Actually, with Linux, you don't need the root password. You just need physical access to the machine. Reboot it. If running LILO, enter linux init=/bin/sh ; if running GRUB, edit the boot command line and include init=/bin/sh in it somewhere. Press RETURN. When you get the # prompt, enter # mount -oremount/ to make the disk writable # awk '/^root/{print}'/etc/shadow >/old_root_password to make a copy of the old scrambled root password, # passwd and enter a password you can remember. Twice. # init 6 to reboot the machine again. You can now log in as root, using the password you supplied. No need for any special weapons, boot discs &c. This is one you can carry entirely in your head.
To restore the original root password, the sequence is # awk '!/^root/{print}'/etc/shadow >>/old_root_password
# cp -f/old_root_password/etc/shadow
# rm -f/old_root_password - don't use this till the last minute, because the password will be changed as soon as you modify/etc/shadow. I don't know if this works on other Unix systems.
You can firmware-upgrade many optical drives just by loading a disc with the firmware on it. The drive reads the TOC, spots a telltale filename, checks the file for telltale data and if it seems correct, loads up its new firmware. This doesn't involve the OS at all. You could plug the drive into just a PSU, no connection to a motherboard even, and upgrade it.
The assumption is that if you have physical access to the machine, you can do what you want with it anyway.
Second, exploits in programs. This is harder to secure, since you can never know whether your mail client or your web browser (or one of its myriad plugins) has such a vulnerability.
By reading and understanding the Source Code, you can get a reasonably good idea about what your mail client or your web browser (or one of its myriad plugins) might be doing. Statistically, any given vulnerability is more likely to be discovered this way by a Good Guy than by a Bad Guy (since the former are more numerous than the latter).
Your best bet is to use something that has nearly no market share (and is thus not interesting for commercial malware users).
But the lower the market share, the fewer the number of Good Guys reading the Source Code. I'd certainly rather use something such as Firefox (which is getting much attention) and remember to stay on top of updates, than use something obscure.
The MBR is a vulnerability by definition. Almost the only way to protect it is by having a jumper on the HDD itself, which must be fitted to enable writing to the MBR and must be removed to enable booting. That means that everytime you want to install a bootstrap loader, you will have to open up the machine and muck about inside it.
Question is, is the threat from the MBR vulnerability significant enough to warrant such a drastic solution?
The fourth problem is probably ADA-compliant voting. This means that handicapped people of all sorts have to be accomodated on request without requiring assistance. If they can talk to a lawyer, they better be able to vote without needing help.
Can someone explain to me why a disabled person can't just take a carer of their own choosing (and therefore whom they trust) in with them to help them vote?
You don't need half that complication. A simple hand punch (with one of many difficult-to-duplicate patterns), issued at random by the Returning Officer to the polling station on the morning of the election and collected at the close of polling, would be enough. Ballot papers are printed identical, and simply punched on issue. Punched ballot papers are not allowed out of the polling station, except in the ballot box or the "spoiled ballots" envelope, and people who (are supposed to) have voted already are not allowed back near the ballot box. There's a possibility that someone could communicate the pattern made by the punch to the outside world, but in practice this is of limited relevance. Nobody knows what the pattern on the punch will be until election day, which makes it hard to falsify -- who's going to keep a collection of fake special punches on standby, just to rig a few hundred votes?
The problem was that in Florida, the ballots were marked by machine, and counted by machine. The crux of the matter was that the machines were not behaving properly.
The way to eliminate the problem of machine unreliability is to mark the ballots by hand and count them by hand.
There are no "machines that validate the paper votes". The paper votes are counted by people. Usually, the candidates themselves, each with one representative.
How it works: The ballot papers are emptied into the middle of the table. Everyone pulls out all the papers with a figure "1" next to their name, counts their pile and writes down the number of votes. Everyone then passes their pile of papers to the left, counts the ones from the person on their right, and so on. When each person has counted each pile, everyone compares their counts. If all agree, the result is announced; if there is any disagreement, the counting is repeated until all parties are satisfied. If necessary, eliminate weakest candidate and count up votes with a "2" next to each name, and so forth until we have a winner.
None of the candidates trust one another, which is enough by itself to ensure that everyone behaves fairly.
How come it took *11* posts before someone mentioned this?
Re:The best tools stay out of the way...
on
Goodbye Cruel Word
·
· Score: 4, Insightful
WYSIWYG is at best overrated and at worst deleterious.
"Writing" is actually two domains: that of the author, and that of the calligrapher / typesetter. These domains are, to a surprising extent, independent: a manuscript can be full of scratchings-out, ink blots &c. yet still manipulate the emotions of a reader able to overlook the presentation, and beautifully laid-out text can still be nonsense.
Traditionally, manuscripts were created using pen and ink, or simple fixed-font, monospace typewriters; and someone at the publishing company dealt with setting books in type. WYSIWYG word processors have broken this natural abstraction. Ultimately, WYSIWYG software distracts you from being an author, by creating fancy (but ultimately irrelevant) calligraphic effects. (And in particularly bad cases, you get people who don't know any better trying to lay out a document using spaces; but let's not go there.)
The author who uses a simple text editor with a monospaced font is freed from having to worry how the final output will look, and can get on with the business of writing words.
Why would someone pay for a binary when the source is available?
Why would someone pay for a binary when the binary is available?
There are lots of commercial programs distributed without Source Code, and that does not seem to deter the making of unauthorised copies. There seems no reason to assume that provision of Source Code would lead to an increase in unauthorised copying. And just because you are giving someone the Source Code, there is nothing to stop you from doing so under a no-copying licence, such as the commercial licences for PGP, Qt, MySQL &c., or the kind of licences under which Skype, Opera and Flash Source Code are distributed (and Java used to be distributed before it went GPL). You get the Source Code, and you can build and verify it, but you aren't allowed to pass it on willy-nilly.
In which case, you need only boot from some convenient media you remembered to bring with you (in the same pocket as the screwdriver and the shorting link which you might need to reset the BIOS password in order to change the boot order).
A good look in/proc and the output of lsmod while you have remote access will help you pin down the motherboard to a manageable number of possibilities where the password reset jumper is (but if you have to wing it, the jumper in question is most often close to the lithium battery and is actually 3 pins with 1-2 already joined; swap the jumper from 1-2 to 2-3, wait 30 seconds and replace it on 1-2 to restore all settings to factory defaults and no password).
If someone has physical access to a box, you really have to assume it's goodnight vienna.
And that would be a sensible way to implement a Caged virus-checker: as a Caged module for Fuse, implementing its own filesystem with built-in virus checking.
On the other hand, the Unix security model inherited by Linux includes permissions (which make it much less likely for things to get executed that should not get executed) and ownerships (which make it less likely for things to get modified that should not get modified). Sensible default behaviours (for example, not running as root except when necessary, always saving e-mail attachments and downloaded files with execute OFF and only running binaries that were compiled by you or your OS distributor) go a long way towards minimising the threats. And while there is still a risk due to insecurities in things such as image handling libraries, the probability of those insecurities being discovered is that much a greater if the code is out in the open.
That, I think, is the real threat to McAfee: When everyone in town is or knows a qualified roof mender, you don't need to sell special expensive proprietary drip buckets.
And don't forget, many of those 7% may not be biologists.
Physics describes how particles of matter interact. Chemistry builds on physics to describe what happens when particles of certain kinds of matter interact with particles of certain other kinds of matter. Biology builds on chemistry and physics to describe what happens when series of chemical interactions become self-sustaining.
It wouldn't be illogical for a physicist or chemist not to believe a theory which explains biology beautifully, because that is outside their discipline.
Science is based on the idea that all phenomena are explainable and endeavours to find explanations through observation, experimentation and the progressive incremental refinement of theories. Religion is based on the idea that some things are beyond explanation, and must be accepted as Mysteries by believers. These two premises are about as irreconcilable as you can get. Either Science will progress to a point where all religious Mysteries can be explained in scientific terms, or a proof will be established that shows why certain things are beyond explanation. (Cf. how you cannot determine five variables given a system of four simultaneous equations.)
Evolution provides such a good explanation for biodiversity that it becomes unnecessary to invoke God, except for the awkward questions of the origin of the universe and the origin of life. You can bodge in a kind of "wind it up and let it go", deist God, but this still ends up leaving unanswered questions: If a God could come spontaneously into existence from nowhere, why couldn't a ready-made, non-God-requiring universe come spontaneously into existence from nowhere? And if a highly complex living entity such as God could could come spontaneously into existence from nowhere, why couldn't a few single-cell organisms come spontaneously into existence from a suitable already-existing environment rich in carbon, hydrogen, oxygen, nitrogen, sulphur and trace elements, with pure energy available in the form of radioactivity or electrical storms? (Evolutionary theory suggests that you only need single-cell organisms to begin with. All the rest will then take care of itself.)
And trying to teach biology without mentioning evolution is a bit like trying to teach electronics without mentioning Ohm's Law. (And Ohm's Law cannot be proven or disproven experimentally, because every voltmeter and ammeter fundamentally depends on Ohm's Law being true for its operation.)
And how is that any different from them copying an example program out of a copyrighted textbook with a notice inside the front cover to the effect that use of code examples in a commercial application requires permission from the author?
If you don't want to end up in court for copyright violation, don't violate copyright.
And most software doesn't need to muck about at kernel level. Linux's legendary robustness (right up there, just behind the BSDs) might have something to do with this.
Typing linux init=/bin/sh at the boot prompt is not necessarily trivial. It requires physical access to the machine, and it is evident to an external observer.
So what? Forget the GPL for a moment. The key thing is: if they are using someone else's copyrighted software in a product that they sell, they require permission from the copyright holder.
The GPL provides conditional permission to use covered software in a product you sell. If you don't think the conditions are generous enough, then you have the right to fuck off.
When you link a GPL work against a non-GPL work, you create a derivative work. As long as you are authorised to possess both works, the derivative work you create is initially permitted by the Law of the Land, as Fair Dealing (Fair Use in some jurisdictions), and any apparent prohibition in the licence terms is unenforcible precisely because a promise not to do something the Law of the Land already says you can do is worthless.
However, the terms of both licences now apply to the derivative work as a whole. If the restrictive licence said "You must not distribute the Source Code to others", that would conflict with the GPL's requirement to distribute the Source Code. Therefore, the only way you can comply with both licences at once is not to distribute the software at all (aka "Liberty or Death").
The key point is, you don't need a licence to create that Derivative Work. You need one to distribute it. None of which would be an issue, by the way, if software vendors just distributed the frigging Source Code already.
Please remember that when Americans talk of a "gallon", they really mean 0.8 of a gallon, and I'm not even certain that an American mile is the same length as an English mile. The litres/100km. figure, however, is directly comparable, since a litre and kilometre are the same everywhere in the world (which is kind of the point).
If copyright were abolished altogether, it would be necessary also to pass a law mandating the supply of Source Code with any piece of computer software (actually, that wouldn't be a bad thing anyway). Or at least we should wait for a usable decompiler. That way, Freedoms One and Three could be taken by force, as Freedoms Zero and Two already can be taken by force.
Slashdot Mirror
It's better than what I've often seen: a bunch of links such as
[english] [french] [spanish] [german] [dutch] [japanese]
I confidently predict that at least one AC will not be able to spot what is wrong with this.
Actually, with Linux, you don't need the root password. You just need physical access to the machine. Reboot it. If running LILO, enter linux init=/bin/sh ; if running GRUB, edit the boot command line and include init=/bin/sh in it somewhere. Press RETURN. When you get the # prompt, enter / to make the disk writable /etc/shadow > /old_root_password to make a copy of the old scrambled root password,
/etc/shadow >> /old_root_password
/old_root_password /etc/shadow
/old_root_password - don't use this till the last minute, because the password will be changed as soon as you modify /etc/shadow. I don't know if this works on other Unix systems.
# mount -oremount
# awk '/^root/{print}'
# passwd and enter a password you can remember. Twice.
# init 6 to reboot the machine again. You can now log in as root, using the password you supplied. No need for any special weapons, boot discs &c. This is one you can carry entirely in your head.
To restore the original root password, the sequence is
# awk '!/^root/{print}'
# cp -f
# rm -f
You can firmware-upgrade many optical drives just by loading a disc with the firmware on it. The drive reads the TOC, spots a telltale filename, checks the file for telltale data and if it seems correct, loads up its new firmware. This doesn't involve the OS at all. You could plug the drive into just a PSU, no connection to a motherboard even, and upgrade it.
The assumption is that if you have physical access to the machine, you can do what you want with it anyway.
The MBR is a vulnerability by definition. Almost the only way to protect it is by having a jumper on the HDD itself, which must be fitted to enable writing to the MBR and must be removed to enable booting. That means that everytime you want to install a bootstrap loader, you will have to open up the machine and muck about inside it.
Question is, is the threat from the MBR vulnerability significant enough to warrant such a drastic solution?
You don't need half that complication. A simple hand punch (with one of many difficult-to-duplicate patterns), issued at random by the Returning Officer to the polling station on the morning of the election and collected at the close of polling, would be enough. Ballot papers are printed identical, and simply punched on issue. Punched ballot papers are not allowed out of the polling station, except in the ballot box or the "spoiled ballots" envelope, and people who (are supposed to) have voted already are not allowed back near the ballot box. There's a possibility that someone could communicate the pattern made by the punch to the outside world, but in practice this is of limited relevance. Nobody knows what the pattern on the punch will be until election day, which makes it hard to falsify -- who's going to keep a collection of fake special punches on standby, just to rig a few hundred votes?
The problem was that in Florida, the ballots were marked by machine, and counted by machine. The crux of the matter was that the machines were not behaving properly.
The way to eliminate the problem of machine unreliability is to mark the ballots by hand and count them by hand.
There are no "machines that validate the paper votes". The paper votes are counted by people. Usually, the candidates themselves, each with one representative.
How it works: The ballot papers are emptied into the middle of the table. Everyone pulls out all the papers with a figure "1" next to their name, counts their pile and writes down the number of votes. Everyone then passes their pile of papers to the left, counts the ones from the person on their right, and so on. When each person has counted each pile, everyone compares their counts. If all agree, the result is announced; if there is any disagreement, the counting is repeated until all parties are satisfied. If necessary, eliminate weakest candidate and count up votes with a "2" next to each name, and so forth until we have a winner.
None of the candidates trust one another, which is enough by itself to ensure that everyone behaves fairly.
It's an interesting thought.
Businesses already use outside contractors for cleaning, catering, painting and decorating &c. So why not IT?
How come it took *11* posts before someone mentioned this?
WYSIWYG is at best overrated and at worst deleterious.
"Writing" is actually two domains: that of the author, and that of the calligrapher / typesetter. These domains are, to a surprising extent, independent: a manuscript can be full of scratchings-out, ink blots &c. yet still manipulate the emotions of a reader able to overlook the presentation, and beautifully laid-out text can still be nonsense.
Traditionally, manuscripts were created using pen and ink, or simple fixed-font, monospace typewriters; and someone at the publishing company dealt with setting books in type. WYSIWYG word processors have broken this natural abstraction. Ultimately, WYSIWYG software distracts you from being an author, by creating fancy (but ultimately irrelevant) calligraphic effects. (And in particularly bad cases, you get people who don't know any better trying to lay out a document using spaces; but let's not go there.)
The author who uses a simple text editor with a monospaced font is freed from having to worry how the final output will look, and can get on with the business of writing words.
Glucose is a carbohydrate, not a hydrocarbon, but it is most definitely combustible. You just need to add some fag-ash.
There are lots of commercial programs distributed without Source Code, and that does not seem to deter the making of unauthorised copies. There seems no reason to assume that provision of Source Code would lead to an increase in unauthorised copying. And just because you are giving someone the Source Code, there is nothing to stop you from doing so under a no-copying licence, such as the commercial licences for PGP, Qt, MySQL &c., or the kind of licences under which Skype, Opera and Flash Source Code are distributed (and Java used to be distributed before it went GPL). You get the Source Code, and you can build and verify it, but you aren't allowed to pass it on willy-nilly.
In which case, you need only boot from some convenient media you remembered to bring with you (in the same pocket as the screwdriver and the shorting link which you might need to reset the BIOS password in order to change the boot order).
/proc and the output of lsmod while you have remote access will help you pin down the motherboard to a manageable number of possibilities where the password reset jumper is (but if you have to wing it, the jumper in question is most often close to the lithium battery and is actually 3 pins with 1-2 already joined; swap the jumper from 1-2 to 2-3, wait 30 seconds and replace it on 1-2 to restore all settings to factory defaults and no password).
A good look in
If someone has physical access to a box, you really have to assume it's goodnight vienna.
And that would be a sensible way to implement a Caged virus-checker: as a Caged module for Fuse, implementing its own filesystem with built-in virus checking.
On the other hand, the Unix security model inherited by Linux includes permissions (which make it much less likely for things to get executed that should not get executed) and ownerships (which make it less likely for things to get modified that should not get modified). Sensible default behaviours (for example, not running as root except when necessary, always saving e-mail attachments and downloaded files with execute OFF and only running binaries that were compiled by you or your OS distributor) go a long way towards minimising the threats. And while there is still a risk due to insecurities in things such as image handling libraries, the probability of those insecurities being discovered is that much a greater if the code is out in the open.
That, I think, is the real threat to McAfee: When everyone in town is or knows a qualified roof mender, you don't need to sell special expensive proprietary drip buckets.
And don't forget, many of those 7% may not be biologists.
Physics describes how particles of matter interact. Chemistry builds on physics to describe what happens when particles of certain kinds of matter interact with particles of certain other kinds of matter. Biology builds on chemistry and physics to describe what happens when series of chemical interactions become self-sustaining.
It wouldn't be illogical for a physicist or chemist not to believe a theory which explains biology beautifully, because that is outside their discipline.
Science is based on the idea that all phenomena are explainable and endeavours to find explanations through observation, experimentation and the progressive incremental refinement of theories. Religion is based on the idea that some things are beyond explanation, and must be accepted as Mysteries by believers. These two premises are about as irreconcilable as you can get. Either Science will progress to a point where all religious Mysteries can be explained in scientific terms, or a proof will be established that shows why certain things are beyond explanation. (Cf. how you cannot determine five variables given a system of four simultaneous equations.)
Evolution provides such a good explanation for biodiversity that it becomes unnecessary to invoke God, except for the awkward questions of the origin of the universe and the origin of life. You can bodge in a kind of "wind it up and let it go", deist God, but this still ends up leaving unanswered questions: If a God could come spontaneously into existence from nowhere, why couldn't a ready-made, non-God-requiring universe come spontaneously into existence from nowhere? And if a highly complex living entity such as God could could come spontaneously into existence from nowhere, why couldn't a few single-cell organisms come spontaneously into existence from a suitable already-existing environment rich in carbon, hydrogen, oxygen, nitrogen, sulphur and trace elements, with pure energy available in the form of radioactivity or electrical storms? (Evolutionary theory suggests that you only need single-cell organisms to begin with. All the rest will then take care of itself.)
And trying to teach biology without mentioning evolution is a bit like trying to teach electronics without mentioning Ohm's Law. (And Ohm's Law cannot be proven or disproven experimentally, because every voltmeter and ammeter fundamentally depends on Ohm's Law being true for its operation.)
And how is that any different from them copying an example program out of a copyrighted textbook with a notice inside the front cover to the effect that use of code examples in a commercial application requires permission from the author?
If you don't want to end up in court for copyright violation, don't violate copyright.
And most software doesn't need to muck about at kernel level. Linux's legendary robustness (right up there, just behind the BSDs) might have something to do with this.
Typing linux init=/bin/sh at the boot prompt is not necessarily trivial. It requires physical access to the machine, and it is evident to an external observer.
So what? Forget the GPL for a moment. The key thing is: if they are using someone else's copyrighted software in a product that they sell, they require permission from the copyright holder.
The GPL provides conditional permission to use covered software in a product you sell. If you don't think the conditions are generous enough, then you have the right to fuck off.
No.
When you link a GPL work against a non-GPL work, you create a derivative work. As long as you are authorised to possess both works, the derivative work you create is initially permitted by the Law of the Land, as Fair Dealing (Fair Use in some jurisdictions), and any apparent prohibition in the licence terms is unenforcible precisely because a promise not to do something the Law of the Land already says you can do is worthless.
However, the terms of both licences now apply to the derivative work as a whole. If the restrictive licence said "You must not distribute the Source Code to others", that would conflict with the GPL's requirement to distribute the Source Code. Therefore, the only way you can comply with both licences at once is not to distribute the software at all (aka "Liberty or Death").
The key point is, you don't need a licence to create that Derivative Work. You need one to distribute it. None of which would be an issue, by the way, if software vendors just distributed the frigging Source Code already.
Please remember that when Americans talk of a "gallon", they really mean 0.8 of a gallon, and I'm not even certain that an American mile is the same length as an English mile. The litres/100km. figure, however, is directly comparable, since a litre and kilometre are the same everywhere in the world (which is kind of the point).
This is true.
If copyright were abolished altogether, it would be necessary also to pass a law mandating the supply of Source Code with any piece of computer software (actually, that wouldn't be a bad thing anyway). Or at least we should wait for a usable decompiler. That way, Freedoms One and Three could be taken by force, as Freedoms Zero and Two already can be taken by force.