IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman,
Am I the only one who thinks 36 trillion does not seem all that inexhaustible, only expanding by an order of 4 thousand? Once you start assigning subranges, etc., it seems like you could exhaust them. Why didn't IPV6 go to something much larger like 64 bits? On the other hand, it makes for a good excuse for still having anonymity behind NAT firewalls.
With enough public statements like the following, I think SCO could not hope to collect a dime from Linux users.
Dear Linux user:
SCO has claimed that the source code which they distributed and improved as part of Linux for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by the GPL under which they distributed it.
If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to Linux under GPL. I am happy to license these lines of code to you for 50 billion dollars.
Be sure to ask each other contributor how much he requires to run the code if not under GPL. So, the choice is either believe that the code is GPLed as SCO previously claimed it was or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
With enough public statements like the following, I think SCO could not hope to collect a dime from Linux users.
Dear Linux user:
SCO has claimed that the source code which they distributed and improved as part of Linux for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by GPL.
If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to Linux under GPL. I am happy to license these lines of code to you for 50 billion dollars. Be sure to ask each other contributor how much he requires to run the code if not under GPL.
So, the choice is either believe that the code is GPLed or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
Who needs to sue? Instead use SCO's tactics against them.
Dear Linux users:
SCO has claimed that the source code which they distributed for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by GPL.
If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to GPL. I am happy to license these lines of code to you for 50 billion dollars. Be sure to ask each other contributor how much he requires to run the code not under GPL.
So, the choice is either believe that the code is GPLed or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
Perhaps you meant "Alles ist verloren?" If so, you got one word right out of three in the subject, ignoring for the present the capitalization.
With respect to the topic at hand, I remember how excited everyone was about the expanding internet masses when the unwashed masses of non-technical users began to come online.
I enjoy Linux just the way it is -- a road less travelled. I will probably continue to enjoy it if it's use becomes even more widespread, but it is already good, free (as in freedom) and it is free (as in beer). This is hardly a disaster.
I wouldn't be surprised if these statistics are based on some guy logging onto Kazaa and writing down the number of Users and Bytes online. At least we know someone was working over the holiday weekend.
And how are these stats (users/bytes online) maintained without a central server, which could also be legally mandated to prevent circulation of specific named files, as was done in the Napster case? I thought these services were P2P distributed. I guess it must be nothing like freenet, which I have used and suspect could not be monitored for number of active users (I have often wondered what, if anything, keeps freenet from arbitrarily splitting into isolated communities).
It clearly attacks windows-based PCs. If it attacks through Mozilla or MySQL, it is the fault of the OS for exposing these things. In an OS with proper security, a bad user app such as Mozilla cannot compromise the system as badly as in Windows XP HE, for example, which runs apps as root by default, allowing for example new network services to be installed by downloaded viruses.
What part of "Windows XP encourages users to run as root" did you not understand, or do you continue to disagree with? I believe this is particularly true of the home edition. Whatever may be there under the hood, the setup of XP (especially home edition) apparently still encourages many novice users to run as root all the time instead of insisting on an unprivileged account with icons that are set up to prompt to elevate the password temporarily, as Mandrake and OSX do. Expect Windows to be more easily rooted, in that case. Eventually Windows may get it right if it looks at Mandrake or OSX long enough, which do not set up by default that way.
The default configuration is important. Expensive high-security OSes used to be compromised all the time just because a default password was set on a privileged account. This is a very similar issue. Sure someone with enough knowledge can secure the system, but if it is fundamentally insecure by default, then it is wasted on most users. It is silly to continue to argue that it is secure, when by default it often is not, according to those who have talked to me who use it.
To quote from a A Novices Guide to Securing Windows XP Home Edition "There are only two kinds of accounts in Windows XP Home Edition. First there is a computer administrator account. This type of account has unlimited power to modify the computer in any way and to vierw and alter the contents of all other accounts. All subsequently created accounts are initially computer administrator accounts also. But, you can change their account type after creation...".
So how is this secure if by default it is insecure and novices have to manually secure it and figure out how to survive in an insecure account, to the extent that many think it impossible?
Yuck! Back to the future, we find ourselves chasing stale object graphs, like in COM. Or have they somehow made them safer? Refcounting was a Microsoft innovation I clearly could have done without.
In other news, SCO owns the Solaris extension known as Java, since it clearly is an extension to the Unix System V Operating System, having been incorporated there first.
I clearly stated that I was not up on the latest windows versions. Another poster in the thread has said he was never able to get this sort of thing to work for him.
When OSX or Mandrake install, they provide GUI support for this sort of thing, and install configuration icons, etc. by default that way, so they can easily be accessed by non-privileged users via su or sudo. If Windows XP and Windows 2000 also have GUI support and discourage the user from running as root by default, then I stand corrected. But if it is too difficult for a novice to use in a default installation, then it hardly qualifies.
My neighbor tells me that when he installs XP, it makes them root by default, demonstrating that it is apparently not practical to do security right on that box. Relative novices, on the other hand, use Mandrake's non-privileged defaults easily, supplying the privileged password when performing a GUI management function.
A way to do it without a GUI is no way at all for most users, especially if XP is still commonly installed to log in the default user as root, unlike OSX and Mandrake.
There were multiple anonymous comments questioning his competency. I did not say he was fired for incompetency, I said there were allegations that he was probably fired for incompetency.
In the absence of any more-concrete information on precisely why he left (the original article appeared purely speculative) and with the anonymous writer(s) at least pretending to know the man, it seems accuracy called for mentioning such counter-speculation.
On the other hand, he seems to be departing on not-entirely-hostile terms, so it is still speculation either way.
Quite novel to call the article itself off-topic so you do not have to discuss what the submitter clearly wanted to discuss as part of his submission.
And according to you, AC, an "actual discussion" must religiously ignore Microsoft-related causes of the problems even if they are the result of undefendably-poor product design with respect to security? At least you correctly mark yourself as a -1 MS Fanboy (Troll).
I invite you, again, to explain how you think it was off-topic and out of bounds.
Discussing percieved or real causes of the problem is clearly on topic for those not religiously opposed to such, as you seem to be. It suprises you that people here are not msbots? Perhaps you thought you were on MSDN.
I cannot speak for later versions of Windows since I stopped using them, but I never saw a version of windows that does not force you to completely log off and back on to access privileged functions, encouraging people to run with privileges on all the time, because they cannot just enter the password for privileged activities. Su does not exist, nor does sudo.
Most other modern versions of OS's are significantly better (Lindows early versions were an exception). Just having su and sudo is much better.
OSX has no root enabled by default, and relies on sudo to limit elevated privileges to single operations.
GNU/Linux/XFree86 systems typically give warnings when the user logs in to the window manager as root, give a limited environment with a red background, etc., and on the other hand make it easy for the user to run without elevated privileges most of the time.
And the monoculture is also inherently less even if everyone were to use Linux, because the licensing allows significant derivitive / deviant branches.
Claiming that Linux would be no better if it were as successful as Windows ignores facts.
This is just the tip of the iceberg. I have been on an email team faced with the question, do we allow contents to auto-execute, which actually thought about the problem before blindly implementing it, unlike Microsoft.
Flame on if you like, but it is quite common for these sorts of things to happen on Windows boxes, and not on Linux boxes, due precisely to the monoculture and the flawed default security model of Windows (actually a number of different flawed models in Windows OS and apps).
Perhaps you could clarify how the comment in this instance was not appropriate. The GNU/Linux default security model that my family run all their machines on does not run arbitrary software with elevated privileges as Microsoft does. It never has. And it is not such a monoculture, resulting in being less susceptible to attack.
These are attacks I have never had to worry about. A neighbor, who typically runs Linux with no breaches of security, tried putting up an IIS server just once to see how it compared, and it was owned by hackers within 15 minutes.
Sure there could be an increase in real security incidents some day with Linux, but not before there are far worse problems with existing Windows platforms (until there is much change to Windows).
Perhaps there just needs to be a windows-only section of Slashdot, so that Windows users can discuss these problems which are less relevant to the rest of us without feeling continuously picked on due to the technical problems with their choice of an OS.
I wonder what the best way is to silently document the fact that they continue to distribute everything, even if they are not collecting money for it, without repeatedly stating it on slashdot.
If we keep pointing this out, perhaps they will get wise and stop distributing it, so they can say "we stopped distributing all source code shortly after discovering it" -- what is 6 months versus 3 -- as opposed to being ambushed years later by the fact that they still distribute the GPLed code presumably containing the mods when a case relying on the GPL rights actually comes to trial.
This post was not intended to be funny, but only off topic, since I have been repeatedly unsuccessful with story submissions that actually contain significant new interesting information about the case.
That Sun was trumpetting their status as a SCO licensee of Unix in disregard for any solidarity with Unix or Linux vendors or users was obvious, and this "revelation" was not a suprise in the least. It just means that Sun gave them a small amount of money a bit more recently.
I agree. I cannot imagine that a competent attorney would say about continuing to distribute Linux kernel source and binaries as they still do today "don't worry, that won't hurt us in court."
I am not an attorney, but even if they felt rock solid for some unknown reason, the saying goes that whatever you have to prove in court, an attorney will give you a 50/50 chance, because in court anything can happen, so I think you don't intentionally leave extra loose baggage lying around. Leaving this sort of loose baggage lying around seems to mean that someone in charge has priorities other than pursuing Linux distributors.
They have said many conflicting things, and on certain occasions they have said that it is unlikely that they will go against Linux distributors, and they indicated that they actualy understood the GPL and the difficulty of extracting license fees from Linux kernel users. They certainly GPL out of the current lawsuit. IBM's non-disclosure obligations are independent of GPL issues.
It would be hard for Linux developers to counter-sue them for only the threatening letters they have sent out. The minute they start suing Linux users or demanding license fees, they open themselves up to hundreds of suits from kernel contributors.
Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day.
I am not familiar with the tool they used. It doesn't say how many different kinds of encrypted connections they looked for (since there are a wide variety from https to ssh that are easily applied to email, not to mention products that support content-based rather than connection-based encryption and more). Does their claim to have counted all encrypted tunnels really mean they are omniscient, or how did they distinguish them, etc.
It seems likely to me that the real headline may have been less earth-shattering: "Activities of encryption users are harder to detect than activities carried out on the net in plain text."
Slashdot Mirror
Sorry, I erroneously relied on the number 36 trillion cited in the submission.
IPv6 will increase the supply of addresses from 4 billion today to a number in excess of 35 trillion that is "so big that there's not a word for the number," says Cody Christman,
Am I the only one who thinks 36 trillion does not seem all that inexhaustible, only expanding by an order of 4 thousand? Once you start assigning subranges, etc., it seems like you could exhaust them. Why didn't IPV6 go to something much larger like 64 bits? On the other hand, it makes for a good excuse for still having anonymity behind NAT firewalls.
(sorry I lost the format tags on the parent)
With enough public statements like the following, I think SCO could not hope to collect a dime from Linux users.
Dear Linux user:
SCO has claimed that the source code which they distributed and improved as part of Linux for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by the GPL under which they distributed it.
If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to Linux under GPL. I am happy to license these lines of code to you for 50 billion dollars.
Be sure to ask each other contributor how much he requires to run the code if not under GPL. So, the choice is either believe that the code is GPLed as SCO previously claimed it was or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
With enough public statements like the following, I think SCO could not hope to collect a dime from Linux users. Dear Linux user: SCO has claimed that the source code which they distributed and improved as part of Linux for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by GPL. If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to Linux under GPL. I am happy to license these lines of code to you for 50 billion dollars. Be sure to ask each other contributor how much he requires to run the code if not under GPL. So, the choice is either believe that the code is GPLed or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
Who needs to sue? Instead use SCO's tactics against them.
Dear Linux users:
SCO has claimed that the source code which they distributed for years, and even for months after publicly claiming copyright to unspecified portions of it, is not covered by GPL.
If their claims are true, then the code cannot be distributed under GPL, in which case you have no right to use the code which I have personally contributed to GPL. I am happy to license these lines of code to you for 50 billion dollars. Be sure to ask each other contributor how much he requires to run the code not under GPL.
So, the choice is either believe that the code is GPLed or pay for a SCO license plus $50 billion to me, plus the proper compensation to each other contributor.
Perhaps you meant "Alles ist verloren?" If so, you got one word right out of three in the subject, ignoring for the present the capitalization.
With respect to the topic at hand, I remember how excited everyone was about the expanding internet masses when the unwashed masses of non-technical users began to come online.
I enjoy Linux just the way it is -- a road less travelled. I will probably continue to enjoy it if it's use becomes even more widespread, but it is already good, free (as in freedom) and it is free (as in beer). This is hardly a disaster.
I wouldn't be surprised if these statistics are based on some guy logging onto Kazaa and writing down the number of Users and Bytes online. At least we know someone was working over the holiday weekend.
And how are these stats (users/bytes online) maintained without a central server, which could also be legally mandated to prevent circulation of specific named files, as was done in the Napster case? I thought these services were P2P distributed. I guess it must be nothing like freenet, which I have used and suspect could not be monitored for number of active users (I have often wondered what, if anything, keeps freenet from arbitrarily splitting into isolated communities).
Since these services are peer to peer with no centralized servers, it would be interesting to know how the measurements were made.
If they are merely asking people if they used P2P, it seems like fewer people would openly admit it.
What did you learn about your interpretation of DMCA from the acquittal in the Sklyarov / Elcomsoft prosecution?
It clearly attacks windows-based PCs. If it attacks through Mozilla or MySQL, it is the fault of the OS for exposing these things. In an OS with proper security, a bad user app such as Mozilla cannot compromise the system as badly as in Windows XP HE, for example, which runs apps as root by default, allowing for example new network services to be installed by downloaded viruses.
What part of "Windows XP encourages users to run as root" did you not understand, or do you continue to disagree with? I believe this is particularly true of the home edition. Whatever may be there under the hood, the setup of XP (especially home edition) apparently still encourages many novice users to run as root all the time instead of insisting on an unprivileged account with icons that are set up to prompt to elevate the password temporarily, as Mandrake and OSX do. Expect Windows to be more easily rooted, in that case. Eventually Windows may get it right if it looks at Mandrake or OSX long enough, which do not set up by default that way.
The default configuration is important. Expensive high-security OSes used to be compromised all the time just because a default password was set on a privileged account. This is a very similar issue. Sure someone with enough knowledge can secure the system, but if it is fundamentally insecure by default, then it is wasted on most users. It is silly to continue to argue that it is secure, when by default it often is not, according to those who have talked to me who use it.
To quote from a A Novices Guide to Securing Windows XP Home Edition "There are only two kinds of accounts in Windows XP Home Edition. First there is a computer administrator account. This type of account has unlimited power to modify the computer in any way and to vierw and alter the contents of all other accounts. All subsequently created accounts are initially computer administrator accounts also. But, you can change their account type after creation...".
So how is this secure if by default it is insecure and novices have to manually secure it and figure out how to survive in an insecure account, to the extent that many think it impossible?
Yuck! Back to the future, we find ourselves chasing stale object graphs, like in COM. Or have they somehow made them safer? Refcounting was a Microsoft innovation I clearly could have done without.
In other news, SCO owns the Solaris extension known as Java, since it clearly is an extension to the Unix System V Operating System, having been incorporated there first.
I clearly stated that I was not up on the latest windows versions. Another poster in the thread has said he was never able to get this sort of thing to work for him.
When OSX or Mandrake install, they provide GUI support for this sort of thing, and install configuration icons, etc. by default that way, so they can easily be accessed by non-privileged users via su or sudo. If Windows XP and Windows 2000 also have GUI support and discourage the user from running as root by default, then I stand corrected. But if it is too difficult for a novice to use in a default installation, then it hardly qualifies.
My neighbor tells me that when he installs XP, it makes them root by default, demonstrating that it is apparently not practical to do security right on that box. Relative novices, on the other hand, use Mandrake's non-privileged defaults easily, supplying the privileged password when performing a GUI management function.
A way to do it without a GUI is no way at all for most users, especially if XP is still commonly installed to log in the default user as root, unlike OSX and Mandrake.
There were multiple anonymous comments questioning his competency. I did not say he was fired for incompetency, I said there were allegations that he was probably fired for incompetency.
In the absence of any more-concrete information on precisely why he left (the original article appeared purely speculative) and with the anonymous writer(s) at least pretending to know the man, it seems accuracy called for mentioning such counter-speculation.
On the other hand, he seems to be departing on not-entirely-hostile terms, so it is still speculation either way.
Quite novel to call the article itself off-topic so you do not have to discuss what the submitter clearly wanted to discuss as part of his submission.
And according to you, AC, an "actual discussion" must religiously ignore Microsoft-related causes of the problems even if they are the result of undefendably-poor product design with respect to security? At least you correctly mark yourself as a -1 MS Fanboy (Troll).
I invite you, again, to explain how you think it was off-topic and out of bounds.
Discussing percieved or real causes of the problem is clearly on topic for those not religiously opposed to such, as you seem to be. It suprises you that people here are not msbots? Perhaps you thought you were on MSDN.
I cannot speak for later versions of Windows since I stopped using them, but I never saw a version of windows that does not force you to completely log off and back on to access privileged functions, encouraging people to run with privileges on all the time, because they cannot just enter the password for privileged activities. Su does not exist, nor does sudo.
Most other modern versions of OS's are significantly better (Lindows early versions were an exception). Just having su and sudo is much better.
OSX has no root enabled by default, and relies on sudo to limit elevated privileges to single operations.
GNU/Linux/XFree86 systems typically give warnings when the user logs in to the window manager as root, give a limited environment with a red background, etc., and on the other hand make it easy for the user to run without elevated privileges most of the time.
And the monoculture is also inherently less even if everyone were to use Linux, because the licensing allows significant derivitive / deviant branches.
Claiming that Linux would be no better if it were as successful as Windows ignores facts.
This is just the tip of the iceberg. I have been on an email team faced with the question, do we allow contents to auto-execute, which actually thought about the problem before blindly implementing it, unlike Microsoft.
Flame on if you like, but it is quite common for these sorts of things to happen on Windows boxes, and not on Linux boxes, due precisely to the monoculture and the flawed default security model of Windows (actually a number of different flawed models in Windows OS and apps).
Perhaps you could clarify how the comment in this instance was not appropriate. The GNU/Linux default security model that my family run all their machines on does not run arbitrary software with elevated privileges as Microsoft does. It never has. And it is not such a monoculture, resulting in being less susceptible to attack.
These are attacks I have never had to worry about. A neighbor, who typically runs Linux with no breaches of security, tried putting up an IIS server just once to see how it compared, and it was owned by hackers within 15 minutes.
Sure there could be an increase in real security incidents some day with Linux, but not before there are far worse problems with existing Windows platforms (until there is much change to Windows).
Perhaps there just needs to be a windows-only section of Slashdot, so that Windows users can discuss these problems which are less relevant to the rest of us without feeling continuously picked on due to the technical problems with their choice of an OS.
But is it worth giving up Linux to run Windows so you can claim to have been vulnerable?
I wonder what the best way is to silently document the fact that they continue to distribute everything, even if they are not collecting money for it, without repeatedly stating it on slashdot.
If we keep pointing this out, perhaps they will get wise and stop distributing it, so they can say "we stopped distributing all source code shortly after discovering it" -- what is 6 months versus 3 -- as opposed to being ambushed years later by the fact that they still distribute the GPLed code presumably containing the mods when a case relying on the GPL rights actually comes to trial.
I searched the web and found elsewhere allegations that he was probably fired for incompetency.
In other news senior VP bails from SCO, demonstrating a likely opinion of advanced technologists there about the merits of the case and the future of the company.
This post was not intended to be funny, but only off topic, since I have been repeatedly unsuccessful with story submissions that actually contain significant new interesting information about the case.
That Sun was trumpetting their status as a SCO licensee of Unix in disregard for any solidarity with Unix or Linux vendors or users was obvious, and this "revelation" was not a suprise in the least. It just means that Sun gave them a small amount of money a bit more recently.
Which one did you just add?
I agree. I cannot imagine that a competent attorney would say about continuing to distribute Linux kernel source and binaries as they still do today "don't worry, that won't hurt us in court."
I am not an attorney, but even if they felt rock solid for some unknown reason, the saying goes that whatever you have to prove in court, an attorney will give you a 50/50 chance, because in court anything can happen, so I think you don't intentionally leave extra loose baggage lying around. Leaving this sort of loose baggage lying around seems to mean that someone in charge has priorities other than pursuing Linux distributors.
They have said many conflicting things, and on certain occasions they have said that it is unlikely that they will go against Linux distributors, and they indicated that they actualy understood the GPL and the difficulty of extracting license fees from Linux kernel users. They certainly GPL out of the current lawsuit. IBM's non-disclosure obligations are independent of GPL issues.
It would be hard for Linux developers to counter-sue them for only the threatening letters they have sent out. The minute they start suing Linux users or demanding license fees, they open themselves up to hundreds of suits from kernel contributors.
Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day.
I am not familiar with the tool they used. It doesn't say how many different kinds of encrypted connections they looked for (since there are a wide variety from https to ssh that are easily applied to email, not to mention products that support content-based rather than connection-based encryption and more). Does their claim to have counted all encrypted tunnels really mean they are omniscient, or how did they distinguish them, etc.
It seems likely to me that the real headline may have been less earth-shattering: "Activities of encryption users are harder to detect than activities carried out on the net in plain text."