I've got a DNS server that's running on a Pentium-83 overdrive CPU in a 486/VLB mobo, with 32MB of RAM on 30-pin SIMMs. It connects to the network with a WD8013 10Mb Ethernet card, and 10base-2 cable. Disk? WD Caviar 340MB, baby. It's been serving DNS 24/7/365 for I can't even remember how many years straight (total downtime on the order of a day or two in several years), and still is doing so right now.
Please explain to me exactly *WHY* impeachment is not on the table. There have never been a President and Vice President of the United States *MORE* deserving of impeachment. The Vice President falsified an official intelligence report that was to become the basis of deciding whether or not to send this country to war, for crying out loud. The Vice President outed a CIA operative to settle a political score. The President has institutionalized the breaking of the Fourth Amendment on a massive scale and won't even let Congress, let alone the American people, have all the facts about what he's been doing. *NOT* impeaching them both has got to rank as one of the most gross miscarriages of justice in this nation's history.
Pelosi, Hoyer: GROW A PAIR! Stand up for what's right! Do your job and uphold the Constitution!
So I tried to get the wankers which run the "HSBC Goodness Gracious Me" call center to give me a security contact and a reference to report the bugs. Guess what - they neither understood the concept of "Your credit card interface has a major security flaw", not could provide a contact.
Careful doing that. I've heard of *ahem* someone *ahem* doing the same thing with a bank, and having to spend several weeks giving depositions to the police, talking to the fbi, and basically being treated like a criminal. Moral of the story, switch your account and shut up about it, or it could easily become a giant hassle for you.
But if you can deal with the hassle, please do so, and then post your experiences prominently and shout about them loudly in any forum that you can. Turn it into a big embarrassment for the bank. If you quietly change your account, they lose one customer. If everyone and their borther hears about what the bank did to you, and is similarly outraged, they may lose thousands of customers. That starts to hurt them. Then you actually have a chance of convincing them to change their overly paranoid, overly litigious policies. And THAT would be a public service, deserving of much praise.
As sign that Stallman/FSF are not capable of building such system, you can take the fact, that they have never managed to produce usable OS kernel.... End of story.
Do you do any software development? What do you compile with? What do you debug with?
I don't understand why we even care about Dvorak's mindless columns. It's not that he doesn't "get it". It's that he actually doesn't care if what he says makes sense, is insightful, informative, or any of the other positive slashdot modifiers. I've become convinced that he intentionally writes nothing but flamebait in a bid to generate controversy and drive more people to his employer's site, increasing the ad revenue and other opportunities that come with eyeballs.
He's a carnival barker, and slashdot is his audience. Ignore him and he goes away. I wish there was a "Dvorak column" subject checkbox so I could uncheck it.
I used to work for an insurance agency and attended more safe driving courses/schools then I can recall. I processed thousands of accident reports and claims. And not once in all of that did I see an accident that could have been prevented by "evasive high speed".
Very well, I shall detail one for you. I'm driving around the outer lane of a two-lane traffic circle. There's another car in the inner lane, approximately 3/4 of a car-length behind me. Overlap of about a foot or two between us. He suddenly decides he needs to turn out of the traffic circle NOW (nevermind that I'm in his way). I see him drifting into my lane in the left side mirror and slam the throttle to the floor. I didn't need to accelerate for a significant amount of time; I just needed an extra two feet of distance on him, but I needed it right away. As you say, I didn't even bother to downshift because that would have taken too long. But I managed to get out of his way anyway.
Further, let's say he did clip me and pushed my tail out so that my car began to spin out (i.e. the classic police rear quarter panel tap). What do I need to do to keep control of the car? Counter-steer and get on the throttle. If I'm driving a front-wheel or all-wheel drive car, and the road surface is clean, dry, and grippy, I'm likely best off putting the throttle straight to the floor until I get the tail straightened out. This device would hinder my ability to regain control of my car in this situation.
I'm not arguing that braking isn't better in the vast majority of situations. I'm arguing that there exist valid situations in which jamming on the throttle is better. They may be rare in the grand scheme of real-world everyday driving situations, but they exist. And as long as they exist, a device which removes that option from the driver is a bad idea.
Besides, the self destructive approach would never be acceptable in a military or top secret installation
Not as a primary means of data protection, but they love it as a secondary means. They'd buy these drives *AND* run encrypted filesystems on them. Remember the spy plane that was forced to land in China? When the Chinese military stormed the plane, the comms op was hacking the crypto equipment to bits -- literally, with a large axe. Official recommended procedure, after going through the electronic sterilization steps. Execute all designed-in electronic destruction measures, then follow up with as many physical destruction measures as you have time for.
Damaged HDs cannot be sent back because of the info on them, they have to be destroyed locally. We take the platters out, but I'm not 100% sure how they get destroyed (probably degaussed then physically damaged).
Bingo (except don't bother with the degaussing). That's the ONLY solution I would advocate. As for destroying the platters, I recommend a high-speed belt sander, and some really rough coarse-grit sanding belts. Hold the platter with a bench vise and apply belt sander liberally. Flip the platter over; repeat. Stop when there's not a square micrometer of platter surface left that's either smooth or shiny.
You didn't write the song, make the move, etc. If you want to own the content, create it or pay someone to create.
NOBODY *owns* content. Content is thought, experience, knowledge, understanding, appreciation. These are intangible, and cannot be contained, quantified, or taken from someone after the fact. We enacted copyright to give creators an incentive to create, that our society should be rich in content. But even in its current screwed up, completely out of proportion incarnation, copyright terms end. Copyright does not last forever. Content eventually becomes free of all restrictions, and all can use it however they please. But DRM doesn't end. This is why DRM is bad for society. It de-facto extends copyright indefinitely, and does so with more onerous restrictions than copyright itself allows a creator to impose. Here's an answer to the original story submitter's question: I will accept DRM when it automatically becomes completely and permanently disabled the instant the copyright on the work it's protecting expires.
So your proposal is to stop allowing people to profit from their creations?
I would remind you that copyright does not exist to guarantee creators the ability to profit from their creations. It exists merely provide an environment in which creators have incentive to create. Incentive need not include any guarantees. (e.g.: Look at Vegas. Plenty of people find adequate incentive to gamble at casinos.) Once copyright has gone far enough that creators find enough incentive to create, and our society has rich, continuous streams of new content, its job is done, and anything additional is too much. IMHO, we're already quite far into the realm of "too much".
I doubt SCO has *all* of them tied up. If this company is distributing a binary that includes code copyrighted by IBM and released under the GPL, and this company is not abiding by the GPL, then IBM has every right to sue this company for copyright infringement. Seems pretty clear-cut.
If you're really that tweaked about it, contact IBM legal, and let them handle it. Of course, I'd polish up your resume first.
Oh ho. So a kid who walks up to your car and tries the doorhandles is not guilty of anything untoward?
No. Trying a door handle does not imply mal-intent. It's the response when a door handle actually works that matters. I'll give you an anecdote. I was arriving at a semi-nice restaurant in a somewhat out of the way area of an otherwise nice town. Parking was scarce, so I had to park on a tiny unlit side-street. Walking toward the restaurant from my car, I saw another car on the street with its dome light on. It was obvious from a reasonable distance that there was no one in the car, but there was a pocketbook left on the front seat. Being a good sumeritan, I said "that won't do -- the pocketbook will get stolen, and the dome light will drain the battery". So I tried the door handle. To my surprise, it opened. I quickly turned to dome light off, closed the door again, and walked away. Turns out this was a sting. There had been a bunch of thefts from cars in the area recently, and this being a good town, the cops had enough time to set up a honeypot to try to catch the perp. They were quite chagrined to find someone go for the bait for an entirely altruistic reason -- to prevent a stranger from becoming the dual victim of a theft and a dead battery. Maybe I took a risk by trying that door handle and attempting to do some good. But how would you know if you deign to put a boot up my arse the instant I touch the doorhandle?
Perhaps the analogy doesn't port over all that well to scans of TCP ports, but it wasn't I who began that analogy; I'm just answering it.
Can you honestly tell me that the government is going to hire a panel of people to check in in-depth source changes on OSS projects? People who are familiar enough that they can catch an exploit that may only take 3-4 lines of code to perform?
Yes, I can. I worked on a project that was using Linux for something with national security implications. We were told exactly which version of Linux to use. I asked why. They said, "Because that's the version we've checked." As in , line by line. What's more, they do exactly the same thing for proprietary OSes used in those situations. The government understands the value of seeing the source code. All bids for this kind of stuff require you to provide every single line of source code, and require you to let the government rebuild the final project from the provided, audited source. If you don't like those terms, don't bid. Frankly, those are open-source friendly terms because all those things are part and parcel of the way open source works. Proprietary vendors have to bend over backwards to accomodate.
If 3000 lines of dense mathematically rich C were checked in and a dozen lines acted in concert to create a miscalculation, how much expertise would be needed to catch that?
Do not underestimate the NSA. They understood differential cryptanalysis in 1974 and forced IBM to change DES to make it more resistant to those techniques. Academia didn't catch up and grasp the rationale for those changes until twenty years later.
...in a dark, quiet place. If you want people to stay all kinds of crazy hours, give them a nice place to take a nap. And LET them. The mind needs to recharge. Five hours of work followed by a half an hour nap followed by another five hours of work is usually much more productive than twelve straight hours of work.
It won't be long before someone makes a "Type R" desktop.
:rolleyes:
Speaking as the owner of a real Type R ('98 #269 if you must know), when kept stock, they're not all that ricey-looking or blinged-out. The vast majority of the differences between it and other Integras are long on real performance and short on looks. The imitators just go way over the top on the looks, push well beyond what it was meant to be, and ignore the real performance. Sad, really.
You can either lock the RAM page so it doesn't swap
Absolutely. I caught that blatant error in the article as well: "Operating systems such as Windows and Linux have no way to prevent data in RAM from being copied to disk." Bull. mlock(). And even though I haven't programmed Win32 in forever, I know for a fact Win32 has an equivalent call.
In fact, just a month ago I was writing a program that dealt with a sensitive password. I mmap()'ed a few pages specifically for the password and derived sensitive data, and mlock()'ed those pages into core before writing anything to them. All catchable signals that should terminate the program go to a signal handler that memset()'s the pages to all zeros before munmap()'ing them. As soon as it's done with the password, the program does the memset() and munmap() anyway. SIGKILL shouldn't produce a core file, so the only way I can think of to get that password to disk is to SIGSTOP the program while it's using the password and copy/proc/kcore to disk. Can anyone think of a way to do it less drastic than that? Is there something I've missed?
And have you ever called into one of those programs to suggest that the people doing the complaining try installing Mozilla and turn on popup blocking? If you were really clever, you could even give a quick rundown of how to do this on the air. Think how far that one phone call could go in solving this problem.
However, this is something the gov't could demand (gotta stop those waskiwy tewowists).
Can you say "Clipper chip"?
Unfortunately, governments (and especially ours) aren't exactly known for learning their lesson the first time around. This is likely a battle we'll have to fight again, and soon.
As for the name of the spaceship, I suggest naming it the "B" Ark.
Thank you!!! It's good to see I'm not the only one whose first thought was that.
Of course, if that's the name we choose, all of your proposed crew are disallowed. We'd have to people it entirely with elephant washers and telephone disinfectors.
Slashdot Mirror
Spot on, and good work. Did you catch that last sentence in the writeup on DriveCam on the partners page you linked to?
DriveCam provides the technology and driving coaches for the Teen Safe Driver Program.
From an equipment and program delivery point of view, TeenSafeDriver is DriveCam.
I've got a DNS server that's running on a Pentium-83 overdrive CPU in a 486/VLB mobo, with 32MB of RAM on 30-pin SIMMs. It connects to the network with a WD8013 10Mb Ethernet card, and 10base-2 cable. Disk? WD Caviar 340MB, baby. It's been serving DNS 24/7/365 for I can't even remember how many years straight (total downtime on the order of a day or two in several years), and still is doing so right now.
Let's take a quick walk back through the vault of previous Sony-invented media formats, shall we?
Betamax.
Mini-Disc.
Memory Stick.
ATRAX.
You'll pardon me if I ask why I should believe this will turn into anything other than another colossal flop.
Please explain to me exactly *WHY* impeachment is not on the table. There have never been a President and Vice President of the United States *MORE* deserving of impeachment. The Vice President falsified an official intelligence report that was to become the basis of deciding whether or not to send this country to war, for crying out loud. The Vice President outed a CIA operative to settle a political score. The President has institutionalized the breaking of the Fourth Amendment on a massive scale and won't even let Congress, let alone the American people, have all the facts about what he's been doing. *NOT* impeaching them both has got to rank as one of the most gross miscarriages of justice in this nation's history.
Pelosi, Hoyer: GROW A PAIR! Stand up for what's right! Do your job and uphold the Constitution!
But if you can deal with the hassle, please do so, and then post your experiences prominently and shout about them loudly in any forum that you can. Turn it into a big embarrassment for the bank. If you quietly change your account, they lose one customer. If everyone and their borther hears about what the bank did to you, and is similarly outraged, they may lose thousands of customers. That starts to hurt them. Then you actually have a chance of convincing them to change their overly paranoid, overly litigious policies. And THAT would be a public service, deserving of much praise.
Do you do any software development? What do you compile with? What do you debug with?
One finger will suffice. OK, two if you're British.
I don't understand why we even care about Dvorak's mindless columns. It's not that he doesn't "get it". It's that he actually doesn't care if what he says makes sense, is insightful, informative, or any of the other positive slashdot modifiers. I've become convinced that he intentionally writes nothing but flamebait in a bid to generate controversy and drive more people to his employer's site, increasing the ad revenue and other opportunities that come with eyeballs.
He's a carnival barker, and slashdot is his audience. Ignore him and he goes away. I wish there was a "Dvorak column" subject checkbox so I could uncheck it.
Very well, I shall detail one for you. I'm driving around the outer lane of a two-lane traffic circle. There's another car in the inner lane, approximately 3/4 of a car-length behind me. Overlap of about a foot or two between us. He suddenly decides he needs to turn out of the traffic circle NOW (nevermind that I'm in his way). I see him drifting into my lane in the left side mirror and slam the throttle to the floor. I didn't need to accelerate for a significant amount of time; I just needed an extra two feet of distance on him, but I needed it right away. As you say, I didn't even bother to downshift because that would have taken too long. But I managed to get out of his way anyway.
Further, let's say he did clip me and pushed my tail out so that my car began to spin out (i.e. the classic police rear quarter panel tap). What do I need to do to keep control of the car? Counter-steer and get on the throttle. If I'm driving a front-wheel or all-wheel drive car, and the road surface is clean, dry, and grippy, I'm likely best off putting the throttle straight to the floor until I get the tail straightened out. This device would hinder my ability to regain control of my car in this situation.
I'm not arguing that braking isn't better in the vast majority of situations. I'm arguing that there exist valid situations in which jamming on the throttle is better. They may be rare in the grand scheme of real-world everyday driving situations, but they exist. And as long as they exist, a device which removes that option from the driver is a bad idea.
Not as a primary means of data protection, but they love it as a secondary means. They'd buy these drives *AND* run encrypted filesystems on them. Remember the spy plane that was forced to land in China? When the Chinese military stormed the plane, the comms op was hacking the crypto equipment to bits -- literally, with a large axe. Official recommended procedure, after going through the electronic sterilization steps. Execute all designed-in electronic destruction measures, then follow up with as many physical destruction measures as you have time for.
Bingo (except don't bother with the degaussing). That's the ONLY solution I would advocate. As for destroying the platters, I recommend a high-speed belt sander, and some really rough coarse-grit sanding belts. Hold the platter with a bench vise and apply belt sander liberally. Flip the platter over; repeat. Stop when there's not a square micrometer of platter surface left that's either smooth or shiny.
NOBODY *owns* content. Content is thought, experience, knowledge, understanding, appreciation. These are intangible, and cannot be contained, quantified, or taken from someone after the fact. We enacted copyright to give creators an incentive to create, that our society should be rich in content. But even in its current screwed up, completely out of proportion incarnation, copyright terms end. Copyright does not last forever. Content eventually becomes free of all restrictions, and all can use it however they please. But DRM doesn't end. This is why DRM is bad for society. It de-facto extends copyright indefinitely, and does so with more onerous restrictions than copyright itself allows a creator to impose. Here's an answer to the original story submitter's question: I will accept DRM when it automatically becomes completely and permanently disabled the instant the copyright on the work it's protecting expires.
So your proposal is to stop allowing people to profit from their creations?
I would remind you that copyright does not exist to guarantee creators the ability to profit from their creations. It exists merely provide an environment in which creators have incentive to create. Incentive need not include any guarantees. (e.g.: Look at Vegas. Plenty of people find adequate incentive to gamble at casinos.) Once copyright has gone far enough that creators find enough incentive to create, and our society has rich, continuous streams of new content, its job is done, and anything additional is too much. IMHO, we're already quite far into the realm of "too much".
I doubt SCO has *all* of them tied up. If this company is distributing a binary that includes code copyrighted by IBM and released under the GPL, and this company is not abiding by the GPL, then IBM has every right to sue this company for copyright infringement. Seems pretty clear-cut.
If you're really that tweaked about it, contact IBM legal, and let them handle it. Of course, I'd polish up your resume first.
Oh, so you work at EA.
That sum doesn't sound too different from the checks I actually wrote.
No. Trying a door handle does not imply mal-intent. It's the response when a door handle actually works that matters. I'll give you an anecdote. I was arriving at a semi-nice restaurant in a somewhat out of the way area of an otherwise nice town. Parking was scarce, so I had to park on a tiny unlit side-street. Walking toward the restaurant from my car, I saw another car on the street with its dome light on. It was obvious from a reasonable distance that there was no one in the car, but there was a pocketbook left on the front seat. Being a good sumeritan, I said "that won't do -- the pocketbook will get stolen, and the dome light will drain the battery". So I tried the door handle. To my surprise, it opened. I quickly turned to dome light off, closed the door again, and walked away. Turns out this was a sting. There had been a bunch of thefts from cars in the area recently, and this being a good town, the cops had enough time to set up a honeypot to try to catch the perp. They were quite chagrined to find someone go for the bait for an entirely altruistic reason -- to prevent a stranger from becoming the dual victim of a theft and a dead battery. Maybe I took a risk by trying that door handle and attempting to do some good. But how would you know if you deign to put a boot up my arse the instant I touch the doorhandle?
Perhaps the analogy doesn't port over all that well to scans of TCP ports, but it wasn't I who began that analogy; I'm just answering it.
Yes, I can. I worked on a project that was using Linux for something with national security implications. We were told exactly which version of Linux to use. I asked why. They said, "Because that's the version we've checked." As in , line by line. What's more, they do exactly the same thing for proprietary OSes used in those situations. The government understands the value of seeing the source code. All bids for this kind of stuff require you to provide every single line of source code, and require you to let the government rebuild the final project from the provided, audited source. If you don't like those terms, don't bid. Frankly, those are open-source friendly terms because all those things are part and parcel of the way open source works. Proprietary vendors have to bend over backwards to accomodate.
If 3000 lines of dense mathematically rich C were checked in and a dozen lines acted in concert to create a miscalculation, how much expertise would be needed to catch that?
Do not underestimate the NSA. They understood differential cryptanalysis in 1974 and forced IBM to change DES to make it more resistant to those techniques. Academia didn't catch up and grasp the rationale for those changes until twenty years later.
...in a dark, quiet place. If you want people to stay all kinds of crazy hours, give them a nice place to take a nap. And LET them. The mind needs to recharge. Five hours of work followed by a half an hour nap followed by another five hours of work is usually much more productive than twelve straight hours of work.
Speaking as the owner of a real Type R ('98 #269 if you must know), when kept stock, they're not all that ricey-looking or blinged-out. The vast majority of the differences between it and other Integras are long on real performance and short on looks. The imitators just go way over the top on the looks, push well beyond what it was meant to be, and ignore the real performance. Sad, really.
Silly, that's what girlfriends are for.
Oh, wait. This is slashdot...
Absolutely. I caught that blatant error in the article as well: "Operating systems such as Windows and Linux have no way to prevent data in RAM from being copied to disk." Bull. mlock(). And even though I haven't programmed Win32 in forever, I know for a fact Win32 has an equivalent call.
In fact, just a month ago I was writing a program that dealt with a sensitive password. I mmap()'ed a few pages specifically for the password and derived sensitive data, and mlock()'ed those pages into core before writing anything to them. All catchable signals that should terminate the program go to a signal handler that memset()'s the pages to all zeros before munmap()'ing them. As soon as it's done with the password, the program does the memset() and munmap() anyway. SIGKILL shouldn't produce a core file, so the only way I can think of to get that password to disk is to SIGSTOP the program while it's using the password and copy /proc/kcore to disk. Can anyone think of a way to do it less drastic than that? Is there something I've missed?
And have you ever called into one of those programs to suggest that the people doing the complaining try installing Mozilla and turn on popup blocking? If you were really clever, you could even give a quick rundown of how to do this on the air. Think how far that one phone call could go in solving this problem.
Can you say "Clipper chip"?
Unfortunately, governments (and especially ours) aren't exactly known for learning their lesson the first time around. This is likely a battle we'll have to fight again, and soon.
Like the U.S. under Ashcroft?
Thank you!!! It's good to see I'm not the only one whose first thought was that.
Of course, if that's the name we choose, all of your proposed crew are disallowed. We'd have to people it entirely with elephant washers and telephone disinfectors.