Excellent points: you've just described why it takes me twice as long to write things as many of my peers. It's because I try to insert comments and explaiin oddnesses. This leads to particular fun when someone else cuts and paste my code, with the comments, and fails to read them where they posted the code. It does make my debugging of their work a lot easier: it seems well worth the time.
Except that if you can brute force the *host* keys, you can create a man-in-the-middle attack that the user cannot easily tell does not go to the same host they've always been contacting.
Of course, most SSH users don't care much about that 'your hostkey has changed, are you sure you want to contact this?' dialog, and automatically click yes or update their 'known_hosts' table, assuming that the server has been replaced without their knowledge. In fact, that's what's going to happen on every Debian or Ubuntu server that change its host key right now.
This sort of vulnerability is why security needs to be layered: SSH's habit of providing full file-system access to SSH, SCP, or SFTP clients needs to be balanced in its risk against having a properly encrypted access channel. Once an attacker has stolen the private key, or the paword, what can they do to your system? This is why SSH is a poor choice for upload or download clients: the very limited tools to chroot client access are quite limited, so you're usually giving clients way too much access to your system.
What? Verisign sells SSL keys, not SSH keys. That's a very different market: SSH keys are not signed by a central authority and ideally are generated by the user.
You've a good point about the Linux kernel not directly applying to your library issue: it seems a very similar situation, however, with numerous utilities directly editing it and adding to it but retaining a distinct source tree. It does contaminate the kernel licensing to install such modules, and we know how to deal with it.
Do you have a good pointer to the glibc licensing discussion you mention? I thought that was rather stable licensing, and I just don't see how writing a normal program that uses glibc as a shared library, for example, can be considered to run so afoul of the LGPL as it stands.
The GPL allows you to recode your work from scratch to achieve the same results, under a different license. Microsoft licenses do not. This is pretty important.
Don't blame the FSF for this. As some people and some companies have gotten more creative with their 'interpretations' and flat-out ignoring the GPL licenses, the FSF has been forced to get more subtle to address the different needs of people. So we have multiple licenses. They're fairly well written, and require no more attention than most closed source licenses.
Library linking isn't the problem you seem to think, or glibc and the Linux kernel would be much more adventurous to license.
Many projects have become abandoned over the years, and their remaining few users labor on without a well handled bug procedure or central code line. Many open source projects are also slight variations of other, related projects. If you can't integrate your features into an existing codebase (which is what you're asking other people to do for you!), how can you expect them to contribute to your project? We really don't need yet another web administration tool that will be abondoned in a year, or yet another on-line messaging system.
So the abandoned users and administrators of other projects may make helpful assistants for your new project, and be able to warn you away from repeating similar errors. Look for them.
Yes, there is such a thing. An SMTP-AUTH authenticated server works well, and it's straightforward to publish SPF records for other mail servers to filter a lot of forged email, especially the bounces you've been seeing. (SPF is worth looking up: Google does publish SPF records in their DNS.)
SPF got crippled by a Microsoft 'embrace and extend' operation involving SenderID keys and mislabeling SenderID based SPF tags as plain SPF. IT got
I've previously blocked aol.com and hotmail.com entirely from corporate mail servers, because for the amount of money wasted providing filtering servers and wasting technical person time explaining to users that it was spam or worms, we could hire a phone team to handle any irate clients who had trouble reaching us, and keep my users from having their time wasted indirectly.
The policy came up at review meetings, and was accepted company wide in several environments.
We have a *good* law on junk fax. It's very clear: unsolicited fax are illegal. We have very poor laws against telemarketers, laws aimed to permit telemarketers to continue to keep bothering you until you formally tell them to stop. There are some laws against spam, but they're extremely badly written.
Simply extending the junk fax law to cover email spam would be easy. The money saved in dealing with people's incoming spam would be more than enough to do the necessary enforcement of the laws, with such a clear law provided. Unfortunately, the efforts to expand this law have inevitably been blocked by the Direct Marketing Association.
Ranting aside, asteroid landing is pretty important if we're going to take advantage of the iron, other metals, and energy available to space travel. Solar mirrors have to be made out of something: the entire fossil and nuclear energy demands of this planet can be provided with a fairly modest set of solar mirrors. Even if you think it's unsafe or a military issue to beam the energy down to Earth, there's enough manufacturing of toxic materials and especially of cumputer chips and crystalline structures that would benefit from operating in orbit instead of on the ground, where it's more idfficult and expensive to control temperature, maintain purity, control temperature, and avoid gravitic problems in the formation of crystalliine or porous materials.
Asteroid visits are a wonderful step towards the industrial use of space, far more effective and useful than a Mars mission. Do the Mars mission after we have a working space station that can build things, and a reliable supply line to it.
Sure, now you and your girlfriend have a gun to call on in a family spat. You do realize how much more common domestic violence is than home invasions with someone present?
The real world is certainly more complex than the 'Prisoner's dilemma'. For example, the knowledge that you are a rat fink can shorten your life span considerably, and prevent other people from forming profitable deals with you in the future. that's something the Prisoner's Dilemma ignores.
No, *morals* are about 'the good', whether it's that of a god, a state, a family, or an individual. There are plenty of conistent and workable standards that rely on contractual agreements and the perceptible good for the individuals involved.
You seem to have fallen into the pitfall of asusming that 'good' is some kind of natural force so clear and obvious that no one could disagree with it. Unfortunately, 'good' has such malleable and often inconsistent standards that embodying it as the guiding principle of law or ethics is extremely dangerous. After all, the 'good' can mean giving up all your goods ot the church, so that your soul may prosper in the next life. It may mean killing all them uppity niggrahs cause they is threatening to sully our all-white schools with their slave ways. It may mean torturing women to death to discover a witch. It may mean dying as a heretic for teaching that we should love our god and love one another.
'The good' has been an awfully slippery concept. Believing that it's a clear absolute means you haven't been paying attention to the last few thousand years of written history.
You lost me right at "Ethics is unconcerned with the actions of others."
Most ethics are based on reciprocal relationships, which most assuredly involve the "actions of others". The rest of your lengthy argument is similarly confused handwaving.
And, by the way, most cancers are dealt with automatically by the body's own immune system. It's only exceptional cancers that require additional, externally provided control, particularly when the immune system is compromised and the cancer manages to gain control of enough blood supply to foster its growth. Environmental factors can help encourage cancerous growths, such as smoking or sunburn. But make no mistake, cancer is an unavoidable part of normal biology and is usually dealt with as such.
You're right that it's neither left nor right, neither karmic or non-karmic, it simply is... wildly confused and mistaken about fundamentals of law and biology.
> First of all, there's no such thing as "property" no matter who insists upon it
Here, I fixed that for you. After all, if you're going to ignore the entire body of copyright law since the printing of the Gutenberg Bible, and all the patent laws since the 15th century, you may as well go after money and land ownership as well.
It should really be handled by the Secret Service: they're responsible for wire fraud, as the law enforcement arm of the Department of the Treasury. They've shown little signn over the years of being competent at managing computer crime, but it is their job.
Are we discusing the same Verizon? The one that made every single failed lookup on DNS for the *.com domain, which htey manage, resolve to their advertising pages? It broke a huge number of DNS testing tools, and caused all sorts of nasty traffic problems.
The chance of Verisign blocking this kind of behavior, except to protect the turf so that only they can do it, is so small as to be the same of making SCO admit they lied about owning UNIX.
None of those have notoriously large numbers of files in one directory, which was ReierFS's selling point. A web proxy, or an NNTP server with many thousands of messages in single newsgroups, or Mailder servers with huge mailboxes? Those demand a filesystem that handles such a load well.
SuSE Linux, unfortunately, used to use ReiserFS as its default. Is this still the case?
ReiserFS has been functionally dead since the random desctruction of reiserfsck became apparent, and since ext3 came out with the imperfect but easy to support and implement journaling and Htrees to permit thousands of files in one directory, gracefully.
Excellent points: you've just described why it takes me twice as long to write things as many of my peers. It's because I try to insert comments and explaiin oddnesses. This leads to particular fun when someone else cuts and paste my code, with the comments, and fails to read them where they posted the code. It does make my debugging of their work a lot easier: it seems well worth the time.
Please allow me to correct myself you're quite right about the SSL keys, I was focusing on the SSH keys.
Except that if you can brute force the *host* keys, you can create a man-in-the-middle attack that the user cannot easily tell does not go to the same host they've always been contacting.
Of course, most SSH users don't care much about that 'your hostkey has changed, are you sure you want to contact this?' dialog, and automatically click yes or update their 'known_hosts' table, assuming that the server has been replaced without their knowledge. In fact, that's what's going to happen on every Debian or Ubuntu server that change its host key right now.
This sort of vulnerability is why security needs to be layered: SSH's habit of providing full file-system access to SSH, SCP, or SFTP clients needs to be balanced in its risk against having a properly encrypted access channel. Once an attacker has stolen the private key, or the paword, what can they do to your system? This is why SSH is a poor choice for upload or download clients: the very limited tools to chroot client access are quite limited, so you're usually giving clients way too much access to your system.
What? Verisign sells SSL keys, not SSH keys. That's a very different market: SSH keys are not signed by a central authority and ideally are generated by the user.
You've a good point about the Linux kernel not directly applying to your library issue: it seems a very similar situation, however, with numerous utilities directly editing it and adding to it but retaining a distinct source tree. It does contaminate the kernel licensing to install such modules, and we know how to deal with it.
Do you have a good pointer to the glibc licensing discussion you mention? I thought that was rather stable licensing, and I just don't see how writing a normal program that uses glibc as a shared library, for example, can be considered to run so afoul of the LGPL as it stands.
The GPL allows you to recode your work from scratch to achieve the same results, under a different license. Microsoft licenses do not. This is pretty important.
Don't blame the FSF for this. As some people and some companies have gotten more creative with their 'interpretations' and flat-out ignoring the GPL licenses, the FSF has been forced to get more subtle to address the different needs of people. So we have multiple licenses. They're fairly well written, and require no more attention than most closed source licenses. Library linking isn't the problem you seem to think, or glibc and the Linux kernel would be much more adventurous to license.
Many projects have become abandoned over the years, and their remaining few users labor on without a well handled bug procedure or central code line. Many open source projects are also slight variations of other, related projects. If you can't integrate your features into an existing codebase (which is what you're asking other people to do for you!), how can you expect them to contribute to your project? We really don't need yet another web administration tool that will be abondoned in a year, or yet another on-line messaging system.
So the abandoned users and administrators of other projects may make helpful assistants for your new project, and be able to warn you away from repeating similar errors. Look for them.
Are you sure your 'girlfriend' doesn't think it's 'unsolicited'? It might be a hint that your mail looks like fraudulent advertising.
Yes, there is such a thing. An SMTP-AUTH authenticated server works well, and it's straightforward to publish SPF records for other mail servers to filter a lot of forged email, especially the bounces you've been seeing. (SPF is worth looking up: Google does publish SPF records in their DNS.) SPF got crippled by a Microsoft 'embrace and extend' operation involving SenderID keys and mislabeling SenderID based SPF tags as plain SPF. IT got
I've previously blocked aol.com and hotmail.com entirely from corporate mail servers, because for the amount of money wasted providing filtering servers and wasting technical person time explaining to users that it was spam or worms, we could hire a phone team to handle any irate clients who had trouble reaching us, and keep my users from having their time wasted indirectly.
The policy came up at review meetings, and was accepted company wide in several environments.
Oh, my. Blaming other people is quite common: take a look at the SCO lawsuits blaming Linux for their losses in sales.
We have a *good* law on junk fax. It's very clear: unsolicited fax are illegal. We have very poor laws against telemarketers, laws aimed to permit telemarketers to continue to keep bothering you until you formally tell them to stop. There are some laws against spam, but they're extremely badly written.
Simply extending the junk fax law to cover email spam would be easy. The money saved in dealing with people's incoming spam would be more than enough to do the necessary enforcement of the laws, with such a clear law provided. Unfortunately, the efforts to expand this law have inevitably been blocked by the Direct Marketing Association.
Ranting aside, asteroid landing is pretty important if we're going to take advantage of the iron, other metals, and energy available to space travel. Solar mirrors have to be made out of something: the entire fossil and nuclear energy demands of this planet can be provided with a fairly modest set of solar mirrors. Even if you think it's unsafe or a military issue to beam the energy down to Earth, there's enough manufacturing of toxic materials and especially of cumputer chips and crystalline structures that would benefit from operating in orbit instead of on the ground, where it's more idfficult and expensive to control temperature, maintain purity, control temperature, and avoid gravitic problems in the formation of crystalliine or porous materials.
Asteroid visits are a wonderful step towards the industrial use of space, far more effective and useful than a Mars mission. Do the Mars mission after we have a working space station that can build things, and a reliable supply line to it.
Sure, now you and your girlfriend have a gun to call on in a family spat. You do realize how much more common domestic violence is than home invasions with someone present?
Then you believe that suicide bombing will go away because the bombers know they will die?
Capital punishment has its uses, but as a deterrent it's pretty limited.
The real world is certainly more complex than the 'Prisoner's dilemma'. For example, the knowledge that you are a rat fink can shorten your life span considerably, and prevent other people from forming profitable deals with you in the future. that's something the Prisoner's Dilemma ignores.
No, *morals* are about 'the good', whether it's that of a god, a state, a family, or an individual. There are plenty of conistent and workable standards that rely on contractual agreements and the perceptible good for the individuals involved.
You seem to have fallen into the pitfall of asusming that 'good' is some kind of natural force so clear and obvious that no one could disagree with it. Unfortunately, 'good' has such malleable and often inconsistent standards that embodying it as the guiding principle of law or ethics is extremely dangerous. After all, the 'good' can mean giving up all your goods ot the church, so that your soul may prosper in the next life. It may mean killing all them uppity niggrahs cause they is threatening to sully our all-white schools with their slave ways. It may mean torturing women to death to discover a witch. It may mean dying as a heretic for teaching that we should love our god and love one another.
'The good' has been an awfully slippery concept. Believing that it's a clear absolute means you haven't been paying attention to the last few thousand years of written history.
You lost me right at "Ethics is unconcerned with the actions of others."
Most ethics are based on reciprocal relationships, which most assuredly involve the "actions of others". The rest of your lengthy argument is similarly confused handwaving.
And, by the way, most cancers are dealt with automatically by the body's own immune system. It's only exceptional cancers that require additional, externally provided control, particularly when the immune system is compromised and the cancer manages to gain control of enough blood supply to foster its growth. Environmental factors can help encourage cancerous growths, such as smoking or sunburn. But make no mistake, cancer is an unavoidable part of normal biology and is usually dealt with as such.
You're right that it's neither left nor right, neither karmic or non-karmic, it simply is... wildly confused and mistaken about fundamentals of law and biology.
> First of all, there's no such thing as "property" no matter who insists upon it
Here, I fixed that for you. After all, if you're going to ignore the entire body of copyright law since the printing of the Gutenberg Bible, and all the patent laws since the 15th century, you may as well go after money and land ownership as well.
What relay did you use? The ones that handle 120V reliably tend to be rather expensive.
It should really be handled by the Secret Service: they're responsible for wire fraud, as the law enforcement arm of the Department of the Treasury. They've shown little signn over the years of being competent at managing computer crime, but it is their job.
Are we discusing the same Verizon? The one that made every single failed lookup on DNS for the *.com domain, which htey manage, resolve to their advertising pages? It broke a huge number of DNS testing tools, and caused all sorts of nasty traffic problems.
The chance of Verisign blocking this kind of behavior, except to protect the turf so that only they can do it, is so small as to be the same of making SCO admit they lied about owning UNIX.
None of those have notoriously large numbers of files in one directory, which was ReierFS's selling point. A web proxy, or an NNTP server with many thousands of messages in single newsgroups, or Mailder servers with huge mailboxes? Those demand a filesystem that handles such a load well.
SuSE Linux, unfortunately, used to use ReiserFS as its default. Is this still the case?
ReiserFS has been functionally dead since the random desctruction of reiserfsck became apparent, and since ext3 came out with the imperfect but easy to support and implement journaling and Htrees to permit thousands of files in one directory, gracefully.