causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa.
Um.. no, these obviously were not "secure" systems. Secure military systems (as in classified) are not connected to the InterNet or any external network. The are on a seperate non-public network called SIPRNET (Secret Internet Protocol Router Network). The SIPRNET is an internal network that has absolutely no connectivity to the InterNet. Most likely he broke into some of the military's non-classified business systems which are connected to the InterNet via NIPRNET (which is also an internal network, but connected to the InterNet).
Yes, for Redhat themselves, they can do as they want as owners. But the whole point of OSS is to make it re-distributable. As I said in another post, now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this would because critical non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. That is the problem. They want to have binary-only distribution of some componets that are linked to GPL components. So, in effect, they are putting other people in the position of violating the GPL (except for the exception they have provided). So the exception is necessary, otherwise Redhat would be causing other people to violate the GPL.
No, they just aren't ready yet. Let's not make a bigger deal of this then need be.
Apparently, they have fully working binary-only versions, so this doesn't see to be a matter of it not being ready, but a matter of a *free* implementation not being ready.
Ofcourse, if Redhat owns the copyright, they can do as they please and distribute it. But now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this may because the necessary non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. So, now you can see the conundrum. To over-come it, they come up with this expection to the GPL. It is their right to do so, but perhaps not an optimal solution.
If you look at their wiki, they have not released all the componets as Open Source yet. So, they had to have an exception or they themeselves would be linking non-free with free and in violation. With the exception, they can release at least part as GPL and get it out to the world. I'm betting the non-free parts are likely iPlanet componets that are still encumbered.
Because this introduces complexity (and possibly confusion), it sort of brings to question if the hollowed and sacred GPL was the most appropriate license in the first place or if they shouldn't have gone with either a Mozilla or MIT/BSD license. Redhat lives and breaths the GPL, but it is not the only free license around. Perhaps they should show some flexibility and consider others.
In order to make the Directory Server software available as soon as possible, some components will not be released as open source in the first release. Initially just the LDAP server itself is being released. The administration server and end-user console are not being released as open source at this time. However, the binaries will be available for those other components, so the full console, management, and web based applications will be available, just not the source code
Well... at least the core is Open. Maybe they have to write replacements for encumberered components (perhaps the Sun iPlanet parts??).
I built a basic LFS system about a year ago. It was a very educational experience. One of the things that I learned was that current vanilla sources often won't work "out of the box". Lots of the source packages (even current versions) have to be patched to make them work on LFS. Obviously, you have to patch to fix bugs, but some of these pataches were just to get things to work at all. I didn't expect that and it was very suprising. One would think that the source's author(s) would make their stuff work "out of the box" on Linux (seeing how it is a very common and expected target).
I would have never figured out myself which sources needed patches. Thank God for distribution maintainers for figuring this out for us.
Unfortunately... performance and heat seem to move proportunately. I would love to see (or hear) a silent server room. Hmm... maybe with embedded systems getting more powerful this will one day be a reality.
I will be the first to say in our leader's Newspeak - doubleplusgood.
Just Growing Pains for an innovative product
on
Netscape 8 Breaks IE XML
·
· Score: 2, Insightful
Lots of people seem to be down on NS, first because of the patches and now this. But AFAIK, they have the only mainstream browser with two rendering engines. Even though the version number is "8", this is really a spanking new product. Any truly innovative product is going to have growing pains. So far, none of these are fatal flaws that can't be fixed with a patch. Cool down and give 'em a chance.
I found it to be high praise for Firefox and damnation of IE that NS reverts to Firefox rendering when it considers a web-site to be even semi-suspect. Basically, they said IE is dangerous and Firefox is safe(r ).
Because the hypothetical government probably also controls (or can gain control upon order) of the routers, you will always be vulnerable to man-in-the-middle attacks. Not even a SSH or SSL connection can be trusted in that kind of situation. So, if they are suspicious of you to begin with, they will intercept your traffic from the beginning .
that's the point of the "internet". Tt is a public network. Traffic gets routed through other peoples routers. Almost any "interent" traffic can be subjected to man-in-the-middle attacks at the routers. Even if it is encrypted, they can go to one end (source or destination), break in, and install a keylogger or listener to capture the key and decode a message after the fact.
Between IP-Addresses, MAC addresses, and dial-in-numbers, there is no anonymity on the internet. Any feeling of anonymity is an illusion. Best not to risk your life if a regime is that oppressive. Not even encryption is safe, because as you mentioned, keyloggers and silent listeners can capture passcodes and keys. If you must pass information, try it the old fashioned way - person to person or with a trusted intermediary.
From the get-go, UPN basically doomed Enterprise by running mid-season re-runs. That caused viewers to switch to other channels in the same time-slot. The veiwer gets involved in another TV show and never comes back. I can't think of a better way to deliberately sabotage your own ratings.
As far as being preempted by sports, they have been doing similar stuff in the Wash DC area with our new baseball team pushing Enterprise to saturday (although thankfully my TV guide says this episode really will air tonight)
[humor]
What is this x86 hyperthreading that you speak of fearing? My venerable (read:ancient) 64-bit Sparc II scoffs at your toy x86. Ofcourse, the aforementioned Sparc is only 1/2 the speed of your P3, but it stills scoffs.
[/humor]
Seriously, the SPARC architecture is an open specification that, unfortunately, does not get enough respect. It has been 64-bit since almost forever, something that is only now becoming common in the x86 world. I noticed that the flaws were noted on SCO-ware running on x86. I wonder what other Unix/unix-like varients are affected. IIRC, Sun claims that their x86 and Sparc code base are a single tree. I wonder if the fix for all the affected OSes will required scads of architecture unique kernel hacking versus keeping a single tree.
OK.. I'm going to answer your post on a number of points
In reality, knowing who you're flying with does nothing at all......However all the shoe inspections in the world is not going to stop someone from taking over a plane
It does matter, certain people, properly identified (or not identified) should never be allowed on an airplane. As far as inspections go, you are partially right. Frisking an 82-year old great-grandma and seizing her nail-clippers doesn't do any good if you let the illegal alien terrorist with a fraudlently obtained ID board the plane. We need to focus on *WHO* is getting on the plane. Hostile foreign nationals in the country illegally on expired visas should be one focus. RealID will help filter them out.
I don't think that you can make the connection with expired visa with fradulantly obtained IDs=Terrorist or even a danger to you.
Well, several of the 9-11 Hijackers *did* have driver licenses that should have never been issued and they *were* on expired visas. RealID would have prevented at least those individiuals from obtaining licences. Secondly, RealID represents a general tightening up of the immigration enforcement mechanisms, which are currently completely inadequate. So for whatever reasons any nation has immigration laws, RealID represents a significant part of better enforcement of those laws. Now if you disagree on the wisdom of having an immigration policy itself, then that is another matter altgether.
You know as well as I do, that it is difficult to move around and conduct normal business (renting a car, getting a hotel room, writing a check) without a valid ID. If your ID is expired, then you have a problem. RealID will expire a license when the visa expires. That will prevent overstayed aliens from being able to easily blend in and move around.
Yes, that is the problem. The current system does not have enough safegards. AFIK, all the IDs used by the 9-11 hijackers were valid and officially issued. But some were fraudently obtained and some should have never been issued at all (as in the case of expired visas). RealID is specifically crafted to address those specific issues.
Of course this is slashdot and we are supposed to think alike and reflexively be against anything the government does in the security arena. But I *really do* want to know that the person boarding the airplane with me is who they say they are and not on an expired visa with a fraudulantly obtained ID (like the 9-11 hijackers on expired visas with fraudulantly obtained Virginia driver licences). I *really do* want the government (all of it including state and local subdivisions) to enforce immigration laws and to know if somebody's visa is expired. So thank you for the information, I will call/fax my senator to let him know that I want him to vote in favor of Real ID.
Or instead of collecting public money and otherwise coding for free, they could take their code and start a business to support it (and themselves).
I can see the write up in Wired magazine now... "Yeah.. I was on the dole and trying to decide between chicken or beef ramen noodles, but then the IPO came and now I'm trying to decide on which color my yacht will be."
I think you are looking for -ignoreSysPrereqs option during the oracle install. That is what I used to make Oracle install on Solaris 10 for sparc because Oracle looks for Solaris 9. However, this would be a dangerous option to use on Linux because there are so may versions of linux/gnu libraries floating around for Linux as opposed to fewer differences between solaris versions. Overriding the prereq check on Linux is likely to cause more trouble than its worth. Better to fix the redhat-release file to fool it on that one issue and allow the install to proceed normally than to have it fail on multiple dependacies with -ignoreSysPrereqs.
The latest release of one of our CAD tools requires Red Hat Enterprise Linux 3.0, and will *not* run with RH9.0
CentOS is pretty much an exact copy of RHEL, except for trademark names and artwork, so it should work flawlessly...except for one thing. If the installer is explicitly checking versions, backup and then replace the redhat-release file found in/etc from CentOS to the appropriate Redhat version that says "Red Hat Enterprise Linux AS release 3 (Taroon)". This will fool some installers (such as Oracle) that demand a supported OS before they will install. After the install is complete, you should be able to copy the old redhat-release (that says CentOS) back without problems.
What would really rock is if the entire EU adopted an anti-DRM strategy. Since international businesses have to abide by EU rulings (if they want to do business in the hugh market that is the EU), such a ruling EU wide would be effectively world-wide. How do ya like them apples, MPAA?
How soon before Sun identifies all the components of Solaris that will be "open source" versus the components that will remain proprietary because of third-party ownership? Right now I only see DTrace as "open" on their web-site. They also say "Expect to see buildable Solaris code here in Q2 2005." Does "buildable Solaris code" just mean a few tools or does it mean a complete working system with kernel and userland?
No doubt, if they can get a basic (but otherwise bootable and working) open source Solaris out there, they community will be able to soon (say within a few years) replace the proprietary components.
A few weeks ago I bought myself a sparc box (netra T1 AC200), and after some initial problems with install media, finally got solaris installed. So far I am favorably impressed.
Slashdot Mirror
Yes, for Redhat themselves, they can do as they want as owners. But the whole point of OSS is to make it re-distributable. As I said in another post, now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this would because critical non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. That is the problem. They want to have binary-only distribution of some componets that are linked to GPL components. So, in effect, they are putting other people in the position of violating the GPL (except for the exception they have provided). So the exception is necessary, otherwise Redhat would be causing other people to violate the GPL.
Ofcourse, if Redhat owns the copyright, they can do as they please and distribute it. But now you download it and you want to redistribute it. If the necessary build would violate the GPL (as this may because the necessary non-free componets link to to GPL covered componets), then *you* would be in violation if you re-distriubted it. So, now you can see the conundrum. To over-come it, they come up with this expection to the GPL. It is their right to do so, but perhaps not an optimal solution.
If you look at their wiki, they have not released all the componets as Open Source yet. So, they had to have an exception or they themeselves would be linking non-free with free and in violation. With the exception, they can release at least part as GPL and get it out to the world. I'm betting the non-free parts are likely iPlanet componets that are still encumbered.
Because this introduces complexity (and possibly confusion), it sort of brings to question if the hollowed and sacred GPL was the most appropriate license in the first place or if they shouldn't have gone with either a Mozilla or MIT/BSD license. Redhat lives and breaths the GPL, but it is not the only free license around. Perhaps they should show some flexibility and consider others.
Well... at least the core is Open. Maybe they have to write replacements for encumberered components (perhaps the Sun iPlanet parts??).
I built a basic LFS system about a year ago. It was a very educational experience. One of the things that I learned was that current vanilla sources often won't work "out of the box". Lots of the source packages (even current versions) have to be patched to make them work on LFS. Obviously, you have to patch to fix bugs, but some of these pataches were just to get things to work at all. I didn't expect that and it was very suprising. One would think that the source's author(s) would make their stuff work "out of the box" on Linux (seeing how it is a very common and expected target).
I would have never figured out myself which sources needed patches. Thank God for distribution maintainers for figuring this out for us.
Unfortunately... performance and heat seem to move proportunately. I would love to see (or hear) a silent server room. Hmm... maybe with embedded systems getting more powerful this will one day be a reality.
I will be the first to say in our leader's Newspeak - doubleplusgood.
Lots of people seem to be down on NS, first because of the patches and now this. But AFAIK, they have the only mainstream browser with two rendering engines. Even though the version number is "8", this is really a spanking new product. Any truly innovative product is going to have growing pains. So far, none of these are fatal flaws that can't be fixed with a patch. Cool down and give 'em a chance.
I found it to be high praise for Firefox and damnation of IE that NS reverts to Firefox rendering when it considers a web-site to be even semi-suspect. Basically, they said IE is dangerous and Firefox is safe(r ).
Noooooooo! Not even the "Temporal Cold War"(R)(TM)(C) can explain this.
The Presido is the home of StarFleet Command. Not the seat of the Galactic Empire.
Somebody call for a re-write!
Because the hypothetical government probably also controls (or can gain control upon order) of the routers, you will always be vulnerable to man-in-the-middle attacks. Not even a SSH or SSL connection can be trusted in that kind of situation. So, if they are suspicious of you to begin with, they will intercept your traffic from the beginning .
that's the point of the "internet". Tt is a public network. Traffic gets routed through other peoples routers. Almost any "interent" traffic can be subjected to man-in-the-middle attacks at the routers. Even if it is encrypted, they can go to one end (source or destination), break in, and install a keylogger or listener to capture the key and decode a message after the fact.
Between IP-Addresses, MAC addresses, and dial-in-numbers, there is no anonymity on the internet. Any feeling of anonymity is an illusion. Best not to risk your life if a regime is that oppressive. Not even encryption is safe, because as you mentioned, keyloggers and silent listeners can capture passcodes and keys. If you must pass information, try it the old fashioned way - person to person or with a trusted intermediary.
From the get-go, UPN basically doomed Enterprise by running mid-season re-runs. That caused viewers to switch to other channels in the same time-slot. The veiwer gets involved in another TV show and never comes back. I can't think of a better way to deliberately sabotage your own ratings.
As far as being preempted by sports, they have been doing similar stuff in the Wash DC area with our new baseball team pushing Enterprise to saturday (although thankfully my TV guide says this episode really will air tonight)
[humor]
What is this x86 hyperthreading that you speak of fearing? My venerable (read:ancient) 64-bit Sparc II scoffs at your toy x86. Ofcourse, the aforementioned Sparc is only 1/2 the speed of your P3, but it stills scoffs.
[/humor]
Seriously, the SPARC architecture is an open specification that, unfortunately, does not get enough respect. It has been 64-bit since almost forever, something that is only now becoming common in the x86 world. I noticed that the flaws were noted on SCO-ware running on x86. I wonder what other Unix/unix-like varients are affected. IIRC, Sun claims that their x86 and Sparc code base are a single tree. I wonder if the fix for all the affected OSes will required scads of architecture unique kernel hacking versus keeping a single tree.
It does matter, certain people, properly identified (or not identified) should never be allowed on an airplane. As far as inspections go, you are partially right. Frisking an 82-year old great-grandma and seizing her nail-clippers doesn't do any good if you let the illegal alien terrorist with a fraudlently obtained ID board the plane. We need to focus on *WHO* is getting on the plane. Hostile foreign nationals in the country illegally on expired visas should be one focus. RealID will help filter them out.
Well, several of the 9-11 Hijackers *did* have driver licenses that should have never been issued and they *were* on expired visas. RealID would have prevented at least those individiuals from obtaining licences. Secondly, RealID represents a general tightening up of the immigration enforcement mechanisms, which are currently completely inadequate. So for whatever reasons any nation has immigration laws, RealID represents a significant part of better enforcement of those laws. Now if you disagree on the wisdom of having an immigration policy itself, then that is another matter altgether.
You know as well as I do, that it is difficult to move around and conduct normal business (renting a car, getting a hotel room, writing a check) without a valid ID. If your ID is expired, then you have a problem. RealID will expire a license when the visa expires. That will prevent overstayed aliens from being able to easily blend in and move around.
Of course this is slashdot and we are supposed to think alike and reflexively be against anything the government does in the security arena. But I *really do* want to know that the person boarding the airplane with me is who they say they are and not on an expired visa with a fraudulantly obtained ID (like the 9-11 hijackers on expired visas with fraudulantly obtained Virginia driver licences). I *really do* want the government (all of it including state and local subdivisions) to enforce immigration laws and to know if somebody's visa is expired.
So thank you for the information, I will call/fax my senator to let him know that I want him to vote in favor of Real ID.
Or instead of collecting public money and otherwise coding for free, they could take their code and start a business to support it (and themselves).
I can see the write up in Wired magazine now... "Yeah.. I was on the dole and trying to decide between chicken or beef ramen noodles, but then the IPO came and now I'm trying to decide on which color my yacht will be."
I think you are looking for -ignoreSysPrereqs option during the oracle install. That is what I used to make Oracle install on Solaris 10 for sparc because Oracle looks for Solaris 9. However, this would be a dangerous option to use on Linux because there are so may versions of linux/gnu libraries floating around for Linux as opposed to fewer differences between solaris versions. Overriding the prereq check on Linux is likely to cause more trouble than its worth. Better to fix the redhat-release file to fool it on that one issue and allow the install to proceed normally than to have it fail on multiple dependacies with -ignoreSysPrereqs.
CentOS is pretty much an exact copy of RHEL, except for trademark names and artwork, so it should work flawlessly...except for one thing. If the installer is explicitly checking versions, backup and then replace the redhat-release file found in
Sun has already taken this track on Solaris 10 with their Service Management Facility. See SUN's quick summary of SMF
I am still getting used to SMF, and luckily they also keep backwards compatability with the rc.d init scripts.
Provided SMF isn't under 100 patents, maybe LINUX can pickup a few of Sun's good ideas once OpenSolaris comes out later this year.
What would really rock is if the entire EU adopted an anti-DRM strategy. Since international businesses have to abide by EU rulings (if they want to do business in the hugh market that is the EU), such a ruling EU wide would be effectively world-wide. How do ya like them apples, MPAA?
How soon before Sun identifies all the components of Solaris that will be "open source" versus the components that will remain proprietary because of third-party ownership? Right now I only see DTrace as "open" on their web-site. They also say "Expect to see buildable Solaris code here in Q2 2005." Does "buildable Solaris code" just mean a few tools or does it mean a complete working system with kernel and userland?
No doubt, if they can get a basic (but otherwise bootable and working) open source Solaris out there, they community will be able to soon (say within a few years) replace the proprietary components.
A few weeks ago I bought myself a sparc box (netra T1 AC200), and after some initial problems with install media, finally got solaris installed. So far I am favorably impressed.