Security is a process and a state of mind. Free software is not going to be some sort of silver bullet to the world's problems, and commercial software isn't going away any time soon, much as you would like that to be the case.
I don't understand why Google doesn't let me *pay* for their services and applications? I know you can pay for extra storage on GMail, but why don't they have a way for me to give them $50 a year or whatever and not have them scan my everythings and show me ads?
I spend that much any given weekday having dinner with two friends, I'll gladly pay for GMail and Docs and everything else. Just give me a good SLA with no legal bullshit and it's on.
Google has been one of the least invasive and coercive companies.
The recent barrage of articles concerning privacy and Google would lead me to believe you don't read Slashdot, but I know that's probably not the case, so we must assume that you're just...
M$'s Live Desktop Rape Service
... bashing Microsoft, as usual.
Email and other communications should be encrypted.
That's a great point that I didn't think about, obviously. I think it's looking more and more like the magic 8-ball sez "yank and rewrite" here. Too many pitfalls.
Ah, the annoying johnny-come-lately slashbot who likes to make clever snide remarks about what other people say but usually can't articulate an opinion of his own.
Your advice is full of bad legal logic,
Yes, it's not in the "public domain", I get it. It's probably still fair use, depending on context.
you didn't read the question very carefully. This is not published source code.
Really? You must be reading a different article, because mine says this:
The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?
If copying 200 literal lines of code that you didn't write (and then putting your companies copyright on it) is OK, how about 500 lines? 1000? 2000? Where are you going to draw the line?
I don't know. The MPAA for example might be the right people to ask, since they keep redefining what constitutes "fair use" with DMCA takedowns to YouTube for video and movie clips. 5 minutes of a 2-hour movie or 200 lines out of a 20,000 LOC application, what do you think is the limit?
The reality is that under current copyright law the limit is whatever the copyright owner says it is, unfortunately. But in the case of code, if there is no explicit license attached to it then it probably constitutes fair use. So, it's one thing to copy 200 lines off a blog post and quite another to yank them from a source file in the SVN repository of a project on SourceForge, which is much more likely to have a license restricting use or distribution, or both. Thus the point about context I made elsewhere in this thread. The submitter of this question didn't really provide any information about that.
And yes, you're right. I shouldn't have used "public domain" there.
It depends on the context. If we want to take this to extremes, I would argue that since the code was published as part of an article that details how to achieve something with [insert language/technology here] then implicit copyright (where none is claimed) does not also prohibit "fair use". That does not defeat or circumvent the original copyright in any way.
But I have no idea where this code was found or how it was obtained, so it's pointless to speculate.
Didn't Cory Doctorow or someone else publish an article a few days ago detailing how Joe Business violates copyright law to the tune of ninety bazillion dollars every other week by sending emails and scratching his ass? I think the submitter's question is just overreaction. He should just make a note of it and move on.
You're right, I shouldn't have used the term "public domain". I meant that the code would be freely usable without specific restrictions or conditions.
If there is no copyright claim by the original author then I don't see what the problem is. AFAIK that means it's in the public domain (I'd check the website's disclaimer or terms of use though). Moreover, if the source code for your application is not being released, who the heck cares? It's not like you're shipping some GPL code or library that might nail you to the wall. And I would assume that the person who published it intended for it to be used? I guess I just don't see the problem here. I'm not sure you can even call it "stolen".
Personally I'd attach a clear comment to that piece of code that reads something like Seems to be derived from [TheUrl]; no license issues as far as I can see. Original adaptation by [YourLeadNameGoesHere] - [YourNameGoesHere] ([Today'sDate])
At least you'd be doing some due dilligence and making sure no one thinks you're the one who did the copy&paste job. In the unlikely even that there's a problem, at least you'd have something to fall back on that can be audited off your source control repository.
Applications are full of snippet'ed code copied from all over teh internets, much of which is technically in the public domain since no copyright is claimed (or practically enforced). I don't think anyone cares. Hell, I've seen people copy code from sites that were ripping off original authors on other sites (i.e, codeproject.com). The problem is when you incorporate large swaths of functionality and don't bother to follow the original licenses.
Yes, he did, actually. Pretty much anyone who thinks they're being clever by suggesting someone who doesn't practice their religion tends to piss me off. Ring a bell?
It's a long way from being systematically modded down for trolling and having to post at -1 by default like you, but I'm sure I'll survive.
Thanks for taking the time to post though. I understand they let you do it twice a day now? Well, you can always fall back on the sockpuppet if all else fails.
Both Mac OS X and Ubuntu do not have a root account by default
They do, it's just not active. However, IIRC the first few versions of Ubuntu would fail to add the account created during setup to sudoers - are they doing that now?
And frankly, the all-powerful master account is a bad idea. It just hasn't been exposed to half a billion clueless people.
Apparently you don't know how *nices handle privileges and security.
I know, but thanks.
I can't log in as an administrator to do some administrative work without being bothered by the OS. OK, maybe I can,
No, yes you can. All you need to do is disable UAC for that account. Easy, eh?
As an administrator, I like to open up a console (window) and log in with some supervisor account to perform a couple of tasks that would otherwise ask me for privileges...
Yes, that's what I do. After all, everything is scriptable in Windows.
"UAC works as advertised", UAC still has to catch up a little to reach the standard of today's operating system security models.
It works as advertised because it's designed to work within the constraints of the Windows security model and provide backwards compatibility with existing applications at the same time. In that sense, it's perfectly fine. It's not the same as sudo, but it was never meant to be anwyway.
The DRM boogeyman rears up again, but other than maybe WGA (which is not even related to media) and a checkbox in Windows Media Player, can anyone tell me again where is all this "hated DRM" in Vista? And where's the media that's supposed to take advantage of all this new DRM that didn't exist in XP? And please don't regurgitate that thoroughly debunked dumb Peter Guttman "paper" where he even admits he doesn't even use Vista.
And seriously, that UAC bullshit FUD is getting old by now. Nothing beats a meme that people repeat just because everyone else is saying it as well. I get a UAC prompt every time I try to do some admin task, which is no different than the root prompt on Linux or OS X. I could turn it off, but why? It's a good reminder that I'm doing something "dangerous" under my default account. The rest of the time I never see it. My nephews run in non-privileged accounts and they never see UAC unless they need to install something, in which case it actually has a password field and they need to call me. If people are bitching because they run under a non-privileged account and they get the damn prompt when they try to restart a service or uninstall a driver then maybe they should consider Linux, where that doesn't happen. Oh wait.
If they're bitching about it because some application is trying to crap all over the hard drive, well, maybe they should run *that* under a privileged account and deal with the prompt once, or just replace the app. Either way, UAC is working as advertised.
That of course begs the question - why are you using it at all? After all, if it's "murky" then it certainly does not reflect the meaning you've attached to it, here.
calls me twitter
That wouldn't have anything to do with the fact that you are in fact the owner of both accounts, would it? Don't make me go get the links, please.
He has no incentive to lie other than the punishment he will receive for telling the truth. Is he on your harassment list too now?
What the hell are you talking about? What "punishment"? And who is "harrassing him"? Can't you discuss things like most other humain beings do instead of sinking down to non-sequiturs and inane blabber when you feel cornered by your own stupidity?
erris == twitter. Apparently the person that posts in the LUG is the actual owner of both accounts. I don't think "willyhill" is the same person, obviously.
I think twitter just hung himself out to dry by posting this, because it confirms what everyone already knows. He just can't leave well enough alone.
This bug was discovered by third parties because they had access to the source
That's irrelevant, since you don't need the source code to find buffer overflows. It just reduces the time needed to find them.
The bug is already fixed
And a patch has been applied by... everyone?
Even on still vulnerable systems it wouldn't give you root access
You don't need root access to turn a machine into a spam zombie, which is the growth market for trojans nowadays.
It would have to rely on special plugins or user action
We all know users don't install plugins or take actions. Stupid actions, even.
e)The problem is clearly described and documented allowing users to take precautions
Just like Microsoft security alerts, which apparently do nothing to stem the infection rates from emailed and zipped executables that arrive via email and require all sorts of gyrations to install.
Slashdot Mirror
Real security comes from knowledge, not freedom.
I spend that much any given weekday having dinner with two friends, I'll gladly pay for GMail and Docs and everything else. Just give me a good SLA with no legal bullshit and it's on.
The recent barrage of articles concerning privacy and Google would lead me to believe you don't read Slashdot, but I know that's probably not the case, so we must assume that you're just...
And you didn't even RTFA.
"Vista is like OS 9, LOLOL"
"No, it's not. OS 9 didn't even manage memory correctly"
"The problems with OS 9 don't make Vista better"
Good job twitter, it's not every day I get to see someone shoot down their own strawman.
Never crashed for me either, but what do I know.
If your browser looked like that then I'm pretty sure PEBKC, because mine sure as hell never did.
Isn't that... bad?
Fair enough. Cheers =)
That's a great point that I didn't think about, obviously. I think it's looking more and more like the magic 8-ball sez "yank and rewrite" here. Too many pitfalls.
Ah, the annoying johnny-come-lately slashbot who likes to make clever snide remarks about what other people say but usually can't articulate an opinion of his own.
Yes, it's not in the "public domain", I get it. It's probably still fair use, depending on context.
Really? You must be reading a different article, because mine says this:
Anything else?
I don't know. The MPAA for example might be the right people to ask, since they keep redefining what constitutes "fair use" with DMCA takedowns to YouTube for video and movie clips. 5 minutes of a 2-hour movie or 200 lines out of a 20,000 LOC application, what do you think is the limit?
The reality is that under current copyright law the limit is whatever the copyright owner says it is, unfortunately. But in the case of code, if there is no explicit license attached to it then it probably constitutes fair use. So, it's one thing to copy 200 lines off a blog post and quite another to yank them from a source file in the SVN repository of a project on SourceForge, which is much more likely to have a license restricting use or distribution, or both. Thus the point about context I made elsewhere in this thread. The submitter of this question didn't really provide any information about that.
And yes, you're right. I shouldn't have used "public domain" there.
But I have no idea where this code was found or how it was obtained, so it's pointless to speculate.
Didn't Cory Doctorow or someone else publish an article a few days ago detailing how Joe Business violates copyright law to the tune of ninety bazillion dollars every other week by sending emails and scratching his ass? I think the submitter's question is just overreaction. He should just make a note of it and move on.
You're right, I shouldn't have used the term "public domain". I meant that the code would be freely usable without specific restrictions or conditions.
Personally I'd attach a clear comment to that piece of code that reads something like Seems to be derived from [TheUrl]; no license issues as far as I can see. Original adaptation by [YourLeadNameGoesHere] - [YourNameGoesHere] ([Today'sDate])
At least you'd be doing some due dilligence and making sure no one thinks you're the one who did the copy&paste job. In the unlikely even that there's a problem, at least you'd have something to fall back on that can be audited off your source control repository.
Applications are full of snippet'ed code copied from all over teh internets, much of which is technically in the public domain since no copyright is claimed (or practically enforced). I don't think anyone cares. Hell, I've seen people copy code from sites that were ripping off original authors on other sites (i.e, codeproject.com). The problem is when you incorporate large swaths of functionality and don't bother to follow the original licenses.
I felt a great disturbance in the Force... as if millions of fanboys suddenly cried out in terror and were suddenly silenced.
It's a long way from being systematically modded down for trolling and having to post at -1 by default like you, but I'm sure I'll survive.
Thanks for taking the time to post though. I understand they let you do it twice a day now? Well, you can always fall back on the sockpuppet if all else fails.
They do, it's just not active. However, IIRC the first few versions of Ubuntu would fail to add the account created during setup to sudoers - are they doing that now?
And frankly, the all-powerful master account is a bad idea. It just hasn't been exposed to half a billion clueless people.
I know, but thanks.
No, yes you can. All you need to do is disable UAC for that account. Easy, eh?
Yes, that's what I do. After all, everything is scriptable in Windows.
It works as advertised because it's designed to work within the constraints of the Windows security model and provide backwards compatibility with existing applications at the same time. In that sense, it's perfectly fine. It's not the same as sudo, but it was never meant to be anwyway.
And this is bad how, again? Please, explain.
I thought there was no root account?
This is Vista's fault how, again?
Well, most of my apps worked fine so I guess I'm sorry yours didn't.
To argue with random morons on the interwebs? About $4.25 a day, but I'm hoping to get a rise soon.
And seriously, that UAC bullshit FUD is getting old by now. Nothing beats a meme that people repeat just because everyone else is saying it as well. I get a UAC prompt every time I try to do some admin task, which is no different than the root prompt on Linux or OS X. I could turn it off, but why? It's a good reminder that I'm doing something "dangerous" under my default account. The rest of the time I never see it. My nephews run in non-privileged accounts and they never see UAC unless they need to install something, in which case it actually has a password field and they need to call me. If people are bitching because they run under a non-privileged account and they get the damn prompt when they try to restart a service or uninstall a driver then maybe they should consider Linux, where that doesn't happen. Oh wait.
If they're bitching about it because some application is trying to crap all over the hard drive, well, maybe they should run *that* under a privileged account and deal with the prompt once, or just replace the app. Either way, UAC is working as advertised.
Heh. Good luck with that theory. Le me know if you're ever in or near Stuttgart during football season, and the drinks are on me.
I'll get the popcorn ready.
Reverse-reverse slashvertisement psychology. I like it :)
That of course begs the question - why are you using it at all? After all, if it's "murky" then it certainly does not reflect the meaning you've attached to it, here.
That wouldn't have anything to do with the fact that you are in fact the owner of both accounts, would it? Don't make me go get the links, please.
What the hell are you talking about? What "punishment"? And who is "harrassing him"? Can't you discuss things like most other humain beings do instead of sinking down to non-sequiturs and inane blabber when you feel cornered by your own stupidity?
I think twitter just hung himself out to dry by posting this, because it confirms what everyone already knows. He just can't leave well enough alone.
That's irrelevant, since you don't need the source code to find buffer overflows. It just reduces the time needed to find them.
And a patch has been applied by... everyone?
You don't need root access to turn a machine into a spam zombie, which is the growth market for trojans nowadays.
We all know users don't install plugins or take actions. Stupid actions, even.
Just like Microsoft security alerts, which apparently do nothing to stem the infection rates from emailed and zipped executables that arrive via email and require all sorts of gyrations to install.
This doesn't seem vage to me.
Kernel space? Hardly. Read the exploit description. It's a bad exploit though.