I think it shows how Google lives the 'don't do evil' slogan. They try to be a good citizen everywhere.
Exactly! And in Soviet Russia "being a good citizen" means turning in dissidents. In North Korea it means never ever saying anything bad about the Government. In eastern Congo it means tolerating rape and violence against women. In Nazi Germany.... Yup, it's all just a days work in "don't be evil".
This kind of moral relativism run amok is not "don't be evil". I'm not willing to start saying Google has lost any moral fiber, but the extreme you're proposing is simply wrong. I think you've really missed the central issue here though. Google is a red herring in this whole story.
I don't think the video really has much of anything to do with Google being right or wrong. Google is merely reflecting the moral character of the society, and some people don't seem to like looking in the mirror. This kind of thing isn't going away, and it certainly isn't going to be stopped by turning to a centralized source like Google to attempt to control an inherently de-centralized Internet.
What's the most someone could do with this exploit?
Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.
I'd be a lot more inclined to believe a well proven theory than simply looking at the history of past epidemics. With so much talk about history predicting the present, it indicates to me that the knowledge of how epidemics work and how viruses mutate is extremely poor. As an example, we can fairly accurately predict where a hurricane will move in the next few days, but I've never heard anyone say "well, in 1992 Hurricane Andrew went west, then south, then east. It's possible Hurricane XYZ might take a similar route!"
What WOULD be an interesting historical perspective would be comparing deaths, hospitalizations, etc of H1N1 with past pandemics. This wouldn't be predictive in any meaningful way, but it would put this pandemic in perspective. Obviously this is nothing compared to 1918, but how does it compare to the 1957-1958, or the 1968-1969 pandemics? Was the media response as crazy then as it is today? That might actually be very informative, rather than these nonsense largely ignorance based "predictions".
Does it really matter which one is "better"? This article seems to be about people defending own personal choices and make some assumption about which education prepared them better. The only thing that REALLY matters is what you can actually produce, not your credentials. This is about class conflict, and nothing else.
I'm met college educated morons, non-college educated wizards, and the reverse. As the comedian Ron White says "You can't fix stupid".
That's not a bad idea. The real questions would be how much of a drag force could you create at a given distance? The junk is distributed in a cloud around the planet so encounters with junk could be hundreds of meters? Kilometers? Getting closer would require propellant. The field strength is limited by the amount of power you can generate, which ain't much from solar cells. The end effect is it may be completely infeasible because of scale. I wouldn't know how to work the numbers, but maybe someone else does.
Proof of concept devices area always oversized and more costly than the production versions.
Uhh.. maybe for electronics, but usually for power generation you start small scale and build much larger versions.
Here's some scale. The article says this thing will produce just over a mega-joule of energy per-fire. They fire the thing a few times a day. 6 GIGA-joules is the amount of chemical energy in a barrel of oil. That means that per-fire, this thing produces the about the same amount of energy as is in a fluid Oz. of oil.
I still think we should be doing it, but I sure wouldn't bet on the thing becoming smaller and cheaper.
Specifically, you state that historical references must be protected. That is simply not true.
So can you state a case where banning historical speech has been upheld? How about historical speech relevant to this specific case?
Legally, it doesn't matter how many people observe or know about it.
Legally, I couldn't say, though I have my doubts that it doesn't matter. In every other sense though it's a completely different situation. And the law does not state you must forget the event, merely that you must not state (by name) the person(s) involved, once the sentence has been carried out.
Writing something down and even talking to other people about something is a form of memory. Denying the victim the ability to reference an event publicly is a way to deny that it even happened. I do think that people in general "deserve" a fair chance at a new life (note I don't think they have a "right" to that). That chance is up to everyone to give or deny the perpetrator, and is not something governments should get involved in.
It's kind of astounding to me that anyone would seriously think that factually saying "so-and-so murdered my brother". or in this case "Wolfgang Werlé and Manfred Lauber murdered Walter Sedlmayr in 1990" is not protected speech in the U.S.
Freedom of speech, in the United States at least, is not given to citizens so that they can harm other people's reputations or hold them accountable for their actions.
I know of no such restriction that protection of speech is limited to only speech regarding the government. In fact, I'm quite sure that speech protection covers discussing all historical events. Some of the few restrictions are libel, slander, and obscenity. What about that one night when your best friend tried to walk out of the bar drunk, and you stole the car keys and the two of you got into a big fight and the police were called? You want the whole world to know about these things? Or--was it just a mistake and once amends have been made then that's the end of it?
The examples you give are potentially private matters, so addressing them only clouds the issue. This particular case is very much NOT a private matter, and from the article was extraordinary public and common knowledge.
The idea that the public at large is supposed to "by law" forget about a very public event and not refer to the perpetrators in print is simply abhorrent to me. Are the victims no longer allowed to refer to the assailants by name?
Well, what do they use instead? A GUI, with a menu system and a file browser?
An email client, a web browser, a windows machine, a telephone, an Internet connected device?
There's multiple ways to access the services offered by a linux machine you don't own and don't have shell access to. You're thinking too narrowly here. The point is really how many untrusted people have the ability to run arbitrary code on a machine they don't own or have physical access to these days? Not many.
15-20 years ago it was a different story. These days having shell or remote access to the box generally means you either own it, administrate it, or have high enough level access that getting root wouldn't elevate your privileges in any meaningful way.
Here's the thing, though: a shell doesn't actually grant you any power that you don't already have.
Who's you? You the attacker, you the person sitting in front of the physical computer, or you the person with remote access to the machine?
If it's the person sitting in front of the physical computer, you're right. The other two have different answers depending on what access you have to the machine. The whole point is if an attacker has the ability to execute arbitrary code on the machine, all bets are off. There's just too many different things that have to be secured to have any real assurance of security.
If javascript, java, or flash is allowing you to do the kinds of things this vulnerability requires, you're already screwed.
If your browser allows outside code to execute any arbitrary code at the user level that means you're essentially 0wn3d. Being able to get root through such a vulnerability is a minor bonus.
No. This is a vulnerability that makes things worse than they should be.
All vulnerabilities make things worse than they should be. My point is simply that a root vulnerability given shell level access shouldn't be unexpected.
I've felt for a long time that giving someone local shell access to a machine is never going to be completely secure. There's just too many degrees of freedom available, and too many different things that need to be secured. This is just another proof of concept of that principle.
With all the various different interfaces we have today, shell access is something only a small percentage of people need. Even those you could likely limit down to a few administrators, some programmers, and possibly a few special cases.
That's funny, I remember reading about lead and arsenic limits in soil. I also found this article about the dangers of dioxin in soil. Lead, arsenic, and dioxin were all listed in the contaminants of diesel exhaust.
But hey, you do have that signature, so I guess everything I've just said is invalid.
I agree that there are mutiple definitions of the word exploit. I don't agree that they're used differently in different "subcultures". Exploit meaning to take advantage of unfairly is a commonly used definition that crosses culture, as does exploit meaning to utilize (exploit a natural resource). Like any other word with multiple definitions the context in which it's used is what determines which definition is accurate.
Arguing about semantics is irrelevant. It's fairly clear the GP was using the unfair advantage definition. The GP context was one hostile towards commercial software taking on an OSS model.
I'd say this is likely a significant factor in establishing these folks as the 2009 Most Influential Open Source Executives?
Maybe. But your article wasn't titled Most Influential Open Source Executives. It was Most Influential People. Or are you saying that only executives are people?
Uh huh. So you didn't address any of my points, you just steer around them while trying to move the conversation to your own agenda and hope nobody notices. That's marketing for you.
"Cut to a commercial!" "We are a commercial!" "Cut to _another_ commercial"
Now, I guess you could think "Wow! these guys must really be a great company since they have the TOP TWO OSS influencers on their board!". A less naive person might have some other thoughts on that.
This article is little more than marketing masquerading as news. It was written by the companies sales guy. The reason why nobody has ever heard of these people is that the article isn't about actual people of influence, it's an attempt to sell a product.
but unfortunately the Open Source community of programmers has been replaced by a conglomeration of companies who are exploiting Open Source as a tool to further sales.
Ha! If by replaced you mean added to. Companies selling open source software is a Good Thing. It means the open source movement has been successful. How is it exploitation? So we'll never see another programmer at the top of these charts like we did back when Linux was first emerging as a valid alternative to entrenched Unix systems.
Another laugh! Which "these charts" are you talking about? This whole article was written by a two-bit player selling collaboration software. Ever heard of them? I hadn't. This isn't even written by crappy journalists who don't know what they're talking about, it's written by crappy marketers who don't know what they're talking about.
Wow. You've completely missed the whole culture of open source. Your whole article assumes a completely different context. Top influencer's of what? Top influencer's of who? Business guys? Maybe.
What you seemed to have missed is that "Open Source" generally consists of the people doing the actual work writing the code, designing the infra-structure, etc. It isn't like a traditional business where the Big Business Boys are in charge and call all the shots. That's not to say it's completely grass roots either. It really is Eric Raymond's Bazaar, and trying to shoehorn it into a traditional business structure and naming some CEOs with influence completely misses the point. The fact that you think you can fix this by naming some CTOs and VPs of engineering in a separate list is extraordinarily telling that you have no idea what you're talking about.
You joke, but plants do take up toxins and put them in food. Arsenic and lead in the soil isn't exactly a good thing. Dioxins are also present in diesel exhaust. Are any of those in pig manure in appreciable amounts?
The underlying problem is that end users don't want to be bothered by having to know if they need the 64 bit version or the 32 bit version (or rarely some other platform).
We already have wildly successful packaging systems for linux that handle this class of problem rather well. So why not extend the packaging system to support multiple binaries in the same package? You'd certainly save on HD space. It also seems a bit cleaner.
- JAVASCRIPT is their security? That was dumb back in 1998, but who does that now?
I heard a story that a major public University had exactly this kind of vulnerability in its new financial system. It was found and plugged, but it never should have been their in the first place. I'd reveal which University, but the story was passed down to me 3rd hand so it's not completely verified.
This kind of idiocy is more common than you'd think. Too many programmers aren't taught to think about security and develop tunnel vision trying to solve the problem given outside of any other context. I've seen it first hand multiple times reading through code of multiple programmers. It's easy to hide crap behind an interface that "works". This is one of those cases of just too many stupid things all at once for it to be a mistake.
Not really. Stupid mistakes happen all the time. There's lots of code written. Eventually you're going to get enough stupid mistakes in one place that it'll add up to this level of incompetence.
Slashdot Mirror
I think it shows how Google lives the 'don't do evil' slogan. They try to be a good citizen everywhere.
Exactly! And in Soviet Russia "being a good citizen" means turning in dissidents. In North Korea it means never ever saying anything bad about the Government. In eastern Congo it means tolerating rape and violence against women. In Nazi Germany.... Yup, it's all just a days work in "don't be evil".
This kind of moral relativism run amok is not "don't be evil". I'm not willing to start saying Google has lost any moral fiber, but the extreme you're proposing is simply wrong. I think you've really missed the central issue here though. Google is a red herring in this whole story.
I don't think the video really has much of anything to do with Google being right or wrong. Google is merely reflecting the moral character of the society, and some people don't seem to like looking in the mirror. This kind of thing isn't going away, and it certainly isn't going to be stopped by turning to a centralized source like Google to attempt to control an inherently de-centralized Internet.
What's the most someone could do with this exploit?
Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.
I'd be a lot more inclined to believe a well proven theory than simply looking at the history of past epidemics. With so much talk about history predicting the present, it indicates to me that the knowledge of how epidemics work and how viruses mutate is extremely poor. As an example, we can fairly accurately predict where a hurricane will move in the next few days, but I've never heard anyone say "well, in 1992 Hurricane Andrew went west, then south, then east. It's possible Hurricane XYZ might take a similar route!"
What WOULD be an interesting historical perspective would be comparing deaths, hospitalizations, etc of H1N1 with past pandemics. This wouldn't be predictive in any meaningful way, but it would put this pandemic in perspective. Obviously this is nothing compared to 1918, but how does it compare to the 1957-1958, or the 1968-1969 pandemics? Was the media response as crazy then as it is today? That might actually be very informative, rather than these nonsense largely ignorance based "predictions".
Does it really matter which one is "better"? This article seems to be about people defending own personal choices and make some assumption about which education prepared them better. The only thing that REALLY matters is what you can actually produce, not your credentials. This is about class conflict, and nothing else.
I'm met college educated morons, non-college educated wizards, and the reverse. As the comedian Ron White says "You can't fix stupid".
That's not a bad idea. The real questions would be how much of a drag force could you create at a given distance? The junk is distributed in a cloud around the planet so encounters with junk could be hundreds of meters? Kilometers? Getting closer would require propellant. The field strength is limited by the amount of power you can generate, which ain't much from solar cells. The end effect is it may be completely infeasible because of scale. I wouldn't know how to work the numbers, but maybe someone else does.
Proof of concept devices area always oversized and more costly than the production versions.
Uhh.. maybe for electronics, but usually for power generation you start small scale and build much larger versions.
Here's some scale. The article says this thing will produce just over a mega-joule of energy per-fire. They fire the thing a few times a day. 6 GIGA-joules is the amount of chemical energy in a barrel of oil. That means that per-fire, this thing produces the about the same amount of energy as is in a fluid Oz. of oil.
I still think we should be doing it, but I sure wouldn't bet on the thing becoming smaller and cheaper.
Specifically, you state that historical references must be protected. That is simply not true.
So can you state a case where banning historical speech has been upheld? How about historical speech relevant to this specific case?
Legally, it doesn't matter how many people observe or know about it.
Legally, I couldn't say, though I have my doubts that it doesn't matter. In every other sense though it's a completely different situation.
And the law does not state you must forget the event, merely that you must not state (by name) the person(s) involved, once the sentence has been carried out.
Writing something down and even talking to other people about something is a form of memory. Denying the victim the ability to reference an event publicly is a way to deny that it even happened. I do think that people in general "deserve" a fair chance at a new life (note I don't think they have a "right" to that). That chance is up to everyone to give or deny the perpetrator, and is not something governments should get involved in.
It's kind of astounding to me that anyone would seriously think that factually saying "so-and-so murdered my brother". or in this case "Wolfgang Werlé and Manfred Lauber murdered Walter Sedlmayr in 1990" is not protected speech in the U.S.
Freedom of speech, in the United States at least, is not given to citizens so that they can harm other people's reputations or hold them accountable for their actions.
I know of no such restriction that protection of speech is limited to only speech regarding the government. In fact, I'm quite sure that speech protection covers discussing all historical events. Some of the few restrictions are libel, slander, and obscenity.
What about that one night when your best friend tried to walk out of the bar drunk, and you stole the car keys and the two of you got into a big fight and the police were called? You want the whole world to know about these things? Or--was it just a mistake and once amends have been made then that's the end of it?
The examples you give are potentially private matters, so addressing them only clouds the issue. This particular case is very much NOT a private matter, and from the article was extraordinary public and common knowledge.
The idea that the public at large is supposed to "by law" forget about a very public event and not refer to the perpetrators in print is simply abhorrent to me. Are the victims no longer allowed to refer to the assailants by name?
The reason you are being rebuked every time you try to do this is because it's exactly the same sort of thing that the crackers use.
Who are these "the crackers"? Are they related to "the terrorists"?
Well, what do they use instead? A GUI, with a menu system and a file browser?
An email client, a web browser, a windows machine, a telephone, an Internet connected device?
There's multiple ways to access the services offered by a linux machine you don't own and don't have shell access to. You're thinking too narrowly here. The point is really how many untrusted people have the ability to run arbitrary code on a machine they don't own or have physical access to these days? Not many.
15-20 years ago it was a different story. These days having shell or remote access to the box generally means you either own it, administrate it, or have high enough level access that getting root wouldn't elevate your privileges in any meaningful way.
Here's the thing, though: a shell doesn't actually grant you any power that you don't already have.
Who's you? You the attacker, you the person sitting in front of the physical computer, or you the person with remote access to the machine?
If it's the person sitting in front of the physical computer, you're right. The other two have different answers depending on what access you have to the machine. The whole point is if an attacker has the ability to execute arbitrary code on the machine, all bets are off. There's just too many different things that have to be secured to have any real assurance of security.
If javascript, java, or flash is allowing you to do the kinds of things this vulnerability requires, you're already screwed.
If your browser allows outside code to execute any arbitrary code at the user level that means you're essentially 0wn3d. Being able to get root through such a vulnerability is a minor bonus.
No. This is a vulnerability that makes things worse than they should be.
All vulnerabilities make things worse than they should be. My point is simply that a root vulnerability given shell level access shouldn't be unexpected.
I've felt for a long time that giving someone local shell access to a machine is never going to be completely secure. There's just too many degrees of freedom available, and too many different things that need to be secured. This is just another proof of concept of that principle.
With all the various different interfaces we have today, shell access is something only a small percentage of people need. Even those you could likely limit down to a few administrators, some programmers, and possibly a few special cases.
That's funny, I remember reading about lead and arsenic limits in soil. I also found this article about the dangers of dioxin in soil. Lead, arsenic, and dioxin were all listed in the contaminants of diesel exhaust.
But hey, you do have that signature, so I guess everything I've just said is invalid.
I agree that there are mutiple definitions of the word exploit. I don't agree that they're used differently in different "subcultures". Exploit meaning to take advantage of unfairly is a commonly used definition that crosses culture, as does exploit meaning to utilize (exploit a natural resource). Like any other word with multiple definitions the context in which it's used is what determines which definition is accurate.
Arguing about semantics is irrelevant. It's fairly clear the GP was using the unfair advantage definition. The GP context was one hostile towards commercial software taking on an OSS model.
I'd say this is likely a significant factor in establishing these folks as the 2009 Most Influential Open Source Executives?
Maybe. But your article wasn't titled Most Influential Open Source Executives. It was Most Influential People. Or are you saying that only executives are people?
Uh huh. So you didn't address any of my points, you just steer around them while trying to move the conversation to your own agenda and hope nobody notices. That's marketing for you.
"Cut to a commercial!"
"We are a commercial!"
"Cut to _another_ commercial"
Take a quick look at the people in the article:
http://www.mindtouch.com/blog/2009/10/27/most-influential-people-in-open-source/
Now take a quick look at the people on their board (scroll to bottom).
http://www.mindtouch.com/About_MindTouch
Notice any two names and pictures in common, like say the top two ranked people in the article?
Now, I guess you could think "Wow! these guys must really be a great company since they have the TOP TWO OSS influencers on their board!". A less naive person might have some other thoughts on that.
This article is little more than marketing masquerading as news. It was written by the companies sales guy. The reason why nobody has ever heard of these people is that the article isn't about actual people of influence, it's an attempt to sell a product.
but unfortunately the Open Source community of programmers has been replaced by a conglomeration of companies who are exploiting Open Source as a tool to further sales.
Ha! If by replaced you mean added to. Companies selling open source software is a Good Thing. It means the open source movement has been successful. How is it exploitation?
So we'll never see another programmer at the top of these charts like we did back when Linux was first emerging as a valid alternative to entrenched Unix systems.
Another laugh! Which "these charts" are you talking about? This whole article was written by a two-bit player selling collaboration software. Ever heard of them? I hadn't. This isn't even written by crappy journalists who don't know what they're talking about, it's written by crappy marketers who don't know what they're talking about.
Wow. You've completely missed the whole culture of open source. Your whole article assumes a completely different context. Top influencer's of what? Top influencer's of who? Business guys? Maybe.
What you seemed to have missed is that "Open Source" generally consists of the people doing the actual work writing the code, designing the infra-structure, etc. It isn't like a traditional business where the Big Business Boys are in charge and call all the shots. That's not to say it's completely grass roots either. It really is Eric Raymond's Bazaar, and trying to shoehorn it into a traditional business structure and naming some CEOs with influence completely misses the point. The fact that you think you can fix this by naming some CTOs and VPs of engineering in a separate list is extraordinarily telling that you have no idea what you're talking about.
You joke, but plants do take up toxins and put them in food. Arsenic and lead in the soil isn't exactly a good thing. Dioxins are also present in diesel exhaust. Are any of those in pig manure in appreciable amounts?
Given what's in diesel exhaust, I don't think I want any of that winding up in my bread.
The underlying problem is that end users don't want to be bothered by having to know if they need the 64 bit version or the 32 bit version (or rarely some other platform).
We already have wildly successful packaging systems for linux that handle this class of problem rather well. So why not extend the packaging system to support multiple binaries in the same package? You'd certainly save on HD space. It also seems a bit cleaner.
- JAVASCRIPT is their security? That was dumb back in 1998, but who does that now?
I heard a story that a major public University had exactly this kind of vulnerability in its new financial system. It was found and plugged, but it never should have been their in the first place. I'd reveal which University, but the story was passed down to me 3rd hand so it's not completely verified.
This kind of idiocy is more common than you'd think. Too many programmers aren't taught to think about security and develop tunnel vision trying to solve the problem given outside of any other context. I've seen it first hand multiple times reading through code of multiple programmers. It's easy to hide crap behind an interface that "works".
This is one of those cases of just too many stupid things all at once for it to be a mistake.
Not really. Stupid mistakes happen all the time. There's lots of code written. Eventually you're going to get enough stupid mistakes in one place that it'll add up to this level of incompetence.