Wouldn't Intel run into physical limitations that simply don't allow chips to run at that low a temperature? I'm surprised Google isn't considering moving some of its data centres to Arctic locations where you get cool temperatures year-round.
Are you serious? Neither the Arctic nor the Antarctic is well known for reliable power or fast Internet connections.
Even though the software can recognise the cats 87% of the time, you need to input 12 pictures, so the chance of the attack succeeding drops to 10%.
You could probably make this even harder by putting a cat and a dog in a photo and telling the user to pick photos that ONLY have cats in them.
Problem is, it's one of those problems where even a 99.9% effective solution is simply not good enough.
Let's say I need 1000 gmail accounts, and the captcha-breaking algorithm in my Gmail-Sign-Up-Bot can only get it right 0.1% of the time. My Google-Sign-Up-Bot can easily tell when it's been successful and write the resulting email address to a file.
That means I need to run it on average 100,000 times. With a zombie network of a 2 thousand machines set up to work relatively slowly - maybe only one request from a given host every 30-60 minutes to minimise the risk of the IP address being blocked - you're still looking at 3-5 hours tops.
I know that swapfiles can be moved; this doesn't do any good when there's the potential for sensitive data to already be in swap because most operating systems do not securely delete data when it's no longer needed. Just because you hit "delete" and emptied the trashcan/recycling bin (oh look, there's another place where files might easily get moved to which isn't encrypted by default) does not mean that the file cannot be recovered, often quite easily.
This also doesn't deal with applications which use temporary files as part of their normal operation.
The key escrow feature is something which products like PGP make very easy. Integrate with a server and presto! Recovering from lost keys is just a few clicks and an administrative password away. Truecrypt doesn't provide the building blocks to do this - sure you can make a backup of the keys, you can store them with no encryption (or encrypted with a key held by someone else like your trusty IT department) but you can't enforce this and you can't automatically get the backup of the keys updated if the keys change.
Well in one sentence above, someone asserts that everyone has seen CSI and knows that 'hackers' use shell prompts and that using a shell prompt will get you arrested. But when asserting that everyone has seen a shell prompt and knows that computer professionals use them, you assert they have not. So which is it? The CSI argument or that they have not? You can't have it both ways. Either everyone airport security guard watches TV or they don't.
Like so many arguments on/., you're trying to paint it as black and white when the reality is likely to be many shades of grey.
Some security guards may have enough of a side interest in computers to know that Windows isn't the only thing. Some may have paid enough attention to the TV in the first place to associate a shell prompt with "hackers".
In any case, I seriously doubt that the person who actually spends time going through your files on your computer (rather than just asking you to turn it on and prove it's a computer rather than a bomb) will be the strategically shaved ape who's watching the luggage go through the X-ray machine.
There are plenty of other, proprietary encryption products which do much the same thing in terms of full disk encryption.
I would pose the same question I did with TrueCrypt, how many people know about these products?
You've missed the whole point of my post, which was "Suddenly, you don't need to train your staff in TrueCrypt. All you need to say is "Any laptop which requires a password or plugging some other device in just to get it to start up is a red flag"."
If you go for the "full disk encryption" option (and I strongly suggest you do otherwise you open such a huge can of worms you may as well not bother)
What's this can of worms? What does it contain?
Swap files which, unless the whole disk is encrypted, won't be. Files used in hibernation (Linux uses swap, not sure about Windows). Temporary files used by applications in the normal course of operation (most MSOffice applications do quite a bit of this and it's not always easy to control where they go). Core dumps from application crashes (depending on OS, not all applications can easily be configured not to dump core in the event of a crash).
This was the crux of a recent issue discussed with TrueCrypt - modern operating systems simply aren't designed with such encryption in mind, so you can't simply send a message to the operating system to say "This is now in secure mode, any user data or swapfiles must be stored in THIS location and any which are outstanding must be moved and the disk area they occupied securely wiped". Even if you could there's no easy way to guarantee it would be honoured without major OS redesign.
The laptop won't boot without a password and/or some sort of hardware key which is carried separately.
And if you lose the key you're in trouble.
Yep. The commercial version of PGP does include a server-based mechanism to rescue you in the event that you don't want to be explaining to the managing director that his shiny laptop is now more-or-less completely useless until it gets rebuilt and any data on it is completely unrecoverable. I don't know how this works for certain but the only way I can make any sense of it is if it stores all keys - public and private - in escrow on the server.
This is the kind of feature corporates will demand because you can never guarantee that nobody will ever lose a key or forget their password and "your data is now toast you silly fool" is seldom an acceptable outcome to such a scenario. It's also the kind of feature which is highly unlikely to be implemented in any F/OSS solution like TrueCrypt because it's a potential security risk and IME it's fairly common for F/OSS software to take the pure "this is the only guaranteed safe" path in development rather than the pragmatic "secure enough while still being useable" path.
Though the laptop I'm using now does bootup without a password or anything I have more than one user account on it, only one can install software. I setup and use an account without permissions and only log into the admin account to install stuff and to run updates. Now I could require a password to bootup but that requires creating a root account and if I lose that password I'm up shit creek.
Falcon
Unless the disk is heavily encrypted then any boot password can be trivially worked around - worst case, with a screwdriver. Remove the disk, image it, mount the image, away you go. In the original context - keeping the data secure - having a functioning operating system on the disk is of no importance.
Everyone has seen a shell prompt and knows that computer professionals use it. If you tell them you are a developer, system administrator, etc. They don't even want to HEAR you talking over their heads. You obviously know more about that machine than them and they send you on your way.
An awful lot of people seem to be under the impression that computer professional work is no more difficult than playing "The Incredible Machine" except the machine you build actually does something.
Assuming that "everyone has seen a shell prompt" is plain wrong.
How many people have heard of TrueCrypt? Of those how many know what it is? I only heard of TrueCrypt earlier this year and I think I know more about computers and software than most people so I'd bet most people have never heard of it. Sure, border guards could be taught stuff like how to find it but to learn everything to look for, remember they're also looking for drugs, explosives, and other contraband, they'd have to spend a lot of tyme in classes. It's not arrogance to expect border guards to know everything they need to know to find everything, heck only a small fraction of drugs are stopped.
There are plenty of other, proprietary encryption products which do much the same thing in terms of full disk encryption.
If you go for the "full disk encryption" option (and I strongly suggest you do otherwise you open such a huge can of worms you may as well not bother), they all share a common pattern. The laptop won't boot without a password and/or some sort of hardware key which is carried separately.
Suddenly, you don't need to train your staff in TrueCrypt. All you need to say is "Any laptop which requires a password or plugging some other device in just to get it to start up is a red flag".
There is a bill being debated in the US Congress right now to limit impoundment of laptops to 24 hours.
And I'm sure that in order to back that up, they'll take a forwarding address from you and FedEx you the laptop immediately those 24 hours are up, lovingly packaged and at no further cost to the passenger, regardless of where you are in the world. And when FedEx loses a package (because no courier company in the whole of history has ever achieved a 0% loss rate), they'll chase FedEx up on your behalf, replacing the laptop for you if FedEx can't find it in a reasonable timespan.
Regarding the data on the lost laptop, they'll almost certainly image it before they let it go anyway, so I'm sure they'll be only too happy to copy the image to another disk and ship that to you.
And all of this will be done so quickly and efficiently you won't even miss it.
Re:This is a huge amount of work
on
Linux 2.6.27 Out
·
· Score: 1
in fact I've personally seen code fail on one system and run perfectly on the exact same spec hardware sitting right next to it, with exactly the same software (ghosted).
Was this recently and was it with Symantec Ghost or some other product and you're just using "ghosted" in a generic sense?
Reason I ask is that the last time I used Ghost to clone Linux systems onto identical hardware (which I admit was a few years ago) I had about 8 identical PCs - the original was fine, all the others were in various subtle ways completely broken. Unfortunately, they still worked well enough to boot, start X and run a few applications so it wasn't until some time later that I discovered this.
Does this not work in this area or something, what is the scare?
BT are the incumbent telco. They own the cable to the customer's home and the telephone exchange; ISPs may offer broadband but they're almost invariably buying BT's wholesale ADSL package and reselling it to customers.
There is some move to allow ISPs to install their own equipment in exchanges to handle the last mile, but this is moving painfully slowly - mainly because the regulator is generally reluctant to step in.
Setting up your own telephone exchanges and getting the necessary permits to run your own cables is prohibitively expensive, so the only alternative is the cable company (which merged into one big company a couple of years back).
If Airbus is that susceptible to electronic interference, then I'd rather not fly in their planes. The last thing I need is to plunge into the Atlantic because some disgruntled-fellow-gone-terrorist on the ground is jamming the flight controls with a generator and a pringles can.
Cobblers.
Qantas isn't the only airline flying Airbus aircraft, yet I've never heard of any other airline having such trouble and blaming wireless devices. What's their aircraft maintenance like?
What I am complaining is the lack of proper testing in Linux. If there were proper tests for the module which does the overwriting, the problem would have never occured at all.
Are you trolling or do you honestly not understand the implications of it being an alpha release?
In other words "This release is for testing purposes; by all means report a bug if it breaks but don't be too surprised if the breakage is catastrophic. If you use this on something important, you are nuts and should seek help". In traditional, closed-source development, alpha releases are produced, they may or may not break things. Now, for software living entirely in userland you probably won't cause hardware problems but at the kernel layer, this is entirely possible simply because so many things are designed to have field-upgradeable firmware (which is usually what gets damaged).
Working at a company that does embedded software development, I can tell you now that these things do happen from time to time. If they didn't, there would be no such thing as JTAG programmers.
The only difference here is that because the Linux kernel's development process is open to the world, these things are known by the whole world.
Be warned that with Mac OS X metadata, that gets stored under the same filename as the original with ",_" prefixed - I'm not sure what happens if a file with that name already exists.
Also, if you want to make full use of rsync options, you need the same version on both ends of the tunnel.
(That being said, props to Mr. Tridgell, rsync is an absolutely awesome tool which has saved me I-don't-know-how-much in terms of time and effort. I really must make a donation to the project at some point),
Certainly the UK gives legal backing to the word "organic".
But it's important to note that the word "organic" does not mean "not produced in factory farming conditions". There's no reason in principle why you couldn't keep chickens in the same cramped, dark houses they're normally kept, change their food so it didn't contain growth hormones, antibiotics or any of that crap and call it "organic".
(Your chickens probably wouldn't last long enough to make it to the supermarket because in those kind of conditions, the antibiotics are the only thing keeping disease from spreading like fire, but the sickly half-dead chickens handed over to Tesco's would still be organic!)
Open source means that the source is open. That's it.
It's a phrase in common use, but as a phrase it did not exist before the FSF came up with it. I think it's perfectly reasonable for the person(s) who coins a phrase to dictate what it means; YMMV.
Also, what's the deal? Microsoft seem to be heading in the right direction, and actually seem to be addressing the criticism being thrown at them.
No, they're heading in exactly the direction I'd expect them to head. They can't lose control of the operating system; they've tied their entire business to it. If a thriving network of Open Source projects which deal with common problems and run on any platform including Windows develops (and right now I can't think of more than a few major projects in widespread use which do - Thunderbird, Firefox, OpenOffice, and not a lot else) then sooner or later people will be saying "Hang on. We do everything we need on open source software which runs on any platform. Why are we still paying Microsoft thousands per year?"
Microsoft are treating Open Source like the latest buzzword and doing exactly what they do as soon as any such buzzword - trying to set things up so you can use the buzzword if you like but you're damn well going to do it on their terms using as many of their products as possible.
That's your opinion. As far as I'm concerned, open source means exactly that - the source is open. People seem to be intent on tacking on a whole load of 'moral' obligations that someone has to follow to qualify to use 'open source', when nothing could be further from the truth.
Have you RTFA? It doesn't refer to hosting products which for technical reasons can only run on Windows, nobody's bothered porting them to anything else and it may or may not be feasible.
It refers to products having a license agreement which says "Do what you like but you may only use it on Windows".
This is definitely against the spirit of Open Source, even if not the letter.
I think it more interesting question is "how can someone overwrite".
Very easy, if the card is designed to have field-updateable firmware. You just need to send it the right (or in this case wrong) command.
Ideally the manufacturer would make it so that you have to go through all sorts of hoops before you've done anything permanent, but this isn't the first time something like this has happened.
Based on my limited understanding of crypto, when you encrypt data it should turn into pseudo-random noise, so if *any* bits change the whole thing changes (unless you're doing a block-cypher, but if it's chained-block then every portion *after* that will also change). So for large files, this seems like the delta would end up being practically the entire file, wouldn't it?
I'm not sure how it works, but I can think of a few ways you could work around that in theory.
The most obvious is to encrypt every file individually and then ship a tar of the whole lot up. Though for best results, you'd need to download each file, decrypt it, perform a binary delta against the source file, encrypt the delta and ship that up.
End of the day though, it sounded rather too complicated for my liking. I get the benefit of offsite backups stored with someone like Amazon but I'm using a tool which may or may not work, isn't in particularly common use (so hasn't had the exposure to many eyes that rsync has) and goes to great effort to ensure that the data is very hard to decrypt - one cockup and the person who's going to be locked out of the data is me.
You don't necessarily need to make that first backup painful. Rsync while you've got both servers in the same room over a LAN, and from then on you just have to deal with the delta and don't need to worry so much about bandwidth.
The source server was in another country and in daily use, the destination server was bolted into a cabinet, weighed about 40kg and also in daily use.
Recent versions of rsync fully support POSIX ACLs (including, if asked, setting up ACLs on the receiving end that don't make any sense because they refer to uids that don't exist - though you could work around that one with a common authentication mechanism such as LDAP) - I've not tried to get Windows working so I'm not sure how well that would work.
Be warned that full POSIX ACL support hasn't made it into every Linux distribution yet - IIRC Debian Etch's rsync doesn't, for instance. If you're paranoid, you could add a line to call getfacl before you call rsync in your existing script script - shouldn't require more than one line.
I can't believe no laws were broken in this process. Why can't the EU courts take this up?
Most laws are written on the assumption that everyone will play fair most of the time, and only changed after it becomes apparent that under some circumstances this isn't happening in order to prevent anyone else getting any smart ideas. I daresay few people anticipated orchestrated international fraud and corruption.
Furthermore, standards bodies don't have any legal weight. Their sole purpose is to provide a recognised standard which companies can use to say "Your product must meet or exceed the specifications laid down in ISO nnnnn" - the idea being that this allows businesses to work together without constantly reinventing the wheel.
Thus, the only way corruption can be resolved is by members walking away, thus weakening the organisation. Members will likely walk away because they don't think there's any point in participating - either because of blatant corruption or because the orgnisation itself is being thoroughly ignored.
Wouldn't Intel run into physical limitations that simply don't allow chips to run at that low a temperature? I'm surprised Google isn't considering moving some of its data centres to Arctic locations where you get cool temperatures year-round.
Are you serious? Neither the Arctic nor the Antarctic is well known for reliable power or fast Internet connections.
No, it also needs to run on some sort of computer hardware.
And now you're trying to paint me in black and white.
Please stop it, it's rather offensive.
Even though the software can recognise the cats 87% of the time, you need to input 12 pictures, so the chance of the attack succeeding drops to 10%.
You could probably make this even harder by putting a cat and a dog in a photo and telling the user to pick photos that ONLY have cats in them.
Problem is, it's one of those problems where even a 99.9% effective solution is simply not good enough.
Let's say I need 1000 gmail accounts, and the captcha-breaking algorithm in my Gmail-Sign-Up-Bot can only get it right 0.1% of the time. My Google-Sign-Up-Bot can easily tell when it's been successful and write the resulting email address to a file.
That means I need to run it on average 100,000 times. With a zombie network of a 2 thousand machines set up to work relatively slowly - maybe only one request from a given host every 30-60 minutes to minimise the risk of the IP address being blocked - you're still looking at 3-5 hours tops.
At least the problems with those processors didn't tend to turn the computer into a breeze block.
I know that swapfiles can be moved; this doesn't do any good when there's the potential for sensitive data to already be in swap because most operating systems do not securely delete data when it's no longer needed. Just because you hit "delete" and emptied the trashcan/recycling bin (oh look, there's another place where files might easily get moved to which isn't encrypted by default) does not mean that the file cannot be recovered, often quite easily.
This also doesn't deal with applications which use temporary files as part of their normal operation.
The key escrow feature is something which products like PGP make very easy. Integrate with a server and presto! Recovering from lost keys is just a few clicks and an administrative password away. Truecrypt doesn't provide the building blocks to do this - sure you can make a backup of the keys, you can store them with no encryption (or encrypted with a key held by someone else like your trusty IT department) but you can't enforce this and you can't automatically get the backup of the keys updated if the keys change.
Well in one sentence above, someone asserts that everyone has seen CSI and knows that 'hackers' use shell prompts and that using a shell prompt will get you arrested. But when asserting that everyone has seen a shell prompt and knows that computer professionals use them, you assert they have not. So which is it? The CSI argument or that they have not? You can't have it both ways. Either everyone airport security guard watches TV or they don't.
Like so many arguments on /., you're trying to paint it as black and white when the reality is likely to be many shades of grey.
Some security guards may have enough of a side interest in computers to know that Windows isn't the only thing. Some may have paid enough attention to the TV in the first place to associate a shell prompt with "hackers".
In any case, I seriously doubt that the person who actually spends time going through your files on your computer (rather than just asking you to turn it on and prove it's a computer rather than a bomb) will be the strategically shaved ape who's watching the luggage go through the X-ray machine.
There are plenty of other, proprietary encryption products which do much the same thing in terms of full disk encryption.
I would pose the same question I did with TrueCrypt, how many people know about these products?
You've missed the whole point of my post, which was "Suddenly, you don't need to train your staff in TrueCrypt. All you need to say is "Any laptop which requires a password or plugging some other device in just to get it to start up is a red flag"."
If you go for the "full disk encryption" option (and I strongly suggest you do otherwise you open such a huge can of worms you may as well not bother)
What's this can of worms? What does it contain?
Swap files which, unless the whole disk is encrypted, won't be. Files used in hibernation (Linux uses swap, not sure about Windows). Temporary files used by applications in the normal course of operation (most MSOffice applications do quite a bit of this and it's not always easy to control where they go). Core dumps from application crashes (depending on OS, not all applications can easily be configured not to dump core in the event of a crash).
This was the crux of a recent issue discussed with TrueCrypt - modern operating systems simply aren't designed with such encryption in mind, so you can't simply send a message to the operating system to say "This is now in secure mode, any user data or swapfiles must be stored in THIS location and any which are outstanding must be moved and the disk area they occupied securely wiped". Even if you could there's no easy way to guarantee it would be honoured without major OS redesign.
The laptop won't boot without a password and/or some sort of hardware key which is carried separately.
And if you lose the key you're in trouble.
Yep. The commercial version of PGP does include a server-based mechanism to rescue you in the event that you don't want to be explaining to the managing director that his shiny laptop is now more-or-less completely useless until it gets rebuilt and any data on it is completely unrecoverable. I don't know how this works for certain but the only way I can make any sense of it is if it stores all keys - public and private - in escrow on the server.
This is the kind of feature corporates will demand because you can never guarantee that nobody will ever lose a key or forget their password and "your data is now toast you silly fool" is seldom an acceptable outcome to such a scenario. It's also the kind of feature which is highly unlikely to be implemented in any F/OSS solution like TrueCrypt because it's a potential security risk and IME it's fairly common for F/OSS software to take the pure "this is the only guaranteed safe" path in development rather than the pragmatic "secure enough while still being useable" path.
Though the laptop I'm using now does bootup without a password or anything I have more than one user account on it, only one can install software. I setup and use an account without permissions and only log into the admin account to install stuff and to run updates. Now I could require a password to bootup but that requires creating a root account and if I lose that password I'm up shit creek.
Falcon
Unless the disk is heavily encrypted then any boot password can be trivially worked around - worst case, with a screwdriver. Remove the disk, image it, mount the image, away you go. In the original context - keeping the data secure - having a functioning operating system on the disk is of no importance.
Everyone has seen a shell prompt and knows that computer professionals use it. If you tell them you are a developer, system administrator, etc. They don't even want to HEAR you talking over their heads. You obviously know more about that machine than them and they send you on your way.
An awful lot of people seem to be under the impression that computer professional work is no more difficult than playing "The Incredible Machine" except the machine you build actually does something.
Assuming that "everyone has seen a shell prompt" is plain wrong.
How many people have heard of TrueCrypt? Of those how many know what it is? I only heard of TrueCrypt earlier this year and I think I know more about computers and software than most people so I'd bet most people have never heard of it. Sure, border guards could be taught stuff like how to find it but to learn everything to look for, remember they're also looking for drugs, explosives, and other contraband, they'd have to spend a lot of tyme in classes. It's not arrogance to expect border guards to know everything they need to know to find everything, heck only a small fraction of drugs are stopped.
There are plenty of other, proprietary encryption products which do much the same thing in terms of full disk encryption.
If you go for the "full disk encryption" option (and I strongly suggest you do otherwise you open such a huge can of worms you may as well not bother), they all share a common pattern. The laptop won't boot without a password and/or some sort of hardware key which is carried separately.
Suddenly, you don't need to train your staff in TrueCrypt. All you need to say is "Any laptop which requires a password or plugging some other device in just to get it to start up is a red flag".
There is a bill being debated in the US Congress right now to limit impoundment of laptops to 24 hours.
And I'm sure that in order to back that up, they'll take a forwarding address from you and FedEx you the laptop immediately those 24 hours are up, lovingly packaged and at no further cost to the passenger, regardless of where you are in the world. And when FedEx loses a package (because no courier company in the whole of history has ever achieved a 0% loss rate), they'll chase FedEx up on your behalf, replacing the laptop for you if FedEx can't find it in a reasonable timespan.
Regarding the data on the lost laptop, they'll almost certainly image it before they let it go anyway, so I'm sure they'll be only too happy to copy the image to another disk and ship that to you.
And all of this will be done so quickly and efficiently you won't even miss it.
in fact I've personally seen code fail on one system and run perfectly on the exact same spec hardware sitting right next to it, with exactly the same software (ghosted).
Was this recently and was it with Symantec Ghost or some other product and you're just using "ghosted" in a generic sense?
Reason I ask is that the last time I used Ghost to clone Linux systems onto identical hardware (which I admit was a few years ago) I had about 8 identical PCs - the original was fine, all the others were in various subtle ways completely broken. Unfortunately, they still worked well enough to boot, start X and run a few applications so it wasn't until some time later that I discovered this.
Does this not work in this area or something, what is the scare?
BT are the incumbent telco. They own the cable to the customer's home and the telephone exchange; ISPs may offer broadband but they're almost invariably buying BT's wholesale ADSL package and reselling it to customers.
There is some move to allow ISPs to install their own equipment in exchanges to handle the last mile, but this is moving painfully slowly - mainly because the regulator is generally reluctant to step in.
Setting up your own telephone exchanges and getting the necessary permits to run your own cables is prohibitively expensive, so the only alternative is the cable company (which merged into one big company a couple of years back).
Fly Boeing instead of Airbus.
If Airbus is that susceptible to electronic interference, then I'd rather not fly in their planes. The last thing I need is to plunge into the Atlantic because some disgruntled-fellow-gone-terrorist on the ground is jamming the flight controls with a generator and a pringles can.
Cobblers.
Qantas isn't the only airline flying Airbus aircraft, yet I've never heard of any other airline having such trouble and blaming wireless devices. What's their aircraft maintenance like?
What I am complaining is the lack of proper testing in Linux. If there were proper tests for the module which does the overwriting, the problem would have never occured at all.
Are you trolling or do you honestly not understand the implications of it being an alpha release?
In other words "This release is for testing purposes; by all means report a bug if it breaks but don't be too surprised if the breakage is catastrophic. If you use this on something important, you are nuts and should seek help". In traditional, closed-source development, alpha releases are produced, they may or may not break things. Now, for software living entirely in userland you probably won't cause hardware problems but at the kernel layer, this is entirely possible simply because so many things are designed to have field-upgradeable firmware (which is usually what gets damaged).
Working at a company that does embedded software development, I can tell you now that these things do happen from time to time. If they didn't, there would be no such thing as JTAG programmers.
The only difference here is that because the Linux kernel's development process is open to the world, these things are known by the whole world.
Be warned that with Mac OS X metadata, that gets stored under the same filename as the original with ",_" prefixed - I'm not sure what happens if a file with that name already exists.
Also, if you want to make full use of rsync options, you need the same version on both ends of the tunnel.
(That being said, props to Mr. Tridgell, rsync is an absolutely awesome tool which has saved me I-don't-know-how-much in terms of time and effort. I really must make a donation to the project at some point),
Certainly the UK gives legal backing to the word "organic".
But it's important to note that the word "organic" does not mean "not produced in factory farming conditions". There's no reason in principle why you couldn't keep chickens in the same cramped, dark houses they're normally kept, change their food so it didn't contain growth hormones, antibiotics or any of that crap and call it "organic".
(Your chickens probably wouldn't last long enough to make it to the supermarket because in those kind of conditions, the antibiotics are the only thing keeping disease from spreading like fire, but the sickly half-dead chickens handed over to Tesco's would still be organic!)
No, damnit.
Open source means that the source is open. That's it.
It's a phrase in common use, but as a phrase it did not exist before the FSF came up with it. I think it's perfectly reasonable for the person(s) who coins a phrase to dictate what it means; YMMV.
Also, what's the deal? Microsoft seem to be heading in the right direction, and actually seem to be addressing the criticism being thrown at them.
No, they're heading in exactly the direction I'd expect them to head. They can't lose control of the operating system; they've tied their entire business to it. If a thriving network of Open Source projects which deal with common problems and run on any platform including Windows develops (and right now I can't think of more than a few major projects in widespread use which do - Thunderbird, Firefox, OpenOffice, and not a lot else) then sooner or later people will be saying "Hang on. We do everything we need on open source software which runs on any platform. Why are we still paying Microsoft thousands per year?"
Microsoft are treating Open Source like the latest buzzword and doing exactly what they do as soon as any such buzzword - trying to set things up so you can use the buzzword if you like but you're damn well going to do it on their terms using as many of their products as possible.
That's your opinion. As far as I'm concerned, open source means exactly that - the source is open. People seem to be intent on tacking on a whole load of 'moral' obligations that someone has to follow to qualify to use 'open source', when nothing could be further from the truth.
Have you RTFA? It doesn't refer to hosting products which for technical reasons can only run on Windows, nobody's bothered porting them to anything else and it may or may not be feasible.
It refers to products having a license agreement which says "Do what you like but you may only use it on Windows".
This is definitely against the spirit of Open Source, even if not the letter.
My boss tried to RTFA over my shoulder and shot cheese out of his ears
Can he do that on demand?
I think it more interesting question is "how can someone overwrite".
Very easy, if the card is designed to have field-updateable firmware. You just need to send it the right (or in this case wrong) command.
Ideally the manufacturer would make it so that you have to go through all sorts of hoops before you've done anything permanent, but this isn't the first time something like this has happened.
Based on my limited understanding of crypto, when you encrypt data it should turn into pseudo-random noise, so if *any* bits change the whole thing changes (unless you're doing a block-cypher, but if it's chained-block then every portion *after* that will also change). So for large files, this seems like the delta would end up being practically the entire file, wouldn't it?
I'm not sure how it works, but I can think of a few ways you could work around that in theory.
The most obvious is to encrypt every file individually and then ship a tar of the whole lot up. Though for best results, you'd need to download each file, decrypt it, perform a binary delta against the source file, encrypt the delta and ship that up.
End of the day though, it sounded rather too complicated for my liking. I get the benefit of offsite backups stored with someone like Amazon but I'm using a tool which may or may not work, isn't in particularly common use (so hasn't had the exposure to many eyes that rsync has) and goes to great effort to ensure that the data is very hard to decrypt - one cockup and the person who's going to be locked out of the data is me.
You don't necessarily need to make that first backup painful. Rsync while you've got both servers in the same room over a LAN, and from then on you just have to deal with the delta and don't need to worry so much about bandwidth.
The source server was in another country and in daily use, the destination server was bolted into a cabinet, weighed about 40kg and also in daily use.
(Nice idea though).
Recent versions of rsync fully support POSIX ACLs (including, if asked, setting up ACLs on the receiving end that don't make any sense because they refer to uids that don't exist - though you could work around that one with a common authentication mechanism such as LDAP) - I've not tried to get Windows working so I'm not sure how well that would work.
Be warned that full POSIX ACL support hasn't made it into every Linux distribution yet - IIRC Debian Etch's rsync doesn't, for instance. If you're paranoid, you could add a line to call getfacl before you call rsync in your existing script script - shouldn't require more than one line.
I can't believe no laws were broken in this process. Why can't the EU courts take this up?
Most laws are written on the assumption that everyone will play fair most of the time, and only changed after it becomes apparent that under some circumstances this isn't happening in order to prevent anyone else getting any smart ideas. I daresay few people anticipated orchestrated international fraud and corruption.
Furthermore, standards bodies don't have any legal weight. Their sole purpose is to provide a recognised standard which companies can use to say "Your product must meet or exceed the specifications laid down in ISO nnnnn" - the idea being that this allows businesses to work together without constantly reinventing the wheel.
Thus, the only way corruption can be resolved is by members walking away, thus weakening the organisation. Members will likely walk away because they don't think there's any point in participating - either because of blatant corruption or because the orgnisation itself is being thoroughly ignored.