Let's think about why microsoft is hated so much, then compare that to redhat.
Microsoft is hated because:
1) They drive other companies out of business with apparently no remorse
2) They're so irritatingly popular that people who don't want to use microsoft software are sometimes forced to use microsoft software anyway
3) Microsoft is a monopoly that has used its monopoly power to extend its power into other monopolies, which is illegal
4) Microsoft -commonly- mucks with proprietarism and embrace and extend to curtail interoperability
5) Their software is kind of sucky.
Now let's look at redhat:
1) I've never heard of Redhat driving another company out of business. Any labor of love linux distribution can survive fine, redhat or not. Maybe some of the commercial dists had trouble and I didn't hear about it
2) I was once forced to switch to redhat from debian, because a potential client insisted. But I could've held out - I wasn't really forced. I suspect I'm in the minority on this one.
3) Abuse of monopoly power? Are you -kidding- me?
4) Redhat once did something that could (on a bad day) be construed as trying to create vendor lockin - the gcc thing. This just isn't the kind of pattern of abuse that microsoft has shown.
5) Redhat's software really isn't sucky. rpm isn't perfect, but it's the standard. Other than that, IMO redhat software is pretty good, and shares a LOT of code with other linuxes.
In other words, redhat isn't nearly so bad as microsoft, and frankly, when people say it is, they damage other people's (already poor) understanding of the severity of microsoft's abuses.
4) It doesn't fund microsoft's pockets. +10 points.
All in all, I'd say you come out way ahead buying a lindows box. Why would you even -think- about getting an Xbox, when you know it's going to help fund microsoft's onslaught on Linux?
> I love how the news outlets are saying, "error", > "irregularity", "problem", as if this was all > some sort of tragic accident, instead of laying > out the obvious truth, "criminal fraud committed > with full knowledge it was a crime".
I suspect that's for the courts to decide - not the press.
1) Fortran is fine, especially f90. It's as though you think there must be something wrong with a language that has stood the test of time. Fortran and lisp both are still impressive designs.
2) It sounds to me like you didn't give numeric python a real chance. If you think it won't do loops and recursion well, you really ought to take another look.
Go is way more of a classic than anything else mentioned here. It's tied with backgammon for oldest game still played in its original form. The strategy is astonishingly deep, though each new layer of strategy you can appreciate brings a new level of enjoyment, and you don't have to grok it all at once to have fun.
For the mac, check out sente software's Goban program. It's an interface to gnugo (an AI engine), and I believe they've added an interface to IGS, the Internet Go Server, useful on a plane only if you have an internet connection (low bandwidth is fine).
I don't have a mac, but my Dad has one, and he seems to like Goban quite a bit.
Oh, and don't forget to bring a book about beginning go rules and strategy, like Iwamoto's _Go_for_Beginners_, and Janice Kim's series of 4 books (soon to be 5 I hope).
I have a web page full of intro go links at http://nis.acs.uci.edu/~strombrg/go-start.html. You could conceivably download some of these for offline viewing instead of a book, though some are interactive with java (and those tend to be the best ones, especially the kiseido tutorial).
1) At work, we have a lot of machines where no one bothered to spring for a cdrom drive. So we can just pop in an install floppy and install over the net.
2) At home, I have a DSL connection (with a DSL router to get around the stupid PPPoE problem) and no cdrom burner. So I can just download a floppy of data and install over the net again.
...how do you revoke your eyes, if someone steals the electronic version of them?
Even if the veins in your eyes are only used as a passphrase to encrypt a private key, that's still pretty annoying if someone steals it, and you're required to use your eyes as the passphrase. You can't really use a decent passphrase anymore at that point.
I would not call shogi an odd game. The drops alluded to above are what make the game interesting. Chess is just too "all analytical". Shogi at least has some bits that are based on intuition. Go on the other hand... so much intuition. It's beautiful.
I'd say that of the three games, a shogi master would find it easiest to master chess. Chess probably couldn't master shogi as easily, and neither could master go all that readily.
"Over its seven-year life span, the survey has told a compelling story. It has underscored some of the verities of the information security profession, for example that technology alone cannot thwart cyber attacks and that there is a need for greater cooperation between the private sector and the government. It has also challenged some of the profession's 'conventional wisdom,' for example that the 'threat from inside the organization is far greater than the threat from outside the organization' and that 'most hack attacks are perpetrated by juveniles on joy-rides in cyberspace.' Over the seven-year life span of the survey, a sense of the 'facts on the ground' has emerged. There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement. Incidents are widespread, costly and commonplace. Post-9/11, there seems to be a greater appreciation for how much information security means not only to each individual enterprise but also to the economy itself and to society as a whole. Hopefully, this greater appreciation will translate into increased staffing levels, more investment in training and enhanced organizational clout for those responsible for information security."
In other words, please give up on this nonsense about how there's more risk from the inside. It's kind of obvious, really: how many more people are there on the internet than there are inside a typical organization?
I personally have dealt with 10's if not 100's of external breakins. I've only dealt with one internal breakin, and that one started from on-campus, looped through an offcampus host, and only then came back oncampus.
Those "few hours" are plenty of time for a customer, who wants to get cracking, to go evaluate some other product. IMO, you shouldn't make the customer change gears - if they ask for the software now, give it to them now. Some folks will still not bother to download the software (too much trouble), but if you don't leave their mind for a while and try to come back later, I'll but you get more downloads.
For around 9 months though, I've been enjoying Yerba Maté instead.
Maté is from South America. Whether it contains actual caffeine is a little controversial, but what's clear is it contains mateine, theophylline and theobromine, all gentle stimulants.
Here in Southern California, there are local stores that stock it. You can also buy it over the internet.
You can enjoy it the traditional way: with a gourd and a straw (bombilla). Or you can use a drip coffee maker. Or you can use a french press. Or you can use a tea ball. Personally, I use a gourd whenever I can, but for meetings or when I'll be driving, a french press works out better.
It gives you this "no internal impediments to my thinking" feeling that's really great. It increases your REM sleep. It contains tons of vitamins and minerals (so much that I had to cut my multivitamin dosage), great antioxidants (anticancer, antiaging), and a good bit of choline, the precursor to acetylcholine, an important neurotransmitter in your brain.
I'm very glad I switched, though I still dabble in green tea once in a while.
I don't sell this stuff, though my coworkers claim I'm a maté salesman.:) It's just something I really believe in.
Personally, I don't see why people pick on voodoo (or more properly, vodun) so much.
It is no less odd than the popular abrahamic faiths (christianity, judaism, islam) or most any religion for that matter.
Why not say "Christian Science" to mean what the book's title means? Because it'd piss people off, that's why. So why piss off practitioners of vodun instead?
gpg. ssh. designate one of your linux or solaris boxes with a little local disk space. Get everybody to ssh into this box to look up passwords when needed. Make sure to wrap it with a umask-aware shell script.
BTW, if someone steals your password list, you're probably SCREWED, just like we would be. Hence we don't do our entire password list this way. We prefer to sacrifice convenience for security by keeping our list on paper in a safe. Recently, we've decided to keep the most recent stuff on paper, but to keep an older copy on cd-r. They're both equally likely to be stolen I suppose, but we don't have to type the entire paper list back in every time we want to overhaul the list (crossing and rewriting gets to be too much after a while)
...but perhaps network-accessible daemons should check magic hesiod (DNS) records before servicing requests, disabling themselves if the magic hesiod record says "You're insecure. Go away".
I don't want planned obsolescence, independent of whether software is secure or not - that would MASSIVELY increase our workload here. But I wouldn't mind software that automatically turns itself off when the maintainer says "that version's no longer secure".
Sadly, there might be a temptation to use this for forcing upgrades that aren't security-related. That'd be a mistake.
It's possible there should be a config file that specifies how important security is to a site. If the config file says "security is priority 0", anything even slightly insecure is disabled. If it says "security is priority 100", only really critical stuff (like remote root) is disabled automatically. 75 might mean "remote, but not root", 50 might mean "local root", 25 might mean "local but not root". Maybe priority 200 should mean "never turn anything off, ever". Or something like that. Maybe there's no good reason not to use a larger maximum, like 2^31 or something - there may be a desire to squeeze more priorities in there, and it'd be easier to expand at the outset, and there's not much penalty for making it a wide range from the start.
If a service is already internet based, perhaps there isn't that much reason not to depend on the (cached) DNS in this way. If the hesiod records are cached, no big deal - that's still much better than running insecure forever. The maintainer can also control the TTL of his/her security-related hesiod records I suppose.
The config file should probably also say what to do when a yea or nay hesiod record can't be found, because someone could pound the maintainer's DNS servers into oblivion to gain access to your insecure stuff - for some that means "turn it off fast", while for others it means "Eh, it's probably just another machine that fell off the net. Service requests anyway".
This kind of makes a "is this version later than that version" comparison function desirable. Alas, software packages are numbered by many different methods, so there is no one true comparison function for this purpose. However, if a library is developed for this kind of check, it could include comparison functions for the predominant software version schemes.
I suppose the software should mail someone if it turns itself off. This could again be specified in the config file, defaulting to root@localhost, postmaster@localhost, and anyone else who seems distantly relevant. You might even wall the system about it if the admin was too lazy to specify an address for notifications.
Personally, I don't see how Muslims could avoid being worried about the way globalism is likely to push christmas and other christian holidays on them. Many christians really get an attitude when you don't want to celebrate their religious holidays with them, and many of these people control the popular media which is being exported, increasingly, to foreign nations. It quite literally is a threat to the Muslim way of life, as well as the ways of life of other religious peoples, as well as atheists, some agnostics, and probably others too.
Frankly, I think Microsoft sees promotion of FreeBSD as:
1) An opensource OS it can reap benefits from without giving back
2) A way of fragmenting unix/linux, thus hurting microsoft's biggest threat: linux. Just as keeping Apple just lively enough to keep the justice department off their backs, I think they realize that splitting unix/linux into factions will keep microsoft stronger, relatively speaking. Both of these are things right out of go strategy, and Gates is a go player.
In other words, I wouldn't be surprised a bit if we were supposed to discover that the site is running FreeBSD.
1) You don't get one of those damn X terminals that can have a floppy drive, a printer, and so on
2) You don't have a problem with crackers breaking in and setting up sniffers on your unencrypted X traffic. ipsec is your friend, but of course you know how widely that's been deployed.
I just can't see X terminals as a serious option anymore, because of the security problems. We've phased them out for our own usage, because we can't entrust a bunch of root passwords to unencrypted X.
Not that slashdot isn't the pinnacle of topnotch editorializing or anything:), but could someone please remind me why I'm supposed to hate this bill?
I fired off letters to my congresscritters, and then I read a bit more about the bill and began to wonder why everyone's in such a huff.
I read that:
1) The software to do the protection would be required by law to be opensource, so linux and such shouldn't end up out in the cold.
2) "Fair use" personal copying is to be allowed under the new law
Are these things not true?
And if they are true, does it really make sense to object to this unless you're some sort of warez trader?
Perhaps more to the point, is an effective system that includes #1 and #2 above technically possible? Don't start sounding off like you're sure if you're not... Given that they (maybe) want to protect our rights this way, is there really anything wrong with a handful of researchers trying to find a solution that'll work?
Slashdot Mirror
Let's think about why microsoft is hated so much, then compare that to redhat.
Microsoft is hated because:
1) They drive other companies out of business with apparently no remorse
2) They're so irritatingly popular that people who don't want to use microsoft software are sometimes forced to use microsoft software anyway
3) Microsoft is a monopoly that has used its monopoly power to extend its power into other monopolies, which is illegal
4) Microsoft -commonly- mucks with proprietarism and embrace and extend to curtail interoperability
5) Their software is kind of sucky.
Now let's look at redhat:
1) I've never heard of Redhat driving another company out of business. Any labor of love linux distribution can survive fine, redhat or not. Maybe some of the commercial dists had trouble and I didn't hear about it
2) I was once forced to switch to redhat from debian, because a potential client insisted. But I could've held out - I wasn't really forced. I suspect I'm in the minority on this one.
3) Abuse of monopoly power? Are you -kidding- me?
4) Redhat once did something that could (on a bad day) be construed as trying to create vendor lockin - the gcc thing. This just isn't the kind of pattern of abuse that microsoft has shown.
5) Redhat's software really isn't sucky. rpm isn't perfect, but it's the standard. Other than that, IMO redhat software is pretty good, and shares a LOT of code with other linuxes.
In other words, redhat isn't nearly so bad as microsoft, and frankly, when people say it is, they damage other people's (already poor) understanding of the severity of microsoft's abuses.
1) Everything is done as root. -3 points.
2) It uses KDE extensively. -2 points.
3) It runs on linux. +5 points
4) It doesn't fund microsoft's pockets. +10 points.
All in all, I'd say you come out way ahead buying a lindows box. Why would you even -think- about getting an Xbox, when you know it's going to help fund microsoft's onslaught on Linux?
> I love how the news outlets are saying, "error",
> "irregularity", "problem", as if this was all
> some sort of tragic accident, instead of laying
> out the obvious truth, "criminal fraud committed
> with full knowledge it was a crime".
I suspect that's for the courts to decide - not the press.
1) Fortran is fine, especially f90. It's as though you think there must be something wrong with a language that has stood the test of time. Fortran and lisp both are still impressive designs.
2) It sounds to me like you didn't give numeric python a real chance. If you think it won't do loops and recursion well, you really ought to take another look.
Go is way more of a classic than anything else mentioned here. It's tied with backgammon for oldest game still played in its original form. The strategy is astonishingly deep, though each new layer of strategy you can appreciate brings a new level of enjoyment, and you don't have to grok it all at once to have fun.
For the mac, check out sente software's Goban program. It's an interface to gnugo (an AI engine), and I believe they've added an interface to IGS, the Internet Go Server, useful on a plane only if you have an internet connection (low bandwidth is fine).
I don't have a mac, but my Dad has one, and he seems to like Goban quite a bit.
Oh, and don't forget to bring a book about beginning go rules and strategy, like Iwamoto's _Go_for_Beginners_, and Janice Kim's series of 4 books (soon to be 5 I hope).
I have a web page full of intro go links at http://nis.acs.uci.edu/~strombrg/go-start.html. You could conceivably download some of these for offline viewing instead of a book, though some are interactive with java (and those tend to be the best ones, especially the kiseido tutorial).
What inconsistencies?
The movie Beautiful Mind kind of made it sound like the guy was just miffed because he lost a game, and justified his loss with "the game is flawed".
As someone who's been studying go avidly for about 3 or 4 years, I can say it's quite beautiful.
Ok, maybe ko isn't The most graceful thing ever, and I'm not wild about the bent-four exception in the Japanese rules.
Hm. It's apparently SunOS 4.1.x, for Pete's sake. Someone's a glutton for punishment.
Where, exactly, do you get this stuff about servers having no reason to create outgoing connections to the internet?
I'm guessing you've set up one or two servers, and decided the represent the entire world.
That or you live behind a firewall, and your network guys won't let you touch anything on the outside of it.
(We have hundreds, if not thousands, of servers here that -must- be able to make outgoing connections to the internet. It's the -norm-.)
I like floppies because:
1) At work, we have a lot of machines where no one bothered to spring for a cdrom drive. So we can just pop in an install floppy and install over the net.
2) At home, I have a DSL connection (with a DSL router to get around the stupid PPPoE problem) and no cdrom burner. So I can just download a floppy of data and install over the net again.
What kind of nutjob recommends -perl- as a first language?
For Pete's sake, use a real language, like lisp, ml, python, ruby, something like that. Forget about perl.
...how do you revoke your eyes, if someone steals the electronic version of them?
Even if the veins in your eyes are only used as a passphrase to encrypt a private key, that's still pretty annoying if someone steals it, and you're required to use your eyes as the passphrase. You can't really use a decent passphrase anymore at that point.
I would not call shogi an odd game. The drops alluded to above are what make the game interesting. Chess is just too "all analytical". Shogi at least has some bits that are based on intuition. Go on the other hand... so much intuition. It's beautiful.
I'd say that of the three games, a shogi master would find it easiest to master chess. Chess probably couldn't master shogi as easily, and neither could master go all that readily.
This is a quote quoted in The CSI/FBI Computer Crime and Security Survey:
"Over its seven-year life span, the survey has told a compelling story. It has underscored some of the verities of the information security profession, for example that technology alone cannot thwart cyber attacks and that there is a need for greater cooperation between the private sector and the government. It has also challenged some of the profession's 'conventional wisdom,' for example that the 'threat from inside the organization is far greater than the threat from outside the organization' and that 'most hack attacks are perpetrated by juveniles on joy-rides in cyberspace.' Over the seven-year life span of the survey, a sense of the 'facts on the ground' has emerged. There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement. Incidents are widespread, costly and commonplace. Post-9/11, there seems to be a greater appreciation for how much information security means not only to each individual enterprise but also to the economy itself and to society as a whole. Hopefully, this greater appreciation will translate into increased staffing levels, more investment in training and enhanced organizational clout for those responsible for information security."
In other words, please give up on this nonsense about how there's more risk from the inside. It's kind of obvious, really: how many more people are there on the internet than there are inside a typical organization? I personally have dealt with 10's if not 100's of external breakins. I've only dealt with one internal breakin, and that one started from on-campus, looped through an offcampus host, and only then came back oncampus.
Those "few hours" are plenty of time for a customer, who wants to get cracking, to go evaluate some other product. IMO, you shouldn't make the customer change gears - if they ask for the software now, give it to them now. Some folks will still not bother to download the software (too much trouble), but if you don't leave their mind for a while and try to come back later, I'll but you get more downloads.
Buying jewelry from the nazis was "a good buy" too, but it certainly wasn't a good idea.
I don't care how much they have to reduce the price of their box - you should vote with your dollars for a company that plays well with others.
I was a coffee fiend for some years.
Then I was really into green tea.
For around 9 months though, I've been enjoying Yerba Maté instead.
Maté is from South America. Whether it contains actual caffeine is a little controversial, but what's clear is it contains mateine, theophylline and theobromine, all gentle stimulants.
Here in Southern California, there are local stores that stock it. You can also buy it over the internet.
You can enjoy it the traditional way: with a gourd and a straw (bombilla). Or you can use a drip coffee maker. Or you can use a french press. Or you can use a tea ball. Personally, I use a gourd whenever I can, but for meetings or when I'll be driving, a french press works out better.
It gives you this "no internal impediments to my thinking" feeling that's really great. It increases your REM sleep. It contains tons of vitamins and minerals (so much that I had to cut my multivitamin dosage), great antioxidants (anticancer, antiaging), and a good bit of choline, the precursor to acetylcholine, an important neurotransmitter in your brain.
I'm very glad I switched, though I still dabble in green tea once in a while.
I don't sell this stuff, though my coworkers claim I'm a maté salesman.
Personally, I don't see why people pick on voodoo (or more properly, vodun) so much.
It is no less odd than the popular abrahamic faiths (christianity, judaism, islam) or most any religion for that matter.
Why not say "Christian Science" to mean what the book's title means? Because it'd piss people off, that's why. So why piss off practitioners of vodun instead?
gpg. ssh. designate one of your linux or solaris boxes with a little local disk space. Get everybody to ssh into this box to look up passwords when needed. Make sure to wrap it with a umask-aware shell script.
BTW, if someone steals your password list, you're probably SCREWED, just like we would be. Hence we don't do our entire password list this way. We prefer to sacrifice convenience for security by keeping our list on paper in a safe. Recently, we've decided to keep the most recent stuff on paper, but to keep an older copy on cd-r. They're both equally likely to be stolen I suppose, but we don't have to type the entire paper list back in every time we want to overhaul the list (crossing and rewriting gets to be too much after a while)
The config file should probably have an option for just syslog'ing instead of disabling, too.
...but perhaps network-accessible daemons should check magic hesiod (DNS) records before servicing requests, disabling themselves if the magic hesiod record says "You're insecure. Go away".
I don't want planned obsolescence, independent of whether software is secure or not - that would MASSIVELY increase our workload here. But I wouldn't mind software that automatically turns itself off when the maintainer says "that version's no longer secure".
Sadly, there might be a temptation to use this for forcing upgrades that aren't security-related. That'd be a mistake.
It's possible there should be a config file that specifies how important security is to a site. If the config file says "security is priority 0", anything even slightly insecure is disabled. If it says "security is priority 100", only really critical stuff (like remote root) is disabled automatically. 75 might mean "remote, but not root", 50 might mean "local root", 25 might mean "local but not root". Maybe priority 200 should mean "never turn anything off, ever". Or something like that. Maybe there's no good reason not to use a larger maximum, like 2^31 or something - there may be a desire to squeeze more priorities in there, and it'd be easier to expand at the outset, and there's not much penalty for making it a wide range from the start.
If a service is already internet based, perhaps there isn't that much reason not to depend on the (cached) DNS in this way. If the hesiod records are cached, no big deal - that's still much better than running insecure forever. The maintainer can also control the TTL of his/her security-related hesiod records I suppose.
The config file should probably also say what to do when a yea or nay hesiod record can't be found, because someone could pound the maintainer's DNS servers into oblivion to gain access to your insecure stuff - for some that means "turn it off fast", while for others it means "Eh, it's probably just another machine that fell off the net. Service requests anyway".
This kind of makes a "is this version later than that version" comparison function desirable. Alas, software packages are numbered by many different methods, so there is no one true comparison function for this purpose. However, if a library is developed for this kind of check, it could include comparison functions for the predominant software version schemes.
I suppose the software should mail someone if it turns itself off. This could again be specified in the config file, defaulting to root@localhost, postmaster@localhost, and anyone else who seems distantly relevant. You might even wall the system about it if the admin was too lazy to specify an address for notifications.
You forgot to mention religious holidays.
Personally, I don't see how Muslims could avoid being worried about the way globalism is likely to push christmas and other christian holidays on them. Many christians really get an attitude when you don't want to celebrate their religious holidays with them, and many of these people control the popular media which is being exported, increasingly, to foreign nations. It quite literally is a threat to the Muslim way of life, as well as the ways of life of other religious peoples, as well as atheists, some agnostics, and probably others too.
Frankly, I think Microsoft sees promotion of FreeBSD as:
1) An opensource OS it can reap benefits from without giving back
2) A way of fragmenting unix/linux, thus hurting microsoft's biggest threat: linux. Just as keeping Apple just lively enough to keep the justice department off their backs, I think they realize that splitting unix/linux into factions will keep microsoft stronger, relatively speaking. Both of these are things right out of go strategy, and Gates is a go player.
In other words, I wouldn't be surprised a bit if we were supposed to discover that the site is running FreeBSD.
Is anyone else tired of Taco plugging konqueror every time something good (or bad) happens to mozilla?
Re X terminals vs PC's:
X terminals are cheaper if:
1) You don't get one of those damn X terminals that can have a floppy drive, a printer, and so on
2) You don't have a problem with crackers breaking in and setting up sniffers on your unencrypted X traffic. ipsec is your friend, but of course you know how widely that's been deployed.
I just can't see X terminals as a serious option anymore, because of the security problems. We've phased them out for our own usage, because we can't entrust a bunch of root passwords to unencrypted X.
Not that slashdot isn't the pinnacle of topnotch editorializing or anything
I fired off letters to my congresscritters, and then I read a bit more about the bill and began to wonder why everyone's in such a huff.
I read that:
1) The software to do the protection would be required by law to be opensource, so linux and such shouldn't end up out in the cold.
2) "Fair use" personal copying is to be allowed under the new law
Are these things not true?
And if they are true, does it really make sense to object to this unless you're some sort of warez trader?
Perhaps more to the point, is an effective system that includes #1 and #2 above technically possible? Don't start sounding off like you're sure if you're not... Given that they (maybe) want to protect our rights this way, is there really anything wrong with a handful of researchers trying to find a solution that'll work?