Society is like a herd of sheep. It sits on a prairie and happily eats away what it can find. All it takes to discipline them are a couple of dogs. Sheep are all good law (dog) abiding citizen. Unfortunately, they'll never discover other green pastures by themselves. They need authorities (shepherds) that will do that for them. At the end of the day (well, the season), they'll be great meat for their masters.
The biggest leverage of law makers is that they are never enough people to challenge the laws.
What about CD and DVD players with digital output ports? The specs of the digital stream are surely open (or they leaked somewhere), so it may be relatively easy to catch good digital data, thus avoiding the lossy D/A <-> A/D conversions.
Even policemen in dictatorships (normally) act according to legal standards. They follow the legal rules just like our cops do. It's just not our laws, but the laws of a country under dictatorship. For instance, if they have a law that allows torture, policemen torturing their victims are acting within their legal framework. There's nothing a court could do about it.
Just because something is legal, doesn't mean that it is legitimate.
Now Europe accepts fresh crop of authotirtarians from the post-communist states.
Why are you assuming that people from post-communist states would elect more authoritarian
regimes, therefore skewing the political mainstream? It may be exactly the opposite: people who directly experienced dictatorship (as opposed to just have heard about it in the media) are much more sensible to authoritarian behaviour. They may very well be less tolerant of facistoid tendencies than the average west european (who wouldn't care).
The problem with our democracy is not that it is being "invaded" from authoritarian outsiders. We are the ones who are neglecting democracy. We fail to preserve it, be it out of laziness, ignorance or whatever else. It comes to no surprise that authoritarian politicians emerge out of this.
Are copyright laws really a good idea for software? Remember, copyright protection lasts for at least 70 (but up to 95) years after the death of the author. Moreover, copyright renewals would extend this period even more. Now tell me any kind of software that would not be utterly obsoleted in, say, 100 to 150 years from now! Software-Copyrights effectively eliminate public dissemination forever. Is this the purpose of copyright, as intended when it was invented?
I am not entirely opposed to regulating software for government use.
See FIPS requirements.
Governments do not relinquish their powers. They always and only expand them.
Sad, but true. And that's exactly the reason why we need to be extra careful when we call for Government's "help."
Frankly, I believe that software is also a way to express opinions, both technical and political. Government control of software would be in direct contradiction of free speech, wouldn't it?
Calling for legislation to step in, is almost always a bad idea. We may be dreaming of an open source friendly regulation, but this is unlikely to happen. We simply don't have the purchasing power that Microsoft and others have with our politicians, so we'll end up having a heavily regulated market with anti-competitive, pro closed-source rules. Remember DMCA?
Even if a company is destroyed, its assets will be distributed across its creditors. Where will the Unix IP rights land? In Microsoft's hands? The problem is actually not with SCO itself, but with those rights. How can we get them back, and return them to the IT community as a whole?
Who owns SCO anyway? Perhaps Microsoft through indirect channels. If it's true, they won't sell enough stock to allow IBM (or anybody else) to buy out SCO. That's the problem...
Netcraft reports that the Nevada Circuit Court uses Linux on their Case Management/Electronic Case Filing systems. The question is now, wether SCO will file a suit against that very same court. Perhaps a SCO vs. Ashcroft case?
This reminds me of a torpedo that missed its primary target and is now out of control, searching for anything to hit. Better duck and cover, until it runs out of fuel...
...or send an auto-destroy message to disable the bastard.
Will the German ownership (and subsequent court actions in Germany against SCO) of Chrysler play a part stateside?
That's interesting indeed. Since SCO is banned in Germany from saying that they own Linux code (if they can't prove it), and since Daimler-Chrysler's HQ is in Germany, what consequences will this have?
In Germany, courts are unlikely to follow SCO's argumentation, so it is a safe bet that DC will not be bothered by this lawsuit. In the US, it is an entirely different matter!
Daimer-Chrysler is fortunately big enough. Should they be dogged in US courts, they could easily pull out a few factories e.g. to Mexico, putting enormous pressure on Congress and States. In the long run (iff Daimler-Chrysler doesn't cave in to this raquet), this lawsuit could be very beneficial to all of us.
and by gutting upload speeds to pathetically low rates of transfer.
It would be nice if ADSL were extended to allow a kind of "reverse bandwidth" command. This command could be used dynamically by the customer's [router's] IP stack, e.g. like this: "As long as there's nothing receive, allow maximal outbound bandwidth. As soon as content is received, reverse direction."
BTW, not all providers' policies forbid servers. It's just a matter of switching to more user-friendly companies.
The biggest problem for Joe Schmoe is finding suitable DNS providers for their brand new domain name. DynDNS, ZoneEdit etc... will not continue to provide this for free for very long...
Confronted with a bill for a SCO Linux license, The Al Quaeda Group sent the equivalent of $699 in C4 to the Utah based company's HQ. According to the press release by The Al Quaeda Group, VISA declined to give them a credit card, so they decided to use an alternative way of payment.
Sorry if the comparision didn't seem fair. That was not intended.
Of course, vulnerabilities are not only attributable to lazy
admins, who don't update or patch their systems frequently. I was
oversimplifying here to make a point. And the point is this: considering
the stats from the article, Linux seems to attract more successful
attacks than BSDs. How comes? Browsing bugtraq shows that most vulns are from userland apps, that
are often not even part of the base BSD systems. The bulk of attacks
are against commodity software that is widely used on both platforms.
It just happens, that those programs are often running by default on
vanilla Linux distros, whereas they are disabled in default BSD
versions. Now what happens is obvious: an average sysadmin on Linux
would have to know about the problem and either install firewalls,
or close ports. But if they didn't nothing would prevent the system
from working. In contrast, the average BSD sysadmin would have to
enable additional software (installing from ports, etc...), thus
always making a conscious decision to punch yet another possible
hole in the wall, so to speak.
You're right in many aspects. Stack protection, as implemented
in OpenBSD would be a great addition to the other BSDs, to Linux
and Solaris as well. That would alreayd prevent a whole lot of
stupid coding errors and associated mistakes. String API improvements
like strlcpy() and friends are also great, and I'd love to see them
replacing strcpy()/strcat() too. Absolutely and fully.
Yes, absolutely. One big advantage of BSDs is the ease of updating
once vulnerabilities are discovered/fixed. cvsup/cvs once, recompile,
and you're all set. Not all Linux distros are as easily to maintain
(though some are catching up).
And you're right with OpenBSD too. Having apertures in the kernel
allows to run with securelevel >=1, yet still start and stop XFree
without problems. That is a good point. And in FreeBSD, jails are
also a great way to enhance security.
A lot of software is shared between BSD and Linux installations. Stuff like sendmail (qmail, postfix,...), apache, bind, etc... is exactly the same on both OSes. Most security breaches involve a buffer overrun in one of these server programs. So obviously, Linux and BSD systems should be equally vulnerable (or safe) w.r.t. remote exploits...
As many have pointed out in other threads, the ratio of competent/incompetent Linux admins is higher than the competent/incompetent BSD admins ratio. This is sad, but true. It is not because Linux is bad or hard to manage, it's simply because Linux is much more popular than BSD. Newbie admins will seldom start with BSD, so they make their mistakes on Linux boxes first. Some of them may grow up tried of all the different idiosyncraties of Linux distros, and try BSD. A few may even like it and stick to it. But the point here is that your average BSD admin is already experienced with Linux systems, whereas the bulk of Linux admins won't.
Linux or BSD are both great systems, but they can be really dangerous in the hands of the inexperienced.
DISCLAIMER: I'm a senior FreeBSD sysadmin since 2.0, but I'm also managing a farm of misc. Linux variants since kernel 0.99 in high risk secure environments. I like both systems very much, so I tend to dislike stupid over-generalizations a la BSD is more secure than Linux (even if it is true, for the reasons explained above).
The 9/11 terrorists used their own IDs and their own passports. An eye-scan would've been utterly useless here.
Biometric scans may have some value in proving beyond any reasonable doubt that the association pair (physical person, ID papers) is legitimate, but they can't (yet?) read minds of first-time would-be terrorists, which do not yet have any criminal records.
And this is precisely the problem here. Most terrorist attacks are not performed by professionals, but by people who didn't appear on the radar before. Professionals may be planning the attacks, but they will still hide beyond our reach. They are unlikely to cross a heavily guarded border when they can send a lot of legitimate people to do the dirty work for them.
And now, to ask again: is this really necessary? If we persist on this path, newly born babies will soon get a bluetooth chip implant, just like cows in a herd. Wouldn't that be great? The complete human population earmarked and always trackable on a global scale. Ready for... what? Slaughtering?
A perl script doesn't really need any CPAN modules at all to be
effective. Just take SMTP as an example: this is an extremely simple
protocol that you can simulate in a few lines of perl (at least enough
of it to send gazillions of spams!). You don't really need Net::SMTP
or some such.
An executable ELF binary doesn't need autoconf, automake
etc. to run. That already happened at compile time. Again, a carefully
written C program could use only glibc, and nothing more. No need to
use external (networking? protocol?...) libs or other dependencies, which
may not be present on the target machine.
Of course, if you don't use x86, you'd be pretty secure.
As Unix(*) users, we feel pretty confident when confronted with this kind of a.exe crap. But seriously, what would have happened, if the file was a Linux executable? A shell or perl script? Are we still secure? Maybe, maybe not:
It depends what browser we're using. Browsers on Unix normally don't execute remote code, but the more browsers we use, the less we can be sure.
Are our rendering engines (Gecko and Konqueror) really immune to buffer overruns of malicious web sites? We don't know for sure. Most of us are aware of Konqueror dumping core, but no harm is done, because a Windows virus couldn't start. What if the remote site contained valid Linux instructions instead?
A whole class of vulnerabilities consists of so called cross site scripting vulns (see bugtraq).
Even if an executable runs with the permissions of a regular, non-root user, are we still secure? I've seen setups where the user was member of group 0 (wheel), which opened up a whole lot of potential vulnerabilities.
The biggest asset of the Unix community is still the high level computer literacy amongst its users. We're smarter than regular Windows users on the average, and we know better than to blindly click on links when we're being told to. But with growing Linux popularity, we're bound to "inherit" more unsavvy and clueless computer users, which would be just as malleable as Windows users.
The last line of defense(tm) consists of just two principles:
We don't run our browsers in kernel mode.
We don't use the root account for regular activites (right?).
Will that be enough, once spammers start targetting Linux? Let's hope for the best.
Slashdot Mirror
Society is like a herd of sheep. It sits on a prairie and happily eats away what it can find. All it takes to discipline them are a couple of dogs. Sheep are all good law (dog) abiding citizen. Unfortunately, they'll never discover other green pastures by themselves. They need authorities (shepherds) that will do that for them. At the end of the day (well, the season), they'll be great meat for their masters.
The biggest leverage of law makers is that they are never enough people to challenge the laws.
What about CD and DVD players with digital output ports? The specs of the digital stream are surely open (or they leaked somewhere), so it may be relatively easy to catch good digital data, thus avoiding the lossy D/A <-> A/D conversions.
Policemen act according to the legal standards.
Even policemen in dictatorships (normally) act according to legal standards. They follow the legal rules just like our cops do. It's just not our laws, but the laws of a country under dictatorship. For instance, if they have a law that allows torture, policemen torturing their victims are acting within their legal framework. There's nothing a court could do about it.
Just because something is legal, doesn't mean that it is legitimate.
Now Europe accepts fresh crop of authotirtarians from the post-communist states.
Why are you assuming that people from post-communist states would elect more authoritarian regimes, therefore skewing the political mainstream? It may be exactly the opposite: people who directly experienced dictatorship (as opposed to just have heard about it in the media) are much more sensible to authoritarian behaviour. They may very well be less tolerant of facistoid tendencies than the average west european (who wouldn't care).
The problem with our democracy is not that it is being "invaded" from authoritarian outsiders. We are the ones who are neglecting democracy. We fail to preserve it, be it out of laziness, ignorance or whatever else. It comes to no surprise that authoritarian politicians emerge out of this.
Are copyright laws really a good idea for software? Remember, copyright protection lasts for at least 70 (but up to 95) years after the death of the author. Moreover, copyright renewals would extend this period even more. Now tell me any kind of software that would not be utterly obsoleted in, say, 100 to 150 years from now! Software-Copyrights effectively eliminate public dissemination forever. Is this the purpose of copyright, as intended when it was invented?
I am not entirely opposed to regulating software for government use.
See FIPS requirements.
Governments do not relinquish their powers. They always and only expand them.
Sad, but true. And that's exactly the reason why we need to be extra careful when we call for Government's "help."
Frankly, I believe that software is also a way to express opinions, both technical and political. Government control of software would be in direct contradiction of free speech, wouldn't it?
Calling for legislation to step in, is almost always a bad idea. We may be dreaming of an open source friendly regulation, but this is unlikely to happen. We simply don't have the purchasing power that Microsoft and others have with our politicians, so we'll end up having a heavily regulated market with anti-competitive, pro closed-source rules. Remember DMCA?
Even if a company is destroyed, its assets will be distributed across its creditors. Where will the Unix IP rights land? In Microsoft's hands? The problem is actually not with SCO itself, but with those rights. How can we get them back, and return them to the IT community as a whole?
Who owns SCO anyway? Perhaps Microsoft through indirect channels. If it's true, they won't sell enough stock to allow IBM (or anybody else) to buy out SCO. That's the problem...
Netcraft reports that the Nevada Circuit Court uses Linux on their Case Management/Electronic Case Filing systems. The question is now, wether SCO will file a suit against that very same court. Perhaps a SCO vs. Ashcroft case?
so what you may get to see will be *nothing*
Does this mean that SCO claims that their IP property consists of *nothing*? Good to know that there are no empty files in the Linux kernel!
This reminds me of a torpedo that missed its primary target and is now out of control, searching for anything to hit. Better duck and cover, until it runs out of fuel...
...or send an auto-destroy message to disable the bastard.
Will the German ownership (and subsequent court actions in Germany against SCO) of Chrysler play a part stateside?
That's interesting indeed. Since SCO is banned in Germany from saying that they own Linux code (if they can't prove it), and since Daimler-Chrysler's HQ is in Germany, what consequences will this have?
In Germany, courts are unlikely to follow SCO's argumentation, so it is a safe bet that DC will not be bothered by this lawsuit. In the US, it is an entirely different matter!
Daimer-Chrysler is fortunately big enough. Should they be dogged in US courts, they could easily pull out a few factories e.g. to Mexico, putting enormous pressure on Congress and States. In the long run (iff Daimler-Chrysler doesn't cave in to this raquet), this lawsuit could be very beneficial to all of us.
I would LOVE to see the Slashdot effect at work on this conference call
Ah, that's what the $1M from EV1 is good for! Paying the bills for a slashdotted telcon...
Or have they an bought insurance against slashdotting (as another means of making even more dosh)?
and by gutting upload speeds to pathetically low rates of transfer.
It would be nice if ADSL were extended to allow a kind of "reverse bandwidth" command. This command could be used dynamically by the customer's [router's] IP stack, e.g. like this: "As long as there's nothing receive, allow maximal outbound bandwidth. As soon as content is received, reverse direction."
BTW, not all providers' policies forbid servers. It's just a matter of switching to more user-friendly companies.
The biggest problem for Joe Schmoe is finding suitable DNS providers for their brand new domain name. DynDNS, ZoneEdit etc... will not continue to provide this for free for very long...
NASA Server hit by slashdot asteroid. They didn't see it coming...
Confronted with a bill for a SCO Linux license, The Al Quaeda Group sent the equivalent of $699 in C4 to the Utah based company's HQ. According to the press release by The Al Quaeda Group, VISA declined to give them a credit card, so they decided to use an alternative way of payment.
Coming up: used SCO licenses on Ebay. No bidders so far: $1.00
Sorry if the comparision didn't seem fair. That was not intended.
Of course, vulnerabilities are not only attributable to lazy admins, who don't update or patch their systems frequently. I was oversimplifying here to make a point. And the point is this: considering the stats from the article, Linux seems to attract more successful attacks than BSDs. How comes? Browsing bugtraq shows that most vulns are from userland apps, that are often not even part of the base BSD systems. The bulk of attacks are against commodity software that is widely used on both platforms. It just happens, that those programs are often running by default on vanilla Linux distros, whereas they are disabled in default BSD versions. Now what happens is obvious: an average sysadmin on Linux would have to know about the problem and either install firewalls, or close ports. But if they didn't nothing would prevent the system from working. In contrast, the average BSD sysadmin would have to enable additional software (installing from ports, etc...), thus always making a conscious decision to punch yet another possible hole in the wall, so to speak.
You're right in many aspects. Stack protection, as implemented in OpenBSD would be a great addition to the other BSDs, to Linux and Solaris as well. That would alreayd prevent a whole lot of stupid coding errors and associated mistakes. String API improvements like strlcpy() and friends are also great, and I'd love to see them replacing strcpy()/strcat() too. Absolutely and fully.
Yes, absolutely. One big advantage of BSDs is the ease of updating once vulnerabilities are discovered/fixed. cvsup/cvs once, recompile, and you're all set. Not all Linux distros are as easily to maintain (though some are catching up).
And you're right with OpenBSD too. Having apertures in the kernel allows to run with securelevel >=1, yet still start and stop XFree without problems. That is a good point. And in FreeBSD, jails are also a great way to enhance security.
Of course, I've meant the exact opposite. Please s/higher/lower/.
A lot of software is shared between BSD and Linux installations. Stuff like sendmail (qmail, postfix, ...), apache, bind, etc... is exactly the same on both OSes. Most security breaches involve a buffer overrun in one of these server programs. So obviously, Linux and BSD systems should be equally vulnerable (or safe) w.r.t. remote exploits...
As many have pointed out in other threads, the ratio of competent/incompetent Linux admins is higher than the competent/incompetent BSD admins ratio. This is sad, but true. It is not because Linux is bad or hard to manage, it's simply because Linux is much more popular than BSD. Newbie admins will seldom start with BSD, so they make their mistakes on Linux boxes first. Some of them may grow up tried of all the different idiosyncraties of Linux distros, and try BSD. A few may even like it and stick to it. But the point here is that your average BSD admin is already experienced with Linux systems, whereas the bulk of Linux admins won't.
Linux or BSD are both great systems, but they can be really dangerous in the hands of the inexperienced.
DISCLAIMER: I'm a senior FreeBSD sysadmin since 2.0, but I'm also managing a farm of misc. Linux variants since kernel 0.99 in high risk secure environments. I like both systems very much, so I tend to dislike stupid over-generalizations a la BSD is more secure than Linux (even if it is true, for the reasons explained above).
The 9/11 terrorists used their own IDs and their own passports. An eye-scan would've been utterly useless here.
Biometric scans may have some value in proving beyond any reasonable doubt that the association pair (physical person, ID papers) is legitimate, but they can't (yet?) read minds of first-time would-be terrorists, which do not yet have any criminal records.
And this is precisely the problem here. Most terrorist attacks are not performed by professionals, but by people who didn't appear on the radar before. Professionals may be planning the attacks, but they will still hide beyond our reach. They are unlikely to cross a heavily guarded border when they can send a lot of legitimate people to do the dirty work for them.
And now, to ask again: is this really necessary? If we persist on this path, newly born babies will soon get a bluetooth chip implant, just like cows in a herd. Wouldn't that be great? The complete human population earmarked and always trackable on a global scale. Ready for... what? Slaughtering?
A perl script doesn't really need any CPAN modules at all to be effective. Just take SMTP as an example: this is an extremely simple protocol that you can simulate in a few lines of perl (at least enough of it to send gazillions of spams!). You don't really need Net::SMTP or some such.
An executable ELF binary doesn't need autoconf, automake etc. to run. That already happened at compile time. Again, a carefully written C program could use only glibc, and nothing more. No need to use external (networking? protocol?...) libs or other dependencies, which may not be present on the target machine.
Of course, if you don't use x86, you'd be pretty secure.
As Unix(*) users, we feel pretty confident when confronted with this kind of a.exe crap. But seriously, what would have happened, if the file was a Linux executable? A shell or perl script? Are we still secure? Maybe, maybe not:
The biggest asset of the Unix community is still the high level computer literacy amongst its users. We're smarter than regular Windows users on the average, and we know better than to blindly click on links when we're being told to. But with growing Linux popularity, we're bound to "inherit" more unsavvy and clueless computer users, which would be just as malleable as Windows users.
The last line of defense(tm) consists of just two principles:
Will that be enough, once spammers start targetting Linux? Let's hope for the best.
(*) Unix in the generic sense, not Darl's.