You're forgetting about the cost of re-educating the administrative staff like secretaries.
There isn't one. They can pick it up as they go along, the same way as the first ever people who ever used a computer had to. After all, the letter and number keys are still in the same places relative to one another {unless you install the wrong country's keymap, but that's another story} and most corporate desktop computers are being used as little more than glorified typewriters and idiot-calculators*.
The thing is, if you tell somebody that everything they believe is wrong, they'll automatically resent you for it -- even if it's true. In fact, especially if it's true. But the unpopularity of an opinion does not diminish its validity.
* Idiot-calculator: one with only + - */, and no scientific functions; and which therefore is used exclusively for the sort of calculations that could be done without the aid of such an instrument when I was at school.
In fact, I just had a vivid image of a doctor visiting a bunch of children in Iraq who'd lost limbs from playing with those cluster bombs that look like food packets and saying "You did what? Don't you retards know not to open unfamiliar packages?"
If one kid opens an unfamiliar package and gets hurt, that's a tragic accident. But if a whole bunch of kids, who were watching the whole thing and saw every detail, go ahead and open some more of those packages anyway, then that's deserved. Fewer idiots is an improvement, IMHO.
Actions have consequences, and -- much as we would love to pretend to the contrary -- you can't divorce the consequences from the action. You can forgive someone an honest mistake, that's just unlucky; but the second time they do it -- or anytime, if they already should have known what would be likely to happen -- then it's deliberate. It's what Darwin called Natural Selection. Unfortunately for the species as a whole {though fortunately for the individuals concerned}, most stupid things you can do these days won't kill you outright.
The Internet is a freakin' dangerous place, and how anyone can not know that is beyond me. But somebody, somewhere must have clicked on that attachment, even despite all the horror stories. In fact, judging by the fact that I'm getting bounces back to a domain where there are no Windows machines, somebody who knows me clicked on the freakin' thing.
Maybe it's time to introduce a "networthiness" test for computers, like the roadworthiness test for cars -- so machines that persistently send out nuisance material could be ordered off the net until they were fixed. But I'd be the first to admit that such a scheme, if it was implemented badly, would make things many times worse as opposed to better.
Well, Mandrake Linux fits on three CDs, so I'd say the cost of securing a business against virus attacks is about 75p.
The reason why so many attacks are against Windows is that Windows is usable by complete morons -- and, as an inevitable result, you get complete morons using it. Yes, we all know GNU/Linux requires a little tech savvy. You don't get smart enough to use GNU/Linux without first learning that running just any old programme when you don't have the faintest idea what it does, is a bloody stupid thing to do. On the other hand, any living advertisement for the pro-choice movement can fire up Windows XP and get their computer riddled with malware in a twinkling. Why? Because Windows is too easy to use.
It's a perfect illustration of reverse evolution in action. You try to make something idiot-proof, then nature only goes and comes out with a dafter idiot.
You could never make a car that a five-year-old could drive safely -- and even if you could, it would necessarily lack so much functionality it would barely be usable. Really, there's no point trying -- it's better to issue full driving licences only to adults and only on completion of a test. And then we don't have to suffer the consequences of cars that would be driveable by five-year-olds.
The very fact that GNU/Linux naturally weeds out complete retards probably explains why there are not -- and will never be -- as many GNU/Linux exploits as there are Windows exploits.
You're both right and you're both wrong. Even machine level instructions are interpreted. The op-code bits are expanded by a logic array to control the arithmetic and logic unit and the latches at its inputs and outputs. So you could say that there is no such thing as a compiled programme, because it still gets interpreted at some level -- even if that's the level of those AND, OR and NOT gates you spent a whole year on in O-level computer studies.
The Java Virtual Machine is essentially an interpreter, but what it interprets is designed to be read by a machine and so sacrifices human readability. It would be perfectly possible in theory to design a processor core which executed Java Bytecode natively, and if such a device existed then the JVM would be an emulator for it.
It also depends on how statefully the interpretation is carried out. Some 8-bit BASIC interpreters were next to stateless, interpreting a programme on a line-by-line basis. This was a necessity when memory was limited and secondary storage was slow. Modern scripting languages such as Perl and Python -- and for that matter, the later Microsoft BASICs -- keep much more state information, almost performing a full compilation.
That's not leeching. If somebody cannot be bothered to get a dictionary and look up the correct spelling of a word when they want to put out an advertisement that could be seen by millions of people, then to my mind they deserve what they get. You play with fire, you get burned.
You might not get far appearing on TV if you're ugly, and you might not get far on the wireless if you have an annoying voice. But anyone can learn to spell properly -- the only thing stopping them is laziness.
Actually there probably is a market for someone to charge a fee for checking spelling and usage {that would require a human being; a machine can spot "tehre" but "their" is a correctly-spelt word even if you meant "there"} -- because at some point, the benefit due to proper spelling would be greater than the amount you spent on it.
I was thinking of building myself some kind of PVR too. I suppose I could have got myself a Sky Plus box, only this would have meant getting a dish -- and I happen to think they're ugly, compared to a cable buried discreetly under the pavement. I had the specs in my mind, and went out looking for parts.
Then in Dixons, I found the Philips DVDR-70 DVD+RW recorder. At 279.99, I snapped it up. This machine needs the more expensive DVD+RW discs. It can also use DVD+Rs, but the functionality is a bit more limited with one-time media. There are only two SCARTs, and you'll need both of them for the TV and the satellite/cable decoder; but it does have audio/video/SV ins on the front {meant for a camcorder so designated CAM1} which you can use in an emergency, and audio/video/SV outs around the back. As you would expect on any DVD player, the TV SCART has RGB out; but unlike a VCR the auxiliary SCART has RGB in.
Chapter points are added automatically during recording, or you can add them by hand - and the ability to block certain chapters allows you to implement a form of ad-skipping, which is vital for most cable/satellite recordings. The picure is rock-solid even at six-hour compression. It will play MP3 audio CDs through your TV or hi-fi, but not multisession discs - you'll have to burn them in one go. This should mean those annoying copy-protected discs will play fine, though, and there's no mention of disabling the digital audio out during certain kinds of playback {but I haven't been able to test this}.
Downsides? No HDD so you can't record and play back at the same time, and the picture blanks out while the machine is busy. No RF modulator, so you have to use the A/V connections; but you'd be throwing away the advantages of DVD anyway. And I didn't build it myself.
Conclusion: Worth the price, and you'll soon get to live with the quirks. Expect newer models to answer them anyway.
You know, back in The Days, I used to whinge that X was inefficient for a desktop PC where there is only ever going to be one user displaying on one monitor at one resolution, and hanker after a direct-rendered system that bypass most of the unnecessary features.
Then I had a kind of revelation. It ought to be possible to compile a very stripped-down X server with all those assumptions hard-coded right into it. You might have to edit the makefile just to set it up for a different monitor; but for how often you're ever going to have to do that, it's no price really.
Then I looked at the X source tree, and decided that it's not so bad the way it is now.....
It's MandrakeSoft's fault for using UNTESTED code.
That still doesn't excuse LG for breaking the standard. Standards may not be law, but they are there for a reason; and if you don't conform to published standards, then you deserve everything that happens to you.
If you wrote a web browser whose default behaviour was to crash horribly when someone used the <img> tag, it would be your fault, not the fault of whoever was trying to put pictures on their web site.
Mandrake's code was 100% standards-compliant, LG's firmware was not. Read the standards again. What do you think is so unreasonable about attempting to determine what kind of drive you are dealing with by trying commands and seeing what responses they elicit? If you ask a drive to flush its buffer, the correct response is either "OK" or "Command not implemented". Not to initiate a firmware upgrade {which is indicated by an altogether different code, also shown in the published standards}! If LG got bitten in the ass, it was because they asked for it.
FCS, will the Windows fans shut up about the fact that a Mandrake release caused problems with a minority of broken drives already?! The LG read-only drives had a bad firmware fault. The ATAPI spec says what command code is supposed to perform what function and how to handle it if that function is not applicable. The LG drive did not conform to spec -- it used the "flush buffer" command {which only does anything useful on a writer} for "begin flash upgrade", which is forbidden by the ATAPI spec {which clearly states a different command code for "begin flash upgrade"}. Mandrake's auto-detection routine issued a "flush buffer" command to see if that did anything -- a writer would return "OK", a read-only drive would return "Command not implemented". At least, if the drives conformed to the published ATAPI specification. LG deviated from the specification. I'm sure if Windows had used the same trick to perform auto-detection, and LG had run afoul of it, Bill Gates would be held totally blameless.
If you are driving your car on the wrong side of the road, don't blame me in the event of a collision.
I think the fact that they're already 10.0 implies that they release major versions WAY too often.
Exactly what Paddy V noticed. See here, top question.
It will be interesting to see how 2.6 performs now an actual distribution is using it as standard, rather than relying on homebrewers to compile it..... it might even find its way into Debian by about 2006;-)
Userland programmes can access port 25. Prove it with your favourite telnet client; $ telnet localhost 25 and then do the usual stuff. Even CGI scripts, running with fewer priviliges than a "real" user, can do it {how else would formmail work? OK, most formmail implementations I have seen don't open a socket connection; they use sendmail. But socket connections from non-privileged scripts do work.}
I just thought of this: On a Linux system, the dig command probably is installed. So you can verify e-mail addresses using dig mx foo.co.uk, parse the output and, once you're sure their address has a valid MX record, telnet into port 25 on that machine to send them mail. Or, of course, you could create a little daemon that allows a spammer to log into the compromised machine, and use its dig just to verify e-mail addresses and give back a yea or nay. You can run daemons from userland as long as they are on a 4-figure port.
Congratulations to your wife. It's nice to know that there are still people in this world who live up to the idea that there are some things more important than money.
I shall leave you to celebrate in whatever manner you think most appropriate.
If you're looking for prior art on using a wheel to select music, look at the AMI juke box. I'm sorry I didn't think of this sooner. On the cheaper models, instead of separate letter and number buttons, you spun a wheel to select a record, the letters and numbers in a window changed, and you pressed a button to play the record - selected from a "menu" - whose letter and number were currently showing. This saved on separate solenoid actuators. The wheel was spun from the edge, and due to the direct mechanical coupling there was no artificial acceleration effect {but obviously if you shoved it harder, it went faster, up to a point}. Otherwise I think it's prior art in this case.
Some things just should not by their very nature be patentable, and I think the way a control actuator works is one of them. Otherwise what will you allow to be patented next?
No, if you want to patent daft things, try patenting personal injuries. I'm surprised the National Ambulance Followers' Federation haven't got their members offering such a service already. Then not only can you claim compensation when you hurt yourself, you can also claim royalty payments the next time someone else hurts themself the same way you did!
Unless I could patent the idea of patenting an injury in order to maximise the payout for yourself and your legal representatives, in the event of an accident that was not your fault..... But what if somebody already patented the idea of patenting an idea for patenting something, in order to earn big money claiming a fee from me every time I claimed a fee from a lawyer who was helping a client claim a fee from an injured party using a method I had patented? Where will the madness end? Sooner or later all the money in the world will belong to lawyers, and nobody would be worth suing even if anybody could afford it!
It's not just a wheel. The wheel is just the physical interface. There's also the way it scrolls through long lists quickly, and the way it interacts with the other buttons, that make it such a great and unique piece of interface design.
What the hell are you smoking? It's a bloody knob, for crying out loud! Wireless sets have had a bloody great knob for changing the station pretty much ever since they were invented. True, this one's connected to a shaft encoder as opposed to a variable capacitor or a pot, but that's hardly unique; and you actuate it from the top surface rather than around the rim, but at the end of the day it's nothing more than a fancy knob. I seem to remember there being a similar kind of thing on some DJs' CD players, where a revolving disc is used to search for a specific passage. And I think there was something similar on posh VCRs, but I was always too poor to afford one like that:) That was the state of the art as it was prior to the advent of the iPod.
You can't just say "It's a wheel!" without recognizing the enormous amount of effort and care that went into its design and engineering. The wheel is what makes the iPod unique, and it deserves its success because of it.
That is the most pretentious piece of obsequious toadying I have heard in a long time.
This is one of the good uses of patents, in the sense that it gives a manufacturer a temporary monopoly as a reward for innovative design, and will hopefully spur other innovative designs in the iPod comptetitors.
Good use of a patent my arse. That patent should never even have been awarded in the first place. Whoever was responsible for not throwing it straight out has a lot of explaining to do.
Seems like a good thing to me.
Just get your face out of Jobs' arse, will you? People like you give Apple fans a bad name.
I think you do it by editing/etc/pam.d/su and removing a comment mark -- but, to be honest, it's worked for me for so long, I don't remember fully. That's on a {mostly} Debian system -- I say "mostly" because some of what's on there was built from sources.
As for the Windows user..... well, it was a lot less interesting than it could have been. We reached a deal involving certain members of his family not seeing my proxy logs, and that was that.
As long as computers need to access their own memory
I take it you mean forever:)
I had a sneaky feeling it was impossible all along. For every strategy I can think of, there's something important it would break. Then again, seeing what people have managed to achieve on ancient systems, it's possible that the limitations of at least one method could be overcome and result in a workable, safe computing environment.
If you don't have self-modifying code, then you need a stack {which is a vulnerability in its own right} and an indirect addressing mode {which can still be used for mischief}. {No stack => subroutine call instructions place address of instruction that would have been executed next in accumulator, subroutine first modifies its own last instruction -- a jump -- to point to that address; no indirection register => program modifies read/write/jump instruction directly.} Otherwise you have an incomplete computer -- there would be certain legitimate operations it would be incapable of doing.
The question is, where to draw the line between a particular operation being "safe" and being "unsafe"? How do you decide what the computer should or should not be doing?
Note that wallpaper ain't just for Windows!
KDE users can download it, open a root console, and copy it to/usr/share/wallpapers/, from where any user can then set it as their desktop wallpaper. {This may or may not also work for GNOME -- haven't been able to test as I don't have Gnome installed on this machine}.
su is quick, but -- if you're at the console -- ctrl-alt-f1...f6 is quicker.
If you're really paranoid, you can even bar certain users from su'ing. {this was what I did when I set my dial-up service..... it's slower than 56K, due to being a slightly crappy modem, but it runs off a number with a "real" area code, not an 0845 number; so it counts towards any "inclusive" time in your telco tariff.}
One user must have thought he would have a go at cracking my root password one afternoon. I noticed he was running a Windows client, and Fixed him Good and Proper.....
As has been pointed out, demonstrably crackable encryption is OK for data with an expiry date. Credit card numbers, for instance, are usually only good for 3 years or so -- you get a new number with the new card.
Still, I worry about any closed-source encryption technology. Imagine somebody coming up to you and saying in a cheesy mexican accent: "Hey, extranjero! You want to send top-secret message? No problemo, Amigo! I know secret code, so secret only me and my brother know it. You give me message, si, you dictate, one words at a time. I write it down in secrets codes and send it to my brothers. He only one in whole wides worlds who understand it. But my brother, he take it to your amigo, si, and he tell the message one word a times. Is very good. Top-secret. Only me and my brothers knows the code."
Yes, you would have thought that they would have found a way to avoid buffer overflow vulnerabilities altogether by now -- or at least fixed it so one process can't write into another process's memory. It must be able to write into its own code memory, of course, to allow for auto-mutative code. Hmm, if we used 80-bit wide memory, each word could have the usual 64 bits of data space plus 16 bits for a PID specifier -- but then we would be building in a hardware limitation, max_running_PIDs. Of course the kernel itself would need the ability to poke about wherever it wanted, though, in order to allocate memory for processes. Come to think of it, I'm not even sure it isn't impossible.
BTW, before some Harvard architecture fanboy chips in here, the Harvard architecture isn't a perfect fix for buffer overflows, as it's still possible to write code on a Harvard architecture machine that emulates a Neumann architecture machine -- and if it wasn't, then you wouldn't have a fully-functional computer. You must be able to make a decision based on the contents of a data memory cell; therefore, by changing the contents of data memory, you can influence code execution. The 68000 family's Harvard-emulated-on-Neumann is pretty worthless too.
I'm banking on that most people haven't the balls to do something like that. If someone isn't prepared at all to show me the source code for their application, that immediately suggests to me that they want to hide something from me -- which is reason enough for me not to want to run their code. On the other hand, if they are prepared to show me the code, then either they have nothing to hide from me; or they are really confident that whatever it is, is really well hidden.
I feel it only fair to point out that Gentoo is pitched as an "expert's" distribution -- so are Slackware and Debian. You should already have some idea what you're doing before you install any of them {and the installers also behave as a handy idiot-filter}. OTOH, Mandrake, being a non-expert's distribution, insists you create a non-root user before you can complete the installation.
when the user CHOOSES to run Windows and CHOOSES to run Internet Explorer and CHOOSES to have their default mail client to be Outlook Express, for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.
Users do not choose to run Windows, just as nobody chooses to travel with $LOCAL_BUS_COMPANY {but they still say thank you anyway; and funnily enough my local bus company is actually owned by a car dealership, but that's another story}. It is installed by default on brand-new, store-bought PCs, along with Internet Exploder and Outlook Exploit. Sometimes you get a copy of Micro$oft Doesn'tWork as well.
If those PCs came instead with a Linux installation not-quite-finished -- so you would have to set a root password and add at least one regular user before getting to the good stuff -- then I think it's quite likely that fewer people would "choose" to use Windows.
The thing is, if you tell somebody that everything they believe is wrong, they'll automatically resent you for it -- even if it's true. In fact, especially if it's true. But the unpopularity of an opinion does not diminish its validity.
* Idiot-calculator: one with only + - *
Actions have consequences, and -- much as we would love to pretend to the contrary -- you can't divorce the consequences from the action. You can forgive someone an honest mistake, that's just unlucky; but the second time they do it -- or anytime, if they already should have known what would be likely to happen -- then it's deliberate. It's what Darwin called Natural Selection. Unfortunately for the species as a whole {though fortunately for the individuals concerned}, most stupid things you can do these days won't kill you outright.
The Internet is a freakin' dangerous place, and how anyone can not know that is beyond me. But somebody, somewhere must have clicked on that attachment, even despite all the horror stories. In fact, judging by the fact that I'm getting bounces back to a domain where there are no Windows machines, somebody who knows me clicked on the freakin' thing.
Maybe it's time to introduce a "networthiness" test for computers, like the roadworthiness test for cars -- so machines that persistently send out nuisance material could be ordered off the net until they were fixed. But I'd be the first to admit that such a scheme, if it was implemented badly, would make things many times worse as opposed to better.
Well, Mandrake Linux fits on three CDs, so I'd say the cost of securing a business against virus attacks is about 75p.
The reason why so many attacks are against Windows is that Windows is usable by complete morons -- and, as an inevitable result, you get complete morons using it. Yes, we all know GNU/Linux requires a little tech savvy. You don't get smart enough to use GNU/Linux without first learning that running just any old programme when you don't have the faintest idea what it does, is a bloody stupid thing to do. On the other hand, any living advertisement for the pro-choice movement can fire up Windows XP and get their computer riddled with malware in a twinkling. Why? Because Windows is too easy to use.
It's a perfect illustration of reverse evolution in action. You try to make something idiot-proof, then nature only goes and comes out with a dafter idiot.
You could never make a car that a five-year-old could drive safely -- and even if you could, it would necessarily lack so much functionality it would barely be usable. Really, there's no point trying -- it's better to issue full driving licences only to adults and only on completion of a test. And then we don't have to suffer the consequences of cars that would be driveable by five-year-olds.
The very fact that GNU/Linux naturally weeds out complete retards probably explains why there are not -- and will never be -- as many GNU/Linux exploits as there are Windows exploits.
You're both right and you're both wrong. Even machine level instructions are interpreted. The op-code bits are expanded by a logic array to control the arithmetic and logic unit and the latches at its inputs and outputs. So you could say that there is no such thing as a compiled programme, because it still gets interpreted at some level -- even if that's the level of those AND, OR and NOT gates you spent a whole year on in O-level computer studies.
The Java Virtual Machine is essentially an interpreter, but what it interprets is designed to be read by a machine and so sacrifices human readability. It would be perfectly possible in theory to design a processor core which executed Java Bytecode natively, and if such a device existed then the JVM would be an emulator for it.
It also depends on how statefully the interpretation is carried out. Some 8-bit BASIC interpreters were next to stateless, interpreting a programme on a line-by-line basis. This was a necessity when memory was limited and secondary storage was slow. Modern scripting languages such as Perl and Python -- and for that matter, the later Microsoft BASICs -- keep much more state information, almost performing a full compilation.
That's not leeching. If somebody cannot be bothered to get a dictionary and look up the correct spelling of a word when they want to put out an advertisement that could be seen by millions of people, then to my mind they deserve what they get. You play with fire, you get burned.
You might not get far appearing on TV if you're ugly, and you might not get far on the wireless if you have an annoying voice. But anyone can learn to spell properly -- the only thing stopping them is laziness.
Actually there probably is a market for someone to charge a fee for checking spelling and usage {that would require a human being; a machine can spot "tehre" but "their" is a correctly-spelt word even if you meant "there"} -- because at some point, the benefit due to proper spelling would be greater than the amount you spent on it.
I was thinking of building myself some kind of PVR too. I suppose I could have got myself a Sky Plus box, only this would have meant getting a dish -- and I happen to think they're ugly, compared to a cable buried discreetly under the pavement. I had the specs in my mind, and went out looking for parts.
Then in Dixons, I found the Philips DVDR-70 DVD+RW recorder. At 279.99, I snapped it up. This machine needs the more expensive DVD+RW discs. It can also use DVD+Rs, but the functionality is a bit more limited with one-time media. There are only two SCARTs, and you'll need both of them for the TV and the satellite/cable decoder; but it does have audio/video/SV ins on the front {meant for a camcorder so designated CAM1} which you can use in an emergency, and audio/video/SV outs around the back. As you would expect on any DVD player, the TV SCART has RGB out; but unlike a VCR the auxiliary SCART has RGB in.
Chapter points are added automatically during recording, or you can add them by hand - and the ability to block certain chapters allows you to implement a form of ad-skipping, which is vital for most cable/satellite recordings. The picure is rock-solid even at six-hour compression. It will play MP3 audio CDs through your TV or hi-fi, but not multisession discs - you'll have to burn them in one go. This should mean those annoying copy-protected discs will play fine, though, and there's no mention of disabling the digital audio out during certain kinds of playback {but I haven't been able to test this}.
Downsides? No HDD so you can't record and play back at the same time, and the picture blanks out while the machine is busy. No RF modulator, so you have to use the A/V connections; but you'd be throwing away the advantages of DVD anyway. And I didn't build it myself.
Conclusion: Worth the price, and you'll soon get to live with the quirks. Expect newer models to answer them anyway.
****
You know, back in The Days, I used to whinge that X was inefficient for a desktop PC where there is only ever going to be one user displaying on one monitor at one resolution, and hanker after a direct-rendered system that bypass most of the unnecessary features.
.....
Then I had a kind of revelation. It ought to be possible to compile a very stripped-down X server with all those assumptions hard-coded right into it. You might have to edit the makefile just to set it up for a different monitor; but for how often you're ever going to have to do that, it's no price really.
Then I looked at the X source tree, and decided that it's not so bad the way it is now
If you wrote a web browser whose default behaviour was to crash horribly when someone used the <img> tag, it would be your fault, not the fault of whoever was trying to put pictures on their web site.
Mandrake's code was 100% standards-compliant, LG's firmware was not. Read the standards again. What do you think is so unreasonable about attempting to determine what kind of drive you are dealing with by trying commands and seeing what responses they elicit? If you ask a drive to flush its buffer, the correct response is either "OK" or "Command not implemented". Not to initiate a firmware upgrade {which is indicated by an altogether different code, also shown in the published standards}! If LG got bitten in the ass, it was because they asked for it.
In the UK you would go to your local council's Trading Standards department. Not sure what the equivalent body is in other countries, though .....
FCS, will the Windows fans shut up about the fact that a Mandrake release caused problems with a minority of broken drives already?! The LG read-only drives had a bad firmware fault. The ATAPI spec says what command code is supposed to perform what function and how to handle it if that function is not applicable. The LG drive did not conform to spec -- it used the "flush buffer" command {which only does anything useful on a writer} for "begin flash upgrade", which is forbidden by the ATAPI spec {which clearly states a different command code for "begin flash upgrade"}. Mandrake's auto-detection routine issued a "flush buffer" command to see if that did anything -- a writer would return "OK", a read-only drive would return "Command not implemented". At least, if the drives conformed to the published ATAPI specification. LG deviated from the specification. I'm sure if Windows had used the same trick to perform auto-detection, and LG had run afoul of it, Bill Gates would be held totally blameless.
If you are driving your car on the wrong side of the road, don't blame me in the event of a collision.
It will be interesting to see how 2.6 performs now an actual distribution is using it as standard, rather than relying on homebrewers to compile it
Userland programmes can access port 25. Prove it with your favourite telnet client; $ telnet localhost 25 and then do the usual stuff. Even CGI scripts, running with fewer priviliges than a "real" user, can do it {how else would formmail work? OK, most formmail implementations I have seen don't open a socket connection; they use sendmail. But socket connections from non-privileged scripts do work.}
I just thought of this: On a Linux system, the dig command probably is installed. So you can verify e-mail addresses using dig mx foo.co.uk, parse the output and, once you're sure their address has a valid MX record, telnet into port 25 on that machine to send them mail. Or, of course, you could create a little daemon that allows a spammer to log into the compromised machine, and use its dig just to verify e-mail addresses and give back a yea or nay. You can run daemons from userland as long as they are on a 4-figure port.
Congratulations to your wife. It's nice to know that there are still people in this world who live up to the idea that there are some things more important than money.
I shall leave you to celebrate in whatever manner you think most appropriate.
If you're looking for prior art on using a wheel to select music, look at the AMI juke box. I'm sorry I didn't think of this sooner. On the cheaper models, instead of separate letter and number buttons, you spun a wheel to select a record, the letters and numbers in a window changed, and you pressed a button to play the record - selected from a "menu" - whose letter and number were currently showing. This saved on separate solenoid actuators. The wheel was spun from the edge, and due to the direct mechanical coupling there was no artificial acceleration effect {but obviously if you shoved it harder, it went faster, up to a point}. Otherwise I think it's prior art in this case.
..... But what if somebody already patented the idea of patenting an idea for patenting something, in order to earn big money claiming a fee from me every time I claimed a fee from a lawyer who was helping a client claim a fee from an injured party using a method I had patented? Where will the madness end? Sooner or later all the money in the world will belong to lawyers, and nobody would be worth suing even if anybody could afford it!
Some things just should not by their very nature be patentable, and I think the way a control actuator works is one of them. Otherwise what will you allow to be patented next?
No, if you want to patent daft things, try patenting personal injuries. I'm surprised the National Ambulance Followers' Federation haven't got their members offering such a service already. Then not only can you claim compensation when you hurt yourself, you can also claim royalty payments the next time someone else hurts themself the same way you did!
Unless I could patent the idea of patenting an injury in order to maximise the payout for yourself and your legal representatives, in the event of an accident that was not your fault
I think you do it by editing /etc/pam.d/su and removing a comment mark -- but, to be honest, it's worked for me for so long, I don't remember fully. That's on a {mostly} Debian system -- I say "mostly" because some of what's on there was built from sources.
..... well, it was a lot less interesting than it could have been. We reached a deal involving certain members of his family not seeing my proxy logs, and that was that.
As for the Windows user
I already try as hard as possible not to buy crap. It hurts the pocket a little, at first, but it pays for itself later.
.....
And for the time being, I'm doing fine without a colour printer
I had a sneaky feeling it was impossible all along. For every strategy I can think of, there's something important it would break. Then again, seeing what people have managed to achieve on ancient systems, it's possible that the limitations of at least one method could be overcome and result in a workable, safe computing environment.
If you don't have self-modifying code, then you need a stack {which is a vulnerability in its own right} and an indirect addressing mode {which can still be used for mischief}. {No stack => subroutine call instructions place address of instruction that would have been executed next in accumulator, subroutine first modifies its own last instruction -- a jump -- to point to that address; no indirection register => program modifies read/write/jump instruction directly.} Otherwise you have an incomplete computer -- there would be certain legitimate operations it would be incapable of doing.
The question is, where to draw the line between a particular operation being "safe" and being "unsafe"? How do you decide what the computer should or should not be doing?
Note that wallpaper ain't just for Windows! KDE users can download it, open a root console, and copy it to /usr/share/wallpapers/, from where any user can then set it as their desktop wallpaper. {This may or may not also work for GNOME -- haven't been able to test as I don't have Gnome installed on this machine}.
su is quick, but -- if you're at the console -- ctrl-alt-f1...f6 is quicker. If you're really paranoid, you can even bar certain users from su'ing. {this was what I did when I set my dial-up service ..... it's slower than 56K, due to being a slightly crappy modem, but it runs off a number with a "real" area code, not an 0845 number; so it counts towards any "inclusive" time in your telco tariff.}
.....
One user must have thought he would have a go at cracking my root password one afternoon. I noticed he was running a Windows client, and Fixed him Good and Proper
As has been pointed out, demonstrably crackable encryption is OK for data with an expiry date. Credit card numbers, for instance, are usually only good for 3 years or so -- you get a new number with the new card.
Still, I worry about any closed-source encryption technology. Imagine somebody coming up to you and saying in a cheesy mexican accent: "Hey, extranjero! You want to send top-secret message? No problemo, Amigo! I know secret code, so secret only me and my brother know it. You give me message, si, you dictate, one words at a time. I write it down in secrets codes and send it to my brothers. He only one in whole wides worlds who understand it. But my brother, he take it to your amigo, si, and he tell the message one word a times. Is very good. Top-secret. Only me and my brothers knows the code."
Yes, you would have thought that they would have found a way to avoid buffer overflow vulnerabilities altogether by now -- or at least fixed it so one process can't write into another process's memory. It must be able to write into its own code memory, of course, to allow for auto-mutative code. Hmm, if we used 80-bit wide memory, each word could have the usual 64 bits of data space plus 16 bits for a PID specifier -- but then we would be building in a hardware limitation, max_running_PIDs. Of course the kernel itself would need the ability to poke about wherever it wanted, though, in order to allocate memory for processes. Come to think of it, I'm not even sure it isn't impossible.
BTW, before some Harvard architecture fanboy chips in here, the Harvard architecture isn't a perfect fix for buffer overflows, as it's still possible to write code on a Harvard architecture machine that emulates a Neumann architecture machine -- and if it wasn't, then you wouldn't have a fully-functional computer. You must be able to make a decision based on the contents of a data memory cell; therefore, by changing the contents of data memory, you can influence code execution. The 68000 family's Harvard-emulated-on-Neumann is pretty worthless too.
I'm banking on that most people haven't the balls to do something like that. If someone isn't prepared at all to show me the source code for their application, that immediately suggests to me that they want to hide something from me -- which is reason enough for me not to want to run their code. On the other hand, if they are prepared to show me the code, then either they have nothing to hide from me; or they are really confident that whatever it is, is really well hidden.
I feel it only fair to point out that Gentoo is pitched as an "expert's" distribution -- so are Slackware and Debian. You should already have some idea what you're doing before you install any of them {and the installers also behave as a handy idiot-filter}. OTOH, Mandrake, being a non-expert's distribution, insists you create a non-root user before you can complete the installation.
If those PCs came instead with a Linux installation not-quite-finished -- so you would have to set a root password and add at least one regular user before getting to the good stuff -- then I think it's quite likely that fewer people would "choose" to use Windows.