Because the user password is usually much less obscure than the root password, and the only remaining step to obtain the root password is to install a keylogger and wait for them to su. So then you've gotten both passwords for the price of obtaining the user password, unless the user is paranoid enough to notice your keylogger.
The difference is intent. Did you intend to burn down your house or not? Did you know that your actions would reasonably lead to the conclusion, or are you willing to admit publicly that you are just *that stupid*? Once having done that, then if you do the same thing again expecting a different outcome, you could be committed for insanity - if you manage to convince a jury that you were in fact not acting maliciously even with prior knowledge of the likely outcome on the record, which would suffice in many areas to provide intent.
By the way, the amount of pollution and cleanup work that a burning house produces ensures that you have no right at all to deliberately burn it down unless you can contain the pollution and perform the cleanup yourself.
Why don't you chill the fuck out, and learn to read while you're at it? I said *account used to su*, not "any account which is able to su".
In the former case, it is likely that the account will continue to be used in the future to su, which means logging in as that user and installing a keylogger on the account gets you root. A password on that account that is sufficiently weaker than the root password leads to the obvious conclusion.
Not allowing remote root logins is a dubious security improvement. On the one hand, yes, it does require you to obtain two passwords instead of one to gain root access. On the other hand, how secure is the typical admin's user account password versus the root password? If you gain access to any account used to su to root, you've effectively gotten root.
So to me, it only makes sense to recommend disallowing remote root logins *in conjunction with* attaching a password of equivalent obscurity to the root password on any account used to become root.
We're not talking about XT or 286 systems. We're talking about systems where the BIOS would be flashable. 386 and above systems have the BIOS mapped over the IA-32 boot vector, 0xFFFFFFF0. The starting location of the BIOS depends on the size of it, but it's at the end of memory, not in the 1MB arena. Only *after* boot has the BIOS been remapped or copied into the F000 segment. It is not there until the BIOS code itself maps or copies it there.
And can you name a single IA32 mainboard modern enough to have a flashable BIOS that has BIOS shadowing disabled by default? Many systems have BIOSes that can't even be mapped or completely shadowed into this area because they are larger than 128KB, so the F000 segment cannot possibly represent the entire BIOS ROM.
No it's not. The copy that lives at F000:0 is just that, a copy. The real ROM is mapped at the Intel reset address which is at the end of addressable memory.
Question to links users: how do you deal with sites (like slashdot) that generate images, and require you to type in the text contained in the image in order to continue? The best I can do is view the page source, load the link to the image and save it as a png/gif/jpg, and manually launch an external image viewer. Maybe there is some support for launching xv or something similar on image clicks? But I don't seem to find how to configure it.
Every single operation a DOS machine can to do the hardware is done through the BIOS.
No. It is trivial to write a program that deals with most hardware directly. The BIOS is just a collection of pre-written routines to ease development of basic functionality. Only certain operations that require intimate knowledge of the hardware layout that cannot be obtained through probing (such as enabling A20, or mapping IRQs to PCI interrupt lines) require BIOS services to accomplish.
DOS may be in memory, but the BIOS calls execute from CMOS.
No. The BIOS is in memory too once it has executed (0xF0000). All BIOS calls go to that area. All the CMOS memory does is store the AT clock and configuration values for the BIOS. Some BIOS routines may refer to the values in the CMOS to determine their behavior, but to say that the BIOS executes from CMOS memory is incorrect.
Copyright only applies when you redistribute the material, and is binding regardless of whether you agreed to some EULA or not. All a EULA does is contractually strip you of additional rights as a condition of access to some work.
However, in the case of a library no copies are being made. Wayback is making copies and redistributing them without permission of the copyright holder.
Ignore the other reply. The simple answer is that there is a legal difference between product bundling and product tying. Linux including everything but the kitchen sink is in the former category, because at your option you can remove any or all of those components. Internet Explorer is in the latter category, because you cannot remove it without unsupported third party mechanisms, and services like Windows Update are dependent on IE for no reason in particular.
At one time Microsoft presented a weak technological argument for why the web browser is an integral part of the operating system and thus providing a facility to remove it would break the OS, but that argument was summarily undermined by programs like 98lite.
The primary reason is the golden rule. I've been given so much opportunity by others asking for nothing in return, I feel compelled to do the same. But that would be too communist of a reason for this guy, so here are my other motivators, in no particular order:
Spare change, since there is no end to the number of people who are willing to pay for small-time open source support and I have all the tools at my disposal to profit from that
Relaxation after work, since there are no deadlines to meet and no job to be lost if productivity goes down, allowing me to explore more playful aspects of whatever I'm working on. Experimentation only costs me my spare time but reaps rewards in finding new and more efficient methods or methods that reap higher quality product.
Honing skills, I can't count the number of technologies and ideas I've been exposed to through reading open source code, man pages, research papers, hardware specs, etc.
Empowerment, I like to know that I can in fact make a difference that will last by contributing to an open source project, at least until the 2.0 rewrite;) And in general, I like being able to participate in bringing what I feel is superior technology to a wider audience, and hopefully replacing what I feel is inferior technology in the long run.
I can't think of anything else at the moment but that's a start.
I've been told that you can't do the PCB swap with newer Fujitsu drives, which is why the success actually surprised me. Oh well, that one's in the past, so now I get to try to recover my 200GB drive when the replacement arrives.
If you say so. With an ATA password, it doesn't matter who puts what CD in your computer and whether you're there or not. Your data is safe from prying eyes.
As for userland protection, no one is suggesting that X-Windows itself be moved into the kernel. Just the drivers which run in Ring 0 anyway.
No they don't. The drivers are part of the X server process which is nothing more than a normal process. The only special privilege they get is that they can do port I/O and hardware MMIO because the X server is running with root privileges. Nobody has stepped up yet to putting the drivers in the kernel because 1) it'd be a complete nightmare, 2) the benefits are nearly zero. We have the DRM which is perfectly suited to handle interrupts and mutual exclusion of the hardware - multiple processes accessing the hardware directly without obeying the locks would be a bug and those designs should be taken out back and shot. Unfortunately, there is no way on the Intel architecture to prevent multiple root-owned processes from doing whatever port I/O they wish, so this must be a cooperative approach.
This doesn't have anything to do with the power management schemes APM and ACPI that typically accumulate complaints when used with Linux. All this means is that Linux is an efficient general purpose kernel, which we already knew.
What "emulation overhead" are you speaking of? Games usually spend little to no time in the kernel. The rest would depend on the quality of the Win32 implementation and the toolchain it was compiled with.
Interesting that you mention that. I have had three consecutive failures of a 200GB Maxtor drive, and the drive that failed prior to this one was a Fujitsu 6.4GB drive that had been in service for many years. The symptom was that when power was applied, the drive would repeatedly spin up and spin down without ever coming online. Against popular wisdom, I obtained a second Fujitsu drive with the same model number on eBay, and swapped the drive PCB. Amazingly, I was able to recover all of the data without a single problem.
It doesn't matter whether "few" people pay for it or not, as long as a cash flow can be sustained. The issue is these people claiming over and over again that the GPL removes the freedom of the user to make money using the software or to sell it, which is a blatant falsehood.
I'm not sure what your point wrt Java is. There are many open source JVM applications which all implement varying levels of the Java API, but none of them carry the Java trademark, because the trademark is owned by Sun and only issued to fully compliant implementations. A similar scheme can be employed with any open source platform, middleware, or protocol library as long as it is significant enough to foster a consortium to fund the trademark management.
Finally, even if incompatible forking happens within open source, the GPL ensures that interoperability can be restored without unreasonable effort if need be, because the fork's source is still available to anyone who receives the binary. If a BSD project is forked and extended by some big proprietary vendor, you'll spend years trying to interoperate with other systems running your own code. Some people might like that idea, but I don't like it one bit, so I prefer a LGPL for anything that does not have a demonstrable practical advantage to existence under a more permissive license.
If the (L)GPL weren't available, I would develop less free software, so I really just don't understand the point of these license wars.
That's a faulty generalization. I go to live shows whenever possible, and buy CDs when they are available directly from the artist. I'm simply not interested in filling the coffers of publishers who serve no purpose these days aside from acting as a barrier to entry in the industry, and who continually try to pass laws to make my life more troublesome.
Slashdot Mirror
Because the user password is usually much less obscure than the root password, and the only remaining step to obtain the root password is to install a keylogger and wait for them to su. So then you've gotten both passwords for the price of obtaining the user password, unless the user is paranoid enough to notice your keylogger.
Thank you for the link. That fellow got the point across far better than I managed to.
By the way, the amount of pollution and cleanup work that a burning house produces ensures that you have no right at all to deliberately burn it down unless you can contain the pollution and perform the cleanup yourself.
In the former case, it is likely that the account will continue to be used in the future to su, which means logging in as that user and installing a keylogger on the account gets you root. A password on that account that is sufficiently weaker than the root password leads to the obvious conclusion.
So to me, it only makes sense to recommend disallowing remote root logins *in conjunction with* attaching a password of equivalent obscurity to the root password on any account used to become root.
And can you name a single IA32 mainboard modern enough to have a flashable BIOS that has BIOS shadowing disabled by default? Many systems have BIOSes that can't even be mapped or completely shadowed into this area because they are larger than 128KB, so the F000 segment cannot possibly represent the entire BIOS ROM.
No it's not. The copy that lives at F000:0 is just that, a copy. The real ROM is mapped at the Intel reset address which is at the end of addressable memory.
Question to links users: how do you deal with sites (like slashdot) that generate images, and require you to type in the text contained in the image in order to continue? The best I can do is view the page source, load the link to the image and save it as a png/gif/jpg, and manually launch an external image viewer. Maybe there is some support for launching xv or something similar on image clicks? But I don't seem to find how to configure it.
Copyright only applies when you redistribute the material, and is binding regardless of whether you agreed to some EULA or not. All a EULA does is contractually strip you of additional rights as a condition of access to some work.
However, in the case of a library no copies are being made. Wayback is making copies and redistributing them without permission of the copyright holder.
At one time Microsoft presented a weak technological argument for why the web browser is an integral part of the operating system and thus providing a facility to remove it would break the OS, but that argument was summarily undermined by programs like 98lite.
Spare change, since there is no end to the number of people who are willing to pay for small-time open source support and I have all the tools at my disposal to profit from that
Relaxation after work, since there are no deadlines to meet and no job to be lost if productivity goes down, allowing me to explore more playful aspects of whatever I'm working on. Experimentation only costs me my spare time but reaps rewards in finding new and more efficient methods or methods that reap higher quality product.
Honing skills, I can't count the number of technologies and ideas I've been exposed to through reading open source code, man pages, research papers, hardware specs, etc.
Empowerment, I like to know that I can in fact make a difference that will last by contributing to an open source project, at least until the 2.0 rewrite ;) And in general, I like being able to participate in bringing what I feel is superior technology to a wider audience, and hopefully replacing what I feel is inferior technology in the long run.
I can't think of anything else at the moment but that's a start.
Question: Is there usually any point to browsing below +5 threshold on Slashdot? :)
I've been told that you can't do the PCB swap with newer Fujitsu drives, which is why the success actually surprised me. Oh well, that one's in the past, so now I get to try to recover my 200GB drive when the replacement arrives.
If you say so. With an ATA password, it doesn't matter who puts what CD in your computer and whether you're there or not. Your data is safe from prying eyes.
Uh, his friend could always have set an ATA password if the privacy of his data is that important to him.
Seagate offers a 5yr warranty on new drives. Samsung offers 3 years. Maxtor, WD offer 1 year. What message does that send?
This doesn't have anything to do with the power management schemes APM and ACPI that typically accumulate complaints when used with Linux. All this means is that Linux is an efficient general purpose kernel, which we already knew.
What "emulation overhead" are you speaking of? Games usually spend little to no time in the kernel. The rest would depend on the quality of the Win32 implementation and the toolchain it was compiled with.
Interesting that you mention that. I have had three consecutive failures of a 200GB Maxtor drive, and the drive that failed prior to this one was a Fujitsu 6.4GB drive that had been in service for many years. The symptom was that when power was applied, the drive would repeatedly spin up and spin down without ever coming online. Against popular wisdom, I obtained a second Fujitsu drive with the same model number on eBay, and swapped the drive PCB. Amazingly, I was able to recover all of the data without a single problem.
I'm not sure what your point wrt Java is. There are many open source JVM applications which all implement varying levels of the Java API, but none of them carry the Java trademark, because the trademark is owned by Sun and only issued to fully compliant implementations. A similar scheme can be employed with any open source platform, middleware, or protocol library as long as it is significant enough to foster a consortium to fund the trademark management.
Finally, even if incompatible forking happens within open source, the GPL ensures that interoperability can be restored without unreasonable effort if need be, because the fork's source is still available to anyone who receives the binary. If a BSD project is forked and extended by some big proprietary vendor, you'll spend years trying to interoperate with other systems running your own code. Some people might like that idea, but I don't like it one bit, so I prefer a LGPL for anything that does not have a demonstrable practical advantage to existence under a more permissive license.
If the (L)GPL weren't available, I would develop less free software, so I really just don't understand the point of these license wars.
That's a faulty generalization. I go to live shows whenever possible, and buy CDs when they are available directly from the artist. I'm simply not interested in filling the coffers of publishers who serve no purpose these days aside from acting as a barrier to entry in the industry, and who continually try to pass laws to make my life more troublesome.