I tried to follow your logic on this. A patch not working suddenly jumps to audit teams being able to audit client source code.
Your proposal has a slight cost problem...
Firstly, I don't think something as complex as Linux or Windows which changes as often as it does is going to be audited by one comapanies audit team. It is just too expensive. I still struggle with justifying the cost of a simple business application code security audit in our company. It is just too expensive. What you're saying is needed is unrealistic for any company who's business is not creating software.
The bank I work for would never go for it.
I can imagine some projects with high availability requirements like airplane "fly by wire" systems being heavily audited but an insurance quoting system. Forget it.
The patch/test/break cycle is not infallible but it's cheap and usually works. Until corporations find a lot more dollars to throw at this problem it won't change.
On the flip side and perhaps the thing that supports some of what you say is, most large corporates can't handle massive patch update rollouts. How do you do rollouts of unknown patches to server/workstation environments of greater than 10 000 PC's and not be worried that half your environment will stop working?
I still don't see how opening the source fixes that problem though.
I think it's clear that current open source operating systems still have to patch often and frequently. Noone is infallible. Even OpenBSD is not infallible. We have to recognise and respect this. The classic example is we are still finding holes in "security projects" like OpenSSH and Kerberos years after their releases. Audits just don't happen often enough and aren't effective enough to get everything.
The real problem is the distributed computing model.
If DRM can do what it SHOULD do and stop illegal trading, fine. The reality is most technologies stop me from using what I pay money for in VERY legitimate ways.
In FACT most often they don't actually stop me copying. They stop me from reading on something that CAN copy. Stupid.
I object to them using MY modem to set their arbitrary limits.
I can do what I like with my modem if I so choose. I still would like them to limit my speed just don't do it with my modem if you are going to charge me money for it.
Have they put in provisions to separate the SFTP and interactive shell or command execution protocols?
Last time I tried to play with SFTP I could not get an external company to have SFTP access without a lot of shell level mucking around to stop them having access to log in via shells or rlogin style features.
And yes I'm lazy, yes I should ask the question in the correct forum and yes I should probably contribute to the project but I am, I couldn't be bothered finding it again and I would be useless to them.
Anyway congratulations and thinkyou for what is other than my stupid whinge a great product. (Opensource or otherwise)
I like many others was not concerned with them going. Thier attempt to lock the market in via the proprietray GLIDE API was a blatant move to control the market.
I'm happy to see the tail end of any company that does this.
Thier lawsuit against the guy doing the GLIDE wrapper didn't help improve my opinion of them.:-)
Slashdot Mirror
I tried to follow your logic on this. A patch not working suddenly jumps to audit teams being able to audit client source code.
Your proposal has a slight cost problem...
Firstly, I don't think something as complex as Linux or Windows which changes as often as it does is going to be audited by one comapanies audit team. It is just too expensive. I still struggle with justifying the cost of a simple business application code security audit in our company. It is just too expensive. What you're saying is needed is unrealistic for any company who's business is not creating software.
The bank I work for would never go for it.
I can imagine some projects with high availability requirements like airplane "fly by wire" systems being heavily audited but an insurance quoting system. Forget it.
The patch/test/break cycle is not infallible but it's cheap and usually works. Until corporations find a lot more dollars to throw at this problem it won't change.
On the flip side and perhaps the thing that supports some of what you say is, most large corporates can't handle massive patch update rollouts. How do you do rollouts of unknown patches to server/workstation environments of greater than 10 000 PC's and not be worried that half your environment will stop working?
I still don't see how opening the source fixes that problem though.
I think it's clear that current open source operating systems still have to patch often and frequently. Noone is infallible. Even OpenBSD is not infallible. We have to recognise and respect this. The classic example is we are still finding holes in "security projects" like OpenSSH and Kerberos years after their releases. Audits just don't happen often enough and aren't effective enough to get everything.
The real problem is the distributed computing model.
Change that!
Made out of old coathangers?
I paid my airport improvement tax in Calgary.
I can't wait to see the airport improvements next time I go back!
Seriously though in most other nations they just put this tax in the price of the ticket. That way you never get hit up for the cash. Clever huh?
Let me guess. "It's the vibe".
If DRM can do what it SHOULD do and stop illegal trading, fine. The reality is most technologies stop me from using what I pay money for in VERY legitimate ways.
In FACT most often they don't actually stop me copying. They stop me from reading on something that CAN copy. Stupid.
Australia has no "Bill of rights".
There is no such thing as freedom of speach in Australia.
I object to them using MY modem to set their arbitrary limits.
I can do what I like with my modem if I so choose. I still would like them to limit my speed just don't do it with my modem if you are going to charge me money for it.
Her underwear.
The avoid techobabble by having jack O'Niell tell scientists to shut up.
It's sooo good.
Have they put in provisions to separate the SFTP and interactive shell or command execution protocols?
Last time I tried to play with SFTP I could not get an external company to have SFTP access without a lot of shell level mucking around to stop them having access to log in via shells or rlogin style features.
And yes I'm lazy, yes I should ask the question in the correct forum and yes I should probably contribute to the project but I am, I couldn't be bothered finding it again and I would be useless to them.
Anyway congratulations and thinkyou for what is other than my stupid whinge a great product. (Opensource or otherwise)
Ummm... /. deleted the story?
Wow. How nice.
In my experienced they have rung the "Organisational Contact" by ringing the publically advertised corporate phone number.
That is a arguably more difficult to fake than the above.
I like many others was not concerned with them going. Thier attempt to lock the market in via the proprietray GLIDE API was a blatant move to control the market.
:-)
I'm happy to see the tail end of any company that does this.
Thier lawsuit against the guy doing the GLIDE wrapper didn't help improve my opinion of them.
I did a large experiment at work this afternoon. I put a Windows XP box, a Linux box and a Mac box on my desk.
By close of work none of them have moved. How long did they have to wait before they worked out who was outpacing who?
More news at 5.
Seeing as we are regionalising it and Australia is an enlightened country ;-) , "Pounds per square inch" should be "Kilos per square centimeter"
Perhaps the bastard operator from hell could forward his online responses to an ALICE robot. :-)
Thanks for the tip roly. They nearly fooled me.
Lucky you were here.
Careful kids!
This card game is WAY to addictive. You are much better of sticking with Grass.
If I want to pay ridiculous money then I want something ridiculous:
Cool Planes
The designer of the TITANIC went down with the ship. (At least in the movie anyway.)
There's confidence and the test...
I'm not interested until they find a Martian nudist beach.
I love those Martian chicks!
If the Government has time to read all my e-mail can the summarise it and forward it back to me?
Perhaps a pre-recorded evil laughing device.
I find MUUUUAAAAHHAAAHHAAAAHAHAHAHA! can be very taxing on the voicebox after a few hours.
"Evil laugh augmentation device. Pat Pend"
Imagine the bandwidth we are going to need to DL stolen copies of these babies.
All at a time when cable companies are trying to wind back bandwidth useage.
Fun.