Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".
At least, it's going to make the fight more interesting and potentially more lucrative. Hmmmm. US$50,000,000 out-of-court settlement. Please note that this is just the "Acronym", not the logo, which is copyrighted by our big, blue friends in Armonk.
And remember people: OpenBSD needs your help! Order your 2.8 CD today and makes the world a better place for security and a worse place for script kiddies and copyright hoarders...
I really don't think this would work. Even if VMWare runs a multiple emulation layer straight from the hardware, this would still require strong crypto to protect data saved to disk.
Then again, multiple virtual machines and strong crypto would not protect against the type of small keyboard sniffers that the FBI (and other intelligence agencies) supposedly already have -- the kind that connects directly on your keyboard and stores everything that is typed.
Finally, I am almost certain that someone could come up with a virus that would infect one VMWare layer (think Win9x here) and would do the same password-gathering. With the right drivers, one can even imagine a virus/trojan horse mounting other filesystems and discreetly searching for interesting files and data.
In short, I really don't think this has any chance to work. Memo to NSA: use OpenBSD or your own (reinforced) version of Linux with ultra-strong crypto -- you'll run less risks this way.
After all, what's the point of emulating (slowly) multiple operating systems, when it's probably much faster to port all the tools users need to one "set" of platforms (Unix?).
Just my $0.02. I am not sure this rant makes sense.
Wait a minute, folks, it's written right there in the Yahoo blurb: 1. Email user writes email. 2. Email user sends email to Yahoo *over an insecure channel* 3. Yahoo sends email to... blah, blah, blah. In short: if I can get your (unencrypted) email before it gets to Yahoo, I can know whatever it was that required encryption in the first place. P. Zimmermann had a name for that kind of solution. He called it 'snake oil'. 'Nuff said.
Is "Essential UNIX administration" (O'Reilly). That's the one with the armadillo on the cover. Can't remember the name of the author, but it's probably easier to read for newbies than the famous 'Red Book'.
A company I worked for had two (count them, two!) copies of the Red (now Purple) book -- and they were required reading for anyone who wanted to have anything to do with UNIX. And the main sysadmin kept one on his desk at all times!
Oh, and can we make a (beowulf) whole block of these?
Imagine a group of hackers protesting a "no-arcade" local regulation with these mounted on rolling trucks, displaying Tempest on skyscrapers while driving around?
Carnivore is used in sensitive criminal and foreign intelligence investigations. The
need for confidentiality in such investigations long has been recognized by the
Congress and Supreme Court of the United States. It is not unreasonable for the
Justice Department to assure that the details of confidential criminal investigations
or of foreign intelligence methods and procedures will not disclosed to the public.
Isn't that "Security by obscurity"?
If it is, I am afraid it has been shown not to work... Script Kiddies are going to have a field day with this.
Speaking strictly for myself, good luck, CmdrTaco & all the crew...
Bugs are hard to avoid -- thankfully, you were dealing with "white hats" this time. By the way, isn't it funny this information is already available on other sites... ?
First of all, despite the respect I have for Infoworld, you have t oadmit that "Robert X. Cringely" is a gossip columnist, not a "serious" journalist like Nick Petreley or the Security Column guys.
Then, it has been public knowledge for very long that Hotmail and others rely on either FreeBSD or another (proprietary) *NIX. That this has been a constant source of embarassement to M$, and a constant source of gloating from the *BSD/free-software-as-in-speech camp.
IMHO, this story should have appeared (at best) as a quickie, not as a full-blown story. It would be much more interesting to have reliable info (any info) on how the Hotmail migration from FreeBSD to Win2K is going.
This opinion, is, of course, exactly worth what you paid to read it... =)
My dad used to tell me how he (and a few of his friends) actually created a simple Disk Management system on an IBM mainframe. I can't remember which Big Blue machine they used, but programming was done with punch cards.
That was the time when, if you wanted your program to actually write something to the disk, you had to create your own routines to do this! Remember also that this was with "magnetic drums" -- to write any data to disk you had to know the hardware and the controller very well to optimize writing and reading (transfer rate were, of course abysmal).
So they just went ahead and created a clever little program to write and read data to these huge magnetic drums. From then on, all their progrmas would just call the disk management software instead of having to re-invent the wheel. Then they optimized it some more (32KB of RAM was huge in those times!) and simply used it all the time.
Soon after this, they received the visit of their in-house IBM engineer. Yes, in those days, they actually had an IBM engineer working full-time on the client site. Proudly, they showed him this clever little software. The guy asked for the source code, which they supplied, open source-like. The blue-suited engineer thanked them and walked away with the source. My dad and his colleagues just went back to work.
Next thing you know, IBM released, with its next-generation mainframe, a complete set of system utilities including a disk manager that looked suspiciously like the one they had created.
Why am I remembering this? Because my dad said many times that IBM (and, certainly, other computer makers) had used their ideas, as well as the ideas of many others, to create these "system utilities". He was not bitter or anything, he just mentioned that many other users probably had their own utilities for printing, batch execution, disk management, and others, and that IBM simply had used the best ones they could find... No one "invented" an "operating system": they just used more and more utilities and integrated them with one another.
Does anyone seriously think the FBI is going to reveal what's inside the Carnivore machine and its "modus operandi"?
I mean, it would be soooooo easy for them to present incomplete schematics and/or software list and either classify the rest ("We can't risk being cracked, your honor!") or add "new" functions when a judge is not looking? Like intercepting every email instead of just one suspect user being investigated? For that matter, is the judge a computer/IP/network expert?
Was it not the FBI that asked (and almost got) the right to intercept every 'net and phone communications a few years ago?
Sheesh. Time to find that PGP copy I had somewhere... =)
Seriously, though, if you are interested in a *web server*, my remarks still stand. I don't if Apache has been ported to OS/400 or Multics.
Besides, how many companies, these days, can afford a Multics- based computer (does it still exist?) or an AS/400?
My dad (who was a security officer on a big iron somewhere) used to mention that, even with OS/400, it usually took less than 30 minutes, for a good security consultant, who was probably much better than the average script kiddie, to gain complete access to a machine.
Compare & contrast with what OpenBSD claims on their website: "Two years without a local root exploit".
I am ready to admit that "Big Iron" means much better security than a PC+your choice of OS. That does not mean *good* security, though. Simply better security.
When reading that type of article, I am always reminded what a senior IBM network engineer once told me:
"If it has to secured, DON'T put it on a computer".
I used to believe he was joking but now, with a little more experience, I totally agree with this declaration. If it's sensitive, for goodness's sake, don't put it on a computer, and especially on a computer which is connected to ANY form of network.
With all due respect to a senior 'net citizen such as Dr Spafford (who is certainly more intelligent than I am or ever will be), it is true that Linux (or *BSD) evolve in a chaotic and ramshackle way. But we should always remember a few points:
Open source is always better than closed source, whenever security is a concern. That's a given, period.
The network effect ensures that, today, any computer systems which is not connected to the 'Net sees its value decrease. Therefore, unfortunately, most organizations have to connect part or all of their internal networks, which already represent a security risk, to the 'Net (an even greater security risk) in order to just survive. The result is easy to guess: we are going to see more and more security risks, whether or not we follow IT security specs or not.
Remember: your security is only as good as the implementation of the specifications itself! Good specs are worthless in the hands of morons, who will just take shortcuts to roll the product out the door faster. Even good specs can be broken down by a tiny little bug in the end program, even if said software is crafted by geniuses. Case in point: the recent bug found in the random number generation routines of PGP. Good software, good specs, tiny bug = Window of opportunity for attackers.
Most security specifications were designed before the growth of the Internet. Most do not take into account this enormous growth or the fact that an "always connected" system or network will always get attacked, sooner or later, just for the eck of it, by script kiddies. We also need to remember that most 'Net sites went from UUCP-dial-and-disconnect to HTTP-always-on-all-the-time in a relatively short while! How can, say, a UUCP-security specs hold up to HTTP? And I am not even talknig about distributed systems stuff such as Gnutella or Freenet, which could (will? have?) become a security risk in the future!
The Internet itself grows chaotically, at extreme speed. Therefore, it is probably better to have a system grow chaotically and with extreme speed to keep up with the security risks. This gives a huge edge to Open source OS, since major security problems can be fixed in a matter of hours, not weeks or months with traditional software vendors... who may be following precise specifications and procedures that are just too slow for 'Net time! Case in point: some major security problems and DoS attacks were solved in a matter of hours after their publication with patches in the Linux kernel. Of course, not having these problems (OpenBSD!) is even better...
Finally, except for OpenBSD, no project that I know of has been undertaken with the idea of putting security first, from the ground up, with the emulation and the benefits that Open Source brings.
Want to keep something a secret? Remember the advice of that engineer: write it down on a piece of paper, use a one-time-pad, lock the paper in a steel box and put the box in a military-grade safe. Burn all other traces and throw the ashes in a vat of acid. But, for goodness sake, DON'T leave it on a computer!
A "virtual conflict" or a "virtual war" simply does not exist: it's a contradiction in terms.
The main reason the wars in Kosovo, Iraq and Vietnam were fought and "won" against different "enemies" has more to do with public perception and national interest than with questions of human rights.
Remember, as well, that there are only three types of strategies: occidental, chinese and "japanese".
Here are just a couple of examples of what I mean:
World War I: conflict between major powers (UK/USA/France vs Germany), trying to assert once and for all who was the dominant continental european power ( = national interest). Nationalism was the dominant public perception and obscured all pretense of rational discourse. Please note that the fact that democratic rights and freedom of speech was totally inconsequential in the conflict. Germany, though not a democracy at the time the war erupted, had better social protection than UKUSA+France.
World War II: again, classical/occidental strategy conflict between Continental European powers. The USA only intervened after the Japanese attack on Pearl Harbor. Let's not forget that the UK were litterally the last european bulwark against the nazis for a couple of years. Again, a classical case of self-interest. If Japan had signed a peace treaty with the USA over the occupation of China (which was the problem at the time), most of Europe would be under Nazi rule today. See Philip K. Dick and other sci-fi books for examples of this... That does not mean the intervention of the USA was a bad thing (far from it). It's just that America's reasons for entering the war were, from the start, pure self-interest. The fact that Nazis were such butchers really helped get the public perception in line with the military objectives. Once the war was won, history being written by the victors, the goals of the wars were presented in a much more
Korea/Vietnam: classical sword-swinging/geopolitical game between the USA and USSR/China. USA applied the "domino theory" (japanese strategy) and determined that communist containment was in its best self-interest. Vietnam was seen as a test against communism. Unfortunately, the USA military severely underestimated the Vietnamese resilience and will to fight, as well as the civilian support, in America itself, for a conflict in South-East Asia. The human rights and right to self determination of the Vietnamese people were conveniently ignored. Korea, though a successful containment, became a dictature for several decades (which was also the case for South Vietnam). Some may argue that South Korea became a modern nation during that time, but, again, that was probably in the best interest of the USA. A prosperous South Korea was less likely to throw itself in the arms of communists.
Don't even get me started on Iraq. I'll have just one word for you: OIL. 'Nuff said.
So... As far as I am concerned, there are no "good" or "bad" wars. All wars are just determined by national self-interest, which then influences public perception of the war.
Kosovo (and the rest of the Balkans) are a complete mess because public perception and self interest were out of whack. The sad thing is that most industrial and military powers in the world today could not care less if the Serbs massacred all Kosovars (and butcher they did). Half-hearted attempts were made to find a diplomatic solution. Then, a half-hearted attempt was made at stopping the bloodshed. When in doubt, bomb 'em back to the Stone Age! Predictable result: the serb civilians rallied around the flag and supported the murderous tactics of their government.
Why are the Balkans still a mess? Because occidental powers have no national interest in solving the long-term problems in the region. Watch the situation in Montenegro: this is probably going to be the next Croatia or Kosovo. All of this because national interest is the dominant force behind the wars men wage.
Clemenceau was right when he said: "war is waged by nice people who kill each other without even knowing their names, all of this to the benefit of perfect b______s, who know each other very well, but will never kill each other"...
1. MS criticism & discussion of its products is free speech, not copyright infrigement. 2. Open discussion of a variant of an open authentication protocol (Kerberos) is acceptable, even if said variant is proprietary. 3. Supply a copy of this email to the judge in charge of the Microsoft case, as further proof that MS is a monopoly and tries to stifle competition and consumer advantage. Hey, Slashdot is a competitor to MSNBC, right? =) Guys, this is it -- whatever you do, don't cave in!!
My job's sysadmin has already warned us that the virus was in the wild somewhere, and has asked us *not* to open anything suspicious.
I know that several large firms in my area are also scrambling to stop the infection. This virus can stop any MS system dead in its tracks and clog the others beyond repair. Tough little one!
What this little piece does not mention is that Caldera IPO tanked and was blasted into oblivion by the recent Wall Street free fall (aka: "The.com Bloodbath").
I think some of the points that Mr Love makes are actually simple common sense: yes, closed-source shops can release good software. Yes, the GPL is, in its own peculiar and "viral" way, a very restrictive licence... But what else is new there?
To me, this speech sounds like a bitter rant, from a CEO who has seen his net stockmarket (read: paper) value disappear overnight.
Face it Mr Love: the Linux distro biz is like any other market -- you need good products to survive. And don't even think about making Linux proprietary or Slashdotters and FSF gurus will line up to sue you to kingdom come.
Repeat after me: invest in open-source wisely. The penguin is your friend. Don't anger the community. Respect the GPL and nobody gets hurt... =)
Another speech like that is going to be a PR disaster for Caldera. Flame war at 11.
I have several questions, but, first of all, let me just state that I have nothing but the utmost admiration for your hard work and dedication over the years.
What do you really think about the commercialization of GNU/Linux? Of the Internet?
Don't you think the insane valuation of companies such as red Hat and VA Linux, as well as the arrival of "big/hired guns" such as IBM and CA will adversely affect the future independence of GNU/Linux? (especially given the recent Wall Street nose dive?)
Do you think the GPL (which is, after all, the cornerstone of the FSF) will be tested soon in court because of this commercialization?
If you had to do it all over again, would you use a kernel with a BSD licence, such as NetBSD? This question implies a purely technical point of view, not a "political", as your (op)position to the BSD licence are well-known.
Given the choice, would you rather break-up Microsoft or force it to open-source... sorry =)... GPL its source code? Or would you rather never even touch the darn thing?
Do you think it would be worth the (limited) time & resources of the FSF to push GNU software in the developing countries or for hadicapped users?
What would you do if you had the time and unlimited (or extremely large: US$ 10,000,000,000) funds?
Jon, that Pinkerton does not want to scrap a profitable and potentially expanding project is not surprising. To think that they would pay attention to geeks and nerds is naive (at best). As a group, we have been consistently ignored.
However, the recourse seems obvious: spam! Imagine what is going to happen if a system receives thousands of provably false denunciations...
I even encourage geeks and nerds, goths and punks to launch a (nation-wide?) pre-emptive strike: if you are in high school, grab a list of all the jocks and football players and denounce them as punks, goths, malcontent, depressed, drug-addicted and violent characters. Throw in a few white-power/aryan nations jerks as well. Rat on your teachers. Report on your class president, on the Prom Queen, on the cheerleaders!!
Then, step back and watch in amazement as all these guys are dragged into detention by the principals.
How much money is Pinkerton going to lose over this? Ah, the sweet giant sucking sound of cash registers being emptied as more and more schools bail out of Wave... =)
1. The cat is out of the bag. Forget about putting it back in. This being said, the confluence of Netpliance hardware and Open source opens up many possibilities:
2. Market two versions of your product: one is your QNX-based model for folks who want easy 'net access. Second version is an "hackable" model. Make it a bit more expensive, perhaps, but let the hackers be hackers and sell them the machine!. Then let them hack all they want and incorporate the best changes in the next generation.
3. Target other markets: schools, colleges and universities could use cheap machines with standardized, open-source OS installed. Target large corporations, who need a computer on every desk, and sell them these machines. With Linux or one of the BSDs, you can overturn the Microsoft monopoly.
4. Penguins are your best friends.... Daemons may be a little bit more controversial, but they are also cute. =)
IMHO, if code is Free Speech and linking is also allowed, the last problem remaining for DeCSS is to prove to/convince the judge that utilities that crack (cheap) encryption are legal, "fair use", consumer-protection applications of free speech.
Of course, IANAL, but when is the US judicial system going to decide in favor of consumers instead of in favor of huge maney-making corporations? One gets tired waiting for a little sanity in the entire copyright/patent/money-grabbing mess that rages around Open Source...
This is very bad news, indeed. It seems every single (British) idiot ever flamed will now be able to sue their ISP. This has very interesting implications for the UK and the rest of Europe, though.
Consider the following, now that the EU is moving toward integrated laws and "e-commerce" regulations:
If I am, say, Dutch, and I post something on Usenet or on my WWW page, saying "XYZ is an idiot", where XYZ is a UK citizen, can said XYZ sue my (Dutch) ISP?
Take the case above, but admit my ISP is German of French... Can a British citizen sue a Dutch citizen and its German or French ISP?
What if the ISP is American?
What if the "libel" is one in England, but considered as "fair use" (quotation from XYZ book, for instance) in the US?
What if the poster, ISP, XYZ and others are in different countries? What kind of law is applied, for crying out loud?
Ladies and gentlemen, I am afraid this will push the EU to enact Union-wide laws. Why is this a bad news? Because most Europeans are not informed enough (yet) about the potential and pitfalls of Internet free speech. And, because of the weight of the EU, what it decides may well affect other countries... Such as the US. Uh Oh.
Not to mention that most Euro-MPs are complete idiots (IMHO).
Not Good. Or, as a famous Englishman would have put it: "Double-Plus UnGood". We are getting there -- we are just behind schedule...
Slashdot Mirror
I stand corrected! This is what happens when you read a news item too fast, I suppose.
(I still think that "Open S S H" is a good idea, though...)
=)
OpenSHHHH... Sorry, we can't mention the name of the "other" product.
OpenSHL... Hey, what's a single letter between friends?
Open S S H... Oh, Come on, quit whining. You registered "SSH" and NOT "S S H", so there!
OpenWhat?... How do you pronounce "SSH" anyway?
Open-You-Know-What... Just add a ".org" and, presto! We are back in business...
WeAreSecureAndWeAreCanadian... Yep, it's getting longer and longer.
OpenSourceSecureShell... There, feeling better already? Shush, it's all going to go away.
Ho and by the way, I want to get sued too!! I am going to register:
openssh.co.uk
openssh.org.uk
openssh.fr
openssh.asso.fr
openssh.ch
openssh.it
(...etc...)
Anybody cares to bankroll me ?? =)
Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".
At least, it's going to make the fight more interesting and potentially more lucrative. Hmmmm. US$50,000,000 out-of-court settlement. Please note that this is just the "Acronym", not the logo, which is copyrighted by our big, blue friends in Armonk.
And remember people: OpenBSD needs your help! Order your 2.8 CD today and makes the world a better place for security and a worse place for script kiddies and copyright hoarders...
I really don't think this would work. Even if VMWare runs a multiple emulation layer straight from the hardware, this would still require strong crypto to protect data saved to disk.
Then again, multiple virtual machines and strong crypto would not protect against the type of small keyboard sniffers that the FBI (and other intelligence agencies) supposedly already have -- the kind that connects directly on your keyboard and stores everything that is typed.
Finally, I am almost certain that someone could come up with a virus that would infect one VMWare layer (think Win9x here) and would do the same password-gathering. With the right drivers, one can even imagine a virus/trojan horse mounting other filesystems and discreetly searching for interesting files and data.
In short, I really don't think this has any chance to work. Memo to NSA: use OpenBSD or your own (reinforced) version of Linux with ultra-strong crypto -- you'll run less risks this way.
After all, what's the point of emulating (slowly) multiple operating systems, when it's probably much faster to port all the tools users need to one "set" of platforms (Unix?).
Just my $0.02. I am not sure this rant makes sense.
Wait a minute, folks, it's written right there in the Yahoo blurb: ... blah, blah, blah.
1. Email user writes email.
2. Email user sends email to Yahoo *over an insecure channel*
3. Yahoo sends email to
In short: if I can get your (unencrypted) email before it gets to Yahoo, I can know whatever it was that required encryption in the first place.
P. Zimmermann had a name for that kind of solution. He called it 'snake oil'. 'Nuff said.
Is "Essential UNIX administration" (O'Reilly). That's the one with the armadillo on the cover. Can't remember the name of the author, but it's probably easier to read for newbies than the famous 'Red Book'.
A company I worked for had two (count them, two!) copies of the Red (now Purple) book -- and they were required reading for anyone who wanted to have anything to do with UNIX. And the main sysadmin kept one on his desk at all times!
I want one!
Oh, and can we make a (beowulf) whole block of these?
Imagine a group of hackers protesting a "no-arcade" local regulation with these mounted on rolling trucks, displaying Tempest on skyscrapers while driving around?
Is this:
"Microsoft uses software patents to maintain its monopoly". 'Nuff said.
Nevertheless, I'd like to contribute a few words of my own.
Perritt:
Carnivore is used in sensitive criminal and foreign intelligence investigations. The
need for confidentiality in such investigations long has been recognized by the
Congress and Supreme Court of the United States. It is not unreasonable for the
Justice Department to assure that the details of confidential criminal investigations
or of foreign intelligence methods and procedures will not disclosed to the public.
Isn't that "Security by obscurity"?
If it is, I am afraid it has been shown not to work... Script Kiddies are going to have a field day with this.
Just my US$ 0.02...
Speaking strictly for myself, good luck, CmdrTaco & all the crew...
Bugs are hard to avoid -- thankfully, you were dealing with "white hats" this time. By the way, isn't it funny this information is already available on other sites... ?
I fail to see the interest of this piece.
First of all, despite the respect I have for Infoworld, you have t oadmit that "Robert X. Cringely" is a gossip columnist, not a "serious" journalist like Nick Petreley or the Security Column guys.
Then, it has been public knowledge for very long that Hotmail and others rely on either FreeBSD or another (proprietary) *NIX. That this has been a constant source of embarassement to M$, and a constant source of gloating from the *BSD/free-software-as-in-speech camp.
IMHO, this story should have appeared (at best) as a quickie, not as a full-blown story. It would be much more interesting to have reliable info (any info) on how the Hotmail migration from FreeBSD to Win2K is going.
This opinion, is, of course, exactly worth what you paid to read it... =)
.. you could get some rest!
Somebody port NetBSD to these babies! Quick! =)
Well...
My dad used to tell me how he (and a few of his friends) actually created a simple Disk Management system on an IBM mainframe. I can't remember which Big Blue machine they used, but programming was done with punch cards.
That was the time when, if you wanted your program to actually write something to the disk, you had to create your own routines to do this! Remember also that this was with "magnetic drums" -- to write any data to disk you had to know the hardware and the controller very well to optimize writing and reading (transfer rate were, of course abysmal).
So they just went ahead and created a clever little program to write and read data to these huge magnetic drums. From then on, all their progrmas would just call the disk management software instead of having to re-invent the wheel. Then they optimized it some more (32KB of RAM was huge in those times!) and simply used it all the time.
Soon after this, they received the visit of their in-house IBM engineer. Yes, in those days, they actually had an IBM engineer working full-time on the client site. Proudly, they showed him this clever little software. The guy asked for the source code, which they supplied, open source-like. The blue-suited engineer thanked them and walked away with the source. My dad and his colleagues just went back to work.
Next thing you know, IBM released, with its next-generation mainframe, a complete set of system utilities including a disk manager that looked suspiciously like the one they had created.
Why am I remembering this? Because my dad said many times that IBM (and, certainly, other computer makers) had used their ideas, as well as the ideas of many others, to create these "system utilities". He was not bitter or anything, he just mentioned that many other users probably had their own utilities for printing, batch execution, disk management, and others, and that IBM simply had used the best ones they could find... No one "invented" an "operating system": they just used more and more utilities and integrated them with one another.
Ah well. Just my US$ 0.02...
Does anyone seriously think the FBI is going to reveal what's inside the Carnivore machine and its "modus operandi"?
I mean, it would be soooooo easy for them to present incomplete schematics and/or software list and either classify the rest ("We can't risk being cracked, your honor!") or add "new" functions when a judge is not looking? Like intercepting every email instead of just one suspect user being investigated? For that matter, is the judge a computer/IP/network expert?
Was it not the FBI that asked (and almost got) the right to intercept every 'net and phone communications a few years ago?
Sheesh. Time to find that PGP copy I had somewhere... =)
Just my US$ 0.02...
Maybe we are talking about my religion... =)
Seriously, though, if you are interested in a *web server*, my remarks still stand. I don't if Apache has been ported to OS/400 or Multics.
Besides, how many companies, these days, can afford a Multics- based computer (does it still exist?) or an AS/400?
My dad (who was a security officer on a big iron somewhere) used to mention that, even with OS/400, it usually took less than 30 minutes, for a good security consultant, who was probably much better than the average script kiddie, to gain complete access to a machine.
Compare & contrast with what OpenBSD claims on their website: "Two years without a local root exploit".
I am ready to admit that "Big Iron" means much better security than a PC+your choice of OS. That does not mean *good* security, though. Simply better security.
"If it has to secured, DON'T put it on a computer".
I used to believe he was joking but now, with a little more experience, I totally agree with this declaration. If it's sensitive, for goodness's sake, don't put it on a computer, and especially on a computer which is connected to ANY form of network.
With all due respect to a senior 'net citizen such as Dr Spafford (who is certainly more intelligent than I am or ever will be), it is true that Linux (or *BSD) evolve in a chaotic and ramshackle way. But we should always remember a few points:
Want to keep something a secret? Remember the advice of that engineer: write it down on a piece of paper, use a one-time-pad, lock the paper in a steel box and put the box in a military-grade safe. Burn all other traces and throw the ashes in a vat of acid. But, for goodness sake, DON'T leave it on a computer!
Of course, this is just my US$0.02...
The main reason the wars in Kosovo, Iraq and Vietnam were fought and "won" against different "enemies" has more to do with public perception and national interest than with questions of human rights.
Remember, as well, that there are only three types of strategies: occidental, chinese and "japanese".
Here are just a couple of examples of what I mean:
So... As far as I am concerned, there are no "good" or "bad" wars. All wars are just determined by national self-interest, which then influences public perception of the war.
Kosovo (and the rest of the Balkans) are a complete mess because public perception and self interest were out of whack. The sad thing is that most industrial and military powers in the world today could not care less if the Serbs massacred all Kosovars (and butcher they did). Half-hearted attempts were made to find a diplomatic solution. Then, a half-hearted attempt was made at stopping the bloodshed. When in doubt, bomb 'em back to the Stone Age! Predictable result: the serb civilians rallied around the flag and supported the murderous tactics of their government.
Why are the Balkans still a mess? Because occidental powers have no national interest in solving the long-term problems in the region. Watch the situation in Montenegro: this is probably going to be the next Croatia or Kosovo. All of this because national interest is the dominant force behind the wars men wage.
Clemenceau was right when he said: "war is waged by nice people who kill each other without even knowing their names, all of this to the benefit of perfect b______s, who know each other very well, but will never kill each other"...
1. MS criticism & discussion of its products is free speech, not copyright infrigement.
2. Open discussion of a variant of an open authentication protocol (Kerberos) is acceptable, even if said variant is proprietary.
3. Supply a copy of this email to the judge in charge of the Microsoft case, as further proof that MS is a monopoly and tries to stifle competition and consumer advantage. Hey, Slashdot is a competitor to MSNBC, right? =)
Guys, this is it -- whatever you do, don't cave in!!
My job's sysadmin has already warned us that the virus was in the wild somewhere, and has asked us *not* to open anything suspicious.
I know that several large firms in my area are also scrambling to stop the infection. This virus can stop any MS system dead in its tracks and clog the others beyond repair. Tough little one!
What this little piece does not mention is that Caldera IPO tanked and was blasted into oblivion by the recent Wall Street free fall (aka: "The .com Bloodbath").
I think some of the points that Mr Love makes are actually simple common sense: yes, closed-source shops can release good software. Yes, the GPL is, in its own peculiar and "viral" way, a very restrictive licence... But what else is new there?
To me, this speech sounds like a bitter rant, from a CEO who has seen his net stockmarket (read: paper) value disappear overnight.
Face it Mr Love: the Linux distro biz is like any other market -- you need good products to survive. And don't even think about making Linux proprietary or Slashdotters and FSF gurus will line up to sue you to kingdom come.
Repeat after me: invest in open-source wisely. The penguin is your friend. Don't anger the community. Respect the GPL and nobody gets hurt... =)
Another speech like that is going to be a PR disaster for Caldera. Flame war at 11.
Thanks for your time!
Jon, that Pinkerton does not want to scrap a profitable and potentially expanding project is not surprising. To think that they would pay attention to geeks and nerds is naive (at best). As a group, we have been consistently ignored.
However, the recourse seems obvious: spam! Imagine what is going to happen if a system receives thousands of provably false denunciations...
I even encourage geeks and nerds, goths and punks to launch a (nation-wide?) pre-emptive strike: if you are in high school, grab a list of all the jocks and football players and denounce them as punks, goths, malcontent, depressed, drug-addicted and violent characters. Throw in a few white-power/aryan nations jerks as well. Rat on your teachers. Report on your class president, on the Prom Queen, on the cheerleaders!!
Then, step back and watch in amazement as all these guys are dragged into detention by the principals.
How much money is Pinkerton going to lose over this? Ah, the sweet giant sucking sound of cash registers being emptied as more and more schools bail out of Wave... =)
Just my US$ 0.02, of course.
A couple of quick things:
1. The cat is out of the bag. Forget about putting it back in. This being said, the confluence of Netpliance hardware and Open source opens up many possibilities:
2. Market two versions of your product: one is your QNX-based model for folks who want easy 'net access. Second version is an "hackable" model. Make it a bit more expensive, perhaps, but let the hackers be hackers and sell them the machine!. Then let them hack all they want and incorporate the best changes in the next generation.
3. Target other markets: schools, colleges and universities could use cheap machines with standardized, open-source OS installed. Target large corporations, who need a computer on every desk, and sell them these machines. With Linux or one of the BSDs, you can overturn the Microsoft monopoly.
4. Penguins are your best friends.... Daemons may be a little bit more controversial, but they are also cute. =)
Welcome to Open Source!
IMHO, if code is Free Speech and linking is also allowed, the last problem remaining for DeCSS is to prove to/convince the judge that utilities that crack (cheap) encryption are legal, "fair use", consumer-protection applications of free speech.
Of course, IANAL, but when is the US judicial system going to decide in favor of consumers instead of in favor of huge maney-making corporations? One gets tired waiting for a little sanity in the entire copyright/patent/money-grabbing mess that rages around Open Source...
Consider the following, now that the EU is moving toward integrated laws and "e-commerce" regulations:
Ladies and gentlemen, I am afraid this will push the EU to enact Union-wide laws. Why is this a bad news? Because most Europeans are not informed enough (yet) about the potential and pitfalls of Internet free speech. And, because of the weight of the EU, what it decides may well affect other countries... Such as the US. Uh Oh.
Not to mention that most Euro-MPs are complete idiots (IMHO).
Not Good. Or, as a famous Englishman would have put it: "Double-Plus UnGood". We are getting there -- we are just behind schedule...
It's already been reported on CNN. Check this link. Why not organize this demo every once in a while, as long as DMCA is in effect in the US?