"The Internet survived, even against fictional abuses against the world's computers."
I've got this picture of DHS undercover agents running around screaming "the sky is falling, the sky is falling!", and then making chicken-clucking noises. Nobody panics, and they proclaim "Right then, all is well".
Really, I'm surprised that the religious right has picked this fight at all
It may not be so surprising if one considers that the pace of social change itself is accelerating. We are probably only capable of dealing with a certain amount of change, from an evolutionary point of view. For the majority of the history of our race, we have had to face times when change came in unimaginable form, and this was usualy a natural disaster that called on the use of survival instincts, and live-or-die black and white thinking. It worked, and we survived.
Now, change is not taking the form of a dire natural disaster, but rapid alterations in how our society communicates. Is it possible that the suddden increase in the rate of change itself has triggered survivalist, black-and-white responses in the population? Could that be why fundamentalism has experienced so many gains in the last 30 years? Its always been around, but it seems to have been living well lately. Only a matter of time before the fundamentalists picked a fight with reason and thought.
It doesn't matter whose fault it is. If the perpetrators commited a defined crime, they receive the judgement prescribed by law. It the adware companies encouraged someone to do something unethical, well until that's a crime, there's nothing to do about that.
On the other hand, if someone fails to take precautions to secure their house, and they get broken into, sure the crook goes to jail. But their house still was broken into, and unless they do something to secure their house, it'll happen again. Doesn't matter whose fault it is. what matters is what can be done to prevent it from happening again.
Anyone who bothers to actually read CERT's security advisories will notice, quietly, at the bottom (from their most recent advisory):
Version: GnuPG v1.2.1 (GNU/Linux)
While this doesn't mean all of CERT runs exclusively on linux, they don't ban it, and use it to authoratatively sign their official security advisories. Not an official endorsement by CERT, just an official adoption.
Cisco also has been signing their security advisories using linux as well (from a recent advisory):
Version: GnuPG v1.4.2 (GNU/Linux)
Again, not an official endorsment, just an official adoption. In both the examples of CERT and Cisco, I've yet to see them sign advisories using windows, even though GnuPG runs just fine on windows. How they're using linux, of course, isn't clear from just the sigs, but that they are using linux is, and they are clearly showing a preference when it comes to authoratative public announcements.
What is it with Bush II and science? He constantly tries to censor/alter/control what scientists say, and then claims he wants more math & science education (conveniently offering not to pay for it).
Doesn't he ever wonder what it would be like to be an honest human being - just for one minute? Instead of a passive-aggressive manipulator always doing one thing while claiming to support the opposite?
Of course, if the science in question creates evil human-animal hybrids, we can all agree that science should be banned, per junior's state-of-the-union address.
Unix admins seem to default to thinking about security in terms of how things work and break. Windows admins seem to think of security in terms of how to buy anti-virus software and click 'install'. Disturbingly, most of the windows admins I talk to refer to anti-virus software as if it was a solution, not a symptom.
Perhaps, freedom could be likened to a dynamic state, and despotism to a static state. Always, the tendancy is to fall back to the static, unless effort is exerted in the dynamic direction. If things could be described thus, then these kinds of things will *always* happen, and we can only hope that effort is exerted (as it was) to oppose it.
There's no need for anger against injustice, only the awarness and will to oppose it.
"with only plans to fix one of them. While bugs in hardware is nothing new (the P4 has 64 known issues, at this time Intel does not plan to fix a single one) "
Is it just me, or do the statements "with only plans to fix one of them" and "does not plan to fix a single one" conflict with one another?
I was also an operator for the military cellular telephone (31-m & 31-D), which used encryption for every phone call. An interesting idea about distributing keys via a flash drive, since that was kind of how the keys for the cell phone encryption were distributed - via a PCB card. To actually get a card into the hands of an operator, it was first necessary to get past guards, which meant having a code book, and knowing the unit SOP for reading the code book. Then, if the various cross checks were good, you gave the PCB to the operator. If the cross checks were not okay, well use your imagination. And yes, we carried enough C4 to obliterate the truck. Only a 60 second fuse.
As for the security of phone exchange, it reasonable since I had a number of previous conversations with the other individuals over a period of months, and was reasonably familiar with the person on the other end. Also, receipt of keys was acknowleged via email, and other individuals in the loop as well. It did make me somewhat uncomfortable that the conversation could have been listened in on, and I tried to get the other people to use a public key.
In the end, there didn't appear to be any indications of someone siphoning traffic off the tunnels that were set up, but that of couse was no guarantee.
I point to the 'point-and-click' culture as at least part of the problem. I was dealing with a major vendor of credit information, and they wanted to set up a VPN tunnel as part of their 'corporate' security (presumably SBO complience). They wanted to use preshared keys. I offered to send them my public key so they could encrypt the keys. Or, failing that, my phone number so they could send the keys that way, if need be. They emailed the keys in the open. If they couldn't do it with a point-and-click, its seemed, they just couldn't do it at all.
There's just no substitute for independant thought.
OSX users shouldn't feel invulnerable, just as the article points out. They still need to use hard to guess passwords, and shouldn't just allow any old product to install software (like a musci CD) without know what gets installed. The feeling of invulnerability itself is a problem, leading to lax security practices.
OSX isn't invulnerable with respect to security - just somewhat decent.
Slashdot Mirror
"The Internet survived, even against fictional abuses against the world's computers."
I've got this picture of DHS undercover agents running around screaming "the sky is falling, the sky is falling!", and then making chicken-clucking noises. Nobody panics, and they proclaim "Right then, all is well".
My tax dollars hard at work...
Really, I'm surprised that the religious right has picked this fight at all
It may not be so surprising if one considers that the pace of social change itself is accelerating. We are probably only capable of dealing with a certain amount of change, from an evolutionary point of view. For the majority of the history of our race, we have had to face times when change came in unimaginable form, and this was usualy a natural disaster that called on the use of survival instincts, and live-or-die black and white thinking. It worked, and we survived.
Now, change is not taking the form of a dire natural disaster, but rapid alterations in how our society communicates. Is it possible that the suddden increase in the rate of change itself has triggered survivalist, black-and-white responses in the population? Could that be why fundamentalism has experienced so many gains in the last 30 years? Its always been around, but it seems to have been living well lately. Only a matter of time before the fundamentalists picked a fight with reason and thought.
It doesn't matter whose fault it is. If the perpetrators commited a defined crime, they receive the judgement prescribed by law. It the adware companies encouraged someone to do something unethical, well until that's a crime, there's nothing to do about that.
On the other hand, if someone fails to take precautions to secure their house, and they get broken into, sure the crook goes to jail. But their house still was broken into, and unless they do something to secure their house, it'll happen again. Doesn't matter whose fault it is. what matters is what can be done to prevent it from happening again.
Not contending, but how are they using linux? Just fishing for good URLs....
While this doesn't mean all of CERT runs exclusively on linux, they don't ban it, and use it to authoratatively sign their official security advisories. Not an official endorsement by CERT, just an official adoption.
Cisco also has been signing their security advisories using linux as well (from a recent advisory):
Again, not an official endorsment, just an official adoption. In both the examples of CERT and Cisco, I've yet to see them sign advisories using windows, even though GnuPG runs just fine on windows. How they're using linux, of course, isn't clear from just the sigs, but that they are using linux is, and they are clearly showing a preference when it comes to authoratative public announcements.
Given an infinite number of packets, and the ability to represent them as tunes, all the songs ever written will be played.
Now the RIAA can sue the networks themselves if they inadvertently play copywritten melodies.
"Arrest those packets - they played 'Imagine'"
I'll be sure to remind her of all the beneficial fetus cells she gets out of the deal.
What is it with Bush II and science? He constantly tries to censor/alter/control what scientists say, and then claims he wants more math & science education (conveniently offering not to pay for it).
Doesn't he ever wonder what it would be like to be an honest human being - just for one minute? Instead of a passive-aggressive manipulator always doing one thing while claiming to support the opposite?
Of course, if the science in question creates evil human-animal hybrids, we can all agree that science should be banned, per junior's state-of-the-union address.
What son, when stepping into his father's footsteps, does not feel the urge to outrun his old man.
Unix admins seem to default to thinking about security in terms of how things work and break. Windows admins seem to think of security in terms of how to buy anti-virus software and click 'install'. Disturbingly, most of the windows admins I talk to refer to anti-virus software as if it was a solution, not a symptom.
Won't the cops need spidey senses to use it?
"Name similarity."
That's how the terminator did it....
Perhaps, freedom could be likened to a dynamic state, and despotism to a static state. Always, the tendancy is to fall back to the static, unless effort is exerted in the dynamic direction. If things could be described thus, then these kinds of things will *always* happen, and we can only hope that effort is exerted (as it was) to oppose it.
There's no need for anger against injustice, only the awarness and will to oppose it.
Why Redhat? Debian runs on Macs now, and is much easier to keep up to date.
"with only plans to fix one of them. While bugs in hardware is nothing new (the P4 has 64 known issues, at this time Intel does not plan to fix a single one) "
Is it just me, or do the statements "with only plans to fix one of them" and "does not plan to fix a single one" conflict with one another?
Is that one of those Clint Eastwood 'dead or alive' bounties?
Albiet in a minor way.
I wish I could have done that for finals in college....
In the palm of my hand...
I was also an operator for the military cellular telephone (31-m & 31-D), which used encryption for every phone call. An interesting idea about distributing keys via a flash drive, since that was kind of how the keys for the cell phone encryption were distributed - via a PCB card. To actually get a card into the hands of an operator, it was first necessary to get past guards, which meant having a code book, and knowing the unit SOP for reading the code book. Then, if the various cross checks were good, you gave the PCB to the operator. If the cross checks were not okay, well use your imagination. And yes, we carried enough C4 to obliterate the truck. Only a 60 second fuse.
As for the security of phone exchange, it reasonable since I had a number of previous conversations with the other individuals over a period of months, and was reasonably familiar with the person on the other end. Also, receipt of keys was acknowleged via email, and other individuals in the loop as well. It did make me somewhat uncomfortable that the conversation could have been listened in on, and I tried to get the other people to use a public key.
In the end, there didn't appear to be any indications of someone siphoning traffic off the tunnels that were set up, but that of couse was no guarantee.
I point to the 'point-and-click' culture as at least part of the problem. I was dealing with a major vendor of credit information, and they wanted to set up a VPN tunnel as part of their 'corporate' security (presumably SBO complience). They wanted to use preshared keys. I offered to send them my public key so they could encrypt the keys. Or, failing that, my phone number so they could send the keys that way, if need be. They emailed the keys in the open. If they couldn't do it with a point-and-click, its seemed, they just couldn't do it at all.
There's just no substitute for independant thought.
"It's the shipping business of the digital age," Smith said, arguing that consumers should welcome the pay-for-delivery concept.
Egad - he's been trained in the Force: "You like it when we rip you off..."
Damn Sith...
I'm still waiting for the TLD for Ogres - .ogr
I somehow keep trying to get to slashdor.ogr, as if drawn by some unseen force.
If there were a TLD for ogres, at least the slashdot ogres - or moderators - would at last have recognition.
"it isn't even a pre-emptive multitasking OS, people!"
Actually, it is. Were you thinking of MacOS9, perhaps? Or, do you have a different definition of pre-emptive multitasking?
just curious...
OSX users shouldn't feel invulnerable, just as the article points out. They still need to use hard to guess passwords, and shouldn't just allow any old product to install software (like a musci CD) without know what gets installed. The feeling of invulnerability itself is a problem, leading to lax security practices.
OSX isn't invulnerable with respect to security - just somewhat decent.