I'm tempted to agree. I was taught the basics of MS-DOS in school before we got Windows 3.1, and I understand computers better than other members of my family, who've only used Win9x.
I still use command lines, too - I can telnet to the university library catalogue, check my internet connection, and half a dozen other useful things that are either more time-consuming or dumbed down under Windows.
Now, if only I could get some help learning the Linux command line, I'd be set...
My guess is that we end users are going to pay much more than just a dime xtra for those CD medias..:(
My guess is that the only people who'll pay are the ones who the RIAA decides to get mean with. For example, when I buy an album, I burn a copy to use in the car (basically so my expensive CD doesn't get damaged, and it's no great loss if the car is stolen - it's fair use IMHO, since it's not passed to anyone and I'm not ripping the manufacturers off), and scan the cover and track list to make an insert. With this technology I'd be tempted to either pop the track listing *on* the face of the CD (my handwriting is near illegible, worse if I'm using a marker), or to replicate the on-disc logo or art.
CD pirates will have a field day making use of this device. And so will the lawyers...
Reminds me of Rag (meaning "Raise and Give") Week at my old university. For charity, I watched every original Star Trek episode, the six movies, DS9's "Trials and Tribbleations" AND the Animated Series, non-stop.
Star Trek + black coffee + caffiene pills + sleep deprivation = slightly whacked out guy at the end (several days later)...
You think I'm mad, the Drama department staged "Non Stop Shakespeare" - performing all the plays and sonnets, around the clock, for a week!
It can also cause pretty atrocious headaches.
I've had chocolate-covered coffee beans before, and believe me, you do not want to eat more than four or five of those an hour.
If you scarf down a whole bag like they were jelly beans, your head will feel like someone's trying to trepan your skull from the inside. Not even aspirin knocked that on the head, and on top of which my heart rate shot up and I got the shakes for about half an hour.
And that was how I learned that - to paraphrase the late, great Jim Croce - you don't tug on Superman's cape, you don't spit into the wind, you don't tug the mask off the ol' Lone Ranger, and you sure as fuck don't abuse anything made from coffee beans. (I wouldn't even try to eat the unroasted fruit that the "bean" comes from - it's rather like a cherry and is over 25 times more potent)
Five bucks says that the manual is in a language you don't speak, that you're missing at least one panel and a bag of small screws, and that some of the framing members are the wrong size - which would basically make it the NASA version of a flat-pack garden shed...
No idea, sorry; however, I was thinking this technology might eventually enable news avatars like Ananova (or Ray Kurzweil's "Ramona" avatar) to assimilate and rephrase information on the fly, without need for humans to write the stories.
As an English Lit student, this would be a total boon. "Computer, Jane Eyre - ten minute precis, then compile all listed journal articles on issues of gender and class for an essay."
(Not that I'd have the computer write it for me, but given the amount of data I have to wade through, it would be a useful summary tool!).
Well, it being confined to one box is one thing. That it's only affected one of a group of rsync servers is another - I think Debian's had to temporarily take some of their other web services down because different servers were affected. It sounds like the intrusion made less of an impact on Gentoo because of the nature of the box that was cracked.
I was under the impression that Debian were still checking for interference with packages, too - but then, as I don't use Debian, I tend not to check related news too often.
And it was only a small-scale outbreak. 20 affected users. So, maybe no comparisons, but it could've been a lot worse.
Despicable is right.
IMHO, spam is spam whether it's from a legitimate marketer or not - unless I have indicated that I wish to receive information (special offers, order status, terms of service updates) from the sender, whether they're selling books, parts, or e-transaction services.
I also concede that there is a minor loophole, inasmuch as companies with whom I hold an account (e.g. eBay UK, PayPal, Amazon.co.uk) should be free to send certain important mails relating to things like my membership status, or any important and major changes to their ToS.
However, since they're not the sort of companies I'd expect to go through spam houses, I'd understand that if they did contact me without my consent, they'd have a pretty darn good reason.
How long til some IronPort customer dies from popping bootleg Viagra, or is fleeced out of his savings by a bunch of Nigerians pulling a 419? Some of those people will be clueless, and will think that because it's come through the spam filter, it must be legitimate...
Jailarity ensu-- no, wait, that would be for a Fark story:-P
LOL - would've been nice if the guy was a white hat and did that. An OpenSource distro group might've let him get away with it and said "Thanks!", but I seem to recall that a few people who've hit the headlines in recent months for exposing vulnerabilities in proprietary software have actually ended up on the wrong end of legal action for computer crime, DMCA violations etc.
A shame so few people appreciate white hats. I know I'd be grateful if a.txt file appeared on my workspace that said "Dude, you've left a port open that people can use to get into your machine - here's how you close it".
Good call on the M$ vulnerabilities point, I'd honestly forgotten about that. IIRC, there are cracking/intrusion kits and virus kits to attack Windows machines, that the cracker must run as a Windows.exe file.
I never thought that the cracker was a *supporter* of OpenSource operating systems, but a user - he'd've had to get the knowledge from somewhere. I guess the rational bit of me says "Isn't that kind of crack like shooting yourself in the foot?", but then again - as the script kiddies prove - it's hardly a rational act.
Thanks for the input, it's always good to get replies from folks like yourself who have an interesting point of view or a better knowledge of the issues than I do.
Yeah, I noticed that, but the fact it was a remote exploit and the cracker installed a rootkit immediately made me think *nix-based OS.
However, as I keep reminding people,/me != g33k - I dunno if it's possible to do the same on other server OSs... I just picked up the thought because other articles on compromised *nix servers have mentioned rootkits.
Anyone more technical than me care to step in and provide "Just the facts, Ma'am."? [/joefriday];-)
... they DO have records of what was done and were able to isolate it pretty quickly. IMHO, that's probably saved them a lot of trouble.
Whether it's because the cracker was sloppy or inexperienced, or because the Gentoo team have good server security, I can't say - but it seems they were pretty lucky compared to Debian.
What baffles me is why crackers go after targets like this. I can understand anticapitalist stuff, but my intuition says someone trying to crack a *nix server and damage a distro must have detailed knowledge of *nix systems - and is therefore likely a user of an OpenSource operating system.
Is that guess a little too far off base? If so, what's your take?
You know, I think Mr. Shuttleworth has the right idea. Why? Well, the OpenSource community does include a few businesses, but my impression is that it's largely hobbyists.
Let me bring a comparison into play. On most CGI forums (I mean 3D CGI, not CGI scripting), a lot of people post requests for custom designs or images - for example, Star Trek fans with play by email RPGs, or fan clubs who want a poster image of their favourite ship. Some of the guys on these BBSs who do the 3D work produce stuff that's as good as you'd get from, say, Blue Sky, EdenFX, or the sadly departed Foundation Imaging - and they get people asking them to share it for free.
One artist of my acquaintance modelled interiors, and got so sick of people asking for freebies, he started charging $50 per "set". For that you got a few renders and the model he'd built for you (I think he had license terms). He had to do some work, but by the time he was building these rooms-to-order (mostly Star Trek-style bridge decks), he had a big stock of objects and textures - so he'd make a few bucks for a couple of hours' extra work, and the RPG owner (or whoever) would get what they wanted without having to invest in pro-quality CGI software, plus the time of learning it, plus... yadda yadda yadda.
Now, back to the OpenSource community. Same deal applies. Most OS developers are volunteers or hobbyists, I think; so they're giving up their time for free, for everyone else. What's wrong with giving them a financial incentive? Another poster in this thread offered $50 to solve a bug that's bothering him, and that's marvellous - $50 isn't a lot of money to most people, so while it may be a token offer, it makes a very nice gesture of appreciation for work done.
Mr. Shuttleworth is doing a great thing by offering financial backing to sort out things he'd like to see done. I admit, I'd like to see more financial incentives to general projects or targets, rather than such specific bugs and requests (maybe a donation to the Mozilla Foundation, or a favourite developer, or offering to help fund a particular distro or application), but the right steps are being taken.
In other words... it's laudable and it's a start. Let's hope the impetus grows from here.
Reminds me about a joke about computer-illiterate people that started doing the rounds when British libraries began to introduce cheap (later free) internet access:
Customer: Excuse me, do you have the Internet here? Librarian: Yes, sir - the computer suite is over there, I'll be along to help you in a moment. Customer: Oh, I didn't want to use a computer. Do you have it in book form?
Sounds rather like it could be a PHB or BOFH situation here... lusers, anyone?
(Then again, for several years you've been able to get a map of the internet...)
What's next - Online! - The Rock Opera, written by Pete Townshend and Bill Gates?
Ever since I was a young boy, I've been a techie geek,
From dial-up BBSs, to broadband fast and sleek,
Downloading Linux.isos, md5sums and all,
Though I find books for dummies, a real-pain-in-the-b@lls...
(Sung to the tune of "Pinball Wizard")
SF author Cory Doctorow made a similar point in a story/. posted some considerable time ago - it's called 0wnz0red.
Doctorow's story calls it "Honorable Computing", and perhaps stretches the capabilities a little further (writer's hyperbole?), but in essence what he's talking about is DRM and piracy:
"Got it: so if the OS and the CPU and so on are all 'Honorable'" -- Liam described quote-marks with his index fingers -- "then you can be sure that the execution environment is what the software expects it to be, that it's not a brain in a vat. Hollywood movies are safe from Napsterization."
Not 100% on-topic, to be sure, but I like Doctorow's story a hell of a lot better than Microsoft's. Go read it, and see where the future might be headed!
Re:Forced password changes
on
Real Security?
·
· Score: 1
9 times out of 10 the password was written on a sheet of paper in the drawer.
Y'know, I have to wonder if these people are copying clueless movie characters. Remember how Matthew Broderick found the school computer password in War Games?
I tried using dictation software once, but dropped it very quickly for a similar reason. My voice would become "unreadable" after long work periods, when tired, when sick... I decided it was actually easier to type and not have to put up with errors caused by my flatmate's incessant Ibiza-style dance music (which I can hear - through the wall! - almost as well as the stereo on my desk).
Anyone remember that bit in Sneakers where they tape the guy's voice and accidentally play it back too fast?;-)
Actually, if I was going to digitially reproduce a voice, I'd use minidisc. The only portable tape recorder I have is a low quality dictaphone that sounds atrocious. Probably wouldn't fool voice-recognition biometrics. My new minidisc recorder has much better fidelity...
(No, I'm not planning to use it for that.)
Re:Forced password changes
on
Real Security?
·
· Score: 1
My university forces a change every 30 days for your network password, as did the Inland Revenue when I worked there about 18 months ago.
The university won't let you use the same password twice, ever. So I have a 4-character code that I use in all my passwords, plus a short digit string, plus another character set I use in all my passwords. The short digit string is memorable, can be changed monthly, and will never recur in my time here; in a permanent password, I use another memorable alphanumeric instead. (And no, that's not the order they're in)
The Inland Revenue let you reuse passwords, but you could only use any given password once per quarter, so during my tenure there I used my Star Trek geek knowledge and used three starship registry numbers on a rotating basis.
I do agree about the sticky-notes problem - people left them on monitors; under phones, keyboards and mousepads; and even under a pad in their desk drawer at the Inland Revenue. There's sense in making systems more secure, but IMHO you need to focus on changing external access passwords with frequency if that's your main worry, and internal users' passwords can be made better by making them permanent or semi-permanent (maybe lasting for 6 or 12 months).
Along similar lines, the Inland Revenue used to use individual keycards. You couldn't log in without it, and your password and username would only work with your card, so unless you were very unlucky or careless and managed to lose the card to someone who knew both details, the system was pretty secure.
Biometrics aren't the best idea - you compromise a biometric record and it stays compromised, as far as I heard. But the keycard idea seems sound - if you lose it, just report it lost and its unique ID is killed forever. Then you just need a new username, password and keycard.
As for the university, their system seems kinda annoying and paranoid to me - I'm sure they have a reason, though.
Does anyone else think that simple stuff like the keycard system works better than a million layers of biometrics and passwords? In theory, the keycard can be coded - either on its own magstrip or via a db entry with its unique ID number - to record what you can and can't access, as well as enabling logons. Better than 4 different usernames and passwords that change regularly, right?
"A company that will go to the ends of the earth for its employees... ... will go to India to find someone who'll work for 10% of your salary."
Not that Indian workers aren't talented - but like the recent outsourcing of UK call-centre work to places like Delhi demonstrates, the companies would rather hire you if you're talented and cheap.
Slashdot Mirror
I'm tempted to agree. I was taught the basics of MS-DOS in school before we got Windows 3.1, and I understand computers better than other members of my family, who've only used Win9x.
I still use command lines, too - I can telnet to the university library catalogue, check my internet connection, and half a dozen other useful things that are either more time-consuming or dumbed down under Windows.
Now, if only I could get some help learning the Linux command line, I'd be set...
My guess is that we end users are going to pay much more than just a dime xtra for those CD medias.. :(
My guess is that the only people who'll pay are the ones who the RIAA decides to get mean with. For example, when I buy an album, I burn a copy to use in the car (basically so my expensive CD doesn't get damaged, and it's no great loss if the car is stolen - it's fair use IMHO, since it's not passed to anyone and I'm not ripping the manufacturers off), and scan the cover and track list to make an insert. With this technology I'd be tempted to either pop the track listing *on* the face of the CD (my handwriting is near illegible, worse if I'm using a marker), or to replicate the on-disc logo or art.
CD pirates will have a field day making use of this device. And so will the lawyers...
Bounced off the walls, huh?
*sings* Oh, the wonderful thing about Tiggers, is Tiggers are wonderful things...
Reminds me of Rag (meaning "Raise and Give") Week at my old university. For charity, I watched every original Star Trek episode, the six movies, DS9's "Trials and Tribbleations" AND the Animated Series, non-stop.
Star Trek + black coffee + caffiene pills + sleep deprivation = slightly whacked out guy at the end (several days later)...
You think I'm mad, the Drama department staged "Non Stop Shakespeare" - performing all the plays and sonnets, around the clock, for a week!
It can also cause pretty atrocious headaches. I've had chocolate-covered coffee beans before, and believe me, you do not want to eat more than four or five of those an hour. If you scarf down a whole bag like they were jelly beans, your head will feel like someone's trying to trepan your skull from the inside. Not even aspirin knocked that on the head, and on top of which my heart rate shot up and I got the shakes for about half an hour.
And that was how I learned that - to paraphrase the late, great Jim Croce - you don't tug on Superman's cape, you don't spit into the wind, you don't tug the mask off the ol' Lone Ranger, and you sure as fuck don't abuse anything made from coffee beans. (I wouldn't even try to eat the unroasted fruit that the "bean" comes from - it's rather like a cherry and is over 25 times more potent)
In Soviet Russia, the box set owns you!
Waitasec... you forgot the roll of duct tape and the Swiss Army knife, and then you could pretend you're MacGyver!
Five bucks says that the manual is in a language you don't speak, that you're missing at least one panel and a bag of small screws, and that some of the framing members are the wrong size - which would basically make it the NASA version of a flat-pack garden shed...
Which then begs the question...
Can it mix a Pan Galactic Gargle Blaster, and if so, does it know where you should go to rehabilitate afterwards?
No idea, sorry; however, I was thinking this technology might eventually enable news avatars like Ananova (or Ray Kurzweil's "Ramona" avatar) to assimilate and rephrase information on the fly, without need for humans to write the stories.
As an English Lit student, this would be a total boon. "Computer, Jane Eyre - ten minute precis, then compile all listed journal articles on issues of gender and class for an essay."
(Not that I'd have the computer write it for me, but given the amount of data I have to wade through, it would be a useful summary tool!).
Well, it being confined to one box is one thing. That it's only affected one of a group of rsync servers is another - I think Debian's had to temporarily take some of their other web services down because different servers were affected. It sounds like the intrusion made less of an impact on Gentoo because of the nature of the box that was cracked.
I was under the impression that Debian were still checking for interference with packages, too - but then, as I don't use Debian, I tend not to check related news too often.
And it was only a small-scale outbreak. 20 affected users. So, maybe no comparisons, but it could've been a lot worse.
Despicable is right.
IMHO, spam is spam whether it's from a legitimate marketer or not - unless I have indicated that I wish to receive information (special offers, order status, terms of service updates) from the sender, whether they're selling books, parts, or e-transaction services.
I also concede that there is a minor loophole, inasmuch as companies with whom I hold an account (e.g. eBay UK, PayPal, Amazon.co.uk) should be free to send certain important mails relating to things like my membership status, or any important and major changes to their ToS.
However, since they're not the sort of companies I'd expect to go through spam houses, I'd understand that if they did contact me without my consent, they'd have a pretty darn good reason.
How long til some IronPort customer dies from popping bootleg Viagra, or is fleeced out of his savings by a bunch of Nigerians pulling a 419? Some of those people will be clueless, and will think that because it's come through the spam filter, it must be legitimate...
Jailarity ensu-- no, wait, that would be for a Fark story :-P
LOL - would've been nice if the guy was a white hat and did that. An OpenSource distro group might've let him get away with it and said "Thanks!", but I seem to recall that a few people who've hit the headlines in recent months for exposing vulnerabilities in proprietary software have actually ended up on the wrong end of legal action for computer crime, DMCA violations etc. .txt file appeared on my workspace that said "Dude, you've left a port open that people can use to get into your machine - here's how you close it".
A shame so few people appreciate white hats. I know I'd be grateful if a
Good call on the M$ vulnerabilities point, I'd honestly forgotten about that. IIRC, there are cracking/intrusion kits and virus kits to attack Windows machines, that the cracker must run as a Windows .exe file.
I never thought that the cracker was a *supporter* of OpenSource operating systems, but a user - he'd've had to get the knowledge from somewhere. I guess the rational bit of me says "Isn't that kind of crack like shooting yourself in the foot?", but then again - as the script kiddies prove - it's hardly a rational act.
Thanks for the input, it's always good to get replies from folks like yourself who have an interesting point of view or a better knowledge of the issues than I do.
Yeah, I noticed that, but the fact it was a remote exploit and the cracker installed a rootkit immediately made me think *nix-based OS. /me != g33k - I dunno if it's possible to do the same on other server OSs... I just picked up the thought because other articles on compromised *nix servers have mentioned rootkits. ;-)
However, as I keep reminding people,
Anyone more technical than me care to step in and provide "Just the facts, Ma'am."? [/joefriday]
... they DO have records of what was done and were able to isolate it pretty quickly. IMHO, that's probably saved them a lot of trouble.
Whether it's because the cracker was sloppy or inexperienced, or because the Gentoo team have good server security, I can't say - but it seems they were pretty lucky compared to Debian.
What baffles me is why crackers go after targets like this. I can understand anticapitalist stuff, but my intuition says someone trying to crack a *nix server and damage a distro must have detailed knowledge of *nix systems - and is therefore likely a user of an OpenSource operating system.
Is that guess a little too far off base? If so, what's your take?
You know, I think Mr. Shuttleworth has the right idea. Why? Well, the OpenSource community does include a few businesses, but my impression is that it's largely hobbyists.
Let me bring a comparison into play. On most CGI forums (I mean 3D CGI, not CGI scripting), a lot of people post requests for custom designs or images - for example, Star Trek fans with play by email RPGs, or fan clubs who want a poster image of their favourite ship. Some of the guys on these BBSs who do the 3D work produce stuff that's as good as you'd get from, say, Blue Sky, EdenFX, or the sadly departed Foundation Imaging - and they get people asking them to share it for free.
One artist of my acquaintance modelled interiors, and got so sick of people asking for freebies, he started charging $50 per "set". For that you got a few renders and the model he'd built for you (I think he had license terms). He had to do some work, but by the time he was building these rooms-to-order (mostly Star Trek-style bridge decks), he had a big stock of objects and textures - so he'd make a few bucks for a couple of hours' extra work, and the RPG owner (or whoever) would get what they wanted without having to invest in pro-quality CGI software, plus the time of learning it, plus... yadda yadda yadda.
Now, back to the OpenSource community. Same deal applies. Most OS developers are volunteers or hobbyists, I think; so they're giving up their time for free, for everyone else. What's wrong with giving them a financial incentive? Another poster in this thread offered $50 to solve a bug that's bothering him, and that's marvellous - $50 isn't a lot of money to most people, so while it may be a token offer, it makes a very nice gesture of appreciation for work done.
Mr. Shuttleworth is doing a great thing by offering financial backing to sort out things he'd like to see done. I admit, I'd like to see more financial incentives to general projects or targets, rather than such specific bugs and requests (maybe a donation to the Mozilla Foundation, or a favourite developer, or offering to help fund a particular distro or application), but the right steps are being taken.
In other words... it's laudable and it's a start. Let's hope the impetus grows from here.
Reminds me about a joke about computer-illiterate people that started doing the rounds when British libraries began to introduce cheap (later free) internet access:
Sounds rather like it could be a PHB or BOFH situation here... lusers, anyone?(Then again, for several years you've been able to get a map of the internet...)
What's next - Online! - The Rock Opera, written by Pete Townshend and Bill Gates?
Doctorow's story calls it "Honorable Computing", and perhaps stretches the capabilities a little further (writer's hyperbole?), but in essence what he's talking about is DRM and piracy: Not 100% on-topic, to be sure, but I like Doctorow's story a hell of a lot better than Microsoft's. Go read it, and see where the future might be headed!
The link above appears to be to /.
Here is the article on the IT Manager's Journal site.
... either that or the goatse guy.
9 times out of 10 the password was written on a sheet of paper in the drawer.
Y'know, I have to wonder if these people are copying clueless movie characters. Remember how Matthew Broderick found the school computer password in War Games ?
I tried using dictation software once, but dropped it very quickly for a similar reason. My voice would become "unreadable" after long work periods, when tired, when sick... I decided it was actually easier to type and not have to put up with errors caused by my flatmate's incessant Ibiza-style dance music (which I can hear - through the wall! - almost as well as the stereo on my desk). ;-)
Anyone remember that bit in Sneakers where they tape the guy's voice and accidentally play it back too fast?
Actually, if I was going to digitially reproduce a voice, I'd use minidisc. The only portable tape recorder I have is a low quality dictaphone that sounds atrocious. Probably wouldn't fool voice-recognition biometrics. My new minidisc recorder has much better fidelity...
(No, I'm not planning to use it for that.)
My university forces a change every 30 days for your network password, as did the Inland Revenue when I worked there about 18 months ago.
The university won't let you use the same password twice, ever. So I have a 4-character code that I use in all my passwords, plus a short digit string, plus another character set I use in all my passwords. The short digit string is memorable, can be changed monthly, and will never recur in my time here; in a permanent password, I use another memorable alphanumeric instead. (And no, that's not the order they're in)
The Inland Revenue let you reuse passwords, but you could only use any given password once per quarter, so during my tenure there I used my Star Trek geek knowledge and used three starship registry numbers on a rotating basis.
I do agree about the sticky-notes problem - people left them on monitors; under phones, keyboards and mousepads; and even under a pad in their desk drawer at the Inland Revenue. There's sense in making systems more secure, but IMHO you need to focus on changing external access passwords with frequency if that's your main worry, and internal users' passwords can be made better by making them permanent or semi-permanent (maybe lasting for 6 or 12 months).
Along similar lines, the Inland Revenue used to use individual keycards. You couldn't log in without it, and your password and username would only work with your card, so unless you were very unlucky or careless and managed to lose the card to someone who knew both details, the system was pretty secure.
Biometrics aren't the best idea - you compromise a biometric record and it stays compromised, as far as I heard. But the keycard idea seems sound - if you lose it, just report it lost and its unique ID is killed forever. Then you just need a new username, password and keycard.
As for the university, their system seems kinda annoying and paranoid to me - I'm sure they have a reason, though.
Does anyone else think that simple stuff like the keycard system works better than a million layers of biometrics and passwords? In theory, the keycard can be coded - either on its own magstrip or via a db entry with its unique ID number - to record what you can and can't access, as well as enabling logons. Better than 4 different usernames and passwords that change regularly, right?
It's like the poster says, bub:
Not that Indian workers aren't talented - but like the recent outsourcing of UK call-centre work to places like Delhi demonstrates, the companies would rather hire you if you're talented and cheap.