Linuxer since.9x SLS, done a stint of 5 years in the arctic installing internet infrastructure. Best experience of my life, both from a professional and a personal point of view.
As a friend once said, "When you're 75 and looking back on your life, you measure your worth not in terms of dollars you made, but in terms of difference you've made to the world around you".
This seems like a perferct opertunity to put some karma into the old karma bank, and not in a/. sense:) ---- Remove the rocks from my head to send email
I would agree that the second definition fits most people, but then most people wouldn't know what the word agnostic means because, well they couldn't care less:) ---- Remove the rocks from my head to send email
theory In science, an explanation for some phenomenon which is based on observation, experimentation, and reasoning. In popular use, a theory is often assumed to imply mere speculation, but in science, something is not called a theory until it has been confirmed over the course of many independent experiments. Theories are more certain than hypotheses, but less certain than laws.
-- From the Online Medical Dictionary
Now, evolution fits the scientific definition of a theory. I would agree with you that evolution is in fact a theroy, not a law.
Religion however lacks any reproducable experimental evidence in its support that I am aware of, so at this point would be a conjecture in my books. Admitably by less scientific definations, creation could be called a theory, but evolution does meet the more stringant requirements of the scientific definition.
Material From Solar System's Last Moments? [ Space ] Posted by linus on Thursday May 11, 10000 @07:00PM from the why-the-last-time-I-saw-*that*-chunk-of-plastic dept. Anonymous coward writes: "Astronomers from the Alpha Cent. orbital quantum observatory announced today that they found what they believe to be the oldest material from the Sol system, before it was mysteriously abandoned. The object appears to be a chunk of pitted plastic, fashioned in a circle with a small circle missing from the center. Detailed observations lead astronomers to believe it was viral code that may have been responsible for the rapid desertion of the Sol system. One analyst was quoted as stating that the best simulation of the data encoded on the plastic disk shows it to be extremely unstable and brings the simualted system to a rapidly non-functional state. They are however mystified by the only legible part of the lettering remaining. It reads, "Windows 2100 for fusion reactors". ---- Remove the rocks from my head to send email
Oh, if you read what I said I was certainly not supporting censorship, just accountability. The frequency of people needing the level of protection that this network would afford from an opressive organization is exceedingly rare. (At least it's that rare for people who would have access to the internet)
Not as rare as you might think. A few years ago, when the whole Y2K thing was something only a few geeks were worried about, a site opened up that allowed employees of companies who were trying to hush up and ignore their serious y2k issues appeared on the net. It was quickly under attack from the companies who were fingered. The lack of anonymity inherient in our current Internet forced this important facility to close.
Additionally consider: This project once built will be out here in times of need. The US might today be one of the more open countries in the world, but I doubt that the citizens of Germany saw the coming of the oppressive regiem from 20 years away. The time to build the tools is now because if/when the darkness comes they're not going to allow us to build them then.
PS: I know, it may seem like I'm picking on you, with 2 different threads going now, it's not that, just that your arguments seem the best thought out ones against which to build my own house of cards:)
*sigh* You're making me think here, hard and long. That's a GOOD thing, but it's the middle of the work day, and it's distracting.:P
*grins* good.
Ok, the difference between a 'FreeNet' and the regular net, in terms of why I feel I can justify my personal participation in the 'net, is that on the Internet there is a modicum of personal responsability.
Doesn't wash. You can make your surfing on the i-net anonymous, use mixmaster remailers, and an anonymous surfing engine, which are of course popular among those who need anonyminity for one reason or another. Conversely you can sign your name to a freenet submission.
The way I see it, what changes is the inital assumption. On the i-net you initially have no anonymity, and have to work to achieve a varying degree of it.
On the Freenet you start with that anonymity.
What's the big deal about that?
Simple, on the i-net people have to be fairly technologicly adept to obtain a comfortable degrree of anonymity before being a whistle blower (I have some experience in having done this once or twice.) On the Freenet, anyone who can run a client gets a degree of anonymitity out of the box.
Why should only those of us who belong to the technological elite benifit from anonymitiy in our actions.
And with anonmity moving to the lower classes you will see more whistleblowers, who tend to have jobs other then "Lead Systems Admin" being able to use the system in some comfort.
Freenet isn't perfect ethier. By their own admmitions, they don't offer an ideally anonymous environment.
Just because I have the freedom to own a knife and use it to cut things, does not mean that I have the right to slash up my neighbour without danger of reprisal.
At the risk of belabouring the obvious I'll point out that we don't ban knives ethier. Knives like freenet is a tool and is not inheriently good or evil. It can be used in ethier way. If you want to help ensure it gets used the way you want, get involved. Help shape the project. That's what I've done.
As for how info is useful without the ability to back it up. Consider the following.
In my case I was requested by someone to do something illegal against someone else. I had no evidence and the local law enforcment officals weren't at all sure they could do anything, infact suggested that I'd probably end up getting sued for liable out of the mess, since it was just his word against mine. So, using my technological skills, I wrote an anonymous email to the party affected, so they could take measures to protect themselves, and absented myself from the situation. Result: the attempt failed when someone else was cohersed into doing it.
The victim entity in question didn't need to know who I was, just that they needed to protect themselves.
This wouldn't have been possible without anonymity tools.
There *is* a place for anonymity. In cases where someone's freedom is being abused by an oppressor, and they want to get the word out about that abuse, anonymity makes a great crutch. It's a tool. But it *should* be a little difficult to do things %100 anonymously. Those who *need* the anonymity will ferret it out. When you make it this easy, all you're doing is making it simple for all those who *want* to be anonymous.
*grins* so now it's OK for me to be anonymous, but some factory worker in cuba shouldn't get the same protection? I think you've shot your argument in the foot, because most script kiddies and warez traders are more able to use the current anonyminity tools then 90% of the rest of the world.
Glad to hear I got you thining. Got me thinking too, I joined the Freenet project this morning and offered to do tech writing for them.
Er, all your arguments apply to the current role of the ISP.
Why should I, as an ISP provide bandwidth to you when (lets face it, avgs here, and I ran an ISP, so I can speak to it) the collective you are probably using my bandwidth (at least part of the time) to look at porn, download warez, download MP3s you don't have IP rights to. I'd conservately estimate that 60% of my packets were related to one of those activities. (let's face it a few 650 mb CD-roms outstrip most people's legit websurfing for a month).
So why should I? Because some of you are doing Good_Things with my bandwidth. Because when I was 13, among the flames and the warez of the BBS scene I found a very compelling first person article from someone who was there when The Wall fell. It was propogated over fidonet, which for those of you without my long past was a network of home users with dial up modems who exchanged mail via packet transfers at 2am. I argue, and will continue to argue to my dieing breath that articles like this outweigh all the porn, warez and anything else floating through the net. And if just one person uses Freenet to store an article like that, or any of a number of stories that allow us to understand one another better, the IP abuse that would have occured anyways (does anyone here seriously expect that alt.binaries.* is going to vanish?) is excusable in the greater scheme of things. I will run a freenet. I will encourage all my bandwidth rich friends to run a freenet.
Untill you are willing to forgo your internet access because of the other abuses of that bandwith that are going on all around you, you sir, are a hipocrite, as you are asking your ISP to do something you are unwilling to do.
Why can't it evolve? Why doesn't anyone seeem to see this for what it is. It is for the first time ever, a truely distributed file system. To wit:
What is there to stop me from writing a web server that stores info in the distributed file system? Nothing. I just set up a key/minswebserver/ and go. What does this buy me? Only the best redundant file server in the history of the world. Who cares about RAID 5. So what if my house gets hit by a tornado, I get a new computer, set up the web software and point it to/minswebserver/ and away we go.
How long before someone writes a file system shim for linux?
Everyone seems to look at it as an end in and of itself. I see it as no more then a massive storage array that I can pull stuff out of.
Think of it, wherever you go you have your bookmarks at your fingertips, cuz you stuffed your bookmark files into the filesystem.
I'm a sysadmin by profession and choice. Now here's a hypothetical situation:
I work for a company that has control over technology X, where it is vital that during development that X stay an internal and closely held secret. This is consistant with a lot of companies. To keep X internal we have a firewall. Like almost every company these days we find it neccesary to allow http fairly free access through our firewall.
In this circumstance a browser presents the most likely form of penetration of my firewall. My user runs up the buggy webbrowser (take your pick, they've all had read arbitrary file exploits with the exception of Opera and Lynx AFAIK), and joe@mycompition.com gets some funny html to them (emails it probably), oops.
Http is one of the only protocols that is routinely passed through most every firewall in the world. I feel a browser exploit is one of the most critical security issues in existance for the corporate IT dept at least.
And saying consumers shouldn't be aware of this is like saying we should remove low oil lights from cars, because they might scare users. The solution is to make the technobable understandable. It's not that tricky, lots of us have to do it for managment types every day:).
Start_Mozilla(); // begin security bugcheck if exist http://www.mozilla.org/security/alert_v100.xml { pop warning message containing contents of http://www.mozilla.org/security/alert_v100.xml } // end security bugcheck
Continue_Mozzilla();
So you see, the software knows nothing about new bugs, it just does a quick check of an online source when you start it, and display the warning from it. The software is no smarter, it just knows where to look to see if the developers have some news to pass on.
Hrm, I obviously shouldn't write after an allnighter, I wasn't being as clear as I thought I was. Clever that. OK let me see if I can explain:
Now, before it goes gold, include code that alows for a remote notification of security problems. Code it in now, for the future. It zots off to mozilla.org and checks for a specific html page. If it's there it renders it in a pop up window. The page would be different for each version of mozilla.
Now iff there's a security exposure for the version you are using, when you boot Mozilla, it would bring up a window saying, "We have identified a possible security exposure. (suggested work arounds, disable java temp etc) We are currently working on an updated version of Mozilla and will notify you as soon as we have one completed"
When the new version is available the pop-up would come up again, and include a link to get your shiney new cracker proof copy of Mozilla.
Simple, straight foward and it acomplishes the primary goal of full disclosure. It keeps everyone, the white hats, the black hats and the innocents (users) all on the same information footing. We can then make decisions in our various capacities having as much information in hand as is available at any given time. Users could choose not to use Mozilla until the bug fix comes out for instance. Security officers could write patch for the proxy on the firewall to log attacks.
In that case, the benefits of publicizing the defect must be weighed against the dangers. If they publicize the defect, they may get some help fixing the defect from the public. However, given that the Mozilla project has had a fairly long history, they probably have a good idea of which members of the public will contribute. The likelihood of someone new stepping up to fix a security problem is very slim.
Ah, but what about the benifits to someone other then Mozilla. What about me, and all the other sysadmins who have a responsibility morally and legally to keep our employers networks secure. We, the customers of Mozilla (or Oracle, or M$s, I'm not picking on Mozilla here) have a right to expect that we won't be kept in the dark about a security exploit that might be used against us. Mozilla has *NO* way of knowing when they choose to keep a bug to themselves that it is not being actively exploited in the wild currently. The only morally responisble thing for them to do is to spread the publicity far and wide so that, I, as a user have the option to suspend use of their product until I know it is once again safe. Futhermore, I belive this would provide Mozilla with a very real market diffienciation from their competition (primarily IE).
History has shown that when given the option to keep it to themselves companies choose to take uncionciousably long lengths of time to patch security holes.
I am a professional who takes his responsibility to his customers very seriously. I find it reprehensible the manner in which our suppliers unilaterally decide to keep this information from us.
and only apply the embargo if the knowledge is not already available in the cracker community. Ah, now there is the crux of the problem. How do you know? Sure it's easy if someone puts a 'sploit on bugtraq. But what if they don't? What if some group keeps it to themselves, abusing the bug in private. Now maybe you argue that 48 hrs isn't that bad. But what if that is 48 hrs where some web site is infecting each computer connecting to it with a worm. We've seen lots of browser bugs that allow files on comptuers to be manipulated, so this isn't way out in fairy tale land. This would be a pretty standard "keep it quiet we don't want anyone to know the emporer isn't wearing any clothes just yet" bug. I am a good internet user. I have a personal firewall between my browser and the net. I have the skills to be able to defend myself if I know I'm being attacked. Do you want to guess how irate I'd be if I found out Netscape/Moz. withheld details of the exploit that compromised my home computer, or worse yet, the company I work for because they wanted to avoid bad press? Ha! Just watch the press, "Open Source software causes Internet Worm, Gates says, 'I told you so'". Seem far fetched? I argue it's simply a matter of time.
The ONLY socially responsible thing for a software organization to do is to publicize it as far and wide as they can as soon as they can. That way they can use that as a defense when the dark smelly stuff hits the oscilating airflow assist device.
Just one small detail, (admitably I don't agree with your position, but I've covered that in other posts) how do you figure PGP is obscure? Peter Zimmerman made a point of posting the source code, so that in the grand tradition of cryptography anyone and everyone could look and see if anything was left weak.
As for M$ junk, the problem is that the holes that get out tend to cause more damage. Wittness the recent spat of cred card info thefts from MSSQL servers. Exploits that are found are found by the black hats and we only find out about them when they become too blatent and someone notices.
Minupla ---- Remove the rocks from my head to send email
I think there's been ample evidence that this is not the case. Let's look at the IIS bug that came about this last summer. Big buffer overflow in a major server product. Came out in bugtraq among other garden spots. Exploits and fixes hours later.
There are more white hats then there are black hats. We should use our numbers to solve these problems quickly by finding a solution and DISTRIBUTING the information as quickly and as widely as possible.
Doing otherwise will alianate some of your best sources for fixing the problem, your opensource programmers. How long do you think a security bug would remain unpatched given the number of eyes an open source software project like Mozilla has looking for a solution. Frankly I'm sure we'd have a patch before they had an exploit for it, both of us starting from the same place.
Security through obscurity gives a false sense of security to everyone.
Consider the (not totally unrealistic scenario. Not saying this would happen with Netscape/Mozilla but it could and has happened with other software products.) Netscape finds a security bug, and generates an internal bug for it. It gets assigned to an overworked programmer, (and let's face it they're all overworked) who says, "well I have this list of things to do, and this bug isn't crashing computers cuz noone knows about it, so I'll just put it on the back burner". In the meantime, someone else with access to internal bug reports decides to 'leak' it to a friend to prove how hooked in he is. It goes out to the 313t3 crowd, we have an exploit and script kiddies, and eventually the rest of the world finds out through bugtraq. Oops.
Think it's far fetched. Check your bugtraq archive site, there are piles of "I sent this to vendor X, 3 months ago, they haven't done anything about it, so I'm submitting it to Bugtraq now" posts. Happens all the time. If we don't talk about it, we lose the biggest advantage the net gives us. Communications.
Disclaimer: I am not affiliated with bugtraq in any way other then being a loyal reader for many years.
---- Remove the rocks from my head to use my email address ---- Remove the rocks from my head to send email
1) Not disclosing a security hole does NOT make it go away. 2) Software developers don't always know all the security holes being actively exploited. It is entirely possible that the hole we're being 'protected' from is in fact being exploited in the wild, and the only thing that's accomplished is we're not being careful in our use of the product until it can be patched. 3) Non-disclosure tends to slow the repair of security holes in any environment, never mind open source, where your very strength is in your userbase.
I personally would be in favor of draconian disclosure. When a security bug is discovered, pop up a dialog box, forcing me to read about the advisory and 'continue at own risk' until a fix can be developed and a notice of said fix distributed using the same draconian alert box.
That way everyone who uses the product (rather then just those of us who read full disclosure lists like Bugtraq) knows what exactly is going on and can change their habits accordingly. Additionally you'll have every open source programmer on the planet competing to squash the bug.
Seems like a no brainer to me people.
--- Remove the rocks from my head to send email. ---- Remove the rocks from my head to send email
Some time ago, I had the most enlightening conversation I've ever had. With a homeless girl on the streets of Vancouver, BC. My recounting of the encounter is at www.ufies.org/~bofh in case anyone is interested, please leave your comments to the addy at the end of the story if they're not related to the quoted bit.
Anyways, for the ease of discussion, here were her throughts on religion:
Eventually, as many conversations like this in my life have gone of late, the subject of religion came up. I myself am a confirmed fence sitter. I'm agnostic. After having recited a common saying, it occurred to me to inquire as to her belief system. She said, "People need something to keep them going. It can be anything. If believing in a God does it for them, more power to them, it could be a doorknob they believe in, and that would be fine too." So I asked, "And what keeps you going Angie?". Her response was, "I want to see where this train stops. That and taking care of my little sister."
As aluded to in that paragraph, I'm agnostic. Moreover, I'm an extreme agnostic. My personal belief is that we operate at a different level of abstraction then God, the Goddess, the Alien Scientest or the Cosmic Coincidence. And that trying to interpet it from where we stand now would be like the cave man in 2001.
Having said that, religion serves an important part in some peoples' lives, and I wouldn't for a second try to argue they are wrong. I just know I don't know.:)
This is definitively what we need, what I have been dreaming of for years, and what we will have. A universal, global radio standard. It is defined to be flexible enough to work on ALL of the frequency spectrum
And it would give us a chance to do a few things right from the begginging... IE: implement it usign IPV6. IPSEC makes this choice a no brainer. No more biweekly/. articles on the latest cell phone encryption crack.
Like I said, it probably won't happen, yet. It will come eventually.
It does occur to me that there exists a chance for a foresightful company to jump the queue. With the FCC auctioning off spare bandwidth, if a company were to buy up a whack of it, they could essentially implement this plan now. Sell radios to bussinesses who have a need, but don't have enough of a need to fill a channel.
Actually there already is a huge amateur presence in the digital radio field, in fact we were pioneers. We've fallen behind of late, but AX.25 was there right from the get go of the field.
The main reason I didn't bother to talk to the amateur presence directly is that at least here in Canada, we are allocated bandwidth and told "do with it as you please". (other then the broad licence restrictions requiring code for HF bands). Frequency plans are put together by local planning groups, consisting of hams, not handed to us by our govt. But yes, I feel that emergancy coms must be maintained and ham communications nets remain one of the important ways to provide this service.
Hrm, this sounds an aweful lot like the IP space problem the net was going to run into. Only problem is you can't just extend the radio spectrum to allow more users can you?
Well, not as such, but you can use it a lot more effectively. For instance, a lot of the spectrum is being used by analog signaling device. For example 2 way radios. Everyone here knows that voice signals can be digitized and sent over an analog medium in a multiplexed fashion (PCS anyone?) a lot more effientenly then they can be sent over in their latent analog forms.
I think it's far past time that we made a paridim shift in our electromagnetic spectrum managment.
Step 1: Phase out analog transmission. Set a 5 year end of life on all current analog licences. Step 2: Type Approve a new digital radio that is multiband, where the radio will try first on the highest (most plentiful, shortest haul) frequencies, and if it can't find a node, fall back untill it can. Ideally these radios should also act as packet repeaters and by neccesity include a public key encryption system. Step 3: Establish, using licencing fees a N/A wide (remember boys and girls, frequencies don't care about borders. All this has to be taken with Canada and Mexico in mind) digipeter network.
Volia. You now charge your licencees not by how much spectrum they're occupying but by a much more real world measure, how many bytes they send.
Licencees gain the ability to operate anywhere on the continent, not just in their own repeater area, if there are no repeaters around we eventually fall back to HF, which can bounce around the world if it has to, but this would require a very different radio structure then the usual VHF models of today, so would probably only be used in circumstances where it absolutly required. In most cases repeater coverage would do it.
And the best part, most of the technologies here already exisit! Digitial voice transmission, TCP/IP for a networking protocol, digipeters, are all in use now in both commercial and amature radio circles.
Unfortunaly this will never come to pass, the idea of the US using such an open source, co-operative system goes too much against their capitalist nature. It won't happen till they absoltuly run out of spectrum space.
In the meantime, what will they do about violations under the current system. If someone who is leasing spectrum space between 2am and 5am violates one of the FCC/ITT code regs, whose licence gets yanked?
Ah, but if you have a clear vision of where you want to take something you can concentrate your development efforts on the things that appeal to the target audience you select. If you try and be all things to all people you inevitably fall into the trap of spreading yourself too thin, and you end up not optimally servicing ethier target audiance. Add to this that some of the audience characteristics are non-compatible. Take the Mac. Very good desktop interface. Easiest computer in the world to use. Sit a gr. 1 student in front of it and with minimal teaching they can run it.
A machine for a geek? I think not. The very things that make linux a machine for you and I make it ill fitted as a generic desktop machine. It's too configurable, too many things you can change. In short, it's too powerful. It's going to be disliked as a corporate desktop because of all these things as well. As an IT manager am I going to want my staff to have to deal with Joe the shipping manager going off and deciding to install a new window manager? No thanks.
So we're going to have to put development time into coming up with some sort of a Zero Admin Kit for linux.
I'm not saying abandon all attempts at making it look pretty. Heck, I'm as much a sucker for a cool looking GUI as the next guy. I'm just saying we need to decide who our target is, and let's face it. It's not my mom:)
Also, I don't *want* to be required to run GNOME, if I want to use linux. Linux is about freedom of choices. To say we're all going to standardize on one particular desktop schema scares me, because it means that unless I essentially want to build my own distribution I'm locked into it.
Not saying my view is right, just think we need to give it a bit of thought every now and again about where exactly we're driving this bus:)
Space - but why do people have to do ore mining from asteroids? It's cheaper to use self-repairing robot factories to do this
Oh ya, agreed, but I was commenting on BS's original predication that space would turn out to be not commercially viable. I think that automated recovery and processing will be a big part of making it viable.
Nanotech is the other big one, but that's anyone's guess as to time frame at this point.
But why would you want to? I mean, the world isn't at all crowded yet
Oh I don't know. Really, what would be the difference between a desert city, with Martian domes and your current metropolis. You'd have city as far as your eyes could see. Parks, and movies. How often does the average city dweller get out of the city? And usually they get there on a plane to some island out in the ocean.
I don't think it's as far out as you seem to think. Make it marginally attractive - tax breaks, lower inital prop values, pre-wired for net from the ground up... Frankly I'd prefer to see more of us move to a structure like this, and let some of our currently decimated areas of the earth go back wild so I could enjoy them on my vacation:)...
I'm going to get moderated into the floor, but here goes:
Do we really want/need linux to become another desktop operating system? I mean, I dislike windoze as much as the next person. But is there really any real profit in turning Linux into the next windows, with a nice homogenious interface, where every time you turn on a linux box you get the same window manager, the same GUI. These are requirements for a desktop operating system. Consistancy, homogeniality, boringness.
One of the things I *like* about linux is that if I walk through a room with 20 linux desktops atm, I will likely see several different window managers, a couple of consoles, and... variety.
I think every tool has its place. For your average user, windows may be the tool. Sure, linux on the desktop would be wonderful, but frankly I was using Linux when SLS was the only distribution. A mac like file manager is not going to rock my world people. And who is our target audience. People like me, or people who currently use windows. Really?
Slashdot Mirror
Me. Just applied.
.9x SLS, done a stint of 5 years in the arctic installing internet infrastructure. Best experience of my life, both from a professional and a personal point of view.
/. sense :)
Linuxer since
As a friend once said, "When you're 75 and looking back on your life, you measure your worth not in terms of dollars you made, but in terms of difference you've made to the world around you".
This seems like a perferct opertunity to put some karma into the old karma bank, and not in a
----
Remove the rocks from my head to send email
*grins* Agnostic - I don't know if God exists. :)
:)
I would agree that the second definition fits most people, but then most people wouldn't know what the word agnostic means because, well they couldn't care less
----
Remove the rocks from my head to send email
not to quibble, but...
theory
In science, an explanation for some phenomenon which is based on observation, experimentation, and reasoning. In popular use, a theory is often assumed to imply mere speculation, but in science, something is not called a theory until it has been confirmed over the course of many independent experiments. Theories are more certain than hypotheses, but less certain than laws.
-- From the Online Medical Dictionary
Now, evolution fits the scientific definition of a theory. I would agree with you that evolution is in fact a theroy, not a law.
Religion however lacks any reproducable experimental evidence in its support that I am aware of, so at this point would be a conjecture in my books. Admitably by less scientific definations, creation could be called a theory, but evolution does meet the more stringant requirements of the scientific definition.
For the record I'm an agnostic.
----
Remove the rocks from my head to send email
Material From Solar System's Last Moments?
[ Space ] Posted by linus on Thursday May 11, 10000 @07:00PM
from the why-the-last-time-I-saw-*that*-chunk-of-plastic dept.
Anonymous coward writes: "Astronomers from the Alpha Cent. orbital quantum observatory announced today that they found what they believe to be the oldest material from the Sol system, before it was mysteriously abandoned. The object appears to be a chunk of pitted plastic, fashioned in a circle with a small circle missing from the center. Detailed observations lead astronomers to believe it was viral code that may have been responsible for the rapid desertion of the Sol system. One analyst was quoted as stating that the best simulation of the data encoded on the plastic disk shows it to be extremely unstable and brings the simualted system to a rapidly non-functional state. They are however mystified by the only legible part of the lettering remaining. It reads, "Windows 2100 for fusion reactors".
----
Remove the rocks from my head to send email
Oh, if you read what I said I was certainly not supporting censorship, just accountability. The frequency of people needing the level of protection that this network would afford from an opressive organization is exceedingly rare. (At least it's that rare for people who would have access to the internet)
:)
Not as rare as you might think. A few years ago, when the whole Y2K thing was something only a few geeks were worried about, a site opened up that allowed employees of companies who were trying to hush up and ignore their serious y2k issues appeared on the net. It was quickly under attack from the companies who were fingered. The lack of anonymity inherient in our current Internet forced this important facility to close.
Additionally consider: This project once built will be out here in times of need. The US might today be one of the more open countries in the world, but I doubt that the citizens of Germany saw the coming of the oppressive regiem from 20 years away. The time to build the tools is now because if/when the darkness comes they're not going to allow us to build them then.
PS: I know, it may seem like I'm picking on you, with 2 different threads going now, it's not that, just that your arguments seem the best thought out ones against which to build my own house of cards
----
Remove the rocks from my head to send email
*sigh* You're making me think here, hard and long. That's a GOOD thing, but it's the middle of the work day, and it's distracting. :P
*grins* good.
Ok, the difference between a 'FreeNet' and the regular net, in terms of why I feel I can justify my personal participation in the 'net, is that on the Internet there is a modicum of personal responsability.
Doesn't wash. You can make your surfing on the i-net anonymous, use mixmaster remailers, and an anonymous surfing engine, which are of course popular among those who need anonyminity for one reason or another. Conversely you can sign your name to a freenet submission.
The way I see it, what changes is the inital assumption. On the i-net you initially have no anonymity, and have to work to achieve a varying degree of it.
On the Freenet you start with that anonymity.
What's the big deal about that?
Simple, on the i-net people have to be fairly technologicly adept to obtain a comfortable degrree of anonymity before being a whistle blower (I have some experience in having done this once or twice.) On the Freenet, anyone who can run a client gets a degree of anonymitity out of the box.
Why should only those of us who belong to the technological elite benifit from anonymitiy in our actions.
And with anonmity moving to the lower classes you will see more whistleblowers, who tend to have jobs other then "Lead Systems Admin" being able to use the system in some comfort.
Freenet isn't perfect ethier. By their own admmitions, they don't offer an ideally anonymous environment.
Just because I have the freedom to own a knife and use it to cut things, does not mean that I have the right to slash up my neighbour without danger of reprisal.
At the risk of belabouring the obvious I'll point out that we don't ban knives ethier. Knives like freenet is a tool and is not inheriently good or evil. It can be used in ethier way. If you want to help ensure it gets used the way you want, get involved. Help shape the project. That's what I've done.
As for how info is useful without the ability to back it up. Consider the following.
In my case I was requested by someone to do something illegal against someone else. I had no evidence and the local law enforcment officals weren't at all sure they could do anything, infact suggested that I'd probably end up getting sued for liable out of the mess, since it was just his word against mine. So, using my technological skills, I wrote an anonymous email to the party affected, so they could take measures to protect themselves, and absented myself from the situation. Result: the attempt failed when someone else was cohersed into doing it.
The victim entity in question didn't need to know who I was, just that they needed to protect themselves.
This wouldn't have been possible without anonymity tools.
There *is* a place for anonymity. In cases where someone's freedom is being abused by an oppressor, and they want to get the word out about that abuse, anonymity makes a great crutch. It's a tool. But it *should* be a little difficult to do things %100 anonymously. Those who *need* the anonymity will ferret it out. When you make it this easy, all you're doing is making it simple for all those who *want* to be anonymous.
*grins* so now it's OK for me to be anonymous, but some factory worker in cuba shouldn't get the same protection? I think you've shot your argument in the foot, because most script kiddies and warez traders are more able to use the current anonyminity tools then 90% of the rest of the world.
Glad to hear I got you thining. Got me thinking too, I joined the Freenet project this morning and offered to do tech writing for them.
BTW
----
Remove the rocks from my head to send email
Er, all your arguments apply to the current role of the ISP.
Why should I, as an ISP provide bandwidth to you when (lets face it, avgs here, and I ran an ISP, so I can speak to it) the collective you are probably using my bandwidth (at least part of the time) to look at porn, download warez, download MP3s you don't have IP rights to. I'd conservately estimate that 60% of my packets were related to one of those activities. (let's face it a few 650 mb CD-roms outstrip most people's legit websurfing for a month).
So why should I? Because some of you are doing Good_Things with my bandwidth. Because when I was 13, among the flames and the warez of the BBS scene I found a very compelling first person article from someone who was there when The Wall fell. It was propogated over fidonet, which for those of you without my long past was a network of home users with dial up modems who exchanged mail via packet transfers at 2am. I argue, and will continue to argue to my dieing breath that articles like this outweigh all the porn, warez and anything else floating through the net. And if just one person uses Freenet to store an article like that, or any of a number of stories that allow us to understand one another better, the IP abuse that would have occured anyways (does anyone here seriously expect that alt.binaries.* is going to vanish?) is excusable in the greater scheme of things. I will run a freenet. I will encourage all my bandwidth rich friends to run a freenet.
Untill you are willing to forgo your internet access because of the other abuses of that bandwith that are going on all around you, you sir, are a hipocrite, as you are asking your ISP to do something you are unwilling to do.
Minupla
----
Remove the rocks from my head to send email
Why can't it evolve? Why doesn't anyone seeem to see this for what it is. It is for the first time ever, a truely distributed file system. To wit:
/minswebserver/ and go. What does this buy me? Only the best redundant file server in the history of the world. Who cares about RAID 5. So what if my house gets hit by a tornado, I get a new computer, set up the web software and point it to /minswebserver/ and away we go.
What is there to stop me from writing a web server that stores info in the distributed file system? Nothing. I just set up a key
How long before someone writes a file system shim for linux?
Everyone seems to look at it as an end in and of itself. I see it as no more then a massive storage array that I can pull stuff out of.
Think of it, wherever you go you have your bookmarks at your fingertips, cuz you stuffed your bookmark files into the filesystem.
Take it to the next level of abstraction people.
Minupla
----
Remove the rocks from my head to send email
I'm a sysadmin by profession and choice. Now here's a hypothetical situation:
:).
I work for a company that has control over technology X, where it is vital that during development that X stay an internal and closely held secret. This is consistant with a lot of companies. To keep X internal we have a firewall. Like almost every company these days we find it neccesary to allow http fairly free access through our firewall.
In this circumstance a browser presents the most likely form of penetration of my firewall. My user runs up the buggy webbrowser (take your pick, they've all had read arbitrary file exploits with the exception of Opera and Lynx AFAIK), and joe@mycompition.com gets some funny html to them (emails it probably), oops.
Http is one of the only protocols that is routinely passed through most every firewall in the world. I feel a browser exploit is one of the most critical security issues in existance for the corporate IT dept at least.
And saying consumers shouldn't be aware of this is like saying we should remove low oil lights from cars, because they might scare users. The solution is to make the technobable understandable. It's not that tricky, lots of us have to do it for managment types every day
----
Remove the rocks from my head to send email
Start_Mozilla();
// begin security bugcheck
if exist http://www.mozilla.org/security/alert_v100.xml
{ pop warning message containing contents of
http://www.mozilla.org/security/alert_v100.xml
}
// end security bugcheck
Continue_Mozzilla();
So you see, the software knows nothing about new bugs, it just does a quick check of an online source when you start it, and display the warning from it. The software is no smarter, it just knows where to look to see if the developers have some news to pass on.
----
Remove the rocks from my head to send email
Hrm, I obviously shouldn't write after an allnighter, I wasn't being as clear as I thought I was. Clever that. OK let me see if I can explain:
Now, before it goes gold, include code that alows for a remote notification of security problems. Code it in now, for the future. It zots off to mozilla.org and checks for a specific html page. If it's there it renders it in a pop up window. The page would be different for each version of mozilla.
Now iff there's a security exposure for the version you are using, when you boot Mozilla, it would bring up a window saying, "We have identified a possible security exposure. (suggested work arounds, disable java temp etc) We are currently working on an updated version of Mozilla and will notify you as soon as we have one completed"
When the new version is available the pop-up would come up again, and include a link to get your shiney new cracker proof copy of Mozilla.
Simple, straight foward and it acomplishes the primary goal of full disclosure. It keeps everyone, the white hats, the black hats and the innocents (users) all on the same information footing. We can then make decisions in our various capacities having as much information in hand as is available at any given time. Users could choose not to use Mozilla until the bug fix comes out for instance. Security officers could write patch for the proxy on the firewall to log attacks.
----
Remove the rocks from my head to send email
In that case, the benefits of publicizing the defect must be weighed against the dangers. If they publicize the defect, they may get some help fixing the defect from the public. However, given that the Mozilla project has had a fairly long history, they probably have a good idea of which members of the public will contribute. The likelihood of someone new stepping up to fix a security problem is very slim.
Ah, but what about the benifits to someone other then Mozilla. What about me, and all the other sysadmins who have a responsibility morally and legally to keep our employers networks secure. We, the customers of Mozilla (or Oracle, or M$s, I'm not picking on Mozilla here) have a right to expect that we won't be kept in the dark about a security exploit that might be used against us. Mozilla has *NO* way of knowing when they choose to keep a bug to themselves that it is not being actively exploited in the wild currently. The only morally responisble thing for them to do is to spread the publicity far and wide so that, I, as a user have the option to suspend use of their product until I know it is once again safe.
Futhermore, I belive this would provide Mozilla with a very real market diffienciation from their competition (primarily IE).
History has shown that when given the option to keep it to themselves companies choose to take uncionciousably long lengths of time to patch security holes.
I am a professional who takes his responsibility to his customers very seriously. I find it reprehensible the manner in which our suppliers unilaterally decide to keep this information from us.
----
Remove the rocks from my head to send email
and only apply the embargo if the knowledge is not already available in the cracker community.
Ah, now there is the crux of the problem. How do you know? Sure it's easy if someone puts a 'sploit on bugtraq. But what if they don't? What if some group keeps it to themselves, abusing the bug in private. Now maybe you argue that 48 hrs isn't that bad. But what if that is 48 hrs where some web site is infecting each computer connecting to it with a worm. We've seen lots of browser bugs that allow files on comptuers to be manipulated, so this isn't way out in fairy tale land. This would be a pretty standard "keep it quiet we don't want anyone to know the emporer isn't wearing any clothes just yet" bug. I am a good internet user. I have a personal firewall between my browser and the net. I have the skills to be able to defend myself if I know I'm being attacked. Do you want to guess how irate I'd be if I found out Netscape/Moz. withheld details of the exploit that compromised my home computer, or worse yet, the company I work for because they wanted to avoid bad press? Ha! Just watch the press, "Open Source software causes Internet Worm, Gates says, 'I told you so'". Seem far fetched? I argue it's simply a matter of time.
The ONLY socially responsible thing for a software organization to do is to publicize it as far and wide as they can as soon as they can. That way they can use that as a defense when the dark smelly stuff hits the oscilating airflow assist device.
----
Remove the rocks from my head to send email
Just one small detail, (admitably I don't agree with your position, but I've covered that in other posts) how do you figure PGP is obscure? Peter Zimmerman made a point of posting the source code, so that in the grand tradition of cryptography anyone and everyone could look and see if anything was left weak.
As for M$ junk, the problem is that the holes that get out tend to cause more damage. Wittness the recent spat of cred card info thefts from MSSQL servers. Exploits that are found are found by the black hats and we only find out about them when they become too blatent and someone notices.
Minupla
----
Remove the rocks from my head to send email
I think there's been ample evidence that this is not the case. Let's look at the IIS bug that came about this last summer. Big buffer overflow in a major server product. Came out in bugtraq among other garden spots. Exploits and fixes hours later.
There are more white hats then there are black hats. We should use our numbers to solve these problems quickly by finding a solution and DISTRIBUTING the information as quickly and as widely as possible.
Doing otherwise will alianate some of your best sources for fixing the problem, your opensource programmers. How long do you think a security bug would remain unpatched given the number of eyes an open source software project like Mozilla has looking for a solution. Frankly I'm sure we'd have a patch before they had an exploit for it, both of us starting from the same place.
Security through obscurity gives a false sense of security to everyone.
Consider the (not totally unrealistic scenario. Not saying this would happen with Netscape/Mozilla but it could and has happened with other software products.) Netscape finds a security bug, and generates an internal bug for it. It gets assigned to an overworked programmer, (and let's face it they're all overworked) who says, "well I have this list of things to do, and this bug isn't crashing computers cuz noone knows about it, so I'll just put it on the back burner". In the meantime, someone else with access to internal bug reports decides to 'leak' it to a friend to prove how hooked in he is. It goes out to the 313t3 crowd, we have an exploit and script kiddies, and eventually the rest of the world finds out through bugtraq. Oops.
Think it's far fetched. Check your bugtraq archive site, there are piles of "I sent this to vendor X, 3 months ago, they haven't done anything about it, so I'm submitting it to Bugtraq now" posts. Happens all the time. If we don't talk about it, we lose the biggest advantage the net gives us. Communications.
Disclaimer: I am not affiliated with bugtraq in any way other then being a loyal reader for many years.
----
Remove the rocks from my head to use my email address
----
Remove the rocks from my head to send email
*sighs* OK, here we go again.
1) Not disclosing a security hole does NOT make it go away.
2) Software developers don't always know all the security holes being actively exploited. It is entirely possible that the hole we're being 'protected' from is in fact being exploited in the wild, and the only thing that's accomplished is we're not being careful in our use of the product until it can be patched.
3) Non-disclosure tends to slow the repair of security holes in any environment, never mind open source, where your very strength is in your userbase.
I personally would be in favor of draconian disclosure. When a security bug is discovered, pop up a dialog box, forcing me to read about the advisory and 'continue at own risk' until a fix can be developed and a notice of said fix distributed using the same draconian alert box.
That way everyone who uses the product (rather then just those of us who read full disclosure lists like Bugtraq) knows what exactly is going on and can change their habits accordingly. Additionally you'll have every open source programmer on the planet competing to squash the bug.
Seems like a no brainer to me people.
---
Remove the rocks from my head to send email.
----
Remove the rocks from my head to send email
Some time ago, I had the most enlightening conversation I've ever had. With a homeless girl on the streets of Vancouver, BC. My recounting of the encounter is at www.ufies.org/~bofh in case anyone is interested, please leave your comments to the addy at the end of the story if they're not related to the quoted bit.
:)
Anyways, for the ease of discussion, here were her throughts on religion:
Eventually, as many conversations like this in my life have gone of late, the subject of religion came up. I myself am a confirmed fence sitter. I'm agnostic. After having recited a common saying, it occurred to me to inquire
as to her belief system. She said, "People need something to keep them going. It can be anything. If believing in a God does it for them, more power to them, it could be a doorknob they believe in, and that would be fine too." So
I asked, "And what keeps you going Angie?". Her response was, "I want to see where this train stops. That and taking care of my little sister."
As aluded to in that paragraph, I'm agnostic. Moreover, I'm an extreme agnostic. My personal belief is that we operate at a different level of abstraction then God, the Goddess, the Alien Scientest or the Cosmic Coincidence. And that trying to interpet it from where we stand now would be like the cave man in 2001.
Having said that, religion serves an important part in some peoples' lives, and I wouldn't for a second try to argue they are wrong. I just know I don't know.
Thoughts?
----
Remove the rocks from my head to send email
Speaking of old school? Who else here remembers SLS, the first linux install I ever used?
:)
Now there was control... I think I blew the thing up 5 times before I got it to install right.. of course I knew less then then I do know now
Minupla
----
Remove the rocks from my head to send email
This is definitively what we need, what I have been dreaming of for years, and what we will have. A universal, global radio standard. It is defined to be flexible enough to work on ALL of the frequency spectrum
/. articles on the latest cell phone encryption crack.
And it would give us a chance to do a few things right from the begginging... IE: implement it usign IPV6. IPSEC makes this choice a no brainer. No more biweekly
Like I said, it probably won't happen, yet. It will come eventually.
It does occur to me that there exists a chance for a foresightful company to jump the queue. With the FCC auctioning off spare bandwidth, if a company were to buy up a whack of it, they could essentially implement this plan now. Sell radios to bussinesses who have a need, but don't have enough of a need to fill a channel.
Minupla
Greetings, VY1xx here.
Actually there already is a huge amateur presence in the digital radio field, in fact we were pioneers. We've fallen behind of late, but AX.25 was there right from the get go of the field.
The main reason I didn't bother to talk to the amateur presence directly is that at least here in Canada, we are allocated bandwidth and told "do with it as you please". (other then the broad licence restrictions requiring code for HF bands). Frequency plans are put together by local planning groups, consisting of hams, not handed to us by our govt. But yes, I feel that emergancy coms must be maintained and ham communications nets remain one of the important ways to provide this service.
I stand corrected sir.
Minupla
Hrm, this sounds an aweful lot like the IP space problem the net was going to run into. Only problem is you can't just extend the radio spectrum to allow more users can you?
Well, not as such, but you can use it a lot more effectively. For instance, a lot of the spectrum is being used by analog signaling device. For example 2 way radios. Everyone here knows that voice signals can be digitized and sent over an analog medium in a multiplexed fashion (PCS anyone?) a lot more effientenly then they can be sent over in their latent analog forms.
I think it's far past time that we made a paridim shift in our electromagnetic spectrum managment.
Step 1: Phase out analog transmission. Set a 5 year end of life on all current analog licences.
Step 2: Type Approve a new digital radio that is multiband, where the radio will try first on the highest (most plentiful, shortest haul) frequencies, and if it can't find a node, fall back untill it can. Ideally these radios should also act as packet repeaters and by neccesity include a public key encryption system.
Step 3: Establish, using licencing fees a N/A wide (remember boys and girls, frequencies don't care about borders. All this has to be taken with Canada and Mexico in mind) digipeter network.
Volia. You now charge your licencees not by how much spectrum they're occupying but by a much more real world measure, how many bytes they send.
Licencees gain the ability to operate anywhere on the continent, not just in their own repeater area, if there are no repeaters around we eventually fall back to HF, which can bounce around the world if it has to, but this would require a very different radio structure then the usual VHF models of today, so would probably only be used in circumstances where it absolutly required. In most cases repeater coverage would do it.
And the best part, most of the technologies here already exisit! Digitial voice transmission, TCP/IP for a networking protocol, digipeters, are all in use now in both commercial and amature radio circles.
Unfortunaly this will never come to pass, the idea of the US using such an open source, co-operative system goes too much against their capitalist nature. It won't happen till they absoltuly run out of spectrum space.
In the meantime, what will they do about violations under the current system. If someone who is leasing spectrum space between 2am and 5am violates one of the FCC/ITT code regs, whose licence gets yanked?
Minupla
Ah, but if you have a clear vision of where you want to take something you can concentrate your development efforts on the things that appeal to the target audience you select. If you try and be all things to all people you inevitably fall into the trap of spreading yourself too thin, and you end up not optimally servicing ethier target audiance. Add to this that some of the audience characteristics are non-compatible. Take the Mac. Very good desktop interface. Easiest computer in the world to use. Sit a gr. 1 student in front of it and with minimal teaching they can run it.
A machine for a geek? I think not. The very things that make linux a machine for you and I make it ill fitted as a generic desktop machine. It's too configurable, too many things you can change. In short, it's too powerful. It's going to be disliked as a corporate desktop because of all these things as well. As an IT manager am I going to want my staff to have to deal with Joe the shipping manager going off and deciding to install a new window manager? No thanks.
So we're going to have to put development time into coming up with some sort of a Zero Admin Kit for linux.
I'm not saying abandon all attempts at making it look pretty. Heck, I'm as much a sucker for a cool looking GUI as the next guy. I'm just saying we need to decide who our target is, and let's face it. It's not my mom :)
Also, I don't *want* to be required to run GNOME, if I want to use linux. Linux is about freedom of choices. To say we're all going to standardize on one particular desktop schema scares me, because it means that unless I essentially want to build my own distribution I'm locked into it.
Not saying my view is right, just think we need to give it a bit of thought every now and again about where exactly we're driving this bus :)
--- Minupla
Oh ya, agreed, but I was commenting on BS's original predication that space would turn out to be not commercially viable. I think that automated recovery and processing will be a big part of making it viable.
Nanotech is the other big one, but that's anyone's guess as to time frame at this point.
--- Minupla
Oh I don't know. Really, what would be the difference between a desert city, with Martian domes and your current metropolis. You'd have city as far as your eyes could see. Parks, and movies. How often does the average city dweller get out of the city? And usually they get there on a plane to some island out in the ocean.
I don't think it's as far out as you seem to think. Make it marginally attractive - tax breaks, lower inital prop values, pre-wired for net from the ground up... Frankly I'd prefer to see more of us move to a structure like this, and let some of our currently decimated areas of the earth go back wild so I could enjoy them on my vacation :)...
-- Minupla
I'm going to get moderated into the floor, but here goes:
Do we really want/need linux to become another desktop operating system? I mean, I dislike windoze as much as the next person. But is there really any real profit in turning Linux into the next windows, with a nice homogenious interface, where every time you turn on a linux box you get the same window manager, the same GUI. These are requirements for a desktop operating system. Consistancy, homogeniality, boringness.
One of the things I *like* about linux is that if I walk through a room with 20 linux desktops atm, I will likely see several different window managers, a couple of consoles, and... variety.
I think every tool has its place. For your average user, windows may be the tool. Sure, linux on the desktop would be wonderful, but frankly I was using Linux when SLS was the only distribution. A mac like file manager is not going to rock my world people. And who is our target audience. People like me, or people who currently use windows. Really?
--- Minupla