I've recently been having troubles like that with microwave ovens - twice over the past 4 months (separate incidents), microwave ovens had to be unplugged and given a chance to let the computers reset to get the working again - no mechanical issues, just resetting their microcomputers.
Shouldn't the parents be the ones looking out for their kids?
Of course they should, but doesn't society also have a role in helping look after kids? Where's the social responsibility of giving kids free access to guns, drugs, sugar, p0rn and sex, and then falling back on "it's someone else's responsibility" as the pimp's excuse?
It just burns me up to see that kind of remark made.
On the other hand, Sen Hatch should be working as hard to protect fair use protections for consumers as he is to knock back rampant piracy.
Piracy is not fair use. Misappropriation of other people's labor and effort (whether GNU licensed software, studio-produced rock 'n roll, or expensively researched and tested HIV drugs) is piracy, and it should be the "concensus of the commons" to defeat it.
If you don't like the rules, change the rules - don't just steal.
VMWare Workstation 4 has a new build - see http://www.vmware.com/support/ws45/doc/releasenote s_ws45.html where it says "Support for SUSE LINUX 9.1 guests
This means you may run SUSE LINUX 9.1 as a guest operating system in this release of VMware Workstation. "
Longhorn still sounds to me like Cairo - the "next generation, object oriented file system-based OS" promised in '94. Give it a 15 year development cycle (2009) and Moore's law makes this not implausable. All that OO thinking must take a lot of cpu cycles.
You can by 1 terabyte of IDE 7200 RPM disk for $800 now (Maxtor - WD is $200 more for the tb) at CompUSA.
I just wonder if they expect you to RAID it so it doesn't have to be backed up?
Motivations to change need to be more than simply regulatory - they need to be financial.
Companies and users who abuse their customers privacy should be responsible for their abuses.
Companies and developers (open source, too) should take responsibility for their work, and (within the bounds of 'reasonable due dilligence') be held responsible for their failures and defects.
What those bounds of "reasonable due dilligence" are should be discovered in the traditional ways - industry best practices, regulatory base lines, and professional society codes of conduct.
There should be a tiered collection of mechanisms that consumers can rely on for assurance of the quality and integrity of what they're getting - from "anything goes" to licensed and bonded developers to insurance-backed warrantees of performance.
It's time for software to grow up and join the ranks of mature industries.
[prophet-mode] While it won't take hold until the next decade, enthusiasts interested in privacy concerns should wonder now - "How will I control which collective(s) I join?"
This convergence will lead to a new round of truely "personal computing", where once again industry will "leave security until later" with catastrophic results. Self organizing grids need to learn to deal, now, with developing healthy doses of suspicion, doubt, identity and mistrust of "others".
You have been warned! Don't let there be just one. [/prophet-mode]
No, it was SCO - this was back before Caldera acquired SCO's name and UNIX business.
Has anyone looked into whether Novell can simply revoke SCO's contract on the basis that the "new" SCO is being a chowderhead? Did "old" SCO Group need Novell's permission to transfer the rights under the original contract to Caldera (the "new" SCO)?
Okay, well I've got several kids games (for the kids) and one or two older strategy games that just won't work on Win2K - anyone know if the W98 emulation setting on WinXPHome shortcuts works with old, "dirty" (peek and poke, is my guess) code?
You (as the admin of your box) - actually, I'm proposing the scenario in which you are hosting your web or blog site at another site, perhaps relying on it's SSL or anonymizer technology, and you would like to be able to inspect (ie, receive a remote attestation as to) the configuration of the machine. That's not too different from what happens in a large corporation with remote datacenters and computers being managed by technicians (repair or otherwise) or even out-sourced EDS operators. My argument is that remote attestation may be useful to the ongoing audit of computer resources, going hand in hand with patch management and software version control.
Most "driver signing" to date, has been implemented by Microsoft as an attempt to improve their image - or, to lock out other vendors providing alternative implementations of certain functionality. Microsoft has argued that it's necessary for them to maintain the integrity of the OS Trusted Comptuting Base in order to sustain their security value proposition for customers, but other companies, including Novell (for whom I work), have offered replacement dlls designed to, for instance, replace the data storage for the SAM subsystem in NT (the bit that creates signed access control tokens used by NT/Domains to allow delegation and remote access to file shares and other applications), with the intent of having SAM use directory-resident information (ala NDS for NT) instead of a local machine-resident registry. In NT4, the dll that performed the storage had well defined interfaces we could export for SAM to use, which allowed us to replace the storage subsystem on which SAM relied. Customers got the advantage of distributed directory management of users and groups, without changing or disrupting SAM's security-sensitive functions of assembling group membership lists (taken from the storage subsystem) and signing tokens.
In Win2K (and AD), Microsoft began using signed dlls that had the effect of making it no longer possible for us to replace the storage dll, and locked customers into using AD if they wanted to use non-local identity store (we had to fall back to replicating with AD to provide identity management for Win2K accounts, with all the accompaning issues of synchronization across multiple vendor directories to deal with).
The point is that Microsoft, in this instance, chose to use one technology (signed modules) in a way that locked out other vendors, instead of using it in a way that would allow a customer to choose their own management paradigm. If they'd provided a framework in which we could sign our DLLs and have them recognized by their loader (all it would take is one more level in their PKI hierarchy - it's not reasonable for them to sign our modules, nor for us to submit our modules to them to be signed).
The lesson for those seeking to extend TCBs via signed code is to please include enough room in the PKI hierarchy to allow independant signers to be trusted in customer systems when customers make a knowledgeable decision to accept them, and not to simply use signed code as a way to limit competition.
That was a joke, son - as others have replied, Postscript, too, is a turing complete language and, if I recall, something of a postfix notation language like forth, as well.
I liked Sun's pre-boot shell just fine...but I haven't had much use for it in the past decade. I welcome more sophisticated pre-boot console systems, but I do NOT welcome entry points for hackers and virus writers to screw with my system before my OS has a chance to get started.
This migration away from BIOS is, indeed, overdue, and is certainly wrapped up in the direction of LeGrand and TPM environments.
Question is, what's the OF crowd doing about automated registration (and qualification against "certified" model/versions) of DMA and PCI bus device controllers? If I decide, at some point, that I no longer "trust" Intel intelligent network interface cards (because their firmware isn't using a GPL-friendly version of S/WAN in it's integrated IPSEC implementation), what will OF do to tell me / warn me that a "tainted" device has been added to a system I'm trying to trust (ASP hosted Apache server, or whatever)?
But you're right...the TCSEC C2 and it's equivalent Controlled Access Protection Profile (and even the Medium Robust OS profiles) all recommend against running systems in environments where you don't trust the users to fully cooperate with security policy. In other words - they're supposed to be adequate to protect against accidental violations of security policy, but not determined attack.
Bottom line, none of us should be using commercial operating systems on the Internet, right? Where's MULTICS when we need it?
Why did they discontinue the portal? It seemed like a good idea to provide a centralized list of evaluated profiles and products. With evaluations coming from all over the world, finding reports for competitive evaluation and profiles for product requirements is important to vendors. Has another site taken up the task?
1) My take is that the NetWare kernel folks (everything is done in the kernel) and the UNIX folks could never agree on implementation details..neither wanted to give an inch. Eventually, when MACH and Chorus got into the discussion things melted down - lack of concensus. There was even an element of OS/2. Too many choices, not enough compelling reasons to abandon long-held beliefs.
2) To say that the Novell - SCO relations are "frosty" now would understate the picture;-)
3) I don't see that Ray "lost control" over Novell, but rather that he gave it up so that the company could grow up and move along. Novell has certainly had a bad few years, but that cash-flow from NetWare 3.x, 4.x, 5.x and 6.x licenses has lasted a LOT longer than I imagined it would back in '95.
The company is pretty transparent, right now...we're doing Linux because that's where we see the business opportunity, and where we can leverage our deep, deep skills and experience running global customer support operations, among other things.
We're almost there...with bluetooth interfaces to implanted cochlear implants, and to visual cortex direct neural simulation stimulators, we can do away with the clumsy spinal taps with which Neo and friends have to put up.
Now, if we can just figure out how to teach the damn things to be suspicious of new acquaintances, we can beat the Borg via free-market alternatives to the one, monopolizing collective!
At the end of the day, companies like Microsoft and SCO won't be stopped by the US.
Interesting point, that - haven't colonial wars usually been fought by national reprisals (via privateers) against the commercial interests of Imperial-granted monopolies (ala The India Company, The Hudson Bay company, etc.?)
In the era of Imperial America, it seems somehow appropriate that nations would use their own courts to reign in the commercial excesses of Imperialist American Global interests.
For years the common wisdom has been that traffic analysis attacks were too hard to master to worry about. It's interesting that the technique is now being turned on the attackers themselves as a means of detecting infections. Makes sense in the context of IBM's auto-immune system approach to system health.
But, note - in computer security, as in human health - there are two fundamental approaches:
once well, don't get sick and
once sick, get well fast
A hospice volunteer I talked to last week pointed out that holistic eastern philosophies of medicine offer an interesting alternative perspective on how to approach "wellness". I wonder if there's something like accupuncture we should be exploring for intrusion detection systems and anti-virus/spam filters?
"Just because some random signing-whore... The CA will sign *any* key for a price"
Speak for yourself. But your point drives home an issue that PGP handles well - webs of trust are more easily grown, though less able to bear liability, than top-down hierarchies. The real question is how do you write an algorithm that allows new folks to send you mail without allowing EVERYONE (including spammers) to send mail. Authentication helps, but it doesn't address the trust issue.
Remember the "old days" when email was mysterious, and the only way some folks could send you mail was if you could send them one first that they could reply to?
True - I'd like to see an open source NCPFS automounter running over TCP/IP (not IPX) that's directory enabled from Linux...we'll have to see about what kind of Linux multi-user helper (to store user credentials for single signon among NCP-based applications like the file / print client) will we wind up with.
I agree...and have started using the analogy that the Common Criteria approach is about starting out well and trying not to get sick...while the OSS approach is like sending your kid to public schools where they're exposed to everything and develop a resistance over time as they (patch and test) get well each time.
Get well fast (OSS) or don't get sick (CC). You need both.
The value in OSS isn't that it's free (it's not, as in beer) but that it's transparent.
That's a really interesting question - they're (we're?) faced with trying to decide whether to do NSS or some such as a native file format (including Virtual File Services?) or just using Reiserfs or ext3. What does the community think we should do?
In any event, the rights policy question has more to do with the administrative model running on the machine - capabilities with/without root, LSM-based SELinux, etc...I've even wondered if they (we?) should do a Novell LSM plugin...thoughts?
Slashdot Mirror
I've recently been having troubles like that with microwave ovens - twice over the past 4 months (separate incidents), microwave ovens had to be unplugged and given a chance to let the computers reset to get the working again - no mechanical issues, just resetting their microcomputers.
Had to look...Google's never heard of it, either...so, ya got me...
Of course they should, but doesn't society also have a role in helping look after kids? Where's the social responsibility of giving kids free access to guns, drugs, sugar, p0rn and sex, and then falling back on "it's someone else's responsibility" as the pimp's excuse?
It just burns me up to see that kind of remark made.
On the other hand, Sen Hatch should be working as hard to protect fair use protections for consumers as he is to knock back rampant piracy.
Piracy is not fair use. Misappropriation of other people's labor and effort (whether GNU licensed software, studio-produced rock 'n roll, or expensively researched and tested HIV drugs) is piracy, and it should be the "concensus of the commons" to defeat it.
If you don't like the rules, change the rules - don't just steal.
VMWare Workstation 4 has a new build - see http://www.vmware.com/support/ws45/doc/releasenote s_ws45.html where it says
"Support for SUSE LINUX 9.1 guests
This means you may run SUSE LINUX 9.1 as a guest operating system in this release of VMware Workstation. "
Longhorn still sounds to me like Cairo - the "next generation, object oriented file system-based OS" promised in '94. Give it a 15 year development cycle (2009) and Moore's law makes this not implausable. All that OO thinking must take a lot of cpu cycles.
You can by 1 terabyte of IDE 7200 RPM disk for $800 now (Maxtor - WD is $200 more for the tb) at CompUSA.
I just wonder if they expect you to RAID it so it doesn't have to be backed up?
Motivations to change need to be more than simply regulatory - they need to be financial.
Companies and users who abuse their customers privacy should be responsible for their abuses.
Companies and developers (open source, too) should take responsibility for their work, and (within the bounds of 'reasonable due dilligence') be held responsible for their failures and defects.
What those bounds of "reasonable due dilligence" are should be discovered in the traditional ways - industry best practices, regulatory base lines, and professional society codes of conduct.
There should be a tiered collection of mechanisms that consumers can rely on for assurance of the quality and integrity of what they're getting - from "anything goes" to licensed and bonded developers to insurance-backed warrantees of performance.
It's time for software to grow up and join the ranks of mature industries.
A craft-guild mentality will hold us all back.
Informative? Informative? Look, I know Chris Stone, I've worked with Chris Stone, and Chris Stone bares very little resemblance to that Chris Stone!
While it won't take hold until the next decade, enthusiasts interested in privacy concerns should wonder now - "How will I control which collective(s) I join?"
This convergence will lead to a new round of truely "personal computing", where once again industry will "leave security until later" with catastrophic results. Self organizing grids need to learn to deal, now, with developing healthy doses of suspicion, doubt, identity and mistrust of "others".
You have been warned! Don't let there be just one.
[/prophet-mode]
No, it was SCO - this was back before Caldera acquired SCO's name and UNIX business.
Has anyone looked into whether Novell can simply revoke SCO's contract on the basis that the "new" SCO is being a chowderhead? Did "old" SCO Group need Novell's permission to transfer the rights under the original contract to Caldera (the "new" SCO)?
Okay, well I've got several kids games (for the kids) and one or two older strategy games that just won't work on Win2K - anyone know if the W98 emulation setting on WinXPHome shortcuts works with old, "dirty" (peek and poke, is my guess) code?
You (as the admin of your box) - actually, I'm proposing the scenario in which you are hosting your web or blog site at another site, perhaps relying on it's SSL or anonymizer technology, and you would like to be able to inspect (ie, receive a remote attestation as to) the configuration of the machine. That's not too different from what happens in a large corporation with remote datacenters and computers being managed by technicians (repair or otherwise) or even out-sourced EDS operators. My argument is that remote attestation may be useful to the ongoing audit of computer resources, going hand in hand with patch management and software version control.
Most "driver signing" to date, has been implemented by Microsoft as an attempt to improve their image - or, to lock out other vendors providing alternative implementations of certain functionality. Microsoft has argued that it's necessary for them to maintain the integrity of the OS Trusted Comptuting Base in order to sustain their security value proposition for customers, but other companies, including Novell (for whom I work), have offered replacement dlls designed to, for instance, replace the data storage for the SAM subsystem in NT (the bit that creates signed access control tokens used by NT/Domains to allow delegation and remote access to file shares and other applications), with the intent of having SAM use directory-resident information (ala NDS for NT) instead of a local machine-resident registry. In NT4, the dll that performed the storage had well defined interfaces we could export for SAM to use, which allowed us to replace the storage subsystem on which SAM relied. Customers got the advantage of distributed directory management of users and groups, without changing or disrupting SAM's security-sensitive functions of assembling group membership lists (taken from the storage subsystem) and signing tokens.
In Win2K (and AD), Microsoft began using signed dlls that had the effect of making it no longer possible for us to replace the storage dll, and locked customers into using AD if they wanted to use non-local identity store (we had to fall back to replicating with AD to provide identity management for Win2K accounts, with all the accompaning issues of synchronization across multiple vendor directories to deal with).
The point is that Microsoft, in this instance, chose to use one technology (signed modules) in a way that locked out other vendors, instead of using it in a way that would allow a customer to choose their own management paradigm. If they'd provided a framework in which we could sign our DLLs and have them recognized by their loader (all it would take is one more level in their PKI hierarchy - it's not reasonable for them to sign our modules, nor for us to submit our modules to them to be signed).
The lesson for those seeking to extend TCBs via signed code is to please include enough room in the PKI hierarchy to allow independant signers to be trusted in customer systems when customers make a knowledgeable decision to accept them, and not to simply use signed code as a way to limit competition.
I liked Sun's pre-boot shell just fine...but I haven't had much use for it in the past decade. I welcome more sophisticated pre-boot console systems, but I do NOT welcome entry points for hackers and virus writers to screw with my system before my OS has a chance to get started.
This migration away from BIOS is, indeed, overdue, and is certainly wrapped up in the direction of LeGrand and TPM environments.
Question is, what's the OF crowd doing about automated registration (and qualification against "certified" model/versions) of DMA and PCI bus device controllers? If I decide, at some point, that I no longer "trust" Intel intelligent network interface cards (because their firmware isn't using a GPL-friendly version of S/WAN in it's integrated IPSEC implementation), what will OF do to tell me / warn me that a "tainted" device has been added to a system I'm trying to trust (ASP hosted Apache server, or whatever)?
Wasn't Postscript good enough for them?
No wonder it's not hit mainstream.
As a vendor, that's quite enough!
But you're right...the TCSEC C2 and it's equivalent Controlled Access Protection Profile (and even the Medium Robust OS profiles) all recommend against running systems in environments where you don't trust the users to fully cooperate with security policy. In other words - they're supposed to be adequate to protect against accidental violations of security policy, but not determined attack.
Bottom line, none of us should be using commercial operating systems on the Internet, right? Where's MULTICS when we need it?
Why did they discontinue the portal? It seemed like a good idea to provide a centralized list of evaluated profiles and products. With evaluations coming from all over the world, finding reports for competitive evaluation and profiles for product requirements is important to vendors. Has another site taken up the task?
1) My take is that the NetWare kernel folks (everything is done in the kernel) and the UNIX folks could never agree on implementation details..neither wanted to give an inch. Eventually, when MACH and Chorus got into the discussion things melted down - lack of concensus. There was even an element of OS/2. Too many choices, not enough compelling reasons to abandon long-held beliefs.
;-)
2) To say that the Novell - SCO relations are "frosty" now would understate the picture
3) I don't see that Ray "lost control" over Novell, but rather that he gave it up so that the company could grow up and move along. Novell has certainly had a bad few years, but that cash-flow from NetWare 3.x, 4.x, 5.x and 6.x licenses has lasted a LOT longer than I imagined it would back in '95.
The company is pretty transparent, right now...we're doing Linux because that's where we see the business opportunity, and where we can leverage our deep, deep skills and experience running global customer support operations, among other things.
We're almost there...with bluetooth interfaces to implanted cochlear implants, and to visual cortex direct neural simulation stimulators, we can do away with the clumsy spinal taps with which Neo and friends have to put up.
Now, if we can just figure out how to teach the damn things to be suspicious of new acquaintances, we can beat the Borg via free-market alternatives to the one, monopolizing collective!
At the end of the day, companies like Microsoft and SCO won't be stopped by the US.
Interesting point, that - haven't colonial wars usually been fought by national reprisals (via privateers) against the commercial interests of Imperial-granted monopolies (ala The India Company, The Hudson Bay company, etc.?)
In the era of Imperial America, it seems somehow appropriate that nations would use their own courts to reign in the commercial excesses of Imperialist American Global interests.
But, note - in computer security, as in human health - there are two fundamental approaches:
once well, don't get sick
and
once sick, get well fast
A hospice volunteer I talked to last week pointed out that holistic eastern philosophies of medicine offer an interesting alternative perspective on how to approach "wellness". I wonder if there's something like accupuncture we should be exploring for intrusion detection systems and anti-virus/spam filters?
"Just because some random signing-whore ... The CA will sign *any* key for a price"
Speak for yourself. But your point drives home an issue that PGP handles well - webs of trust are more easily grown, though less able to bear liability, than top-down hierarchies. The real question is how do you write an algorithm that allows new folks to send you mail without allowing EVERYONE (including spammers) to send mail. Authentication helps, but it doesn't address the trust issue.
Remember the "old days" when email was mysterious, and the only way some folks could send you mail was if you could send them one first that they could reply to?
True - I'd like to see an open source NCPFS automounter running over TCP/IP (not IPX) that's directory enabled from Linux...we'll have to see about what kind of Linux multi-user helper (to store user credentials for single signon among NCP-based applications like the file / print client) will we wind up with.
I agree...and have started using the analogy that the Common Criteria approach is about starting out well and trying not to get sick...while the OSS approach is like sending your kid to public schools where they're exposed to everything and develop a resistance over time as they (patch and test) get well each time.
Get well fast (OSS) or don't get sick (CC). You need both.
The value in OSS isn't that it's free (it's not, as in beer) but that it's transparent.
See iFolder and iPrint, that don't require a client32 50MB install to use - just a browser.
It's not the RPMs list, but close - check out the 1-2-3 links for details of the plan
That's a really interesting question - they're (we're?) faced with trying to decide whether to do NSS or some such as a native file format (including Virtual File Services?) or just using Reiserfs or ext3. What does the community think we should do?
In any event, the rights policy question has more to do with the administrative model running on the machine - capabilities with/without root, LSM-based SELinux, etc...I've even wondered if they (we?) should do a Novell LSM plugin...thoughts?