I'm not really clear what you're saying -- hard to parse. Are you saying government wouldn't do this because they couldn't screw people over with it? Or that it would make identity theft easier since people would have misplaced faith that a public-key sig is always 100% perfect?
But you did remind me of another reason I thought personal keys would be unworkable, and that's simply the fact that people would store them on their insecure computer systems. What if Blaster didn't just reboot systems, but also grabbed unlocked keys from memory and sprayed them all over the place, so they eventually would reach the worm's originator?
I've always been of the mind that you should be able to get a (PGP, X.509, whatever) key signed when you go to get your drivers' license or ID card renewed, or equivalent in non-US countries. Certifying people's identities is certainly something governments should be able to do.
Of course, I suppose there's a potentially justified fear that if they decide to become involved in that, you'd better hand over your private key at the same time...
1. Don't provide free services for people, unless you know and trust them.
That's right, sounds about like the internet used to work...back when there were less than 100 people here...
The Internet still works that way, really. If you're providing a free service to someone that they can abuse, you have a responsibility to make sure you trust them with that service. For example, even with countless millions on the Internet, I still only permit a few close trusted friends shell access to my box on the Internet, and they reciprocate. Nothing about it being 2003 obligates me to share to any more people than I do. I don't understand your logic.
The difference? The latter doesn't require compilation.
(At the risk of being uninformed, like the parent post, would it not be true that hotplug is only going to deal with hotplug PCI and USB devices? discover, OTOH, deals with PCI, ISAPNP, etc. etc. etc.)
But the GPL doesn't let me do that. If I want to link GPL code with otherwise free (even by RMS's standards) but GPL-incompatible code, I can't. Those are my terms. The GPL doesn't meet them. The LGPL does, and thankfully more people are starting to realize that and LGPL their code instead.
Just by way of contrast, if you're a licensed user of a Microsoft development product, you can link your code that uses any license with its runtimes...
No; it's still GPL-incompatible. I am not convinced, however, that GPL-incompatibility is in any stretch a black mark on any license.
GPL compatibility is like a one-way gift. You bow to the "all-GPL" crowd by allowing them to use your code on their terms, but they don't reciprocate by giving you the right to use their code on your terms.
I won't join the ACLU because they seem rather keen on taking away my freedoms, such as the freedoms of my children to practice their religion in public places.
But I'm a Christian white male, so I don't deserve any freedom, right? Or at least that's what I keep getting told.
When I used Gentoo, I did have to reinstall it a few times. Things may have gotten better since, but having been a packager for OpenBSD awhile, and observing how most ebuilds were constructed at the time, I was frankly shocked things didn't fall apart more often.
The biggest problem was a blatant disregard for the fact that just about any given open source package is going to compile differently based on what's on your system unless you very, very explicitly specify its intended feature set beforehand. Not observing that gives you a nice system at the time, but one that is absolute hell to upgrade or slim down.
You need predictable dependencies, and that's one of the key reasons I swear by Debian.
Funny, I'm getting bugfixes and updates all the time in Debian unstable for the packages you mention. And someone did recompile them, although it sure as hell wasn't me, thank God. My computer has more important things to do.
Which only gauges interest, and frankly, when I was a Gentoo user for that brief period of time last year (coming from BSD at the time), it seemed like DistroWatch was pushed a lot on the Gentoo forums. So, it really doesn't surprise me that Gentoo has a lot of hits there.
I'm not aware of any good way to measure Linux distribution use.
It's really just for the same type of people that overclock everything because they need "that last little bit", then fail to take into account their system's shortened lifespan, the time spent getting it OC'd in the first place, etc. Explaining to this type of person that there is a contradiction in their reasoning is simply a waste of time.
Slashdot Mirror
I'm not really clear what you're saying -- hard to parse. Are you saying government wouldn't do this because they couldn't screw people over with it? Or that it would make identity theft easier since people would have misplaced faith that a public-key sig is always 100% perfect?
But you did remind me of another reason I thought personal keys would be unworkable, and that's simply the fact that people would store them on their insecure computer systems. What if Blaster didn't just reboot systems, but also grabbed unlocked keys from memory and sprayed them all over the place, so they eventually would reach the worm's originator?
I heard it was pretending to be a lady while flirting...
I've always been of the mind that you should be able to get a (PGP, X.509, whatever) key signed when you go to get your drivers' license or ID card renewed, or equivalent in non-US countries. Certifying people's identities is certainly something governments should be able to do.
Of course, I suppose there's a potentially justified fear that if they decide to become involved in that, you'd better hand over your private key at the same time...
Bradley Kuhn says it was ptrace.
That's not what Bradley Kuhn says. He says ptrace, and it was actually done between the time the exploit was made and the time Linux was patched.
And the mods who considered the parent post "flamebait" reveal their true motivations. But I suppose I'm not really surprised...
The Internet still works that way, really. If you're providing a free service to someone that they can abuse, you have a responsibility to make sure you trust them with that service. For example, even with countless millions on the Internet, I still only permit a few close trusted friends shell access to my box on the Internet, and they reciprocate. Nothing about it being 2003 obligates me to share to any more people than I do. I don't understand your logic.
Oh, come now.
Gentoo: emerge -k hotplug; rc-update add hotplug default
Debian: apt-get install discover hotplug
The difference? The latter doesn't require compilation.
(At the risk of being uninformed, like the parent post, would it not be true that hotplug is only going to deal with hotplug PCI and USB devices? discover, OTOH, deals with PCI, ISAPNP, etc. etc. etc.)
These computers?
(adjusting tinfoil hat)
Heh. Now, where have I heard an idea as dumb as that before?
Oh yeah, here.
But the GPL doesn't let me do that. If I want to link GPL code with otherwise free (even by RMS's standards) but GPL-incompatible code, I can't. Those are my terms. The GPL doesn't meet them. The LGPL does, and thankfully more people are starting to realize that and LGPL their code instead.
Just by way of contrast, if you're a licensed user of a Microsoft development product, you can link your code that uses any license with its runtimes...
No; it's still GPL-incompatible. I am not convinced, however, that GPL-incompatibility is in any stretch a black mark on any license.
GPL compatibility is like a one-way gift. You bow to the "all-GPL" crowd by allowing them to use your code on their terms, but they don't reciprocate by giving you the right to use their code on your terms.
I won't join the ACLU because they seem rather keen on taking away my freedoms, such as the freedoms of my children to practice their religion in public places.
But I'm a Christian white male, so I don't deserve any freedom, right? Or at least that's what I keep getting told.
That's because you took the quote out of context. Add these lines:
Yours truly
Darl C. McBride
Now it becomes very obvious. :-)
Try emerge-ing anything on that same Thinkpad...
When I used Gentoo, I did have to reinstall it a few times. Things may have gotten better since, but having been a packager for OpenBSD awhile, and observing how most ebuilds were constructed at the time, I was frankly shocked things didn't fall apart more often.
The biggest problem was a blatant disregard for the fact that just about any given open source package is going to compile differently based on what's on your system unless you very, very explicitly specify its intended feature set beforehand. Not observing that gives you a nice system at the time, but one that is absolute hell to upgrade or slim down.
You need predictable dependencies, and that's one of the key reasons I swear by Debian.
Funny, I'm getting bugfixes and updates all the time in Debian unstable for the packages you mention. And someone did recompile them, although it sure as hell wasn't me, thank God. My computer has more important things to do.
Which only gauges interest, and frankly, when I was a Gentoo user for that brief period of time last year (coming from BSD at the time), it seemed like DistroWatch was pushed a lot on the Gentoo forums. So, it really doesn't surprise me that Gentoo has a lot of hits there.
I'm not aware of any good way to measure Linux distribution use.
It's really just for the same type of people that overclock everything because they need "that last little bit", then fail to take into account their system's shortened lifespan, the time spent getting it OC'd in the first place, etc. Explaining to this type of person that there is a contradiction in their reasoning is simply a waste of time.
Far more than $199 if it's a server, which is the typical Linux config today.
As for desktop use -- Windows desktops also require client access licenses to the Windows server, do they not?
So, on a "properly configured FreeBSD", the shell magically divines my intent? Color me impressed.
So the legal defense fund for GPL contributors is only for commercial interests? I didn't see that anywhere.
I use exclusively Mozilla (work) and Firebird (home), and have had no trouble.
Except that it doesn't work, unless you intended to try to execute /dev/audio.
Well, they would win, except their toy budget far exceeds those of any non-geek.