifying by oil viscosity, (as opposed say to not knowing the difference between metric, english and whitworth) And they take people to the cleaners regularly 'cause the average driver knows less about his/her car than his/her computer / os.
So yeah I don't laugh in peoples faces, tho sometimes I get mighty frustrated. I don't usually even chuckle behind their backs, 'cause it's not polite. I occaisionally help 'em out when things break (mazdas or servers).
Hoewver lusers get no more guarantee of my respect than the guys that plunk down 20k for that new harley and don't have the first clue how it runs or how to fix it when it breaks.
Ross Perot succeded in being the spoiler who (the election from G. Bush Senior, giving us Clinton. I don't listen to him but enough people do or did to have a substantial effect in that election (and a lesser effect since).
Nader sure as hell gave this election to GWB (yes I know the greens don't agree .. flames > /dev/null). OMB will listen. They may not act. It doesn't matter that his 3% won't win funding, just that he profoundly influenced who's in power.
Fortunately times have changed since the mid-90's when bascially no competitors or PC manufacturers could be found who would testify against MS due to their oft demonstrated willingness to adjust licensing terms to the detriment of people who.
Yes it looks like GWB did his best to call off DOJ's will to actually enforce the law by meting out an actual penalty. Hopefully the narrowness of Bush's victory(sic) is one element of why the dogs haven't been *totally* called off.
Fortunately this in effect means that the non-settling states and the various coalitions who believe are in fact not listening to GWB (Mr "I believe in innovation").
So like nader, I do not. Be glad that Nader is going to push this on OMB, I am.
Ohh and if you havent' noticed there are a certain fraction of 'publicans who do engage in wearing fruity clothing (classic preppy-wear).
This is one way to both identify and isolate the problem at a distance from the DDoS targets, that information can now be used to shut off the flood closer to the sources. How close is a matter of how deeply you arrange your defense.
I don't know if this is an element of what NetDeflect is using, they mention symmetry of connect creation/teardown. This is more expensive in terms of detection, but also more applicableto the local permiter.
The subject was Nature's response to James Lovelock's first paper submission after leaving industry / academia.
James Lovelock manages to practice research independently in part du to holding patents in gas chromotography. As in independent thinker he has been able to ask questions that are hard to ask within academia. Today Nature is happy to charge me $15 to read a trivial and uninformative review of Wolfram's book or charge me a couple hundred $US for a subscription. Acacemic presses are well supported by tax and corporate research funds. Yes this is a luxury I peronally can do without.
Lovelock's co-author Lynn Margulis remains in academia but has the scars to show just how poor the academic model can be for recognizing important new work. Her key discovery that eukariotic cell structure originated in a symbiotic relationship between prokariotic cells and bacteria was initially derided by her peers, and took years to be recognized as one of the more important results of modern biology.
Neither of these individuals is especially comfortable with their celebrity status. Lovelock is quick to point out that many people in the green movements 'not only don't understand science, they hate science'. Margulis remains a professional biologist who is extrarodinarily dedicated to teaching and to furthering the science of 'simple(sic)' organisms.
Three other examples who spring to mind are authors JRR Tolkein, JK Rowling and Robert Pirsig. All three created works that are important in that they have become part of the wider culture, and were all rejected by 20-30 publishers.
Pirsig in particular is entirely ignored by academic philosophy. His unique synthesis has had influence in both mainstream and academic thought, yet academia dismisses his work. Pirsig draws heavily on Poincare who's work included many of the key ideas of relativity a couple of decades before Einstein and others developed the necessary frameworks for fully understanding these.
Whether or not Wolfram is important either within academia or in the larger context of society in any case will not be determined on /., and pinning thei idea that he is some sort of luser based on his inevitable notoriety herein is hardly a solid hypothesis imo.
    united under CVS
7 vendor Unixes for the dwarf admins
    in their corporate halls
100 linuxen for mortal lusers
    doomed to choose
One Gnu to rule them all,
    One Gnu to find them.
One Gnu to enslave them all,
    And in the darkness bind them
In the land of Cambridge,
    where Mr. Stallman whines
See this and add your own Doggerel verse
According to this survey ofglobal and asian internet-connected systems the US/Can have 181M systems online vs 33M in china.
do the math: Current stats from the ISS say the ratio of systems is about the same as the reatio of attack traffic.
Attack traffic: CN=42291 / US 222907 = .1897
Connected sys's: cn=33M / us=181M = .1823
From following incidents.org and my own experience I'd say that .cn has a rep more becuase when you deal with an attack from asia in general the problems of contacting the admins to notify / etc are much more difficult.
My own experiences have been mixed, Contacting site owners in asia has been more spotty than for US/EC sites, and in the event of something serious its a lot more expensive to pick up the 'phone and call china to discuss a problem.
arin.net, ripe.net, apnic.net all work well for tracking down system owners, but the contact problems across continents remain.
Ok so MS actually thinks their business can not be characterized as "high prices and inferior products", and is taking issue with what they see as a turnabout by somone they might wish to see as an ally.
Clearly MS is very chipped off that the people who largely won IBM's defense in that case now are giving testimony suggesting that MS is in violation of antitrust law.
I attended a lecture by Fisher in the mid-80s where he delineated that IBM had:
and were not going to screw that up by running afould of anti-trust laws
The government's case (brought in the closing days of the Johnson administration) had been seriously flawed (e.g. claiming that IBM 'controlled' 70% of the US computing market, they included plug-compatible competitors in IBM's market share while not counting the 2nd largest manufacturer of the time (DEC) in the caculation)
One difference here of course is that MS *has* been found to be a monopoly and (imo) has based much of its strategy on hurting competitors instead of helping customers. Personally I think MS has beleived from the beginning that if they are simply 'excellent' and compete hard they will win, and the notion that they have indeed been found in violation of antitrust is just a foreign idea.
IBM is a tough competitor in many areas, but they mostly seem to behave themselves in the manners that a potentially monopoly player is required under US law and regulation: They license IP, they publish detailed specs, they do not pre-announce products in a manner that would be found to be anti-competitive (and yes there's been a lot of controversy on this last one).
As for pulling witnesses 'Because the trial is going so well' ... ok they're doing better then in the actual trial but clearly the non-settling states had plans to get more mileage still from MS's witnesses than MS would gain.
Just hoping this judge manages more than a wrist-slap. MS bullied the govt' out of their first forray in '95 and then proceeded to wiggle around the few penalties that were set ... maybe it'll be different this time
So you're saying that the incorporation of zlib (non-gpl lic.) was prior to '98?
Anyhow my understanding per an earlier /. is that a large number of universities and others have source licenses for all versions of winblows. (see list of who's who) I'm sure that the NDA's associated preclude actually saying anything about it but if CIFS has samba code these source-licensed groups would be able to find it.
Specifically if you install aftermarket parts or if you install them yourself the manufacturer will (probably) consider your warranty void. So Of course, we'd expect that modular windows will not be covered under the MS limite warranty
To be serious, if you document and keep receipts auto manufacturers allow that you can do your own basic maintenance without losing warranty coverage.
Just as others have pointed out I can (and do) save myself a lot of money on my vehicles buying only used cars and doing my own work.
What I like in microsoft's argument is the assertions that letting 3rd parties 'under the hood' will destroy windows and make it less reliable. I actually find it hard to imagine that independent groups who will ultimately be judged by the market on whether they add value for their customers don't stand a pretty good chance of assembling a more reliable system that MS has so far managed to do.
Also on the automotive theme, note that auto makers get most of their profit from selling *parts*, not vehicles. The auto itself is mostly sold at cost.
By the same token I *think* (no solid numbers here) that the industry of *supporting* MS windows is much larger than MS's business of selling the code itself. MS mostly plays in this arena in (pricy) corporate support and in enticing lusers and strongarming enterprises into the continuous upgrade model.
$0.02 us
AsciiWhite is running 512 nodes of a cpu that is very much tailored to run FP computation. According to Netlib this box is running 8000 discrete CPU's capable of a net thruput of 12000 Gflops.
For comparison FP throughput on a 66 mhz Power2 system runs at 130 MFLOPS (260 peak), however it's Dnet throughput is on the order of 350 Kkeys / sec. Compare this to a PIII/1000 which produces the same 130 MFLOPS but runs 4500 Kkeys / sec.
So yeah 512 nodes of 375 Mhz Power3 cpus are going to produce plenty of Kkeys per second. And it could probably do that in full parallel with the FP work but I wouldn't count on them diverting the cycles to Dnet.
For starters if I'm managing hundreds, let alone thousands of users / systems I'll take powerful scripting tools over rich 'gui' tools anyday.
having everyone click to confirm the meeting, which is then added to everyone's calendar. There is no solution like this without using Exchange (and I've looked.)
True, this probably doesn't exist, otoh I can write a calendaring app in PHP/SQL in a couple of days that will work just fine (and won't open my entire network ot the email virus-du-jour exploit.)
2) How do you work around the lack of group policy controls in SAMBA?
Easy, deploy AFS. it scales better than SMB, has full ACL controls and costs less. I imagine there are poeple who deploy terabyte scale network storage in win2k but there's no question which one I'd rather run, especially over a widely distributed enterprise.
As I read the article ML might be doing the whole shebang. I don't think the details come across very well in forbes-speak but "Merrill can write an application once and then deploy it with minimal work on mainframes, minicomputers, desktops, laptops and handhelds" sure sounds like they're looking at linux everywhere.
companies that are migrating to Linux as a workgroup server (i.e. replacing Windows NT/2000 Server with Linux) did not have a cohesive Windows network .... [Linux is] perhaps 25% of the way to replacing a Windows 2000 primary domain controller's capabilities.
I know people who work at ML, they undertand how to deploy nt/w2k. As for Linux/unix vs an nt/w2k domain controller from my POV you have the equation backward.
MS finally deployed DNS in place of WINS long after it became abundantly clear that WINS doesn't scale for large (or for that matter medium) enterprises.
Similarly, kerberos has run on unix for decades. NT4 should have been deployed with Kerberos in 1995, but MS seems to only want to adopt open standards when all other options have failed.
see nt 3.5 and nt 4.0
Curiously the 3.5 eval was just weeks after I reported NT's vulnerable management of passwords over network links to CERT. CERT's reply was "well not enough people are using NT on the internet for this to be an issue.
I also forwarded my data to the TSEC evaluators. They indicated that since the evaluated version of the OS(sic) had had all networking capabilities removed (orange-book doen't cover network security), that the evaluation would not be affected by this hole.
As it happened the vulnerability I'd found was further tied to the internal storage of passwords in the NT Reigisty, later examined in L0ptCrack.
Anyhow enough people want to use NT in secure environments that MS will continue to seek these certifications.
Microsoft objected to Tiemann's accusations, repeating their complaint that new accusations are not appropriate for the current hearing,
Kollar-Kotelly refused to throw out Tiemann's testimony, though she said she would not view it as a new violation.
As plenty of other folks have pointed out in this thread MS has been found guilty, the question now at hand for this trial is what's to be done about it. The RH testimony bears directly at ongoing practices by MS which are when exercised by a monopoly (imo) illegally enforce that monopoly.
Yes MS objected on the gounds you state, and the judge clearly agrees that no this is not a new crime for which they will be tried but that it is evidence which bears on the penalty-phase of this trial.
"Blame me for having to type the backslash in DOS," he jokes.
and see: dos shell(sic) history.
Older RS/6000 boxes included a 3 digit LED on the front of the case, Intended for diagnostics, it would show (lots!) of codes as the system ran thru the boot sequence.
So naturally a hacker in .fi put together a set of tools that included the ability to drop the load average to the LED.
The coolest thing about this was the inevitable reaction if an IBM-er were ever in to do support work.
Normally you see the LED would be blank after boot *unless* the system crashed in which case it was used to display diagnostic codes (the dreaded 'flashing 888').
So the IBM-ers would always do a big double-take, 'cause that meant 'dead-box' to them ;-).
Kerberos has been around since '88, opensource (MIT license). It is not developed at the breakneck pace of the more modern SSH and to my knowlege has had fewer exploit bugs in 14 years than the assembled flavors of (commercial *&* open) SSH have exhibited in the last 2 years.
Krb5 is not slick as SSH, you can't use it for a poor-man's VPN; it uses a more expensive cypher (3DES) for both auth and fully encyphered network connections. Rsh, rlogin rcp all available with strong encryption. It's not as easy to setup, nor well suited to very small networks but for my money where applicable it's a far more solid solution.
And yeah OpenSSH's seriously checkered security record has done very little to make me think of applying OpenBSD .. thoughts?
Then I could send a copy to the Disney CEO replete with Mickey humping Minnie ;-)
'course I expect Minnie's a good bit younger than Mickey, so I'll be waiting for her release. (That Mickey is such a cradle-robber!)
Does that change things?
If that happened no I don't think it should change things, with the proviso that as a monopoly MS will be held to a different standard.
However this is demonstrably not the case, at a time when IIS accounted for less than 25% of website servers against apache's 60% IIS represented 65% of defacements to Apache's 25%.
Today many NT/IIS servers have been compromised behind firewalls by virus/worm code vectored by email (Nimda). Microsoft's business model has to include security because even if endusers don't understand the implications, the corporate customers require it (and even MS's most loyal large accounts are not happy about their record at this point).
Judges, politicians and voters are human and MS's treatment in the courts will inevitably in part hinge on people's perceptions. MS's business model from the beginning has prioritized denying options to their customers, rather than providing the best possible product. This is part of why they it has been determined by the District Court's judgment that Microsoft violated 2 of the Sherman Act by employing anticompetitive means to maintain a monopoly in the operating system market
If MS had not acted with such incredible arrogance they probably could have succeeded in finessing this whole case.
And while I expect they are going to wind up with just a slap on the wrist it will be a harder slap than it would have been if they would simply focus on writing solid code in the first place.
If MS would compete on simply the merits of their product there would be no issue here at all. And I don't believe for a minute that they would have taken February for trying to cleanup their security problems if Bill didn't see clearly that their abysmal reputation is affecting the outcome of this case.
And that by the way is a positive outcome imo, I remain skeptical that they will actually succeed in improving quality. (having had my first experience with a serious bug in an MS Fortran compiler in 1983 and having made one of the earliest NT vulnerability reports to CERT in '95 I have little patience with the quality of their products)
At present the law subsidizes software by allowing software makers reduced liability. Hence we are saddled with bug-ridden software which is relatively expensive to operate securely.
Unfortunately the nature of the beast (complexity) exacerbates this. Writing secure code is not easy. Writing secure code that solves complex problems is less easy. (Although I would note that we're getting much better at that, the tremendous growth in software complexity is keeping system-security people busy.)
Microsoft really is (imo) the bad actor here. They have historically written systems of byzantine complexity. And they have historicaly written to proprietary interfaces. I have never looked at a proprietary interface that didn't prove to have serious security problems, ranging from DOS potential to root exploits. I am sure they exist but I've yet to encounter one in the wild.
I beleive this is because when we code thinking that we own both ends of the interface we tend to think less about possible 'what if' consequences Again, this is one of Microsoft's failings, they've always written code as if only MS would ever presume to interface to it. (Remember the smbclient cd .. command which could pop you into an MS lanman c:\drive and MS declaring that the flaw lay with a program executing 'illegal instructions'? [doh!])
Microsoft is changing its practices solely because it now *has* to. They've been determined by the courts to be a monopoly and I believe they're beginning to take that seriously. Opening their patented extensions to Kerberos is an example, Taking February to work on security issues is another. It may just be PR but it's PR which will almost certainly influence their treatment in the courts.
As software becomes ever more pervasive the costs of crack-able systems will grow higher. I for one don't ever want to be run over by a Cadillac that went out of control because its computer recieved an executable email attachment.
*Should* US (EC, jp ...) law / policy begin to put incentives on software venodors to build security into their systems? Absolutely. What approach will be used? I haven't the slightest.
I'd love to see more of the vandals and scriptkiddies being taken into custody, but I also want to see the IT industry working proactively to make their designs less vulnerable in the first place.
If Microsoft wasn't so intent on feeding software buyers email with executable attachements, the need for virus protection would be substantially reduced. It's expensive in the short term to create a solid system, it's more expensive imo to add security to fix this cr*p after the fact.
I've run numerical analysis on rs6000's for a decade now and put the boxes thru their paces. month-long computations with daily operational stuff still chugging along fine. Uptimes typically 6-12 months between reboots.
I had no beefs with AIX for stability, and I've yet to see a linux on which I could pull out one failed (non-raid) disk, swap in another, allocate space, mount and continue operations all without a reboot. and that was back in '94.
IRIX otoh oi! our indigo's used to crash when you looked at 'em crosseyed. I'm sure there were good things about them but their reliability was never my idea of rock-solid
ymmv
The company I used to work for threw $80million! into a SAPR3 system. Andersen Consulting had the contract and they just put the hardware out to lowest bid, no critical eval of capacity to actually achieve better than 99.9% uptime. Sun won the bid.
Now I'm sure that Solaris *can* do this better but this installation was awful. You could count on a 15 minute outage at least once a month. That meant 4000 employees US, EC, japan etc. unable to access the systems, and it was usually a hardware problem on some Solaris database server.
Worse, about 2x in a year the whole shebang would go down for a _whole_day_ due to a problem in the cluster. And the (very expensive) full duplicate backup systems never once were able to pickup the load.
Sorry I didn't think much of sun/Solaris before that, thought much less of 'em after. I make that system's uptime based on experience to have been 99.4%. nowhere near good enough for what we paid.
China and much of the rest of the world do not have the huge existing investment in existing systems, that coupled with an economy that can less well afford the rates that some software vendors can levy.
GPL? not at all sure about your point? GPL may not even be enforceable in the US let alone China. Presumabley the server code that extends RF's commercial server versions are not opensource .. (like RH) the list prices look pretty steep. And notably there is no price listed on their secured linux. I wonder
if that is even available to non-governmental people?