I am not very knowledgeable about security issues, but I am curious if the inclusion of security modules in the kernel will provide for a single point of failure. In other words, as more programs become dependent on the kernel module for security, if an exploit becomes available, will all these dependent programs become exploitable?
The single point of failure argument is interesting.
With a Single point of failure, if there is a bug everything is broken.
With multiple points of failure, if there is a bug in one, the rest are unaffected. Of course, you still get hacked (unless you have defence in depth).
In the simple case, I'd prefer a single point, which is easier to manage, then to worry about the security of ssh + kerberos + SSL + IPSec + GPG + anything else that uses crypto.
Another point is that this is only a crypto API, not security itself. An application still has to use it correctly, and most security related issues are things like buffer overflows, which are not directly related to crypto implementations.
Finally, most of the crypto apps I use (OpenSSH, Apache, GPG) work accross multiple platforms. If Linux is the one of the few that supplies a crypto API, they will still have to develop and ship their own impelmentations. If they have to write and ship their own implementation anyway, why bother to use the Linux API at all?
Most of the time bugs are only addressed by MS if you have TOP level support. IE you paid them big bucks per year per incident to get it fixed. Otherwise you get the 'we might get around to fixing it in about 20 versions'. No money to fix no fix...
If you do pay them money, they can be very nice.
While working for a former employer with a mixed NT/Unix web site we managed to get Microsoft to write a patch for part of IIS (v5 ftp) within a few weeks. From memory it was 5 weeks from the first report to us recevieing a DLL, might have been as little as 3 1/2, but it was less then 6.
This was also a fairly marginal "bug". IIS FTP would display the filename in all capitals, and as we were using IIS to upload content inot a mixed NT/Unix environment, we cared a lot about case.
I can't remember how much we were paying them, and it wasn't in $US, but for the monay we had access to 100 pre-paid support calls. We could use them for any microsoft related issues, including Microsoft-Unix compatibility issues, and if the problem turned out to be a bug in a microsoft product, they "refunded" you your pre-paid support call. Not that we used all 100 calls in a year, but by doing this they are nicer then a lot of other people out there.
I can't say I really like most of their products, but their support/service division really worked hard for us. Most support calls with other vendors that encounter bugs end up with "we've recorded that probelm, and will fix it in the next release". This was the first time that a support call I was involved with resulted in a patch begin written.
A similar story was told to me by an "old timer" who claimed to have been told this by a technician at a Digital training course.
There was a site in London, in a multi-story building facing the Thames. Apparently the operators room had a nice view of the river and some shipping wharves.
There VAX/VMS system was crashing about once a month. not every month, but it happened enough that it was obvious that if the system would crash, it would be sometime in a particular 24 hour period. The system had been checked thoroughly, and has so many parts replaced it was almost a new system, but still it crashed.
In the end, a Digital technetium was dispatched to spend the night in the server room and be they're when the system was due to crash. He was standing at the window, looking at the UK Navy Battleship that was tied up at the wharf, by the light of a full moon. As he was watching the ship was slowly rising on the tide, until the radar antenna reached the level of the window, and behind him, the system crashed.
Once a month, the tide was especially high, and the Battleship's radar lined up with the server room window. Shielding the window fixed the problem.
The poor ranking of the United States (17th) is mainly because of the number of journalists arrested or imprisoned there. Arrests are often because they refuse to reveal their sources in court. Also, since the 11 September attacks, several journalists have been arrested for crossing security lines at some official buildings.
This isn't about mainstream ballance, its about journalists in jail.
Just following up on this and other replies. It has been said several times that the parent of the parent is incorrect, and several people have asked why it was modded up.
I don't know why it was modded up, but I have moderator points, and I'm not going to mod it as overrated. I'm posting instead.
Moderation shouldn't be about correct or incorrect. It should be about improving the discussion. Its better to leave the post alone and reply to it, that way both view points can be expressed.
Leave the readers to make up their own minds, rather then censoring any views that you disagree with.
``I don't know what you do to protect your shareholders and preserve your market capitalization except to out-innovate the Linux community.''
If Microsoft can do that, more profit to them. If they can provide the products people want and can afford, then they have nothing to worry about.
The problem is that they are a monolithic company. They have an official policy, some one decides to run a project, and throws programmers at it. They can make large scale (if not reliable) software quickly because they can afford to pay hundreds of programmers.
What they can't emulate is the ideas that come from a grass-roots community. If any one person has an idea, they can start to work on it. They have a huge body of software to research and re-use code from, and if they can demonstrate something that other people find useful, they can quickly gather programmers to the project.
Because it starts small, it may take longer to finish. But because it starts small, hundreds of ideas can be quickly tested, with the best being developed and improved by the community.
You honestly havn't heard that during the Iran-Iraq war the US supplied military advice to Saddam, advise that included helping with battle plans that involved the use of poinson gas?
This isn't a conspiracy theory. Its a fact. It was reported widly internationaly, I am suprised if it wan't reported in the US.
Please at least read the article. The point wasn't that that many people may or may not be dying, it was that the US administration at the time considered this acceptable.
My comments about isreal are not idiotic. Most of the world hit India and Pakistan with sanctions when they started testing. No one has proved any link between Saddam and any terrorist organisation ataching the west. In fact, what on earth makes anyone think that he would share these weapons? If he has them, they are a source of power. If he gives them away, he is giving power away to other people.
Look, stuff this, I'm not going to convince you. If your the sort of person who agrees that the deaths of half a million children is acceptable, then what can I say to change that.
You can charge someone as much as you like for a GPL program, but you can't stop them from on-selling a copy for as much (or as little, ie $0) as they like. Having to send $5 to microsoft with each copy would conflict with that.
you should be free to redistribute copies, either with or without modifications, either gratis or charging a fee for distribution, to anyone anywhere. Being free to do these things means (among other things) that you do not have to ask or pay for permission.
that would be the point. the SAMBA team has worked their ass off reverse-engineering the windows protocol. why would they want anyone to be allowed to build off their work, close the source, and start selling what is essentially the SAMBA team's work?
Hats off to the Samba team for reverse engineering SMB/CIFS, they have done an excelent job. I don't want to diss them in any way, they have done so much.
But they are not there yet. Unless the latest version has improved A LOT they are no where near full compatibility. Its great for most things, but there are still several points that make SAMBA not quite sit right in a NT4/NT5(.1) environment. I'm sure samba could be improved with access to these specifications.
Most of the bull-shit I see about Iraq is coming out or GWB's mouth. The inspectors weren't kicked out, they were pulled out by the UN because the US and the UK were about to start dropping bombs. Would you have stayed?
The US has consistently blocked any meaningful treaty on the prohibition of chemical and biological weapons. Any proposal that would allow non-US countries to inspect US facilities has been rejected.
As for nuclear weapons, its need well known that Israel has been developing nuclear weapons for some time. Of course, they don't get the diplomatic equivalent of a cease and desist order from the US, they get diplomatic (and financial) backing.
I don't agree with sadam, but I don't agree with the US either.
then request and sign two forms - one of them promising secrecy - just to see the license terms and find how much Microsoft is charging for the information.
Open Source Developer:
Ok, Mr. Gates, you will sell me the protocol specs. How much?
Microsoft Rep:
I could tell you, but then I'd have to kill you. Sign this NDA instead.
I'm not trying to be a rabid anti-Microsoft here. They are in business, and they are entitled to make money from their work. From a legal standpoint, they have acted illegally, and were told to behave better. Are they really behaving better?
Another point
Since Microsoft is charging a royalty fee to use the communications protocols, any open-source developer - those who contend that sharing software blueprints is the best way to build products - would not be able to use them.
If they acted illegally, and to make up for that illegal behaviour, they had to level the playing field up a bit. Linux (along with apple) is one of two main competitors. So they release the protocol specs under a license that effectively prohibits its use in Linux. Hmmm.
Just another viewpoint. I'm not here to karma whore, but it does make you think.
but I don't care about the security of your box, especially when compared to the security of my box
Care. If you are in the US you are even more vulnrable to this then those of us in countires with a smaller internet presence.
The site I worked for had enough bandwidth avaibale to take a noticable chunk out of the countries international links. If some one couldn't hack your site, but could hack a large site "close" to you then they could DOS you out of existance. They much not be able to hack you, but they can shut you down. For a home site, maybe you don't care? If you running a business off the web, its bad news.
Because Privlidge Seperation is in there, even a serious bug will (now) only result in a compromise of a non-privlidged user account.
That's enough to negate any concerns.
I've heard this argument before, and I don't think it holds water.
Firstly, do you patch all local privilege escalation vulnerabilities as quickly as you patch remote vulnerabilities? I know I don't.
Even if there are no local vulnerabilities, they can still scan you system for useful information. They can then use you system to attack other systems from behind you firewall. Do you have a local firewall rule that disallows all outbound connections?
We had a presentation from a (proxy) firewall vendor that used a hardened OS. They were very proud that each proxy ran in its own little sand-box. The mail outside mail daemon could only access port 25 on the outside NIC, and could only pass email to the inside daemon via a shared spool directory. Their OS prevented any other access from that process.
Whenever we asked about a specific version of a daemon, they would refer to this sand-boxing and tell us that it wouldn't matter if a particular proxy was hacked out, there was no way the hacker could break through the firewall.
The company I worked for ran one of the largest (top 10, maybe top 5) web sites in our country. There would have been maybe a dozen other websites with similar bandwidth, and maybe the same number of ISPs. We had to sit down an carefully explain to these sales people that even if the hacked proxy could only access one port on the outside NIC of the firewall, it could DOS almost any other site in the country.
They left that presentation with worried looks on their faces, and promised to get back to us with the version numbers we were asking for.
Moral of the story: Any malicious use of you systems is a bad thing. "Privilege Separation" may stop them from rooting the box running OpenSSH, but a malicious hacker could still do a lot of damage.
Minux wasn't intended to help you learn how to use a UNIX, it was intended to help you learn how to write UNIX.
It was written to be used as lab work for Operating sytem courses. I don't know about the "no users since 1996" comment. As recently as 1999 (when I was last in University) a group of undergrads were writing a process migration system for it.
While I agree BSD or Linux are probably much more practical for production use, they are a bit more daunting to the programming student.
If my kid gets home after curfue I don't care that he got held up at the train tracks and I sure don't expect the train conductor to do his job any differently because of him.
So you kid is on his way home, does the right thing and heads off with plenty of time to catch the train home, and then finds that the train aren't running, and you wouldn't cut s/he any slack? I hope thats not what you saying.
Say the trains are stuffed up, and the conductor has shut the doors, but the train hasn't pulled out yet. You kid is standing outside a train that will get s/he home on time, but the doors are shut. You don't think the conductor could do what I think is the right thing and leave the doors open until the train is ready to go? Expecialy if asked? "Please sir, If I don't get this train I'm going to miss my curfue and my dad is going to hit the roof. Can you open the doors for me?"
I probably shouldn't be starting a new thread this late, but I can't see an appropriate place to post this.
I was a sys-admin for a non-US news website during September 11. Basically we were hit hard, mainly because of the time-zones. Because the organization I worked for (I don't name them, but you should be able to figure it out if you know me) mainly produces old-media news, and re-purposes most of that for the Internet. Because of the time-zone difference, most of the action was over by the time I got into work.
Apparently, the late TV news shift had just finished the last broadcast for the night and was heading home when the news broke. They turned around and stayed on deck until the morning shift came in to take over.
We received a weeks worth of hits in less then 24 hours. Our load-balanced redundant web servers were purring along, not quite maxed out but very little room to spare.
The biggest killer was bandwidth. Looking at the bandwidth stats our international PVC (about 1/4 of our capacity), maxed out early in the morning, and was taken down briefly twice to increase its share of the total bandwidth.
In the end, we reached over 80% utilisation of our total pipe. This may not sound much, but at the time we had never used more then 40% of what we had available that day. I think the only reason we didn't go any higher was that something upstream was maxed out. My guess is the US link out of my country.
Several steps were taken to improve the performance of the website during the day. The main page was replaced by a news summary with a link to the old main-page. Most people only wanted the latest news on New York, so they could get that without hitting the rest of the content. We had to fine-tune the web servers a few time, and I've already mentioned the tuning to increase the share of international traffic.
HTTP was not the bandwidth killer. Because of the extended news coverage, the video from the news studio was streamed directly onto the Internet. Usually we use static video files or live stream specific shows, but the video stream was on for something like 12 hours, and that killed our pipe. I presume the streamed radio stations were also popular, but I haven't seen the statistics on that.
We survived, just. The biggest problem was that we were not ready, and that we had to react. If we were fully ready, or we could have reacted more quickly, then we would have done much better. The trouble was that these events happened during the night our time, and the staff on at that stage didn't know that there were things that the day staff could have done to help the load problems.
I don't think that you can expect a news site to be able to fully deal with an event like September 11. You can't justify having 10 times the bandwidth you normally use, just for a once in a decade event. You have to aim for the once-a year event, and try to deal with the other cases as best you can.
My point was about risks. If there is no risk, then no crime has been committed. Of course, I would wonder why the hell there is a set of lights there if you can clearly see there is no one coming along.
I might believe this if you came to a full stop before proceeding though the intersection. If you just sail through barely slowing down then you could kill someone like me who would drive through a green light at the speed limit.
You might thing there is space, but how many accidents have you seen caused by people thinking there was just enough space/time/room and finding out otherwise.
Extreme example. I take a gun, walk up to a house and random, and fire a bullet through the front door. This is the act , what I do.
There are two possible consequences .
no one is hurt, either no one was home, or the bullet missed them
Some one gets hurt or killed.
In both cases, the act is the same. I decided to do something, something that was dangerous. But the consequences were very different. I think in most countries the act by itself would be a crime. This is an extreme example, but I think it invalidates the argument "but is he hurting anyone?" Travelling at high speed on the public road puts other people at risk, speed limits are intended to reduce that risk to an acceptable level. If you do half again the speed limit, you are putting those around you at a much higher risk, and that should be illegal.
Of course you have the ability to confront you accuser.
I will state up from that I'm against automated cameras as a revenue raising system.
I have trouble understanding people who think that they have to be seen by a police officer before they are guilty of something. And that somehow the machine is accusing them of committing a crime.
I don't know about how red-light cameras operate in the US, but in my country they take two photos, about half a second apart. If both those photo's show your car in sitting one foot over the stop line, then you never hear from the police. Oh, the cameras are set so they capture the lights as well as the car.
If the first shows you car half over the line, and the second shows your car halfway through the intersection, then you receive a letter saying have been caught, do you want to accept the fine or do you want to go to court. To help you decide you can go into police headquarters and look at the photos or for $5 we'll send you a copy.
The machine isn't accusing me of anything. A police officer, who is in possession of physical evidence (a pair of photos) is accusing me of doing something illegal. Does it really matter that a machine decided to take those photos?
What if a person had taken a photo of a crime, but they didn't realise that a crime was being committed until the photos were developed. Are those photo's evidence?
Slashdot Mirror
The single point of failure argument is interesting.
With a Single point of failure, if there is a bug everything is broken.
With multiple points of failure, if there is a bug in one, the rest are unaffected. Of course, you still get hacked (unless you have defence in depth).
In the simple case, I'd prefer a single point, which is easier to manage, then to worry about the security of ssh + kerberos + SSL + IPSec + GPG + anything else that uses crypto.
Another point is that this is only a crypto API, not security itself. An application still has to use it correctly, and most security related issues are things like buffer overflows, which are not directly related to crypto implementations.
Finally, most of the crypto apps I use (OpenSSH, Apache, GPG) work accross multiple platforms. If Linux is the one of the few that supplies a crypto API, they will still have to develop and ship their own impelmentations. If they have to write and ship their own implementation anyway, why bother to use the Linux API at all?
If you do pay them money, they can be very nice.
While working for a former employer with a mixed NT/Unix web site we managed to get Microsoft to write a patch for part of IIS (v5 ftp) within a few weeks. From memory it was 5 weeks from the first report to us recevieing a DLL, might have been as little as 3 1/2, but it was less then 6.
This was also a fairly marginal "bug". IIS FTP would display the filename in all capitals, and as we were using IIS to upload content inot a mixed NT/Unix environment, we cared a lot about case.
I can't remember how much we were paying them, and it wasn't in $US, but for the monay we had access to 100 pre-paid support calls. We could use them for any microsoft related issues, including Microsoft-Unix compatibility issues, and if the problem turned out to be a bug in a microsoft product, they "refunded" you your pre-paid support call. Not that we used all 100 calls in a year, but by doing this they are nicer then a lot of other people out there.
I can't say I really like most of their products, but their support/service division really worked hard for us. Most support calls with other vendors that encounter bugs end up with "we've recorded that probelm, and will fix it in the next release". This was the first time that a support call I was involved with resulted in a patch begin written.
A similar story was told to me by an "old timer" who claimed to have been told this by a technician at a Digital training course.
There was a site in London, in a multi-story building facing the Thames. Apparently the operators room had a nice view of the river and some shipping wharves.
There VAX/VMS system was crashing about once a month. not every month, but it happened enough that it was obvious that if the system would crash, it would be sometime in a particular 24 hour period. The system had been checked thoroughly, and has so many parts replaced it was almost a new system, but still it crashed.
In the end, a Digital technetium was dispatched to spend the night in the server room and be they're when the system was due to crash. He was standing at the window, looking at the UK Navy Battleship that was tied up at the wharf, by the light of a full moon. As he was watching the ship was slowly rising on the tide, until the radar antenna reached the level of the window, and behind him, the system crashed.
Once a month, the tide was especially high, and the Battleship's radar lined up with the server room window. Shielding the window fixed the problem.
This isn't about mainstream ballance, its about journalists in jail.
If your interested in media bais in the US, I would recoment Manufacturing Consent, by Herman and Chomski. Also google on chomsky or read the Bad News Archive.
Noam Chomski is one of the few people I really respect in the world. Even if you disagree with him entirly, you should at least read some of his work.
Just following up on this and other replies. It has been said several times that the parent of the parent is incorrect, and several people have asked why it was modded up.
I don't know why it was modded up, but I have moderator points, and I'm not going to mod it as overrated. I'm posting instead.
Moderation shouldn't be about correct or incorrect. It should be about improving the discussion. Its better to leave the post alone and reply to it, that way both view points can be expressed.
Leave the readers to make up their own minds, rather then censoring any views that you disagree with.
Only because the smart ones get called politicians.
If Microsoft can do that, more profit to them. If they can provide the products people want and can afford, then they have nothing to worry about.
The problem is that they are a monolithic company. They have an official policy, some one decides to run a project, and throws programmers at it. They can make large scale (if not reliable) software quickly because they can afford to pay hundreds of programmers.
What they can't emulate is the ideas that come from a grass-roots community. If any one person has an idea, they can start to work on it. They have a huge body of software to research and re-use code from, and if they can demonstrate something that other people find useful, they can quickly gather programmers to the project.
Because it starts small, it may take longer to finish. But because it starts small, hundreds of ideas can be quickly tested, with the best being developed and improved by the community.
Haw can one company out-innovate that?
Offtopic=3, Insightful=2, Overrated=1, Total=6.
As I post at +2, the Score is currently 0.
Back off, don't bother wasting you points, leave it at zero. It is a highly heated topic, and obviously people disagree about my posts worth.
I was about to comment on the fact that the post I replied to is at +4, but then I had a look at its moderation totals.
Offtopic=2, Flamebait=1, Redundant=1, Insightful=5, Overrated=2, Underrated=3, Total=14.
If you want to talk about the subject of my post, well, I don't hide my email address. I don't think it would help anyone to continue this here.
+1 for humor about a dark topic.
You honestly havn't heard that during the Iran-Iraq war the US supplied military advice to Saddam, advise that included helping with battle plans that involved the use of poinson gas?
This isn't a conspiracy theory. Its a fact. It was reported widly internationaly, I am suprised if it wan't reported in the US.
Don't trust me? To you trust CBS CNN (google cache) FOX news NY Times (thier story being carried by Chinas peoples daily.
Oh maybe there is a vast conspiracy involving all these news sources? I don't think so.
If you want to keep on with this, you have my email.
Please at least read the article. The point wasn't that that many people may or may not be dying, it was that the US administration at the time considered this acceptable.
My comments about isreal are not idiotic. Most of the world hit India and Pakistan with sanctions when they started testing. No one has proved any link between Saddam and any terrorist organisation ataching the west. In fact, what on earth makes anyone think that he would share these weapons? If he has them, they are a source of power. If he gives them away, he is giving power away to other people.
Look, stuff this, I'm not going to convince you. If your the sort of person who agrees that the deaths of half a million children is acceptable, then what can I say to change that.
If you have anything more to say, email me.
And which government helped them plan those poison gas atacks?
The only question is if anyone in the current administration was directly involved.
From GNU's definition of free software
Link to the GPL
Hats off to the Samba team for reverse engineering SMB/CIFS, they have done an excelent job. I don't want to diss them in any way, they have done so much.
But they are not there yet. Unless the latest version has improved A LOT they are no where near full compatibility. Its great for most things, but there are still several points that make SAMBA not quite sit right in a NT4/NT5(.1) environment. I'm sure samba could be improved with access to these specifications.
Ok, time to lose some karma.
Most of the bull-shit I see about Iraq is coming out or GWB's mouth. The inspectors weren't kicked out, they were pulled out by the UN because the US and the UK were about to start dropping bombs. Would you have stayed?
The US has consistently blocked any meaningful treaty on the prohibition of chemical and biological weapons. Any proposal that would allow non-US countries to inspect US facilities has been rejected.
As for nuclear weapons, its need well known that Israel has been developing nuclear weapons for some time. Of course, they don't get the diplomatic equivalent of a cease and desist order from the US, they get diplomatic (and financial) backing.
I don't agree with sadam, but I don't agree with the US either.
Read these before you flame me.
150 Iraqi children die every day
Open Source Developer:
Ok, Mr. Gates, you will sell me the protocol specs. How much?
Microsoft Rep:
I could tell you, but then I'd have to kill you. Sign this NDA instead.
I'm not trying to be a rabid anti-Microsoft here. They are in business, and they are entitled to make money from their work. From a legal standpoint, they have acted illegally, and were told to behave better. Are they really behaving better?
Another point
If they acted illegally, and to make up for that illegal behaviour, they had to level the playing field up a bit. Linux (along with apple) is one of two main competitors. So they release the protocol specs under a license that effectively prohibits its use in Linux. Hmmm.
Just another viewpoint. I'm not here to karma whore, but it does make you think.
Care. If you are in the US you are even more vulnrable to this then those of us in countires with a smaller internet presence.
The site I worked for had enough bandwidth avaibale to take a noticable chunk out of the countries international links. If some one couldn't hack your site, but could hack a large site "close" to you then they could DOS you out of existance. They much not be able to hack you, but they can shut you down. For a home site, maybe you don't care? If you running a business off the web, its bad news.
I've heard this argument before, and I don't think it holds water.
Firstly, do you patch all local privilege escalation vulnerabilities as quickly as you patch remote vulnerabilities? I know I don't.
Even if there are no local vulnerabilities, they can still scan you system for useful information. They can then use you system to attack other systems from behind you firewall. Do you have a local firewall rule that disallows all outbound connections?
We had a presentation from a (proxy) firewall vendor that used a hardened OS. They were very proud that each proxy ran in its own little sand-box. The mail outside mail daemon could only access port 25 on the outside NIC, and could only pass email to the inside daemon via a shared spool directory. Their OS prevented any other access from that process.
Whenever we asked about a specific version of a daemon, they would refer to this sand-boxing and tell us that it wouldn't matter if a particular proxy was hacked out, there was no way the hacker could break through the firewall.
The company I worked for ran one of the largest (top 10, maybe top 5) web sites in our country. There would have been maybe a dozen other websites with similar bandwidth, and maybe the same number of ISPs. We had to sit down an carefully explain to these sales people that even if the hacked proxy could only access one port on the outside NIC of the firewall, it could DOS almost any other site in the country.
They left that presentation with worried looks on their faces, and promised to get back to us with the version numbers we were asking for.
Moral of the story: Any malicious use of you systems is a bad thing. "Privilege Separation" may stop them from rooting the box running OpenSSH, but a malicious hacker could still do a lot of damage.
Minux wasn't intended to help you learn how to use a UNIX, it was intended to help you learn how to write UNIX.
It was written to be used as lab work for Operating sytem courses. I don't know about the "no users since 1996" comment. As recently as 1999 (when I was last in University) a group of undergrads were writing a process migration system for it.
While I agree BSD or Linux are probably much more practical for production use, they are a bit more daunting to the programming student.
If my kid gets home after curfue I don't care that he got held up at the train tracks and I sure don't expect the train conductor to do his job any differently because of him.
So you kid is on his way home, does the right thing and heads off with plenty of time to catch the train home, and then finds that the train aren't running, and you wouldn't cut s/he any slack? I hope thats not what you saying.
Say the trains are stuffed up, and the conductor has shut the doors, but the train hasn't pulled out yet. You kid is standing outside a train that will get s/he home on time, but the doors are shut. You don't think the conductor could do what I think is the right thing and leave the doors open until the train is ready to go? Expecialy if asked? "Please sir, If I don't get this train I'm going to miss my curfue and my dad is going to hit the roof. Can you open the doors for me?"
I probably shouldn't be starting a new thread this late, but I can't see an appropriate place to post this.
I was a sys-admin for a non-US news website during September 11. Basically we were hit hard, mainly because of the time-zones. Because the organization I worked for (I don't name them, but you should be able to figure it out if you know me) mainly produces old-media news, and re-purposes most of that for the Internet. Because of the time-zone difference, most of the action was over by the time I got into work.
Apparently, the late TV news shift had just finished the last broadcast for the night and was heading home when the news broke. They turned around and stayed on deck until the morning shift came in to take over.
We received a weeks worth of hits in less then 24 hours. Our load-balanced redundant web servers were purring along, not quite maxed out but very little room to spare.
The biggest killer was bandwidth. Looking at the bandwidth stats our international PVC (about 1/4 of our capacity), maxed out early in the morning, and was taken down briefly twice to increase its share of the total bandwidth.
In the end, we reached over 80% utilisation of our total pipe. This may not sound much, but at the time we had never used more then 40% of what we had available that day. I think the only reason we didn't go any higher was that something upstream was maxed out. My guess is the US link out of my country.
Several steps were taken to improve the performance of the website during the day. The main page was replaced by a news summary with a link to the old main-page. Most people only wanted the latest news on New York, so they could get that without hitting the rest of the content. We had to fine-tune the web servers a few time, and I've already mentioned the tuning to increase the share of international traffic.
HTTP was not the bandwidth killer. Because of the extended news coverage, the video from the news studio was streamed directly onto the Internet. Usually we use static video files or live stream specific shows, but the video stream was on for something like 12 hours, and that killed our pipe. I presume the streamed radio stations were also popular, but I haven't seen the statistics on that.
We survived, just. The biggest problem was that we were not ready, and that we had to react. If we were fully ready, or we could have reacted more quickly, then we would have done much better. The trouble was that these events happened during the night our time, and the staff on at that stage didn't know that there were things that the day staff could have done to help the load problems.
I don't think that you can expect a news site to be able to fully deal with an event like September 11. You can't justify having 10 times the bandwidth you normally use, just for a once in a decade event. You have to aim for the once-a year event, and try to deal with the other cases as best you can.
My point was about risks. If there is no risk, then no crime has been committed. Of course, I would wonder why the hell there is a set of lights there if you can clearly see there is no one coming along.
I might believe this if you came to a full stop before proceeding though the intersection. If you just sail through barely slowing down then you could kill someone like me who would drive through a green light at the speed limit.
You might thing there is space, but how many accidents have you seen caused by people thinking there was just enough space/time/room and finding out otherwise.
If I don't hurt anyone, an I committing a crime?
Extreme example. I take a gun, walk up to a house and random, and fire a bullet through the front door. This is the act , what I do.
There are two possible consequences .
In both cases, the act is the same. I decided to do something, something that was dangerous. But the consequences were very different.
I think in most countries the act by itself would be a crime.
This is an extreme example, but I think it invalidates the argument "but is he hurting anyone?" Travelling at high speed on the public road puts other people at risk, speed limits are intended to reduce that risk to an acceptable level. If you do half again the speed limit, you are putting those around you at a much higher risk, and that should be illegal.
Of course you have the ability to confront you accuser.
I will state up from that I'm against automated cameras as a revenue raising system.
I have trouble understanding people who think that they have to be seen by a police officer before they are guilty of something. And that somehow the machine is accusing them of committing a crime.
I don't know about how red-light cameras operate in the US, but in my country they take two photos, about half a second apart. If both those photo's show your car in sitting one foot over the stop line, then you never hear from the police. Oh, the cameras are set so they capture the lights as well as the car.
If the first shows you car half over the line, and the second shows your car halfway through the intersection, then you receive a letter saying have been caught, do you want to accept the fine or do you want to go to court. To help you decide you can go into police headquarters and look at the photos or for $5 we'll send you a copy.
The machine isn't accusing me of anything. A police officer, who is in possession of physical evidence (a pair of photos) is accusing me of doing something illegal. Does it really matter that a machine decided to take those photos?
What if a person had taken a photo of a crime, but they didn't realise that a crime was being committed until the photos were developed. Are those photo's evidence?