Well, to point to a working system without the need for SSN to operate universities, in my country we use a university identification string, composed from initials, and some other unique parts based on a random algorithm to make sure they are unique indeed.
You can use that id for university related business only and it works extremely well. For example to access the website to schedule courses and exams, i need to login with that university id string and my password. If someone gets to know your university id, not much they can do with it, at max they can get your real name, but the rest is optional (user-selectable) to disclose, like email address, etc.
I don't see why couldn't universities in the states use such system, especially since in m experience it works extremely well.
Additionally, i heard a lot of network professionals, router operators saying that ipv4 and additionally older layer2-3 stuff are broken. It is simply used in an environment through hacks which it is not supposed to exist. It was designed for a trusted network, not to deal with malicious intent aswell. So, while quite smart stuff like layer 2.5 is used for a while now, it is another hack to make the previous one working. So additionally to what the parent post listed, ipv6 gives you better and much cheaper (improvement/cost wise) security. Also contrary to some posts, fully capable ipv6 firewalling/routing solutions exist already, ipv6 aware applications are there, although i do agree that there could be more of them.
If someone is fairly competent in maths, it can be quickly realised that by five-six steps, you can build a link between ANY POSSIBLE two humans on this planet living at the moment (that is if we assume that most humans knows 50 other human at least).
The sentencing despide the above mathematical fact is just plain ridicoulus. A set composed from the friends of a friends of a friends of a friends of mine are all criminals on this planet. Go arrest me if i tell about them...(i know, i didn't refer to an accurate description of drug dealing, but i believe the reasoning still stands for the same. Unless you a.) sell the drug yourself, b.) have anything to do with the trafficking of the drug (ie, marketing it) then you are perfectly innocent.)
It would be a good idea for some security folks to band together and create something like the "anonymous abuser" from the idea of "anonymous soldier" and nominate it. I can already see the floods of comments/open letters/opinion columns targeted at this.
You know, this reminds me of some parody of how things can be twisted. While the example i'm going to bring up is not directly related, i think there is a lot of parallel between the reality and the parody version:
Bread Kills!
Have you had your daily bread?
1. Almost 100% of gun owners have eaten some form of sliced bread.
2. Over 99% of all hunters make their sandwiches using bread on both sides.
3. All people carrying concealed weapons are found within two miles of bread.
4. Convenience stores that have armed holdups carry bread and bakery products.
5. It is a well known fact that criminals ate bread before they committed crimes.
6. The police often stake out areas known to have fresh bread (and donuts).
7. There is a very high, over 94% rate of conviction, from among bread eaters.
8. Lawyers are too stupid to bake bread - but they will steal yours.
9. Judges can not recognize bread loaves and therefore deny that bread exists.
10. More than 98 percent of convicted felons are known to be bread abusers.
11. Government run institutions are full of musty old stale bread.
12. HALF of all children who grow up eating bread score below average on tests.
13. Bread always falls jelly side down into the carpet.
14. Every piece of bread you eat brings you nearer to death.
15. Bread causes death and disease, nearly all sick people have eaten bread.
a. 99.9% of all people who die from cancer have eaten bread.
b. 100% of soldiers have eaten bread sometime before they went to war.
c. 96.9% of all undertakers have eaten bread near dead bodies.
d. 99.7% of the people involved in air and auto accidents ate bread.
e. 93.1% of Mafia members eat bread frequently with their spaghetti.
16. Evidence points to the long-term effects of bread eating: Of all the people born since 1839 who later dined on bread, there has been a 100% mortality rate.
17. Bread is made from a substance called "dough." It has been scientifically proven that as little as a teaspoon of dough can be used to suffocate a lab rat. The average American eats more bread than that in one day!
18. Primitive tribal societies that have no bread exhibit a very low incidence of cancer, Altzheimer's, Parkinson's disease, osteoporosis and lawyers.
19. Bread has been proven to be addictive. Subjects deprived of bread and given only water to drink, begged for bread after as little as two days of withdrawal.
20. Bread is often a "gateway" food item, leading the user to "harder" items such as butter, jelly, peanut butter, and even cold cuts.
21. Bread has been proven to absorb water. Since the human body is more than 90 percent water, it follows that eating bread could lead to your body being taken over by this absorptive food product, turning you into a soggy gray, gooey bread-pudding type person.
22. Young children can choke on bread - Always keep your loaf securely locked up.
23. Bread is baked at dangerous temperatures as high as 400 degrees Fahrenheit! That much heat can kill an adult in less than one minute after they get into the oven.
24. Most bread eaters are utterly unable to distinguish between true significant scientific facts and utterly meaningless statistical babbling found on websites.
My opinion is that the mere fact that there was such program on the harddrive of that guy is not enough. That would be the bread-eater-killer comparison, but even IF the court can prove that he used pgp to deliberately hide data, all it would mean like in a case when a murderer hides a victim's remains in his high security safe. I don't think that it would me more aware or more deliberate because someone has hidden pictures or a body somewhere. The fact that someone did what he did matters.
That's why it seemed so familiar. Damn. Didn't we conclude that time that basically with the clever usage of words like 'only' and 'just', it gives that impression linux is doing badly, while it is basically doing well based on their own numbers? I mean, if half of them are not interested in linux, the other half is! Talk about distorting facts, etc.
I'm also developing a quite unique system, on the url you can read below my username, which is written in mod_perl.
The whole website is around 100'000 lines of library oriented perl code, and is imo very well structured, commented and maintained. It is more than a website though, it is basically a group management system, with all the needs of it.
For the casual viewer it may seem that the website lacks features and kind of no-confort one, but it actually has a wide array of tools to use.
If american universities are like that, don't think that every university on the world conforms to those places.
Most people in Europe do not pay for example university studies directly, that's the government's job (except if you cannot meet the requirements of admission, then you can pay and still be there).
All im saying is, that you're talking about apples when the topic is about oranges. The lecturer was fired from a Spanish university, which is in Europe, not from an american.
The USA cannot play the big bully in this case like it did with embargoing small African countries when they refused to pay the 20x price for the patented AIDS treating drugs. The USA eventually lifted the embargo, after massive protests.
Actually there should be a procedure to free up all usernames which haven't been used in the last x years. The id should stay used though to make difference between an old somenick and a new somenick.
"Torvalds is arguing it's unlikely to ever be exploited, not that it's unexploitable or that it's not a vulnerability."
You're arguing on the tidbits. The same reason it is not considered a real exploitable vulnerability, because it is a THEORETICAL vulnerability. Some of those get fixed, some don't, like the ones which got on the surface grsec vs. kernel developers. Grsec people argued that it is a vulnerability and kernel developers argued that the particular vuln. can only be exploited if someone is already root, and that if someone is root he has five thousand more effective means in doing whatever he wants with the system.
The same applies to this vulnerability. It is under the radar, it is theoretical and the performance gains outweight multiple times that you would gain from fixing this issue on a _software_ level. Nothing stops intel from fixing it in a new version of processors.
The original reporter's dedication to the matter is relevant as shown by the top poster because he is making the issue seem to be a lot worse than it is and he is making overly generalized statements.
Maybe you need to worry about such vulnerabilities if you want to build an A1+ rating machine on the Department of Defense's scale.
"I don't care if the guy's obsessive."
After we heard pro's and con's, and the guy still keeps pushing it, i would think, that it is relevant, because then we can go tell him to move on (and not create flamebait on kerneltrap).
There is no such exploitable vulnerability, most of the people on LKML can tell you that, and they certainly wouldn't fix it inside kernelspace would there be one. The fact that the guy STILL holds on to the issue was explained by the top poster.
In your last paragraph you clearly demonstrated what is an ad hominem attack, and what is the difference between the top post and your post.
Btw, where did you hear about mathematics in relation to the issue? Because the whole issue is about coding and hardware design.
It's their website, thats true. They can disable the ability of mine to post comments if they don't like what i'm saying, that would be well within their rights.
What i'm saying is that they are running the site, but slashdot is above all, a community. If they decide to close it, they are free to do but until that moment it doesn't cease to be one, with the good and bad parts alltogether.
Slashdot Mirror
That depends on which system they can access once they have your university ID.
Without a password? Absolutely zero.
Well, to point to a working system without the need for SSN to operate universities, in my country we use a university identification string, composed from initials, and some other unique parts based on a random algorithm to make sure they are unique indeed.
You can use that id for university related business only and it works extremely well. For example to access the website to schedule courses and exams, i need to login with that university id string and my password. If someone gets to know your university id, not much they can do with it, at max they can get your real name, but the rest is optional (user-selectable) to disclose, like email address, etc.
I don't see why couldn't universities in the states use such system, especially since in m experience it works extremely well.
Indeed.
Additionally, i heard a lot of network professionals, router operators saying that ipv4 and additionally older layer2-3 stuff are broken. It is simply used in an environment through hacks which it is not supposed to exist. It was designed for a trusted network, not to deal with malicious intent aswell. So, while quite smart stuff like layer 2.5 is used for a while now, it is another hack to make the previous one working. So additionally to what the parent post listed, ipv6 gives you better and much cheaper (improvement/cost wise) security. Also contrary to some posts, fully capable ipv6 firewalling/routing solutions exist already, ipv6 aware applications are there, although i do agree that there could be more of them.
If someone is fairly competent in maths, it can be quickly realised that by five-six steps, you can build a link between ANY POSSIBLE two humans on this planet living at the moment (that is if we assume that most humans knows 50 other human at least).
The sentencing despide the above mathematical fact is just plain ridicoulus. A set composed from the friends of a friends of a friends of a friends of mine are all criminals on this planet. Go arrest me if i tell about them...(i know, i didn't refer to an accurate description of drug dealing, but i believe the reasoning still stands for the same. Unless you a.) sell the drug yourself, b.) have anything to do with the trafficking of the drug (ie, marketing it) then you are perfectly innocent.)
I'd wish they'd just make up their mind and vouch for FOSS
Then this shouldn't come as a surprise(first paragraph):
Inside the Beltway
It would be a good idea for some security folks to band together and create something like the "anonymous abuser" from the idea of "anonymous soldier" and nominate it. I can already see the floods of comments/open letters/opinion columns targeted at this.
My opinion is that the mere fact that there was such program on the harddrive of that guy is not enough. That would be the bread-eater-killer comparison, but even IF the court can prove that he used pgp to deliberately hide data, all it would mean like in a case when a murderer hides a victim's remains in his high security safe. I don't think that it would me more aware or more deliberate because someone has hidden pictures or a body somewhere. The fact that someone did what he did matters.
That's why it seemed so familiar. Damn. Didn't we conclude that time that basically with the clever usage of words like 'only' and 'just', it gives that impression linux is doing badly, while it is basically doing well based on their own numbers? I mean, if half of them are not interested in linux, the other half is! Talk about distorting facts, etc.
fastcgi is actually slower than mod_perl if you properly preload the required perl modules and code.
I'm also developing a quite unique system, on the url you can read below my username, which is written in mod_perl.
The whole website is around 100'000 lines of library oriented perl code, and is imo very well structured, commented and maintained. It is more than a website though, it is basically a group management system, with all the needs of it.
For the casual viewer it may seem that the website lacks features and kind of no-confort one, but it actually has a wide array of tools to use.
If american universities are like that, don't think that every university on the world conforms to those places.
Most people in Europe do not pay for example university studies directly, that's the government's job (except if you cannot meet the requirements of admission, then you can pay and still be there).
All im saying is, that you're talking about apples when the topic is about oranges. The lecturer was fired from a Spanish university, which is in Europe, not from an american.
that this one is "much more innovative and much better than anything before"?
I mean, isn't this Microsoft is telling in the last 15 years?
Actually i did, but the title of the article and the question it poses is still the same.
It's even more ironic that way that the linked article says the same as did.
Both have their merits and shortcomings. I believe no objective "better" exists.
The USA cannot play the big bully in this case like it did with embargoing small African countries when they refused to pay the 20x price for the patented AIDS treating drugs. The USA eventually lifted the embargo, after massive protests.
Actually there should be a procedure to free up all usernames which haven't been used in the last x years. The id should stay used though to make difference between an old somenick and a new somenick.
Haaaaaaaaaa...I'm a zombie, you haaaaaaaa...insensitive...haaaaaaaaa clod!
"Torvalds is arguing it's unlikely to ever be exploited, not that it's unexploitable or that it's not a vulnerability."
You're arguing on the tidbits. The same reason it is not considered a real exploitable vulnerability, because it is a THEORETICAL vulnerability. Some of those get fixed, some don't, like the ones which got on the surface grsec vs. kernel developers. Grsec people argued that it is a vulnerability and kernel developers argued that the particular vuln. can only be exploited if someone is already root, and that if someone is root he has five thousand more effective means in doing whatever he wants with the system.
The same applies to this vulnerability. It is under the radar, it is theoretical and the performance gains outweight multiple times that you would gain from fixing this issue on a _software_ level. Nothing stops intel from fixing it in a new version of processors.
The original reporter's dedication to the matter is relevant as shown by the top poster because he is making the issue seem to be a lot worse than it is and he is making overly generalized statements.
Maybe you need to worry about such vulnerabilities if you want to build an A1+ rating machine on the Department of Defense's scale.
"I don't care if the guy's obsessive."
After we heard pro's and con's, and the guy still keeps pushing it, i would think, that it is relevant, because then we can go tell him to move on (and not create flamebait on kerneltrap).
You must be new here...this is slashdot, noone RTFA-s.
There is no such exploitable vulnerability, most of the people on LKML can tell you that, and they certainly wouldn't fix it inside kernelspace would there be one. The fact that the guy STILL holds on to the issue was explained by the top poster.
In your last paragraph you clearly demonstrated what is an ad hominem attack, and what is the difference between the top post and your post.
Btw, where did you hear about mathematics in relation to the issue? Because the whole issue is about coding and hardware design.
It would be only ad hominem if his status would be in no relation to the issue at hand, but in this case, his "obsession" is important.
There is nothing to fix there, most of the coders agreed!
Some people are just keep pushing their flawed agendas.
Disclaimer: i did read the whole thread.
Imagine if someone would register (TM), (R) and (C)! Recursive endless loop!
It's their website, thats true. They can disable the ability of mine to post comments if they don't like what i'm saying, that would be well within their rights.
What i'm saying is that they are running the site, but slashdot is above all, a community. If they decide to close it, they are free to do but until that moment it doesn't cease to be one, with the good and bad parts alltogether.