In cooperation with the Clinton Administration's plea for there to be no hacking incidents on the eve of the new year, I resolve not to take out any of the code I'm working on and improve on it.
I just hope the crackers don't do anything meanspirited tonight.:-)
I'll happily reside anywhere the courts have ruled ITAR's crypto regs unconstitutional, so I can actually work on crypto code and share it with the rest of the world.
Since we're apparently battling with semantics here, let me point out that Mr. Phelps was giving a very noncommittal answer (``smells like a hoax'') rather than calling it an outright hoax. It wasn't too smart of him; but he did at least partially do The Right Thing(TM).
In any event, your first post sounded to me like you were propagating the myth that it was indeed a hoax; I would have qualified it a little better. For the misunderstanding, I apologize.
Eventually, every software company in the world is going to figure out that if they look good to Slashdot, they'll be more successful.
While I don't contest that ``looking good to/.'' is usually a good thing, I don't think the sheer act of pleasing the populace here is necessarily a winning situation in all cases. Let's face it,/.ers (myself included) don't always take the reasonable course.
Eventually, ISPs are just going to blackhole the networks that source denial of service attacks, because eventually it is your responsibility for being vulnerable, rather than the attacker's responsibility for exploiting you.
IIRC, haven't initiatives to blackhole smurf amplifiers been around for awhile? I think the threats certainly got a lot done; but an ISP, unless they are having serious troubles, has to contend with their stupid user base first complaining about not being able to access such-and-such a site.
The same problem exists (regrettably) with spam. I would LOVE it if ISPs everywhere could run MAPS on their servers, but they just can't, because the stupid user base would scream bloody murder, not understanding the implications. Any kind of filtering, no matter how intelligent, is going to block legitimate mail as well.
I'm very interested in the HURD-based Debian. I have yet to try it because I'm still working on piecing (is that spelled right? it looks wrong) together a Linux box capable of installing it.
Has anyone out there tried Debian/HURD, and what are your impressions?
Apple is definitely to be commended here. I just hope that where MacOS 9 is deployed, the system owners will respond as quickly in updating their systems. I suspect the knowledgable network admins probably will. The earlier comment about liability scares the shit out of me but might be a good motivation.
I would wager by the fact that it's been confirmed by Apple labs and is detailed in a PGP-signed CERT advisory that you can stop calling it a hoax now.
Normally people do things like prove that vulnerabilities do not exist (by testing or by intimate knowledge of the way a system is designed) before calling them hoaxes. Since I had no access to MacOS 9, and no verifiable sources were saying that it was a hoax, I was definitely not going to propagate that rumor.
Security problems are real. Let's help them get solved instead of shooting off our mouths.
This may very well be a strawman, but I think not.
My question is: say it's illegal to link to MP3z or warez, because it is said to be, in effect, distributing illegal music or software
Is it also then illegal to say that in Grand Rapids, Michigan, you can find prostitutes on S. Division, because that would be (in effect) soliciting prostitutes?
In Michigan, it's ``you're required to report it all, and we really really mean it.'' I know that some larger online/mailorder places have deals with certain states to collect sales tax for states where they do not do business if they are selling to a resident of that state. I know the states would love for all retailers to do this.
Congress could actually exercise its constitutional power (``regulate interstate commerce'', as opposed to all the other powers they seem to think they have but should be given to the states) and require online/mailorder retailers to do this in all situations. I imagine they probably will as online retailers start picking up more and more steam. I would not be opposed to this specifically, since it is not an additional ``Internet tax'', just a better way of collecting the taxes. However, any tax specifically on goods or services purchased online would meet with my and many others' strong resistance.
As for international sales, aren't duties and tariffs such already supposed to be collected, regardless of the method of sale?
However: within a few months of the debut of the first affordable dual-layer DVD burner will follow the debut of the first DVD player capable of bit-for-bit copy, thus making the entire CSS encryption scheme a moot point.
I doubt it. I am personally surprised that CD-R's are capable of bit-for-bit copy, given the far reach of the record industry (or that there is even CD-MP3 ripping software in existence). If anyone even thinks of introducing a DVD burner with bit-for-bit copy capabilities, you can bet there will be a flurry of suits insuring that it doesn't go out the door with the capability to copy those keys.
Shrug. I could really care less if it's more popular or not. It works wonderfully for me, and at the time that I switched from Linux, it worked much better. Popularity be damned.
I've contributed a few ports to FreeBSD. I contribute in the little ways that I can because I believe in BSD and know that if no-one contributed at all, BSD would indeed die. (In the BSD-kernelled Debian threads, someone seemed to think that BSD was dying ``because of its license''. I would challenge that by asking them if ``not dying'' means ``growing to an unmanageable size''.) By the same token, if contributions to Linux stopped, Linux would die.
I believe in BSD because it works, and because the source code is open (though some seem to think that anything non-GPL'd is not ``open'' -- we need not rehash those arguments here.) I can do with it what I want.
The community spirit of BSD ensures -- without encumbrance of license -- that BSD will be around as long as there are still people working on it.
You should consider reading the article before you criticize it. (Who moderated this guy up?)
Amen. ESR was lamenting the parallels that will be drawn, like it or not -- and parallels that indeed should be drawn so that folks notice this important dilemma. Let's face it, there was nothing stopping folks from cheating before; open sourcing the client just made it easier for those with less time on their hands.
You need to operate in paranoia mode whenever you are designing protocols or server applications. Never trust the client. Trusting the client to supply ``good data'' is what has filled the Web with weak CGIs (and I must note that these appear on both open source and closed source platforms.)
Nobody moderated him up, BTW. He has High Karma(TM).
Speaking of ``the right thing'', wouldn't it be ingenious of them to pull an RSAREF on PageRank -- but rather than say ``for noncommercial use only'', require use of the algorithms to be GPL'd?
Kind of a silly idea, and certainly will not sit well with quite a few OSS folk (I personally find some fault in it), but it's a neat idea nonetheless.
A few years back the one-click shopping and banner adds were not as 'obvious' as they are now...
Patenting ``one-click shopping'' is just preposterous. You might as well have patented cookies. And if you did, you'd shoot yourself in the foot, because another solution would be found to the problem, and you wouldn't even see cookie support in browsers.
Banner ads, OTOH, depend on being widespread and the concept being freely available to catch on. I doubt you could patent them if you tried, though with the government existing as it does today, I won't take any bets.
Now Google's technology would obviously be a great boon if it was published. I'd love to see it. But Google's patent extends to what amounts to their entire business, and does not extend to the protocols that folks need to depend on to communicate with their server. It's all behind the scenes and it provides a better product. On top of that, the patent's existence ensures that down the road, we'll all be treated to a good description of it that we can use.
The BIOS is only a factor up until boot time with a ``real'' OS such as Linux or FreeBSD. I had an old crappy Acer Aspire which thought it could read a 3.7GB drive but definitely could not, hosing it at every step of the way. However, once FreeBSD booted off a floppy, it was just fine. So I created a custom boot floppy and just left it in the drive.:-)
That said, 8 GB should be your hard limit there, though I do not speak from experience and just hearsay. LBA is required to even access drives above 8 GB because they exceed the IDE specs.
I was thinking about this the other day -- idiot-proofing Linux.
The only way you're going to do it is by the following:
Making sure that every last need that your end-user can have is covered by the GUI configuration tool.
Locking down all the scripts so they can't ever touch them, and auditing every last package to make sure it doesn't do anything ``unexpected''.
Let's face it, no computer is idiot-proof. (How many times have I, in my past life as a T/S whipping boy, had to help someone clean up a mess that they or another program made by doing something M$ never predicted?) And I don't think anyone is going to be able to anticipate every one of the end-user's needs -- that is what set-top boxes are for:-)
And in any event, once you idiot-proofed it (assuming you could), who would buy (into) it? How many people are swayed by promises of power when their needs are probably much better met with a lack of power?
I don't think there needs to be a standard user interface per se, but there is a need for standards on user interface behavior.
Common functions of all user interfaces (for example, generating program launch icons or registering file types with a file manager) could be abstracted to an API, or better yet a program that could be called, so that software vendors could release a program with an installer that would work cross-UI and cross-platform, registering itself with package managers and adding itself to launch menus along the way.
Just remember -- you don't need an rpm package to register your package with the rpm system. The FreeBSD ports system handles this rather well, registering programs with the package system as it goes yet never actually creating a package per se. (Note: I'm not claiming FreeBSD is the solution to this problem):-)
It is? Awesome! I hereby announce my intention to take the tax code and fork a new project off it. I think I can convince quite a few folks to join up.:-)
I'll start by adding in a contribution to the ``poor coders' relief fund''. This will neither increase your tax nor decrease your refund, of course.:-)
Doubtless we'll see an international (probably German):-) effort to do this surface not that far down the road.
I wonder how much of it they'll have to code, though. NC4's crypto code has its own rather large ``preferences'' dialog for managing the certs and all. that...
Re:Maybe we'll see FreeBSD binaries again now :-)
on
Mozilla M12 Released
·
· Score: 1
Are you on 3.4?
Maybe we'll see FreeBSD binaries again now :-)
on
Mozilla M12 Released
·
· Score: 4
It seems that one great side effect Mozilla has had is pushing lots of open source OS's hard to fix various problems that they've had. A few months ago we saw a problem with threads and glibc on Linux that Mozilla exposed hardest and best.
Now, according to bug #14676, Mozilla has exposed some trouble in FreeBSD's dlopen() which has subsequently been fixed, making FreeBSD a better OS.
Slashdot Mirror
I will pee on 14 copies of VB next year. :-)
In cooperation with the Clinton Administration's plea for there to be no hacking incidents on the eve of the new year, I resolve not to take out any of the code I'm working on and improve on it.
I just hope the crackers don't do anything meanspirited tonight. :-)
I'll happily reside anywhere the courts have ruled ITAR's crypto regs unconstitutional, so I can actually work on crypto code and share it with the rest of the world.
Oh, I suppose I'll need a good job too :-)
Since we're apparently battling with semantics here, let me point out that Mr. Phelps was giving a very noncommittal answer (``smells like a hoax'') rather than calling it an outright hoax. It wasn't too smart of him; but he did at least partially do The Right Thing(TM).
In any event, your first post sounded to me like you were propagating the myth that it was indeed a hoax; I would have qualified it a little better. For the misunderstanding, I apologize.
While I don't contest that ``looking good to /.'' is usually a good thing, I don't think the sheer act of pleasing the populace here is necessarily a winning situation in all cases. Let's face it, /.ers (myself included) don't always take the reasonable course.
IIRC, haven't initiatives to blackhole smurf amplifiers been around for awhile? I think the threats certainly got a lot done; but an ISP, unless they are having serious troubles, has to contend with their stupid user base first complaining about not being able to access such-and-such a site.
The same problem exists (regrettably) with spam. I would LOVE it if ISPs everywhere could run MAPS on their servers, but they just can't, because the stupid user base would scream bloody murder, not understanding the implications. Any kind of filtering, no matter how intelligent, is going to block legitimate mail as well.
I'm very interested in the HURD-based Debian. I have yet to try it because I'm still working on piecing (is that spelled right? it looks wrong) together a Linux box capable of installing it.
Has anyone out there tried Debian/HURD, and what are your impressions?
Apple is definitely to be commended here. I just hope that where MacOS 9 is deployed, the system owners will respond as quickly in updating their systems. I suspect the knowledgable network admins probably will. The earlier comment about liability scares the shit out of me but might be a good motivation.
I would wager by the fact that it's been confirmed by Apple labs and is detailed in a PGP-signed CERT advisory that you can stop calling it a hoax now.
Normally people do things like prove that vulnerabilities do not exist (by testing or by intimate knowledge of the way a system is designed) before calling them hoaxes. Since I had no access to MacOS 9, and no verifiable sources were saying that it was a hoax, I was definitely not going to propagate that rumor.
Security problems are real. Let's help them get solved instead of shooting off our mouths.
There is also a CERT advisory covering this and a few other DoS's (i.e. TFN2K). The CERT advisory is available at http://www.cer t.org/advisories/CA-99-17-denial-of-service-tools. html.
This may very well be a strawman, but I think not.
My question is: say it's illegal to link to MP3z or warez, because it is said to be, in effect, distributing illegal music or software
Is it also then illegal to say that in Grand Rapids, Michigan, you can find prostitutes on S. Division, because that would be (in effect) soliciting prostitutes?
Just a thought. :-)
In Michigan, it's ``you're required to report it all, and we really really mean it.'' I know that some larger online/mailorder places have deals with certain states to collect sales tax for states where they do not do business if they are selling to a resident of that state. I know the states would love for all retailers to do this.
Congress could actually exercise its constitutional power (``regulate interstate commerce'', as opposed to all the other powers they seem to think they have but should be given to the states) and require online/mailorder retailers to do this in all situations. I imagine they probably will as online retailers start picking up more and more steam. I would not be opposed to this specifically, since it is not an additional ``Internet tax'', just a better way of collecting the taxes. However, any tax specifically on goods or services purchased online would meet with my and many others' strong resistance.
As for international sales, aren't duties and tariffs such already supposed to be collected, regardless of the method of sale?
I doubt it. I am personally surprised that CD-R's are capable of bit-for-bit copy, given the far reach of the record industry (or that there is even CD-MP3 ripping software in existence). If anyone even thinks of introducing a DVD burner with bit-for-bit copy capabilities, you can bet there will be a flurry of suits insuring that it doesn't go out the door with the capability to copy those keys.
Shrug. I could really care less if it's more popular or not. It works wonderfully for me, and at the time that I switched from Linux, it worked much better. Popularity be damned.
I've contributed a few ports to FreeBSD. I contribute in the little ways that I can because I believe in BSD and know that if no-one contributed at all, BSD would indeed die. (In the BSD-kernelled Debian threads, someone seemed to think that BSD was dying ``because of its license''. I would challenge that by asking them if ``not dying'' means ``growing to an unmanageable size''.) By the same token, if contributions to Linux stopped, Linux would die.
I believe in BSD because it works, and because the source code is open (though some seem to think that anything non-GPL'd is not ``open'' -- we need not rehash those arguments here.) I can do with it what I want.
The community spirit of BSD ensures -- without encumbrance of license -- that BSD will be around as long as there are still people working on it.
Amen. ESR was lamenting the parallels that will be drawn, like it or not -- and parallels that indeed should be drawn so that folks notice this important dilemma. Let's face it, there was nothing stopping folks from cheating before; open sourcing the client just made it easier for those with less time on their hands.
You need to operate in paranoia mode whenever you are designing protocols or server applications. Never trust the client. Trusting the client to supply ``good data'' is what has filled the Web with weak CGIs (and I must note that these appear on both open source and closed source platforms.)
Nobody moderated him up, BTW. He has High Karma(TM).
Speaking of ``the right thing'', wouldn't it be ingenious of them to pull an RSAREF on PageRank -- but rather than say ``for noncommercial use only'', require use of the algorithms to be GPL'd?
Kind of a silly idea, and certainly will not sit well with quite a few OSS folk (I personally find some fault in it), but it's a neat idea nonetheless.
Patenting ``one-click shopping'' is just preposterous. You might as well have patented cookies. And if you did, you'd shoot yourself in the foot, because another solution would be found to the problem, and you wouldn't even see cookie support in browsers.
Banner ads, OTOH, depend on being widespread and the concept being freely available to catch on. I doubt you could patent them if you tried, though with the government existing as it does today, I won't take any bets.
Now Google's technology would obviously be a great boon if it was published. I'd love to see it. But Google's patent extends to what amounts to their entire business, and does not extend to the protocols that folks need to depend on to communicate with their server. It's all behind the scenes and it provides a better product. On top of that, the patent's existence ensures that down the road, we'll all be treated to a good description of it that we can use.
The BIOS is only a factor up until boot time with a ``real'' OS such as Linux or FreeBSD. I had an old crappy Acer Aspire which thought it could read a 3.7GB drive but definitely could not, hosing it at every step of the way. However, once FreeBSD booted off a floppy, it was just fine. So I created a custom boot floppy and just left it in the drive. :-)
That said, 8 GB should be your hard limit there, though I do not speak from experience and just hearsay. LBA is required to even access drives above 8 GB because they exceed the IDE specs.
I was thinking about this the other day -- idiot-proofing Linux.
The only way you're going to do it is by the following:
Making sure that every last need that your end-user can have is covered by the GUI configuration tool.
Locking down all the scripts so they can't ever touch them, and auditing every last package to make sure it doesn't do anything ``unexpected''.
Let's face it, no computer is idiot-proof. (How many times have I, in my past life as a T/S whipping boy, had to help someone clean up a mess that they or another program made by doing something M$ never predicted?) And I don't think anyone is going to be able to anticipate every one of the end-user's needs -- that is what set-top boxes are for :-)
And in any event, once you idiot-proofed it (assuming you could), who would buy (into) it? How many people are swayed by promises of power when their needs are probably much better met with a lack of power?
I don't think there needs to be a standard user interface per se, but there is a need for standards on user interface behavior.
Common functions of all user interfaces (for example, generating program launch icons or registering file types with a file manager) could be abstracted to an API, or better yet a program that could be called, so that software vendors could release a program with an installer that would work cross-UI and cross-platform, registering itself with package managers and adding itself to launch menus along the way.
Just remember -- you don't need an rpm package to register your package with the rpm system. The FreeBSD ports system handles this rather well, registering programs with the package system as it goes yet never actually creating a package per se. (Note: I'm not claiming FreeBSD is the solution to this problem) :-)
It is? Awesome! I hereby announce my intention to take the tax code and fork a new project off it. I think I can convince quite a few folks to join up. :-)
I'll start by adding in a contribution to the ``poor coders' relief fund''. This will neither increase your tax nor decrease your refund, of course. :-)
Who will take a bet that these chosen few will end up killing themselves (accidentally, of course) before January 1 rolls around?
This isn't about survival, it's about looking for the next Darwin Award winners :-)
Doubtless we'll see an international (probably German) :-) effort to do this surface not that far down the road.
I wonder how much of it they'll have to code, though. NC4's crypto code has its own rather large ``preferences'' dialog for managing the certs and all. that...
Are you on 3.4?
It seems that one great side effect Mozilla has had is pushing lots of open source OS's hard to fix various problems that they've had. A few months ago we saw a problem with threads and glibc on Linux that Mozilla exposed hardest and best.
Now, according to bug #14676, Mozilla has exposed some trouble in FreeBSD's dlopen() which has subsequently been fixed, making FreeBSD a better OS.
Mozilla is a Good Thing(R). :-)