>This would be like tape-recording all your spoken conversations. You are ignoring the fact that most IM clients already let you do so, and I see no reason why Google couldnt also allow you to change from "logging" to "not".
As long as the default is logging, they have a valuable commodity.
Many posters are asking why Google, what would they add, etc..
What little vision!
First and foremost, searching archives of IM's sucks on almost every windows client there is. GAIM, Miranda, Trillian, AIM, MSN-IM, etc etc. Thats a niche waiting for them - they are the kings of search.
Second, for Google to be universal, they need contact management soon. They need to know WHO someone is. Orkut is a step there. Gmail's contact manager *sucks*.
Combine the two, AND an instant messenger that interoperates between all the networks ALA GAIM, and you suddenly have a complete profile, 6+ potential screennames, possibly a website, their gmail address, and voila - you have a strong awareness of who the user is.
NOW use THAT to improve search results - google for pages that Linus Torvalds wrote. Now google knows what his IM names are, what his webpage is, what his gmail address is, and can specify ALL of those pages containing those items as "better hits" than just any webpage. It can even do it transparently (hidden) for better security.
Taking it a step further, you now have the makings of a web-based contact management system - email, IM, blogs, profiles, images, all from their various packages.
"Jeeze slash dot people will bitch about the government taking away their rights but then call for them to take away the rights of others"
Right - I'm for INDIVIDUAL rights and AGAINST unrestricted, uncontrolled, money-makes-right (and nothing else does) businesses.
It's telling that you say "take away the rights of others" - businesses ARE NOT PEOPLE - they are sources of income and profit, not human beings. Human beings have rights - corporations have rules.
Yet again, if you'd RTFA, Turner gives great arguments as to why the government *must* exercise some control over these businesses.
And if you'd RTFA, he completely covers that point - noting why it happened, why he would do it again, and why its horribly, horribly broken to be able to.
The government isnt doing its job, and he makes it clear that big media will only get bigger unless government starts doing its job again.
I'll be honest - I've used both, and while philosophically I leaned towards Miranda, I've given up on it.
Why?
Because on multiple occasions, I've reported bugs with great detail regarding issues with connectivity, and after six releases, the issues never got better.
As it is even today, I can load Trillian or Gaim and have no problem connecting to the four corporate networks, but Miranda WONT. Thats pitiful.
Thats why I switched to GAIM - There are *many* plugins and options I really miss from Miranda, but those don't come close to comparing to the simple issue of protocol support. If I cant chat, I cant use the features (duh).
I'm not alone in it either - the threads I reported my issues in became some of the most-responded-to threads they have.
Yet still no fix months later.
Old arguments, all flawed..
on
Browser Wars 2004
·
· Score: 5, Insightful
>I can deploy an IE patch to 5000 systems in an hour. How will I do that with these alternative browsers?
The same way you do the IE patch - using SMS. If you use SUS instead, then add SMS to your list of neat-o technologies and voila.. you can push out auto-updates to ANY app - not just MS ones.
Thats of course ignoring startup scripts, domain login scripts, and good-old-fashioned "You must install this app or your email access will be restricted until you do". Lots of alternatives.
>These browsers are good bets from a security point now, but why would they be safe in 6 months, or a year? Because they are designed with better security paradigms - they don't by default trust DATA as EXECUTIBLE CODE.
>As these browsers gain market share, they will be everyone's new favorite target, and there for no better off Wrong. See Apache v. IIS. Far more Apache servers, and its attacked far less than IIS, and far less effectively. Market share != vulnerability. Even if it did, alternative browsers wont reach "majority" status for AT LEAST two years - even at the current-this-week migration %'s.
>Additionally, users will clamor for the same features, bells, and whistles IE has Users already clamor for the features, bells, and whistles that IE *DOESNT* have that the other browsers have - tabbed browsing, pop-up blocking, and *real* css and png support. So much so that - oh look - SP2 will fix some of those "issues".
>don't switch because of security. Why not? Because anything computer related will be compromised.
Somethings are compromised more easily - security is rarely black and white, and it definitely isnt here.
Same here. I posted earlier this morning similar effects, and it hasnt changed in several hours.
I see (thanks to bittornado) that there are people downloading at 300k+.. but I have ports forwarded, have been connected for some time now, have 15 peers, and yet 0 seeds.
Not having english as your official language is one heck of a long distance away from "cannot speak one word in English".
Some googling found..
According to research by the British Council, "English has official* or special status in at least seventy-five countries with a total population of over two billion. English is spoken as a native* language by around 375 million and as a second language* by around 375 million speakers in the world. Speakers of English as a second language will soon outnumber those who speak it as a first language. Around 750 million people are believed to speak English as a foreign language
That puts the number at over 1.5 billion people able to speak "one word in english" at least.
Thats ignoring the "most computer users speak english" argument.
So yeah, I'd say for a decent number of people, CD #4 can probably be skipped.
"There was a substance that had similar properties produced in the past, but that fire suppression liquid was damaging the ozone layer. The new substance by Tyco is supposed to be environmentally safe."
If you simply open a mail right now - a maliciously created one - you can have code run as your user. (http://www.us-cert.gov/cas/techalerts/TA04-099A.h tml)
No AV signature. No patch available. No need to click on an attachment. Firewalls don't block it. No need to download it with p2p.
Windows is NOT secure - the design choices they made remove the seperation between data and functional code, removes the seperation between priveldged user and non-priv, and as a result, its just a matter of WHEN the vulnerabilities are found.
You listed ways to mitigate the insecurity - doesnt change the fact that it IS insecure.
Sorry, but this statement is a little too broad. As far as I am aware (and I'm open to being proven wrong - bait!) a large amount of "The Internet" is powered by Cisco routers which run the proprietary operating system IOS. I accept that there are a large amount of Sendmail/Postfix/Exim/Qmail boxes around pushing email, but there are also a hell of a lot of MS Exchange Servers and IBM Lotus servers pushing email as well powering corporate email.
Sendmail, Apache, BIND. Three Opensource programs each with over 50% market share on the internet at large. Not at all an overgeneralization. All of the root servers save three are running BIND. Thats the majority of the internet being powered by opensource.
2. "The Internet is the carrier for open source."
As it is for proprietary systems. Not always, and less so. While WinZip might be distributed online, generally proprietary software is sold in retail chains, through corporate purchasing agreements, etc. Not the internet.
3. "The Internet is also the platform through which open source is developed."
That is because open source is largely decentralised. Business itself is decentralising to some degree (although not to the same level as Open Source - but this can be as much a strength as a presumed weakness).
He was mentioning it as a strength - just because it can also be a weakness doesn't change his statement.
4. "It's simply going to be more secure than proprietary software."
This is the one that erks me the most. Lets take a look at the nuts and bolts of the O/S rather than the user interaction. There have been probably (if someone has stats, I would love to see them) as many Linux (think SSH + FTP + Telnet etc...) exploits out there as there have been on Windows (think IIS).
Generally not true. By numbers, Linux generally has fewer. However, more importantly is the impact - how severe is the risk (priv escalation, or remote root compromise?), and how widespread is the impact? (A single OS version has a 60% penetration worldwide).
The more the Linux front-end bloats like Windows has over the years and the more "features" that get added to various products introduce security risks.
But the fundamental design decisions (seperation of priveldge, power users, non-root users by default) ensure LESS impact. Not to mention the many-eyes theory has proven generally true to date (with notable failures).
The fact that the source is open means that people can exploit it rather than by trial and error or just hacking around than by actually analysing the source and finding weaknesses in it like people did with the Windows leaked source code.
Which do you see more worms for - Apache or IIS? The code is available for Apache, its more widely deployed, and yet FAR more exploits exist for IIS than Apache. Its not source availability making it less secure - its poor programming.
Most of the bad security press (especially recently) has been Outlook (Express) based Worms and this was do to introducing a good idea (feature) that turned sour.
No - it is (continuing - not past tense) due to a fundamental design choice. Microsoft products treat DATA and CODE as one and the same - the result being that there is no seperation between them, and content can be active. In almost all unix systems, the exact opposite choice is made.
That's why you don't see it happen on unix/linux systems - design decisions.
6. "Incentives around open source include the respect of one's peers."
At our (proprietary) office peer respect amongst coders is pretty high too. Are we an exception? How many people are in your office? That you hear the opinions of on a daily basis? The kernel mailing list alone has 100x the number of *notable* people I encounter on a daily basis - its about scope, volume, quality, and im
Slashdot Mirror
>This would be like tape-recording all your spoken conversations.
You are ignoring the fact that most IM clients already let you do so, and I see no reason why Google couldnt also allow you to change from "logging" to "not".
As long as the default is logging, they have a valuable commodity.
Many posters are asking why Google, what would they add, etc..
What little vision!
First and foremost, searching archives of IM's sucks on almost every windows client there is. GAIM, Miranda, Trillian, AIM, MSN-IM, etc etc. Thats a niche waiting for them - they are the kings of search.
Second, for Google to be universal, they need contact management soon. They need to know WHO someone is. Orkut is a step there. Gmail's contact manager *sucks*.
Combine the two, AND an instant messenger that interoperates between all the networks ALA GAIM, and you suddenly have a complete profile, 6+ potential screennames, possibly a website, their gmail address, and voila - you have a strong awareness of who the user is.
NOW use THAT to improve search results - google for pages that Linus Torvalds wrote. Now google knows what his IM names are, what his webpage is, what his gmail address is, and can specify ALL of those pages containing those items as "better hits" than just any webpage. It can even do it transparently (hidden) for better security.
Taking it a step further, you now have the makings of a web-based contact management system - email, IM, blogs, profiles, images, all from their various packages.
Sounds visionary to me!
RTFA - He did make his flight eventually in each case. Airport supervisors overruled the counter reps, and away he went.
http://www.imdb.com/title/tt0102511/
Teenagers.. Me and the friends, see a movie in the paper thats NOT RATED, think - Oh yea, lets go see that..
Typewriters turn into cockroaches/beetles. Monkey's in cages. Men named "KIKI".
Worst.. Movie.. Ever.
"Jeeze slash dot people will bitch about the government taking away their rights but then call for them to take away the rights of others"
Right - I'm for INDIVIDUAL rights and AGAINST unrestricted, uncontrolled, money-makes-right (and nothing else does) businesses.
It's telling that you say "take away the rights of others" - businesses ARE NOT PEOPLE - they are sources of income and profit, not human beings. Human beings have rights - corporations have rules.
Yet again, if you'd RTFA, Turner gives great arguments as to why the government *must* exercise some control over these businesses.
And if you'd RTFA, he completely covers that point - noting why it happened, why he would do it again, and why its horribly, horribly broken to be able to.
The government isnt doing its job, and he makes it clear that big media will only get bigger unless government starts doing its job again.
I'll be honest - I've used both, and while philosophically I leaned towards Miranda, I've given up on it.
Why?
Because on multiple occasions, I've reported bugs with great detail regarding issues with connectivity, and after six releases, the issues never got better.
As it is even today, I can load Trillian or Gaim and have no problem connecting to the four corporate networks, but Miranda WONT. Thats pitiful.
Thats why I switched to GAIM - There are *many* plugins and options I really miss from Miranda, but those don't come close to comparing to the simple issue of protocol support. If I cant chat, I cant use the features (duh).
I'm not alone in it either - the threads I reported my issues in became some of the most-responded-to threads they have.
Yet still no fix months later.
>I can deploy an IE patch to 5000 systems in an hour. How will I do that with these alternative browsers?
The same way you do the IE patch - using SMS. If you use SUS instead, then add SMS to your list of neat-o technologies and voila.. you can push out auto-updates to ANY app - not just MS ones.
Thats of course ignoring startup scripts, domain login scripts, and good-old-fashioned "You must install this app or your email access will be restricted until you do". Lots of alternatives.
>These browsers are good bets from a security point now, but why would they be safe in 6 months, or a year?
Because they are designed with better security paradigms - they don't by default trust DATA as EXECUTIBLE CODE.
>As these browsers gain market share, they will be everyone's new favorite target, and there for no better off
Wrong. See Apache v. IIS. Far more Apache servers, and its attacked far less than IIS, and far less effectively. Market share != vulnerability. Even if it did, alternative browsers wont reach "majority" status for AT LEAST two years - even at the current-this-week migration %'s.
>Additionally, users will clamor for the same features, bells, and whistles IE has
Users already clamor for the features, bells, and whistles that IE *DOESNT* have that the other browsers have - tabbed browsing, pop-up blocking, and *real* css and png support. So much so that - oh look - SP2 will fix some of those "issues".
>don't switch because of security. Why not? Because anything computer related will be compromised.
Somethings are compromised more easily - security is rarely black and white, and it definitely isnt here.
Blasphemy. All Jedi had was a bunch of muppets.
No.
You can run php as a standalone executible, which then runs an ip stack.
I tested side-by-side with a number of sites, and its not reporting the same thing that the IE googlebar does.
On many sites, it takes a LONG time to get it, and then it simply displays "10", which needless to say is inaccurate.
Even does it on sourceforge.net.
I'm guessing its not scaling well, and the slashdot effect is messing it up.
It is true - you cannot take away that freedom.
:)
As soon as I download a GPL'd release, I can fork from that day on, regardless of any changes you choose to make.
MT pre-3 didn't allow you the same rights the GPL does, so no, its not the same either.
Does fedora.us still develop seperately from fedora-redhat?
My impression was that they were still two seperate distro's, despite the PR in the other direction.
No, they are properly forwarded. Bittornado shows the beautiful blue light, not the ugly yellow.
Same here. I posted earlier this morning similar effects, and it hasnt changed in several hours.
I see (thanks to bittornado) that there are people downloading at 300k+.. but I have ports forwarded, have been connected for some time now, have 15 peers, and yet 0 seeds.
My download rate has varied from 0-12k.
So far, Bittorrent blows in my book.
Which yum server are you accessing?
freshrpms.net doesnt have it yet..
I'm not a newb.
To each point in the faq:
- Be patient, wait for others. Thats the point of my post.
- Make sure torrent is live. Check - downloading is occuring.
- Limiting upload rate can help. Check - its limited.
- Allow outgoing connections. Check - its wide-open, and obviously working, since I mentioned people downloading from me.
- Don't use NAT. Check - not using NAT.
- Firewall has openings for all ports needed.
So whats your brilliant idea, moron.
Some googling found..
That puts the number at over 1.5 billion people able to speak "one word in english" at least.
Thats ignoring the "most computer users speak english" argument.
So yeah, I'd say for a decent number of people, CD #4 can probably be skipped.
185 hours remaining?!? .. We need to get more people downloading this. Lets post it on..
Crap.
Okay, seriously, whats with the ultra-slow download speeds? At best, I'm maxxing out at 12-14KiB/s.
I'm uploading at over 24KiB/s..
Need more torrents to suck from, methinks.
Uhh, no. If we were to be consistently illogical, it would be..
Days in a month, which are in a year.
(mm-dd-yy)
Seconds in an minute, which are in an hour.
(mm:ss:hh)
But we generally use hours, minutes, seconds (hh:mm:ss), and month, day, year (mm-dd-yy).
Why? Because we hate the metric system, consistency, clarity, and other non-US crap.
Don't even get me started on daylight savings time.. sigh.
"There was a substance that had similar properties produced in the past, but that fire suppression liquid was damaging the ozone layer. The new substance by Tyco is supposed to be environmentally safe."
Bzzzt, wrong.
h tml)
If you simply open a mail right now - a maliciously created one - you can have code run as your user. (http://www.us-cert.gov/cas/techalerts/TA04-099A.
No AV signature.
No patch available.
No need to click on an attachment.
Firewalls don't block it.
No need to download it with p2p.
Windows is NOT secure - the design choices they made remove the seperation between data and functional code, removes the seperation between priveldged user and non-priv, and as a result, its just a matter of WHEN the vulnerabilities are found.
You listed ways to mitigate the insecurity - doesnt change the fact that it IS insecure.
Fedora Core 2 Test 1 was specifically mentioned on the fedora mailing list to NOT be forward-compatible to Final.
Meaning, you could not upgrade (apt/yum/etc) directly from Test 1 to Core 2 Final.
Does anyone know if forward-upgradability is supported/endorsed for Test 2?
Funny thing is, a few clicks in, and its fairly clear that they dont do anything that couldnt work on Mozilla or Konq.
Bizarre.
1. "The Internet is powered by open source."
Sorry, but this statement is a little too broad. As far as I am aware (and I'm open to being proven wrong - bait!) a large amount of "The Internet" is powered by Cisco routers which run the proprietary operating system IOS. I accept that there are a large amount of Sendmail/Postfix/Exim/Qmail boxes around pushing email, but there are also a hell of a lot of MS Exchange Servers and IBM Lotus servers pushing email as well powering corporate email.
Sendmail, Apache, BIND. Three Opensource programs each with over 50% market share on the internet at large. Not at all an overgeneralization. All of the root servers save three are running BIND. Thats the majority of the internet being powered by opensource.
2. "The Internet is the carrier for open source."
As it is for proprietary systems.
Not always, and less so. While WinZip might be distributed online, generally proprietary software is sold in retail chains, through corporate purchasing agreements, etc. Not the internet.
3. "The Internet is also the platform through which open source is developed."
That is because open source is largely decentralised. Business itself is decentralising to some degree (although not to the same level as Open Source - but this can be as much a strength as a presumed weakness).
He was mentioning it as a strength - just because it can also be a weakness doesn't change his statement.
4. "It's simply going to be more secure than proprietary software."
This is the one that erks me the most. Lets take a look at the nuts and bolts of the O/S rather than the user interaction. There have been probably (if someone has stats, I would love to see them) as many Linux (think SSH + FTP + Telnet etc...) exploits out there as there have been on Windows (think IIS).
Generally not true. By numbers, Linux generally has fewer. However, more importantly is the impact - how severe is the risk (priv escalation, or remote root compromise?), and how widespread is the impact? (A single OS version has a 60% penetration worldwide).
The more the Linux front-end bloats like Windows has over the years and the more "features" that get added to various products introduce security risks.
But the fundamental design decisions (seperation of priveldge, power users, non-root users by default) ensure LESS impact. Not to mention the many-eyes theory has proven generally true to date (with notable failures).
The fact that the source is open means that people can exploit it rather than by trial and error or just hacking around than by actually analysing the source and finding weaknesses in it like people did with the Windows leaked source code.
Which do you see more worms for - Apache or IIS? The code is available for Apache, its more widely deployed, and yet FAR more exploits exist for IIS than Apache. Its not source availability making it less secure - its poor programming.
Most of the bad security press (especially recently) has been Outlook (Express) based Worms and this was do to introducing a good idea (feature) that turned sour.
No - it is (continuing - not past tense) due to a fundamental design choice. Microsoft products treat DATA and CODE as one and the same - the result being that there is no seperation between them, and content can be active. In almost all unix systems, the exact opposite choice is made.
That's why you don't see it happen on unix/linux systems - design decisions.
6. "Incentives around open source include the respect of one's peers."
At our (proprietary) office peer respect amongst coders is pretty high too. Are we an exception?
How many people are in your office? That you hear the opinions of on a daily basis? The kernel mailing list alone has 100x the number of *notable* people I encounter on a daily basis - its about scope, volume, quality, and im