But the real problem is that there are still many, many, many websites that DO NOT WORK unless you are using MS-Windows with Internet Explorer (and at our nearly 100% Linux shop at work, we know VERY WELL that this is the truth). We can all agree how horrible that is, but it doesn't change anything. So, those wanting to or forced to use IE-only websites might also be forced to upgrade from XP. Welcome to the effects of proprietary lock-in.
> for friends/relatives who run Windows..... > I can entrust to keep the 'my computer's doing weird things' calls to a minimum?"
I feel for you.
I am the only computer geek in my whole extended family and many of my friends. I refuse to support MS-Windows at all. Period. They all know I use Linux exclusively, and I can honestly say that I have no idea how to deal with or remove virii/malware. I will offer general advice about brands, equipment, peripherals, etc, but will not touch their machines nor walk them through anything. I will even give them the phone number of a nice, local shop that does computer work for reasonable prices (and I like the people and trust them; plus I like supporting the local economy and small shops that also offer Linux systems and support too).
But I also offer 100% support for any of them who want to run Linux. And four of them do, and I do everything I can to make sure their systems are setup properly, backed up regularly, work the best possible, answer questions, perform updates, etc.
>but that's probably because ACPI support in Linux sucks ass.
What past decade are YOU stuck in? I bought an EEEPC over a year ago, and right off the bat EVERYTHING worked perfectly- suspend, graphics, webcam, sound, multitouch pad, wifi, etc. Then I trashed the included Linux and installed a different Linux. Guess what? Everything worked perfectly AGAIN.
This doesn't mean there are not problematic situations with certain hardware, but I would hardly called it "sucks ass". It think it is pretty damn good. And it is all the better such that it is open, free, and done WITHOUT much assistance from hardware manufacturers.
Ars' site is certainly not horrible, by any definition. But, no, the animation did NOT stop after a few seconds. To me, it is not as low-key as possible if the ad is animated. Period. (And it doesn't have to be an "ad" to drive me batty while I am trying to read, it is any type of content). Different people have different tolerance levels for different types of annoyances/stimuli. Certainly there are things in YOUR life that annoy you to a similar level... how would you like being told to "get over yourself" regarding those things?
To me, it is like trying to listen to a song with another song playing at the same time. When I am reading, I don't want and can't "tune out" movement. I don't have that "experience" when reading a book, a newspaper, a magazine, a menu, or a manual. And it is precisely WHY most humans have a hard time tuning it out that most ads use movement in the first place... to draw attention to them! They want to be distracting, and they are.
>As it stands, AdBlock is pretty much the nuclear option - wiping out all advertisements because some of them are annoying.
I agree with everything you said, except part of that statement. It is not because SOME of them are annoying, it is because MOST of them are annoying. Big difference.
Turn off adblock and browse a few sites. Then COUNT the ones that are not animated, not too big, don't make sound, don't take over content, don't produce flyouts, etc. My estimate is that less than 10% of ads are non-annoying.
Remember, animation is far more annoying to many people than half of what you listed. If there were a method to block what you and I listed, and yet still display ads that remain, yes, I would give it a try. But I doubt something like that will ever happen.
JS: Any site using forms or other controls, and there are MANY. Example: Netflix. Flash: Any site using Flash to provide content, and there are MANY. Example: Infiniti.
Everything is in the eye of the beholder. YOU might not think it is a big deal, but I do (and so do many others). And no, it is not making excuses. Before there was such a thing as adblockers, I hacked Netscape to "break" animated GIF display (there was no option for turning it off). Then came Flash, which totally ruined major parts of the Web and can't easily be blocked without usually removing useful parts of the site. And now it is AJAX/JS animation, which is nearly impossible to stop without ruining a site.
My beef with animation is very real. As for static Google ads- I actually ENABLE those, because they are small, fast, non-animated, quiet, and *RELEVANT*.
One of the big breakdown factors in end-of-life care is that extremely rarely does the patient or their family pay any of that HUGE amount of money (or they pay very little). It is either private or government insurance footing the bills. Of course life has value, and it would suck to be denied coverage, but most people DON'T CARE about the cost and will sign ANY form to extend life, regardless. I see it all the time. If they had to give up their family home, or sell their cars, or wipe their retirement plans to extend someone's life by a few weeks or months, I doubt the decisions would be the same.
It is an impossible situation to be in with no real solution.
We have been through all this stuff over and over again. People wouldn't have started blocking ads in the first place if they were reasonable ads. These are the reasons I use an ad-blocker:
* Animation- movement of any type * Sound * Popups * Flyouts * More ad space than content space * Slow loading third-party sites
I am so anti-animation (I can't STAND movement on the screen while I am trying to read) that I have to block even non-Ad content (using "Flash Killer" and/or a manual Adblock addition for those sections with movement). Sometimes I even have to resort to killing Javascript ("JS Switch"). I don't want to deny sites revenue, but without being able to block the above types of Ad's, I wouldn't visit (or stay on) a site, anyway- so there is little difference.
Sorry Ars Technica... you can CLAIM your ads are non-intrusive and "quality", but I just visited your site with adblocking off and was immediately met with one highly annoying animated banner and a second, lower-animated, section. At least you only had two.
I am tired of companies trying to turn the Internet into Television.
You are making assumptions that this is a "trusted developer" system that was compromised. There are lots of other types of environments out there, like non-developers ssh'ing in from home. Systems in which you have almost zero control. But your point about keylogging is completely valid.
So... instead of social engineering to get a password, the attacker uses a virus or rootkit, then the intruder can lift the key right off the system. You are shifting from "something you know" to "something you have" (since knowbody KNOWS their key, it has to be stored). I suppose you could combine the two (passwords AND keys) for the utmost in security. But in many cases I don't see how using PKI is all THAT much more secure than passwords for remote access, especially when combined with other measures. I will guess that 99.9999% of ssh breakins are due to brute force attack, not social engineering. So it depends on the type of users and other factors as to which method makes the most sense.
VPN's are annoying and overrated. A simple tarpit delay would immediately solve the issue. The attempts will go from a million to a few hundred, instantly. And excessive logs will evaporate. Even a weak password cannot be brute-forced when the attacker can only make a few attempts per hour or per day. They will quickly give up and move on.
It requires no special setup, no funky scripts, no non-standard ports, hardly any CPU time, no special client software, no re-educating users, no constant admin tweaking, and is self-correcting. A simple 1 to 3 line iptables entry is all you need. This is what I use:/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "sshd_brute_force_block "/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
When the attacker reaches 4 hit counts it will be blocked for 60 seconds before resetting. If the attacker keeps attacking before the 60 seconds are up it will reset the time limit to another 60 seconds. If an honest user messes up, all they have to do is wait a minute before trying again. If you feel you need to make it tighter, just reduce the number of tries to 3 and the timeout to 5 minutes.
I agree that PKI would be more secure, but it is a LOT more hassle for most users. The simple fact is, a tarpit is *extremely* effective. Even a relatively weak password is going to be nearly impossible to break if the attackers are limited to only a few tries per hour or day or whatever.
You want Linux Netflix but won't sign it because you don't think it will help???? NOT signing the petition will CERTAINLY not help. Sure, call if you like, but signing the petition is a good idea and takes a lot less time... they are not mutually exclusive (and yes, I called them also).
Tethering in Palm Linux WebOS on Sprint is easy as pie. Just load MyTether and off you go- no "jailbreaking" (there is no such thing on WebOS, since there is no need) and in minutes you are able to tether with USB, Bluetooth, and multi-client WiFi as a real access point with optional WPA. 3G goodness @ 2Mb/s+:) Of course, it is under the table and should be used responsibly (especially since if you go over your 5GB "unlimited" data plan, Sprint may come a knocking on your door).
I wish they would focus on *ALL* the desktops FIRST, then worry about phones. What about a Linux compatible Netflix player? I know quite a few people who have waited a very long time and are irritated that absolutely nothing has been done.
Yes, many Xterminals were cheaper than the typical fat X86 machines of the say day... and they still are. But many were not... It depended on a lot of factors. And yes, they would have been even cheaper if the volume had caught on.
Either way, I don't disagree with most of what you say- I think the terminology is all whacked. But, I think that is true with a lot of terminology in lots of things.
Originally, we did use Tektronix Xterminals. As the price of X86 machines plummeted, we decided to make our own using Linux.
"Thin client" is not an absolute, it is more a reference to where the applications are actually running. You could have a rather fat machine on a desk (hard drive, OS, etc), but if all or most of the user applications are being run on a host somewhere else, then it is "thin".
The project (LTSP), uses Linux as the base OS for creating machines for which the majority (or all) of applications are run elsewhere.
But I know what you are saying about the terms. It is about as meaningful as "netbook".
VNC on Linux/Unix (or any platform) is *HORRIBLY* slower than native X11... there is no comparison and the technologies are completely different. VNC is also tremendously more network and CPU load on both client AND host.
VNC just unintelligently pushes a bunch of screen bitmap updates on a huge graphic image. X11 is a true windowing/widget/primatives protocol that only draws what it needs and where it needs it and the Xserver does a lot of intelligent stuff. On a good network you can't tell that a program is not running native when remotely served through X (with the exception of motion video).
Don't get me wrong- VNC is extremely useful. And, in fact, we use it for "desktop sharing" to help support people running Xterminals, which, themselves, are running remote X (X clients running on a remote host and displaying on the local Xserver).
We ran 130 Xterminals (Linux machine thin clients) over switched 10-base-T with a 100-FL backbone for many, many years (up until 2 years ago). It worked just fine. The only thing that will kill the network is trying to play video or have Flash, neither of which we support.
Now we have 160 over switched 100-TX with 1000 fiber backbone. It is faster, but not THAT noticeable.
With that logic, airlines should charge MORE for children- especially the ones that scream, cry, or talk the whole way, or kick the seats in front of them!!! (Thank God for earplugs)
On a more serious note- I am a small person, 5'7"150lb and even *I* am uncomfortable in plane seats.
Re:And the zombification of our children continues
on
The Wi-Fi On the Bus
·
· Score: -1, Troll
+++ MOD PARENT UP!!!
This is just so typical. Let's not teach children to behave, have patience. imagination, read books, or anything else. Let's just DISTRACT/ENTERTAIN them.
And how many people think that the majority of the kids are using it to do homework or research or learning?
Slashdot Mirror
>I don't use Internet Explorer, I use Firefox
So do I (plus I don't use MS-Windows).
But the real problem is that there are still many, many, many websites that DO NOT WORK unless you are using MS-Windows with Internet Explorer (and at our nearly 100% Linux shop at work, we know VERY WELL that this is the truth). We can all agree how horrible that is, but it doesn't change anything. So, those wanting to or forced to use IE-only websites might also be forced to upgrade from XP. Welcome to the effects of proprietary lock-in.
> for friends/relatives who run Windows.....
> I can entrust to keep the 'my computer's doing weird things' calls to a minimum?"
I feel for you.
I am the only computer geek in my whole extended family and many of my friends. I refuse to support MS-Windows at all. Period. They all know I use Linux exclusively, and I can honestly say that I have no idea how to deal with or remove virii/malware. I will offer general advice about brands, equipment, peripherals, etc, but will not touch their machines nor walk them through anything. I will even give them the phone number of a nice, local shop that does computer work for reasonable prices (and I like the people and trust them; plus I like supporting the local economy and small shops that also offer Linux systems and support too).
But I also offer 100% support for any of them who want to run Linux. And four of them do, and I do everything I can to make sure their systems are setup properly, backed up regularly, work the best possible, answer questions, perform updates, etc.
>but that's probably because ACPI support in Linux sucks ass.
What past decade are YOU stuck in? I bought an EEEPC over a year ago, and right off the bat EVERYTHING worked perfectly- suspend, graphics, webcam, sound, multitouch pad, wifi, etc. Then I trashed the included Linux and installed a different Linux. Guess what? Everything worked perfectly AGAIN.
This doesn't mean there are not problematic situations with certain hardware, but I would hardly called it "sucks ass". It think it is pretty damn good. And it is all the better such that it is open, free, and done WITHOUT much assistance from hardware manufacturers.
Ars' site is certainly not horrible, by any definition. But, no, the animation did NOT stop after a few seconds. To me, it is not as low-key as possible if the ad is animated. Period. (And it doesn't have to be an "ad" to drive me batty while I am trying to read, it is any type of content). Different people have different tolerance levels for different types of annoyances/stimuli. Certainly there are things in YOUR life that annoy you to a similar level... how would you like being told to "get over yourself" regarding those things?
To me, it is like trying to listen to a song with another song playing at the same time. When I am reading, I don't want and can't "tune out" movement. I don't have that "experience" when reading a book, a newspaper, a magazine, a menu, or a manual. And it is precisely WHY most humans have a hard time tuning it out that most ads use movement in the first place... to draw attention to them! They want to be distracting, and they are.
>As it stands, AdBlock is pretty much the nuclear option - wiping out all advertisements because some of them are annoying.
I agree with everything you said, except part of that statement. It is not because SOME of them are annoying, it is because MOST of them are annoying. Big difference.
Turn off adblock and browse a few sites. Then COUNT the ones that are not animated, not too big, don't make sound, don't take over content, don't produce flyouts, etc. My estimate is that less than 10% of ads are non-annoying.
Or
*animate
Remember, animation is far more annoying to many people than half of what you listed. If there were a method to block what you and I listed, and yet still display ads that remain, yes, I would give it a try. But I doubt something like that will ever happen.
JS: Any site using forms or other controls, and there are MANY. Example: Netflix.
Flash: Any site using Flash to provide content, and there are MANY. Example: Infiniti.
Ars doesn't require either to work properly.
Everything is in the eye of the beholder. YOU might not think it is a big deal, but I do (and so do many others). And no, it is not making excuses. Before there was such a thing as adblockers, I hacked Netscape to "break" animated GIF display (there was no option for turning it off). Then came Flash, which totally ruined major parts of the Web and can't easily be blocked without usually removing useful parts of the site. And now it is AJAX/JS animation, which is nearly impossible to stop without ruining a site.
My beef with animation is very real. As for static Google ads- I actually ENABLE those, because they are small, fast, non-animated, quiet, and *RELEVANT*.
One of the big breakdown factors in end-of-life care is that extremely rarely does the patient or their family pay any of that HUGE amount of money (or they pay very little). It is either private or government insurance footing the bills. Of course life has value, and it would suck to be denied coverage, but most people DON'T CARE about the cost and will sign ANY form to extend life, regardless. I see it all the time. If they had to give up their family home, or sell their cars, or wipe their retirement plans to extend someone's life by a few weeks or months, I doubt the decisions would be the same.
It is an impossible situation to be in with no real solution.
We have been through all this stuff over and over again. People wouldn't have started blocking ads in the first place if they were reasonable ads. These are the reasons I use an ad-blocker:
* Animation- movement of any type
* Sound
* Popups
* Flyouts
* More ad space than content space
* Slow loading third-party sites
I am so anti-animation (I can't STAND movement on the screen while I am trying to read) that I have to block even non-Ad content (using "Flash Killer" and/or a manual Adblock addition for those sections with movement). Sometimes I even have to resort to killing Javascript ("JS Switch"). I don't want to deny sites revenue, but without being able to block the above types of Ad's, I wouldn't visit (or stay on) a site, anyway- so there is little difference.
Sorry Ars Technica... you can CLAIM your ads are non-intrusive and "quality", but I just visited your site with adblocking off and was immediately met with one highly annoying animated banner and a second, lower-animated, section. At least you only had two.
I am tired of companies trying to turn the Internet into Television.
You are making assumptions that this is a "trusted developer" system that was compromised. There are lots of other types of environments out there, like non-developers ssh'ing in from home. Systems in which you have almost zero control. But your point about keylogging is completely valid.
So... instead of social engineering to get a password, the attacker uses a virus or rootkit, then the intruder can lift the key right off the system. You are shifting from "something you know" to "something you have" (since knowbody KNOWS their key, it has to be stored). I suppose you could combine the two (passwords AND keys) for the utmost in security. But in many cases I don't see how using PKI is all THAT much more secure than passwords for remote access, especially when combined with other measures. I will guess that 99.9999% of ssh breakins are due to brute force attack, not social engineering. So it depends on the type of users and other factors as to which method makes the most sense.
VPN's are annoying and overrated. A simple tarpit delay would immediately solve the issue. The attempts will go from a million to a few hundred, instantly. And excessive logs will evaporate. Even a weak password cannot be brute-forced when the attacker can only make a few attempts per hour or per day. They will quickly give up and move on.
It requires no special setup, no funky scripts, no non-standard ports, hardly any CPU time, no special client software, no re-educating users, no constant admin tweaking, and is self-correcting. A simple 1 to 3 line iptables entry is all you need. This is what I use: /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "sshd_brute_force_block " /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
When the attacker reaches 4 hit counts it will be blocked for 60 seconds before resetting. If the attacker keeps attacking before the 60 seconds are up it will reset the time limit to another 60 seconds. If an honest user messes up, all they have to do is wait a minute before trying again. If you feel you need to make it tighter, just reduce the number of tries to 3 and the timeout to 5 minutes.
I agree that PKI would be more secure, but it is a LOT more hassle for most users. The simple fact is, a tarpit is *extremely* effective. Even a relatively weak password is going to be nearly impossible to break if the attackers are limited to only a few tries per hour or day or whatever.
Unfortunately, Sprint doesn't offer a legit service for doing that. But MyTether enables the same functionality.
You want Linux Netflix but won't sign it because you don't think it will help???? NOT signing the petition will CERTAINLY not help. Sure, call if you like, but signing the petition is a good idea and takes a lot less time... they are not mutually exclusive (and yes, I called them also).
Tethering in Palm Linux WebOS on Sprint is easy as pie. Just load MyTether and off you go- no "jailbreaking" (there is no such thing on WebOS, since there is no need) and in minutes you are able to tether with USB, Bluetooth, and multi-client WiFi as a real access point with optional WPA. 3G goodness @ 2Mb/s+ :) Of course, it is under the table and should be used responsibly (especially since if you go over your 5GB "unlimited" data plan, Sprint may come a knocking on your door).
I wish they would focus on *ALL* the desktops FIRST, then worry about phones. What about a Linux compatible Netflix player? I know quite a few people who have waited a very long time and are irritated that absolutely nothing has been done.
Meanwhile, sign this petition: http://www.petitiononline.com/Linflix/
Sure, it might not amount to anything, but you have no right to complain if you haven't at least tried (and this only takes 60 seconds or something).
That's like, dramatic! :)
Seriously, Flightgear is a great game. Congrats!
Yes, many Xterminals were cheaper than the typical fat X86 machines of the say day... and they still are. But many were not... It depended on a lot of factors. And yes, they would have been even cheaper if the volume had caught on.
Either way, I don't disagree with most of what you say- I think the terminology is all whacked. But, I think that is true with a lot of terminology in lots of things.
Originally, we did use Tektronix Xterminals. As the price of X86 machines plummeted, we decided to make our own using Linux.
"Thin client" is not an absolute, it is more a reference to where the applications are actually running. You could have a rather fat machine on a desk (hard drive, OS, etc), but if all or most of the user applications are being run on a host somewhere else, then it is "thin".
The project (LTSP), uses Linux as the base OS for creating machines for which the majority (or all) of applications are run elsewhere.
But I know what you are saying about the terms. It is about as meaningful as "netbook".
VNC on Linux/Unix (or any platform) is *HORRIBLY* slower than native X11... there is no comparison and the technologies are completely different. VNC is also tremendously more network and CPU load on both client AND host.
VNC just unintelligently pushes a bunch of screen bitmap updates on a huge graphic image. X11 is a true windowing/widget/primatives protocol that only draws what it needs and where it needs it and the Xserver does a lot of intelligent stuff. On a good network you can't tell that a program is not running native when remotely served through X (with the exception of motion video).
Don't get me wrong- VNC is extremely useful. And, in fact, we use it for "desktop sharing" to help support people running Xterminals, which, themselves, are running remote X (X clients running on a remote host and displaying on the local Xserver).
We ran 130 Xterminals (Linux machine thin clients) over switched 10-base-T with a 100-FL backbone for many, many years (up until 2 years ago). It worked just fine. The only thing that will kill the network is trying to play video or have Flash, neither of which we support.
Now we have 160 over switched 100-TX with 1000 fiber backbone. It is faster, but not THAT noticeable.
With that logic, airlines should charge MORE for children- especially the ones that scream, cry, or talk the whole way, or kick the seats in front of them!!! (Thank God for earplugs)
On a more serious note- I am a small person, 5'7"150lb and even *I* am uncomfortable in plane seats.
+++ MOD PARENT UP!!!
This is just so typical. Let's not teach children to behave, have patience. imagination, read books, or anything else. Let's just DISTRACT/ENTERTAIN them.
And how many people think that the majority of the kids are using it to do homework or research or learning?