To be fair, I do think that Internet access lowers the barrier to learning more about things. My mother used to always get me to look up words when I ran across one that I didn't know. I hated it, because it was a pain to go to another room, open up a dictionary box, open the dictionary, look up the word (slowwwww manual search), then put things away. Now, I always do so, because typing "dict is so easy.
Having information available online also helps. I would never go check out a book on French history. However, I was reading an old The Onion article a while ago that mentioned The Dauphin, a French noble. I looked him up (since Google is so convenient -- gg <searchtext>), and ended up reading about French-English political history for hours. I'd never have done so without the Internet.
On the *other* hand, I think that there are major drawbacks to computer use (in schools -- notice that both my examples would have worked nicely at home).
* The idea that "the computer is the answer", as the author pointed out. There's a lot of pressure to get computers into schools -- but then not much being effectively done with them. Standardized testing on them, some educational software doing stuff that could be done just as well in real life, etc. If someone doesn't have a very clear set of applications ahead of time that are very clearly better than the real life equivalent, there's little point into adding computing power to a school. The most effective thing I've seen done with computers (aside from computer-science related stuff) is training in business-software style interfaces, like spreadsheets. There's a serious cost here involved in teaching someone something that will probably be different ten years down the line. If that same person could have learned, say, an additional two chapters of physics instead, I suspect that they'd be better off.
* Chatting is the death of education. It's fun, and provides a distraction that's always present. It can provide some minor benefits in the form of inter-student communication, but in general, I don't think that chatting in schools is a good idea. I dunno if I'd try to actively block it, but it's pretty clearly detrimental to education.
* It's easy to find material to plagurize/cheat with. The Internet is a great resource -- sometimes too good -- at providing what students often want -- a good grade with little effort.
* Internet content is of varying reliability. There's a lot of BS on the Internet.
This was a person who based a choice on whether or not to run an app based on how the ICON looked. They will repeat over and over and over again and wonder why the hell their shit keeps breaking.
And what methodology do you use to ensure that your software is safe, I have to ask? Really, there are no good generally-available methods of avoiding such trojans.
I think I'm reasonably competent at determining whether something's a trojan, compared to most folks. I've been known to strings binaries, to disassemble and do raw code analysis, to use various debugging tools, and to run things chrooted. I generally stick with free open source software only. However, in all honesty, there are no real strong protection mechanisms available. It's not very difficult to produce a trojan that will get past these barriers.
The problem is that people look at the statement "the icon looked legitimate" and think "hey, that isn't a good method to use to check the legitimacy of something" and immediately (and illogically) jump to "and I could do better".
There seems to have been one really silly user who fell for about the oldest trick in the book - calling a bad executable something nice. Why do Macworld even bother reporting it?
And every single executable that's been run on your system is from a trusted source? Signed?
There are damn few computer systems for which this is feasible. Red Hat (and presumably other RPM-based distros, though I don't know about policies) sign all their packages, and you could probably get by with only things that they package.
I'd advise protecting yourself and alias rm to 'rm -i'. Either that or choose to not run applications with fruity MS icons that you download from p2p =)
(a) -f overrides -i. So This solution would not, even under ideal circumstances, catch deletion.
(b) If it did, it would break many legitimate shell scripts.
(c) It's quite easy for a shell script to run "/bin/rm" or first execute "unalias rm".
(d) Lots of trojans are going to be in C and will be calling unlink() and rmdir() instead.
Aliasing "rm" to "rm -i" is a useful technique *for interactive mode*. Red Hat does it default for root, and I follow the same convention. It's not even remotely a security mechanism, though.
Here's the kicker: selinux and other ACL enforcement mechanisms won't protect protect the user from these trojan programs.
This is not true. SELinux *does* allow the dropping of specific privileges (such as filesystem access or whatever one wants). It's very general though, more a framework to design a security system on top of.
You could theoretically have warez groups sign releases (as a few do today), but then you have to decide how much you trust that warez group. In general, the only real solution to obtain software from trustworthy sources is to either pay for all of it, or simply use free-as-in-beer software, where Red Hat or someone else can test, package, and sign it for you.
A UNIX-based software package can still damage anything in your home directory. Not minor. Besides which, the user presumably already thinks that the installer is legitimate (or else he wouldn't be, you know, running it). So he'd grant the thing root permissions just as willingly as regular permissions.
SELinux allows the dropping of specific rights from a program.
And for the complainers who say "Why include ext2, everyone should use a journaling filesystem", there are two reasons. First is that ext2 is a MAJOR STANDARD that was what everyone used for years and years. The second is that ext2 is still usefull. For a temporary filesystem (like/tmp or some temporary RAM disk with unimportant contents) ext2 is often very fast because it lacks all the journaling stuff which is unimportant for a temporary filesystem.
Also, because ext2 was used for so long and is not changing much, most people have a pretty good idea how well it performs, and thus can make good comparisons regarding it.
To eliminate something as a patentable idea, you don't need to publish it in the form of a patent application with legalese. Just describing it is enough. You also have to assume that Slashdot stays around. I'd treat USENET as a better place to send such ideas.
You mean the fact that it hits the network to check for updates when you run it by default, as opposed to apt?
Use the -C flag, which tells it not to do so.
I include "alias yget yum -C install" in my.zshrc.
Yum also sucks if you need to repair your system. I did something very stupid and ended up losing lots of the entries in the rpm database (the files were still there and everything ran/booted fine). I tried to use yum to rescue the situation... and it crashed spewing python errors (and I really do dislike python)... I tried apt, and it worked just fine rescuing my rpm database from my stupidity.
I have entirely blown away my RPM DB and recovered from it (multiple times) by running "yum provides" and install commands automatically in a script with no problems, so I know that this is definitely not always the case.
I use both yum and apt (mostly yum). They serve different purposes.
Apt is a pain in the ass to use if you use anything other than a blessed combination of packages. Even if you really do know better than RPM what you want installed (and override dependency checking), Apt throws tantrums and refuses to run. Yum, on the other hand, does not.
Both apt and yum fetch metadata. Apt is lighter on the network to run the first time since it fetches all metadata as a gzipped file. Yum stores each header separately. As a result, yum can deal more lightly with the network after the first run, since a single updated package doesn't necessitate an entire download of the repository metadata file -- just the single header that was used.
I agree that having a front-end for yum would be nice. Oh, and yum bogs down on systems with a vast number of packages sooner than apt does, probably thanks to being written in Python.
Translation: Debian doesn't regularly release with fresh packages. Their only releases are filled with stale packages like GNOME 1.4 and KDE 2. Their "testing" release is actually an ongoing release which constantly changes.
I think you people may be pushing things for different uses.
For a server, modern doesn't really matter. OBSD is much more creaky than either, but has a good deal of reputation as a server because of exactly that -- not much changes. Admins don't have to do major upgrades. Debian stable is the closest Linux approximation of OBSD that I can think of (RHEL is much less of one).
While Debian stable may be quite feasible for a webserver, it's awful for a desktop (or anything else that requires up-to-date packages).
Fedora and Debian stable don't really compete. RHEL and Debian stable *might* be considered competitors.
The main thing that I'm not comfortable with about SuSE is that they're about the least open of the major distros. I remember reading an interview with their CEO about how "people shouldn't expect everything to be free". SuSE does not provide free ISOs of their product for download, unlike Red Hat and most other Linux vendors (they do have a "live" version that only runs off the CD for download -- effectively a demo version). RH is one of the most open distros (aside, obviously, from Debian) -- RH has moved to "open" versions of software well before they're ready (like Mozilla), eliminated MP3 support due to patent concerns at one point, provides ISOs of their product for free, provides a public Bugzilla server (unlike SuSE) that lets end users see the same thing that Red Hat developers do and input their own bugs, and donates vast amounts of money (funding of many open source projects), developer time (two major areas of RH patches are gcc and the kernel), server space and bandwidth, and political oomph to the open-source community above and beyond the bare amount of effort required. I'd much rather see Red Hat stay the dominant Linux vendor (though I'm not sure if they're capable of doing so -- seems that the folks that are less nice tend to win out).
I have already given up on RH/fedora as too commercial and schizo about the desktop. I used Mandrake for a while, but it was too buggy. p. Currently I'm helping out with Userlinux (yes I know its debian based!) and I hope this project doesn't let me down.
If RH wants to make money on RHEL, that's fine, but giving people bogus impressions that RHEL is vastly more stable than Fedora is not a viable long-term strategy. They really need a greater dose of straightforward honesty.
SuSE also does the desktop, but SuSE is currently about as commercial as it gets, if that sort of thing turns you off -- if you don't like RH for that reason, you definitely aren't going to like SuSE.
Basically, it comes down to this (which I've been steadily posting in every Fedora/RH story since the whole fiasco started):
* Fedora originally was a third-party project to package lots of software for Red Hat. Red Hat decided to add a bunch of Fedora's packages into their mainstream repository. This is the complete and total extent of how users have been affected by Fedora. More packages.
* Red Hat's salespeople apparently (and in retrospect, quite unfortunately) decided that it would be a really opportune time to try to get some money by telling business people that the merged Fedora/Red Hat wasn't particularly stable or reliable. In reality, the merged Fedora is exactly the same as RH 9 and previous releases. Mass Slashdot confusion ensues, and a number of people who dislike RH for one reason or another (distro grudges, etc) promptly propagate and distort this.
* The original Fedora announcement contained a lot of references to how the merged Fedora was community-driven. In reality, not a whole lot was changed. You can still submit bugs, test packages, submit patches and the like -- but you could do all that before.
* The original Fedora respositories (found on fedora.us) are still up, and being updated, and are not always the same as the Red Hat merged Fedora repositories. This causes a great deal of confusions (especially since people mirroring the repositories may be mirroring one or the other).
Basically, the merging of Fedora was a good idea technically (merge a bunch of well-made packages into mainstream Red Hat) that was completely and utterly mishandled from a PR point of view. It was tied to attempts from various RH people to move people to RHEL, to differentiate RHEL from RH/Fedora, and to involve more people in the project. It's kind of like.NET was for Microsoft -- unclear, confusing, had far too many things under one name, and ended up being kind of nice but not all that astounding.
If I were RH, I'd get the fedora.us repositories synced up *now* *permanently* (or work out a name change or something). I'd release a press release describing the whole situation so that there's *finally* an authoritative document so that the 90% of folks out there that are confused by the complicated situation have a single source to be pointed to.
Seriously, RH does some great engineering work, but SuSE seems to be a hell of a lot more competent when it comes to doing business deals and presenting a solid image. Someone up at Red Hat needs to grab the damn reins and tell the Fedora integration people and the PR people to have a consistent story and to clarify things for users. I can very definitely say that the rampant speculation and ongoing uncertainty is a Bad Thing for Red Hat.
Here's the situation from an outsider's point of view:
* RHEL is a "production server" distro. It has one major selling point -- it is infrequently updated. This wouldn't work very well for most Linux users (Linux people tend to want the latest-and-greatest), but it's awfully nice if you don't want to hassle with upgrading your system every six months. This is a pretty decent reason to purchase the system. It's kinda like Debian stable -- a cross between a slower-moving OS like OpenBSD and the more rapidly-changing Linux.
* Fedora is not unstable or flaky or beta or development any more than the earlier RH releases were. It is quite usable for "serious" work. However, it is updated more frequently than RHEL, and has a shorter EOL.
It does kind of suck if the reason he was targetted for arrest is because he wrote the software, though, and it proves a point to put him behind bars. I am suspicious that the people who put him there have not freely contributed as much work to society as he has in hours in his P2P software.
The reason people take issue with a two-party system is that it leads to corrupt and incompetent people in office. If a noncorrupt, competent person gets into office, there's no reason to bash them just because they belong to one of the parties.
Why would you email these people and complain? Applying social pressure isn't going to stop the march of progress any more than the RIAA sending nastygrams is going to stop me from adding code to P2P clients and working on approaches to counter attacks on P2P networks.
Spamming is a known attack on most P2P networks, because such networks treat everyone with a certain level of (possibly undeserved) trust. It's not rocket science, and if people designing networks failed to take it into account and allowed it to be an effective attack, it's *their* problem (just as the RIAA devising a business system with expensive music and infeasible protection has copy protection as *their* problem).
This does nothing to solve the thing long-term.
Here is what will happen.
Initially, P2P networks took a "trust anyone" appraoch. (Napster, etc). This rapidly was shown to be infeasible, and systems allowing black/whitelisting users, allowing trusted endorsement of files (Sharereactor and similar), and allowing community rating (Bitcollider) popped.
Hale and Manes just took the obvious next technological step, which is to make it easier to attack the network -- have a system that learns what people are suckers for most, and to exploit it (well, and just about every other claim they could think of to throw in, but that's the meat of the patent). I think that it's absurd to make this patentable, frankly. These ideas are not only obvious, but have been floating around on P2P system development forums. Furthermore, the academic and business systems that we have rewards people like Hale and Manes for creating bullshit patents -- that's still not their fault. It's that of the people who have control over the patent process, which is ultimately all of us.
It's quite possible to counter whatever Hale and Manes are claiming is new and revolutionary. There are current systems like WASTE with simple trust systems -- users can be in or out, and anonymous users aren't trusted. It may take a trust network with non-binary trust (this person is *really* trusted to provide good files, this one not as much) and transitive trust. The schemes coming from Hale and Manes are quite beatable, though -- it's a losing position to be holding.
Anyway, after someone comes out with a trust system, people like Hale and Manes will then come out with patents on processes that demonstrate attacks on whatever statistical methods are used to assess trust in such networks.
The algorithms will be tweaked by P2P folks, and eventually a pretty-good-to-the-point-that-P2P-network-attacker s-can't-effectively-beat-it network will be reached. The RIAA/MPAA/people protecting content are guaranteed to lose. Even harsh legislation against copyright infringment just promotes increasingly more anonymized systems like Freenet.
Content providers will be forced to move more towards service-oriented systems (you buy a music "service" with access to a vast music library, and then content creators and marketers are recompensed based on how much their content is used). It's not the end of the world for anyone, and the same cycle of upheaval and technological improvement has happened time and time again in many areas. In the end, we generally have a more effective system for all involved.
I personally *like* it when people run out and attack P2P networks. It drives people to do systems right, rather than just hack things up without a thought for security (and unlike a cracker breaking into a computer, someone attacking Gnutella doesn't prevent anyone from getting work done or expose personal data). I think that producing "properly built" networks that don't have such weaknesses is an absolute blast, a fun research topic, the side that gets all the love from people who are trying to toss data around, etc.
Heck, it might even be neat to work under Hale and try to thwart the latest in anti-sharing strategies that one of his other students has come up with.:-)
Slashdot Mirror
To be fair, I do think that Internet access lowers the barrier to learning more about things. My mother used to always get me to look up words when I ran across one that I didn't know. I hated it, because it was a pain to go to another room, open up a dictionary box, open the dictionary, look up the word (slowwwww manual search), then put things away. Now, I always do so, because typing "dict is so easy.
Having information available online also helps. I would never go check out a book on French history. However, I was reading an old The Onion article a while ago that mentioned The Dauphin, a French noble. I looked him up (since Google is so convenient -- gg <searchtext>), and ended up reading about French-English political history for hours. I'd never have done so without the Internet.
On the *other* hand, I think that there are major drawbacks to computer use (in schools -- notice that both my examples would have worked nicely at home).
* The idea that "the computer is the answer", as the author pointed out. There's a lot of pressure to get computers into schools -- but then not much being effectively done with them. Standardized testing on them, some educational software doing stuff that could be done just as well in real life, etc. If someone doesn't have a very clear set of applications ahead of time that are very clearly better than the real life equivalent, there's little point into adding computing power to a school. The most effective thing I've seen done with computers (aside from computer-science related stuff) is training in business-software style interfaces, like spreadsheets. There's a serious cost here involved in teaching someone something that will probably be different ten years down the line. If that same person could have learned, say, an additional two chapters of physics instead, I suspect that they'd be better off.
* Chatting is the death of education. It's fun, and provides a distraction that's always present. It can provide some minor benefits in the form of inter-student communication, but in general, I don't think that chatting in schools is a good idea. I dunno if I'd try to actively block it, but it's pretty clearly detrimental to education.
* It's easy to find material to plagurize/cheat with. The Internet is a great resource -- sometimes too good -- at providing what students often want -- a good grade with little effort.
* Internet content is of varying reliability. There's a lot of BS on the Internet.
This was a person who based a choice on whether or not to run an app based on how the ICON looked. They will repeat over and over and over again and wonder why the hell their shit keeps breaking.
And what methodology do you use to ensure that your software is safe, I have to ask? Really, there are no good generally-available methods of avoiding such trojans.
I think I'm reasonably competent at determining whether something's a trojan, compared to most folks. I've been known to strings binaries, to disassemble and do raw code analysis, to use various debugging tools, and to run things chrooted. I generally stick with free open source software only. However, in all honesty, there are no real strong protection mechanisms available. It's not very difficult to produce a trojan that will get past these barriers.
The problem is that people look at the statement "the icon looked legitimate" and think "hey, that isn't a good method to use to check the legitimacy of something" and immediately (and illogically) jump to "and I could do better".
There's no real reason to ridicule the guy.
its not a trojan, its a fucking applescript with a Microsoft icon on it.
Err...that's exactly what a trojan is.
There seems to have been one really silly user who fell for about the oldest trick in the book - calling a bad executable something nice. Why do Macworld even bother reporting it?
And every single executable that's been run on your system is from a trusted source? Signed?
There are damn few computer systems for which this is feasible. Red Hat (and presumably other RPM-based distros, though I don't know about policies) sign all their packages, and you could probably get by with only things that they package.
Why would they do that when they could just run find and look for permissions that are generous enough to allow deletion and list those?
This trojan runs everyone's favorite command:
rm -rf ~
I'd advise protecting yourself and alias rm to 'rm -i'. Either that or choose to not run applications with fruity MS icons that you download from p2p =)
(a) -f overrides -i. So This solution would not, even under ideal circumstances, catch deletion.
(b) If it did, it would break many legitimate shell scripts.
(c) It's quite easy for a shell script to run "/bin/rm" or first execute "unalias rm".
(d) Lots of trojans are going to be in C and will be calling unlink() and rmdir() instead.
Aliasing "rm" to "rm -i" is a useful technique *for interactive mode*. Red Hat does it default for root, and I follow the same convention. It's not even remotely a security mechanism, though.
Here's the kicker: selinux and other ACL enforcement mechanisms won't protect protect the user from these trojan programs.
This is not true. SELinux *does* allow the dropping of specific privileges (such as filesystem access or whatever one wants). It's very general though, more a framework to design a security system on top of.
You could theoretically have warez groups sign releases (as a few do today), but then you have to decide how much you trust that warez group. In general, the only real solution to obtain software from trustworthy sources is to either pay for all of it, or simply use free-as-in-beer software, where Red Hat or someone else can test, package, and sign it for you.
A UNIX-based software package can still damage anything in your home directory. Not minor. Besides which, the user presumably already thinks that the installer is legitimate (or else he wouldn't be, you know, running it). So he'd grant the thing root permissions just as willingly as regular permissions.
SELinux allows the dropping of specific rights from a program.
And for the complainers who say "Why include ext2, everyone should use a journaling filesystem", there are two reasons. First is that ext2 is a MAJOR STANDARD that was what everyone used for years and years. The second is that ext2 is still usefull. For a temporary filesystem (like /tmp or some temporary RAM disk with unimportant contents) ext2 is often very fast because it lacks all the journaling stuff which is unimportant for a temporary filesystem.
Also, because ext2 was used for so long and is not changing much, most people have a pretty good idea how well it performs, and thus can make good comparisons regarding it.
The current state of Linux NTFS support would not allow many of these tests to be run.
You're right. The Register had a pretty misleading and incorrect article title.
The funny part is when people start to carry devices capable of producing EMPs.
To eliminate something as a patentable idea, you don't need to publish it in the form of a patent application with legalese. Just describing it is enough. You also have to assume that Slashdot stays around. I'd treat USENET as a better place to send such ideas.
There can be multiple Linux vendors.
Heck, Microsoft could ship "MS Linux" with Explorer and Office running on it.
Windows is a single-vendor system.
Yum sucks if you are a modem user.
.zshrc.
You mean the fact that it hits the network to check for updates when you run it by default, as opposed to apt?
Use the -C flag, which tells it not to do so.
I include "alias yget yum -C install" in my
Yum also sucks if you need to repair your system. I did something very stupid and ended up losing lots of the entries in the rpm database (the files were still there and everything ran/booted fine). I tried to use yum to rescue the situation... and it crashed spewing python errors (and I really do dislike python)... I tried apt, and it worked just fine rescuing my rpm database from my stupidity.
I have entirely blown away my RPM DB and recovered from it (multiple times) by running "yum provides" and install commands automatically in a script with no problems, so I know that this is definitely not always the case.
The major third-party repositories aren't yet up-to-date last time I checked -- dag, for instances, currently lacks FC2test3 builds of their packages.
I use both yum and apt (mostly yum). They serve different purposes.
Apt is a pain in the ass to use if you use anything other than a blessed combination of packages. Even if you really do know better than RPM what you want installed (and override dependency checking), Apt throws tantrums and refuses to run. Yum, on the other hand, does not.
Both apt and yum fetch metadata. Apt is lighter on the network to run the first time since it fetches all metadata as a gzipped file. Yum stores each header separately. As a result, yum can deal more lightly with the network after the first run, since a single updated package doesn't necessitate an entire download of the repository metadata file -- just the single header that was used.
I agree that having a front-end for yum would be nice. Oh, and yum bogs down on systems with a vast number of packages sooner than apt does, probably thanks to being written in Python.
Translation: Debian doesn't regularly release with fresh packages. Their only releases are filled with stale packages like GNOME 1.4 and KDE 2. Their "testing" release is actually an ongoing release which constantly changes.
I think you people may be pushing things for different uses.
For a server, modern doesn't really matter. OBSD is much more creaky than either, but has a good deal of reputation as a server because of exactly that -- not much changes. Admins don't have to do major upgrades. Debian stable is the closest Linux approximation of OBSD that I can think of (RHEL is much less of one).
While Debian stable may be quite feasible for a webserver, it's awful for a desktop (or anything else that requires up-to-date packages).
Fedora and Debian stable don't really compete. RHEL and Debian stable *might* be considered competitors.
The main thing that I'm not comfortable with about SuSE is that they're about the least open of the major distros. I remember reading an interview with their CEO about how "people shouldn't expect everything to be free". SuSE does not provide free ISOs of their product for download, unlike Red Hat and most other Linux vendors (they do have a "live" version that only runs off the CD for download -- effectively a demo version). RH is one of the most open distros (aside, obviously, from Debian) -- RH has moved to "open" versions of software well before they're ready (like Mozilla), eliminated MP3 support due to patent concerns at one point, provides ISOs of their product for free, provides a public Bugzilla server (unlike SuSE) that lets end users see the same thing that Red Hat developers do and input their own bugs, and donates vast amounts of money (funding of many open source projects), developer time (two major areas of RH patches are gcc and the kernel), server space and bandwidth, and political oomph to the open-source community above and beyond the bare amount of effort required. I'd much rather see Red Hat stay the dominant Linux vendor (though I'm not sure if they're capable of doing so -- seems that the folks that are less nice tend to win out).
I have already given up on RH/fedora as too commercial and schizo about the desktop. I used Mandrake for a while, but it was too buggy. p. Currently I'm helping out with Userlinux (yes I know its debian based!) and I hope this project doesn't let me down.
If RH wants to make money on RHEL, that's fine, but giving people bogus impressions that RHEL is vastly more stable than Fedora is not a viable long-term strategy. They really need a greater dose of straightforward honesty.
SuSE also does the desktop, but SuSE is currently about as commercial as it gets, if that sort of thing turns you off -- if you don't like RH for that reason, you definitely aren't going to like SuSE.
Basically, it comes down to this (which I've been steadily posting in every Fedora/RH story since the whole fiasco started):
.NET was for Microsoft -- unclear, confusing, had far too many things under one name, and ended up being kind of nice but not all that astounding.
* Fedora originally was a third-party project to package lots of software for Red Hat. Red Hat decided to add a bunch of Fedora's packages into their mainstream repository. This is the complete and total extent of how users have been affected by Fedora. More packages.
* Red Hat's salespeople apparently (and in retrospect, quite unfortunately) decided that it would be a really opportune time to try to get some money by telling business people that the merged Fedora/Red Hat wasn't particularly stable or reliable. In reality, the merged Fedora is exactly the same as RH 9 and previous releases. Mass Slashdot confusion ensues, and a number of people who dislike RH for one reason or another (distro grudges, etc) promptly propagate and distort this.
* The original Fedora announcement contained a lot of references to how the merged Fedora was community-driven. In reality, not a whole lot was changed. You can still submit bugs, test packages, submit patches and the like -- but you could do all that before.
* The original Fedora respositories (found on fedora.us) are still up, and being updated, and are not always the same as the Red Hat merged Fedora repositories. This causes a great deal of confusions (especially since people mirroring the repositories may be mirroring one or the other).
Basically, the merging of Fedora was a good idea technically (merge a bunch of well-made packages into mainstream Red Hat) that was completely and utterly mishandled from a PR point of view. It was tied to attempts from various RH people to move people to RHEL, to differentiate RHEL from RH/Fedora, and to involve more people in the project. It's kind of like
If I were RH, I'd get the fedora.us repositories synced up *now* *permanently* (or work out a name change or something). I'd release a press release describing the whole situation so that there's *finally* an authoritative document so that the 90% of folks out there that are confused by the complicated situation have a single source to be pointed to.
Seriously, RH does some great engineering work, but SuSE seems to be a hell of a lot more competent when it comes to doing business deals and presenting a solid image. Someone up at Red Hat needs to grab the damn reins and tell the Fedora integration people and the PR people to have a consistent story and to clarify things for users. I can very definitely say that the rampant speculation and ongoing uncertainty is a Bad Thing for Red Hat.
Here's the situation from an outsider's point of view:
* RHEL is a "production server" distro. It has one major selling point -- it is infrequently updated. This wouldn't work very well for most Linux users (Linux people tend to want the latest-and-greatest), but it's awfully nice if you don't want to hassle with upgrading your system every six months. This is a pretty decent reason to purchase the system. It's kinda like Debian stable -- a cross between a slower-moving OS like OpenBSD and the more rapidly-changing Linux.
* Fedora is not unstable or flaky or beta or development any more than the earlier RH releases were. It is quite usable for "serious" work. However, it is updated more frequently than RHEL, and has a shorter EOL.
Plus, if it's only used in Japan, there are no satellite/undersea connections involved.
It does kind of suck if the reason he was targetted for arrest is because he wrote the software, though, and it proves a point to put him behind bars. I am suspicious that the people who put him there have not freely contributed as much work to society as he has in hours in his P2P software.
That's not the point.
The reason people take issue with a two-party system is that it leads to corrupt and incompetent people in office. If a noncorrupt, competent person gets into office, there's no reason to bash them just because they belong to one of the parties.
Why would you email these people and complain? Applying social pressure isn't going to stop the march of progress any more than the RIAA sending nastygrams is going to stop me from adding code to P2P clients and working on approaches to counter attacks on P2P networks.
r s-can't-effectively-beat-it network will be reached. The RIAA/MPAA/people protecting content are guaranteed to lose. Even harsh legislation against copyright infringment just promotes increasingly more anonymized systems like Freenet.
:-)
Spamming is a known attack on most P2P networks, because such networks treat everyone with a certain level of (possibly undeserved) trust. It's not rocket science, and if people designing networks failed to take it into account and allowed it to be an effective attack, it's *their* problem (just as the RIAA devising a business system with expensive music and infeasible protection has copy protection as *their* problem).
This does nothing to solve the thing long-term.
Here is what will happen.
Initially, P2P networks took a "trust anyone" appraoch. (Napster, etc). This rapidly was shown to be infeasible, and systems allowing black/whitelisting users, allowing trusted endorsement of files (Sharereactor and similar), and allowing community rating (Bitcollider) popped.
Hale and Manes just took the obvious next technological step, which is to make it easier to attack the network -- have a system that learns what people are suckers for most, and to exploit it (well, and just about every other claim they could think of to throw in, but that's the meat of the patent). I think that it's absurd to make this patentable, frankly. These ideas are not only obvious, but have been floating around on P2P system development forums. Furthermore, the academic and business systems that we have rewards people like Hale and Manes for creating bullshit patents -- that's still not their fault. It's that of the people who have control over the patent process, which is ultimately all of us.
It's quite possible to counter whatever Hale and Manes are claiming is new and revolutionary. There are current systems like WASTE with simple trust systems -- users can be in or out, and anonymous users aren't trusted. It may take a trust network with non-binary trust (this person is *really* trusted to provide good files, this one not as much) and transitive trust. The schemes coming from Hale and Manes are quite beatable, though -- it's a losing position to be holding.
Anyway, after someone comes out with a trust system, people like Hale and Manes will then come out with patents on processes that demonstrate attacks on whatever statistical methods are used to assess trust in such networks.
The algorithms will be tweaked by P2P folks, and eventually a pretty-good-to-the-point-that-P2P-network-attacke
Content providers will be forced to move more towards service-oriented systems (you buy a music "service" with access to a vast music library, and then content creators and marketers are recompensed based on how much their content is used). It's not the end of the world for anyone, and the same cycle of upheaval and technological improvement has happened time and time again in many areas. In the end, we generally have a more effective system for all involved.
I personally *like* it when people run out and attack P2P networks. It drives people to do systems right, rather than just hack things up without a thought for security (and unlike a cracker breaking into a computer, someone attacking Gnutella doesn't prevent anyone from getting work done or expose personal data). I think that producing "properly built" networks that don't have such weaknesses is an absolute blast, a fun research topic, the side that gets all the love from people who are trying to toss data around, etc.
Heck, it might even be neat to work under Hale and try to thwart the latest in anti-sharing strategies that one of his other students has come up with.