Exactly what I was thinking. What happens 10 years down the line when I try to play a game or watch a Movie that has some funky DRM on it, but I can't because the company is out of business or has shutdown the DRM server.
The general answer is that features and preferences don't have zero cost. They take work to write and test, and work in the future to maintain.
Just as forking, and then contributing and maintaining two projects doesn't have zero cost either. Either all developpers work a little more to improve both versions, or one maintainer works a lot more to port every change from one version to the other (and vice-versa), or features from one will never appear in the other (which could include security patches).
Because something requires work doesn't mean the alternative requires less work.
In the real-world no one gives a shit HOW you get there, only THAT you get there.
Seriously, you anal-retentive developers are truly annoying. You not only miss the forest for the trees, you miss the forest for the bark on an individual tree.
The problem is, because of how some people choose to get there, some people don't get there at all, or get there with bruises. Not having a specification, or having one that is not enforced, lead to the web we've seen in the late 90's. "This page is optimized to be viewed with Internet Explorer with a resolution of 640x480".
Microsoft has quite a record of trying to "get there" by any means, while never caring about "how" to "get there". "Getting there" was having a computer system that even grandma could use. They managed to pull that one off alright, but without caring about "how" they got there, they now have a completely insecure and easily hacked computer system that even grandma can use.
In the long run, doing it right is always better than doing it fast.
I can't believe all the people who are freaking out about this. This isn't a remote exploit. This isn't a massive security hole. This is trivial stuff that anyone who is reasonably computer savvy should be able to do.
That's all good. Now, try doing that, but without losing all the evidence currently stored in RAM (a ramdisk, a buffer not yet sync'ed to the disk, cache, application data, etc.). The Microsoft device lets you do that : It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Yes, this is a massive security hole. The investigator only needs physical access because he wants to plug in the USB drive (probably because of procedure and need to do that to get admisible evidence). What is on the USB drive is software though, and software can be made remotely. Evil computer haxxors don't care about procedure, and they don't need physical access to use that hole.
Tools like this have existed for a long time. The fact of the matter is that unless you encrypt your hard drive and store the encryption keys somewhere NOT on your hard drive your files can be read. Ubuntu is no better than Windows here and consoles are worse (if it's privacy your after).
Please show me a tool I can simply plug into a running Ubuntu machine that would give me full access to the whole system without rebooting (thus losing all that is stored in RAM)?
FTA : It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Uh, can you point to a section of the article that indicates that intential security holes were built in? Last I checked, if you have physical access to any computer, you can get in.
If by that, you mean "boot Knoppix, mount drive and view files", then you fail. FTA:
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
The thing cracks passwords and gives access to the content of the machine without a single reboot, so I guess it needs quite a wide security hole in the currently running operating system to do that.
Yup, but would the aforementioned person new to linux and uninformed of such things know about this? I'm not disputing that repositories exist, its more that they aren't made seamlessly available.
The aforementionned person new to linux will get Ubuntu. Fedora is not a distro aimed to ease desktop use at all cost, it is a general purpose operating system with lots of tools that happens to have a desktop. Ubuntu, on the other hand, is trying to deliver the full desktop experience to the user.
I would find an RPM of something I wanted to install, it required me to first find and install another RPM, etc. Sometimes one of the dependant RPM's would not install, because I had a newer/older version for another program. Apt-get has worked flawlessly for me, and the HUGE pool of apps that just work has made it so I almost never have to search for.DEB files.
Comparing RPM to apt-get is apples to oranges. Either compare RPM to DEB, or yum to apt-get. I never had to bother with dependencies when using yum, just as you've never had to bother with dependencies using apt-get.
Anyone have a link, or know off-hand, the major differences between this and the latest Ubuntu release? I realize there's the APT/RPM difference, but aside from that, what is notable?
You may get upset by me standing on a public road and gawking at it for the whole day, but there is not anything you can do about that (unless I make any threatening comments about my future intent).
True, but I can get upset by you trespassing on my private property and gawking at the outside of my house for the whole day. This isn't about "seeing the house from a public street", it's about "trespassing on private property and then taking pictures and posting them online without permission".
This is stupid. How did Google trespass? Did they at any point drive on any private roads? Doubtful. Did they sneak onto private property to take pictures? Really unlikely.
From the lawsuit:
6. At the beginning of Oakridge Lane, there is a clearly marked "Private Road" sign.
9. Plaintifs [...] discovered that Google had taken pictures of their residence, including the swimming pool, from a vehicle in their residence driveway without obtaining any privacy waiver or authorization.
11. [...] To drive up Plaintiffs' driveway and stop in proximity to the residence, garage and swimming pool, Defendant significantly disregarded Plaintiffs' privacy interests.
So yeah, they trespassed, drove up a private driveway and took pictures.
I'm all for Google taking pictures of public streets, but going on private roads and taking pictures of houses from the driveway, they crossed the line.
I know we're talking about Comcast here, but at that price, the service better be damn good and they better not block P2P. 50Mbps for $150 a month is typical american rippoff from an ISP. Up north, Videotron offers 50Mbps (althouh only 1Mbps up) for $80.
What I found equaly interesting in the report is the lack of mention of Dell and Ubuntu in the list. From most estimates Ubuntu leads the pack as far as desktop installs are concerned, and Dell had promised better driver support for their Linux PCs.
What I found equally interesting in your post is that in the report (not the press release), the very first paragraph explains why Dell and Ubuntu are off the list.
The kernel is a relatively small part of the software on a full Linux system (many other large components come from the GNU project, the GNOME and KDE desktop projects, the X.org project, and many other sources), but it is the core which determines how well the system will work and is the piece which is truly unique to Linux.
I doubt Canonical is populated by a bunch of kernel hackers. They might contribute a whole lot for Free Software, they just don't work on the kernel.
My little cousin got a nerf bow at a birthday, first thing his big brother did when he got his hands on it was to stick a pointy toothpick in the foam arrow and to shoot at balloons next to the parents chatting in a corner.
If a ban of NERF guns can be rationalized by rationalized by some kid putting toothpicks in foam arrows, then a ban on real guns can be rationalized by criminals using them to kill people.
Although... Some LARPers build some very nice equipment. Maybe some folks had modded their Nerf guns so they looked more realistic - repainted them or something.
True. There are some toy guns that might appear dangerous at first sight. A toy gun should always look like a toy. I got one of these and it's pretty fun to play with, and it looks like a toy. Although this version of the same gun looks really cool, it's too ambiguous for me to be comfortable with, and someone with an untrained eye could get scared at first sight.
Unless you're suggesting that if a person born in Japan came to the U.S. and became a citizen they are somehow no longer japanese.
Laws concerning citizenship differ from one country to the next. Some countries, like Germany, don't allow for multiple-citizenships. So if a German comes the the U.S. and becomes a citizen, they are no longer a German. Also, in some countries (including the US since the 14th amendment), anybody that is born in the country is automatically a citizen, no matter where the parents come from. In some other countries (e.g. Japan), simply being born on the territory doesn't make you a citizen. So an pregnant american woman giving birth to a child in Japan would not see her child get Japanese citizenship. Heck, in Saudi Arabia, "exercising another citizenship" is a crime (according to Wikipedia).
So depending on Russian laws concerning citizenship, even if the guy was born in Russia, he may not be Russian anymore.
I'd say it would be pretty hard to convince a judge that a person who clicked on a link thinking they were getting child porn wouldn't normally do that.
Except they have no proof that the person clicked on a link thinking they were getting child porn. Since they were only logging requests and not referers, any link with a more legitimate label would have gotten him flagged. In a web where everything is hyperlinked, all visitors of one web page do not come from the same page.
Take it down to $100, and most people will report it to their banks, who will either eat the loss as part of the cost of doing business (it's worth losing $100 to keep a customer for most banks) or pass it onto the merchant, who may claim on their insurance. Do this to each of the ten thousand users in a botnet, and you've got a million dollars.
If the bank has to eat the loss of $100 once, they'll just do it and move on. However, if they have to eat the loss of $100 ten thousand times, chances are they will begin to care and investigate.
If you come to an employer which has already invested many man-hours in training to use such software and many thousands on licensing it, then you will have no job.
If your employer comes to you and says "Make this piece of software work, we need it for the business" and you refuse because it needs admin privileges, sooner or later (probably sooner) you will have no job.
If the software is closed-source, then I'll just ask my employer to ask the vendor to fix their software as it is unusable. While I am a developer, I did not develop this software, and I could fix it if it were open source, but it's not, so only the vendor can fix it. If it doesn't work as advertised, take it up with the legal team, I don't care. If it works as advertised (and it was advertised as "only works with admin privileges"), then I'll make the traditional car analogy: "It's as if a car came with a warning that said 'This car can only function if you don't use the seatbelts'." I'll still refuse to use it, and if I'm out of a job, so be it.
But guess what, I don't care. I'm competent and confident in my skills. I will find another job. One that does not require me to support and maintain a vulnerable network because of some low quality software.
The role of IT is to make something work. If that means ugly hacks, firewalled subnets or other measures in order to mitigate the idiocy of some commercial piece of software, 9 times out of 10 that's less work than re-engineering the business around some other piece of software.
90% of the cost of any software is maintenance. Ugly hacks, firewalled subnets or other measures in order to mitigate the idiocy of some commercial piece of software will still bite you in the ass regularly 10 years after implementing those ugly hacks. Using a decent piece of software from the start might cost more up front, but will make everybody's life easier in the long run. If your employer can't understand something that simple, then you need a new employer.
And that's a great idea, until you end up with a piece of required software that refuses to run without local admin privileges on the computer...
If a piece of software needs admin privileges for no obvious reason will have lost me (and all the PCs I control) as a customer, at least until they fix their act.
Spending 20 hours to make $200 (which is really $120 after taxes) means you're making less than minimum wage.
If you'd rather flip burgers for 20 hours to make that kind of money, good for you. But being paid $200 for 20 hours of entertainment beats being paid to work at minimum wage. Heck, it even beats paying for entertainment.
Taking their license away would potentially hurt the customers even more. The solution is much simpler - money. Fine them, and keep raising the fines until it becomes more cost effective for Comcast to behave. Money is a fantastic motivator.
Won't Comcast then just increase the price of their service to cover the fines? Their customers can't change ISP to get a better now because they lack choice, they won't be able to change ISP to get a lower price then either.
Slashdot Mirror
It's happened before.
Just as forking, and then contributing and maintaining two projects doesn't have zero cost either. Either all developpers work a little more to improve both versions, or one maintainer works a lot more to port every change from one version to the other (and vice-versa), or features from one will never appear in the other (which could include security patches).
Because something requires work doesn't mean the alternative requires less work.
The problem is, because of how some people choose to get there, some people don't get there at all, or get there with bruises. Not having a specification, or having one that is not enforced, lead to the web we've seen in the late 90's. "This page is optimized to be viewed with Internet Explorer with a resolution of 640x480".
Microsoft has quite a record of trying to "get there" by any means, while never caring about "how" to "get there". "Getting there" was having a computer system that even grandma could use. They managed to pull that one off alright, but without caring about "how" they got there, they now have a completely insecure and easily hacked computer system that even grandma can use.
In the long run, doing it right is always better than doing it fast.
That's all good. Now, try doing that, but without losing all the evidence currently stored in RAM (a ramdisk, a buffer not yet sync'ed to the disk, cache, application data, etc.). The Microsoft device lets you do that : It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Yes, this is a massive security hole. The investigator only needs physical access because he wants to plug in the USB drive (probably because of procedure and need to do that to get admisible evidence). What is on the USB drive is software though, and software can be made remotely. Evil computer haxxors don't care about procedure, and they don't need physical access to use that hole.
Please show me a tool I can simply plug into a running Ubuntu machine that would give me full access to the whole system without rebooting (thus losing all that is stored in RAM)?
FTA : It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
If by that, you mean "boot Knoppix, mount drive and view files", then you fail. FTA:
The thing cracks passwords and gives access to the content of the machine without a single reboot, so I guess it needs quite a wide security hole in the currently running operating system to do that.
The aforementionned person new to linux will get Ubuntu. Fedora is not a distro aimed to ease desktop use at all cost, it is a general purpose operating system with lots of tools that happens to have a desktop. Ubuntu, on the other hand, is trying to deliver the full desktop experience to the user.
Comparing RPM to apt-get is apples to oranges. Either compare RPM to DEB, or yum to apt-get. I never had to bother with dependencies when using yum, just as you've never had to bother with dependencies using apt-get.
KDE 4, among other things.
True, but I can get upset by you trespassing on my private property and gawking at the outside of my house for the whole day. This isn't about "seeing the house from a public street", it's about "trespassing on private property and then taking pictures and posting them online without permission".
From the lawsuit :
6. At the beginning of Oakridge Lane, there is a clearly marked "Private Road" sign.
9. Plaintifs [...] discovered that Google had taken pictures of their residence, including the swimming pool, from a vehicle in their residence driveway without obtaining any privacy waiver or authorization.
11. [...] To drive up Plaintiffs' driveway and stop in proximity to the residence, garage and swimming pool, Defendant significantly disregarded Plaintiffs' privacy interests.
So yeah, they trespassed, drove up a private driveway and took pictures.
I'm all for Google taking pictures of public streets, but going on private roads and taking pictures of houses from the driveway, they crossed the line.
I know we're talking about Comcast here, but at that price, the service better be damn good and they better not block P2P. 50Mbps for $150 a month is typical american rippoff from an ISP. Up north, Videotron offers 50Mbps (althouh only 1Mbps up) for $80.
What I found equally interesting in your post is that in the report (not the press release), the very first paragraph explains why Dell and Ubuntu are off the list.
I doubt Canonical is populated by a bunch of kernel hackers. They might contribute a whole lot for Free Software, they just don't work on the kernel.
If a ban of NERF guns can be rationalized by rationalized by some kid putting toothpicks in foam arrows, then a ban on real guns can be rationalized by criminals using them to kill people.
True. There are some toy guns that might appear dangerous at first sight. A toy gun should always look like a toy. I got one of these and it's pretty fun to play with, and it looks like a toy. Although this version of the same gun looks really cool, it's too ambiguous for me to be comfortable with, and someone with an untrained eye could get scared at first sight.
I've yet to see a news story mentionning the use of bazookas during an armed robbery. Care to share your sources?
I bet noreply.com would get just as much mail, and the domain is for sale now.
Actually, I think the whole meme reads as such :
- Information wants to be free
- Entertainment wants to be paid
- You just want to be cheap
Laws concerning citizenship differ from one country to the next. Some countries, like Germany, don't allow for multiple-citizenships. So if a German comes the the U.S. and becomes a citizen, they are no longer a German. Also, in some countries (including the US since the 14th amendment), anybody that is born in the country is automatically a citizen, no matter where the parents come from. In some other countries (e.g. Japan), simply being born on the territory doesn't make you a citizen. So an pregnant american woman giving birth to a child in Japan would not see her child get Japanese citizenship. Heck, in Saudi Arabia, "exercising another citizenship" is a crime (according to Wikipedia).
So depending on Russian laws concerning citizenship, even if the guy was born in Russia, he may not be Russian anymore.
Except they have no proof that the person clicked on a link thinking they were getting child porn. Since they were only logging requests and not referers, any link with a more legitimate label would have gotten him flagged. In a web where everything is hyperlinked, all visitors of one web page do not come from the same page.
If the bank has to eat the loss of $100 once, they'll just do it and move on. However, if they have to eat the loss of $100 ten thousand times, chances are they will begin to care and investigate.
If the software is closed-source, then I'll just ask my employer to ask the vendor to fix their software as it is unusable. While I am a developer, I did not develop this software, and I could fix it if it were open source, but it's not, so only the vendor can fix it. If it doesn't work as advertised, take it up with the legal team, I don't care. If it works as advertised (and it was advertised as "only works with admin privileges"), then I'll make the traditional car analogy: "It's as if a car came with a warning that said 'This car can only function if you don't use the seatbelts'." I'll still refuse to use it, and if I'm out of a job, so be it.
But guess what, I don't care. I'm competent and confident in my skills. I will find another job. One that does not require me to support and maintain a vulnerable network because of some low quality software.
90% of the cost of any software is maintenance. Ugly hacks, firewalled subnets or other measures in order to mitigate the idiocy of some commercial piece of software will still bite you in the ass regularly 10 years after implementing those ugly hacks. Using a decent piece of software from the start might cost more up front, but will make everybody's life easier in the long run. If your employer can't understand something that simple, then you need a new employer.
If a piece of software needs admin privileges for no obvious reason will have lost me (and all the PCs I control) as a customer, at least until they fix their act.
If you'd rather flip burgers for 20 hours to make that kind of money, good for you. But being paid $200 for 20 hours of entertainment beats being paid to work at minimum wage. Heck, it even beats paying for entertainment.
Won't Comcast then just increase the price of their service to cover the fines? Their customers can't change ISP to get a better now because they lack choice, they won't be able to change ISP to get a lower price then either.