Instead, efforts should go in the direction of installing world-wide minimum standards in both regards...
How about a law demanding that goods may not be imported, if they were manufactured under conditions that would not be acceptable in the destination country?
It's bad enough when gift vouchers have an expiry date. The way I see it, when I buy someone a gift voucher from a store, I am lending the store money; and by slipping the gift voucher inside a birthday card, I am transferring the debt to a third party. It's not fair for the store to dictate that they will refuse to honour the debt after a certain date.
What's worse, I bet if I took out one of the same store's payment cards (not sure why I'd want to: only valid in their own and other participating retailers' outlets, and up to twice the interest rate of a normal credit card, looks a poor value proposition to me), I bet they wouldn't like it if I said something like "If I haven't paid you back in full within 12 months, I'm not going to pay you anything at all".
Why should the store, as my debtor, be allowed to get away with imposing an expiry date on a gfit voucher? THEY OWE ME (or the recipient of the gift voucher) MONEY, FOR CRYING OUT LOUD!
Disclaimer: I Am Not An Economist (But I Am Tight With Money).
My point is that saying "the number of attacks depends upon the popularity of the software" is a cop-out. Apache HTTPD server is a more popular web server than IIS, yet it doesn't receive the proportion of web server attack attempts that you would expect if -- as the Windows fanboys maintain -- it was popularity alone that determined frequency of attack attempts.
However, the popularity of Windows as an operating system might actually not be entirely unrelated to its lax security (it's easy to set up if you don't give a fig who can get into it). If that is so, then Microsoft have a problem on their hands: anything they do to try to make Windows more secure will at the same time rob it of one of its selling points. Meanwhile, the Linux distros are catching up in the usability stakes and could be in a position to poach customers.
Yeah, sorry, wrong threat -- read-only is just to prevent anyone or anything from snarfing your data. Read-only and non-executable would be much better (barring a deliberate act on the user's part, something would have to copy it and execute the copy, which implies your system would already need to be compromised in order to get compromised that way).
Apache isn't even a web server, it's a software company. Apache HTTPD is a web server (it stands for HTTP Daemon).
Just letting you know to be helpful.
The question left unanswered is: Is it generally easier or harder to make an exploit at the application level, as compared to the OS level? And, once we take this into account, how does the Apache HTTPD application monoculture then compare with the Windows OS monoculture?
Sorry, you failed it when you said "group policy". Who the hell actually uses that? It's used less often than a pay toilet in a forest, or a Slashdot user's rubber johnny.
The reason malware utilising BITS is a problem is because with any application-level firewall, permission for BITS to access the net is already granted and so unlike a regular trojan, the firewall won't spit a potentially suspicious permission request up when it tries to download more malware from the 'net.
And this is what's wrong with Windows' security model.
Firewalls shouldn't be caring about which programs want access to the outside world. Firewalls should be caring about which bit of the outside world programs are trying to access -- and which bits of the outside world are trying to access the computer the firewall is protecting. And the decision of what to allow through the firewall or not should be taken by, or at least on the say-so of, a human user with administrative privileges.
All this basically stems from Microsoft's arrogant assumption that they know what is best for users.
Not just any local user. They have to have an entry in/etc/sudoers first, otherwise they get a scary message and root gets an e-mail. The Ubuntu installer only puts the first named user into the sudoers file. This user (or someone who knows their password: sudo asks the currently-logged-in user for their own password before running the root command) then has to so domething like "sudo visudo" and deliberately add other users to this file.
Anyone who has physical access to the machine can change any password (including the root password), though it does require at least a reboot and possibly unscrewing the case if the BIOS has been fiddled with.
Yeah, cos Apache HTTPD powers 2/3 of all web servers (and about half the rest are based on bastardised versions of the Apache codebase or its NCSA predecessor), and gets 2/3 of all web server exploits directed at it.
Oh, wait, that's bollocks. And so is your argument.
No, they should have designed their operating system properly in the first place and then they wouldn't need to respond to incidents like this. Changing important system files without the user's say-so ought to be a definite no-no. Microsoft, however, believe that (1) they know what is best for the user (hence there are some things that even an Administrator can't do) and (2) their software is worth more than your data (hence there is no obvious way to make USB sticks read-only for non-Admin users).
which will dump the raw HTTP response onto STDOUT. And that's safe because you can't muck anything up by printing to the screen (well, you might get unlucky and have some weirdy escape code sequence turn off echo or redefine the entire character set or beep incessantly; but the whole beauty of xterm windows is that you can always close one forcibly if you have to).
By feeding the signals from my direct-drive (it's only a 4-pole motor -- I'm saving up for a 16-pole one:) ) turntable into two of the inputs of my Alesis MultiMix 8 USB mixer using RCA-to-6.3 adaptors, panning one full-on to the left and the other full-on right, cranking up the gain (you've already lost 6dB what with it being unbalanced and another 20db from it being the jack and not the cannon, but the too-low impedance of the latter will distort things worse) and then adjusting the tone controls (treble 9 o'clock, middle 12 o'clock, bass 3 o'clock) to correct for the pre-emphasis used in recording, I can get a nice digital signal (it's a Burr-Brown A-to-D) from a vinyl record (which I already own, so it's just as much Fair Dealing as taping a CD to listen in the car and don't tell me there's a single person in this courtroom who has never done that, your honour) anyway!
Once the controls are adjusted and the record is set up to play with the needle on the edge, start Audacity, select dsp1 as source (this may be different depending how your system is set up), begin recording and start the turntable motor. Come back later, top recording, look at waveform on screen, pick out individual tracks, paste each one as a new recording, trim start and end, save in preferred format (WAV, OGG, or even MP3 -- isn't it great living in a country where there are no maths patents?). Turn over record, repeat process.
NB. Tip from bitter experience: make sure that the room is cat-proofed for the entire duration!
But the wording of the alw is "obvious to an expert in the field", not "obvious to a alyperson".
If there is reasonable doubt as to the validity of a patent, then the patent examiners should consult with experts to determine the obviety or not of the claim.
What's the legal situation in the USA with regard to monies paid under duress and under protest? Is it as simple as writing "PAID UNDER DURESS" on your cheque and then taking them to Small Claims Court to get the money back?
I've started using kate for a book I'm writing. And it really is better than a word processor. I have my list of independent documents -- roughly corresponding to chapters -- in the left-hand pane, and the chapter I'm working on in the right-hand pane. I can flick between chapters -- handy if I need to move a paragraph -- without the need for endless scrolling. The simple monospaced font is not distracting. I know I needn't worry about what the text will look like once it's printed out; I can concentrate on the words, and deal with the letters later.
I'm sure this behaviour was really meant for complex programming projects where you have several source files and it's necessary to be able to flick between them..... but it's good for the other thing, too!
Actually, the metric system was a British invention -- the French were making a right mess of it and had to ask us for help. In return for not taking the credit, we got to claim a French invention as our own. We didn't call in that favour until 1959, when we pretended to have invented front-wheel drive cars (which had been around in France since the 1930s).
Why would it matter if Europe introduced software patents? Every European country has something on the books that says you can't apply a new law retroactively to some event that preceded it becoming law.. This means Microsoft would not automatically be granted patents on their software in Europe; they would have to apply for them once their inventions entered into the scope of patentability, as though they were new inventions. In the meantime, Linux et al can be cited as Prior Art to block the said patent applications.
Trademarks are lost automatically if you fail to defend them; patents are a bit more durable (though they're limited to a 20-year term). However, there's still a concept called "estoppel" where basically, if you don't take legal action as soon as you become aware that someone is doing something they shouldn't, you can give them an implied licence to continue doing it.
The problem with the BSD licence is that it allows other people to take all the hard work you did, then change it a tiny bit -- just enough so that your code no longer works with data that has been through their code -- and lock it up. (Which is precisely what Sun didn't want Microsoft to do to Java again).
Now, maybe you think that's not a problem and you can always write your own code to do the same thing as their closed extensions and then release it as Free Software. But why should you have to? Perhaps it's just me being lazy, but I don't really appreciate the thought that I might have to rewrite from scratch something for which someone else refused to release the Source Code. And weren't they being the lazy ones in the first place, expecting to be allowed to use my hard work which I intended to be for everyone as the basis for something they want to keep caged up?
The BSD licence just says "Sharing is not stealing". The GPL goes a step further and actually says "Not sharing is stealing".
Slashdot Mirror
No expiry date? I should hope not!
It's bad enough when gift vouchers have an expiry date. The way I see it, when I buy someone a gift voucher from a store, I am lending the store money; and by slipping the gift voucher inside a birthday card, I am transferring the debt to a third party. It's not fair for the store to dictate that they will refuse to honour the debt after a certain date.
What's worse, I bet if I took out one of the same store's payment cards (not sure why I'd want to: only valid in their own and other participating retailers' outlets, and up to twice the interest rate of a normal credit card, looks a poor value proposition to me), I bet they wouldn't like it if I said something like "If I haven't paid you back in full within 12 months, I'm not going to pay you anything at all".
Why should the store, as my debtor, be allowed to get away with imposing an expiry date on a gfit voucher? THEY OWE ME (or the recipient of the gift voucher) MONEY, FOR CRYING OUT LOUD!
Disclaimer: I Am Not An Economist (But I Am Tight With Money).
My point is that saying "the number of attacks depends upon the popularity of the software" is a cop-out. Apache HTTPD server is a more popular web server than IIS, yet it doesn't receive the proportion of web server attack attempts that you would expect if -- as the Windows fanboys maintain -- it was popularity alone that determined frequency of attack attempts.
However, the popularity of Windows as an operating system might actually not be entirely unrelated to its lax security (it's easy to set up if you don't give a fig who can get into it). If that is so, then Microsoft have a problem on their hands: anything they do to try to make Windows more secure will at the same time rob it of one of its selling points. Meanwhile, the Linux distros are catching up in the usability stakes and could be in a position to poach customers.
Yeah, sorry, wrong threat -- read-only is just to prevent anyone or anything from snarfing your data. Read-only and non-executable would be much better (barring a deliberate act on the user's part, something would have to copy it and execute the copy, which implies your system would already need to be compromised in order to get compromised that way).
Beh. At least it won't be spewing out adverts for fake pills and poorly-performing shares.
Apache isn't even a web server, it's a software company. Apache HTTPD is a web server (it stands for HTTP Daemon).
Just letting you know to be helpful.
The question left unanswered is: Is it generally easier or harder to make an exploit at the application level, as compared to the OS level? And, once we take this into account, how does the Apache HTTPD application monoculture then compare with the Windows OS monoculture?
Sorry, you failed it when you said "group policy". Who the hell actually uses that? It's used less often than a pay toilet in a forest, or a Slashdot user's rubber johnny.
Firewalls shouldn't be caring about which programs want access to the outside world. Firewalls should be caring about which bit of the outside world programs are trying to access -- and which bits of the outside world are trying to access the computer the firewall is protecting. And the decision of what to allow through the firewall or not should be taken by, or at least on the say-so of, a human user with administrative privileges.
All this basically stems from Microsoft's arrogant assumption that they know what is best for users.
Not just any local user. They have to have an entry in /etc/sudoers first, otherwise they get a scary message and root gets an e-mail. The Ubuntu installer only puts the first named user into the sudoers file. This user (or someone who knows their password: sudo asks the currently-logged-in user for their own password before running the root command) then has to so domething like "sudo visudo" and deliberately add other users to this file.
Anyone who has physical access to the machine can change any password (including the root password), though it does require at least a reboot and possibly unscrewing the case if the BIOS has been fiddled with.
Yeah, cos Apache HTTPD powers 2/3 of all web servers (and about half the rest are based on bastardised versions of the Apache codebase or its NCSA predecessor), and gets 2/3 of all web server exploits directed at it.
Oh, wait, that's bollocks. And so is your argument.
The Gateses are atheists (proof that someone can't be all bad). Your prayers aren't going to make any difference to them.
No, they should have designed their operating system properly in the first place and then they wouldn't need to respond to incidents like this. Changing important system files without the user's say-so ought to be a definite no-no. Microsoft, however, believe that (1) they know what is best for the user (hence there are some things that even an Administrator can't do) and (2) their software is worth more than your data (hence there is no obvious way to make USB sticks read-only for non-Admin users).
In real money, that's 30kg. Or four stone ten.
And then, if and only if it looks safe, you can use wget http://somesite.someisp.cc/some/long/filename.ext to download it for investigation.
By feeding the signals from my direct-drive (it's only a 4-pole motor -- I'm saving up for a 16-pole one :) ) turntable into two of the inputs of my Alesis MultiMix 8 USB mixer using RCA-to-6.3 adaptors, panning one full-on to the left and the other full-on right, cranking up the gain (you've already lost 6dB what with it being unbalanced and another 20db from it being the jack and not the cannon, but the too-low impedance of the latter will distort things worse) and then adjusting the tone controls (treble 9 o'clock, middle 12 o'clock, bass 3 o'clock) to correct for the pre-emphasis used in recording, I can get a nice digital signal (it's a Burr-Brown A-to-D) from a vinyl record (which I already own, so it's just as much Fair Dealing as taping a CD to listen in the car and don't tell me there's a single person in this courtroom who has never done that, your honour) anyway!
Once the controls are adjusted and the record is set up to play with the needle on the edge, start Audacity, select dsp1 as source (this may be different depending how your system is set up), begin recording and start the turntable motor. Come back later, top recording, look at waveform on screen, pick out individual tracks, paste each one as a new recording, trim start and end, save in preferred format (WAV, OGG, or even MP3 -- isn't it great living in a country where there are no maths patents?). Turn over record, repeat process.
NB. Tip from bitter experience: make sure that the room is cat-proofed for the entire duration!
But the wording of the alw is "obvious to an expert in the field", not "obvious to a alyperson".
If there is reasonable doubt as to the validity of a patent, then the patent examiners should consult with experts to determine the obviety or not of the claim.
What's the legal situation in the USA with regard to monies paid under duress and under protest? Is it as simple as writing "PAID UNDER DURESS" on your cheque and then taking them to Small Claims Court to get the money back?
I've started using kate for a book I'm writing. And it really is better than a word processor. I have my list of independent documents -- roughly corresponding to chapters -- in the left-hand pane, and the chapter I'm working on in the right-hand pane. I can flick between chapters -- handy if I need to move a paragraph -- without the need for endless scrolling. The simple monospaced font is not distracting. I know I needn't worry about what the text will look like once it's printed out; I can concentrate on the words, and deal with the letters later.
..... but it's good for the other thing, too!
I'm sure this behaviour was really meant for complex programming projects where you have several source files and it's necessary to be able to flick between them
It's 1435. Brunel's preferred gauge was 2140; almost, but not exactly, exactly 1.5 times as large.
Actually, the metric system was a British invention -- the French were making a right mess of it and had to ask us for help. In return for not taking the credit, we got to claim a French invention as our own. We didn't call in that favour until 1959, when we pretended to have invented front-wheel drive cars (which had been around in France since the 1930s).
Why would it matter if Europe introduced software patents? Every European country has something on the books that says you can't apply a new law retroactively to some event that preceded it becoming law.. This means Microsoft would not automatically be granted patents on their software in Europe; they would have to apply for them once their inventions entered into the scope of patentability, as though they were new inventions. In the meantime, Linux et al can be cited as Prior Art to block the said patent applications.
Trademarks are lost automatically if you fail to defend them; patents are a bit more durable (though they're limited to a 20-year term). However, there's still a concept called "estoppel" where basically, if you don't take legal action as soon as you become aware that someone is doing something they shouldn't, you can give them an implied licence to continue doing it.
The problem with the BSD licence is that it allows other people to take all the hard work you did, then change it a tiny bit -- just enough so that your code no longer works with data that has been through their code -- and lock it up. (Which is precisely what Sun didn't want Microsoft to do to Java again).
Now, maybe you think that's not a problem and you can always write your own code to do the same thing as their closed extensions and then release it as Free Software. But why should you have to? Perhaps it's just me being lazy, but I don't really appreciate the thought that I might have to rewrite from scratch something for which someone else refused to release the Source Code. And weren't they being the lazy ones in the first place, expecting to be allowed to use my hard work which I intended to be for everyone as the basis for something they want to keep caged up?
The BSD licence just says "Sharing is not stealing". The GPL goes a step further and actually says "Not sharing is stealing".
Unless you've got a Mac or a Linux box.