The article truly sucks. The spyware angle is nothing more than a hook to get to some unimaginative "switch to Linux" stuff. On a site named Linuxworld that will really convince some people.
Going more into detail about his 5 hours and what exactly is bad about windos and better on Linux would've been a much better article.
From the pictures it appears there is one section that goes into another building or some kind of solid attachment. That's probably where you'll rotate your bedroom at night. During the day, you may want to rotate whatever room you're in so that it gets the most sunlight.
Very smart business move. Too bad that Symantec above all is a "security industry" player who is much more about "industry" than about "security" (or, frankly, any of the other stuff they bought up, like Ghost).
Best thing they could do for product quality: Leave Veritas alone as much as possible.
Best thing they could (and will) do for business: Integrate Veritas completely, so they don't crumble when their core business goes away in a few years (with M$ integrating most of the stuff into the OS and Linux becoming stronger in the home market, the days of desktop-firewalls and virus scanners as sellable products are numbered).
Plus theres linux' ever-growing embedded segment. Your TiVo never gets shut off?
Actually, most embedded devices are not powered off. They are put into standby.
Disclaimer: I am working on embedded Linux systems professionally.
Noone talks about runlevels anymore. and This is the quickest part of the boot, really.
Right there. You don't need fancy tools. A shell, a visit to/etc/rc?.d/ and some mv commands and your boot process will speed up a lot. A little understanding of dependencies helps, such as not starting dhcpd before the network is set up, but really most of the services can be started in any order. On a notebook or desktop, you'll usually want to move the [x|g|k|w]dm somewhere early. By the time X has come up, the other crap is running as well.
None of these new TLDs is seing any use worth mentioning. I've been to one.info site ever since they were set up. And what the heck is.post for? Is it like.museum - a tiny namespace that under no conceivable argument warrants a TLD?
ICANN has lost touch with reality, that isn't news. Where's.movie so all of hollywood can stop registering blabla-themovie.com ? That's a TLD that would make sense as not only does it offer a namespace that by convention already exists (-themovie.com instead of.movie), but it also makes sense to shift that off since the rules are different - movie sites are very important for a short time, after which most of them could be shut down, really. In addition, the name-rights are already taken care off, and a seperate place to handle disputes (e.g. new versions of old movies re-using the same name) would make sense.
But hey, I guess.jobs really is more important. It's got zero practical use but in this economy, it's a nice political signal, right?
I'm all for killing ICANN and making ORSC more popular.
The problem is that I've been on the wrong side of that, and was informed that all parties found it more convenient. Except that I didn't, therefore, the assertion was too strong.
That's a matter of exactness. Most people say "all" or "everyone", but actually mean "99.9%" or "everyone I know/care about".
There is a point where I agree with them. I've around 1000 players in my game. I will certainly care for something that matters to 10 of them. Whether or not I care for something that only one person dislikes depends entirely on my mood.
As for the telnet point - it doesn't justify using telnet all the time if you actually need it only seldom. That's laziness, not convenience.;-) (of course, your network might be troubled all the time, in which case you should disregard that point and find a new network admin).
Update: 18 hours after posting the study, the Linux kernel team had eliminated all the bugs documented in the study, forcing the researchers to correct the bug count down to 0 per 10,000 lines.
fsv is an interesting concept, but has one major failing: They assume that filesize has any meaning to the user, and that's getting it backwards. The display size should indicate importance. Some of my most important files are pretty small, and some of my largest files aren't. For example, the backup directory would be huge, as would log and cache directories.
a) "convenient" is used in a very strict sense here. Telnet isnt' more convenient than SSH, because SSH is just as good to use, and the install work is minor. However, doing things in a few clicks is convenient, while doing the same things in 25 steps is not. Don't confuse convenience with laziness.
b) I have gone to great pains to make sure my pages are useable to non-javascript users. The javascript-reliant features won't work, so (for example) the low-frame status bar won't update for you. You lose a feature, but you don't lose the entire site.
c) I did include "error-prone" for a reason. I don't consider checking for valid input a hassle. But it should be obvious that if I have to write a 200 line pure-HTML workaround, the chance for errors in that is higher than a 20 line javascript.
d) The point was that there are some places where all parties find it more convenient, easier and generally better with than without Javascript. It's not a matter of "oh, this is easier for me, screw the user". It's a matter of "I can do it in 2 pages and give the users a nice feature with javascript, or I have to write 10 pages and the users get the same or even less in functionality".
I assert that no essential behavior on a web-page requires Javascript
Probably right, though many very convenient features do.
I've got a web-based online game. I've written it in pure HTML as far as possible, with CSS for layout so that it works even if CSS is disable.
Nevertheless, there are a few places where Javascript is very handy. I could probably find a way to do it without Javascript, but it would be much more work and hassle for me, less convenient for the user, and more error-prone.
So that means that once one or the other cracker group has made a perfect release, the pirate copy will not only be cheaper, but also more convenient, easier to install and risk-free?
As always for the past five years, Bill is an idiot who is years behind, and his "visions" are only somewhat close because they're being adapted retroactively.
Smart cards, eh? Look, we've had them for a decade. We've had reliable, cheap smartcard-as-login solutions (both hardware and software) for several years.
They haven't replaced passwords so far, and they won't replace them in the future.
Smart cards are nifty, and very useful. But they aren't the end-all of security and anyone who says so in public is only making a fool out of himself. For one thing, they can be lost, stolen and yes they can be copied (don't trust the marketing drones of the vendors, smartcard hacking has been public knowledge for at least 3 years).
Then, you are tied to a local system, or infrastructure. I can log on to my server from anywhere in the world where I can get an ssh client running. If you rely on smartcards, and you're in Tokio where the Internet cafe doesn't have them, or has a different system, you're fucked.
And then there's the frightening reliance on a closed system that's essentially a black box. If you fully automate the login process, I can fully automate the exploit. There's a reason manual intervention is sometimes a useful feature, but M$ didn't get that when they wrote Outlook, so I figure they still don't.
Fortunately, the market will kill this idea dead. I've yet to read one argument that would convince the CEO here to pump out ten thousand bucks or so to install the necessary infrastructure.
which makes me just as vulnerable to some new scam that has a bit more intelligence behind it...
Not necessarily. One of the famous con artists in the early 20th century once said that you can only con the greedy, because they're the ones buying into your con, they want to believe in whatever bullshit you're selling, because it satisfies their desire for quick money (or sex, or whatever else).
Your definition of "some" is funny. 10 million spam mailsper day. Mind if I beat "some" sense into you?
It's not quality alone, it's quality times quantity. Just the way killing 10 people is worse and will yield a higher sentence than killing one, so sending a few spam mails would get a tiny sentence, but sending several billion over time yields a much higher one.
As for treatment of the criminal - I sure do hope that he gets some "treatment". I also hope they air it live, so the other spammers can consider again whether or not getting a job might be an option.
Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.
As security professional, the fact of the matter is that more often than not the company doesn't let me do my job. Cost isn't even the main issue - understanding is.
If you think about moving into the security area, realize one thing: Half of your time will be spent convincing management that the other half is really necessary, and two thirds of that other half are dealing with either decade old issues (no encryption, weak passwords, not updated machines) or user stupidity (sharing passwords, disabling security features, not following procedure).
The sixth or so that's left is pretty thrilling, though.
XUL rocks. Unfortunately, it is still too difficult to develop for it. I'm a quite capable developer, but I found the learning curve for XUL considerable.
An IDE and better documentation, and XUL is a killer app.
How many people who arent geeks like us will spend the time to download another browser
Pretty much everyone I know, for a start. You don't need fancy marketing. You just ask them in a very normal tone of voice whether they've upgraded their browser already or still using the default one.
For those on slow connections, I just give them a CD, either a copy of The Open CD or something similiar. Just burn them a free virus scanner, Firefox, OpenOffice, a free Zip tool and some other useful things on a CD.
Wonder what's next. Worms that record where it sends itself to in order to form a distributed AI Network?
No, we (the worm researchers) are beyond that stage already (it makes countermeasures too easy). I expect the kids to catch up within the year.
There are lab setups with very intelligent and frightening worms. Distributed, anonymous zombie network creation with fail-safe, encrypted communication channels. Fancy stuff. I've not yet seen any of the papers published. Some of it isn't practical for the Internet, some is.
Some people, myself included, are looking for non-malicious uses of this technology. Automated software distribution was discussed (and dropped) last year.
The article truly sucks. The spyware angle is nothing more than a hook to get to some unimaginative "switch to Linux" stuff. On a site named Linuxworld that will really convince some people.
Going more into detail about his 5 hours and what exactly is bad about windos and better on Linux would've been a much better article.
In addition to all of that, what I find most hard to swallow is the lack of action on the part of our elected officials (emph mine)
Exactly. They were elected. By those election machines. Why should they find anything wrong with that?
One word: Sunlight.
From the pictures it appears there is one section that goes into another building or some kind of solid attachment. That's probably where you'll rotate your bedroom at night. During the day, you may want to rotate whatever room you're in so that it gets the most sunlight.
Very smart business move. Too bad that Symantec above all is a "security industry" player who is much more about "industry" than about "security" (or, frankly, any of the other stuff they bought up, like Ghost).
Best thing they could do for product quality: Leave Veritas alone as much as possible.
Best thing they could (and will) do for business: Integrate Veritas completely, so they don't crumble when their core business goes away in a few years (with M$ integrating most of the stuff into the OS and Linux becoming stronger in the home market, the days of desktop-firewalls and virus scanners as sellable products are numbered).
Plus theres linux' ever-growing embedded segment. Your TiVo never gets shut off?
/etc/rc?.d/ and some mv commands and your boot process will speed up a lot. A little understanding of dependencies helps, such as not starting dhcpd before the network is set up, but really most of the services can be started in any order.
Actually, most embedded devices are not powered off. They are put into standby.
Disclaimer: I am working on embedded Linux systems professionally.
Noone talks about runlevels anymore.
and
This is the quickest part of the boot, really.
Right there. You don't need fancy tools. A shell, a visit to
On a notebook or desktop, you'll usually want to move the [x|g|k|w]dm somewhere early. By the time X has come up, the other crap is running as well.
And the public stays away in droves.
.info site ever since they were set up. And what the heck is .post for? Is it like .museum - a tiny namespace that under no conceivable argument warrants a TLD?
.movie so all of hollywood can stop registering blabla-themovie.com ? That's a TLD that would make sense as not only does it offer a namespace that by convention already exists (-themovie.com instead of .movie), but it also makes sense to shift that off since the rules are different - movie sites are very important for a short time, after which most of them could be shut down, really. In addition, the name-rights are already taken care off, and a seperate place to handle disputes (e.g. new versions of old movies re-using the same name) would make sense.
.jobs really is more important. It's got zero practical use but in this economy, it's a nice political signal, right?
None of these new TLDs is seing any use worth mentioning. I've been to one
ICANN has lost touch with reality, that isn't news. Where's
But hey, I guess
I'm all for killing ICANN and making ORSC more popular.
The problem is that I've been on the wrong side of that, and was informed that all parties found it more convenient. Except that I didn't, therefore, the assertion was too strong.
;-)
That's a matter of exactness. Most people say "all" or "everyone", but actually mean "99.9%" or "everyone I know/care about".
There is a point where I agree with them. I've around 1000 players in my game. I will certainly care for something that matters to 10 of them. Whether or not I care for something that only one person dislikes depends entirely on my mood.
As for the telnet point - it doesn't justify using telnet all the time if you actually need it only seldom. That's laziness, not convenience.
(of course, your network might be troubled all the time, in which case you should disregard that point and find a new network admin).
Update: 18 hours after posting the study, the Linux kernel team had eliminated all the bugs documented in the study, forcing the researchers to correct the bug count down to 0 per 10,000 lines.
fsv is an interesting concept, but has one major failing: They assume that filesize has any meaning to the user, and that's getting it backwards.
The display size should indicate importance. Some of my most important files are pretty small, and some of my largest files aren't. For example, the backup directory would be huge, as would log and cache directories.
she totally ignored me, handing back an obnoxious stock email
Do Not Send E-Mail To Politicians(tm).
You will be ignored. Use the phone, send a snail-mail letter or show up in person. E-Mail by citizen is regarded as spam by most politicians.
You missed my points by a mile.
a) "convenient" is used in a very strict sense here. Telnet isnt' more convenient than SSH, because SSH is just as good to use, and the install work is minor. However, doing things in a few clicks is convenient, while doing the same things in 25 steps is not. Don't confuse convenience with laziness.
b) I have gone to great pains to make sure my pages are useable to non-javascript users. The javascript-reliant features won't work, so (for example) the low-frame status bar won't update for you. You lose a feature, but you don't lose the entire site.
c) I did include "error-prone" for a reason. I don't consider checking for valid input a hassle. But it should be obvious that if I have to write a 200 line pure-HTML workaround, the chance for errors in that is higher than a 20 line javascript.
d) The point was that there are some places where all parties find it more convenient, easier and generally better with than without Javascript. It's not a matter of "oh, this is easier for me, screw the user". It's a matter of "I can do it in 2 pages and give the users a nice feature with javascript, or I have to write 10 pages and the users get the same or even less in functionality".
If Eolas wins this case, expect a massive deluge of Patent suits across the entire industry.
Good! It certainly is the only way to convince the public at large, and a majority of lawyers and politicians that the patent system is indeed broken.
I assert that no essential behavior on a web-page requires Javascript
Probably right, though many very convenient features do.
I've got a web-based online game. I've written it in pure HTML as far as possible, with CSS for layout so that it works even if CSS is disable.
Nevertheless, there are a few places where Javascript is very handy. I could probably find a way to do it without Javascript, but it would be much more work and hassle for me, less convenient for the user, and more error-prone.
So that means that once one or the other cracker group has made a perfect release, the pirate copy will not only be cheaper, but also more convenient, easier to install and risk-free?
Great way to discourage piracy.
Why all of the whining about having to have the CD to play the game?
You obviously don't own a notebook and spend half of your weekends away from home. I do.
As always for the past five years, Bill is an idiot who is years behind, and his "visions" are only somewhat close because they're being adapted retroactively.
Smart cards, eh? Look, we've had them for a decade. We've had reliable, cheap smartcard-as-login solutions (both hardware and software) for several years.
They haven't replaced passwords so far, and they won't replace them in the future.
Smart cards are nifty, and very useful. But they aren't the end-all of security and anyone who says so in public is only making a fool out of himself.
For one thing, they can be lost, stolen and yes they can be copied (don't trust the marketing drones of the vendors, smartcard hacking has been public knowledge for at least 3 years).
Then, you are tied to a local system, or infrastructure. I can log on to my server from anywhere in the world where I can get an ssh client running. If you rely on smartcards, and you're in Tokio where the Internet cafe doesn't have them, or has a different system, you're fucked.
And then there's the frightening reliance on a closed system that's essentially a black box. If you fully automate the login process, I can fully automate the exploit. There's a reason manual intervention is sometimes a useful feature, but M$ didn't get that when they wrote Outlook, so I figure they still don't.
Fortunately, the market will kill this idea dead. I've yet to read one argument that would convince the CEO here to pump out ten thousand bucks or so to install the necessary infrastructure.
As a non-native english speaker, I might not give words the same weight as you do, as long as the content is clear enough. :)
which makes me just as vulnerable to some new scam that has a bit more intelligence behind it...
Not necessarily. One of the famous con artists in the early 20th century once said that you can only con the greedy, because they're the ones buying into your con, they want to believe in whatever bullshit you're selling, because it satisfies their desire for quick money (or sex, or whatever else).
And he only sent out some bulk advertising.
Your definition of "some" is funny. 10 million spam mailsper day. Mind if I beat "some" sense into you?
It's not quality alone, it's quality times quantity. Just the way killing 10 people is worse and will yield a higher sentence than killing one, so sending a few spam mails would get a tiny sentence, but sending several billion over time yields a much higher one.
As for treatment of the criminal - I sure do hope that he gets some "treatment". I also hope they air it live, so the other spammers can consider again whether or not getting a job might be an option.
How come spam doesn't burn out like a pyramid scheme?
The stupid breed.
Hey, with all that spam for viagra, penis enlargement and porn paysites, it really shouldn't come as a surprise.
Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.
As security professional, the fact of the matter is that more often than not the company doesn't let me do my job. Cost isn't even the main issue - understanding is.
If you think about moving into the security area, realize one thing: Half of your time will be spent convincing management that the other half is really necessary, and two thirds of that other half are dealing with either decade old issues (no encryption, weak passwords, not updated machines) or user stupidity (sharing passwords, disabling security features, not following procedure).
The sixth or so that's left is pretty thrilling, though.
XUL rocks. Unfortunately, it is still too difficult to develop for it. I'm a quite capable developer, but I found the learning curve for XUL considerable.
An IDE and better documentation, and XUL is a killer app.
Microsoft executives defended Internet Explorer, saying it is no less secure than any other browser and doesn't lack any important features.'
In psychiatry, that's called "being in denial".
Nice to know we're competing with people in dire need of professional help.
How many people who arent geeks like us will spend the time to download another browser
Pretty much everyone I know, for a start. You don't need fancy marketing. You just ask them in a very normal tone of voice whether they've upgraded their browser already or still using the default one.
For those on slow connections, I just give them a CD, either a copy of The Open CD or something similiar. Just burn them a free virus scanner, Firefox, OpenOffice, a free Zip tool and some other useful things on a CD.
Wonder what's next. Worms that record where it sends itself to in order to form a distributed AI Network?
No, we (the worm researchers) are beyond that stage already (it makes countermeasures too easy). I expect the kids to catch up within the year.
There are lab setups with very intelligent and frightening worms. Distributed, anonymous zombie network creation with fail-safe, encrypted communication channels. Fancy stuff. I've not yet seen any of the papers published. Some of it isn't practical for the Internet, some is.
Some people, myself included, are looking for non-malicious uses of this technology. Automated software distribution was discussed (and dropped) last year.