TCP and IP header bits are not particularly safe to redefine;
Yes, that's true. The only bits that come to mind, would be the TOS flags (3 bits) in the IP header, which are not used anyway; not in routers, and certainly not in end systems.
Whoever decides what content is "bad" should also take the responsibility for dealing with it.
Routing, and eventually tagging IP packets is part of the networking layer responsibility. Deciding what to do with packets which are tagged as "probably harmful" would be done by software on the end systems; software which runs in the application layer (at least conceptually).
Then again, tagging packets based on virus detection, seems like belonging in the application layer too, and routers should stay clear of it.
The whole idea of having the router tag packets they deem "harmful" is kinda flawed:
Routers will have to be stateful, to examine TCP streams.
Processing overhead is so high, only edge routers (of rather small networks!) would be able to handle the (CPU) load.
There's no logical reason why a router should perform this task. Running as a router doesn't give it more insight into the logic of a virus, than normal hosts.
This last point is interesting though: If some helper application (or process in the router) identified a virus in a TCP stream, it could dynamically notify the router that this special stream is currently carrying a virus. The router could then modify its ACL on the fly, or reset the TCP connection altogether; preventing the virus from reaching its destination.
Using dynamic ACLs or connection resets is not new. Some intrusion detection systems provide hooks to do this, hooks that are currently rather clumsy (e.g. they use SNMP to instruct the router what to do), and coarse-grained. Better support in the router, like, say, a HOST to ROUTER protocol, could help here.
Of course, the router requirement RFC will have to be modified, for all this to be standards-compliant!
End systems are not affected by routers dropping IP packets with harmful content. All what end systems see are IP packets. They may see less of them, if filtering is enabled on the router, but the packets have nothing special about them that would need AV software on the clients.
But, a router doesn't always have to drop packets. It could tag them with a special marker, and clients could then react accordingly, e.g. by dropping them in their TCP/IP stack.
This could be somewhat similar to what SpamAssassin does, when tagging spam mail with an X-Spam header. It's up to the mail user agent to decide what to do with mails tagged that way.
no more GNU software on my computer, I'm gonna go play with FreeBSD, now dammit where'd I put that compiler.
Beware: There's a lot more GNU software in FreeBSD, than gcc (and binutils, etc...) alone. And I don't mean third party ports that we all love and use, but also in the base system. There is a also a lot of non-GNU, but GPLed software in the base FreeBSD system as well. Just one example: cvs.
We owe a lot to the GNU project, and would never have gotten that far without their contributions.
People creating free software are doing a great, charitable work! Many schools, esp. in poor countries, switched to Linux because Microsoft products were too expensive. Donations to EFF or the FSF are certainly a good way to help millions of people worldwide.
Looks to me like SCO are getting more and more frantic, alineating everyone in the industry. Who is actually still _buying_ their crappy UnixWare implemenation? Shouldn't we find out, and publish a "Hall of Shame" with actual SCO customers?
The obvious solution is, of course, to lobby ICANN to create a new.spam top level domain for all spammers. Of course, with subdomains like.v1agra.spam,.loans.spam etc.
The company operating the.spam registry would be profitable in nanoseconds, as all spammers rush to register their brand new spam domain.
OT: Let's tax all customers of the dot-spam registry. Simple. Unadorned.
What Darl wants, and I will fight to the end of my days to prevent, is a return to the hugely inefficient days when every Tom, Dick and Harry company could build their own unique, incompatible-with-the-universe, expensive custom OSes.
As long as said companies implemented standard interfaces fully and correctly, why not? The Unix world managed to converge towards a common set of standards and interfaces, and this is very good. I wouldn't mind (much) if my favorite application compiles on Linux, BSD, Solaris, etc... The OS implementation itself is not important, as long as the interface is respected.
BTW, having multiple Unix implementations is beneficial to portability and code quality of the applications too! If you are forced, as a developer, to avoid specific idiosyncracies of a specific OS implementation, you will likely generate better code; code that is maintained more easily.
Having a Linux-only monoculture in the Unix world would not be good either. Everyone who has already tried to port newer apps from Linux to, say, BSD, will have noticed, that developers are often careless, or lazy, about true portability. Fortunately, and thanks to the open source model, a small patch to the developers is generally cheerfully accepted, and takes care of sloppy coding techniques.
Re:Linux written to compete with SCO?
on
SCO News Roundup
·
· Score: 2, Insightful
I don't see SuSE competing with SCO's UnixWare either. Why would they?
Actually wondering who is still buying SCOs products; with or without competition...
Re:Thinking about this financially...
on
SCO News Roundup
·
· Score: 1
SCO are not out there to do any kind of IT-related business. Their only remaining business model is to commercialize their _presumable_ IP rights to the Unix trademark.
SCO is dying...
... or at least comatose, in M$'s ICU (so to speak).
thanks to some of our genius legislators, potentially illegal to possess or use.
Let's spam the legislators!
Ah, so slowing down a connection could be illegal? Will mod_throttle be classified as a weapon in the near future? GREAT! Spidering sites would be even faster now!
That is a very good point! I know many people who had been bitten by this a few times in the past. With fast machines, making the world every now and then is not such an obstacle as it used to be some years ago (security by recompiling). But sometimes, especially on colocated machines, applying a libc fix can still be a life-saver!
A german court ruled that people are responsible for the links on their pages. If the link points to an external site with illegal content, the poster of the link could be persecuted for this; especially if they didn't put a disclaimer on their pages.
Funnily, most web authors didn't understand the ruling and started putting stddisclaimer.h on their pages. They thought that this would protect them from persecution, not unlike a talisman or magic spell.
Unfortunately, laws don't work that way: it's not the disclaimer that protects you, it's the intension you had when you posted the link in the first place.
Of course, determining in court what someone's intension is, opens up pandora's box, as everyone might imagine. It's merely a question who has the better lawyer (or PR budget).
This german court ruling applies only to people living there. Unfortunately (or fortunately, depending on your point of view), governments are currently tightening their control over the Net, and judicial rulings are just one way among others to achieve this. Am I the only one who is alarmed by this erosion of our Freedom of Speech rights?
The other reason was SuSE and Mandrake, both European and not from the United States.
SuSE and Mandrake are produced by European vendors, but the software they ship is truly international.
However you're right: a strong selling point in convincing the public sector in EU-land to switch to Linux is that revenues will flow back into the EU rather than outside.
Another important point is that the US are being currently perceived in large parts of Europe, but also in many third world countries as, how should I put it, acting rather strangely w.r.t. human rights and abidance by [intl.] laws. Please don't get me wrong here: this is not my personal opinion, but it is very widespread out there.
The general scepticism against US policy translates in (most often) irrational fears about "spyware." M$ had presumably a record of cooperating with the NSA, helping them install backdoors in M$'s crypto libraries: CCC press release (sorry, only in german). It may be true or not, the result is that people, especially outside the US, feal uneasy about installing software from companies they don't trust, which obey a government they may not always agree with.
China is a good example of this, with their RedLinux. Then again, their government won't even trust "european" distros, so they forked their own project. Then again, why not?
Last but not least, the most important aspect is simply technical excellence, or at least availability. Consider the use of FreeBSD among ISPs worldwide: there is no noticeable difference by region, and we're not afraid to use this system, even if it originated from Berkeley:). For the job at hand, there is simply no alternative; and it's fun to use too. The same about Cisco: We wouldn't dream of using something else in our backbones, just because we could find a small european router manufacturer. There is no reasonable technical alternative out there, and we're happy with our routers as they are.
Patents are public records, and spammers can read too. Since they are routinely breaking the law anyway, they'll grab a copy of ATT's patent, implement it, and use it against us.
How likely are we to be able to nuke 'em once we see them?
Nukes are overrated. They may be strong enough to break a small rock apart, and deflect a slightly larger asteroid, but they would be without noticeable effect on larger rocks. It depends on the size (and consitution) of the asteroid.
Fortunately, really large asteroids are very rare (on Earth's orbit anyway), though not to be ruled out either. Of course, we would have a sufficiently large time frame to try to deflect that one with long-lasting (but low) pressure/acceleration, e.g. emanating from ion accelerators or similar electric propulsion engines.
To see how small the released effective energy of a thermonuclear device is, compare with the energy released by a mere average volcano, or even a big thunderstorm!
Slashdot Mirror
TCP and IP header bits are not particularly safe to redefine;
Yes, that's true. The only bits that come to mind, would be the TOS flags (3 bits) in the IP header, which are not used anyway; not in routers, and certainly not in end systems.
Whoever decides what content is "bad" should also take the responsibility for dealing with it.
Routing, and eventually tagging IP packets is part of the networking layer responsibility. Deciding what to do with packets which are tagged as "probably harmful" would be done by software on the end systems; software which runs in the application layer (at least conceptually).
Then again, tagging packets based on virus detection, seems like belonging in the application layer too, and routers should stay clear of it.
The whole idea of having the router tag packets they deem "harmful" is kinda flawed:
This last point is interesting though: If some helper application (or process in the router) identified a virus in a TCP stream, it could dynamically notify the router that this special stream is currently carrying a virus. The router could then modify its ACL on the fly, or reset the TCP connection altogether; preventing the virus from reaching its destination.
Using dynamic ACLs or connection resets is not new. Some intrusion detection systems provide hooks to do this, hooks that are currently rather clumsy (e.g. they use SNMP to instruct the router what to do), and coarse-grained. Better support in the router, like, say, a HOST to ROUTER protocol, could help here.
Of course, the router requirement RFC will have to be modified, for all this to be standards-compliant!
End systems are not affected by routers dropping IP packets with harmful content. All what end systems see are IP packets. They may see less of them, if filtering is enabled on the router, but the packets have nothing special about them that would need AV software on the clients.
But, a router doesn't always have to drop packets. It could tag them with a special marker, and clients could then react accordingly, e.g. by dropping them in their TCP/IP stack.
This could be somewhat similar to what SpamAssassin does, when tagging spam mail with an X-Spam header. It's up to the mail user agent to decide what to do with mails tagged that way.
no more GNU software on my computer, I'm gonna go play with FreeBSD, now dammit where'd I put that compiler.
Beware: There's a lot more GNU software in FreeBSD, than gcc (and binutils, etc...) alone. And I don't mean third party ports that we all love and use, but also in the base system. There is a also a lot of non-GNU, but GPLed software in the base FreeBSD system as well. Just one example: cvs.
We owe a lot to the GNU project, and would never have gotten that far without their contributions.
People creating free software are doing a great, charitable work! Many schools, esp. in poor countries, switched to Linux because Microsoft products were too expensive. Donations to EFF or the FSF are certainly a good way to help millions of people worldwide.
I'd suggest boycotting not only SCO, but more importantly, their customers. Let's find out who they are, and publish a "Hall of Shame."
Ditto for SCO stock holders!
Looks to me like SCO are getting more and more frantic, alineating everyone in the industry. Who is actually still _buying_ their crappy UnixWare implemenation? Shouldn't we find out, and publish a "Hall of Shame" with actual SCO customers?
Wasn't it NOAA, who is responsible for studying oceans?
The Borg just entered the solar system...
How about open-sourcing papers? Past and future?
Why not create a central repository of CS papers, that would be free to access to everyone?
spam is already illegal in many countries in europe. yet it still happens. just like crime.
The obvious solution is, of course, to lobby ICANN to create a new .spam top level domain for all spammers. Of course, with subdomains like .v1agra.spam, .loans.spam etc.
The company operating the .spam registry would be profitable in nanoseconds, as all spammers rush to register their brand new spam domain.
OT: Let's tax all customers of the dot-spam registry. Simple. Unadorned.
Ah, but then, you see, the government could have a monopoly on email spamming!
We'll have to add *.gov to all rbls.
Oh, you mean something like VeriSlime?
Europeans are already setting up ORSN, because of those monopolistic tendencies.
Q. What's the acceleration of an unladen swallow?
A. -9.81 m/(s^2)
What Darl wants, and I will fight to the end of my days to prevent, is a return to the hugely inefficient days when every Tom, Dick and Harry company could build their own unique, incompatible-with-the-universe, expensive custom OSes.
As long as said companies implemented standard interfaces fully and correctly, why not? The Unix world managed to converge towards a common set of standards and interfaces, and this is very good. I wouldn't mind (much) if my favorite application compiles on Linux, BSD, Solaris, etc... The OS implementation itself is not important, as long as the interface is respected.
BTW, having multiple Unix implementations is beneficial to portability and code quality of the applications too! If you are forced, as a developer, to avoid specific idiosyncracies of a specific OS implementation, you will likely generate better code; code that is maintained more easily.
Having a Linux-only monoculture in the Unix world would not be good either. Everyone who has already tried to port newer apps from Linux to, say, BSD, will have noticed, that developers are often careless, or lazy, about true portability. Fortunately, and thanks to the open source model, a small patch to the developers is generally cheerfully accepted, and takes care of sloppy coding techniques.
I don't see SuSE competing with SCO's UnixWare either. Why would they?
Actually wondering who is still buying SCOs products; with or without competition...
SCO is dying...
thanks to some of our genius legislators, potentially illegal to possess or use.
Let's spam the legislators!
Ah, so slowing down a connection could be illegal? Will mod_throttle be classified as a weapon in the near future? GREAT! Spidering sites would be even faster now!
That is a very good point! I know many people who had been bitten by this a few times in the past. With fast machines, making the world every now and then is not such an obstacle as it used to be some years ago (security by recompiling). But sometimes, especially on colocated machines, applying a libc fix can still be a life-saver!
A german court ruled that people are responsible for the links on their pages. If the link points to an external site with illegal content, the poster of the link could be persecuted for this; especially if they didn't put a disclaimer on their pages.
Funnily, most web authors didn't understand the ruling and started putting stddisclaimer.h on their pages. They thought that this would protect them from persecution, not unlike a talisman or magic spell.
Unfortunately, laws don't work that way: it's not the disclaimer that protects you, it's the intension you had when you posted the link in the first place.
Of course, determining in court what someone's intension is, opens up pandora's box, as everyone might imagine. It's merely a question who has the better lawyer (or PR budget).
This german court ruling applies only to people living there. Unfortunately (or fortunately, depending on your point of view), governments are currently tightening their control over the Net, and judicial rulings are just one way among others to achieve this. Am I the only one who is alarmed by this erosion of our Freedom of Speech rights?
The other reason was SuSE and Mandrake, both European and not from the United States.
SuSE and Mandrake are produced by European vendors, but the software they ship is truly international.
However you're right: a strong selling point in convincing the public sector in EU-land to switch to Linux is that revenues will flow back into the EU rather than outside.
Another important point is that the US are being currently perceived in large parts of Europe, but also in many third world countries as, how should I put it, acting rather strangely w.r.t. human rights and abidance by [intl.] laws. Please don't get me wrong here: this is not my personal opinion, but it is very widespread out there.
The general scepticism against US policy translates in (most often) irrational fears about "spyware." M$ had presumably a record of cooperating with the NSA, helping them install backdoors in M$'s crypto libraries: CCC press release (sorry, only in german). It may be true or not, the result is that people, especially outside the US, feal uneasy about installing software from companies they don't trust, which obey a government they may not always agree with.
China is a good example of this, with their RedLinux. Then again, their government won't even trust "european" distros, so they forked their own project. Then again, why not?
Last but not least, the most important aspect is simply technical excellence, or at least availability. Consider the use of FreeBSD among ISPs worldwide: there is no noticeable difference by region, and we're not afraid to use this system, even if it originated from Berkeley :). For the job at hand, there is simply no alternative; and it's fun to use too. The same about Cisco: We wouldn't dream of using something else in our backbones, just because we could find a small european router manufacturer. There is no reasonable technical alternative out there, and we're happy with our routers as they are.
Patents are public records, and spammers can read too. Since they are routinely breaking the law anyway, they'll grab a copy of ATT's patent, implement it, and use it against us.
How likely are we to be able to nuke 'em once we see them?
Nukes are overrated. They may be strong enough to break a small rock apart, and deflect a slightly larger asteroid, but they would be without noticeable effect on larger rocks. It depends on the size (and consitution) of the asteroid.
Fortunately, really large asteroids are very rare (on Earth's orbit anyway), though not to be ruled out either. Of course, we would have a sufficiently large time frame to try to deflect that one with long-lasting (but low) pressure/acceleration, e.g. emanating from ion accelerators or similar electric propulsion engines.
To see how small the released effective energy of a thermonuclear device is, compare with the energy released by a mere average volcano, or even a big thunderstorm!
Some folks think that painting it is a better solution.
Really? IMHO asymetric painting doesn't bring anything: Asteroids generally rotate around all 3 axes.
Designing Web sites sind 1980!