But it would be a great way to scare the general public. It won't necessarily be as terrifying as hijacking planes, but it can spread some fear into many people. (mainly IT types)
Actually, the last DoS attack on the root nameservers sucked, but it didn't frighten IT people. The only people things like this frighten are Average Joe Consumer types who don't really understand how these things work. For them, the "web" is the "Internet", and anything that affects "the web" could bring down the whole Internet (as if it's just a few computers in a lab somewhere that can be shut down like shutting off a light switch).
The DNS system was designed for redundancy; if it can withstand a direct nuclear attack on 60% of its facilities (vis; 6-7 of the root servers), it can withstand a DoS attack. Considering the upstream providers of each of the root servers are responsive enough to throttle the traffic to a more reasonable level, and the caching, heirarchal nature of the DNS system (except for mickey-mouse systems who query the root nameservers only with no fallback support), it would take days to notice an outage. In that time, the root servers could set up spare boxes and have the system back up and running with relatively minimal disruption.
To truly affect the operation of "the internet" as a whole, a DDoS attack would have to be sustained for days on end.
Don't you slashdotters understand yet? The music indsutry is trying to obsolete CDs as quickly as possible so that a more "protectable" format can be produced.
While I agree that seems to be their motivation; are they really going to be able to slip that by consumers? 8-tracks and audio casettes went out the window because they were bulky, had poor(by comparison) sound, and their playing quality diminished over time. Audio CDs, however, do not posess any of these technical flaws.
Moreover, at this point consumers have access to so many CD players, not to mention extraordinarily large CD collections (one friend of mine has approximately 900 CDs and growing), that it would be a huge transition. If not an all-at-once thing, surely it'll take them a decade or so.
Even if they DO create a format that, magically, won't allow itself to be digitally reproduced - what's to stop audiophiles from recording and encoding the output stream?
This whole undertaking just sparks of an abortive effort. They attack Napster, a hundred other P2P networks spring up in its place. They create encrypted CDs that can only be played in "{company} approved" devices, and by the release date over 100k people already have the entire contents of the CD. They create DRM on their CDs, people buy a $5.00 cable from their local Radio Shack and circumvent it.
I wonder just how long the record labels are going to survive before they figure out that they, not just their technology, are obsolete.
Considering your jump of the gun there, and the previous post, I agree, just burn a buttload of em and charge for the CD. Unless of course that smell permeating from this story is BS and johnnylaw will come bangin on your door, in which case, nevermind.
You have to remember that many colleges, universities, and businesses have site licensing that allows them to lend out their software to students / employees for use at home or on the road, while a member of the institution.
I'm reasonably certain that's why the poster included that little disclaimer, and I counter that it's the accusers in this thread who are "jumping the gun", in that they don't appear to be informed about various site licensing options available to large organizations.
Can we please stop all this MS bashing? Every piece of software has security alerts and patches issued. Why, in a week where we have alerts for Samba, php, kde (libs and network) and apache, do we have to hear about IE yet again?
Slashdot reports security vulnerabilities that affect large portions of the userbase. All of the above affect large portions of the OSS world, and IE vulnerabilities affect the vast majority of the workstation userbase (globally!). The difference between OSS and Microsoft security bulletins, however, tends to be that the OSS bulletins are generally followed-up shortly after release with "... and get the patch here, here, and here, and download [updated|backported] versions from your vendor here, here, and here". Only too often do we see updates to Microsoft bulletins that read along the lines of "... and Microsoft is stonewalling [me|us]... " or "... Microsoft has officially denounced this as invalid... " or "... Microsoft has accepted the bug report and is working on a solution... " (which doesn't arrive for six weeks, and does so very silently with little more than yet-another-MS-bulletin and another item in the Windows Update listing).
The reason Slashdotters 'bash' Microsoft, especially in the face of "yet another IE/IIS critical security vulnerability" is that they're so recurring. The fact that this one happens to be digitally signed by Microsoft themselves, and that the only way to get around the vulnerability is to literally stop trusting Microsoft makes it more than hilarious; it's downright embarassing for them. When something embarasses one of the Open Source world's largest nemeses, and the very giant who has its sights set on Linux (primarily) and phasers set to kill, it gives us a warm tingly feeling, and human nature dictates that when this feeling is present, "I Told You So!" is a response that gives us imense amounts of pleasure.
Speaking of "I Told You So", I have to remember to show this one to our co-op student when he's next in. It'll make for a good practical demonstration of why I told him not to check "Always trust from... " checkboxes within IE.
security *did* get compromised, the damage is already done at that point, is it not? People who exploit the publicized hack aren't going to "shuffle some files" around, they'll screw up the machine. Sure, Joe Victim will wish he had believed it earlier, but now it's too late.
Security was compromised when this product rolled off the lines. This is Internet Explorer after a (fairly) substantial service pack and several security updates on top of that. This has been an on-going trend in the computer industry with Microsoft software since about day 1; but people still trust in Microsoft to keep their systems secure.
All of the past exploits are right there - they're right in front of their face; all they have to do is open their eyes. When you read the 'blurbs' on Windows Update you'll see just how much damage can be done to an unpatched system. Heaven forbid you update your Windows98 machine to Internet Explorer version 6.0 without SP1 or the security updates - it almost seems as if they introduced even more vulnerabilities than they'd fixed in the last version.
The wet bench addage stands; if people read about how often their computers need updates and actually considered it for a moment - for example, the frequency with which they may give out their name, address, phone number, SIN (or SSN), credit card number(s) and other personal information over the Internet - USING this notoriously insecure product, don't you think people would reconsider? For the most part, based upon the sheer number of Microsoft lemmings who just don't want to know any better, vis; typical consumers, and with Microsoft's market-share and marketting targetted at people who don't know anything past a mouse cursor I believe that's pretty hard to dispute, no. People prefer an easy to use interface over stability or security.
Now, that sounds like it means that if you tell someone something that is beyond the scope of their understanding or knowledge, they will believe you, but if it is more tangible/testable to them, they'll be more critical.
The point was more simply if something is right in front of somebody's face, they don't tend to believe it until their pants have lines of paint on them. The average Joe doesn't tend to use logic or critical thinking (I'll save the discussion about the public education system and parenting for another day.;) ), and as a result they only comprehend what, so to speak, smacks them in the forehead.
I don't see how this extended explanation helps the average person (those who are lock experts and hardcore burglars already know/know where to find out).
The general population has this habit of not believing things. There's an old addage that goes; "Tell a man there are a billion stars in the universe and he will believe you. Tell him a bench is covered in wet paint and he'll touch it." (Or something to that effect).
If I told people that I could disable their electronic car alarms, get around their club, hotwire their ignition switches and drive off with their car in under 2 minutes, they'd scoff. If I did it, they'd take note, and their false sense of security will quickly dissapear.
Likewise with computers; if you tell a person that the product they're using (web browser, web server, operating system, etc.) is insecure, they won't believe you. You could quote statistics, point to empirical evidence, and give them all the hard facts you could muster; but they'll scoff at you and retort "It's never happened to me, so I don't know what you're talking about." But if you go home and proceed to shuffle the files around on their hard drive and leave 'love letters' on their desktop they just might sit up and start paying attention.
I'm all for giving people practical lessons in their own ignorance. The more ignorant, and the more wilful and obtuse that ignorance, the more torture they should be put through.
In an ideal world people would take standard precautions with these extraordinarily powerful batches of silicon they're connecting to a T1-or-greater speed link with the potential to cause severe damage to any number of multi-billion dollar, multi-national computer systems (along with your average run of the mill corporation and home user machines) and/or trust in trained professionals to implement atleast rudimentary precautions for their computers (and home LANs), and perhaps (just perhaps!) take their advise with a little more than just a grain of salt. I've completely given up telling people that Outlook (Express) is an insecure P.O.S. because they just don't listen. Besides that, I've decided that I prefer a business where they keep coming in and occupying one of our benches at $35/hour while we eradicate their latest viral infection or backup any data we can recover before we format their drives and re-install Windows.
(For the record; for many of them, just one instance of being 'schooled' by malicious types doesn't always teach them. We have a lot of repeat customers in the virus / system recovery market)
Long story short; until you kick them in the pants, they just won't believe that it'll hurt.
They didn't give me that choice, unfortunately, so the license "cost" of running Windows versus not running Windows is zero.
You've had that choice all along - that's just ignorant consumerism. Find a "white box" computer store and have a computer built from parts - sans operating system. You get more control over what goes in the box, you'll likely save money, and you won't be paying for something you won't use anyways.
If you think that any private person currently uses Linux, you are wrong.
That's quite the sweeping generalization. Care to elucidate?
I've paid zero for Windows (came with computers) but have paid over 500$ for various Linux distributions in the last years.
I beg to differ. Many computer retailers, especially the larger ones (Dell, IBM, HP/Compaq, etc.) bury the cost of Windows in the cost of the PC. It was referred to as "Microsoft Tax", and many stores (if you asked) would outright refuse to remove the OS, and thus the cost, from the purchase price. You've been paying less than off-the-shelf prices for the operating system (we sell OEM versions at a less expensive rate than you could purchase a box version from a retail outlet, for example), probably even bulk discounted rates from the big OEMs themselves, but you have paid for every version you've run.
I, on the other hand, have never paid money for a Linux distribution. I've sent business clients to distributions to pay for the support aspect of the purchase price, but for personal use I've downloaded in some way or another the following, and more distributions without paying a cent;
Gentoo Linux 1.4a
Gentoo Linux 1.3a
Gentoo Linux 1.2
SuSE Linux 7.0
SuSE Linux 6.4
SuSE Linux 6.2
SuSE Linux 6.0
SuSE Linux 5.x
RedHat Linux 6.2
RedHat Linux 6
RedHat Linux 5.2
RedHat Linux 5.0
Mandrake Linux 8
Mandrake Linux 7
FreeBSD 5.0
FreeBSD 4.7
FreeBSD 4.4
Corel Linux
Slackware Linux 7.0
Slackware Linux 4.0
Slackware Linux 3.9
There are others, and if you count the Linux distributions my mentor (the guy who convinced me to install Linux in the first place) has downloaded, and/or purchased from the likes of "CheapBytes" (or whatever the website that sells Linux/BSD distributions for the cost of the media and shipping), the list would, I'm sure, triple.
The only reason to pay full-price for a Linux distribution is two-fold; the manual that comes with it, and the corporate support. The benefeits of the manual are negligible, and the support exists in droves all around the Internet. So the only people who need the manual are people who need help in connecting their new Linux system to the Internet, or the people who are just so used to physical support means they have difficulty adapting.
I say the above because at the rate the computer industry changes, by the time a book has gone through editing and publishing cycles, is purchased, read, and digested by a consumer it's probably already out of date. I bought "Maximum Linux Security" and it was already obsolete - it referenced kernel version 2.2, and I was already using 2.4 which adressed a lot of the issues he raised vis TCP security and firewalls.
KDE3 is better and prettier.
Here I have to agree with you. KDE3's transparency and gradients, along with its hi-colour icons make it a lot better looking than Windows. Add in a couple of different themes (I'm somwahat partial to Mosfet Liquid, but I'm becomming rather attached to the themes that ship with KDE) and you've got a gorgeous user environment.
I have to agree with you. TD Canada Trust and ScotiaBank work fine for me. I have accounts with both that don't charge me for use of their online services, FWIW, but I do have a monthly transaction limit with Scotia (my primary bank).
The DUCA Credit Union also appears to be Mozilla / Netscape friendly.
A tip; ask the banks if they support "Netscape Communicator". That usually indicates whether they're at all biased. There are, however, some pages (I can't recall specifics at this time. I believe Sprint Canada's website is one such culprit) who support Communicator 4.x, but not 6, which leaves Mozilla in the lurch.
Re:Annoyance does not equal invasion of privacy
on
The Economics of Spam
·
· Score: 2
*But* it violates my principles to eat meat, and I would rather no one did, for I honestly believe that all living things have value, but I'm not going to force that on anyone.
This doesn't exactly apply, though. See, my principles (on this specific issue) revolve around not invading someone's privacy, or more to the point, not annoying them. By "them" I refer not only to the end recipient, but also the intermediaries along the way who have to deal with an increased volume of [email/phone calls] at an expense to them for which they see no return.
I can liken it instead to smoking. I smokeed for quite some time. When I did, I wouldn't smoke in non-smokers' houses, I wouldn't smoke at restaurants if I was the only smoker there - in other words, I didn't allow my bad habit to impact my friends, family, colleagues and aquaintances. Now that I've quit, I expect people to not smoke in my home - even the ones who used to do so when I still smoked (now they stand on the porch).
Since I don't like smoke being blown in my face, I won't blow it in other peoples' faces. Simple as that. I can't understand how so many people who claim to be people of integrity would break their principles so casually. They're always hiring at donut shops and restaurants. Everybody has to eat, and last I checked, it's not a terrible inconvenience to the masses to feed people.
Some people certainly go to far in pursuit of "making a living," and I am all for a principled life. But, in the perfect world, there would be no hunger, no murder, and respect for everyone. Would the world be better if spamming weren't here? Sure. But where does that rank on the scale of things I would change about the world? Maybe not at the bottom, but there are certainly many, many, far more pressing issues to come first.
So because it's not at the top of your list, it makes it acceptable?
This lady's made a trade off, which is a necessary consequence of living in the real world, and it looks like a pretty good one to me. If spam is terrible, then get a spam filter. or lobby your representatives to outlaw it.
Some of us, on the other hand, would rather flip burgers or clean toilets than violate our principles.
I don't know about you, but knowing how much I fundamentally despise such invasions of privacy as SPAM and telemarketers, I know I wouldn't be able to look at myself in the mirror (barring my stunning good looks, of course;) ) if I was professionally involved in such practices.
Some people go a little too far in the name of "making a living", IMHO.
Are Lycos and Citysearch big enough for you? How about Namezero, the largest domain-hosting company on the Internet?
Not exactlly mission-critical though, are they?
Funny how the BIND proponents say that BIND 8 and BIND 9 are completely different products when we're talking about security, but then suddenly forget the version number when we're talking about deployment.
I'm not talking about the version number, I'm talking about the long history of proven reliability and scalability. Yes, it has a security track record, but do name me an enterprise-level software package or operating system that doesn't.
Like any other large product, it has evolved and continues to this day with its latest version. Like it or not, BIND has proven itself reliable enough for the likes of government, military, mega corporations to stake their electronic presence on. My point is simply that DJBDNS has not.
Most of the comments I'm reading in this thread seem to have a decided lack of sight of 'the big picture'. It seems as if most of the proponants of your product(s) are the weekend cowboy type; running a personal DNS server for their home or SOHO LAN. Then again, what should I expect from an online forum, right?
So, considering 'the big picture' (ie; hundreds of hosted domains, secure zone updates for a plethora of alternate name servers, scalability (the ability to double or triple in size without a major restructuring), and standards compliance) - convince me. Which part of your website and/or documentation shows me why I should reccomend DJBDNS over BIND for an enterprise client.
I don't bother much with comparisons against anything else. DJB's software installs easily, doesn't have security issues, never fails, and has been more stringently tested than anything except software like sendmail and BIND.That is enough for me.
I have but one (two-fold) question for you, and for all the DJBDNS supporters;
How many root nameservers run DJBDNS? On how many billion-query nameservers does DJBDNS run? How many mission-critical servers run DJBDNS? (By "mission-critical", I mean servers where lives, or tens/hundreds of millions of dollars are on the line. No home or SOHO server will be considered)
Until that question can be answered honestly, DJB will remain, in my mind, a weekend cowboy's DNS server. My clients want industry standard servers backing their domains, so BIND is what they get.
So the argument is wether website publishers, or spyware producers get control of my computer?
Looks like it. From what I gather about Gator's software, it's essentially pointless. Many modern web browsers have long shipped with functionality to store form information for websites (including and especially the one in Gator's principle target audience - Internet Explorer), so what we have is software that tracks a person's use of the web, blasts them unmercifully with ads which could see a FedEx or UPS ad appearing on the USPS website, or a Best Buy ad appearing at a small computer vendor's website, or a Sony Music ad appearing at BMG, etc. While this isn't neccesarily the crux of the matter, it's still a great concern to people who budget ads on their website.
Now, standard IANAL applies here, but I certainly hope this won't affect those of us who disable popups in Mozilla, and use ad-filtering proxies (personally, I use AdZap with Squid).
Don't I have a say in this? Why can't I have control of my own computer!?
It does seem like we've got an argument brewing over precisely which fox should guard the henhouse, doesn't it?
I also wonder about the risk of lightning strikes? Presumably a house(-plane) is better grounded than one sitting in the middle of the tarmac.
The Faraday effect would render it just as harmless as a plane in the air or a car on the highway. It has nothing to do with "grounding" (no - rubber tires do not have an effect on cars getting hit by lightening!), and everything to do with the external shape of the craft.
but I should be able to tell them to TURN OFF any filtering on MY connection if I want; or better, I should be able to turn it off myself.
That would be well and good, providing that it were viable to apply the filter at the end points of each and every individual connection. But consider that for every range of ports for every customer one additional firewall/router filter rule is required. Else, for every exception they would have to add a rule before the filters themselves. That becomes exceedingly difficult in a network that makes use of dynamic IPs. So what we'd have in order to satiate a customer (again, one paying a very small price for the bandwidth they're receiving. If you don't believe me, call ISP Business departments and price out T1s, T2s, business ADSL, SDSL, HDSL, etc.) is giving out static IPs, or creating some form of 'intelligent' firewall ruleset that groks for the current IP from a customer database and updates the firewall rules on a continuous basis.
It's been said before, but I'll say it again - if you want "just IP", get a business connection with an SLA and block only the ports you want to block with your own firewall. You can't expect business level service with a consumer product. The same is true in all other industries just as it is in IP. The fact of the matter is the majority of any broadband ISP's customer base requires some form of protection, because against the advice of those who know better people DO enable shared, full-access drives and printers. We generally convince our customers to use an internet router (one-port for individual computers, or four-port for LANs) to add a hardware layer of protection, but our client base is only but a (very) small portion of that of both types of broadband Internet in our area.
I'd love to gain some insight into the psychology behind people who become fanatical over products. What exactly motivates people to do all these crazy things in the name of a piece of electronics?
Now please don't give me any BS about how it's because the Mac is "so high quality" and "a classy piece of gear" as a Machead once tried to convince me, you can get high quality cars, stereo systems, hell even high quality food, but you don't see people build shrines to the Porsche do you? Or maybe you do.....
If anything I can kind of understand Linux freaks, as it's more a movement (vive la revolution and all that) than a product. But the Mac isn't anything other than some heavily marketed electronics. What motivates these people?
Initially I moderated this comment "Insightful", but decided instead to explain myself. He asked a perfectly legitimate question and got modded down twice. Come on, people - use your noggins instead of proving him right.
It's valid to delve into the psychology of people to figure out why they get addicted to something; especially a corporate something.
Linux is a movement; it's about freedom, ridding the world of corporate software that removes our rights, etc..
FreeBSD is an ideal. A trend-setter, and the birthplace of the Internet. It was the underpinnings of a free software revolution (Linux just now happens to carry the torch)
These are examples of things to obsess over, because they're ideals, and taken to an extreme can represent a completely different world where the face of corporations are forever changed.
Apple *IS* a corporation. They make money off of these people in scads; especially when people don't sell their used equipment (people then have less used market to buy from, and have to purchase new from The Corporation That Is Apple).
Creating a community feeling isn't about making people feel warm and fuzzy about their purchase, it's about making people comfortable about spending more money. Period.
A lot of things suck up bandwidth. Why pick on P2P? Linux ISO's take a lot of bandwidth.. let's outlaw downloading of those?
But Linux ISOs don't take up bandwidth 24x7x365 while people leave their computers running with XYZ FileSharing App loaded in the taskbar at all times, whether they're using it or not. I'm reasonably certain that most of the popular filesharing apps have "Start XYZ With Windows" checked per default on installation; and we know how well Joe Average Consumer reads the screens they're clicking through on software installation, right?
Just remember that every file they download immediately becomes a candidate for upload by one, ten, or a thousand people.
What you bought was Internet access, not "filtered access with only some ports available".
It's funny - when the thousands upon thousands of @Home customers were having their filesystems walked all over by malicious types at large, I didn't hear many of them talking about "the principle of the thing".
From a business perspective, blocking the three ports that make 95% of their customer base potentially vulnerable to attack is a better solution than pleasing the 2% of customers who, for whatever reason, want these three ports open (to, I would assume, run a non-standard service on. After all - you wouldn't actually run SMB on the live Internet, would you?)
From my personal point of view, I'd love to see these people schooled on just how vulnerable Microsoft products can be without protection and how they are not qualified to put a computer on the Internet 24x7 without the assistance of a qualified professional; but that doesn't do the broadband ISPs any good.
Even if the FTC cared, the ISPs would simply
start adding obDisclaimer: "Monthly traffic
limits apply. Rate is for residential uses
only. Federal copyright regulations apply.
Offer void in states that have voids." etc.
etc.
Last I checked, companies don't have to tell you that you're not supposed to break the law.
Wouldn't it be silly if General Motors started telling people that "You are not allowed to run over pedestrians with our products."!
Long story short - if you're using their service to break the law, they can shut you down to avoid litigation. If you're abusing their service, they can restrict your usage or bill you for the additional use.
Remember the kid in school that would always say, "My ball, my rules"?
Take note that Linus decided to remind us nine times that it is his tree. I am a big fan of Linux, but not so much of Linus. The way he wrote that letter made him seem a bit childish.
His ball, his house, his court...
Come on - he gave us a kernel that so very many of us run, and let's be honest - he's had a huge impact on computing today. He's just making a point; his tree, his way. The same goes for every other tree out there, they just have different ways of showing it. Vendor trees probably have a comittee of people deciding what kind of path it should take, presumably with a project manager making final decisions.
We also know that he accepts patches from people he doesn't neccesarily get along with, from trivial patches to extensive sub-systems. He was just being a little brutally honest, and I can respect that.
Besides; consider the frustration of having tens of thousands of (wannabe) kernel hackers all around the world who all believe that it's somehow their right to have their latest c00l patch included in the Linus kernel tree. I think he handles it quite well. After all, he's still actively working on the kernel and participating in the whole Linux experience, right? Many people would have taken their ball and gone home by now.
Slashdot Mirror
The DNS system was designed for redundancy; if it can withstand a direct nuclear attack on 60% of its facilities (vis; 6-7 of the root servers), it can withstand a DoS attack. Considering the upstream providers of each of the root servers are responsive enough to throttle the traffic to a more reasonable level, and the caching, heirarchal nature of the DNS system (except for mickey-mouse systems who query the root nameservers only with no fallback support), it would take days to notice an outage. In that time, the root servers could set up spare boxes and have the system back up and running with relatively minimal disruption.
To truly affect the operation of "the internet" as a whole, a DDoS attack would have to be sustained for days on end.
Moreover, at this point consumers have access to so many CD players, not to mention extraordinarily large CD collections (one friend of mine has approximately 900 CDs and growing), that it would be a huge transition. If not an all-at-once thing, surely it'll take them a decade or so.
Even if they DO create a format that, magically, won't allow itself to be digitally reproduced - what's to stop audiophiles from recording and encoding the output stream?
This whole undertaking just sparks of an abortive effort. They attack Napster, a hundred other P2P networks spring up in its place. They create encrypted CDs that can only be played in "{company} approved" devices, and by the release date over 100k people already have the entire contents of the CD. They create DRM on their CDs, people buy a $5.00 cable from their local Radio Shack and circumvent it.
I wonder just how long the record labels are going to survive before they figure out that they, not just their technology, are obsolete.
I'm reasonably certain that's why the poster included that little disclaimer, and I counter that it's the accusers in this thread who are "jumping the gun", in that they don't appear to be informed about various site licensing options available to large organizations.
Actually, it's "micros~1". First six characters, tilde, then number to allow it to fit with in the "8" of the 8.3 file format.
</NIGGLE>
Slashdot reports security vulnerabilities that affect large portions of the userbase. All of the above affect large portions of the OSS world, and IE vulnerabilities affect the vast majority of the workstation userbase (globally!). The difference between OSS and Microsoft security bulletins, however, tends to be that the OSS bulletins are generally followed-up shortly after release with "... and get the patch here, here, and here, and download [updated|backported] versions from your vendor here, here, and here". Only too often do we see updates to Microsoft bulletins that read along the lines of "... and Microsoft is stonewalling [me|us] ... " or "... Microsoft has officially denounced this as invalid ... " or "... Microsoft has accepted the bug report and is working on a solution ... " (which doesn't arrive for six weeks, and does so very silently with little more than yet-another-MS-bulletin and another item in the Windows Update listing).
The reason Slashdotters 'bash' Microsoft, especially in the face of "yet another IE/IIS critical security vulnerability" is that they're so recurring. The fact that this one happens to be digitally signed by Microsoft themselves, and that the only way to get around the vulnerability is to literally stop trusting Microsoft makes it more than hilarious; it's downright embarassing for them. When something embarasses one of the Open Source world's largest nemeses, and the very giant who has its sights set on Linux (primarily) and phasers set to kill, it gives us a warm tingly feeling, and human nature dictates that when this feeling is present, "I Told You So!" is a response that gives us imense amounts of pleasure.
Speaking of "I Told You So", I have to remember to show this one to our co-op student when he's next in. It'll make for a good practical demonstration of why I told him not to check "Always trust from ... " checkboxes within IE.
All of the past exploits are right there - they're right in front of their face; all they have to do is open their eyes. When you read the 'blurbs' on Windows Update you'll see just how much damage can be done to an unpatched system. Heaven forbid you update your Windows98 machine to Internet Explorer version 6.0 without SP1 or the security updates - it almost seems as if they introduced even more vulnerabilities than they'd fixed in the last version.
The wet bench addage stands; if people read about how often their computers need updates and actually considered it for a moment - for example, the frequency with which they may give out their name, address, phone number, SIN (or SSN), credit card number(s) and other personal information over the Internet - USING this notoriously insecure product, don't you think people would reconsider? For the most part, based upon the sheer number of Microsoft lemmings who just don't want to know any better, vis; typical consumers, and with Microsoft's market-share and marketting targetted at people who don't know anything past a mouse cursor I believe that's pretty hard to dispute, no. People prefer an easy to use interface over stability or security.
The point was more simply if something is right in front of somebody's face, they don't tend to believe it until their pants have lines of paint on them. The average Joe doesn't tend to use logic or critical thinking (I'll save the discussion about the public education system and parenting for another day.If I told people that I could disable their electronic car alarms, get around their club, hotwire their ignition switches and drive off with their car in under 2 minutes, they'd scoff. If I did it, they'd take note, and their false sense of security will quickly dissapear.
Likewise with computers; if you tell a person that the product they're using (web browser, web server, operating system, etc.) is insecure, they won't believe you. You could quote statistics, point to empirical evidence, and give them all the hard facts you could muster; but they'll scoff at you and retort "It's never happened to me, so I don't know what you're talking about." But if you go home and proceed to shuffle the files around on their hard drive and leave 'love letters' on their desktop they just might sit up and start paying attention.
I'm all for giving people practical lessons in their own ignorance. The more ignorant, and the more wilful and obtuse that ignorance, the more torture they should be put through.
In an ideal world people would take standard precautions with these extraordinarily powerful batches of silicon they're connecting to a T1-or-greater speed link with the potential to cause severe damage to any number of multi-billion dollar, multi-national computer systems (along with your average run of the mill corporation and home user machines) and/or trust in trained professionals to implement atleast rudimentary precautions for their computers (and home LANs), and perhaps (just perhaps!) take their advise with a little more than just a grain of salt. I've completely given up telling people that Outlook (Express) is an insecure P.O.S. because they just don't listen. Besides that, I've decided that I prefer a business where they keep coming in and occupying one of our benches at $35/hour while we eradicate their latest viral infection or backup any data we can recover before we format their drives and re-install Windows.
(For the record; for many of them, just one instance of being 'schooled' by malicious types doesn't always teach them. We have a lot of repeat customers in the virus / system recovery market)
Long story short; until you kick them in the pants, they just won't believe that it'll hurt.
I, on the other hand, have never paid money for a Linux distribution. I've sent business clients to distributions to pay for the support aspect of the purchase price, but for personal use I've downloaded in some way or another the following, and more distributions without paying a cent;
There are others, and if you count the Linux distributions my mentor (the guy who convinced me to install Linux in the first place) has downloaded, and/or purchased from the likes of "CheapBytes" (or whatever the website that sells Linux/BSD distributions for the cost of the media and shipping), the list would, I'm sure, triple.
The only reason to pay full-price for a Linux distribution is two-fold; the manual that comes with it, and the corporate support. The benefeits of the manual are negligible, and the support exists in droves all around the Internet. So the only people who need the manual are people who need help in connecting their new Linux system to the Internet, or the people who are just so used to physical support means they have difficulty adapting.
I say the above because at the rate the computer industry changes, by the time a book has gone through editing and publishing cycles, is purchased, read, and digested by a consumer it's probably already out of date. I bought "Maximum Linux Security" and it was already obsolete - it referenced kernel version 2.2, and I was already using 2.4 which adressed a lot of the issues he raised vis TCP security and firewalls.
Here I have to agree with you. KDE3's transparency and gradients, along with its hi-colour icons make it a lot better looking than Windows. Add in a couple of different themes (I'm somwahat partial to Mosfet Liquid, but I'm becomming rather attached to the themes that ship with KDE) and you've got a gorgeous user environment.The DUCA Credit Union also appears to be Mozilla / Netscape friendly.
A tip; ask the banks if they support "Netscape Communicator". That usually indicates whether they're at all biased. There are, however, some pages (I can't recall specifics at this time. I believe Sprint Canada's website is one such culprit) who support Communicator 4.x, but not 6, which leaves Mozilla in the lurch.
I can liken it instead to smoking. I smokeed for quite some time. When I did, I wouldn't smoke in non-smokers' houses, I wouldn't smoke at restaurants if I was the only smoker there - in other words, I didn't allow my bad habit to impact my friends, family, colleagues and aquaintances. Now that I've quit, I expect people to not smoke in my home - even the ones who used to do so when I still smoked (now they stand on the porch).
Since I don't like smoke being blown in my face, I won't blow it in other peoples' faces. Simple as that. I can't understand how so many people who claim to be people of integrity would break their principles so casually. They're always hiring at donut shops and restaurants. Everybody has to eat, and last I checked, it's not a terrible inconvenience to the masses to feed people.
So because it's not at the top of your list, it makes it acceptable?I don't know about you, but knowing how much I fundamentally despise such invasions of privacy as SPAM and telemarketers, I know I wouldn't be able to look at myself in the mirror (barring my stunning good looks, of course ;) ) if I was professionally involved in such practices.
Some people go a little too far in the name of "making a living", IMHO.
If you want pure, unrestricted IP access - buy a commercial connection that comes with an SLA.
Like any other large product, it has evolved and continues to this day with its latest version. Like it or not, BIND has proven itself reliable enough for the likes of government, military, mega corporations to stake their electronic presence on. My point is simply that DJBDNS has not.
Most of the comments I'm reading in this thread seem to have a decided lack of sight of 'the big picture'. It seems as if most of the proponants of your product(s) are the weekend cowboy type; running a personal DNS server for their home or SOHO LAN. Then again, what should I expect from an online forum, right?
So, considering 'the big picture' (ie; hundreds of hosted domains, secure zone updates for a plethora of alternate name servers, scalability (the ability to double or triple in size without a major restructuring), and standards compliance) - convince me. Which part of your website and/or documentation shows me why I should reccomend DJBDNS over BIND for an enterprise client.
How many root nameservers run DJBDNS? On how many billion-query nameservers does DJBDNS run? How many mission-critical servers run DJBDNS? (By "mission-critical", I mean servers where lives, or tens/hundreds of millions of dollars are on the line. No home or SOHO server will be considered)
Until that question can be answered honestly, DJB will remain, in my mind, a weekend cowboy's DNS server. My clients want industry standard servers backing their domains, so BIND is what they get.
Now, standard IANAL applies here, but I certainly hope this won't affect those of us who disable popups in Mozilla, and use ad-filtering proxies (personally, I use AdZap with Squid).
It does seem like we've got an argument brewing over precisely which fox should guard the henhouse, doesn't it?It's been said before, but I'll say it again - if you want "just IP", get a business connection with an SLA and block only the ports you want to block with your own firewall. You can't expect business level service with a consumer product. The same is true in all other industries just as it is in IP. The fact of the matter is the majority of any broadband ISP's customer base requires some form of protection, because against the advice of those who know better people DO enable shared, full-access drives and printers. We generally convince our customers to use an internet router (one-port for individual computers, or four-port for LANs) to add a hardware layer of protection, but our client base is only but a (very) small portion of that of both types of broadband Internet in our area.
It's valid to delve into the psychology of people to figure out why they get addicted to something; especially a corporate something.
Linux is a movement; it's about freedom, ridding the world of corporate software that removes our rights, etc..
FreeBSD is an ideal. A trend-setter, and the birthplace of the Internet. It was the underpinnings of a free software revolution (Linux just now happens to carry the torch)
These are examples of things to obsess over, because they're ideals, and taken to an extreme can represent a completely different world where the face of corporations are forever changed.
Apple *IS* a corporation. They make money off of these people in scads; especially when people don't sell their used equipment (people then have less used market to buy from, and have to purchase new from The Corporation That Is Apple).
Creating a community feeling isn't about making people feel warm and fuzzy about their purchase, it's about making people comfortable about spending more money. Period.
Just remember that every file they download immediately becomes a candidate for upload by one, ten, or a thousand people.
From a business perspective, blocking the three ports that make 95% of their customer base potentially vulnerable to attack is a better solution than pleasing the 2% of customers who, for whatever reason, want these three ports open (to, I would assume, run a non-standard service on. After all - you wouldn't actually run SMB on the live Internet, would you?)
From my personal point of view, I'd love to see these people schooled on just how vulnerable Microsoft products can be without protection and how they are not qualified to put a computer on the Internet 24x7 without the assistance of a qualified professional; but that doesn't do the broadband ISPs any good.
Wouldn't it be silly if General Motors started telling people that "You are not allowed to run over pedestrians with our products."!
Long story short - if you're using their service to break the law, they can shut you down to avoid litigation. If you're abusing their service, they can restrict your usage or bill you for the additional use.
Come on - he gave us a kernel that so very many of us run, and let's be honest - he's had a huge impact on computing today. He's just making a point; his tree, his way. The same goes for every other tree out there, they just have different ways of showing it. Vendor trees probably have a comittee of people deciding what kind of path it should take, presumably with a project manager making final decisions.
We also know that he accepts patches from people he doesn't neccesarily get along with, from trivial patches to extensive sub-systems. He was just being a little brutally honest, and I can respect that.
Besides; consider the frustration of having tens of thousands of (wannabe) kernel hackers all around the world who all believe that it's somehow their right to have their latest c00l patch included in the Linus kernel tree. I think he handles it quite well. After all, he's still actively working on the kernel and participating in the whole Linux experience, right? Many people would have taken their ball and gone home by now.