Even then it would only affect users who downloaded a free version.
Or those who used online updates. Which is a good idea when there are security patches.....
So the odds are extremely high someone tested the CD image before shipping.
Infected CDs of commercial software have been in the wild. On one occasion, it had been tested prior to pressing duplicates, but one of the duplication plants infected the pressed CDs.
have digital signatures.
Depends where you get your signatures from.
I agree that all of these steps make you safer. I wouldn't say you're invulnerable, though.
But they wouldn't have write access to stuff in/bin.
Lots of people already pounced on me for my poor wording. I meant that a non-root user who can install stuff usually has write access to/bin (so they can install stuff in/bin)
Users usually shouldn't have write access to anything outside ~
and/tmp. But hopefully that is mounted 'noexec'.
so there shouldn't be a system crash unless there is permission escalation.
Well, you need to escalate permission to actually install a program! Unless your installation routine only involves copying files as root (and NOT setting the setuid bit), a malicious installer CAN get you.
It would be trivial to create a MAKEFILE whose 'install' target DID execute a virus. Any installation method which can execute programs (which includes most of the packaging systems out there) is vulnerable to this "trojan" attack.
I actually meant the non-root user they might install software as will have access to/bin (so that they can upgrade the programs there-in).
However, this seems to be a good case against any installers that are executable. root still has to run some programs to install things & those can be infected, but every-little-bit helps. Also a good case for getting updates through your distro so they can do quality control.
If a hotel offered to copy my credit card & hand it to my kids or my coworker so they could get into the roomm I'd probably decline. Shared credit card account numbers are often unique. They should similarly have unique numbers on hotel keys.
First, H&R Block == some joker running H&R Block's version of TurboTax for you.
In this case, the joker would be you. I encouraged the use of online tax software.
Second, TurboTax takes all the guesswork out of things....Third, TurboTax is up to date with all the latest tax laws including deductions that you might not know about....Am I subject to the Alternative Minimum Tax? Hell if I know, but TurboTax tells me with the press of a button.
As would ANY of the web-based tax programs. Doing it by hand isn't for everyone, but what is wrong with the online programs that I suggested? They are the same as Turbotax, but typically $35 cheaper & you never have to worry about them doing insanely stupid stuff like installing copy protection on your drive which writes to the MBR.
sorry, but there is no way I would trust linux tax software unless it was written by a company like Quicken.
Taxes for most people are pretty simple & something like open tax solver would work (albeit not in a user-friendly way). People do taxes with pencil and paper, so programs don't have to be that complicated.
That said, I suggest everyone file taxes online. You get it done quicker & it is cheaper than paper. The IRS maintains a "freefile" page where they ask you questions & are usually able to direct you to some way to file your taxes online for free. These webapps are done by Intuit, H&R Block, etc.
I maintain a FAQ on Fatwallet of the free/open source finance applications. Particularly useful are the links there.
I'm a GnuCash zealot. I love that I can setup a cron script to download data on market close. I keep a couple dozen accounts in it with no worries. I would never go back to Quicken or Money.
If you don't dig the F/OSS thing, there are commercial apps for Linux or you can get both Quicken & Money to work OK in Crossover Office. Anotheer alternative is to do all of this online with a service like yodlee.
Mod me how you like, but proceeds go to F/OSS projects. Feel free to see what I donate to. Greasemonkey automatically rewrites my amazon links & I don't mind if you rewrite the referral either. (I also encourage direct donations to F/OSS projects.)
Despite emacs' higher profile as a free software poster child, I think more people actually use vi than emacs. We sell more copies of our
vi book than of our emacs book -- almost twice as many each year. This could be because emacs has a free manual that is distributed with it. But I saw a matching statistic at Linux Expo, where O'Reilly sponsors a vi vs. emacs paintball game each year. I happened to check the signup list, and noticed that there were about twice as many people signed up for the vi team as for the emacs team. (Maybe they just like the vi t-shirt -- the team "uniform" -- more than the emacs t-shirt, but I don't think so.
Great--Now they know what to make in order to sue.
on
The Chumbawamba Factor
·
· Score: 1
Record companies should be in the business of selling music. They already have all the data they need about what music sells well. The only reason they have to be interested in P2P stats is to see what music is traded (persumably illegally). Thus, they can now make the music that gets stolen & be in the business of lawsuits.
I can't speak to the legacy version of Gnumeric, but I can say that Gnumeric lets you set the number of rows and columns at compile-time. I have used spreadsheets with more cells than are possible in Excel with no problem.
Gnumeric was the only spreadsheet in the list, so is the only direct competitor. HOW is Excel more powerful than Gnumeric? I know from personal experience that Gnumeric has more built-in functions & the functions are CORRECT. Excel does have some mistakes, which have persisted for many versions.
The others all allow you to manipulate and chart data, so they aren't ALL that different. They each intend to address specific (and different) limitations of standard spreadsheet software.
R/S/SPSS are for when you need more thorough statistics.
Octave is a decent Matlab clone. Matlab is more costly than Excel, but Octave is GPLed. They are both better general purpose/scientific numerical programming languages (I'd also group python+Numeric+scipy+matplotlib in this group).
Grace/Kaleidagraph/Origin are for better graphing.
Others have pointed out that you can easily put LaTeX documents in a version control system, such as subversion.
Sure, until some editor moves the linebreaks (which are not significant to TeX). Then diff'ing is screwed.
Subversion & other revision control systems would still handle this fine. latexdiff (as opposed to GNU diff) would also handle it fine.
The real problem is that using LaTeX in practice requires a highly customized environment with lots of little scripts, tools, and packages, which is highly non-portable.
Why? Many Scientific Workplace and LyX users manage to get stuff done without installing additional packages or other scripts/tools. LaTeX and LaTeX packages are certainly more portable than MS Word.
The fact is that LaTeX isn't an analogue to MS Office, or even MS Word.
No arguments there. It isn't meant to be.
For instance, how do you make a figure?...
Having fought the strange mix of figures in MS Office, this was a good laugh. Some work only on the Mac. Others work only on Windows. And there are incompatiblities across the different versions of Office.
The answer is some external program.
To be fair: it doesn't NEED to be. See, for example, pgf.
a.png works great for.pdf output with pdflatex
It works with pdflatex, but it is just converted to jpg. PDFs don't support png images.
And for that matter, "compiling" a text document (some indeterminate number of times) is a completely obsolete idea.
Requiring the user to think about compiling is tedious, yes. The typesetting algorithms of latex are NOT obsolete. A good GUI or a tool like latekmk should take out this tedium.
LaTeX is perfect for one or a small number of highly technical people to compose a document, and that is about it.
TeX is perfect for typesetting anything. Many DocBook users take advantage of the great typesetting without using the dated syntax directly (they use whatever XML authoring tools as normal). Office users could benefit similarly. Abiword could export to LaTeX. It would be cool if the OO.o and others had an option for PDF Export to make the have the typesetting handled by LaTeX.
OE does do flagging and it does it right (ie flags over IMAP).
Really? What labels does it support? Can the user define their own labels? Last time I knew, OE often had problems keeping messages marked as read (partly because of all of those connections it made.
. But if we have to work and interact, keeping track of changes is not the easiest thing to do in LaTeX.
Others have pointed out that you can easily put LaTeX documents in a version control system, such as subversion. In addition to this, latexdiff is quite handy. Running this perl script on 2 tex files can produce a 3rd file with appropriate color coding/strikeouts/etc.
Yes, and thanks for the clarification. I had two distinct gripes w/ mutt: 1)NO IMAP server-side searching--you must search on the client. When you do search on the client, 2)you can't search multiple folders.
Single folder server-side searches ARE in the IMAP RFC. Clients would be better if they supported it.
Once the mail hits the client, there is less excuse to make it hard for the user. If you store the mail in mbox, you can use grepmail w/ mutt. But doing so also kind of defeats the purpose of IMAP.
Slashdot Mirror
I agree that all of these steps make you safer. I wouldn't say you're invulnerable, though.
which was exactly my point
Source code can suffer from the same injection attacks as binaries.
It would be trivial to create a MAKEFILE whose 'install' target DID execute a virus. Any installation method which can execute programs (which includes most of the packaging systems out there) is vulnerable to this "trojan" attack.
I wasn't clear.
./configure && make && su -m installer -c "make install"
You can have another non-root user who has the permissions needed to install software.
Analagously, it would be:
$
(though this would all usually be contained within some single installation utility)
P.S. you should really use sudo for root tasks
I made the same observation. But the distro's servers can also be infected.
Hopefully, the distro's servers are more secure than the servers of smaller upstream projects, but then you'd think moz would be fairly secure.
Fortunately, such an incident would infect only users of that distro.
I actually meant the non-root user they might install software as will have access to /bin (so that they can upgrade the programs there-in).
However, this seems to be a good case against any installers that are executable. root still has to run some programs to install things & those can be infected, but every-little-bit helps. Also a good case for getting updates through your distro so they can do quality control.
I meant Z. ug.
The R-series is their budget, entry-level line. Perhaps threats of rub-off are one reason it isn't being used on the higher lines like the T-series.
(PS I also love my Thinkpad)
If a hotel offered to copy my credit card & hand it to my kids or my coworker so they could get into the roomm I'd probably decline. Shared credit card account numbers are often unique. They should similarly have unique numbers on hotel keys.
That said, I suggest everyone file taxes online. You get it done quicker & it is cheaper than paper. The IRS maintains a "freefile" page where they ask you questions & are usually able to direct you to some way to file your taxes online for free. These webapps are done by Intuit, H&R Block, etc.
I maintain a FAQ on Fatwallet of the free/open source finance applications. Particularly useful are the links there.
I'm a GnuCash zealot. I love that I can setup a cron script to download data on market close. I keep a couple dozen accounts in it with no worries. I would never go back to Quicken or Money.
If you don't dig the F/OSS thing, there are commercial apps for Linux or you can get both Quicken & Money to work OK in Crossover Office. Anotheer alternative is to do all of this online with a service like yodlee.
Mod me how you like, but proceeds go to F/OSS projects. Feel free to see what I donate to. Greasemonkey automatically rewrites my amazon links & I don't mind if you rewrite the referral either. (I also encourage direct donations to F/OSS projects.)
Record companies should be in the business of selling music. They already have all the data they need about what music sells well. The only reason they have to be interested in P2P stats is to see what music is traded (persumably illegally). Thus, they can now make the music that gets stolen & be in the business of lawsuits.
I can't speak to the legacy version of Gnumeric, but I can say that Gnumeric lets you set the number of rows and columns at compile-time. I have used spreadsheets with more cells than are possible in Excel with no problem.
Gnumeric was the only spreadsheet in the list, so is the only direct competitor. HOW is Excel more powerful than Gnumeric? I know from personal experience that Gnumeric has more built-in functions & the functions are CORRECT. Excel does have some mistakes, which have persisted for many versions.
The others all allow you to manipulate and chart data, so they aren't ALL that different. They each intend to address specific (and different) limitations of standard spreadsheet software.
R/S/SPSS are for when you need more thorough statistics.
Octave is a decent Matlab clone. Matlab is more costly than Excel, but Octave is GPLed. They are both better general purpose/scientific numerical programming languages (I'd also group python+Numeric+scipy+matplotlib in this group).
Grace/Kaleidagraph/Origin are for better graphing.
Yes, and thanks for the clarification. I had two distinct gripes w/ mutt: 1)NO IMAP server-side searching--you must search on the client. When you do search on the client, 2)you can't search multiple folders.
Single folder server-side searches ARE in the IMAP RFC. Clients would be better if they supported it.
Once the mail hits the client, there is less excuse to make it hard for the user. If you store the mail in mbox, you can use grepmail w/ mutt. But doing so also kind of defeats the purpose of IMAP.