"I don't get America.. "Violent video games cause kids to commit crimes, we should ban them.""
Except that it's one person saying this (out of 300 million). And that person will make a lot of money if he can convince people that it's true. So surely the real conclusion is not that america is stupid, but that people will argue for stupid things, given financial incentive.
"What is absurd is that people would buy a Mac Mini to run Linux."
How is that absurd? It's no worse than buying a PC to run Windows.
"Why not just buy a Shuttle XPC instead?"
Because for the same price as the Mac, you'll get a shuttle PC without a motherboard, CPU, memory, disk, or drives. An actual working Shuttle PC, built, to similar specifications will be about $950
"By not using OS X, you negate the main factor behind buying a Mac in the first place"
Indeed. Unless your reasons for buying were the price, the size, or the neat design.
and in so doing significantly reduce its value when compared with equivilently priced PC hardware."
What equivalently-priced PC hardware? For that price, in a shop, you'll get a beige box PC filled with the cheapest components they could find. Try selling that in 2 years, and compare it to the price of a secondhand Mac Mini then
OK then, research:
- case studies of passwords which were cracked, which would not have been cracked if those passwords were set to expire. Are there any?
This "password turnaround == security" thing: surely it assumes that:
(a) passwords are sent in plaintext and sniffers are in common use, or shoulder-surfing is common, or CCTV surveillance is expected
or (b) the passwords are remotely-exploitable and an infinite number of guesses are allowed
or (c) you think that someone will reveal their password once a month anyway If none of those apply, then the password-changing solves a problem that doesn't exist. It only helps after the password has been revealed to an enemy, a form of damage control.
Surely most systems aren't resistant to even one day's malicious use by an enemy, so limiting it to 30 days seems a bit of an odd step to take (especially when it causes so many problems).
OK, preventing the use of the same 5-character word that someone uses for everything (including websites) probably has an effect on security. But I don't see any good justification for monthly changes of a password which hasn't been compromised.
"Most school systems use MS Office for teaching students"
Things like that change as if blown by the wind. The lifecycle of a "school software" fashion isn't even as long as most people spend learning it.
It must be only 14 years now since I was taught a RM (research machines') desktop publishing system on an early PC, which was eerily similar to programs on the BBC-B which we'd used previously.
A couple of years after that, we were using software on the Archimedes A3000 computers, which had its own word-processor software (and a lot of freeware and shareware - popular magazines were still printing source-code in each issue)
Different labs at that school were just getting PCs, but since it was MS-DOS 5, we were actually using databases and word-processors written by a teacher in our school, since commercial software was either not available, or not usable.
At home we were using Ami Pro, the best word processor available. In fact I remember being marked-down on an exam question asking "what's the key to initiate a spellcheck" because the examiner had assumed WordPerfect for DOS, and I had assumed Ami Pro for Windows 3.11
After school, I left for the "real world", and got a job somewhere they were using WordPerfect. The macro system was a mess on that program, but they were replacing it with Microsoft Word systems.
At university, MS-Word seemed to be the standard, until we tried to group-edit a 200-page thesis on "university standard" old machines, and couldn't write more than a page before it locked-up in protest at the document size. On the first project we perservered, cursing Word all the time. On the second project, we discovered LaTeX (the real standard for university word-processing)
Now I'm working again and we use Word. But it seems like every sensible company is converting to OpenOffice. And presumably once AbiWord gains features, it will succeed OpenOffice (because it's ground-up Free Software, as opposed to a late conversion, so inherantly better technically)
Could you have said even 10 years ago what word-processor I'd be using today? Why even care what's being taught in schools? (and conversely, why should schools care what's currently being used in industry)
"Obviously that would change would make the service attractive to customers, but it would ruin their business. All you'd have to do is subscribe for a month or two, download all the songs you want and then cancel your subscription."
If that model works for porn sites, why wouldn't it work for music sites? They both face the same problems, notably getting enough money from website visitors to pay for the content. And they tried and discarded the "lock-in" proprietary solutions many years ago, something which music sites are only just starting to experiment with.
After the space race back in the 1960's, armchair scientists were faced with a major problem. Their party routine needed an anecdote that would somehow involve NASA and spending money. The joke-writers went to work. At a cost of 1.5 million hours, they developed the "Space Pen" story. Some of you may remember. It enjoyed minor success on some websites.
(simpleton multiples amusingly overestimated train GPS data-rate by the cost of consumer GPRS connection to estimate the cost of this scheme)
Don't know if we already mentioned this, but the rail network already has radios. Lots of them. Every station has a mast that they can add aerials to. They probably won't be using vodafone's "30 minutes with free text messages" service to send train-position data back to the controller (nor will they be sampling it hundreds of times per minute). Trains in the UK are very rarely known to move at 150km/h unless they're being transported on a lorry. Trains also quite accurately know their own speed, so any GPS system will be quite capable of interpolating their position in the 10 seconds between updates (and in the potters bar area you mention, the train might typically move about a metre or two during those 10 seconds, at rush hour.)
"Worth noting that last year's "big story" (Dan Rather falsification of Bush military records controversy), was broken by bloggers."
We still don't believe that it was deliberately used to bait CBS, knowing how easy it would be to prove forged?
I can think of big stories from last year, but that wasn't one of them. It was just one big attempt to distract people from asking important questions about the election.
"unless you are in a wheelchair and then you can pretty much forget it"
The slam-door trains also have a very useful feature known as a "guard's van" which is missing on modern trains, basically half a carriage of empty space.
Not only does that solve the wheelchair problem (large doors for wheelchairs, and there's a wheeled ramp on every platform to get wheelchairs into the guards van), but it means that you can have a combined bike/rail transport network (put bikes in the guards van) which is slowly being dismantled as they buy trains that you can't take bikes on.
I'm not an expert at sourceforge, but it would seem rather pointless to register an account there if you're not involved in a project. Ok, there are expired accounts, and disinterested accounts and whatnot...
But 1 million sourceforge users. You'd have to assume a lot of inactive accounts to even approach the "tens of thousands" figure, let along "hundreds". You'd have to assume that 10,000 people registered sourceforge accounts, for every person who contributed code, to even get near.
Just taking the current project of the month (ClamAV if you're interested), they mention 14 developers. And there are 29 projects of the month, and 95,000 other projects in various stages of development, (1110 Mature, 12375 Production/Stable, 14777 Beta etc.) with at least one person per project on anything that's "release quality"
That's just utilities mainly. Applications tend to have their own domains. KDE lists 501 people. OpenOffice have 3000 posts per week on their mailing list. Gnome list 84 people per year who donate money to the project (and can we forget the 10,000 who paid to promote Mozilla?) Linux itself of course, listed 369 people in the credits file at one time. Did you ever see a 'commercial' project with so many people working on it?
Okay, maybe you could look at the people preparing all this for shipping, the Mandrake people, the Debian people (Debbie and Ian?), the Gentoo people. But you don't just count the "packaging and shipping" group when you ask how many people programmed Windows do you? Maybe the person who wrote this article is getting very confused between writing software and distributing it...
"The patch was released on Feb 8, the story comes out on Feb 11. Right, not much to see here."
Not much to see at all, if you haven't been cracked between the discovery of the bug (hint: that was before the patch was released) and the publishing of this story.
Hope you weren't storing any sensitive information on that Windows machine...?
"When oh when are we going to learn, you cannot handle untrusted data (data from unknown hosts on the net) using software written with tools that allow dangerous memory access?"
Well, think of the duct tape test
"A program is good if it can be used in ways never imagined by its creator"
It's hardly surprising that programs whose authors expected to be used on well-formed documents in a secure and benign environment, are now being used to open documents transferred across the internet. It's actually pretty hard to read a standard format and *not* trust any data from the network, especially when the same code could be written in one tenth the time if you assume valid data (and everyone's pushing for the program to be finished this evening) - think of all the attacks used against programs - changing their environment variables, using timing attacks, sniffing their packets, negative data lengths... you just want to make the program work don't you? And we'd all laugh at a program that couldn't read 100MB PNG files, just as harshly as we'd laugh at a program which crashed a 200MB computer when it tried to load a PNG file.
Of course, this is why I wouldn't trust any software written "at work" or "by a company", just because I know the processes involved. Take your time, KDE people, and it's okay if one person writes the cool image-handling code while 5 others check it.
"assuming a Linux distro is doing the right thing and not enabling any daemons unless the user tells it to do so"
I'm not going to reenable them to check right now, but a portscan of a newly-installed Mandrake10 machine with default options includes about a dozen services, and would have installed more if I hadn't requested that it stop trying to install CUPS (for a nonexistant printer)
Most of those are the default "look what you can do" oneliners in xinetd, some of them are XDM (who knows whether it's okay to expose that?) and a few misc others. Interestingly, I don't remember being able to install SSH during the installation, the one thing that might be useful when installing a lot of machines. I
Slashdot Mirror
"I don't get America.. "Violent video games cause kids to commit crimes, we should ban them.""
Except that it's one person saying this (out of 300 million). And that person will make a lot of money if he can convince people that it's true. So surely the real conclusion is not that america is stupid, but that people will argue for stupid things, given financial incentive.
At least it wasn't "Burglar caught on serial webcam" - we'd still be waiting for the image to download
"Parent of parent lives in fantasy world."
Damn right.
And as to nominet, they're a beaurocracy like any other. If it makes their organisation larger, they'll do it.
FWIW, bars had tabs long before Galeon
(does this thread continue until we find a patent?)
"International domain names like .uk .au, and our favorite, .cx, are of course still supported."
The UK domain isn't international - it's only used by sites in the UK.
"'cause if we ignore it, then it will go away. It doesn't matter if the industry decides to use it or not."
Well yeah. Pretty much everyone here is the software industry. If we don't use it, then industry doesn't use it.
"That's kinda like in Indiana how there is a law that says you can't sell alcohol within 150 feet of a church."
So all you need is a church built into a mobile-home to go around forcing stores and bars to close?
"What is absurd is that people would buy a Mac Mini to run Linux."
How is that absurd? It's no worse than buying a PC to run Windows.
"Why not just buy a Shuttle XPC instead?"
Because for the same price as the Mac, you'll get a shuttle PC without a motherboard, CPU, memory, disk, or drives. An actual working Shuttle PC, built, to similar specifications will be about $950
"By not using OS X, you negate the main factor behind buying a Mac in the first place"
Indeed. Unless your reasons for buying were the price, the size, or the neat design.
and in so doing significantly reduce its value when compared with equivilently priced PC hardware."
What equivalently-priced PC hardware? For that price, in a shop, you'll get a beige box PC filled with the cheapest components they could find. Try selling that in 2 years, and compare it to the price of a secondhand Mac Mini then
OK then, research:
- case studies of passwords which were cracked, which would not have been cracked if those passwords were set to expire. Are there any?
This "password turnaround == security" thing: surely it assumes that:
(a) passwords are sent in plaintext and sniffers are in common use, or shoulder-surfing is common, or CCTV surveillance is expected
or (b) the passwords are remotely-exploitable and an infinite number of guesses are allowed
or (c) you think that someone will reveal their password once a month anyway
If none of those apply, then the password-changing solves a problem that doesn't exist. It only helps after the password has been revealed to an enemy, a form of damage control.
Surely most systems aren't resistant to even one day's malicious use by an enemy, so limiting it to 30 days seems a bit of an odd step to take (especially when it causes so many problems).
OK, preventing the use of the same 5-character word that someone uses for everything (including websites) probably has an effect on security. But I don't see any good justification for monthly changes of a password which hasn't been compromised.
"That having been said, there's the concept of 'reasonable use' in copyright law"
You don't even need that. It's a photograph of a 3-dimensional object. Look-up the relevant case-law, it's not covered by copyright.
"Oracle's stubborness says, time to start looking at DB2."
If you cared about licensing issues, you wouldn't be using Oracle. Oracle know this. Therefore they know you're bluffing and will ignore you.
Their customers are self-selected not to care about money or licensing restrictions.
"Most school systems use MS Office for teaching students"
Things like that change as if blown by the wind. The lifecycle of a "school software" fashion isn't even as long as most people spend learning it.
It must be only 14 years now since I was taught a RM (research machines') desktop publishing system on an early PC, which was eerily similar to programs on the BBC-B which we'd used previously.
A couple of years after that, we were using software on the Archimedes A3000 computers, which had its own word-processor software (and a lot of freeware and shareware - popular magazines were still printing source-code in each issue)
Different labs at that school were just getting PCs, but since it was MS-DOS 5, we were actually using databases and word-processors written by a teacher in our school, since commercial software was either not available, or not usable.
At home we were using Ami Pro, the best word processor available. In fact I remember being marked-down on an exam question asking "what's the key to initiate a spellcheck" because the examiner had assumed WordPerfect for DOS, and I had assumed Ami Pro for Windows 3.11
After school, I left for the "real world", and got a job somewhere they were using WordPerfect. The macro system was a mess on that program, but they were replacing it with Microsoft Word systems.
At university, MS-Word seemed to be the standard, until we tried to group-edit a 200-page thesis on "university standard" old machines, and couldn't write more than a page before it locked-up in protest at the document size. On the first project we perservered, cursing Word all the time. On the second project, we discovered LaTeX (the real standard for university word-processing)
Now I'm working again and we use Word. But it seems like every sensible company is converting to OpenOffice. And presumably once AbiWord gains features, it will succeed OpenOffice (because it's ground-up Free Software, as opposed to a late conversion, so inherantly better technically)
Could you have said even 10 years ago what word-processor I'd be using today? Why even care what's being taught in schools? (and conversely, why should schools care what's currently being used in industry)
"Obviously that would change would make the service attractive to customers, but it would ruin their business. All you'd have to do is subscribe for a month or two, download all the songs you want and then cancel your subscription."
If that model works for porn sites, why wouldn't it work for music sites? They both face the same problems, notably getting enough money from website visitors to pay for the content. And they tried and discarded the "lock-in" proprietary solutions many years ago, something which music sites are only just starting to experiment with.
Thought for the day.
After the space race back in the 1960's, armchair scientists were faced with a major problem. Their party routine needed an anecdote that would somehow involve NASA and spending money. The joke-writers went to work. At a cost of 1.5 million hours, they developed the "Space Pen" story. Some of you may remember. It enjoyed minor success on some websites.
The engineers were faced with the same dilemma.
They posted a link to snopes
(simpleton multiples amusingly overestimated train GPS data-rate by the cost of consumer GPRS connection to estimate the cost of this scheme)
Don't know if we already mentioned this, but the rail network already has radios. Lots of them. Every station has a mast that they can add aerials to. They probably won't be using vodafone's "30 minutes with free text messages" service to send train-position data back to the controller (nor will they be sampling it hundreds of times per minute). Trains in the UK are very rarely known to move at 150km/h unless they're being transported on a lorry. Trains also quite accurately know their own speed, so any GPS system will be quite capable of interpolating their position in the 10 seconds between updates (and in the potters bar area you mention, the train might typically move about a metre or two during those 10 seconds, at rush hour.)
"Worth noting that last year's "big story" (Dan Rather falsification of Bush military records controversy), was broken by bloggers."
We still don't believe that it was deliberately used to bait CBS, knowing how easy it would be to prove forged?
I can think of big stories from last year, but that wasn't one of them. It was just one big attempt to distract people from asking important questions about the election.
"unless you are in a wheelchair and then you can pretty much forget it"
The slam-door trains also have a very useful feature known as a "guard's van" which is missing on modern trains, basically half a carriage of empty space.
Not only does that solve the wheelchair problem (large doors for wheelchairs, and there's a wheeled ramp on every platform to get wheelchairs into the guards van), but it means that you can have a combined bike/rail transport network (put bikes in the guards van) which is slowly being dismantled as they buy trains that you can't take bikes on.
I'm not an expert at sourceforge, but it would seem rather pointless to register an account there if you're not involved in a project. Ok, there are expired accounts, and disinterested accounts and whatnot...
But 1 million sourceforge users. You'd have to assume a lot of inactive accounts to even approach the "tens of thousands" figure, let along "hundreds". You'd have to assume that 10,000 people registered sourceforge accounts, for every person who contributed code, to even get near.
Just taking the current project of the month (ClamAV if you're interested), they mention 14 developers. And there are 29 projects of the month, and 95,000 other projects in various stages of development, (1110 Mature, 12375 Production/Stable, 14777 Beta etc.) with at least one person per project on anything that's "release quality"
That's just utilities mainly. Applications tend to have their own domains. KDE lists 501 people. OpenOffice have 3000 posts per week on their mailing list. Gnome list 84 people per year who donate money to the project (and can we forget the 10,000 who paid to promote Mozilla?) Linux itself of course, listed 369 people in the credits file at one time. Did you ever see a 'commercial' project with so many people working on it?
Okay, maybe you could look at the people preparing all this for shipping, the Mandrake people, the Debian people (Debbie and Ian?), the Gentoo people. But you don't just count the "packaging and shipping" group when you ask how many people programmed Windows do you? Maybe the person who wrote this article is getting very confused between writing software and distributing it...
"The patch was released on Feb 8, the story comes out on Feb 11. Right, not much to see here."
Not much to see at all, if you haven't been cracked between the discovery of the bug (hint: that was before the patch was released) and the publishing of this story.
Hope you weren't storing any sensitive information on that Windows machine...?
"When oh when are we going to learn, you cannot handle untrusted data (data from unknown hosts on the net) using software written with tools that allow dangerous memory access?"
Well, think of the duct tape test
"A program is good if it can be used in ways never imagined by its creator"
It's hardly surprising that programs whose authors expected to be used on well-formed documents in a secure and benign environment, are now being used to open documents transferred across the internet. It's actually pretty hard to read a standard format and *not* trust any data from the network, especially when the same code could be written in one tenth the time if you assume valid data (and everyone's pushing for the program to be finished this evening) - think of all the attacks used against programs - changing their environment variables, using timing attacks, sniffing their packets, negative data lengths... you just want to make the program work don't you? And we'd all laugh at a program that couldn't read 100MB PNG files, just as harshly as we'd laugh at a program which crashed a 200MB computer when it tried to load a PNG file.
Of course, this is why I wouldn't trust any software written "at work" or "by a company", just because I know the processes involved. Take your time, KDE people, and it's okay if one person writes the cool image-handling code while 5 others check it.
"Am I reading this wrong, or are these exploits for vulnerabilities that are already patched?"
yep! 6 months ago by linux, and 3 days ago by microsoft.
"Ah, but you're missing an important part of the original posting; the reference was to Win2k3 only."
So to be consistant, we should compare the popularity of Linux with that of Windows 2003 server...?
Might make the numbers look rather too skewed if you pick and choose just like that!
"Why in the world would some sadistic person put up a 37 MB power point presentation on slashdot."
People who use PowerPoint don't know what megabytes are...
"assuming a Linux distro is doing the right thing and not enabling any daemons unless the user tells it to do so"
I'm not going to reenable them to check right now, but a portscan of a newly-installed Mandrake10 machine with default options includes about a dozen services, and would have installed more if I hadn't requested that it stop trying to install CUPS (for a nonexistant printer)
Most of those are the default "look what you can do" oneliners in xinetd, some of them are XDM (who knows whether it's okay to expose that?) and a few misc others. Interestingly, I don't remember being able to install SSH during the installation, the one thing that might be useful when installing a lot of machines. I
"I wonder if Ati users will have to wait another 6 months to get 6.8.2 support."
ATI still have customers?!?