Interesting, perhaps, though not a "primate response". It's a result of social constructions! Those social constructions are centered around areas responsible for much anxiety for people in general: work, appearance and hierarchy. So that they should have a powerful effect on the way people act is not that surprising; they probably were put a bit on edge by your appearance.
Whoa there... your comment isn't exactly a work of art either: it makes the line longer than 80 characters without a line break.
Some people say "an 80-character width limit? Maybe in the 80s!" But a few super long lines in the middle of code, which mostly contains nice short lines, are really hard to read. 80 characters for whatever reason seems to be a nice width to read. Gives enough variance in line lengths to allow you to quickly scan code structures and have room for different indenting levels (as long as you don't set up your indention like a damn fool), while avoiding those pesky super-long lines that either wrap around to the next line or force you to scroll over (depending upon editor settings).
(plus it means you can:vsp two files if you have a decent monitor, which is a big plus.)
I just created 20 new screen names and signed them all on at once.
Re:Don't expect a DMCA case
on
Bad Day To Be Sony
·
· Score: 2, Insightful
IANAL but I'm betting the EULA would be struck down as unenforceable. Of couse, that would only happen if Sony tried to enforce it, and Sony seems to be in full retreat mode over this whole fiasco right now.
Um... I don't think you understood the point. Knowing the original data and the sum, this technique doesn't actually allow you to come up with another file with the same sum. It just finds random collisions.
What is possible is the following: put one of the colliding pairs in the legit binary somewhere, and have two different versions of the binary, indistinguishable to MD5. Check that data when the program runs. If it matches exactly, run it. If it doesn't (it's from your poisoned version) install a rootkit and spyware on the machine.
Now let's say we're using a P2P system that does seeding like BT but uses MD5. Correct me if I'm wrong, but I believe the sums would be taken against compressed versions of the binary. So you'd have to build your binary so that zipped it would contain the random data. I imagine that's a little harder. Also, it would only work on zip files. If someone tgz'ed it or rar'ed it you'd be stuck. And I'm not really in the warez community here, but shouldn't these big tracker sites have feedback? So users can see if a file is corrupted?
I just don't see this causing confusion for very many users.
I certainly agree with you that speed enforcement as it currently is (here in the midwestern US at least) sucks. What's the best way to get a speeding ticket? Drive 10-15 over the limit (much faster and they'll just let you go) at night on some highway in the middle of nowhere with very light traffic (say, I-74 between Peoria and Champaign or I-57 around Paxton; if there's enough traffic that you'd actually be endangering someone the police seem much less likely to stick their nose in).
It wouldn't even have to be built into the mod system such that it gave the post in question a real boost; it could be handled as a modifier that could be enabled/disabled by users (like how they can enable any extra local modifier for comments modded with any particular label, they could have a "has good kids" modifier).
Trouble is, if this was default on, it could be badly abused by trolls (place an actual insightful comment under some nasty troll, and the nasty troll gets local modification). At least that wouldn't be as bad as actually auto-modding the nasty troll up automatically and giving its poster extra karma.
Don't most MD players allow downloads to the player through USB or some such thing? The thing that sucks is uploading to a computer; on a typical "consumer" model the only way to do it is at 1x speed through the line-out port. "Professional" models aimed at musicians allow bi-directional fast digital transfer. I actually don't own one, I just know some music majors at my University that use them to record their practice sessions for later listening and sometimes archiving. If they have a good microphone they use them to record recitals. Unfortunately they usually buy the models that don't have fast digital upload, because those ones are too expensive. But of course IANAM and this is all secondhand knowledge.
I wouldn't be surprised if more people used MD for this type of thing than for music playback, at least where I'm at that's the case.
At this point, aren't you just as well off telling users, "Just use a laptop," and having ethernet jacks in the wall or wifi? That way you aren't putting your own computer hardware at risk. Yes, hardware can be reasonably-well protected, just as a network can be reasonably-well secured, but it would be much cheaper and easier in my opinion to just offer up tables, chairs, wifi and ethernet jacks, and allow users to use the stuff they already have (P3 laptops can be had for ~$200 on eBay... which is not *that* much more than a bootable USB HD). And that way users' OSes only have to be configured for one set of hardware: their own.
Yeah, rootkit if you're running Windows with Admin powers and autoplay turned on. Otherwise just the track that follows the CDDA standard is used.
Good luck to any CD technology that tries to install anything on my GNU/Linux box if I don't even mount any filesystem that may or may not exist on the disk. They'd pretty much have to find an exploit somewhere in a CD-playing library.
And if anyone did something that drastic, they'd be like the newest Windows DRM music files: "Sued for sure!"
The "anything with a keyboard and display must run Windows only" part. I tried to do a Google search and came up empty-handed, even in the many pages and articles I read where MIT students talked about how they didn't want undue MS influence because of the donation. Do you have some kind of source for that, because I'd really be interested to read it; as an engineering undergrad (University of Illinois) I see corporate influence in many areas around school but I've never heard of an agreement that broad or restrictive. Maybe I'm just naïve.
(I would just assume it's a troll, but you have a karma bonus, which somehow gives your words extra legitimacy... as much as any random/. poster has that...)
Windows NT and VMS isn't a conspiracy theory or a myth. It's not dirty.
Recently I heard a talk about the Windows kernel given by a guy from Microsoft. At the beginning of a talk, he said, "There are only two operating systems that matter." After the audience buzzed for a while, saying to eachother, "That jerk, Linux matters too!" or "That jerk, OS X matters too!" or "That jerk, BSD matters too!" He said something like, "You guys don't seem to like that, so what's the third?" One guy shouted out, "Windows!" The MS guy said, "Well, if you mean 'evil Windows', that is, Win95/98/ME, then it probably isn't even third. There are two operating systems that matter and they are Unix and VMS." He explained that for the most part ideas from VMS, rather than from Unix, shaped the design of the NT kernel. Looking at the Russinovich article, many of the things he lists as similarities are also similarities with Unix and many are similarities with any modern OS. Some, like the Object Manager, are specific to VMS and Windows. But overall, as long as DEC and MS came to some kind of agreement over any shared concepts or code, it's no knock on Microsoft, just as it's no knock on Linus for implementing a Unix-like OS. Better to borrow some things from a proven design and get a good product than to forge off on your own and make wierd mistakes.
So what if you do an OS upgrade? You're stuck without a browser. Oh, where would you go to get a browser? I'd probably think www.opera.com or www.mozilla.org. Shame I don't have a web browser to get there. There's FTP; who remembers FTP addresses (I'm sure I could find it.)
Internet Explorer is part of the operating system (well, it's part of the desktop environment at least). One might say it's a good thing that an operating system has a web browser in it. Or a package management system. Though as I've posted before, sometimes bastard ISPs won't let you grab a webbrowser with a package manager until you've agreed to their terms of use with a webbrowser.
Do you really think Dell would write their own custom browser? And why would anyone want to use a browser with a bunch of crappy Dell branding that would be slow to get Mozilla updates? OEMs can already install whatever they want and I even read on/. that at least one of them installs FF. Don't recall what they used for initial default browser setting. Maybe they gave users a choice. I don't know. It's just that OEMs do have to install IE, because Windows and many third-party programs depend on it (first examples coming to mind are Windows help and other apps that want an HTML renderer).
Perhaps it would be nice is MS sold Windows the desktop environment seperately from Windows the operating system. That's where the break would have to be made, IE would be on the DE side, as Konq. is on the KDE side. Of course, it would be silly since most Windows programs are the equivalent of KDE apps, they would require their particular DE to be installed anyway (even if you're not running it).
You know, I just thought of something. There's no reason for an operating system to unconditionally trust and run arbitrary binary code from a CD-ROM. And yet that's default behavior on most systems. Autoplay's "run by default" is just as bad as if a web browser runs an executable with no confirmation upon download. So certainly that aspect of Windows is *teh evile* and if any other desktop environment is considering that, they're not helping. Frankly, there's no reason to have an automatic daemon to control device mounting imho, which is why I'm glad that I use an operating system that gives me the choice to mount when I want to. Somehow I doubt this flexibility is coming soon in Windows, given Microsoft's commitment to DRM. (though I often don't place much faith in a user's ability to handle security, I think that most people could handle mounts and unmounts, particularly considering they don't even need it for audio CDs).
Wouldn't GNU/Linux be the same way if you were running as root? Aren't there lots of people that will just give up their root/Administrator passwords the second some unknown software says it needs them? There's a Sony FAQ about this software that's a few links away from the F-Secure article. It contains the following gem:
"You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you.
On Windows XP Home Edition system you will need Administrator rights (typically the default setting) as well, not User rights."
Yes, you and I realize that's some ridiculous bullshit, and that if you disable autoplay the CD will act just like, well, a Real CD. Most users will think, "I'd better figure out what these Administrator rights are and install them on my computer so I can play this CD. I hope that doesn't cost me more money." Another box popping up saying, "this program want to overrite vitalfile.sys, this is very risky, are you OK with this?" wouldn't really help anyone that didn't already know; they just want to hear their music.
You're absolutely right, though, that this does represent a problem with Windows. Windows should not allow this, Unix should not allow this, BeOS should not allow this, VMS should not allow this. Windows actually has an easier way to handle it than most OSes, since it knows about the user's GUI and can pop up an alert (the Linux kernel would have to figure out whether the user was running at the console or in X or with some other crazy setup).
I've been thinking about potential solutions; perhaps offer a physical device with which you must confirm any module load? But this handcuffs remote users (for most systems there's probably no need to ever remotely load moduls, though. I wouldn't mind, as long as there was an option.) It would be convinient if when a module was loaded for the first time the OS could analyze it and figure out what types of behavior it would modify, and present this information to the user. Though if the idea is to modify other modules, like this program seems to do, a different type of protection (probably user-level) is required.
The only real layer of security is users, because only they can overlook the technical methods that software is using to make the value judgement, "Do I want this on my computer?" Running as Administrator or root by default diminishes a user's ability to make this judgement and puts them paradoxically in less control over their computer. That is one aspect of this for sure that can be placed squarely on Microsoft and Windows. If Apple can completely switch around thier OS technology and tell companies, "if you want to run nicely on OS X then re-release all your software", then certainly Microsoft could use its gargantuan power to pressure companies to write software that follows a sane security model. It would solve many problems with Windows as it is used today.
So the problem is a monopoly offering anything under cost? How are we separating the cost of operating system and browser here? Maybe they're gouging us for the browser and selling the OS under cost. We'll never know. But let's say that PC-BSD (www.pcbsd.org, I literally heard of it less than a minute ago, but it's an example of a Free Unix that "ships" with KDE installed) by virtue of its stability, ease of use, liberal licensing and unbeatable price becomes *the* dominant operating system sometime in teh distant future. Will it suddenly run into legal problems because it bundles a web browser, an office suite (probably has KOffice though I'm not positive), a development environment, and lots of other stuff, all for free?
Yeah, that was pretty much my point too. A trick like that (which I believe is default in Gentoo, at least) may sound clever but it's no help in general against malware running as root. That said, if the malware isn't expecting it, it might cause it to fail; similarly, a rootkit can hide something from detection software it knows about. If you have unique or uncommon detection software you could still see it.
Another potential approach: root is a user, and only has as many priviledges as the kernel gives it. A kernel could be written that simply denies overwrites of certain protected files and memory regions without specific, specialized hardware confirmation (think a red button on your case). This, of course, requires specialized hardware. Or maybe the power button can be used (I think the power button is typically handled by ACPI stuff), unless that can be faked somehow. Of course, all is powerless against a local malicious user with a screwdriver/blowtorch.
And yet look at KDE. Look at any end-user-centric Unixy distro (Gentoo, Debian and the BSDs don't count here). If you consider the windowing and desktop environments to be "part of the operating system", and most people do, then these situations are exactly the same. You can't have a KDE system without Konq. And yet we don't yell, "Evil KDE! Evil Knoppix!"
Actually I was recently installing FreeBSD on a laptop. My ISP responds to any request you make with an HTML page containing its terms of service until you click the "Accept" button at the bottom. After FreeBSD gets done installing (I used a CD burned by my desktop machine for the install; these days there are 2 install CDs, the first one required with no packages and the second one a bunch of optional packages. I don't keep a stockpile of CD-Rs, so I only burned the first disk and figured I'd just install everything else later by FTP. Well, you know where this is going. Installing everything on the "required" disk (which contains some optional packages like an X server, source code, documentation and "games", all of which I installed) doesn't give you any kind of web browser whatsoever. Not even Lynx. In fact, you don't even get wget. You get telnet, but I didn't really feel like looking up the HTTP spec and typing in stuff manually. Not to say I haven't done it before;-). Eventually I had to d/l the Lynx package onto my PC and transfer it by floppy disk to the laptop, which meant I had to *find* a floppy disk, no small undertaking. Ah, but the terms of use page wanted to be over https, and default Lynx package doesn't support https (crypto export/import regs, SSLeay restrictions for USians because RSA licenses are required... not quite sure why other F/OS browsers aren't similarly affected, though SSLeay might be an odd cookie in this regard). So, grab the BSD package for Lynx w/SSL (which given the long page of possible issues at http://www.columbia.edu/~ariel/ssleay/ssleay-legal -faq.html is probably a violation of international law), it just *barely* fits on the floppy, finally get it working. Note that because of the https thing telnet with HTTP commands wouldn't have worked anyway. That makes my soul cry. I don't think you can just use SSH for that either, though; currect me if I'm wrong.
Somehow, I find myself thinking bundling wasn't such a bad idea (and yes, I know that bundling doesn't mean "do what MS did", this is just a silly story about the hassles of not having a web browser).
I thought what Microsoft got in trouble for was pressuring OEMs not to offer alternate operating systems or programs like Netscape with the threat of losing their Windows discounts or ability to ship Windows altogether. But I am not super-knowledgeable about this at all.
I know you're more a troll than anything, but as a GNU/Linux user that cares very much about Free Software, I've gotta respond to that. If everyone ran open source Unices and ran as non-priviledged users and used that "I don't automount my/boot partition but keep a dummy/boot when it's not mounted" trick (to prevent kernel image from being overwritten), there still would be scads of users that would have autorun enabled and give their root passwords out like candy on Halloween. As a fairly technologically informed type, I try to never say OK to an install I don't understand. But even sometimes I have to just trust Portage, and for someone that doesn't know much about computers such a policy would mean they'd be using a typewriter.
The idea behind insurance is to protect against the potential of huge, unpayable medical bills. That's why people buy insurance. If there wasn't a need to be protected against these costs people wouldn't buy heath insurance, pay for their bills individually and demand that the system work for them (currently, at least in the US, healthcare is excessively expensive if you go out of a network of doctors in the case of a PPO plan or if you don't operate through your primary physician in an HMO plan; at least this is my understanding, I am not a doctor, nurse, lawyer, accountant or actuary. It is a silly system: artificially raise prices, then offer huge discounts to networks. Does it make things simpler for consumers? Hard to say. I think our current system is pretty complicated.).
The need for distributing costs like this exists in health insurance. But in Internet service? How do the three other people get better service? Truly, it is difficult to determine how to split up the largely fixed costs of an ISP, but it seems logical to me to charge it's heaviest users most, regardless of how they use the service. So if they offer different levels of bandwidth/day for different amounts of money, or charge some fixed amount per month plus some amount per byte uploaded/downloaded, how does that degrade the service quality for the three small users? In my apartment there are three of us that must pay individually $20/month (and we get basic cable TV included in rent, which means that our landlord has a contract with the cable company that allows redistributing cable TV to a specific number of tenants and probably gets a pretty good rate). In my brother's apartment they can make their own Internet and cable deals and the three of them pay together $40/month for Internet plus really fancy digital cable TV service. He runs Cat5 under the doors and has hookups in every room. We've compared download speeds (though not terribly rigorously) and his appear to be comparable to mine. Because the three of them look like one person to the ISP (it's the same ISP with a different contract) they pay less for better service, though they probably use at least as many of the company's resources as we do. All because they have more ability to negotiate terms.
It would be much more fair to pay per level of routable IPs and per level of bandwidth. Users that need speed could get that, users like me that just want to run sshd could get that, users that just need to get their e-mail for cheap could get it.
Wow. This hits close to home for me... I don't have any formal database experience, and a small amount of practical experience, and this summer I had to work on a database app. In programming terms there were two data structures, that had to be linked in a many-to-many fashion. My first thought was that one should have a linked list of pointers to the other (well, it would be a linked list of IDs, not pointers). Can't do that. An array of pointers? Nope. Hmmm, I thought long and hard. Well, I thought, for this particular application we figured we'd probably only need about 100 records of the second type, so I said, AHA, I've got it! I'll use a bit vector! One bit for each record of the second type! So I put 4 integer fields in the first table and started to code up the application. (mods that have never used databases are probably thinking -1 "redundant" or +1 "interesting". mods that have used databases are probably thinking +1 "funny" or -1 "if ya like C so much why don't ya marry it")
But it just felt like the Wrong Thing, so I asked my boss and he told me to google for many-to-many tables. And now I kind of get the idea of relational databases. Sometimes I even see ways to use that kind of organization in C-style programs. I don't use it a lot, but sometimes it gives me another way to look at problems, which is helpful.
I think that "stealing cable" (obligatory "copyright infringement isn't theft" note) is exactly the same: you've signed a contract with the cable company, they're sending you data and you've signed away your right to redistribute the data. If you enter into the agreement you've gotta live by its terms. On cable TV there is a fixed set of content providers and they probably have a hand in those terms (i.e. they wouldn't sell their content to a cable company that allowed redistribution, or they would play notices on their shows that they're not to be redistributed).
Actual content providers on the Internet aren't getting paid by ISPs, they find their own ways to make money.
Anyway, for TV I'm willing to live with those terms (though I would never pay a monthly fee for passive entertainment like cable TV). For Internet service, because I'm a computer geek, I'd prefer to enter into a different kind of agreement: you sell me some amount of bandwidth, some promise of reliability, and the guarantee that if I hit up DHCP I'll get a useful IP address, I do whatever I want with those resources. Perhaps I'd agree to not redistribute the bandwidth if it got me more bandwidth or a better price. In a system like that I'm not subsidizing people that use tons of bandwidth for p2p/gaming/their pwn3d computers sending spam and they're not subsidizing me when I download boatloads of obscure OSS or spend all day posting on/..
I mean, why is it that three people that use very little bandwidth should pay more than one person that uses a lot? Because that's the business model that some ISP decided on?
Anyhow, I'm moving to a more permanent place when I get a job next year, and will have much more choice. If the mainstream providers won't give me what I want I'll at least have a choice.
That looks really awesome. I wonder if it will run on FreeBSD (my laptop is on BSD right now but if this did what I wanted to do and didn't work under BSD I'd probably put Linux on the laptop.)
Thanks for the link. It looks like logmein.com uses a communication model similar to instant messaging, where all communication between server and client goes through logmein.com's and both server and client connect to logmein.com. This model, for sure, gets around NAT successfully.
Problems in my case are:
- I don't really like the idea of my traffic going through a third-party server. It seems wasteful, even if it's perfectly secure.
- I've never used this particular service but I find most VNC/X-forwarding stuff over the Internet (unless the computers are on the same fast network) to be pretty clunky because of the size of images that have to be transferred. For example, I've used various remote technologies to log onto an instant message service on a home PC and then access that session from a remote location. X forwarding, VNC, Windows Remote Desktop. They're all (to different degrees) annoyingly slow and glitchy. Whereas naim (ncurses AIM client) + screen + ssh works really well. Generally, ssh is going to be much more responsive than forwarding your whole desktop, for obvious reasons (As it happens, Jabber solves that problem by holding messages you get while signed off, so you can just sign off on your home machine and sign back on in the remote location. MUCH better.)
- Is there a facility for file transfer? The sftp part is really much more important to me than the ssh part. It doesn't look like there's any file transfer facility except in the pay versions.
- It's Windows-only. I run Gentoo you insensitive clod!
- The client requires java or active-x to be reasonable usable. On my junky laptop that I would often use as a client, ssh would hog much less memory, cpu and screen space, and could be run from the console (it's not like X and Opera take that much time to start, but they certainly take some time!).
The real solution, that would let me run arbitrary servers, is to find a friend with a real Internet connection, and establish a tunneling connection with his network that would allow connections on certain ports to be tunneled to my computer. I don't know quite how to set that up, though. My University has a VPN server, and I can use that to basically get that type of setup, except that it's firewalled so only University computers (or other people logged into the VPN) can access my servers. I've occasionally used that. As far as I know no company offers that kind of service for free.
Slashdot Mirror
Interesting, perhaps, though not a "primate response". It's a result of social constructions! Those social constructions are centered around areas responsible for much anxiety for people in general: work, appearance and hierarchy. So that they should have a powerful effect on the way people act is not that surprising; they probably were put a bit on edge by your appearance.
Whoa there... your comment isn't exactly a work of art either: it makes the line longer than 80 characters without a line break.
:vsp two files if you have a decent monitor, which is a big plus.)
Some people say "an 80-character width limit? Maybe in the 80s!" But a few super long lines in the middle of code, which mostly contains nice short lines, are really hard to read. 80 characters for whatever reason seems to be a nice width to read. Gives enough variance in line lengths to allow you to quickly scan code structures and have room for different indenting levels (as long as you don't set up your indention like a damn fool), while avoiding those pesky super-long lines that either wrap around to the next line or force you to scroll over (depending upon editor settings).
(plus it means you can
Wow. I guess I never though of that.
I just created 20 new screen names and signed them all on at once.
IANAL but I'm betting the EULA would be struck down as unenforceable. Of couse, that would only happen if Sony tried to enforce it, and Sony seems to be in full retreat mode over this whole fiasco right now.
Um... I don't think you understood the point. Knowing the original data and the sum, this technique doesn't actually allow you to come up with another file with the same sum. It just finds random collisions.
What is possible is the following: put one of the colliding pairs in the legit binary somewhere, and have two different versions of the binary, indistinguishable to MD5. Check that data when the program runs. If it matches exactly, run it. If it doesn't (it's from your poisoned version) install a rootkit and spyware on the machine.
Now let's say we're using a P2P system that does seeding like BT but uses MD5. Correct me if I'm wrong, but I believe the sums would be taken against compressed versions of the binary. So you'd have to build your binary so that zipped it would contain the random data. I imagine that's a little harder. Also, it would only work on zip files. If someone tgz'ed it or rar'ed it you'd be stuck. And I'm not really in the warez community here, but shouldn't these big tracker sites have feedback? So users can see if a file is corrupted?
I just don't see this causing confusion for very many users.
I certainly agree with you that speed enforcement as it currently is (here in the midwestern US at least) sucks. What's the best way to get a speeding ticket? Drive 10-15 over the limit (much faster and they'll just let you go) at night on some highway in the middle of nowhere with very light traffic (say, I-74 between Peoria and Champaign or I-57 around Paxton; if there's enough traffic that you'd actually be endangering someone the police seem much less likely to stick their nose in).
It wouldn't even have to be built into the mod system such that it gave the post in question a real boost; it could be handled as a modifier that could be enabled/disabled by users (like how they can enable any extra local modifier for comments modded with any particular label, they could have a "has good kids" modifier).
Trouble is, if this was default on, it could be badly abused by trolls (place an actual insightful comment under some nasty troll, and the nasty troll gets local modification). At least that wouldn't be as bad as actually auto-modding the nasty troll up automatically and giving its poster extra karma.
Don't most MD players allow downloads to the player through USB or some such thing? The thing that sucks is uploading to a computer; on a typical "consumer" model the only way to do it is at 1x speed through the line-out port. "Professional" models aimed at musicians allow bi-directional fast digital transfer. I actually don't own one, I just know some music majors at my University that use them to record their practice sessions for later listening and sometimes archiving. If they have a good microphone they use them to record recitals. Unfortunately they usually buy the models that don't have fast digital upload, because those ones are too expensive. But of course IANAM and this is all secondhand knowledge.
I wouldn't be surprised if more people used MD for this type of thing than for music playback, at least where I'm at that's the case.
At this point, aren't you just as well off telling users, "Just use a laptop," and having ethernet jacks in the wall or wifi? That way you aren't putting your own computer hardware at risk. Yes, hardware can be reasonably-well protected, just as a network can be reasonably-well secured, but it would be much cheaper and easier in my opinion to just offer up tables, chairs, wifi and ethernet jacks, and allow users to use the stuff they already have (P3 laptops can be had for ~$200 on eBay... which is not *that* much more than a bootable USB HD). And that way users' OSes only have to be configured for one set of hardware: their own.
Yeah, rootkit if you're running Windows with Admin powers and autoplay turned on. Otherwise just the track that follows the CDDA standard is used.
Good luck to any CD technology that tries to install anything on my GNU/Linux box if I don't even mount any filesystem that may or may not exist on the disk. They'd pretty much have to find an exploit somewhere in a CD-playing library.
And if anyone did something that drastic, they'd be like the newest Windows DRM music files: "Sued for sure!"
The "anything with a keyboard and display must run Windows only" part. I tried to do a Google search and came up empty-handed, even in the many pages and articles I read where MIT students talked about how they didn't want undue MS influence because of the donation. Do you have some kind of source for that, because I'd really be interested to read it; as an engineering undergrad (University of Illinois) I see corporate influence in many areas around school but I've never heard of an agreement that broad or restrictive. Maybe I'm just naïve.
Um... have a citation for that one?
/. poster has that...)
Seems pretty far-fetched to me.
(I would just assume it's a troll, but you have a karma bonus, which somehow gives your words extra legitimacy... as much as any random
Windows NT and VMS isn't a conspiracy theory or a myth. It's not dirty.
Recently I heard a talk about the Windows kernel given by a guy from Microsoft. At the beginning of a talk, he said, "There are only two operating systems that matter." After the audience buzzed for a while, saying to eachother, "That jerk, Linux matters too!" or "That jerk, OS X matters too!" or "That jerk, BSD matters too!" He said something like, "You guys don't seem to like that, so what's the third?" One guy shouted out, "Windows!" The MS guy said, "Well, if you mean 'evil Windows', that is, Win95/98/ME, then it probably isn't even third. There are two operating systems that matter and they are Unix and VMS." He explained that for the most part ideas from VMS, rather than from Unix, shaped the design of the NT kernel. Looking at the Russinovich article, many of the things he lists as similarities are also similarities with Unix and many are similarities with any modern OS. Some, like the Object Manager, are specific to VMS and Windows. But overall, as long as DEC and MS came to some kind of agreement over any shared concepts or code, it's no knock on Microsoft, just as it's no knock on Linus for implementing a Unix-like OS. Better to borrow some things from a proven design and get a good product than to forge off on your own and make wierd mistakes.
So what if you do an OS upgrade? You're stuck without a browser. Oh, where would you go to get a browser? I'd probably think www.opera.com or www.mozilla.org. Shame I don't have a web browser to get there. There's FTP; who remembers FTP addresses (I'm sure I could find it.)
/. that at least one of them installs FF. Don't recall what they used for initial default browser setting. Maybe they gave users a choice. I don't know. It's just that OEMs do have to install IE, because Windows and many third-party programs depend on it (first examples coming to mind are Windows help and other apps that want an HTML renderer).
Internet Explorer is part of the operating system (well, it's part of the desktop environment at least). One might say it's a good thing that an operating system has a web browser in it. Or a package management system. Though as I've posted before, sometimes bastard ISPs won't let you grab a webbrowser with a package manager until you've agreed to their terms of use with a webbrowser.
Do you really think Dell would write their own custom browser? And why would anyone want to use a browser with a bunch of crappy Dell branding that would be slow to get Mozilla updates? OEMs can already install whatever they want and I even read on
Perhaps it would be nice is MS sold Windows the desktop environment seperately from Windows the operating system. That's where the break would have to be made, IE would be on the DE side, as Konq. is on the KDE side. Of course, it would be silly since most Windows programs are the equivalent of KDE apps, they would require their particular DE to be installed anyway (even if you're not running it).
You know, I just thought of something. There's no reason for an operating system to unconditionally trust and run arbitrary binary code from a CD-ROM. And yet that's default behavior on most systems. Autoplay's "run by default" is just as bad as if a web browser runs an executable with no confirmation upon download. So certainly that aspect of Windows is *teh evile* and if any other desktop environment is considering that, they're not helping. Frankly, there's no reason to have an automatic daemon to control device mounting imho, which is why I'm glad that I use an operating system that gives me the choice to mount when I want to. Somehow I doubt this flexibility is coming soon in Windows, given Microsoft's commitment to DRM. (though I often don't place much faith in a user's ability to handle security, I think that most people could handle mounts and unmounts, particularly considering they don't even need it for audio CDs).
Wouldn't GNU/Linux be the same way if you were running as root? Aren't there lots of people that will just give up their root/Administrator passwords the second some unknown software says it needs them? There's a Sony FAQ about this software that's a few links away from the F-Secure article. It contains the following gem:
"You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you.
On Windows XP Home Edition system you will need Administrator rights (typically the default setting) as well, not User rights."
Yes, you and I realize that's some ridiculous bullshit, and that if you disable autoplay the CD will act just like, well, a Real CD. Most users will think, "I'd better figure out what these Administrator rights are and install them on my computer so I can play this CD. I hope that doesn't cost me more money." Another box popping up saying, "this program want to overrite vitalfile.sys, this is very risky, are you OK with this?" wouldn't really help anyone that didn't already know; they just want to hear their music.
You're absolutely right, though, that this does represent a problem with Windows. Windows should not allow this, Unix should not allow this, BeOS should not allow this, VMS should not allow this. Windows actually has an easier way to handle it than most OSes, since it knows about the user's GUI and can pop up an alert (the Linux kernel would have to figure out whether the user was running at the console or in X or with some other crazy setup).
I've been thinking about potential solutions; perhaps offer a physical device with which you must confirm any module load? But this handcuffs remote users (for most systems there's probably no need to ever remotely load moduls, though. I wouldn't mind, as long as there was an option.) It would be convinient if when a module was loaded for the first time the OS could analyze it and figure out what types of behavior it would modify, and present this information to the user. Though if the idea is to modify other modules, like this program seems to do, a different type of protection (probably user-level) is required.
The only real layer of security is users, because only they can overlook the technical methods that software is using to make the value judgement, "Do I want this on my computer?" Running as Administrator or root by default diminishes a user's ability to make this judgement and puts them paradoxically in less control over their computer. That is one aspect of this for sure that can be placed squarely on Microsoft and Windows. If Apple can completely switch around thier OS technology and tell companies, "if you want to run nicely on OS X then re-release all your software", then certainly Microsoft could use its gargantuan power to pressure companies to write software that follows a sane security model. It would solve many problems with Windows as it is used today.
So the problem is a monopoly offering anything under cost? How are we separating the cost of operating system and browser here? Maybe they're gouging us for the browser and selling the OS under cost. We'll never know. But let's say that PC-BSD (www.pcbsd.org, I literally heard of it less than a minute ago, but it's an example of a Free Unix that "ships" with KDE installed) by virtue of its stability, ease of use, liberal licensing and unbeatable price becomes *the* dominant operating system sometime in teh distant future. Will it suddenly run into legal problems because it bundles a web browser, an office suite (probably has KOffice though I'm not positive), a development environment, and lots of other stuff, all for free?
Yeah, that was pretty much my point too. A trick like that (which I believe is default in Gentoo, at least) may sound clever but it's no help in general against malware running as root. That said, if the malware isn't expecting it, it might cause it to fail; similarly, a rootkit can hide something from detection software it knows about. If you have unique or uncommon detection software you could still see it.
Another potential approach: root is a user, and only has as many priviledges as the kernel gives it. A kernel could be written that simply denies overwrites of certain protected files and memory regions without specific, specialized hardware confirmation (think a red button on your case). This, of course, requires specialized hardware. Or maybe the power button can be used (I think the power button is typically handled by ACPI stuff), unless that can be faked somehow. Of course, all is powerless against a local malicious user with a screwdriver/blowtorch.
And yet look at KDE. Look at any end-user-centric Unixy distro (Gentoo, Debian and the BSDs don't count here). If you consider the windowing and desktop environments to be "part of the operating system", and most people do, then these situations are exactly the same. You can't have a KDE system without Konq. And yet we don't yell, "Evil KDE! Evil Knoppix!"
;-). Eventually I had to d/l the Lynx package onto my PC and transfer it by floppy disk to the laptop, which meant I had to *find* a floppy disk, no small undertaking. Ah, but the terms of use page wanted to be over https, and default Lynx package doesn't support https (crypto export/import regs, SSLeay restrictions for USians because RSA licenses are required... not quite sure why other F/OS browsers aren't similarly affected, though SSLeay might be an odd cookie in this regard). So, grab the BSD package for Lynx w/SSL (which given the long page of possible issues at http://www.columbia.edu/~ariel/ssleay/ssleay-legal -faq.html is probably a violation of international law), it just *barely* fits on the floppy, finally get it working. Note that because of the https thing telnet with HTTP commands wouldn't have worked anyway. That makes my soul cry. I don't think you can just use SSH for that either, though; currect me if I'm wrong.
Actually I was recently installing FreeBSD on a laptop. My ISP responds to any request you make with an HTML page containing its terms of service until you click the "Accept" button at the bottom. After FreeBSD gets done installing (I used a CD burned by my desktop machine for the install; these days there are 2 install CDs, the first one required with no packages and the second one a bunch of optional packages. I don't keep a stockpile of CD-Rs, so I only burned the first disk and figured I'd just install everything else later by FTP. Well, you know where this is going. Installing everything on the "required" disk (which contains some optional packages like an X server, source code, documentation and "games", all of which I installed) doesn't give you any kind of web browser whatsoever. Not even Lynx. In fact, you don't even get wget. You get telnet, but I didn't really feel like looking up the HTTP spec and typing in stuff manually. Not to say I haven't done it before
Somehow, I find myself thinking bundling wasn't such a bad idea (and yes, I know that bundling doesn't mean "do what MS did", this is just a silly story about the hassles of not having a web browser).
I thought what Microsoft got in trouble for was pressuring OEMs not to offer alternate operating systems or programs like Netscape with the threat of losing their Windows discounts or ability to ship Windows altogether. But I am not super-knowledgeable about this at all.
I know you're more a troll than anything, but as a GNU/Linux user that cares very much about Free Software, I've gotta respond to that. If everyone ran open source Unices and ran as non-priviledged users and used that "I don't automount my /boot partition but keep a dummy /boot when it's not mounted" trick (to prevent kernel image from being overwritten), there still would be scads of users that would have autorun enabled and give their root passwords out like candy on Halloween. As a fairly technologically informed type, I try to never say OK to an install I don't understand. But even sometimes I have to just trust Portage, and for someone that doesn't know much about computers such a policy would mean they'd be using a typewriter.
The idea behind insurance is to protect against the potential of huge, unpayable medical bills. That's why people buy insurance. If there wasn't a need to be protected against these costs people wouldn't buy heath insurance, pay for their bills individually and demand that the system work for them (currently, at least in the US, healthcare is excessively expensive if you go out of a network of doctors in the case of a PPO plan or if you don't operate through your primary physician in an HMO plan; at least this is my understanding, I am not a doctor, nurse, lawyer, accountant or actuary. It is a silly system: artificially raise prices, then offer huge discounts to networks. Does it make things simpler for consumers? Hard to say. I think our current system is pretty complicated.).
The need for distributing costs like this exists in health insurance. But in Internet service? How do the three other people get better service? Truly, it is difficult to determine how to split up the largely fixed costs of an ISP, but it seems logical to me to charge it's heaviest users most, regardless of how they use the service. So if they offer different levels of bandwidth/day for different amounts of money, or charge some fixed amount per month plus some amount per byte uploaded/downloaded, how does that degrade the service quality for the three small users? In my apartment there are three of us that must pay individually $20/month (and we get basic cable TV included in rent, which means that our landlord has a contract with the cable company that allows redistributing cable TV to a specific number of tenants and probably gets a pretty good rate). In my brother's apartment they can make their own Internet and cable deals and the three of them pay together $40/month for Internet plus really fancy digital cable TV service. He runs Cat5 under the doors and has hookups in every room. We've compared download speeds (though not terribly rigorously) and his appear to be comparable to mine. Because the three of them look like one person to the ISP (it's the same ISP with a different contract) they pay less for better service, though they probably use at least as many of the company's resources as we do. All because they have more ability to negotiate terms.
It would be much more fair to pay per level of routable IPs and per level of bandwidth. Users that need speed could get that, users like me that just want to run sshd could get that, users that just need to get their e-mail for cheap could get it.
Wow. This hits close to home for me... I don't have any formal database experience, and a small amount of practical experience, and this summer I had to work on a database app. In programming terms there were two data structures, that had to be linked in a many-to-many fashion. My first thought was that one should have a linked list of pointers to the other (well, it would be a linked list of IDs, not pointers). Can't do that. An array of pointers? Nope. Hmmm, I thought long and hard. Well, I thought, for this particular application we figured we'd probably only need about 100 records of the second type, so I said, AHA, I've got it! I'll use a bit vector! One bit for each record of the second type! So I put 4 integer fields in the first table and started to code up the application. (mods that have never used databases are probably thinking -1 "redundant" or +1 "interesting". mods that have used databases are probably thinking +1 "funny" or -1 "if ya like C so much why don't ya marry it")
But it just felt like the Wrong Thing, so I asked my boss and he told me to google for many-to-many tables. And now I kind of get the idea of relational databases. Sometimes I even see ways to use that kind of organization in C-style programs. I don't use it a lot, but sometimes it gives me another way to look at problems, which is helpful.
I think that "stealing cable" (obligatory "copyright infringement isn't theft" note) is exactly the same: you've signed a contract with the cable company, they're sending you data and you've signed away your right to redistribute the data. If you enter into the agreement you've gotta live by its terms. On cable TV there is a fixed set of content providers and they probably have a hand in those terms (i.e. they wouldn't sell their content to a cable company that allowed redistribution, or they would play notices on their shows that they're not to be redistributed).
/..
Actual content providers on the Internet aren't getting paid by ISPs, they find their own ways to make money.
Anyway, for TV I'm willing to live with those terms (though I would never pay a monthly fee for passive entertainment like cable TV). For Internet service, because I'm a computer geek, I'd prefer to enter into a different kind of agreement: you sell me some amount of bandwidth, some promise of reliability, and the guarantee that if I hit up DHCP I'll get a useful IP address, I do whatever I want with those resources. Perhaps I'd agree to not redistribute the bandwidth if it got me more bandwidth or a better price. In a system like that I'm not subsidizing people that use tons of bandwidth for p2p/gaming/their pwn3d computers sending spam and they're not subsidizing me when I download boatloads of obscure OSS or spend all day posting on
I mean, why is it that three people that use very little bandwidth should pay more than one person that uses a lot? Because that's the business model that some ISP decided on?
Anyhow, I'm moving to a more permanent place when I get a job next year, and will have much more choice. If the mainstream providers won't give me what I want I'll at least have a choice.
That looks really awesome. I wonder if it will run on FreeBSD (my laptop is on BSD right now but if this did what I wanted to do and didn't work under BSD I'd probably put Linux on the laptop.)
Thanks for the link. It looks like logmein.com uses a communication model similar to instant messaging, where all communication between server and client goes through logmein.com's and both server and client connect to logmein.com. This model, for sure, gets around NAT successfully.
Problems in my case are:
- I don't really like the idea of my traffic going through a third-party server. It seems wasteful, even if it's perfectly secure.
- I've never used this particular service but I find most VNC/X-forwarding stuff over the Internet (unless the computers are on the same fast network) to be pretty clunky because of the size of images that have to be transferred. For example, I've used various remote technologies to log onto an instant message service on a home PC and then access that session from a remote location. X forwarding, VNC, Windows Remote Desktop. They're all (to different degrees) annoyingly slow and glitchy. Whereas naim (ncurses AIM client) + screen + ssh works really well. Generally, ssh is going to be much more responsive than forwarding your whole desktop, for obvious reasons (As it happens, Jabber solves that problem by holding messages you get while signed off, so you can just sign off on your home machine and sign back on in the remote location. MUCH better.)
- Is there a facility for file transfer? The sftp part is really much more important to me than the ssh part. It doesn't look like there's any file transfer facility except in the pay versions.
- It's Windows-only. I run Gentoo you insensitive clod!
- The client requires java or active-x to be reasonable usable. On my junky laptop that I would often use as a client, ssh would hog much less memory, cpu and screen space, and could be run from the console (it's not like X and Opera take that much time to start, but they certainly take some time!).
The real solution, that would let me run arbitrary servers, is to find a friend with a real Internet connection, and establish a tunneling connection with his network that would allow connections on certain ports to be tunneled to my computer. I don't know quite how to set that up, though. My University has a VPN server, and I can use that to basically get that type of setup, except that it's firewalled so only University computers (or other people logged into the VPN) can access my servers. I've occasionally used that. As far as I know no company offers that kind of service for free.