Microsoft is a company, there goal is profit. Not security, not saving the enviroment, not making linux geeks smile. They want money. As every company on earth does. That is correct, but that doesn't make it right.
Jimmy is a paedophile, his goal is fucking six-year old girls. Not health, not being socially responsible, not making the priest happy. He wants sex. As every paedophile does.
Same simple truth, still doesn't make it ok, acceptable or justified.
In fact, even though the iPhone is technically tied to a contract, you buy it without signing any contract. In effect, it's a contract-bound phone where you don't sign any contract to purchase it. Wrong, in this context.
In Germany, the iPhone is only sold by T-Mobile, and only in T-Mobile shops, and only in connection with the contract. You can't buy an iPhone at an Apple store, and you can't buy one without signing the contract.
he RIAA has evidence of people engaged in an illegal activity. Actually, in most cases they don't. Whenever their "evidence" was examined closely, it turned out to be very flimsy.
Because the FSF is first and foremost about Freedom, and very much against any kind of DRM-like crap.
The RIAA, on the other hand, is one of the primary promoters of DRM.
Their lawsuit circus is mostly for show. One, they use it to create ammo for their lobbyists ("look how many evil people are out there, we're suing in the thousands but we simply can't get them all, we need new laws, give us new laws, btw. how's the wife? how about a nice holiday with her to fix things up again? or a nice willing young lady if it doesn't work?") and two they use it as intimidation towards Joe Public in order to stall the inevitable.
I think the FSF is pretty much in the right battle here, because if the RIAA gets their way, we won't end up with DRM'ed music, we will end up with DRM everywhere (if you really want to "protect" music from being copied, you need to have total control of every part of the soft- and hardware).
Why, then, as a user of a home computer would anyone ever bother fucking with SELinux? Because you're a security professional experimenting with it. That's about the only reason I can justify. Everything else is - in my view - using a 120mm HEAT cannon as your home self-defense system: It sure gets the job done, if you can use it properly, but it's not designed for that and the collateral damage is extensive.
Vista's UAC does a fine job of taking care of the difficulties that such an arrangement produces, and exhibits almost exactly the same behavior as Ubuntu does by default. I'm sorry, but I could not disagree more. Strike that, I'm not sorry. UAC is an abomination and does almost everything wrong that you could do wrong in user interface design, maybe apart from using blinking red text on purple background.
And yes, Ubuntu sucks just as much. I installed the last two versions on an old laptop and it doesn't hold a torch to the OS X that I've become a friend of ever since switching about a year ago.
The list of problems with UAC is endless, but the three most important ones, in my book, are (in no particular order):
It is interruptive, which pretty much guarantees to put the user into a mindset where his #1 priority is being done with it as quickly as possible
It shoves responsibility on the user who in most cases doesn't have either the know-how nor the necessary information to make an informed decision
It is repetitive and obnoxious, which practically trains the user in answering "yes" and wishing for a "yes, you fucking retard" button. We've seen this before with the "are you sure you want to delete this file" confirmation dialogs. Who here hasn't had the experience that you clicked "yes" by reflect and then thought "oh shit, no wait"?
UAC is fundamentally flawed and broken. It can't be fixed.
As opposed to SELinux. Which doesn't at all just disable stuff without giving you a reasonable answer as to why. Yes, because it's not a User Level tool. It's an admin-level tool. Once it's set up properly, it doesn't need to ask. Configuring something complex like SELinux "on the go" must be the most idiotic way of doing it, or maybe the 2nd most idiotic, right after using/dev/urandom as your security policy. A security policy, as opposed to a security patchwork, follows the order of think-write-implement, not the other way around.
Oh, and it does give you reasons - in the logfile.
While I'm 99% sure this was a spam message (I get a dozen or so of these "link exchange" spams every week), the point is still true: He didn't prove it was. If he had come with evidence that the same message was sent to other people as well (even if each time there's only one in the recipient list), things might've been different.
Also, don't argue that the headers show the source is a bot - because in the next case (one where you're the defendent), you'll argue that headers can be forged, and be right at that.
Sorry, but I know quite a lot about SELinux. And UAC is not even in the same league, it's not even the same sports, so to speak. UAC is an ugly crutch to shove responsibility on the user and ask him questions 95% don't even understand completely. More importantly, AFAIK the technical backend is vastly different and UAC can not ever hope to become an equivalent.
But yes, security and convenience do not always marry happily. In that regard, they are alike.
This is really nothing new, Windows 9x, 2k, and XP were all turds when they were first released. Driver maturity, application refinements, hardware improvements, and service packs all make the experience more tolerable. So, in other words, it's the same shit again, with no innovation, advancement or evolution.
That might explain why the world-wide reaction can largely be summed up as "yawn".
You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate. Because we all know that crime statistics are made up of "# of truths uncovered" and "# of innocents set free quickly" and not bullshit like "# of people jailed" and "ratio of convictions".
The smart thing to do is to appear cooperative, and make sure you don't say a word you don't have to until your lawyer is there.
Consider that, from a logical perspective, VALUE(right to vote) == SUM{[IMPACT(act of voting)]/[(COST(act of voting)]}. Think first, write second, that's the more reliable order.
Division means that no matter what the cost of voting, the right to vote still has a positive value. Also, impact and cost aren't of the same type. And a sum of one is nonsense, but that's just being nitpicky.
The division is the crucial thing, everything else can be fixed (use "value of sum of impacts of act of voting" and you're much better).
But if voting costs me $100, and the total impact is worth $50, then there is no point in voting except if I like spending money for nothing.
And that's what a large part of the population feel. Not that the value of voting is very small, but that it's actually negative. That the effort is larger than the gain. Many of them feel that way because they see the gain (sum total of impact) as close to zero, aka "no matter who governs, they all fuck you, just in different ways".
If the profit (gain minus cost) is negative, the rational choice is not to vote.
Which, unfortunately, is also the road to profit for the political parties. When's the last time you saw a serious attempt of any party to get more people to vote? They're trying to get more of their people to vote, and I'm sure they are quite happy with a low total voter turnout, because "your" 1 mio. people only count for 50% if 2 mio. people vote, but for 75% if only 1.33 mio. people vote.
Okay, so how about they all vote for a candidate who will deliver a European-style Universal Third Level Education? And this time, not next election, because many parts of Europe are busy changing the university system around into a very sick hybrid of US/EU methods that has students up in arms and anyone who knows a little bit about the educational system shaking their heads.
Too many lapdogs that blindly copy everything that's failed in the US, and none of that which works. Or maybe their definitions of "failed" and "works" are just the exact opposite of everyone else's.
I would *love* for Microsoft to come out with a great new OS. I'm the sort of guy who likes good software wherever it comes from. True, but you need to learn from experience, too.
And experience tells us that the last time that MS has come out with a "great new OS" was... err... well... never?
Do realize that the sad state of affairs in the Congress prevents us from such activities. You are excused, after all we know that Congress grows on trees and isn't being put there by, say, elections.
to enable computer security experts outside Microsoft to evaluate their effectiveness. Pah. Do they really think MS has to listen to the #1 rule of cryptography? ("Never trust anything you invented yourself until peer-review is done with it.", or any of the many permutations.)
The implication is that if someone breaks into your computer, here is something more he can do. Not only can he take over going forward, he can learn a certain amount of data about the past. If you had an SSL protected session in the past, then he could go back and figure out what they keys were back then and decrypt the data.
But how bad is this, really? It's horrible, that's how bad.
It means anyone with some ressources (government, MAFIA, MPAA, etc.) that has you on their black list can simply store your communications for a long time, then break into your machine at a convenient time to get the keys. It breaks the basic assumptions of many security tools and methods, namely that once the key has been destroyed, it can't be recovered.
Are relational database the end-all, or do we have other promising database models to look out for? OO-databases apparently went the way of the Dodo, but what else is out there that you find interesting?
It's that too few people do things, and what they do make no difference.
And no, I'm not treating americans as a group. I'm treating them as a sum total, because that's what determines how the country works. Saying "but look, I was against it" doesn't change anything.
Translation: "Your system doesn't work the way I want, so it must be broken."
Jimmy is a paedophile, his goal is fucking six-year old girls. Not health, not being socially responsible, not making the priest happy. He wants sex. As every paedophile does.
Same simple truth, still doesn't make it ok, acceptable or justified.
In Germany, the iPhone is only sold by T-Mobile, and only in T-Mobile shops, and only in connection with the contract. You can't buy an iPhone at an Apple store, and you can't buy one without signing the contract.
Because the FSF is first and foremost about Freedom, and very much against any kind of DRM-like crap.
The RIAA, on the other hand, is one of the primary promoters of DRM.
Their lawsuit circus is mostly for show. One, they use it to create ammo for their lobbyists ("look how many evil people are out there, we're suing in the thousands but we simply can't get them all, we need new laws, give us new laws, btw. how's the wife? how about a nice holiday with her to fix things up again? or a nice willing young lady if it doesn't work?") and two they use it as intimidation towards Joe Public in order to stall the inevitable.
I think the FSF is pretty much in the right battle here, because if the RIAA gets their way, we won't end up with DRM'ed music, we will end up with DRM everywhere (if you really want to "protect" music from being copied, you need to have total control of every part of the soft- and hardware).
And yes, Ubuntu sucks just as much. I installed the last two versions on an old laptop and it doesn't hold a torch to the OS X that I've become a friend of ever since switching about a year ago.
The list of problems with UAC is endless, but the three most important ones, in my book, are (in no particular order):
UAC is fundamentally flawed and broken. It can't be fixed.
Oh, and it does give you reasons - in the logfile.
While I'm 99% sure this was a spam message (I get a dozen or so of these "link exchange" spams every week), the point is still true: He didn't prove it was. If he had come with evidence that the same message was sent to other people as well (even if each time there's only one in the recipient list), things might've been different.
Also, don't argue that the headers show the source is a bot - because in the next case (one where you're the defendent), you'll argue that headers can be forged, and be right at that.
Sorry, but I know quite a lot about SELinux. And UAC is not even in the same league, it's not even the same sports, so to speak. UAC is an ugly crutch to shove responsibility on the user and ask him questions 95% don't even understand completely. More importantly, AFAIK the technical backend is vastly different and UAC can not ever hope to become an equivalent.
But yes, security and convenience do not always marry happily. In that regard, they are alike.
That might explain why the world-wide reaction can largely be summed up as "yawn".
The smart thing to do is to appear cooperative, and make sure you don't say a word you don't have to until your lawyer is there.
Division means that no matter what the cost of voting, the right to vote still has a positive value. Also, impact and cost aren't of the same type. And a sum of one is nonsense, but that's just being nitpicky.
The division is the crucial thing, everything else can be fixed (use "value of sum of impacts of act of voting" and you're much better).
But if voting costs me $100, and the total impact is worth $50, then there is no point in voting except if I like spending money for nothing.
And that's what a large part of the population feel. Not that the value of voting is very small, but that it's actually negative. That the effort is larger than the gain. Many of them feel that way because they see the gain (sum total of impact) as close to zero, aka "no matter who governs, they all fuck you, just in different ways".
If the profit (gain minus cost) is negative, the rational choice is not to vote.
Which, unfortunately, is also the road to profit for the political parties. When's the last time you saw a serious attempt of any party to get more people to vote? They're trying to get more of their people to vote, and I'm sure they are quite happy with a low total voter turnout, because "your" 1 mio. people only count for 50% if 2 mio. people vote, but for 75% if only 1.33 mio. people vote.
Too many lapdogs that blindly copy everything that's failed in the US, and none of that which works. Or maybe their definitions of "failed" and "works" are just the exact opposite of everyone else's.
It starts with the kids, and my assumption is that the problem is that they learn to type before they learn to spell.
And experience tells us that the last time that MS has come out with a "great new OS" was... err... well... never?
So is this a new list or did they simply take the list of all the features they removed from Longhorn before it became Vista and exchanged the header?
I'd really prefer to ask an open question. I like to hear about things that I don't already know about.
Only if you limit cryptography to encryption. Crypto does more than that. Just think about hashes, for example.
Ok, in that case I misread. Then it's not much of a danger, few windos machines stay up for more than a day or so.
You haven't seen Jeff Han's talk.
But how bad is this, really? It's horrible, that's how bad.
It means anyone with some ressources (government, MAFIA, MPAA, etc.) that has you on their black list can simply store your communications for a long time, then break into your machine at a convenient time to get the keys. It breaks the basic assumptions of many security tools and methods, namely that once the key has been destroyed, it can't be recovered.
Hi, Brian -
Are relational database the end-all, or do we have other promising database models to look out for? OO-databases apparently went the way of the Dodo, but what else is out there that you find interesting?
True, it's not as if nobody did anything.
It's that too few people do things, and what they do make no difference.
And no, I'm not treating americans as a group. I'm treating them as a sum total, because that's what determines how the country works. Saying "but look, I was against it" doesn't change anything.