I'm sorry, but the CANSPAM act actually helps spammers. It over-rides much stronger laws at the state level, and the provision of "including an opt-out" and have a "legitimate description" and using a "valid email" address are trivial to circumvent.
Either purchase what is called a "pink contract" from your ISP, which allows you to spam, or simply use a series of throw-away sender accounts. Each is legitimate, but each is used to harvest the "opt-out" addresses and use them for the next spam for a slightly different product or for a distinct username with the same product. This kind of abuse is trivial, and already widely in practice.
What needs to be forbidden is the sending of unsolicited bulk communications: not "spam" as in "advertising", because that's too hard to decipher in court and gets into First Amendment issues. But outlaw unsolicited bulk communications of *any* sort: advertising, religious spew, political campaigning, etc. People can sign up to get email from you, but as soon as you start sending it unsolicited, face criminal penalties.
This kind of law has been in place for many years, successfully, for junk fax. The CANSPAM act is aimed at the wrong target: it's aimed at fraud, not at spam.
And a pile of sand and metal ore can be turned into any computer you want. There are too many options, and it's dissipating the development effort into a bunch of very silly avenues instead of actually handling features like speed, user configuration of the options that users actually want instead of just what the developer just learned about, etc.
Complex "environment managers" are usually a bad idea: when they break, they break so badly they leave you crippled. For example, what idiot decided to make various Gnome tool installations dependent on installing that CPU pig Nautilus?
Try Norway. The xs4all.nl servers have been surviving all sorts of attempts to shut them down for bad reasons, ranging from their publication of encryption tools that are controlled by the US encryption export regulations as "munitions" to embarassing documents about Mormons, Scientologists, Rev. Moon, George Bush, and other cult leaders.
I love them to pieces, they do a lot of really good work to protect free speech and help truth get published.
Not under the Patriot Act: the level of judicial review is non-existent, they don't need a court order, and you can't even go screaming to the press about how you and why you got raided. The ACLU is going nuts because it can't publish information about cases it is trying to fight the nastier bits of the Patriot Act, not even their client's names or what was seized. It makes it very tough to get the law changed when it's illegal to discuss the effects of the law.
No. The FBI, among other things, is in the business of following the president's and their director's orders. This can, and historically has, included blatantly illegal acts from the faking of subversive activities to discredit "leftists" in the 1960's to their handling of Whitey Bulger as both a Boston gangleader and mob informant, done so badly that the FBI actually helped convict innocent people of murder to protect Whitey.
Many FBI agents are competent investigators dedicated to fighting bad people who commit crimes. Their directors often are not.
Guilty or not of any crime, which is a matter for a trial to decide, you still have to obey the subpoena or face having your facilities closed, and potentially getting arrested and hauled off to jail while clueless people rip equipment out of your racks.
I urge you to take a look at the history of anon.penete.fi, the anonymous remailer, and how it got shut down due to being raided for the name of a person who posted secrets about Scientology, and the police were falsely told that anon.penet.fi had actually been used to steal the secret documents. (The documents in question had been available in California court records for years: the Scientologists just wanted them secret because they're so embarassing.)
Unfortunately, the provisions of the new "Patriot Act" are so nasty that if invoked, RackSpace may be prohibited from even admitting that they were raided. Take a look at the Patriot Act provisions about getting names from libraries of who checks out books and the inability of the library to every discuss the matter: the law is incredibly nasty.
Training hackers is like hiring Kevin Mitnick to report on hackers for you. They will not only disobey you, they will attack your own systems for fun and games.
Nope. The plan is to put the trusted computing features on the CPU. You're going to stop buying CPU's, or deliberately buy crippled motherboards that can't use the feature set?
Nope. This will do *NOTHING* against spyware, because most spyware follows things that you authorize it to follow by clicking on and installing the software. By being a "legitimate" product, they will get their keys signed to install on your system and monitor your web cookies and proxy traffic and play with your DNS services, just as they do right now.
You may not be able to avoid it. Look for CD's and DVD drives to come with built-in "trusted computing" features to prevent their use in "unauthorized" applications. If it's integrated into the CPU, as is eventually planned under Microsoft's renamed "Palladium" initiative, then it'll be vastly, vastly tougher to simply work around by software techniques or add-on modchips.
Hmm. It would be obvious, but so are various other behaviors of theirs. Given their demonstrable immunity from criminal liability for, say, stealing VMS from DEC and relabeling it as the Windows NT kernel, I'm afraid they will keep trying.
Intel has been negotiating with Microsoft for at least 2 years now to integrate this technology right into the CPU's, as part of the old "Palladium" project which has simply been renamed "Trusted Computing".
We'll see if AMD buys into this: I'd bring popcorn and a soda to see that business meeting with Microsoft.
"Trusted Computing" is actually spelled "Palladium".
Look up the keyword "Palladium" and "Brian LaMacchia" to see what Microsoft plans for this hardware based feature set. It's simply been renamed "Trusted Computing", but it's the same developers with the same goals: signatures on software and hardware to prevent any "un-authorized" use of them.
Checksumming or authenticating software packages is quite reasonable, and verifying the identity of hardware components for security hardware is also desirable. But the screwball, closed source nature of these tools and their implementation at the motherboard level means that while Microsoft software will be promised, *promised* to work without this signature software in the near future, working only with this kind of authentication can be planned in the 5 to 10 year timeframe for the Windows and Office and games and DVD/CD burner software upgrade paths. And the closed nature of the key repositories can be used to keep open source developers from releasing open source products that can do these functions, since the signatures will be prohibitively expensive.
Michael, I'm afraid you're mistaken. No processes will be allowed to run on your machine that *Microsoft* or a similar vendor did not specifically authorize. This means that the boot loader can be signed to prevent you from running a non-Windows operating system, a CD or DVD or hard drive disk can be signed to prevent legal and authorized duplication for what is legal home copying, and emulation software such as OpenOffice can be prevented from making the system calls to open data files generated with Microsoft Office, helping keep the Microsoft monopoly locked up.
Moreover, it can prevent experimenters from being able to design new drivers and software tools to work with the crypto-authorized hardware without spending very large amounts of money on development tool suites with frankly larcenous intellectual property agreements.
This development is potentially extremely nasty: while we're somewhat paranoid about it, the history of abuse of standards to lock customers into their monopoly justifies extreme concern about what Microsoft might do with these features.
Regression testing Gentoo isn't possible. For typical commercial use, or even reliable user applications such as game servers, you need a binary package manager, not a "rebuild everything from source" compiler-based distribution.
So Gentoo is fun and useful and neat, I use it myself for some purposes. But it hardly makes other distros obsolete. OK, maybe it makes Debian obsolete....
The openness promotes evolutionary diversity. The separate distributions produce "hybrid vigor", where the developments that enhance one set of features in one environment become more effective (such as security). In another environment, where other features are important, they become more enhanced (such as usability). Eventually, they get to compare the features of the development if not the completed version, and then cross-breed to produce a better tool.
It would be lovely to be able to plan where to spend the development in advance and aim it at the perfect tool. But hey, this is development: such planning isn't completely possible, and letting interested people try to put it together in different ways creates vastly more robust tools than those created with a "single vision".
What company sold him this piece of unfortunate bodily fluid?
Take a look at www.pcsforeveryone.com and even if you don't care to buy from them, select your components based on the Linux compatibility reviews there. I find them to be a gold mine for Linux hardware reviews.
IBM isn't the big buyer. Intel, by manufacturing the chips to support the technology, is, and Microsoft has been collaborating with them to integrate the capability into the motherboard/CPU.
As near as I can tell, this project is far from dead, it's just been renamed a few times. Brian LaMacchia, formerly of the.NET project, is still apparently up to his armpits in it, and they've learned not to make announcements or discuss plans for it in front of people who know enough to see the potential abuse by a central authority controlling MBR and hardware activation.
I've bought hundreds, probably thousands that way: unfortunately, the best vendor prices don't yet come without the MS tax and pre-installed MS on it, and wiping the MS and replacing it with Linux on common hardware is much, much, much faster and cheaper than building hardware from scratch.
Only a few vendors so far have been willing to pre-install Linux: Dell did for a while, but gave up under pressure from Microsoft.
Ahh, basic business tactics 101. If Microsoft can continue with their illegal monopolistic practice of forcing vendors to pre-install Windows on every CPU they sell, under the theory that "they're all being used to run Windows anyway", it helps their bottom line and helps them keep it pre-installed on all boxes so people won't bother to throw away the Windows and install Linux. They've already paid for the Windows anyway, and since most vendors won't sell the hardware without some OS and only provide Windows, customers don't see the Windows cost.
Vendors *do* want to have some base OS installed on the hardware for testing and support reasons: giving the customer something they then have to install on takes away the vendor ability to say "it worked when it left the factory" or "what does this test say? Oh, your CD drive is dead, let's just replace that."
Your points about the Microsoft tax are well-taken. In addition, keep a very close on Microsoft's "Palladium" initiative which is designed to require Microsoft-designed authentication keys to run key components, such as, say, your CD-R drive and DVD player and have your *CPU* and *BIOS* designed to prevent you from using features such as a read/write drive or even a bootloader unless it is signed by the authentication key signatories.
Re-read that carefully, and look it up on the web. They want control over your CD-RW/DVD-RW drives and your boot loaders, under the guise of "controlling piracy". This would allow them to block the use of non-Microsoft boot loaders or boot CD's, preventing the use of any operating system but Microsoft.
The server/client problem with losing track of the state of disconnected partners and never clearing the mount from the client or the server dates right back to early SunOS, and remained in place in Solaris 2.8 to my certain knowledge. It can be intriguingly worse in cross-platform Linux environments because some idiots don't know enough not to write constantly updating log files to an NFS mounted directory, even an auto-mounted one and thus prevent it from ever expiring and unmounting, and that makes the problem even tougher to clear up.
From my limited experience with them, the BSD's and MacOS are no better at this: they also become quite confused by disconnected servers. And don't even *think* about using a Windows implementation of NFS, or you'll spend more of your life than you want trying to clean up this kind of issue.
The point about no security is that in most mixed environments, it's far too painful to implement a secure NIS, in particular due to failures of other OS's to stay caught up. Linux is actually quite good about this, but try mixing in MacOS, IRIX, and weird-ass Windows NFS clients, and forget it. It can't be done, especially since all of them have wildly different code bases and most of them are closed source.
However, you can install AFS or OpenAFS on all or almost all of these, and even integrate Kerberos with a reasonable amount of work to get a much more secured and robust cross-platform file access system.
Have you ever tried getting "Secure NFS" working? Just on Suns of different releases, not including Linux, NetApps, MacOS, network file servers, or any other of the NFS implementations, or getting server fallover behavior to work correctly?
It's pretty damned painful. Give Sun credit for buying up OpenOffice and keeping it alive, and give them credit for Java, but NFS should go back to the drawing boards.
No, NFS has been broken since day one. Turning on and off either a server or a client for long enough (say an hour) confuses both the server and other clients and can cause both the server and every other client to require rebooting to clear the state, even if you use automounting. It's aggravated when people do stupid things like set NFS disk caches to be written to by cron jobs or log processes, but ye ghods it's bad.
Add in its typical use with no security whatsoever in cross-platform environments and its inability to properly handle subdirectories that require different export permissions from their parent directories, and you have disasters in the making.
OpenOffice is worth it: they can just take NFS back until they get it right, though.
Sun has had weird relationships with lots of open source projects that cut into their planned markets, ranging from X-windows to gcc, from their embracing of AT&T style UNIX over BSD style UNIX with the release of Solaris, to their on-again/off-again friendliness to open source work with Java that might remove their leadership in its planned development.
It certainly wouldn't shock me if they once again try to push new products and tools that allegedly run only on their proprietary hardware, only to find that basic services run much faster on the same hardware using one of the Linux distributions.
Not without a subpoena from law enforcement. As soon as they start calling law enforcement themselves, they lose "Common Carrier" status, which helps protect them from being responsible for other content they've failed to block.
Also, following such a case all the way through the courts can be extremely expensive, especially when the Direct Marketing Association steps up to advise the court or help fund the spammer's defense. It's usually just not worth the legal expense to an ISP that could use the same $100,000 following up even a small court case to buy a whole rack full of new servers for spam handling.
I'm sorry, but the CANSPAM act actually helps spammers. It over-rides much stronger laws at the state level, and the provision of "including an opt-out" and have a "legitimate description" and using a "valid email" address are trivial to circumvent.
Either purchase what is called a "pink contract" from your ISP, which allows you to spam, or simply use a series of throw-away sender accounts. Each is legitimate, but each is used to harvest the "opt-out" addresses and use them for the next spam for a slightly different product or for a distinct username with the same product. This kind of abuse is trivial, and already widely in practice.
What needs to be forbidden is the sending of unsolicited bulk communications: not "spam" as in "advertising", because that's too hard to decipher in court and gets into First Amendment issues. But outlaw unsolicited bulk communications of *any* sort: advertising, religious spew, political campaigning, etc. People can sign up to get email from you, but as soon as you start sending it unsolicited, face criminal penalties.
This kind of law has been in place for many years, successfully, for junk fax. The CANSPAM act is aimed at the wrong target: it's aimed at fraud, not at spam.
And a pile of sand and metal ore can be turned into any computer you want. There are too many options, and it's dissipating the development effort into a bunch of very silly avenues instead of actually handling features like speed, user configuration of the options that users actually want instead of just what the developer just learned about, etc.
Complex "environment managers" are usually a bad idea: when they break, they break so badly they leave you crippled. For example, what idiot decided to make various Gnome tool installations dependent on installing that CPU pig Nautilus?
Try Norway. The xs4all.nl servers have been surviving all sorts of attempts to shut them down for bad reasons, ranging from their publication of encryption tools that are controlled by the US encryption export regulations as "munitions" to embarassing documents about Mormons, Scientologists, Rev. Moon, George Bush, and other cult leaders. I love them to pieces, they do a lot of really good work to protect free speech and help truth get published.
Not under the Patriot Act: the level of judicial review is non-existent, they don't need a court order, and you can't even go screaming to the press about how you and why you got raided. The ACLU is going nuts because it can't publish information about cases it is trying to fight the nastier bits of the Patriot Act, not even their client's names or what was seized. It makes it very tough to get the law changed when it's illegal to discuss the effects of the law.
No. The FBI, among other things, is in the business of following the president's and their director's orders. This can, and historically has, included blatantly illegal acts from the faking of subversive activities to discredit "leftists" in the 1960's to their handling of Whitey Bulger as both a Boston gangleader and mob informant, done so badly that the FBI actually helped convict innocent people of murder to protect Whitey. Many FBI agents are competent investigators dedicated to fighting bad people who commit crimes. Their directors often are not.
Guilty or not of any crime, which is a matter for a trial to decide, you still have to obey the subpoena or face having your facilities closed, and potentially getting arrested and hauled off to jail while clueless people rip equipment out of your racks.
I urge you to take a look at the history of anon.penete.fi, the anonymous remailer, and how it got shut down due to being raided for the name of a person who posted secrets about Scientology, and the police were falsely told that anon.penet.fi had actually been used to steal the secret documents. (The documents in question had been available in California court records for years: the Scientologists just wanted them secret because they're so embarassing.)
Unfortunately, the provisions of the new "Patriot Act" are so nasty that if invoked, RackSpace may be prohibited from even admitting that they were raided. Take a look at the Patriot Act provisions about getting names from libraries of who checks out books and the inability of the library to every discuss the matter: the law is incredibly nasty.
Training hackers is like hiring Kevin Mitnick to report on hackers for you. They will not only disobey you, they will attack your own systems for fun and games.
Nope. The plan is to put the trusted computing features on the CPU. You're going to stop buying CPU's, or deliberately buy crippled motherboards that can't use the feature set?
Nope. This will do *NOTHING* against spyware, because most spyware follows things that you authorize it to follow by clicking on and installing the software. By being a "legitimate" product, they will get their keys signed to install on your system and monitor your web cookies and proxy traffic and play with your DNS services, just as they do right now.
You may not be able to avoid it. Look for CD's and DVD drives to come with built-in "trusted computing" features to prevent their use in "unauthorized" applications. If it's integrated into the CPU, as is eventually planned under Microsoft's renamed "Palladium" initiative, then it'll be vastly, vastly tougher to simply work around by software techniques or add-on modchips.
Hmm. It would be obvious, but so are various other behaviors of theirs. Given their demonstrable immunity from criminal liability for, say, stealing VMS from DEC and relabeling it as the Windows NT kernel, I'm afraid they will keep trying.
Intel has been negotiating with Microsoft for at least 2 years now to integrate this technology right into the CPU's, as part of the old "Palladium" project which has simply been renamed "Trusted Computing". We'll see if AMD buys into this: I'd bring popcorn and a soda to see that business meeting with Microsoft.
"Trusted Computing" is actually spelled "Palladium". Look up the keyword "Palladium" and "Brian LaMacchia" to see what Microsoft plans for this hardware based feature set. It's simply been renamed "Trusted Computing", but it's the same developers with the same goals: signatures on software and hardware to prevent any "un-authorized" use of them. Checksumming or authenticating software packages is quite reasonable, and verifying the identity of hardware components for security hardware is also desirable. But the screwball, closed source nature of these tools and their implementation at the motherboard level means that while Microsoft software will be promised, *promised* to work without this signature software in the near future, working only with this kind of authentication can be planned in the 5 to 10 year timeframe for the Windows and Office and games and DVD/CD burner software upgrade paths. And the closed nature of the key repositories can be used to keep open source developers from releasing open source products that can do these functions, since the signatures will be prohibitively expensive.
Michael, I'm afraid you're mistaken. No processes will be allowed to run on your machine that *Microsoft* or a similar vendor did not specifically authorize. This means that the boot loader can be signed to prevent you from running a non-Windows operating system, a CD or DVD or hard drive disk can be signed to prevent legal and authorized duplication for what is legal home copying, and emulation software such as OpenOffice can be prevented from making the system calls to open data files generated with Microsoft Office, helping keep the Microsoft monopoly locked up.
Moreover, it can prevent experimenters from being able to design new drivers and software tools to work with the crypto-authorized hardware without spending very large amounts of money on development tool suites with frankly larcenous intellectual property agreements.
This development is potentially extremely nasty: while we're somewhat paranoid about it, the history of abuse of standards to lock customers into their monopoly justifies extreme concern about what Microsoft might do with these features.
Regression testing Gentoo isn't possible. For typical commercial use, or even reliable user applications such as game servers, you need a binary package manager, not a "rebuild everything from source" compiler-based distribution. So Gentoo is fun and useful and neat, I use it myself for some purposes. But it hardly makes other distros obsolete. OK, maybe it makes Debian obsolete....
The openness promotes evolutionary diversity. The separate distributions produce "hybrid vigor", where the developments that enhance one set of features in one environment become more effective (such as security). In another environment, where other features are important, they become more enhanced (such as usability). Eventually, they get to compare the features of the development if not the completed version, and then cross-breed to produce a better tool.
It would be lovely to be able to plan where to spend the development in advance and aim it at the perfect tool. But hey, this is development: such planning isn't completely possible, and letting interested people try to put it together in different ways creates vastly more robust tools than those created with a "single vision".
What company sold him this piece of unfortunate bodily fluid? Take a look at www.pcsforeveryone.com and even if you don't care to buy from them, select your components based on the Linux compatibility reviews there. I find them to be a gold mine for Linux hardware reviews.
IBM isn't the big buyer. Intel, by manufacturing the chips to support the technology, is, and Microsoft has been collaborating with them to integrate the capability into the motherboard/CPU.
.NET project, is still apparently up to his armpits in it, and they've learned not to make announcements or discuss plans for it in front of people who know enough to see the potential abuse by a central authority controlling MBR and hardware activation.
As near as I can tell, this project is far from dead, it's just been renamed a few times. Brian LaMacchia, formerly of the
I've bought hundreds, probably thousands that way: unfortunately, the best vendor prices don't yet come without the MS tax and pre-installed MS on it, and wiping the MS and replacing it with Linux on common hardware is much, much, much faster and cheaper than building hardware from scratch. Only a few vendors so far have been willing to pre-install Linux: Dell did for a while, but gave up under pressure from Microsoft.
Ahh, basic business tactics 101. If Microsoft can continue with their illegal monopolistic practice of forcing vendors to pre-install Windows on every CPU they sell, under the theory that "they're all being used to run Windows anyway", it helps their bottom line and helps them keep it pre-installed on all boxes so people won't bother to throw away the Windows and install Linux. They've already paid for the Windows anyway, and since most vendors won't sell the hardware without some OS and only provide Windows, customers don't see the Windows cost.
Vendors *do* want to have some base OS installed on the hardware for testing and support reasons: giving the customer something they then have to install on takes away the vendor ability to say "it worked when it left the factory" or "what does this test say? Oh, your CD drive is dead, let's just replace that."
Your points about the Microsoft tax are well-taken. In addition, keep a very close on Microsoft's "Palladium" initiative which is designed to require Microsoft-designed authentication keys to run key components, such as, say, your CD-R drive and DVD player and have your *CPU* and *BIOS* designed to prevent you from using features such as a read/write drive or even a bootloader unless it is signed by the authentication key signatories.
Re-read that carefully, and look it up on the web. They want control over your CD-RW/DVD-RW drives and your boot loaders, under the guise of "controlling piracy". This would allow them to block the use of non-Microsoft boot loaders or boot CD's, preventing the use of any operating system but Microsoft.
We're not paranoid: they *ARE* out to get us.
The server/client problem with losing track of the state of disconnected partners and never clearing the mount from the client or the server dates right back to early SunOS, and remained in place in Solaris 2.8 to my certain knowledge. It can be intriguingly worse in cross-platform Linux environments because some idiots don't know enough not to write constantly updating log files to an NFS mounted directory, even an auto-mounted one and thus prevent it from ever expiring and unmounting, and that makes the problem even tougher to clear up. From my limited experience with them, the BSD's and MacOS are no better at this: they also become quite confused by disconnected servers. And don't even *think* about using a Windows implementation of NFS, or you'll spend more of your life than you want trying to clean up this kind of issue. The point about no security is that in most mixed environments, it's far too painful to implement a secure NIS, in particular due to failures of other OS's to stay caught up. Linux is actually quite good about this, but try mixing in MacOS, IRIX, and weird-ass Windows NFS clients, and forget it. It can't be done, especially since all of them have wildly different code bases and most of them are closed source. However, you can install AFS or OpenAFS on all or almost all of these, and even integrate Kerberos with a reasonable amount of work to get a much more secured and robust cross-platform file access system.
Have you ever tried getting "Secure NFS" working? Just on Suns of different releases, not including Linux, NetApps, MacOS, network file servers, or any other of the NFS implementations, or getting server fallover behavior to work correctly?
It's pretty damned painful. Give Sun credit for buying up OpenOffice and keeping it alive, and give them credit for Java, but NFS should go back to the drawing boards.
No, NFS has been broken since day one. Turning on and off either a server or a client for long enough (say an hour) confuses both the server and other clients and can cause both the server and every other client to require rebooting to clear the state, even if you use automounting. It's aggravated when people do stupid things like set NFS disk caches to be written to by cron jobs or log processes, but ye ghods it's bad.
Add in its typical use with no security whatsoever in cross-platform environments and its inability to properly handle subdirectories that require different export permissions from their parent directories, and you have disasters in the making.
I prefer AFS where possible.
OpenOffice is worth it: they can just take NFS back until they get it right, though.
Sun has had weird relationships with lots of open source projects that cut into their planned markets, ranging from X-windows to gcc, from their embracing of AT&T style UNIX over BSD style UNIX with the release of Solaris, to their on-again/off-again friendliness to open source work with Java that might remove their leadership in its planned development.
It certainly wouldn't shock me if they once again try to push new products and tools that allegedly run only on their proprietary hardware, only to find that basic services run much faster on the same hardware using one of the Linux distributions.
Not without a subpoena from law enforcement. As soon as they start calling law enforcement themselves, they lose "Common Carrier" status, which helps protect them from being responsible for other content they've failed to block. Also, following such a case all the way through the courts can be extremely expensive, especially when the Direct Marketing Association steps up to advise the court or help fund the spammer's defense. It's usually just not worth the legal expense to an ISP that could use the same $100,000 following up even a small court case to buy a whole rack full of new servers for spam handling.