Yes, sure. If you don't trust your admin, you're fucked up, but at least you know WHO fucked you up in the first place. If you share passwords, you might never know and end blaming the wrong person.
Unless your admin is a retard (in which case you should not have hired him) he will make it so that you will never know unless you happened to have additional measures in place monitoring him 24/7. As I explained to someone else on this thread, it is trivial to install keyloggers and stealth remote-control on someone's desktop, use that desktop with the user's ID/password and remove all traces of the activity. Not only did you get your admin commiting the act, he now has, thanks to your blind faith in the head-in-the-sand password siliness, succesfully pointed the finger at someone else. Great plan.
but not encouraging the admin to use other people's credentials (especially when his own would suffice) is a good idea.
I never disagreed with that. What I keep saying is that in small (and even large) businesses today, there exist systems which do not have that capability and are in fact a menace to administer without the passwords. Some even can be permanently locked out. So to avoid that, a consistent policy of "all passwords must go through MIS" is a practical choice in most of businesses as it has the least downsides. Thus good policy.
Unless of course you fancy writing a 5-page long password manual and trying to get that secretary to apply it successfully when she is setting the password on some new photocopier or what not someone just delivered without telling the MIS people. "Oopsie I thought it was my cat's birthday, I must have mistyped!"
Usually, if I have to make some kind of troubleshooting, I ask the owner of the account to show me what the problem is. Only in rare cases I change the password to get into the account (and those events are usually noted by another admin). Sure, I could mess with the logs, but there's always the risk of leaving traces.
In my case this would involve wholesale resetting of everyone's passwords on the system, as the changes I am discussing involve all sorts of decrepid business packages which need to be messed with by running them in the user's environment. This is usually done on weekends and what not.
I might not be working for a top secret project, but it is useful to pretend you are.
No it is expensive for the company to do pretend that you are. Secret projects require CIA-level security, CIA-level personell discipline and CIA-level budgets. To pretend otherwise is to kid yourself.
If you really have records of everyone's passwords, I hope you treat them as the important (and secret) data they are (PGP is cheap). It would be a REAL mess if those records were compromised. Me, I prefer not to take that chance
They are kept well encrypted but still accessible to the admin, which in your view is a calamity and in mine a mere acknowledgment of reality.
Secondly, you have to assume that any system can be compromised with sufficient effort. The point is that you want to do two things: limit damage and provide a reasonable barrier to such things. A password policy is therefore only a small part of a security policy. Your keylogger exploit should be dealt with as a separate part of the infrastructure too which must remain secure. This may (as much as I hate to say it) mean trusting a third party (such as Microsoft) or it may require that the tester of the update digitally sign it and sign it into the repository. But this is a separate area of security from password management and a weakness in a poor implimentation here should not be used to justify poor implimentation in the other.
Which is entirely beyond the scope of the discussion as it was about practical, cheap and reasonable way to manage passwords. To which discussion you introduced Kerberos, in defense of an argument that user logins must be traceable to which I replied exposing the ridiculous nature of such argument if whole other massive (and vastly complicated/expensive) infrastructure does not exist. To which you replied by proving my point by rattling off all sorts of additional precautions which small businesses can hardly afford.
If your security policy starts and stops with a password policy you are completely screwed already.
The point of passwords is to provide cheap and reasonable defense against casual attacks, only. Most businesses cannot afford much more.
However, my point simply is that having a department which has unrestricted access to the password history of employees is fundamentally a bad idea
It is a fundamentally good and practical idea in the real world unlike in some academic whoulda-coulda-shoulda scenario where one can introduce technological and social solutions which are utterly beyond reach of most companies. We are not discussing a military type security either.
(Remind me again WHY passwords are not stored in a human readible form on the computer.)
They are not stored clear-text to prevent an external attacker from gaining immediate access to user's logins by compromising root. It is a delay tactics, the hope being that root access is monitored and alarms would go off should a compromise occur. This of course not being the case in most businesses. In some scenarios, of sane systems, where the root has full control even without knowing the password, and the users set them themselves, one can also argue that the passwords might contain personal data such as PIN numbers (which is of-course a bad idea anyhow).
But in TS you can remotely control the user's session remotely - and without any notifcation on the users end if you check a box under the user account, which amounts to pretty much the exact same thing
Not really, you have to get him/her to login first, which prevents any sort of mass adjustments done on weekends and what not. I my many years of experience with Terminal Services (starting way back at WinFrame and NT 3.51) I had a reason to take over the session only in the case of tech-support scenarios and never in the (far more common for me) case of adjusting various setting on wacky software packages the users use.
The Kerberos spec provides a method of accessing other people's accounts in a way which is both auditable and traceable.
And that stops the wicked admin from pushing a keylogger with the next "Windows Update", getting the password, using remote desktop control to login from your workstation, doing the deed, and removing the said software with the next day's "update", how precisely?
Silly me. I thought that passwords were only effective ways of restricting information if they were secret. If you have the MIS department with access to everyone's password, I guess we can trust them not to do anything incriminating with other users accounts:-)
If you think that making the MIS department's life miserable by preventing them from knowing these passwords does anything for accountability and security, I have a used bridge on sale with your name on it. The MIS department (or more precisely the security people in it) are one of the essential centers of the company. They must be 100% trustworthy or you are screwed beyond description. If any one of them wishes to incriminate anyone else in IT-related activity, there is nothing in a typical business that can stop them. Silly hiding of passwords from them only gives people with no grasp of the situation (aka pointy-haired managment) a false feeling of control or security. I hope you are not one of those.
And, oh, by creating the pretense of the secret from MIS passwords being a deterrent, you actually create a cop-out legal defense for any misbehaving MIS people to cover their butts should they get cought.
ust don't complain that it's a technical problem whn it's a people problem.
When did I complain it was a technical problem? We were talking about password policies brought on by existing software over which people have either little control or the cost of improving which is prohibitive in terms of money or effort. Most problems have some sort of technical solution but the technology is nearly always trumped by social issues. That is why I was discussing a social solution to social problems, i.e. the policy.
Just one thing: don't most modern engineering apps use a license manager, thus rendering dongles moo
You wish. The levels of retardation are astounding. Some are tied to specific, custom hardware and they still use dongles on top of that. Its positvely nuts. But again, people who insist on all that stupidity are the manufacturers of specialized software (many times tied to very efficient and well designed hardware -- which is what plant people buy) and sometimes even parent companies of my clients. There is little one can do. That is why in these environments a centralized password policy is wise. And that is on top of the other, small business, reasons I mentioned.
Go configure it yourself, I'm not going to be sysadmin for you. I've given you the rough plan - any admin worth their salt should be able to work this process into a NT domain password change script.
I missed that somehow from my other reply. As soon as I would do something of the sort I would be kicked out as a consultant out of most of these companies as the number of complaints from users about my "stupid system" rejecting their "good passwords" and causing them to spend 2 hours coming up with them would go through the roof. The best you can do is to generate the password for them. But then they end up scribbling them on a sticky note next to the monitor because they can't remember those random passwords. Some systems exists to try to make the passwords meaningless and at the same time "phonetic" which could be used by large corps. But this is way too much trouble in a small business where 15 employees on a Terminal Server are much better served by having the dedicated, trusted, "IT guy" in the office change and keep track of the passwords consistently on everything.
Why would he go rouge? Are convicted black hats pumped full of a chemical that changes their skin colour if they commit another crime?
No, thats what happens when his deep seeted evil comes to the surface...
Good catch, thats what happens when my dyslectic typing slips through unnoticed. Although it is not as bad as my missing entire words and phrases. The Slashdot edit box was my bane since day one.
I have plenty of experience with real business. That's why I don't use dongles or, for that matter, document centers. I use NT and unix in my job every day, and password resets are a trouble ticket away,
As I said, planet Pluto. Something like 90% of businesses' only contact with *nix is when they download something from their ISP and dongles and similiar retarded things are a norm in various engineering related vertical business packages (such as small plant managment systems). By your method I should tell all my clients to get out of their business so that I can put them on Linux. Genius plan.
Anyway, that was kind of a ramble, but my point is that it's a philosophical difference. Windows is designed in most ways to be Nerfed so that you don't shoot your eye out, and most of your admins don't know how to access restricted information without leaving a trail.
The only thing it achieves is to make pointy-haired cretin bosses warm and fuzzy and the admin's life miserable. Keyloggers, fancy stealth rootkits etc etc. If a competent admin goes "rouge" watch out. Windows is a system by idiots for idiots and I cringe everytime I have to use the thing in serious environments, alas, I have a little choice. Bill has us all cornered with the deep penetration of the business world combined with unimaginable, self-reinforcing inertia. That and the fact that most users/developers for Windows are idiots to begin with.
Password too short, no punctuation, no mixed case. Also, running crack on your encrypted password for a minute or so, or even several seconds, will catch most of your weak password that the common password heuristics let through.
Get back from the planet Pluto you seem to be posting this from and explain it to Microsoft and a few thousands of vertical business software makers. The corporate systems (a few billion dollar companies) I run into have a heuristic allowing users to use "password1ABC" (month 1) and "password2ABC" (month 2) interchangeably (and they make poor users change passwords every 4 weeks so that the managment can keep their heads deep in their asses).
Most software has password reset functionality or similar mechanism to avoid the scenario you're talking about
That is why people have to replace motherboards on Thinkpads, send whole Document Centers to be serviced, pay $1000 "security fees" to various vertical sofware makers after their "dongles" get locked, etc. You have no experience in the real business world I think.
Requiring the admins to know the user password is NOT a wise policy. That policy mixes authentication and authorization. If two people need to know the password to an account to do something, you weaken security because you cannot be sure who used the system to do something and because you have doubled (or multiplied if more than two people know) the chance that the password might be disclosed (accidentally or maliciously).
If you cannot trust the admin (or the system does not require two admins to cross check each other continuously) you are fucked beyond reproach anyhow. I find this reasoning of "double-checking" the admin by the user or the system itself ridiculous and a form of bureaucratic delusion. Not only does it impede the admin in places which it makes no sense to do so, it brings nothing to security. Any admin with system priviledges has an absolute power over a system. All he has to do is to install a well-designed rootkit and the game is over. Any measures designed to stop that in business, to which I was referring to explicitely and not CIA HQ, will only cause exponential difficulties and cost. You, sir are a prime example of why military types should not get involved in civilian operations.
The purpose of password protection is cheap prevention of malicious use of the system by either outsiders or regular employees. If there is any higher need of protection, separation of data and all sorts of far more sophisticated measures are required. Which is a completely different discussion.
Of course I cannot log in directly as another user, but that need is not very common either.
Yea as long as you do not want to make any sort of changes to the user's environment without having to write software to manipulate the registry. Which is inevietable in a small business environment. We were talking business, small and otherwise, werent we? I do not recall mentioning the US Navy anywhere.
Not the mention, the more inconvenient it is for a user to change his/her password, the less likely it is that s/he will do it.
Such software is easily fooled: abc123, 1a2b3c, etc and so on. Also I was talking about tracking passwords so that users do not render equipment/sofrware unusable by forgetting passwords or leaving the company etc.
If software requires that the admin knows the user's password to do basic administration, then you need to consider alternative technologies.
You can consider all you want but M$ has got basically everyone by the balls. Until the whole ecosystem of business software changes, and there is a resonably similar number of vertical, busiess-type-specific, applications for some other platform... we are out of luck. So the password and other policies have to adjust to the ugly reality of today.
This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them.
Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password. That is you can get at the files but not actually log-in as that user to diagnose problems. Some other products require out-of warranty service depot excercise to reset their passwords. Good example would be some "security enabled" laptops. The policy of having MIS dept do all the passwords (while keeping records of them) prevents employees (specially when there is high turnover) from screwing up all of these things.
Of course that policy might not be applicable some places, depending on local conditions.
Except that the cost of the Soyuz program is a miniscule fraction of that of the shuttle. Granted, the shuttle can carry 7 people, Soyuz only 3 and the shuttle can carry payload. So to make things even, we should count 2 Soyuz launches + 1/3 Energia booster (it can carry way more then the shuttle), when the Shuttle carries cargo, to compare. Still the cost does not come up to even 1/10th of the Shuttle. You should know by now that something is seriously wrong with this picture.
He wants to give away his software, which the GPL lets him do, but his choice of which software to use is based on the utility it provides, not its licence
BSDL does that. What GPL does is to set up a framework of sharing. There is no conceivable reason to use GPL if one is not concerned about that aspect as BSDL would be more "unrestricted" and this have potentially more "utility" to more people. If that is all Linus wanted, GPL is a disastrous choice. But I suspect he simply changed his mind later when the corporate whining started.
To use an analogy, I'm happy to pay tax to fund public services like health, education, pensions, support for the unemployed/poor, et al, but I don't believe there's anything wrong with private industry.
This analogy is flawed in the sense that Linux was the project for Linus. In your analogy you would dedicate all your efforts into public service, say free medical care for people, collect accolades and admiration for that, ending up rallying a large crowd to your cause, and then when a buddy from abroad came to visit you, and he happened to be a for-profit chiropractor, you then decided to force all the users of the very public system you worked on, to "try" his "introductory free offer" as a pre-condition of participating. A word: "hypocrisy" comes close in its definition to that. Equally weak becomes the excuse that you never really were claiming to be "against" for-profit doctors.
This simply shows that the GPL is fashionable, which is partly a result of the success of Linux. For anyone writing open source software, the obvious licence choice is the GPL, since it's what Linux (the most famous open source software)
uses.
These are licenses, not colour-coordinated socks we are talking about. Since there is nothing preventing the use of BSDL, should it be considered superior or even equal there would be much wider use of it. "Fashion" has nothing to do with it, both BSD and GPL are very well known and thus BSD is not at an "awarness" disadvantage.
What I'm saying is that there are also people who don't care much about the licence, but only want free or reasonably priced software that meets their needs.
The overwhelming majority of people using Linux, Unix/BSD, MS Windows or whatever operating system don't care about the licence, except as far as it requires them to pay something. These people are rational in the economic sense, and therefore choose the software that provides the greatest net utility (ie the utility of the software minus the utility of any money and/or time they have to give up to use it).
Now you are bringing the users into the discussion. Their motivations are on a completely diferent plane then those of the developers which I thought we were discussing. Users will use nearly anything free or otherwise, good or bad for millions of reasons which have nothing to do with licenses, of which most users are blissfully ignorant (as is their right).
IRC, I believe the only tools he claimed to have used were telnet and the ability to type the word "help".
Quite true. I had to get up on these details in a hurry as people upthread were trying to claim reverse-engineering without the use of BK client was impossible. Thanks for bringing it up anyhow.
By that logic, the whole record industry is participating in something other than capitalism, because they are not selling you a physical object, but the right to listen to a recording of music, which can be replicated effortlessly.
Bingo. The terms is "legalized scam".
I think you are in a minority of "one" in your narrow definition of property.
Am I in a minority of people using their brains instead of blindly following laws which are never properly explained and which result in vast government-protected profits with no relationship to public good, laws of which a natural and logical consequence is abolishment of general-purpose computing in favour of total DRM-lockdown of all information processing capacity? Quite likely. But I am defintely not alone. In quite good company, actually.
Says logic. In order to be "private property" something must have the characteristic of being unique so that it can be attached to an "owner" in a one-to-one relationship (I will skip the sub-case of multiple owners as it is a diversion). The other necessary characteristic is scarcity. That is if something can be replicated effortlessly in infinite number of mediums, that thing is not subject to "trade" as in "exchange of goods and services" between market participants. Consequently, unless you manage to get information to acquire these properties, information by itself cannot be considered trade-able "private property".
Even if you are one of those pedantic hair-splitters who gets bent out of shape when the word "theft" is applied to copyright infringement, there's no such nit to be picked here.
Actually there is. A very important one. The difference is between a traditional fraud by mis-representation and "theft" of make-believe "property", the second case being the foundation of other, organized, and much more dangerous scam "industries". By not undertstanding the difference you are providing cover of plausibility the much bigger conmen in order to catch a very minor crook.
Actually *worrying* about it is unhealthy and unhelpful and doesn't make you a more responsible citizen. It just makes you worried.
I think at the core of our argument is your mis-understanding of what does it mean for me to worry. It makes me sad and more thoughtful and less likely to jest. But it is not some sort of end-of-the-world, sit-under-the-bed-and-cry type of calamity which I think you are imagining.
A 10-20% supply hiccough would cause shortages, no doubt. But we somehow survived this the last time it happened with nothing worse than gas lines (do you remember the Carter years?).
There are fundamental differences in the structure of economy as compared to those times. Back then, the entire society was not organized around unreasonably cheap energy. Also the oil crisis of Carter era was an artificial creation and there was no real danger of the actual supply ceiling falling. OPEC could only hold out for a while and everybody knew it.
Are you talking about in the US? Didn't you say you live in Soviet Canuckistan
We have the personal debt and housing market nuttiness too. And what goes on in the US sooner or later has impact here. The "narcisstic revolution of the troglodytes" from down there is spreading here, it looks like our medicare system is in danger from assault by all sorts of profiteers. Yet another pile of trouble on yet another front.
Don't turn your brain off, turn it to things which you can affect. I suspect the truth here is that your sense of self worth is tied up in "believing the Right Things, not like those idiots", instead of in doing useful and productive things.
Very well, I think I will take your advice and buy crude oil futures, that way at least I can smile thinking about you whistling happily at the gas pump in a year or so. And who gives a shit about anything if you are rich, right?
I leave you with this parable.
I read it and, unlike its hero, I was not enlightened. As a matter of fact I have no clue what the message was supposed to be.
Neither are the ones and zeros in your bank account...
There are two classes of things subject to trade under capitalism: physical goods and labour. The bank account balance is merely a representation of physical property of cash as is the credit history a representation of labour of establishing good credit or an ability to obtain the said cash.
People pay good money for non-tangible things all the time
According to the ole good capitalist theory (not the new-fangled "Idea Economy" crap) the trade can only apply to two classes of things: physical (private) property and labour. Both of which can have abstract representations in form of cash or deeds or stocks.
Ever pay a barber for a haircut?
Labour. Like all similar "service" industries.
Using your logic, anything that gets produced on a computer is worthless because it's "on a computer". If you have someone spend time designing a web page for you so that when people visit it, the pixels on their screen light in an appeasing and informative way, is that not tangible? If you have a programmer write code so that when you enter data into a field on one of the forms of your web page, that data gets stored somewhere and is used for calculations elsewhere, is that not tangible as well?
The effort of making software or web pages is labour again. That does not mean that the website or code or some other puffs of electrons are actually property to be traded. This is the subtle distinction which allows the likes of enterntaiment and software "industries" to get away with their respective scams. But because these scams work against natural properties of information a pyramid of increasingly draconian laws has to be erected to make the continuation of the charade possible.
Slashdot Mirror
Unless your admin is a retard (in which case you should not have hired him) he will make it so that you will never know unless you happened to have additional measures in place monitoring him 24/7. As I explained to someone else on this thread, it is trivial to install keyloggers and stealth remote-control on someone's desktop, use that desktop with the user's ID/password and remove all traces of the activity. Not only did you get your admin commiting the act, he now has, thanks to your blind faith in the head-in-the-sand password siliness, succesfully pointed the finger at someone else. Great plan.
but not encouraging the admin to use other people's credentials (especially when his own would suffice) is a good idea.
I never disagreed with that. What I keep saying is that in small (and even large) businesses today, there exist systems which do not have that capability and are in fact a menace to administer without the passwords. Some even can be permanently locked out. So to avoid that, a consistent policy of "all passwords must go through MIS" is a practical choice in most of businesses as it has the least downsides. Thus good policy.
Unless of course you fancy writing a 5-page long password manual and trying to get that secretary to apply it successfully when she is setting the password on some new photocopier or what not someone just delivered without telling the MIS people. "Oopsie I thought it was my cat's birthday, I must have mistyped!"
Usually, if I have to make some kind of troubleshooting, I ask the owner of the account to show me what the problem is. Only in rare cases I change the password to get into the account (and those events are usually noted by another admin). Sure, I could mess with the logs, but there's always the risk of leaving traces.
In my case this would involve wholesale resetting of everyone's passwords on the system, as the changes I am discussing involve all sorts of decrepid business packages which need to be messed with by running them in the user's environment. This is usually done on weekends and what not.
I might not be working for a top secret project, but it is useful to pretend you are.
No it is expensive for the company to do pretend that you are. Secret projects require CIA-level security, CIA-level personell discipline and CIA-level budgets. To pretend otherwise is to kid yourself.
If you really have records of everyone's passwords, I hope you treat them as the important (and secret) data they are (PGP is cheap). It would be a REAL mess if those records were compromised. Me, I prefer not to take that chance
They are kept well encrypted but still accessible to the admin, which in your view is a calamity and in mine a mere acknowledgment of reality.
Which is entirely beyond the scope of the discussion as it was about practical, cheap and reasonable way to manage passwords. To which discussion you introduced Kerberos, in defense of an argument that user logins must be traceable to which I replied exposing the ridiculous nature of such argument if whole other massive (and vastly complicated/expensive) infrastructure does not exist. To which you replied by proving my point by rattling off all sorts of additional precautions which small businesses can hardly afford.
If your security policy starts and stops with a password policy you are completely screwed already.
The point of passwords is to provide cheap and reasonable defense against casual attacks, only. Most businesses cannot afford much more.
However, my point simply is that having a department which has unrestricted access to the password history of employees is fundamentally a bad idea
It is a fundamentally good and practical idea in the real world unlike in some academic whoulda-coulda-shoulda scenario where one can introduce technological and social solutions which are utterly beyond reach of most companies. We are not discussing a military type security either.
(Remind me again WHY passwords are not stored in a human readible form on the computer.)
They are not stored clear-text to prevent an external attacker from gaining immediate access to user's logins by compromising root. It is a delay tactics, the hope being that root access is monitored and alarms would go off should a compromise occur. This of course not being the case in most businesses. In some scenarios, of sane systems, where the root has full control even without knowing the password, and the users set them themselves, one can also argue that the passwords might contain personal data such as PIN numbers (which is of-course a bad idea anyhow).
Not really, you have to get him/her to login first, which prevents any sort of mass adjustments done on weekends and what not. I my many years of experience with Terminal Services (starting way back at WinFrame and NT 3.51) I had a reason to take over the session only in the case of tech-support scenarios and never in the (far more common for me) case of adjusting various setting on wacky software packages the users use.
And that stops the wicked admin from pushing a keylogger with the next "Windows Update", getting the password, using remote desktop control to login from your workstation, doing the deed, and removing the said software with the next day's "update", how precisely?
If you think that making the MIS department's life miserable by preventing them from knowing these passwords does anything for accountability and security, I have a used bridge on sale with your name on it. The MIS department (or more precisely the security people in it) are one of the essential centers of the company. They must be 100% trustworthy or you are screwed beyond description. If any one of them wishes to incriminate anyone else in IT-related activity, there is nothing in a typical business that can stop them. Silly hiding of passwords from them only gives people with no grasp of the situation (aka pointy-haired managment) a false feeling of control or security. I hope you are not one of those.
And, oh, by creating the pretense of the secret from MIS passwords being a deterrent, you actually create a cop-out legal defense for any misbehaving MIS people to cover their butts should they get cought.
When did I complain it was a technical problem? We were talking about password policies brought on by existing software over which people have either little control or the cost of improving which is prohibitive in terms of money or effort. Most problems have some sort of technical solution but the technology is nearly always trumped by social issues. That is why I was discussing a social solution to social problems, i.e. the policy.
Just one thing: don't most modern engineering apps use a license manager, thus rendering dongles moo
You wish. The levels of retardation are astounding. Some are tied to specific, custom hardware and they still use dongles on top of that. Its positvely nuts. But again, people who insist on all that stupidity are the manufacturers of specialized software (many times tied to very efficient and well designed hardware -- which is what plant people buy) and sometimes even parent companies of my clients. There is little one can do. That is why in these environments a centralized password policy is wise. And that is on top of the other, small business, reasons I mentioned.
I missed that somehow from my other reply. As soon as I would do something of the sort I would be kicked out as a consultant out of most of these companies as the number of complaints from users about my "stupid system" rejecting their "good passwords" and causing them to spend 2 hours coming up with them would go through the roof. The best you can do is to generate the password for them. But then they end up scribbling them on a sticky note next to the monitor because they can't remember those random passwords. Some systems exists to try to make the passwords meaningless and at the same time "phonetic" which could be used by large corps. But this is way too much trouble in a small business where 15 employees on a Terminal Server are much better served by having the dedicated, trusted, "IT guy" in the office change and keep track of the passwords consistently on everything.
No, thats what happens when his deep seeted evil comes to the surface ...
Good catch, thats what happens when my dyslectic typing slips through unnoticed. Although it is not as bad as my missing entire words and phrases. The Slashdot edit box was my bane since day one.
As I said, planet Pluto. Something like 90% of businesses' only contact with *nix is when they download something from their ISP and dongles and similiar retarded things are a norm in various engineering related vertical business packages (such as small plant managment systems). By your method I should tell all my clients to get out of their business so that I can put them on Linux. Genius plan.
The only thing it achieves is to make pointy-haired cretin bosses warm and fuzzy and the admin's life miserable. Keyloggers, fancy stealth rootkits etc etc. If a competent admin goes "rouge" watch out. Windows is a system by idiots for idiots and I cringe everytime I have to use the thing in serious environments, alas, I have a little choice. Bill has us all cornered with the deep penetration of the business world combined with unimaginable, self-reinforcing inertia. That and the fact that most users/developers for Windows are idiots to begin with.
Get back from the planet Pluto you seem to be posting this from and explain it to Microsoft and a few thousands of vertical business software makers. The corporate systems (a few billion dollar companies) I run into have a heuristic allowing users to use "password1ABC" (month 1) and "password2ABC" (month 2) interchangeably (and they make poor users change passwords every 4 weeks so that the managment can keep their heads deep in their asses).
Most software has password reset functionality or similar mechanism to avoid the scenario you're talking about
That is why people have to replace motherboards on Thinkpads, send whole Document Centers to be serviced, pay $1000 "security fees" to various vertical sofware makers after their "dongles" get locked, etc. You have no experience in the real business world I think.
If you cannot trust the admin (or the system does not require two admins to cross check each other continuously) you are fucked beyond reproach anyhow. I find this reasoning of "double-checking" the admin by the user or the system itself ridiculous and a form of bureaucratic delusion. Not only does it impede the admin in places which it makes no sense to do so, it brings nothing to security. Any admin with system priviledges has an absolute power over a system. All he has to do is to install a well-designed rootkit and the game is over. Any measures designed to stop that in business, to which I was referring to explicitely and not CIA HQ, will only cause exponential difficulties and cost. You, sir are a prime example of why military types should not get involved in civilian operations.
The purpose of password protection is cheap prevention of malicious use of the system by either outsiders or regular employees. If there is any higher need of protection, separation of data and all sorts of far more sophisticated measures are required. Which is a completely different discussion.
Of course I cannot log in directly as another user, but that need is not very common either.
Yea as long as you do not want to make any sort of changes to the user's environment without having to write software to manipulate the registry. Which is inevietable in a small business environment. We were talking business, small and otherwise, werent we? I do not recall mentioning the US Navy anywhere.
Such software is easily fooled: abc123, 1a2b3c, etc and so on. Also I was talking about tracking passwords so that users do not render equipment/sofrware unusable by forgetting passwords or leaving the company etc.
That of course is another good reason for MIS-controlled passwords, indeed.
You can consider all you want but M$ has got basically everyone by the balls. Until the whole ecosystem of business software changes, and there is a resonably similar number of vertical, busiess-type-specific, applications for some other platform ... we are out of luck. So the password and other policies have to adjust to the ugly reality of today.
Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password. That is you can get at the files but not actually log-in as that user to diagnose problems. Some other products require out-of warranty service depot excercise to reset their passwords. Good example would be some "security enabled" laptops. The policy of having MIS dept do all the passwords (while keeping records of them) prevents employees (specially when there is high turnover) from screwing up all of these things.
Of course that policy might not be applicable some places, depending on local conditions.
Except that the cost of the Soyuz program is a miniscule fraction of that of the shuttle. Granted, the shuttle can carry 7 people, Soyuz only 3 and the shuttle can carry payload. So to make things even, we should count 2 Soyuz launches + 1/3 Energia booster (it can carry way more then the shuttle), when the Shuttle carries cargo, to compare. Still the cost does not come up to even 1/10th of the Shuttle. You should know by now that something is seriously wrong with this picture.
BSDL does that. What GPL does is to set up a framework of sharing. There is no conceivable reason to use GPL if one is not concerned about that aspect as BSDL would be more "unrestricted" and this have potentially more "utility" to more people. If that is all Linus wanted, GPL is a disastrous choice. But I suspect he simply changed his mind later when the corporate whining started.
To use an analogy, I'm happy to pay tax to fund public services like health, education, pensions, support for the unemployed/poor, et al, but I don't believe there's anything wrong with private industry.
This analogy is flawed in the sense that Linux was the project for Linus. In your analogy you would dedicate all your efforts into public service, say free medical care for people, collect accolades and admiration for that, ending up rallying a large crowd to your cause, and then when a buddy from abroad came to visit you, and he happened to be a for-profit chiropractor, you then decided to force all the users of the very public system you worked on, to "try" his "introductory free offer" as a pre-condition of participating. A word: "hypocrisy" comes close in its definition to that. Equally weak becomes the excuse that you never really were claiming to be "against" for-profit doctors.
This simply shows that the GPL is fashionable, which is partly a result of the success of Linux. For anyone writing open source software, the obvious licence choice is the GPL, since it's what Linux (the most famous open source software) uses.
These are licenses, not colour-coordinated socks we are talking about. Since there is nothing preventing the use of BSDL, should it be considered superior or even equal there would be much wider use of it. "Fashion" has nothing to do with it, both BSD and GPL are very well known and thus BSD is not at an "awarness" disadvantage.
What I'm saying is that there are also people who don't care much about the licence, but only want free or reasonably priced software that meets their needs.
The overwhelming majority of people using Linux, Unix/BSD, MS Windows or whatever operating system don't care about the licence, except as far as it requires them to pay something. These people are rational in the economic sense, and therefore choose the software that provides the greatest net utility (ie the utility of the software minus the utility of any money and/or time they have to give up to use it).
Now you are bringing the users into the discussion. Their motivations are on a completely diferent plane then those of the developers which I thought we were discussing. Users will use nearly anything free or otherwise, good or bad for millions of reasons which have nothing to do with licenses, of which most users are blissfully ignorant (as is their right).
Quite true. I had to get up on these details in a hurry as people upthread were trying to claim reverse-engineering without the use of BK client was impossible. Thanks for bringing it up anyhow.
Bingo. The terms is "legalized scam".
I think you are in a minority of "one" in your narrow definition of property.
Am I in a minority of people using their brains instead of blindly following laws which are never properly explained and which result in vast government-protected profits with no relationship to public good, laws of which a natural and logical consequence is abolishment of general-purpose computing in favour of total DRM-lockdown of all information processing capacity? Quite likely. But I am defintely not alone. In quite good company, actually.
Says who?
Says logic. In order to be "private property" something must have the characteristic of being unique so that it can be attached to an "owner" in a one-to-one relationship (I will skip the sub-case of multiple owners as it is a diversion). The other necessary characteristic is scarcity. That is if something can be replicated effortlessly in infinite number of mediums, that thing is not subject to "trade" as in "exchange of goods and services" between market participants. Consequently, unless you manage to get information to acquire these properties, information by itself cannot be considered trade-able "private property".
Actually there is. A very important one. The difference is between a traditional fraud by mis-representation and "theft" of make-believe "property", the second case being the foundation of other, organized, and much more dangerous scam "industries". By not undertstanding the difference you are providing cover of plausibility the much bigger conmen in order to catch a very minor crook.
I think at the core of our argument is your mis-understanding of what does it mean for me to worry. It makes me sad and more thoughtful and less likely to jest. But it is not some sort of end-of-the-world, sit-under-the-bed-and-cry type of calamity which I think you are imagining.
A 10-20% supply hiccough would cause shortages, no doubt. But we somehow survived this the last time it happened with nothing worse than gas lines (do you remember the Carter years?).
There are fundamental differences in the structure of economy as compared to those times. Back then, the entire society was not organized around unreasonably cheap energy. Also the oil crisis of Carter era was an artificial creation and there was no real danger of the actual supply ceiling falling. OPEC could only hold out for a while and everybody knew it.
Are you talking about in the US? Didn't you say you live in Soviet Canuckistan
We have the personal debt and housing market nuttiness too. And what goes on in the US sooner or later has impact here. The "narcisstic revolution of the troglodytes" from down there is spreading here, it looks like our medicare system is in danger from assault by all sorts of profiteers. Yet another pile of trouble on yet another front.
Don't turn your brain off, turn it to things which you can affect. I suspect the truth here is that your sense of self worth is tied up in "believing the Right Things, not like those idiots", instead of in doing useful and productive things.
Very well, I think I will take your advice and buy crude oil futures, that way at least I can smile thinking about you whistling happily at the gas pump in a year or so. And who gives a shit about anything if you are rich, right?
I leave you with this parable.
I read it and, unlike its hero, I was not enlightened. As a matter of fact I have no clue what the message was supposed to be.
There are two classes of things subject to trade under capitalism: physical goods and labour. The bank account balance is merely a representation of physical property of cash as is the credit history a representation of labour of establishing good credit or an ability to obtain the said cash.
According to the ole good capitalist theory (not the new-fangled "Idea Economy" crap) the trade can only apply to two classes of things: physical (private) property and labour. Both of which can have abstract representations in form of cash or deeds or stocks.
Ever pay a barber for a haircut?
Labour. Like all similar "service" industries.
Using your logic, anything that gets produced on a computer is worthless because it's "on a computer". If you have someone spend time designing a web page for you so that when people visit it, the pixels on their screen light in an appeasing and informative way, is that not tangible? If you have a programmer write code so that when you enter data into a field on one of the forms of your web page, that data gets stored somewhere and is used for calculations elsewhere, is that not tangible as well?
The effort of making software or web pages is labour again. That does not mean that the website or code or some other puffs of electrons are actually property to be traded. This is the subtle distinction which allows the likes of enterntaiment and software "industries" to get away with their respective scams. But because these scams work against natural properties of information a pyramid of increasingly draconian laws has to be erected to make the continuation of the charade possible.