I can see this happening in business. One business buys their services off another. For all the hype (expect to see more) this seems more an evolution than a revolution. We buy networking services and trust the telco to keep our frame relay doing what it's meant to be doing. We hire a layers and accountants and outsource our IT departments. This seems the next logical step. If someone else can take care of all the mechanics of our business why let them take care of the software too? Let us get on with the actual -doing- business. But there are always going to be desktops and local apps. APS is only going to work if you're business is very clearly defined - you know what you do and you know what you want. There are also certain tasks that pretty much every business does and it makes sence there too. I can't see this takeing off for regular home uses. Not becuase it doesn't make sence - for some things it does. Just the reistance to it will be too strong. People like things they can control and things they can own. I'd have to trust Ituit and -awful- lot before I want to put my finacial life out of my control and into theirs. There seems to be alot of talk of this being 'the next big thing' but I can't see it being more than 'another thing.' There will be good APS's and bad APS's and big APS's and little APS's. There might be some money for the big movers and first movers but for the rest of us it'll just be buisness. As a side note - if you want to see how low key APS really is visit the ASP industrial constoriums homepage at www.apsindustry.org. Very low key, ho-hum how's your father web page. And this is meant to be the 'front man' of the new wave?:)
ARGH! It's enough to make you wanna scream. Right now we're on the cusp of referendum to become a republic. The big point of contention is the method for electing the president. The proposal before us has the parliment electing the president and the prime mister being able to dismiss the president more or less on a whim. Sounds grand doens't it? Damn it though if one more talking head says "if you can't trust your politicians who can you trust" I'm gonna go balistic. Seems to me anyone with an ounce of good sence knows people in power can't be trust. Period. This latest insult is just more salt in the in the wound. Hoo-fucking-rah. End Rant.:)
I'm way impressed! I'm reading through the article and thinking "yeah.. neat. Some bods have got themselves a cute research project. Ho-hum" Then I got to the part about 200 slugs per square meter. Damn! All of a sudden it dawns on me this is a 'real' thing. I dunno but doens't that just thrill you? People thinking way outside the box and acutally getting some where with it? Okay, they're not there yet. But can you imagine a field with 3 or 4 of these things in it? Set and forget pest control. Hhehe... although I do kinda have visions of war of the worlds in miniture and slow motion.:)
We'll be in trouble long before the year 3000. The whole sliding solution only buys us a decade or two. At some point we'll slide out of our window and be broken again. It's a bit of a worry as there isn't going to be a big milestone for us to focus on.. just lots of things breaking in dribs and drabs. All our unix boxes breaking at LONG_MAX should be making itself felt at about the same time. If we make it to 2050 we should be good to go for another couple of millenia. Well.. assuming we don't impliment -another- stopgap fix like sliding windows.
Intersting that the survey treats C as sepreate entities. I mean, I know they are technically but how many programmers are exclusivly one or the other. In terms of the survey this wouldn't have changed the result first question but when asked thier second favorite how many who had chose C as their favourite chose C++ as their second favortite or vise versa. Would java show as being more popular other wise. I'm not syaing there's a hidden agenda - just it pays to be suspicious. Especially when we don't have the study just the review.
Yes - this is distrubing. No - this is not unique. The net is become more and more like the outside world. The idea of advertising corps surupticiously tracking my movements across the net really gets my hackles up. But should it? Or rather, if this does then shouldn't an awful lot of other things too? My credit card company knows all the shops I got to too. Yet somehow I tend not to think about this. Prehaps it's because we're used to thinking of the net, conciously or not, as a refuge from the more sordid elements of a world ruled by multi-nationals. But now the pendulum swings the other way. The same things, the same technologies, that let us (individuals) get a leg up, help out the corps even more. I have to acutally get a credit card before they can track me. But now I can be tracked, not from my purchases, but just from window shopping. And just as we got a head start online over the commerical world, commererce has a head start over the legal world. The protections afforded me in the 'real world' are minimal enough. What can I hope for in an environment that crossed countless borders and exists almost exclusivly in the abstract. The upshot of it all? Same ol' same ol'. It's not 'right', and it's not 'fair', and we shouldn't have to like it or lump it - but we're not doing ourselves any favours thinking of this as net specific thing. My 2c worth of ramblings.:)
Why can't transaction filtering work? The credit card companies already have to be (more or less) aware of all the relevent laws in order to do normal business. If the casino was a bricks and mortar establishment in California I'm sure VISA wouldn't be able to plead ignorance there. (Ignorance not generally being a defence anyway.) All the transactions are electronic so how hard can it be to red flag certain customer/merchant match ups based on location and catagory. You can be sure they do this already for marketing and customer profiling. That said I don't think it's really likely. It would be much easier for VISA to put the onus (sp?) on the customers - illegal use would be against the cards conditions of use. Lieing about what you were using it for would be defrauding the company and you'd be stuffed.
At least with VISA deciding not to contest this in court we don't run the risk of a dangerous precident being set. It could really be quite damaging for online commerce in general if she won her case. I wonder what sort of dollar value online merchants are worth to VISA; how big do they have to get hit before they begin to think it's not a good risk. Specifically, does the online gambling organisation still have their VISA merchants account? Personally I think the law is fair enough. It seems to be in the same vain as it being illegal to sell alchole to someone who is already intoxicated. But in a bar the customer and the trader are under the same laws - not easy to make sure you're compliant when you don't know what laws might apply - especially if you're a third party (VISA) and you get to add another level of abstraction. More questions than answers here - I imagine we'll be seeing more issues like this in the near future. It'll be interesting to see what the courts say when they do get to rule on the matter. AdamT.
"Just because you spoof an ip for the return ping to go doesnt mean that he cant find out where the actual 'inducement' ping really came from." Actually that is exactly what it means. There is very little information in an ICMP ping. There the IP header which basically conists of the target address (a broadcast address for smurf) and the source address (spoofed) and a flag to say "this packet is an icmp message" and some bits and pieces like TTL and TOS. That's the IP header - wrapped up in that is the ICMP header. It just contains flags to say "I am a Ping message" and a check sum and a few more mechanical bits and peices. Inside the ICMP header is the payload and it's arbitrary - anything we want just make it big so the target dies. (But not too big or else we'll get filtered out.) No where in there is there even the slightest trace of the true source of the packet. The only way to track down a smurf'er is by working your way backup the route and finding out at each step what the next hop is. This is a complicated process requiring the co-operation of many admins across many networks and ussually can only be done while the attack is in progress. Some smurf attacks have been known to go on for hours and hours so this can happen - but as I am sure you can imagine, not very often. This is the main reason why smurfing remains such a popular peice of mischief amongst the script kiddes and such a pain for the rest of us - even though it's been public for over 2 years. (Thankfully not too many exploits survive that long in the wild.) The best chance for catching someone doing this is for their ISP to notice the packet as it goes out. But - if the ISP had a clue in they wouldn't be routing packets with a non-local source address out onto the internet in the first place.
"Smurf attack came from an @Home user. I have his IP address..." Correct me if I'm wrong but... the IP address of a smurfed packet show the targets IP address rather than the attackers. Bad Person A sends an ICMP Ping packet to an broadcast address with the packets source address spoofed to look like it came from victem B. So all the (broken/misconfigured) hosts on the network respond to the broadcast ping and send their reply to the victem. A sends 1 packet, B gets (up to) 254 packets and dies. Just worries me that some (possibly) innocent user is now going to get hasseled becasuse Dvorak put the hard word on @Home (and maybe @Home listened to save embarasment on Dvorak's website.) Actually I doubt it would really come to that in this case but it's a distrubing notion. Yes crackers/script kiddies are bad. But theres no TurnKey solution to them like BlackICE(what ever that is). If you don't know what your security monitor is telling or what to about it you're no better off. Maybe worse of for thinking yourself safe when you're not.
It is their source - they can't get back what is already "out there" but they can do what they like to anything new. Acutally, their license is a bit {unique,wierd} in that it lets it be distributed as "Open Source" or as binary only - but it stipulates that binary only distributions must be freeware. All the other restrictions are more BSD than GPL. AdamT (IANAL)
No - we want them to do their real work and not fuck up their system. Actually in practice the egnineer and programmers install what ever the hell they want and very rarely (relativly speaking) call for support. Even the most technical company has alot of non technical auxcilary staff.
When you're supporting hundreds of desktops you don't want them installing -any- unathorised software. You setup an SOE and you want your users sticking to it. IE5 and Win98 are just as forbidden as Mozilla and Linux. But when you're the people who have to do the supporting it's the best tool for the job. Perl, gcc, fvwm, linux, *bsd, apache, ssh, samba, squid - if open source provides the goods we use them. The tools OSS provides for admins are just too good and too numerious to ignore. Actually we don't have a (strict) policy against installing unsupported software (unlicensed software is another matter) but if your machine needs work done the first thing we'll do is reinstall the SOE.
It's not as if BSOD is an offical technical term or anything (although MS do use it from time to time.) Like all language it means what the people who use it think (and understand) it to mean. The screen goes blue, the windows dies - it's a BSOD.
"So, given that(uncompressed) the source tree takes up 73Megs" I think you must have done your 'du' after a build. (mine came out to be about the same). Out of the box the kernel source is closer to 60M's. AdamT
This is a two way flow. We (the community) do get cash back - but we do get a bunch of stuff we would not have otherwise. With out the RedHat's we would such a high profile. We wouldn't have hardware vendors coming on board. We wouldn't be able to get our 'toy OS' through the door at work. Have a commercial presence really helps us out alot. More importantly - we're the senior partner in this sybiosis. They can't kill us, we don't -need- them, but with out us they've got nadda. OSS walks quietly but carries a big stick - the GPL means this stuff is ours and will stay ours regardless of who's putting their logo on the shrink wrapped boxes.
I can't know your circumstances but you sound exactly like any number of the know-enough-to-be-dangerous types. Not only is your request probably a waste of time - the fact your asking it probably is too. Most IT sorts are policy makers they just impliment it. You want someting out of scope you need to talk to their manager. To you its "just one little thing" - to the techs it's "-another- bloody thing".
I can't wait. I'll be there in line at the store for this one for sure. To my mind descent is -the- game to have. 6 degrees of freedom rock! Small detour into Descent freespace that was no fun - where was the sliding damn it!? I'm delighted to finally have descent for linux. Head to head descent is the only thing that keeps the windows partition on my machine alive. Time to vote with my wallet.
Have you ever seen a mouse in a cockpit? Just a stick and buttons. Joystick and keyboard are the -only- way to play descent. Well.. maybe rudder peddles.:)
"First, I cringe with every misquote. My friends and I can't go 10 minutes without some obscure Python-ism (Ditto for Star Wars tho). So I darn all thee misquoters to heck (unless it's actually applied in satirical context)" It's like spelling - the spirit is more important then that technical specifics. Even Monty Python don't do the same skit with the same words every time. Compare a skit from the flying circus show, to its retelling on the stage, to its retelling on the stage, to its retelling on their various albums. There are lines changed, names changed, whole jokes dropped and new ones added in. As long as it's funny it isn't worth getting stressed about the words. Now - the inflection, that's other story entirely....:) AdamT
"It didn't take long for the open source community's propaganda machine to swing into action, known as the "Slashdot Effect" after the community's favored news site"
LOL - they make us sound so... so organised. Maybe that'll prove the open source community doens't need a board of directors and a CEO to get things done.:) I for one am terribly amused... AdamT
Slashdot Mirror
I can see this happening in business. One business buys their services off another. For all the hype (expect to see more) this seems more an evolution than a revolution. We buy networking services and trust the telco to keep our frame relay doing what it's meant to be doing. We hire a layers and accountants and outsource our IT departments. This seems the next logical step. If someone else can take care of all the mechanics of our business why let them take care of the software too? Let us get on with the actual -doing- business. But there are always going to be desktops and local apps. APS is only going to work if you're business is very clearly defined - you know what you do and you know what you want. There are also certain tasks that pretty much every business does and it makes sence there too. :)
I can't see this takeing off for regular home uses. Not becuase it doesn't make sence - for some things it does. Just the reistance to it will be too strong. People like things they can control and things they can own. I'd have to trust Ituit and -awful- lot before I want to put my finacial life out of my control and into theirs.
There seems to be alot of talk of this being 'the next big thing' but I can't see it being more than 'another thing.' There will be good APS's and bad APS's and big APS's and little APS's. There might be some money for the big movers and first movers but for the rest of us it'll just be buisness.
As a side note - if you want to see how low key APS really is visit the ASP industrial constoriums homepage at www.apsindustry.org. Very low key, ho-hum how's your father web page. And this is meant to be the 'front man' of the new wave?
From the source: http://www.zdnet.com/pcmag/stories/reviews/0,6755, 2348942,00.html
ARGH! It's enough to make you wanna scream. :)
Right now we're on the cusp of referendum to become a republic. The big point of contention is the method for electing the president. The proposal before us has the parliment electing the president and the prime mister being able to dismiss the president more or less on a whim.
Sounds grand doens't it? Damn it though if one more talking head says "if you can't trust your politicians who can you trust" I'm gonna go balistic. Seems to me anyone with an ounce of good sence knows people in power can't be trust. Period.
This latest insult is just more salt in the in the wound. Hoo-fucking-rah.
End Rant.
I'm way impressed! I'm reading through the article and thinking "yeah.. neat. Some bods have got themselves a cute research project. Ho-hum" Then I got to the part about 200 slugs per square meter. Damn! All of a sudden it dawns on me this is a 'real' thing. :)
I dunno but doens't that just thrill you? People thinking way outside the box and acutally getting some where with it? Okay, they're not there yet. But can you imagine a field with 3 or 4 of these things in it? Set and forget pest control. Hhehe... although I do kinda have visions of war of the worlds in miniture and slow motion.
We'll be in trouble long before the year 3000. The whole sliding solution only buys us a decade or two. At some point we'll slide out of our window and be broken again. It's a bit of a worry as there isn't going to be a big milestone for us to focus on.. just lots of things breaking in dribs and drabs. All our unix boxes breaking at LONG_MAX should be making itself felt at about the same time. If we make it to 2050 we should be good to go for another couple of millenia. Well.. assuming we don't impliment -another- stopgap fix like sliding windows.
Intersting that the survey treats C as sepreate entities. I mean, I know they are technically but how many programmers are exclusivly one or the other. In terms of the survey this wouldn't have changed the result first question but when asked thier second favorite how many who had chose C as their favourite chose C++ as their second favortite or vise versa. Would java show as being more popular other wise. I'm not syaing there's a hidden agenda - just it pays to be suspicious. Especially when we don't have the study just the review.
Yes - this is distrubing. No - this is not unique. :)
The net is become more and more like the outside world. The idea of advertising corps surupticiously tracking my movements across the net really gets my hackles up. But should it? Or rather, if this does then shouldn't an awful lot of other things too? My credit card company knows all the shops I got to too. Yet somehow I tend not to think about this.
Prehaps it's because we're used to thinking of the net, conciously or not, as a refuge from the more sordid elements of a world ruled by multi-nationals.
But now the pendulum swings the other way. The same things, the same technologies, that let us (individuals) get a leg up, help out the corps even more. I have to acutally get a credit card before they can track me. But now I can be tracked, not from my purchases, but just from window shopping. And just as we got a head start online over the commerical world, commererce has a head start over the legal world. The protections afforded me in the 'real world' are minimal enough. What can I hope for in an environment that crossed countless borders and exists almost exclusivly in the abstract.
The upshot of it all? Same ol' same ol'. It's not 'right', and it's not 'fair', and we shouldn't have to like it or lump it - but we're not doing ourselves any favours thinking of this as net specific thing.
My 2c worth of ramblings.
Why can't transaction filtering work? The credit card companies already have to be (more or less) aware of all the relevent laws in order to do normal business. If the casino was a bricks and mortar establishment in California I'm sure VISA wouldn't be able to plead ignorance there. (Ignorance not generally being a defence anyway.)
All the transactions are electronic so how hard can it be to red flag certain customer/merchant match ups based on location and catagory. You can be sure they do this already for marketing and customer profiling. That said I don't think it's really likely. It would be much easier for VISA to put the onus (sp?) on the customers - illegal use would be against the cards conditions of use. Lieing about what you were using it for would be defrauding the company and you'd be stuffed.
At least with VISA deciding not to contest this in court we don't run the risk of a dangerous precident being set. It could really be quite damaging for online commerce in general if she won her case. I wonder what sort of dollar value online merchants are worth to VISA; how big do they have to get hit before they begin to think it's not a good risk. Specifically, does the online gambling organisation still have their VISA merchants account?
Personally I think the law is fair enough. It seems to be in the same vain as it being illegal to sell alchole to someone who is already intoxicated. But in a bar the customer and the trader are under the same laws - not easy to make sure you're compliant when you don't know what laws might apply - especially if you're a third party (VISA) and you get to add another level of abstraction.
More questions than answers here - I imagine we'll be seeing more issues like this in the near future. It'll be interesting to see what the courts say when they do get to rule on the matter.
AdamT.
"Just because you spoof an ip for the return ping to go doesnt mean that he cant find out where the actual 'inducement' ping really came from."
Actually that is exactly what it means. There is very little information in an ICMP ping. There the IP header which basically conists of the target address (a broadcast address for smurf) and the source address (spoofed) and a flag to say "this packet is an icmp message" and some bits and pieces like TTL and TOS. That's the IP header - wrapped up in that is the ICMP header. It just contains flags to say "I am a Ping message" and a check sum and a few more mechanical bits and peices. Inside the ICMP header is the payload and it's arbitrary - anything we want just make it big so the target dies. (But not too big or else we'll get filtered out.) No where in there is there even the slightest trace of the true source of the packet. The only way to track down a smurf'er is by working your way backup the route and finding out at each step what the next hop is. This is a complicated process requiring the co-operation of many admins across many networks and ussually can only be done while the attack is
in progress. Some smurf attacks have been known to go on for hours and hours so this can happen - but as I am sure you can imagine, not very often. This is the main reason why smurfing remains such a popular peice of mischief amongst the script kiddes and such a pain for the rest of us - even though it's been public for over 2 years. (Thankfully not too many exploits survive that long in the wild.) The best chance for catching someone doing this is for their ISP to notice the packet as it goes out. But - if the ISP had a clue in they wouldn't be routing packets with a non-local source address out onto the internet in the first place.
"Smurf attack came from an @Home user. I have his IP address..."
Correct me if I'm wrong but... the IP address of a smurfed packet show the targets IP address rather than the attackers. Bad Person A sends an ICMP Ping packet to an broadcast address with the packets source address spoofed to look like it came from victem B. So all the (broken/misconfigured) hosts on the network respond to the broadcast ping and send their reply to the victem. A sends 1 packet, B gets (up to) 254 packets and dies.
Just worries me that some (possibly) innocent user is now going to get hasseled becasuse Dvorak put the hard word on @Home (and maybe @Home listened to save embarasment on Dvorak's website.) Actually I doubt it would really come to that in this case but it's a distrubing notion. Yes crackers/script kiddies are bad. But theres no TurnKey solution to them like BlackICE(what ever that is). If you don't know what your security monitor is telling or what to about it you're no better off. Maybe worse of for thinking yourself safe when you're not.
"rpm -UvhF *" will upgrade only already installed packages. Although I think the -F option is fairly new - only arrived with RH6.0
It is their source - they can't get back what is already "out there" but they can do what they like to anything new. Acutally, their license is a bit {unique,wierd} in that it lets it be distributed as "Open Source" or as binary only - but it stipulates that binary only distributions must be freeware. All the other restrictions are more BSD than GPL.
AdamT (IANAL)
both - of course. Where you working with all these employees who're clones of each other?
No - we want them to do their real work and not fuck up their system. Actually in practice the egnineer and programmers install what ever the hell they want and very rarely (relativly speaking) call for support. Even the most technical company has alot of non technical auxcilary staff.
When you're supporting hundreds of desktops you don't want them installing -any- unathorised software. You setup an SOE and you want your users sticking to it. IE5 and Win98 are just as forbidden as Mozilla and Linux. But when you're the people who have to do the supporting it's the best tool for the job. Perl, gcc, fvwm, linux, *bsd, apache, ssh, samba, squid - if open source provides the goods we use them. The tools OSS provides for admins are just too good and too numerious to ignore. Actually we don't have a (strict) policy against installing unsupported software (unlicensed software is another matter) but if your machine needs work done the first thing we'll do is reinstall the SOE.
It's not as if BSOD is an offical technical term or anything (although MS do use it from time to time.) Like all language it means what the people who use it think (and understand) it to mean. The screen goes blue, the windows dies - it's a BSOD.
"So, given that(uncompressed) the source tree takes up 73Megs"
I think you must have done your 'du' after a build. (mine came out to be about the same). Out of the box the kernel source is closer to 60M's.
AdamT
This is a two way flow. We (the community) do get cash back - but we do get a bunch of stuff we would not have otherwise. With out the RedHat's we would such a high profile. We wouldn't have hardware vendors coming on board. We wouldn't be able to get our 'toy OS' through the door at work.
Have a commercial presence really helps us out alot. More importantly - we're the senior partner in this sybiosis. They can't kill us, we don't -need- them, but with out us they've got nadda. OSS walks quietly but carries a big stick - the GPL means this stuff is ours and will stay ours regardless of who's putting their logo on the shrink wrapped boxes.
The question is which internet technolog_ies_. That's plural. You can have more than one intrest - hence the greater than 100% return.
I can't know your circumstances but you sound exactly like any number of the know-enough-to-be-dangerous types. Not only is your request probably a waste of time - the fact your asking it probably is too. Most IT sorts are policy makers they just impliment it. You want someting out of scope you need to talk to their manager. To you its "just one little thing" - to the techs it's "-another- bloody thing".
I can't wait. I'll be there in line at the store for this one for sure. To my mind descent is -the- game to have. 6 degrees of freedom rock! Small detour into Descent freespace that was no fun - where was the sliding damn it!? I'm delighted to finally have descent for linux. Head to head descent is the only thing that keeps the windows partition on my machine alive. Time to vote with my wallet.
Have you ever seen a mouse in a cockpit? Just a stick and buttons. Joystick and keyboard are the -only- way to play descent. Well.. maybe rudder peddles. :)
"First, I cringe with every misquote. My friends and I can't go 10 minutes without some obscure Python-ism (Ditto for Star Wars tho). So I darn all thee misquoters to heck (unless it's actually applied in satirical context)" :)
It's like spelling - the spirit is more important then that technical specifics. Even Monty Python don't do the same skit with the same words every time. Compare a skit from the flying circus show, to its retelling on the stage, to its retelling on the stage, to its retelling on their various albums. There are lines changed, names changed, whole jokes dropped and new ones added in. As long as it's funny it isn't worth getting stressed about the words. Now - the inflection, that's other story entirely....
AdamT
"It didn't take long for the open source community's propaganda machine to swing
:) I for one am terribly amused...
into action, known as the "Slashdot Effect" after the community's favored news site"
LOL - they make us sound so... so organised. Maybe that'll prove the open source community doens't need a board of directors and a CEO to get things done.
AdamT