What follows is a very long reply. Sorry I'm so long-winded here, I think it's an interesting topic...
I'm right there with you, Windows certainly has its problems.
I've heard Mandrake is easier to install than XP. I've used apps like Red Carpet, which rock the house and make installation and updating easier than even Windows has it. Linux has a lot going for it.
I will retract my point about the install, that is pretty much cake in any distro, though that all said I want to emphasize the administration hassle.
1) "Download Me" These programs are written for Windows. The support just isn't there yet, you can't find a Linux install for almost anything. It's not the fault of Linux, but it is a limitation.
2) Downloaded app installation issues If you do happen to find a Linux app, or do some research and track it down, depending on your system installation troubles are common. RPM?.DEB? Dependancies (downloading a single RPM often isn't enough)? Version conflicts? Driver deficiencies (think scanner or audio)?
3) Ease of 'install and go' Windows apps are designed to install and work out of the box in seconds. Download, double click, click next a few times and you've got an icon on your desktop to do with as you please. Linux apps will often download and double click to install, but often the result isn't immediately apparent. It's not as 'predictable' from what I've seen. When talking about Mom and Pop and apps they download (think AIM), Windows has the up here.
4) System administration Remove a program, restart your network, reinstall a driver, share a folder -- these are pretty simple in Windows. Windows is GUI centric and hence the GUI tools are required to contain as much power as a user needs. Linux GUI admin tools are starting to kick some A but still need a lot of work. Often you don't have enough power with these tools to do what you need to do.
I never thought I would write a drawn out case for Windows like this.:\
All of that said, and fitting in with my original post: the above problems are often not problems... A) Most distros come with every app you'll ever need already installed -- no installation necessary. B) Depending on hardware, the drivers, default settings and robustness are oftne fine, so little administration is needed for a desktop PC. C) In a controlled environment, like a corporation, the IT department handles these aspects so these problems don't exist in the first place.
All I'm saying in the end is that for the normal user, Linux has its issues. The problems come when a user tries to tweak the system or install apps. In certain cases, like if the default install is good enough or if you have someone to admin your box for you, these issues are meaningless. Some folks forget these problems, though, and it's worth it to think about them.
If I had the points and could I'd mod you up -- you have a very good point. Perhaps HP is trying to push this on both ends, both to experiences companies and offering pre-install and administration support (key word) to those who want cheaper solutions? I can't say, though I'd imagine it's along those lines.
My original post is more geared towards the "Linux isn't ready" comments that plague Slashdot.
Hopefully this in the long term will mean those who graduate in CS/CE/EE/etc. will be much stronger then some of my classmates have been (class of 2002 in Computer Engineering here).
No kidding. I spent a year in school in 2001 -- I'll be if the classes weren't half "normal" folks.;)
I guess it had to happen at some point, though, like every other field. Computers became popular and it was no longer a fringe, 'geek' thing.
I work with a programmer who hasn't turned on his computer at home in something like three years. A bunch of the other folks obviously don't have much of an interest in technology, it's just a job. Not that they're bad at it, but it's sad to see the passion go in so many folks.
Ahh, yes, but users will figure out these little tips and tricks as time goes by.
Overall, besides drag-n-drop and cut and paste, Windows doesn't have a lot of "surface" features that users will clue into. Linux desktops, on the other hand, typically have virtual desktops, tabs, select + middle-click cut and paste, right click to customize the panels to all hell, drag-n-drop (though not as functional as Windows) and other similar features which users will pick up quickly and use daily.
It drives me nuts to see my coworkers flipping around with alt+tab through 15-20+ windows (this is pretty common where I work) trying to find what they need, making roughly 6 clicks per cut and paste, etc. It's tiny stuff we're talking about here, but it's the things that make a power user a power user. The small navigation steps in a power user's environment are typically very smooth and require little thought.
Linux has so much surface content it's really quite scary. I think it's presented in a way that can easily be ignored, but also easily understood (think virtual desktop selector). Once the common business user gets on Linux, I think you'll find that they turn themselves into mini-power users on their own. I just don't think it's possible in a vanilla Windows environment.
Linux is not ready for "12 year old John gets a Linux CD and installs and is ready to go", nor is the support out there for Mom and Pop to click "DOWNLOAD ME" on a website and be up and going.
That said, for the corporate environment, Linux is perfect. It can be pre-configured and mirrored in a sysadmin's sleep, locked down to kill almost all support problems, and managed remotely with little effort. The applications, for the vast part, work almost exactly the same as their Windows counterparts and as such training costs are minimal.
Notice a pattern? The limitation of Linux is ease of administration and software/hardware support. Any place where Joe User is wanting to download and install a program from his favorite news website or Jane User wants to reinstall the OS, Linux is not 'ready' for casual use. But in a controlled environment, like a company where hardware and software falls under the umbrella of IT, these issues don't pose a problem.
As long as a company can find the applications they need to do their work (or start/join an OSS project and complete their own), Linux is pie on the desktop and has many benefits most companies would die for, once realized. Once you've got a Linux friendly IT department and have found the right apps, limitations are few and far between.
Once corporations adopt Linux, support problems will diminish, and once workers take it home, support problems will all but disappear. The snowball will feed itself.
Lack of lock-in, lack of security issues, lack of luser-stupidity-blew-everything-up scenarios and lack of licensing and upgrade costs are huge in the terms of $$$.
Let companies make more money by making games easier to port, but at the same time lock them into a Microsoft based system.
Some gaming companies are keeping code portable in order to sell it on PC, PS2, XBOX, etc., and sometimes this leads to a Linux port. If you give management the tools to keep it on multiple platforms (albeit Windows-centric platforms) in half the time, I think it's safe to say that this is going to take a chunk out of potential Linux ports.
The only possible saving grace is that some companies will want to port their games to competing platforms like the PS2, but those games are likely to be console-oriented and as such not as well suited to a PC. Of course there are always exceptions.
MS is once again using it's market penetration to leverage more lock-in. Brilliant move on their part if you ask me.
While I agree that there's a benefit to testing, with the nature of open source what benefits will Debian have that, say, Apache won't pick up on? If a problem is found, it's patched or documented. In my experience lots of relevant documentation along these lines can be trudged up in about 20-30 minutes.
Choosing the proper version and keeping up with security updates is a very reasonable responsibility. Testing an integration is openly documented, I don't see much of a loss here.
If you're a large corporation who needs bullet-proof software which is exposed to the outside world, I certainly see the benefit of using a distro coming from a corporate environment -- I'm not saying you're wrong. I will say, though, for most applications, especially for those discussed here on/., I think a minimalist distro like Gentoo -- created by the community -- serves all ends well. A little bit of effort into research on what others in the open community have done will eliminate the vast majority of your problems.
Possibly, but I somehow doubt it. The vulns in OpenSSL of late were capable of crashing the service using the OpenSSL libs, but it's just a DOS attack. That's not to say that there isn't something more or that a DOS is what alerted the GNOME folks, but I don't know that that is the case here.
> Gentoo isn't stable enough, and it isn't meant to be. You probably want Debian or one of the 'Enterprise' ones.
If it's built from the ground up with no services, what does 'Gentoo' have to do with security?
The whole point is taking the distro and auto-config utils out of the equasion (e.g. ftp on by default) so you can build a secure services box and know exactly what is on it and what its purpose is. If something is insecure, it's your fault, not the fault of some distro organization who turned something on by default.
In my opinion, anyone do-it-yourselfer who delegates security to a distro or to an auto-config package isn't in a position to run more than your typical home or non-critical, small business network. In other words, if it's a do it yourself project, take the 30 minutes worth of time to do some basic research before turning something on.
It would be nice if a couple of distributions put out basic *up-to-date* HOWTOs of best practices on how to set up minimal, secure servers using their distribution.
If you ask me, anyone running a service important enough for security to be more than a casual concern should be using a distro which is secure out of the box. Minimalist distros (Gentoo comes to mind) seem a good solution here.
When it comes to deploying a service, it should be you who makes the box insecure by adding the service, and then you open up a whole big can of worms with this argument. If the distro is secure and adding a service makes it insecure, unless the addition is distro-specific, it falls on the service maintainer to write good guides.
That doesn't mean it shouldn't happen, I like all the guides I can get -- but I think looking primarily to the distros is perhaps a bit mis-aimed. A little idle interest in security and 20-30 minutes of research when putting up a new service is all it really takes to cover most of your ass(ets), at least that's my perception.
Disclaimer: I am obviously not a security expert, I only have a standing interest in keeping the two services (apache & ssh) running on my home network secure.
Zillions of fucking idiots who think that they've somehow "got you cornered" and vent all over you for shit they caused themselves.
The tech support industry can blame a lot of this on itself. In the quest for lower call times, more profits, etc., calling in for tech support consists of listening to bad music for often over 20 minutes just to hear a human being. 20 minutes (or often an hour) of sitting on the phone doing nothing. You can't go anywhere, you can't engage in any activity you can't immediately stop -- you just wait. In my early computing days I had the joyful experience of passing the phone among family members.
And then when you finally get a human being, you get passed around, put on hold, told the problem isn't supported when it obviously is, go through a ridiculous script of steps which are obviously not going to solve the problem or are steps you've already taken, etc. It's unnerving when you know more about your problem than the monkey on the phone.
This is a typical experience it seems and tech support monkeys wonder why callers are all ready with fightin' words when they finally get off of hold.
I have sympathy for my fellow techs in the support industry, I spent over a year just behind the support for my company pouring over code fixing issues -- I know the kind of calls they get and highly respect their ability to deal with it (keeping the customer happy in the process) and remain sane. But besides the normal frustration a user has when they have a problem, I think it's a little short sighted to wonder why they're so aggressive.;)
Nothing really to see here folks. Both attacks crash the SSL server, so we're looking at DOS attacks and not 'holes'. This is certainly serious for the business who relies on it, but for home networks and casual use (which I'm sure is common among slashdotters) this is no sweat.
Er... doesn't this mean that we'd have to be able to produce synthesized voices anyway?
This records words. It would be the same as if you typed a sentence into a computer and hoped to get it to create a recording of a real human being, with their voice and everything.
In other words, this would be very helpful for on-the-fly voice synth, but you have to be able to do the synth first, which I can't imagine we're able to do yet.
As long as your ass is covered (ie, you explained the situation to managment)...
Your post reminded me of an older thread on slashdot: Always keep a paper trail.
Send your boss a memo complaining about the policy and keep one or more of the following: 1) An electronic copy 2) A paper copy at your desk 3) A paper copy at home
Depending on your paranoia and possibility of someone screwing you over in a very dirty way, pick which one or combo suits you.
This way when your job performance sucks and all the PHB sees is an ineffective employee who can't get his act together, IF you can get your point across that certain tools are necessary, you can point to correspondance with said PHB who denied you such tools.
If your boss can't be convinced that the tools are necessary and still dislikes you, either you're being unrealistic about your needs or you have a boss who shouldn't be managing people of your profession.
You have a very good point, one that I have considered. Two sticking points though:
1) I still question why the law must be so complex that an intelligent businessman can't understand it. Talk to a business lawyer: there are no absolutes. You can spend hundreds to thousands to write a nearly bullet proof contract which not only requires an insane amount of research and know-how, but it's still not a guarantee after all that work and money. These laws govern our lives, this isn't something you can pass off as "oh well, them's the breaks." Obviously that's reality, one man can't fight city hall; this is but a philisophical discussion.
2) Many "businesses" are self-employed people who do, for instance, landscaping work on the side like my father, or surfacing work like my neighbor. The business I'm considering investing in is such a business. Small businesses catering to contract work, small markets, or markets where a large organization doesn't make sense often don't make more than a few thousand a month. In the case of self-employment on the side, even less. Spending for a legal fund is often unrealistic.
People these days have the view that businesses are large corporations with fire-breathing lawyers who want to eat the souls of the consumer. When laws get passed, it's often forgotten that a very large portion of the economy is small business, and that a sizable chunk of that is made up of two-bit companies or self employed folks who are making a living outside of a corporation.
A little sanity in the legal and legislative system would be long overdue.
"If only because the lawyer has a professional acquaintence with the judge and DA. They have a way of doing business with each other. You're just some scmuck."
But if I'm the defendent, I'm the one getting my life ruined. "Some schmuck" is a pretty silly attitude to take if you're getting the shaft and have no money to defend yourself with. It's no longer about right and wrong but about cash (duh). I'm not arguing with you, just lamenting. It's pretty pitiful when the laws governing your life are too complex for you to understand.
To address your second point, it should be considered that when you're starting a business, money to spend is almost always the last thing you have. Of course this detail has no place in the current reality of the courts, I'm sure.
How does this judge handle cases where the defendant can't afford a laywer or at least a competent one?
When the rules governing society are so complex that a member of society has to hire someone to explain them, where have we gotten ourselves?
Can anyone honestly explain to me how I, as a programmer and prospective business owner, can defend myself in court with little or no money to spend on lawyers?
I wonder if a proposal put together in the professional looking fashion of these types of websites would get past the USPTO. I wouldn't be surprised, to be honest.
"Yes, Mr. Billingburg of the Water Dept please. Yes, I'll hold..." "Mr. Billingburg, this is Tony from legal. You're not going to believe the call I got this morning..."
Erm... the whole point of extradition is to get someone who committed a crime against someone in the US who happens to be (at the time of the warrant) outside the US.
The specifics in this case aren't familiar to me, but whining about "US law trumping everyone else" sounds like a bunch of America-hater rhetoric. If you break into my company's network and sabotage data and cause serious havoc (death, financial destruction, etc.) and run, extradition is meant for you. If you happen to be in another country when you commit the crime, I believe this still holds.
It's important that numbers be sane, but when a ~2gig AMD chip can run with Intel chips clocked at a much higher speed, something needs to be done to let the public know in a non-technical fashion.
I don't think anyone can blame AMD for the switch and I think perhaps a standard benchmark/rating system might be in order.
Oklahoma city was not caused by foreign terrorists -- that was a local nutcase. Refer to my post, I specifically said 'foreign'. Swing and a miss.
--- "But that wasn't the last terrorist attack on this country before 9/11. Our African embassies were attacked, US troop barracks in Saudi Arabia were attacked, the USS Cole was attacked"
These are attacks off of American soil. What good is a database on American citizens going to do in helping to stop these attacks? Strike 2.
--- "and there was an attack that was stopped on New Years Eve 2000. This is not a problem that we can just ignore."
Now you're bringing up unsuccessful attacks. My whole point is that either they're not trying hard enough, or we're catching them -- which seems to be the case here.
The whole problem is that this doesn't happen nearly enough to warrant panic. We've had two local attacks in the last decade. Considering how easy the typical middle eastern attack (suicide bomber) could be carried out here, and the fact that we're not seeing any, should mean something to you. It is said (non-stop) that we're hated and threatened every day, but even the almost-unstoppable attacks aren't happening.
Strike three. Back to the bench.
In the end, the problem goes even further in that a database like this is monitoring American citizens who live here. It seems reasonable that potential terrorists can come here with all the training and money they need, spend a couple nights in a hotel, and blow themselves straight to hell. The effects of monitoring an entire population can be shrugged off by terrorists, but not those that live here.
The negatives in this case absolutely blow away the positives.
I am not trying to say that the US is in any way close to the country described in '1984', but certain people in our government have *always* pushed for some very close parallels and it's creepy whenever they surface.
I can only hope that the upcoming generation has been taught enough independence to value their freedom and fight the authoritarians. The good thing about a democratic society is that the pendulum swings both ways, and given time usually corrects itself. The current voters (baby boomers) didn't deal with as much McCarthyism as their parents and their apathy is going to get us in trouble.
When was the last foreign terrorist attack in this country? 9/11
Before that? Anyone?
1993?
I am NOT arguing with you, "see, we're safe" works for enough folks to keep the population apathetic. It IS creepy, though, when you think about it: How easy would it be to walk across the Canadian border, walk into a border-town theatre, and blow yourself up?
It seems like this crap happens on a daily basis in the Middle East, but we never see this stuff.
Either they aren't out to get us as much as we think or the government has already been doing a good job.
Believe me, I understand the rammifications of a WMD attack -- looking at what certain chemicals and bioagents can do is very sobering. However I don't think the risk is high enough that the government now has a right to actively suspect (monitor) all citizens without cause.
There is a difference between monitoring a suspect and monitoring everyone. When the government is looking over everyone's shoulders, day and night, you no longer have what I would call a 'free society.'
I'm scared too... I started my programming days in Perl and am very fond of it's flexibility and ease of use. I wouldn't mind the ability to do some formal class declarations and error handling a la Java, but I'm worried.
That said, Parrot sounds like it's going to shake some people up. From what I understand, it's a register based VM as opposed to stack based, meaning that preemption is possible. Judging from the speed and smoothness gained by using preemption in the Linux kernel, I'm drooling to see what this will be capable of.
I really hope, though, that they haven't lost sight of what makes Perl great, which is: it's just as easy to write good code as bad. The flexibility is 100% in the hands of the developer, not in an over-engineered and time/overhead consuming rule book. Comparing it to English is a good example.
Slashdot Mirror
What follows is a very long reply. Sorry I'm so long-winded here, I think it's an interesting topic...
.DEB? Dependancies (downloading a single RPM often isn't enough)? Version conflicts? Driver deficiencies (think scanner or audio)?
:\
I'm right there with you, Windows certainly has its problems.
I've heard Mandrake is easier to install than XP. I've used apps like Red Carpet, which rock the house and make installation and updating easier than even Windows has it. Linux has a lot going for it.
I will retract my point about the install, that is pretty much cake in any distro, though that all said I want to emphasize the administration hassle.
1) "Download Me"
These programs are written for Windows. The support just isn't there yet, you can't find a Linux install for almost anything. It's not the fault of Linux, but it is a limitation.
2) Downloaded app installation issues
If you do happen to find a Linux app, or do some research and track it down, depending on your system installation troubles are common. RPM?
3) Ease of 'install and go'
Windows apps are designed to install and work out of the box in seconds. Download, double click, click next a few times and you've got an icon on your desktop to do with as you please. Linux apps will often download and double click to install, but often the result isn't immediately apparent. It's not as 'predictable' from what I've seen. When talking about Mom and Pop and apps they download (think AIM), Windows has the up here.
4) System administration
Remove a program, restart your network, reinstall a driver, share a folder -- these are pretty simple in Windows. Windows is GUI centric and hence the GUI tools are required to contain as much power as a user needs. Linux GUI admin tools are starting to kick some A but still need a lot of work. Often you don't have enough power with these tools to do what you need to do.
I never thought I would write a drawn out case for Windows like this.
All of that said, and fitting in with my original post: the above problems are often not problems...
A) Most distros come with every app you'll ever need already installed -- no installation necessary.
B) Depending on hardware, the drivers, default settings and robustness are oftne fine, so little administration is needed for a desktop PC.
C) In a controlled environment, like a corporation, the IT department handles these aspects so these problems don't exist in the first place.
All I'm saying in the end is that for the normal user, Linux has its issues. The problems come when a user tries to tweak the system or install apps. In certain cases, like if the default install is good enough or if you have someone to admin your box for you, these issues are meaningless. Some folks forget these problems, though, and it's worth it to think about them.
Cheers!
If I had the points and could I'd mod you up -- you have a very good point. Perhaps HP is trying to push this on both ends, both to experiences companies and offering pre-install and administration support (key word) to those who want cheaper solutions? I can't say, though I'd imagine it's along those lines.
My original post is more geared towards the "Linux isn't ready" comments that plague Slashdot.
Cheers
Hopefully this in the long term will mean those who graduate in CS/CE/EE/etc. will be much stronger then some of my classmates have been (class of 2002 in Computer Engineering here).
;)
:)
No kidding. I spent a year in school in 2001 -- I'll be if the classes weren't half "normal" folks.
I guess it had to happen at some point, though, like every other field. Computers became popular and it was no longer a fringe, 'geek' thing.
I work with a programmer who hasn't turned on his computer at home in something like three years. A bunch of the other folks obviously don't have much of an interest in technology, it's just a job. Not that they're bad at it, but it's sad to see the passion go in so many folks.
I guess that's why we have things like LUGs.
Cheers
Ahh, yes, but users will figure out these little tips and tricks as time goes by.
Overall, besides drag-n-drop and cut and paste, Windows doesn't have a lot of "surface" features that users will clue into. Linux desktops, on the other hand, typically have virtual desktops, tabs, select + middle-click cut and paste, right click to customize the panels to all hell, drag-n-drop (though not as functional as Windows) and other similar features which users will pick up quickly and use daily.
It drives me nuts to see my coworkers flipping around with alt+tab through 15-20+ windows (this is pretty common where I work) trying to find what they need, making roughly 6 clicks per cut and paste, etc. It's tiny stuff we're talking about here, but it's the things that make a power user a power user. The small navigation steps in a power user's environment are typically very smooth and require little thought.
Linux has so much surface content it's really quite scary. I think it's presented in a way that can easily be ignored, but also easily understood (think virtual desktop selector). Once the common business user gets on Linux, I think you'll find that they turn themselves into mini-power users on their own. I just don't think it's possible in a vanilla Windows environment.
Of course, this is just my opinion.
Cheers
Just to cut off some of the trolls at the pass:
Linux is not ready for "12 year old John gets a Linux CD and installs and is ready to go", nor is the support out there for Mom and Pop to click "DOWNLOAD ME" on a website and be up and going.
That said, for the corporate environment, Linux is perfect. It can be pre-configured and mirrored in a sysadmin's sleep, locked down to kill almost all support problems, and managed remotely with little effort. The applications, for the vast part, work almost exactly the same as their Windows counterparts and as such training costs are minimal.
Notice a pattern? The limitation of Linux is ease of administration and software/hardware support. Any place where Joe User is wanting to download and install a program from his favorite news website or Jane User wants to reinstall the OS, Linux is not 'ready' for casual use. But in a controlled environment, like a company where hardware and software falls under the umbrella of IT, these issues don't pose a problem.
As long as a company can find the applications they need to do their work (or start/join an OSS project and complete their own), Linux is pie on the desktop and has many benefits most companies would die for, once realized. Once you've got a Linux friendly IT department and have found the right apps, limitations are few and far between.
Once corporations adopt Linux, support problems will diminish, and once workers take it home, support problems will all but disappear. The snowball will feed itself.
Lack of lock-in, lack of security issues, lack of luser-stupidity-blew-everything-up scenarios and lack of licensing and upgrade costs are huge in the terms of $$$.
Cheers
Let companies make more money by making games easier to port, but at the same time lock them into a Microsoft based system.
Some gaming companies are keeping code portable in order to sell it on PC, PS2, XBOX, etc., and sometimes this leads to a Linux port. If you give management the tools to keep it on multiple platforms (albeit Windows-centric platforms) in half the time, I think it's safe to say that this is going to take a chunk out of potential Linux ports.
The only possible saving grace is that some companies will want to port their games to competing platforms like the PS2, but those games are likely to be console-oriented and as such not as well suited to a PC. Of course there are always exceptions.
MS is once again using it's market penetration to leverage more lock-in. Brilliant move on their part if you ask me.
Cheers
While I agree that there's a benefit to testing, with the nature of open source what benefits will Debian have that, say, Apache won't pick up on? If a problem is found, it's patched or documented. In my experience lots of relevant documentation along these lines can be trudged up in about 20-30 minutes.
/., I think a minimalist distro like Gentoo -- created by the community -- serves all ends well. A little bit of effort into research on what others in the open community have done will eliminate the vast majority of your problems.
Choosing the proper version and keeping up with security updates is a very reasonable responsibility. Testing an integration is openly documented, I don't see much of a loss here.
If you're a large corporation who needs bullet-proof software which is exposed to the outside world, I certainly see the benefit of using a distro coming from a corporate environment -- I'm not saying you're wrong. I will say, though, for most applications, especially for those discussed here on
Cheers
Possibly, but I somehow doubt it. The vulns in OpenSSL of late were capable of crashing the service using the OpenSSL libs, but it's just a DOS attack. That's not to say that there isn't something more or that a DOS is what alerted the GNOME folks, but I don't know that that is the case here.
Cheers
> Gentoo isn't stable enough, and it isn't meant to be. You probably want Debian or one of the 'Enterprise' ones.
If it's built from the ground up with no services, what does 'Gentoo' have to do with security?
The whole point is taking the distro and auto-config utils out of the equasion (e.g. ftp on by default) so you can build a secure services box and know exactly what is on it and what its purpose is. If something is insecure, it's your fault, not the fault of some distro organization who turned something on by default.
In my opinion, anyone do-it-yourselfer who delegates security to a distro or to an auto-config package isn't in a position to run more than your typical home or non-critical, small business network. In other words, if it's a do it yourself project, take the 30 minutes worth of time to do some basic research before turning something on.
Cheers
It would be nice if a couple of distributions put out basic *up-to-date* HOWTOs of best practices on how to set up minimal, secure servers using their distribution.
:)
If you ask me, anyone running a service important enough for security to be more than a casual concern should be using a distro which is secure out of the box. Minimalist distros (Gentoo comes to mind) seem a good solution here.
When it comes to deploying a service, it should be you who makes the box insecure by adding the service, and then you open up a whole big can of worms with this argument. If the distro is secure and adding a service makes it insecure, unless the addition is distro-specific, it falls on the service maintainer to write good guides.
That doesn't mean it shouldn't happen, I like all the guides I can get -- but I think looking primarily to the distros is perhaps a bit mis-aimed. A little idle interest in security and 20-30 minutes of research when putting up a new service is all it really takes to cover most of your ass(ets), at least that's my perception.
Disclaimer: I am obviously not a security expert, I only have a standing interest in keeping the two services (apache & ssh) running on my home network secure.
Cheers
Zillions of fucking idiots who think that they've somehow "got you cornered" and vent all over you for shit they caused themselves.
;)
The tech support industry can blame a lot of this on itself. In the quest for lower call times, more profits, etc., calling in for tech support consists of listening to bad music for often over 20 minutes just to hear a human being. 20 minutes (or often an hour) of sitting on the phone doing nothing. You can't go anywhere, you can't engage in any activity you can't immediately stop -- you just wait. In my early computing days I had the joyful experience of passing the phone among family members.
And then when you finally get a human being, you get passed around, put on hold, told the problem isn't supported when it obviously is, go through a ridiculous script of steps which are obviously not going to solve the problem or are steps you've already taken, etc. It's unnerving when you know more about your problem than the monkey on the phone.
This is a typical experience it seems and tech support monkeys wonder why callers are all ready with fightin' words when they finally get off of hold.
I have sympathy for my fellow techs in the support industry, I spent over a year just behind the support for my company pouring over code fixing issues -- I know the kind of calls they get and highly respect their ability to deal with it (keeping the customer happy in the process) and remain sane. But besides the normal frustration a user has when they have a problem, I think it's a little short sighted to wonder why they're so aggressive.
Cheers
Nothing really to see here folks. Both attacks crash the SSL server, so we're looking at DOS attacks and not 'holes'. This is certainly serious for the business who relies on it, but for home networks and casual use (which I'm sure is common among slashdotters) this is no sweat.
:)
Nice to hear that they found the holes, though.
Er... doesn't this mean that we'd have to be able to produce synthesized voices anyway?
This records words. It would be the same as if you typed a sentence into a computer and hoped to get it to create a recording of a real human being, with their voice and everything.
In other words, this would be very helpful for on-the-fly voice synth, but you have to be able to do the synth first, which I can't imagine we're able to do yet.
Cheers
As long as your ass is covered (ie, you explained the situation to managment)...
Your post reminded me of an older thread on slashdot:
Always keep a paper trail.
Send your boss a memo complaining about the policy and keep one or more of the following:
1) An electronic copy
2) A paper copy at your desk
3) A paper copy at home
Depending on your paranoia and possibility of someone screwing you over in a very dirty way, pick which one or combo suits you.
This way when your job performance sucks and all the PHB sees is an ineffective employee who can't get his act together, IF you can get your point across that certain tools are necessary, you can point to correspondance with said PHB who denied you such tools.
If your boss can't be convinced that the tools are necessary and still dislikes you, either you're being unrealistic about your needs or you have a boss who shouldn't be managing people of your profession.
Cheers
You have a very good point, one that I have considered. Two sticking points though:
1) I still question why the law must be so complex that an intelligent businessman can't understand it. Talk to a business lawyer: there are no absolutes. You can spend hundreds to thousands to write a nearly bullet proof contract which not only requires an insane amount of research and know-how, but it's still not a guarantee after all that work and money. These laws govern our lives, this isn't something you can pass off as "oh well, them's the breaks." Obviously that's reality, one man can't fight city hall; this is but a philisophical discussion.
2) Many "businesses" are self-employed people who do, for instance, landscaping work on the side like my father, or surfacing work like my neighbor. The business I'm considering investing in is such a business. Small businesses catering to contract work, small markets, or markets where a large organization doesn't make sense often don't make more than a few thousand a month. In the case of self-employment on the side, even less. Spending for a legal fund is often unrealistic.
People these days have the view that businesses are large corporations with fire-breathing lawyers who want to eat the souls of the consumer. When laws get passed, it's often forgotten that a very large portion of the economy is small business, and that a sizable chunk of that is made up of two-bit companies or self employed folks who are making a living outside of a corporation.
A little sanity in the legal and legislative system would be long overdue.
Cheers
Pretty sad.
"If only because the lawyer has a professional acquaintence with the judge and DA. They have a way of doing business with each other. You're just some scmuck."
But if I'm the defendent, I'm the one getting my life ruined. "Some schmuck" is a pretty silly attitude to take if you're getting the shaft and have no money to defend yourself with. It's no longer about right and wrong but about cash (duh). I'm not arguing with you, just lamenting. It's pretty pitiful when the laws governing your life are too complex for you to understand.
To address your second point, it should be considered that when you're starting a business, money to spend is almost always the last thing you have. Of course this detail has no place in the current reality of the courts, I'm sure.
*sigh*
How does this judge handle cases where the defendant can't afford a laywer or at least a competent one?
When the rules governing society are so complex that a member of society has to hire someone to explain them, where have we gotten ourselves?
Can anyone honestly explain to me how I, as a programmer and prospective business owner, can defend myself in court with little or no money to spend on lawyers?
Cheers
I wonder if a proposal put together in the professional looking fashion of these types of websites would get past the USPTO. I wouldn't be surprised, to be honest.
"Yes, Mr. Billingburg of the Water Dept please. Yes, I'll hold..."
"Mr. Billingburg, this is Tony from legal. You're not going to believe the call I got this morning..."
Erm... the whole point of extradition is to get someone who committed a crime against someone in the US who happens to be (at the time of the warrant) outside the US.
The specifics in this case aren't familiar to me, but whining about "US law trumping everyone else" sounds like a bunch of America-hater rhetoric. If you break into my company's network and sabotage data and cause serious havoc (death, financial destruction, etc.) and run, extradition is meant for you. If you happen to be in another country when you commit the crime, I believe this still holds.
Cheers
It's important that numbers be sane, but when a ~2gig AMD chip can run with Intel chips clocked at a much higher speed, something needs to be done to let the public know in a non-technical fashion.
I don't think anyone can blame AMD for the switch and I think perhaps a standard benchmark/rating system might be in order.
Probably not realistic, but it would be nice.
Cheers
You're way of the mark.
"Oklahoma city in 1995."
Oklahoma city was not caused by foreign terrorists -- that was a local nutcase. Refer to my post, I specifically said 'foreign'. Swing and a miss.
---
"But that wasn't the last terrorist attack on this country before 9/11. Our African embassies were attacked, US troop barracks in Saudi Arabia were attacked, the USS Cole was attacked"
These are attacks off of American soil. What good is a database on American citizens going to do in helping to stop these attacks? Strike 2.
---
"and there was an attack that was stopped on New Years Eve 2000. This is not a problem that we can just ignore."
Now you're bringing up unsuccessful attacks. My whole point is that either they're not trying hard enough, or we're catching them -- which seems to be the case here.
The whole problem is that this doesn't happen nearly enough to warrant panic. We've had two local attacks in the last decade. Considering how easy the typical middle eastern attack (suicide bomber) could be carried out here, and the fact that we're not seeing any, should mean something to you. It is said (non-stop) that we're hated and threatened every day, but even the almost-unstoppable attacks aren't happening.
Strike three. Back to the bench.
In the end, the problem goes even further in that a database like this is monitoring American citizens who live here. It seems reasonable that potential terrorists can come here with all the training and money they need, spend a couple nights in a hotel, and blow themselves straight to hell. The effects of monitoring an entire population can be shrugged off by terrorists, but not those that live here.
The negatives in this case absolutely blow away the positives.
Cheers
I am not trying to say that the US is in any way close to the country described in '1984', but certain people in our government have *always* pushed for some very close parallels and it's creepy whenever they surface.
I can only hope that the upcoming generation has been taught enough independence to value their freedom and fight the authoritarians. The good thing about a democratic society is that the pendulum swings both ways, and given time usually corrects itself. The current voters (baby boomers) didn't deal with as much McCarthyism as their parents and their apathy is going to get us in trouble.
Hopefully it will correct itself as it often has.
Cheers
When was the last foreign terrorist attack in this country?
9/11
Before that?
Anyone?
1993?
I am NOT arguing with you, "see, we're safe" works for enough folks to keep the population apathetic. It IS creepy, though, when you think about it:
How easy would it be to walk across the Canadian border, walk into a border-town theatre, and blow yourself up?
It seems like this crap happens on a daily basis in the Middle East, but we never see this stuff.
Either they aren't out to get us as much as we think or the government has already been doing a good job.
Believe me, I understand the rammifications of a WMD attack -- looking at what certain chemicals and bioagents can do is very sobering. However I don't think the risk is high enough that the government now has a right to actively suspect (monitor) all citizens without cause.
There is a difference between monitoring a suspect and monitoring everyone. When the government is looking over everyone's shoulders, day and night, you no longer have what I would call a 'free society.'
Cheers
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
Please board the nearest transportation to the Ministry of Love, they are waiting to see you.
I'm scared too... I started my programming days in Perl and am very fond of it's flexibility and ease of use. I wouldn't mind the ability to do some formal class declarations and error handling a la Java, but I'm worried.
That said, Parrot sounds like it's going to shake some people up. From what I understand, it's a register based VM as opposed to stack based, meaning that preemption is possible. Judging from the speed and smoothness gained by using preemption in the Linux kernel, I'm drooling to see what this will be capable of.
I really hope, though, that they haven't lost sight of what makes Perl great, which is: it's just as easy to write good code as bad. The flexibility is 100% in the hands of the developer, not in an over-engineered and time/overhead consuming rule book. Comparing it to English is a good example.
Cheers