I don't know. Knowing Microsoft, they'll keep this pretty transparent. Sure, folks will get curious when they're denied access to forward an email, but the dumb ones will assume they're breaking the rules, leave it alone, and the smart ones will just copy and paste.
The "Web" (i.e. Internet) is fine for that kind of activity, the lacking protocols are the only problem.
HTTP is by default a stateless protocol; unique identifiers/etc. are required to enable transaction (page load) to transaction flow. Javascript and most other technologies typically won't avoid most transactions without huge overhead. Sure, you can wrap up entire GUI screens with HTML, CSS, Javascript and advanced DHTML, or you can go with flash, but the overhead is often more than desirable.
Anyone know of any protocols (X) or technologies that can overcome this problem without much overhead?
"It just takes an awareness of the options to realize that using Linux in the first place is a silly idea for commercial products."
Exactly. Because we all know that IBM's fire-breathing army of IP lawyers and middle management just use things without considering all of their options.
Right on the money. Motorola, who recently decided to split their chip fabs component into an entirely new company and concentrate on wireless and mobile, didn't do much thinking at all when they chose Linux for their future mobile products.
It'll be interesting to see where things go. Java has some advantages, and I think still has a chance.
I'm not a Java programmer at heart, but I've been playing with Java and SWT a bit. Through SWT, you can access native system widget libraries through one API, which means that things look, feel and work like a native C ap. I can't say that I've gotten into an "advanced" GUI in Java yet, but in the interfaces I have designed, things are very spunky. None of the drawl of Swing.
I should also mention that though Sun doesn't like SWT, it's being backed by IBM. And is open source.
Note: The eclipse website is a steaming cow-pie -- it can be difficult to find what you're looking for. For those who want an overview, here are some SWT links to get you started: SWT Guide SWT API
Didn't Ballmer recently say something about wishing all the sites/organizations like this would just "shut up"?
I'm not one to believe in conspiracy theories, but it's not my perception that IE has been doing much better. I do wonder what part, if any, Microsoft had in this.
Capitalism, in the eyes of many, is a more efficient solution to the problem of running civilization as everyone gets to vote with their dollar.
(True) democracy is exactly the same principle, but isn't feasible as everyone would need to hit the voting booths quite often. A republic is the governmental form of compromising democracy to make it realistically workable.
Capitalism sucks in a number of ways. You have the folks that can cheat the game to ensure that the best product doesn't win. Lots of folks feel abused by companies. Not everyone is bad, but most don't care about the consumers that prop them up as long as they still get the consumer's dollar.
On the other hand, democracy, just like capitalism, has these same problems. Representatives play the public relations angle, lie, cheat, steal and deal under the table to get what they want. Like the corporate world, politics isn't all bad, but many of these people just don't care about the people who voted them into office.
Corporations aren't going to magically be nice and politicians aren't suddenly going to be responsible. The ONLY way to solve both problems is for the people to involve themselves in these matters. These are just the facts: when given power, people will run with it. Government is a tool, but is not a replacement for the carpenter; it must still be wielded with an attentive hand.
Like most solutions, a split between the two is probably the most reasonable. Don't depend on the government to make your life peachy and don't expect that corporations do well when left alone.
The people are the answer, folks. Quit being lazy.
Well, something needs to swing one way or the other. In this day, you can only choose between two people, thus you don't have a whole lot of choice when it comes to stances. And it's pretty ludicrous to argue that representatives are generally responsible for their actions or to their constituents.
Maybe I'm just too cynical.
I'd personally like to log onto a secure website (I mean NSA type secure), select the issues I'm interested in (business, privacy, computers/internet, etc), and by default have a list of 5 "daily votes" related to my selected topics come up for me to vote on. Let everyone have the same. This removes a boatload of bureaucracy, makes government abide by the people, etc.
Then, IMO, it'd be a good idea to have government funded public debates in every community that anyone can attend. I akin it to Slashdot: a community debate is going to have lots of absolute retards, but I'll hear at least a few ideas and points of view that I hadn't considered for any given issue. On top of that, I'll hear from a number of folks who know more about an issue than I do. Most disagreements in my experience aren't based on judgement, but on information and communication. An open community debate would seem to be a better solution to this problem.
On a serious note, didn't SCO banter about how if IBM/(insert other company here) was so sure that SCO had no case, why hadn't they offered indemnification?
Even if I'm remembering correctly, it sure isn't surprising. I'm at work and don't have the time to research a link. Anyone care to find this?
Below, Sony and Intel were mentioned as pushing content rights management.
Here, Intel is pushing against China abandoning the proprietary software market.
Now, as we all know, most big companies don't bat an eyelash unless they think it'll make them some money. I'd be interested to hear any theories fellow Slashdotters have on the motivations here.
Behind the scenes activity? I'm not that cynical yet, and I don't tend to buy into conspiracy theories, so I'll write this one off.
The "wintel duo" theory could be behind the whole China thing, e.g. if China goes with Linux and moves away from bloated commercial software, Intel doesn't get as much revenue in high-end processors to keep the new version of Windows going with it's ump-teen dozen services enabled by default.
I can't think of a link at the moment, but Sony might be interested in keeping content distributors happy since Sony's media players depend on them. Then again, Sony isn't the little kid on the block, they have plenty of pull. I'll think on this some more.
But then we come to Intel, and for that matter, Microsoft. Why are these folks pushing content rights management? Sure, Microsoft will be happy restricting the user to MS products, and maybe introducing new DRM-formats is one way to do that, but... that doesn't seem like it'll be enough.
And what about Intel? What kind of benefit do they get from all this?
I'm sure someone beat me to it, but as of midnight CST, Wed morning, a new ebuild was in the portage tree.
I did an emerge sync; emerge world -u --deep;/etc/init.d/net.eth0 restart and in about a minute (on a semi-modest box) I was good to go. ccache is amazing.:D
Can anyone confirm this with a link? (sorry for being lazy, I'm headed to bed)
The first thing I did when I brought up my ssh server was to deny root access and limit login to the only users who should be accessing my box. I didn't read this notice until I got home this evening and it took me a few hours to get around to patching it, so I'm curious as to how vulnerable I really way.
I read your post and thought to myself, "this was fixed before the exploit? I upgraded my system a few weeks ago, I wonder if I got 3.7?"
Instead of going to figure out when 3.7 was released (could have been today for all I know, I didn't read everything this article linked to), I went looking for how to track my emerges and I found: this.
Besides what the other poster mentioned (that I was just debunking the previous poster's claim that Linux is less secure is a myth), I think this is a very valid comparison.
The sysadmin at my company is a very busy guy. Installing servers, workstations, desktop systems, routing the phones, getting new user accounts up, replacing hardware, delving into networking issues when something blows up (which it OFTEN does) at a client site or between us and them, etc.
Loaded sysadmins need as much of a break as they can get, and if a system is easier to secure upon installation and easier to secure after installation, it is a better tool security wise.
Note that I'm not disagreeing with you when you say that the admin is the most important factor. My point kind of plays into that.:)
"I never said that, and such rhetoric on your part is neither more honest or justifiable than their actions."
My rhetoric is at least as dishonest and unjustifiable as what SCO is doing? This isn't your ethics class, soldier. Get a grip.
My rhetoric was in response to a meaningless post claiming that "no employee is innocent." That's pretty damn obvious, but has no relevance to what I said.
Now as to the rest of your post, I'm guessing you didn't read what I originally posted:
"IP/legal issues aside (which for me are enough), if you can't prove to me that you tried hard to get away from SCO, hell no I wouldn't hire you."
This "John Doe" you're referring to can still attempt to find another job without leaving SCO. That's all I'd be looking for.
Quit looking for enemies where you won't find them. My beef is with folks who don't give a damn about where they work. I prefer not to hire droids. If making an HR decision offends you, stuff it, it's not your company.:)
Aye. It's very amusing, in my not so humble opinion, when folks speculate between Apache and IIS security. IIS has more hooks to unnecessary parts of the OS than my grandfather's fishing hat...
You've got nothing but common sense, and anyone worth their salt realizes this.:)
The only thing folks like me get our undies in a bunch over is when folks claim that Windows is inherently as secure as Linux.
Though some Linux distros are pretty bad about this (Red Hat), Windows still takes the cake when it comes to number of extraneous services enabled. Given the fact that you have to wait on them to patch things, their typical speed in patching, and their past and current security record, I would say Microsoft is the loser here.
A good admin is 95% of it, though I'd venture to say that Linux has the edge in that you're not MS dependant for patches and a very busy admin can spend less time to secure a Linux box.
"The point is that this report handily debunks the myth that a Linux server is inherantly more secure than a Windows server."
You're saying it's a myth that a fresh install of a Linux server is more secure than a Windows server?
Let's assume you install Windows 2003 Server and get IIS running and in another room, you set up Red Hat and get Apache running.
Now, as any good security minded person knows, all an attack is is tricking a program (service) into doing something the admin didn't intend (you get the idea). The goal is finding a vulnerable service. The more vulnerable services, the more insecure the box. This is pretty straight-forward.
How many services are running on that Windows box? How many on the Red Hat box? How secure are the services on the Windows box? On the Red Hat box?
I won't argue that the admin determines the security, but with the number of services (many quite useless or not-applicable to the server's function) Windows turns on by default coupled with Microsoft's security record, past and present, I can't see how this is a myth.
Morales are relative, blah blah blah, nobody's perfect, etc. etc., I agree 100%.
However, suing someone for three billion dollars on a weak foundation, threatening their customers, then threatening an entire community, extortion... the whole thing stinks, and any employee disconnected enough not to care isn't someone I'd hire.
I certainly don't expect everyone to care about their job, that's just not realistic, though a smaller company can shoot for that and hit a good majority. But only the lamest or most gullible employees hang around an operation like SCO.
Disregarding the IP reasons, etc. mentioned in other posts and concentrating on the "moral" reasons:
1) SCO is doing in itself. They went after the one company (IBM) that they didn't have a snowball's chance in hell at winning against. This is pump and dump. Nobody sues IBM for three billion on a weak foundation and expects to walk away. You want to stay on board this ship whose captain and officers are leaving you for dead?
2) The human body is not just a brain. The brain is carried around and supported by many other organs, and a company is no different. A company is a team. Without programmers, their tech support folks can't get bugs resolved. Without receptionists, SCO has no local PR. Without marking/sales, SCO can't make money. Without PR, SCO can't speak to the public. All of these people are SCO. The folks who think that a programmer is not related to what SCO does are the ones who are disconnected from reality. A company is a group effort, and as long as you have a way out and don't take it, you're consenting to the group's actions.
"Business is business" is absolute bullshit. Business is people affecting people, often screwing them for all they're worth. Just because you join a company doesn't make you an blameless droid.
IP/legal issues aside (which for me are enough), if you can't prove to me that you tried hard to get away from SCO, hell no I wouldn't hire you. If you're so detached from the company you work for that you don't care about what they do, why would I want a detached droid like you working in my company anyway?
I found it kind of amusing how a missing entry in my hosts file on my win2k PC at work caused my browser to do a search at MSN... and what else did I get besides an annoying hook to MSN? A popup.
Slashdot Mirror
I don't know. Knowing Microsoft, they'll keep this pretty transparent. Sure, folks will get curious when they're denied access to forward an email, but the dumb ones will assume they're breaking the rules, leave it alone, and the smart ones will just copy and paste.
This could be bad.
The "Web" (i.e. Internet) is fine for that kind of activity, the lacking protocols are the only problem.
HTTP is by default a stateless protocol; unique identifiers/etc. are required to enable transaction (page load) to transaction flow. Javascript and most other technologies typically won't avoid most transactions without huge overhead. Sure, you can wrap up entire GUI screens with HTML, CSS, Javascript and advanced DHTML, or you can go with flash, but the overhead is often more than desirable.
Anyone know of any protocols (X) or technologies that can overcome this problem without much overhead?
Can you say embrace and extend?
I love the irony.
"It just takes an awareness of the options to realize that using Linux in the first place is a silly idea for commercial products."
Exactly. Because we all know that IBM's fire-breathing army of IP lawyers and middle management just use things without considering all of their options.
Right on the money. Motorola, who recently decided to split their chip fabs component into an entirely new company and concentrate on wireless and mobile, didn't do much thinking at all when they chose Linux for their future mobile products.
It's just so damn obvious.
"Perhaps the OSS community should respond by writing articles implying that Forbes employs a bunch of fascists?"
:)
I wonder if this qualifies for another one of ESR's open letters? Probably not.
What we need is a lobbying agency. The OSAA.
All jokes aside, I sincerely imagine that something of this nature will arise with the backing of some big iron.
It'll be interesting to see where things go. Java has some advantages, and I think still has a chance.
I'm not a Java programmer at heart, but I've been playing with Java and SWT a bit. Through SWT, you can access native system widget libraries through one API, which means that things look, feel and work like a native C ap. I can't say that I've gotten into an "advanced" GUI in Java yet, but in the interfaces I have designed, things are very spunky. None of the drawl of Swing.
I should also mention that though Sun doesn't like SWT, it's being backed by IBM. And is open source.
Note: The eclipse website is a steaming cow-pie -- it can be difficult to find what you're looking for. For those who want an overview, here are some SWT links to get you started:
SWT Guide
SWT API
Cheers
Didn't Ballmer recently say something about wishing all the sites/organizations like this would just "shut up"?
I'm not one to believe in conspiracy theories, but it's not my perception that IE has been doing much better. I do wonder what part, if any, Microsoft had in this.
Of course. These plans have been in the works for a long time or some other reason.
Somehow I just don't see many companies cheerfully jumping on the Microsoft Windows Server 2003 bandwagon right after all these security problems.
Aye.
What it really comes down to is that: resolution.
Capitalism, in the eyes of many, is a more efficient solution to the problem of running civilization as everyone gets to vote with their dollar.
(True) democracy is exactly the same principle, but isn't feasible as everyone would need to hit the voting booths quite often. A republic is the governmental form of compromising democracy to make it realistically workable.
Capitalism sucks in a number of ways. You have the folks that can cheat the game to ensure that the best product doesn't win. Lots of folks feel abused by companies. Not everyone is bad, but most don't care about the consumers that prop them up as long as they still get the consumer's dollar.
On the other hand, democracy, just like capitalism, has these same problems. Representatives play the public relations angle, lie, cheat, steal and deal under the table to get what they want. Like the corporate world, politics isn't all bad, but many of these people just don't care about the people who voted them into office.
Corporations aren't going to magically be nice and politicians aren't suddenly going to be responsible. The ONLY way to solve both problems is for the people to involve themselves in these matters. These are just the facts: when given power, people will run with it. Government is a tool, but is not a replacement for the carpenter; it must still be wielded with an attentive hand.
Like most solutions, a split between the two is probably the most reasonable. Don't depend on the government to make your life peachy and don't expect that corporations do well when left alone.
The people are the answer, folks. Quit being lazy.
Well, something needs to swing one way or the other. In this day, you can only choose between two people, thus you don't have a whole lot of choice when it comes to stances. And it's pretty ludicrous to argue that representatives are generally responsible for their actions or to their constituents.
Maybe I'm just too cynical.
I'd personally like to log onto a secure website (I mean NSA type secure), select the issues I'm interested in (business, privacy, computers/internet, etc), and by default have a list of 5 "daily votes" related to my selected topics come up for me to vote on. Let everyone have the same. This removes a boatload of bureaucracy, makes government abide by the people, etc.
Then, IMO, it'd be a good idea to have government funded public debates in every community that anyone can attend. I akin it to Slashdot: a community debate is going to have lots of absolute retards, but I'll hear at least a few ideas and points of view that I hadn't considered for any given issue. On top of that, I'll hear from a number of folks who know more about an issue than I do. Most disagreements in my experience aren't based on judgement, but on information and communication. An open community debate would seem to be a better solution to this problem.
[end ramble]
:)
On a serious note, didn't SCO banter about how if IBM/(insert other company here) was so sure that SCO had no case, why hadn't they offered indemnification?
Even if I'm remembering correctly, it sure isn't surprising. I'm at work and don't have the time to research a link. Anyone care to find this?
This really had me thinking for a minute.
Below, Sony and Intel were mentioned as pushing content rights management.
Here, Intel is pushing against China abandoning the proprietary software market.
Now, as we all know, most big companies don't bat an eyelash unless they think it'll make them some money. I'd be interested to hear any theories fellow Slashdotters have on the motivations here.
Behind the scenes activity? I'm not that cynical yet, and I don't tend to buy into conspiracy theories, so I'll write this one off.
The "wintel duo" theory could be behind the whole China thing, e.g. if China goes with Linux and moves away from bloated commercial software, Intel doesn't get as much revenue in high-end processors to keep the new version of Windows going with it's ump-teen dozen services enabled by default.
I can't think of a link at the moment, but Sony might be interested in keeping content distributors happy since Sony's media players depend on them. Then again, Sony isn't the little kid on the block, they have plenty of pull. I'll think on this some more.
But then we come to Intel, and for that matter, Microsoft. Why are these folks pushing content rights management? Sure, Microsoft will be happy restricting the user to MS products, and maybe introducing new DRM-formats is one way to do that, but... that doesn't seem like it'll be enough.
And what about Intel? What kind of benefit do they get from all this?
I'm sure someone beat me to it, but as of midnight CST, Wed morning, a new ebuild was in the portage tree.
:D
I did an emerge sync; emerge world -u --deep;/etc/init.d/net.eth0 restart and in about a minute (on a semi-modest box) I was good to go. ccache is amazing.
Can anyone confirm this with a link? (sorry for being lazy, I'm headed to bed)
The first thing I did when I brought up my ssh server was to deny root access and limit login to the only users who should be accessing my box. I didn't read this notice until I got home this evening and it took me a few hours to get around to patching it, so I'm curious as to how vulnerable I really way.
Thanks in advance.
I read your post and thought to myself, "this was fixed before the exploit? I upgraded my system a few weeks ago, I wonder if I got 3.7?"
Instead of going to figure out when 3.7 was released (could have been today for all I know, I didn't read everything this article linked to), I went looking for how to track my emerges and I found:
this.
Hope this informs someone else.
Cheers
Besides what the other poster mentioned (that I was just debunking the previous poster's claim that Linux is less secure is a myth), I think this is a very valid comparison.
:)
The sysadmin at my company is a very busy guy. Installing servers, workstations, desktop systems, routing the phones, getting new user accounts up, replacing hardware, delving into networking issues when something blows up (which it OFTEN does) at a client site or between us and them, etc.
Loaded sysadmins need as much of a break as they can get, and if a system is easier to secure upon installation and easier to secure after installation, it is a better tool security wise.
Note that I'm not disagreeing with you when you say that the admin is the most important factor. My point kind of plays into that.
Cheers
"I never said that, and such rhetoric on your part is neither more honest or justifiable than their actions."
:)
My rhetoric is at least as dishonest and unjustifiable as what SCO is doing? This isn't your ethics class, soldier. Get a grip.
My rhetoric was in response to a meaningless post claiming that "no employee is innocent." That's pretty damn obvious, but has no relevance to what I said.
Now as to the rest of your post, I'm guessing you didn't read what I originally posted:
"IP/legal issues aside (which for me are enough), if you can't prove to me that you tried hard to get away from SCO, hell no I wouldn't hire you."
This "John Doe" you're referring to can still attempt to find another job without leaving SCO. That's all I'd be looking for.
Quit looking for enemies where you won't find them. My beef is with folks who don't give a damn about where they work. I prefer not to hire droids. If making an HR decision offends you, stuff it, it's not your company.
Cheers
Aye. It's very amusing, in my not so humble opinion, when folks speculate between Apache and IIS security. IIS has more hooks to unnecessary parts of the OS than my grandfather's fishing hat...
You've got nothing but common sense, and anyone worth their salt realizes this. :)
The only thing folks like me get our undies in a bunch over is when folks claim that Windows is inherently as secure as Linux.
Though some Linux distros are pretty bad about this (Red Hat), Windows still takes the cake when it comes to number of extraneous services enabled. Given the fact that you have to wait on them to patch things, their typical speed in patching, and their past and current security record, I would say Microsoft is the loser here.
A good admin is 95% of it, though I'd venture to say that Linux has the edge in that you're not MS dependant for patches and a very busy admin can spend less time to secure a Linux box.
Let's go on a stroll down logic lane...
"The point is that this report handily debunks the myth that a Linux server is inherantly more secure than a Windows server."
You're saying it's a myth that a fresh install of a Linux server is more secure than a Windows server?
Let's assume you install Windows 2003 Server and get IIS running and in another room, you set up Red Hat and get Apache running.
Now, as any good security minded person knows, all an attack is is tricking a program (service) into doing something the admin didn't intend (you get the idea). The goal is finding a vulnerable service. The more vulnerable services, the more insecure the box. This is pretty straight-forward.
How many services are running on that Windows box? How many on the Red Hat box? How secure are the services on the Windows box? On the Red Hat box?
I won't argue that the admin determines the security, but with the number of services (many quite useless or not-applicable to the server's function) Windows turns on by default coupled with Microsoft's security record, past and present, I can't see how this is a myth.
Sorry if I'm nitpicking words here.
A little flame to the fire:
:)
Windows turns a lot of stuff on by default, and I think it's fairly safe to say that there are more (and bigger) bugs in Windows systems.
These two factors typically make it more difficult to secure a Windows box.
That said, I agree with you 100%. This study is a hack job, though.
So that makes what SCO is doing right?
Morales are relative, blah blah blah, nobody's perfect, etc. etc., I agree 100%.
However, suing someone for three billion dollars on a weak foundation, threatening their customers, then threatening an entire community, extortion... the whole thing stinks, and any employee disconnected enough not to care isn't someone I'd hire.
I certainly don't expect everyone to care about their job, that's just not realistic, though a smaller company can shoot for that and hit a good majority. But only the lamest or most gullible employees hang around an operation like SCO.
Disregarding the IP reasons, etc. mentioned in other posts and concentrating on the "moral" reasons:
1) SCO is doing in itself. They went after the one company (IBM) that they didn't have a snowball's chance in hell at winning against. This is pump and dump. Nobody sues IBM for three billion on a weak foundation and expects to walk away. You want to stay on board this ship whose captain and officers are leaving you for dead?
2) The human body is not just a brain. The brain is carried around and supported by many other organs, and a company is no different. A company is a team. Without programmers, their tech support folks can't get bugs resolved. Without receptionists, SCO has no local PR. Without marking/sales, SCO can't make money. Without PR, SCO can't speak to the public. All of these people are SCO. The folks who think that a programmer is not related to what SCO does are the ones who are disconnected from reality. A company is a group effort, and as long as you have a way out and don't take it, you're consenting to the group's actions.
"Business is business" is absolute bullshit. Business is people affecting people, often screwing them for all they're worth. Just because you join a company doesn't make you an blameless droid.
IP/legal issues aside (which for me are enough), if you can't prove to me that you tried hard to get away from SCO, hell no I wouldn't hire you. If you're so detached from the company you work for that you don't care about what they do, why would I want a detached droid like you working in my company anyway?
I found it kind of amusing how a missing entry in my hosts file on my win2k PC at work caused my browser to do a search at MSN... and what else did I get besides an annoying hook to MSN? A popup.
*sigh*
Well, didn't someone copywrite a music track of silence?
;)
Friend, anything can happen...