I bought a bunch of DVDs in England when I was living there then I emigrated to Australia. Now any (mainstream) DVD I buy is Region 4 not Region 2. My DVD player is region free but my Laptop is another story so I can't play any DVD I own on My laptop when I want to because you've only got 3 Region changes before it locks.
Can one not simply use Linux and DeCSS?
Don't think that has any respect for region codes - anyway I just put my DVDs in and they play so I'm happy:-)
I think you are stretching it a bit to leave out software, though. I don't think I've ever seen anyone here say that the entire patent system should be scrapped.
No problemo...
the entire patent system could (should?) be scrapped. Along with the entire copyright system.
... your wish is my command.
Trademarks aren't too bad though, I suppose we can let those stay, as long as we make sure trademarks aren't twisted and misused into pseudo-copyrights once we've scrapped the present copyright system.
From what I can see of it, Bloglines is not only software, but are also providing web services, which means that additional considerations apply, whether or not source code for the application is available.
For a conventional downloaded application that you then use directly on your own computer, the argument is fairly well worked out and easy to make, for example choosing to use a free/libre torrent client rather uTorrent, OpenOffice rather than MS-Office, ClamAV rather than Antivir, etc, etc.
It is not only about the practical drawbacks that directly affect you, such things as what it might actually be doing "under the covers", what happens if the vendor discontinues it or unilaterally changes the terms, pricing, etc, with the next version/security upgrade, and all the usual arguments on those lines. Your use of closed-source applications also has a wider impact on everyone:
By increasing the user-base of the closed-source application, you also weaken the open alternatives, which may be the only competition acting to keep the closed application on honest terms - when there is only the closed application and no alternative, you will start seeing ever more onerous terms, prices, and conditions, and there won't be anywhere else to turn, as has been the case with MS-Windows and Office
If proprietary formats for data are required and not interoperable, then you may force others to use the same closed-source applications, whether or not they want to. Again, the existence of open-source alternatives with a reasonable userbase may be the only thing forcing interoperability, for example with the way that the rise of Firefox usage has forced rethinks of Explorer-specific websites
By decreasing the user-base of open alternatives, you are reducing their rate of advancement - the bigger the userbase, the more the contributions, requests for enhancements, developers, and so on. If you would (in principle) prefer an open-source solution, but available open alternatives need to improve to exceed existing closed-source applications, then the way to get it is to use the open-source alternative, if it's at least "good enough", and help it to improve. Going to the closed-source option instead just helps shore that up, an obstacle to ever getting a really good free/libre alternative.
When it comes to web services, other considerations impact. By signing up to the site, you are probably entering into some sort of ongoing contract, rather different to buying a product. Though I note that the desire of software vendors to transfer to a rental/subscription model rather than the sale of an instance of a copy of the software is one of the drawbacks of conventional closed-source applications.
Going back to Bloglines for a moment, one notices that while they use free/open source software to provide web applications, they also impose conditions on their web services that would not be acceptable for a free/libre application. For example:
Terms of Use
Bloglines Web Services are freely available for non-commercial use only (at home or at work), and are subject to our Terms of Service. You may not automatically re-publish content from these feeds on a commercial website. All services require an existing Bloglines account. We reserve the right to disable access to external applications and accounts at any time.
Terms like that would make a conventional stand-alone application non-free, even if the source code was available, and using web services to impose conditions like that on applications built on top of free/libre software is part of what's intended to be addressed by changes to the GPL in version 3.
The point being that we wish to preserve a fundamental set of freedoms for users of software (however the application is delivered) as follows:
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source c
"I can see the source" is not the singular way to build trust.
It's not only, or even particularly, that you personally can see the source, though that comes along with it. That's a common misconception - what would I do with the source anyway, many/most people say quite understandably. Yet that's missing the point, which is threefold:
If it's not widely used, then only a few people can ever be affected by anything nasty in it anyway
If it is widely used, then some subset of those who get it also retrieve and work with the source, and it will be forked if there's anything wrong with it - not only anything malicious but even if it's just taken in a misguided direction
Not only is this the case, but the developers of the project know it as well, which is why open source projects have such a good record for staying on track and being run as benevolent dictatorships, without any overarching formal arrangements or discipline. That's because project maintainers know full well that the moment they stop being benevolent dictators, the project will fork and they will be maintaining the deprecated fork
Quote:
The other point I was reaching for was that if the benefits of using closed(non free, whatever) software outweigh the benefits I derive from the community you speak of(they often do), then the rational thing to do(assuming I don't place a large intrinsic value on software-libre itself) is to use the closed software.
That's also quite common, and if I may say so, quite short-sighted as well. The analogy to free speech is quite apt, as many people place similarly little intrinsic value on traditional liberties they have taken for granted, being willing, even eager, to give up freedoms and accept the extension of government powers (arrest, detention, trial, national identity, expression, etc, etc) in the name of fighting terrorism, pornography, efficiency, or whatever other excuse is flavour of the day.
Those people won't squawk until their freedom is gone, and it's far too late then. It is just the same with software, and that's why some of us, such as Richard Stallman, myself, and many more, bang on and on about free/libre software being important, even to the extent of eschewing non-free software however technically capable it may be.
Non-free software is a trap, however tempting the bait may be, and frequently the only thing that keeps non-free software honest is the existence of an escape route in the form of free alternatives, preventing the trap from fully closing. How much better to take the escape route first? Contrariwise, every user that goes to closed-source weakens the free alternative, reducing the open community, and bringing nearer the extinction of that escape route.
When it's gone, recovering the freedom you once had is extremely difficult, requiring toil, tears, sweat, and blood - just as recovering political freedoms once lost is a desperately uphill battle.
Non-free software is never trustworthy. Even if it does not contain anything nasty now, it may do so at any point, and it's not trivial (reverse-engineering required) to detect when it does so.
All users benefit from free software, whether or not they intend to hack the software themselves, just as all citizens benefit from free speech whether or not they intend to demonstrate outside Parliament themselves.
The reason there are multiple trustworthy torrent clients to switch to is because those clients are open-source, and the existence of such alternatives is what keeps closed-source equivalents "honest" to some extent - but make no mistake about it, non-free software always reduces our freedom, it is intrinsic to the nature of non-free software.
I stand to be corrected, but from what I see it doesn't appear to be adware, or at the very least not adware in any conventional sense that the term is usually used.
Don't forget that Azureus is not just free but free/libre open-source. Software like that isn't susceptible to some of the usual sort of adware/spyware/whatever commercialisation nonsense, since if attempted the software would just be forked anyway.
Just as might happen with this, anyway - either the developers might offer an "Azureus light" without the content layer, or if they didn't then the "light" version might well be a fork. As long as it's all open-sourced then it'll be fine.
Commercially produced software that is also libre, on the other hand, is all to the good, and more power to their elbow.
Anyway perhaps linux users are even worse. How many of use just install packages from your distro without ever checking who actually wrote them? Just because no-one included a spyware package yet doesn't mean you are being safe. Just lucky.
No, not just lucky. If you've picked a particular distribution, then you've already made a decision either on your own or based on advice that you're going to trust that distribution - but that's a decision made only once, not from every random site that you happen to visit, and if you do decide you want to add some application, whatever it might be, then the normal Linux way is to download it from your distro repositories, not from the developer's website, which is an alien concept to Windows users
In theory a distro might add spyware, but if they did so then either they have to make it closed-source (instantly suspicious!) or it will be discovered in due course and the distro would be discredited/forked/abandoned. So in practice using a fully free/libre distro like Debian or Ubuntu, and avoiding closed-source apps is an extremely good defense against spyware, and a pretty reasonable guarantee of immunity. Not a 100% guarantee, nothing ever is, but pretty reasonable all the same.
If you do the math behind it, you'll also discover that when the number of collisions is low, which starts out being the case, then increasing the population size you intend to cover increases the collision rate in proportion to the square of the population size.
Because it's not linear, that pretty much means any scheme doesn't scale up to the next bigger population size, so for example a scheme that works for London won't scale to the UK, a UK scheme won't scale to EU size, and EU scheme won't scale to World size.
The rate of increase in collisions does drop off later on as the number of collisions rises, but it's way too late by then because the point of this sort of scheme is that there need to be zero or very few collisions! It turns into a trade-off between accuracy, collision rate, and false negative matching, but unique it ain't, for any of these types of scheme.
I believe it's just the opposite - people accepted that software vendors have exclusive rights over their products and figured out that they no only may, but actually do impose unreasonable restrictions over the software. The only solution was (or rather is) to rewrite said software from scratch and license it in a way that protects the user.
Certainly that used to be accepted, and free software was invented to find another route. However, having seen what has been done and is being done with free software, the rules are changing (de facto if not de jure yet), and I no longer believe that we need to accept that software vendors can or should have exclusive rights to impose any restriction they choose - worse when enforced by technical restrictions, naturally, but otherwise no different in principle.
Weird - yes, outrageous - I don't know. First, the analogy is not very good, because you own your car, but you do not own your software - you license it from the developer. Unless such contract violates the law, there is no force that will stop the car dealer to require you to agree with it before you purchase the vehicle.
It comes back to what I said above, which is that I no longer accept the premise that vendors may impose absolutely any restriction on how I use their product, any more than I would for a tangible product, nor that a "license" is a legitimate "product" that can be sold or we need accept. A copy, a single, individual, transferrable, resellable copy (no more than that) which I can own and do with as I wish (just like a particular copy of a book or a music CD), is a different matter, and one for which there's quite a bit more precedent than the current attempt by all kinds of publisher to "license" everything with non-negotiatable, restrictive and technically enforced conditions.
Given that, I have no problem with the idea of using legislation to back that up, and it's perfectly normal to have consumer legislation that limits vendors, especially with intangible products, such as financial services. What a good idea that would be for software sales and content publishing! In the meantime, there are a few obvious ways to break the acceptance that has become far too much taken for granted that these practices are valid, reasonable, even naturally right, for vendors to use. Some of these ways might be:
Use and advocate free software. Simple, cheap, legal, and every new free software user makes it more difficult to impose unfair and restrictive "licenses"
Make "fair use" of products, such as copying music for the car, or transferring software from a retired machine, even if that means breaking copy-protection to do so, and irrespective of unfair and one-sided "license" conditions. NB: you see that last falls well short of commercial copying, for example, or even Napster-style indiscriminate file-sharing, and may be legal or illegal depending on jurisdiction
Educate people, especially new free software users who have taken the first steps to a different basis for publishing such material, about why this is important, and why we need the right to read, for example:http://www.gnu.org/philosophy/right-to-rea d.html
I also could not find many people, who understand that Apple protecting their rights is no different than you, an ordinary person, protecting your rights. And before you say it, no, you do not have the right to run Mac OS X on whatever hardware you want, as long as you legally purchased it. Nobody, except Apple, has any right over most of Mac OS X. You get only the rights that Apple decides to give you, no more, no less. That is the whole idea behind proprietary vs. free/open source software.
That is why free software is invented - because people did not accept that vendors have automatic "rights" to impose absolutely any arbitrary EULA restriction on how a copy of said software, purchased legally, might be used.
If you accept that vendors can impose conditions like this, then you can easily see a series of ever more onerous conditions that an Apple or Microsoft can impose on proprietary software, and which can now be enforced through Treacherous Computing and Digital Restrictions Managament. For example, you might get a license to use software a bit cheaper if it was restricted to only be used at the weekend, say, or only to connect to approved URL's, or only for a few months till your course ended, say with training materials.
Maybe you accept a world like that - I know I certainly don't, and that's why I use free software. Even, I'd go further than that, and say that proprietary vendors have no natural "right" to impose EULAs and should have no automatic right to impose any conditions on how a single legally purchased copy of their software is used. A restriction to being used on no more than one machine at any one time might be reasonable, since that's the single copy paid for - but no more than that, and any other end-use should fall under fair use provisions, so that if I want to take my copy and load it on different hardware (unsupported, at my own risk), then that should be possible without let or hindrance.
Imagine buying a car, for example, with a EULA along with it that said I couldn't visit, for example Cornwall, without paying an extra license fee to the vehicle manufacturer! Outrageous, obviously - but that's the style of restriction that becomes possible with hardware and software DRM capabilities.
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.
Teach your peers. Tell them about it. Tell them to friggin' install that damn antivirus tool. And to upgrade their Windows. And most of all, to finally abandon that insecure webbrowsing pest that comes with every MS System!
Where's the part about finally abandoning that insecure Windows OS pest, and installing Linux instead?
It depends on your expectations. Nobody expects Windows to be toppled for a very long time.
Exactly. It's not something that happens on some specific date. What date did the Roman Empire fall? But it was falling, for an extended period of time, and that's what we're seeing with MS and Windows. It's observable, though like the Romans it's easier to recognise in hindsight.
It may well not be the case, anyway, nor be desirable for MS to be utterly wiped out - it will be sufficient for the OS market to become competitive again, and for other players to be forced to adapt to the new reality.
Also, MS may have to be dragged kicking and screaming into that new reality, as I'm not sure their corporate culture admits that it's even possible. The more they fight the tide, however, instead of addressing how they can work with what is happening, the further they are likely to fall before they can recover again.
Since I don't use OSX, I can't comment on that, though if what you say is true then I'm glad that I've gone Linux rather than OSX.
A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user... and press return"
The same sort of thing can apply to the home situation - if you're a parent, and you want your kid to be able to use the internet but you don't want the machine eaten by the malware out there, do you:
(b) Or give them a Linux workstation, with their own user, but without root access?
Both options require the parent to learn something about the threat, and what to do about it. Which is easier? Which is more effective?
Especially amusing on the Windows safe surfing tips I thought was the stuff about only accepting ActiveX when you're "absolutely confident" it's trustworthy, as if you could ever know.
Go Linux, and that question doesn't arise. Depending on age and maturity, you can relinquish the root password at some later stage, when you would be explicitly handing over control and responsibility to the kid, if it was their own computer, or if it was a family shared computer then probably not ever.
In any case, one of the beauties about Linux is that even if it was prevalent (> 50% of machines), it *still* wouldn't be a monoculture, and would *still* be a hostile environment for this sort of malware.
That's likely to translate into fizzling rather than spreading. Perhaps the best real-world example so far of that is the attack record against Apache, as compared to IIS - we'll have to wait a bit for Linux to continue growing before we see the point replicated for desktop systems.
You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download. Sites hosting malicious downloads can be taken down or blocked where email can't, and virus/worms need a vector (like email) to spread on their own. You might get trojan spyware like that, I suppose.
Anyone who knows enough to save, unzip, make, and run an unsolicited email attachment probably knows not to do it. Even with RPM's, having installed it doesn't run it in and of itself; it's very different to 'click on this and it executes'. RPM's would of course be a better vector for spyware than source, though.
And when it comes to 'Linux vulnerabilities', those exist, of course, but in an ecosystem that isn't a monoculture and where vulnerabilities get fixed fast, it's doubtful if you can engineer anything capable of spreading fast enough to be self-sustaining.
But it wouldn't necessarily be like that with for example Linux, would it?
Not on any Linux I know are you going to get to execute malware directly from your email with a O/S prompt like that.
You'd have to save it to disk, and explicitly make it executable, and if you know how to do that then you probably know not to do it.
Even if they want to give instructions to save it and run some sort of setup script, it's a comparatively long path from receiving the email to the bad code running. That makes it more likely that a clued up user will smell rat, that a less clued-up user will bollix up following the instructions, and it'll fail to take effect.
And even after that, for those unfortunate fools who actually manage to run it, the effort of doing so will at least act to slow down the spread of the thing. That's important, because the slower and less successfully it spreads, the more likely it is just to fizzle out completely.
Market share doesn't equate to vulnerability
on
MyDoom Strikes Again
·
· Score: 1
"but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place."
Under greatest attack, perhaps. That doesn't translate to equally vulnerable, nor automatically likely to be a mass problem.
Any infection like this is going to be exponential, the key question is whether the exponent is greater than 1 or less than 1 at any particular point. If it's greater than 1, even for a while, you get this situation as with Windows where the number of infections rapidly becomes astronomical, until there aren't any more vulnerable systems to attack.
If the exponent is less than 1, which I suspect would be the case for Linux/Mac, even if Linux/Mac were the market-dominant OS, then the infection will have a half-life from any initial distribution, and will rapidly decay to nothing having infected only a comparatively few machines. It just won't spread effectively in such hostile conditions.
Certainly I'd agree with you regarding spam filtering that I'd heard of by other ISPs, that depends on traditional filter rules. Demon in fact refused to introduce spam filtering for a very long time, precisely for this reason.
The Brightmail filtering, however, as described in the article, depends on using what sound like 'honeypot' addresses to attract and automatically categorise spam on the fly, in a rather similar way to the original/. article on thread. Which I found interesting, and which IME does seem to work extraordinarily well.
So the upshot is the spam gets canned on my domain, it's self-updating, I can still create email accounts as and when I like which are unaffected, and add my own processing on those if I want - it seems pretty close to being a genuine solution for the end-user.
The other reason I stay with Demon (I don't work for them, honest!) is that I generally approve of their sensible policy in such matters; the fact that they *didn't* introduce filtering for a long time, despite the spam, until they could discover a satisfactory technical means of doing it, and the fact that when they did they made the filtering wholly optional - you can turn on or off as and when you wish, as opposed to it being applied regardless by the ISP.
I had a similar problem, at about 1/10th of the level, for about a year or so. In the end what solved it for me was (mainly) was that my ISP introduced email filtering:
http://www.demon.net/helpdesk/technicallibrary/faq/email/index.html
and (less) that I went on to broadband so doing any further filtering on what was left was easier. Some still gets through, but on the order of a few dozen a week, rather than thousands a day.
Slashdot Mirror
No problemo...
the entire patent system could (should?) be scrapped. Along with the entire copyright system.
... your wish is my command.
Trademarks aren't too bad though, I suppose we can let those stay, as long as we make sure trademarks aren't twisted and misused into pseudo-copyrights once we've scrapped the present copyright system.
From what I can see of it, Bloglines is not only software, but are also providing web services, which means that additional considerations apply, whether or not source code for the application is available.
For a conventional downloaded application that you then use directly on your own computer, the argument is fairly well worked out and easy to make, for example choosing to use a free/libre torrent client rather uTorrent, OpenOffice rather than MS-Office, ClamAV rather than Antivir, etc, etc.
It is not only about the practical drawbacks that directly affect you, such things as what it might actually be doing "under the covers", what happens if the vendor discontinues it or unilaterally changes the terms, pricing, etc, with the next version/security upgrade, and all the usual arguments on those lines. Your use of closed-source applications also has a wider impact on everyone:
When it comes to web services, other considerations impact. By signing up to the site, you are probably entering into some sort of ongoing contract, rather different to buying a product. Though I note that the desire of software vendors to transfer to a rental/subscription model rather than the sale of an instance of a copy of the software is one of the drawbacks of conventional closed-source applications.
Going back to Bloglines for a moment, one notices that while they use free/open source software to provide web applications, they also impose conditions on their web services that would not be acceptable for a free/libre application. For example:
Terms like that would make a conventional stand-alone application non-free, even if the source code was available, and using web services to impose conditions like that on applications built on top of free/libre software is part of what's intended to be addressed by changes to the GPL in version 3.
The point being that we wish to preserve a fundamental set of freedoms for users of software (however the application is delivered) as follows:
It's not only, or even particularly, that you personally can see the source, though that comes along with it. That's a common misconception - what would I do with the source anyway, many/most people say quite understandably. Yet that's missing the point, which is threefold:
Quote:
That's also quite common, and if I may say so, quite short-sighted as well. The analogy to free speech is quite apt, as many people place similarly little intrinsic value on traditional liberties they have taken for granted, being willing, even eager, to give up freedoms and accept the extension of government powers (arrest, detention, trial, national identity, expression, etc, etc) in the name of fighting terrorism, pornography, efficiency, or whatever other excuse is flavour of the day.
Those people won't squawk until their freedom is gone, and it's far too late then. It is just the same with software, and that's why some of us, such as Richard Stallman, myself, and many more, bang on and on about free/libre software being important, even to the extent of eschewing non-free software however technically capable it may be.
Non-free software is a trap, however tempting the bait may be, and frequently the only thing that keeps non-free software honest is the existence of an escape route in the form of free alternatives, preventing the trap from fully closing. How much better to take the escape route first? Contrariwise, every user that goes to closed-source weakens the free alternative, reducing the open community, and bringing nearer the extinction of that escape route.
When it's gone, recovering the freedom you once had is extremely difficult, requiring toil, tears, sweat, and blood - just as recovering political freedoms once lost is a desperately uphill battle.
Non-free software is never trustworthy. Even if it does not contain anything nasty now, it may do so at any point, and it's not trivial (reverse-engineering required) to detect when it does so.
All users benefit from free software, whether or not they intend to hack the software themselves, just as all citizens benefit from free speech whether or not they intend to demonstrate outside Parliament themselves.
The reason there are multiple trustworthy torrent clients to switch to is because those clients are open-source, and the existence of such alternatives is what keeps closed-source equivalents "honest" to some extent - but make no mistake about it, non-free software always reduces our freedom, it is intrinsic to the nature of non-free software.
I stand to be corrected, but from what I see it doesn't appear to be adware, or at the very least not adware in any conventional sense that the term is usually used.
Don't forget that Azureus is not just free but free/libre open-source. Software like that isn't susceptible to some of the usual sort of adware/spyware/whatever commercialisation nonsense, since if attempted the software would just be forked anyway.
Just as might happen with this, anyway - either the developers might offer an "Azureus light" without the content layer, or if they didn't then the "light" version might well be a fork. As long as it's all open-sourced then it'll be fine.
Commercially produced software that is also libre, on the other hand, is all to the good, and more power to their elbow.
No, not just lucky. If you've picked a particular distribution, then you've already made a decision either on your own or based on advice that you're going to trust that distribution - but that's a decision made only once, not from every random site that you happen to visit, and if you do decide you want to add some application, whatever it might be, then the normal Linux way is to download it from your distro repositories, not from the developer's website, which is an alien concept to Windows users
In theory a distro might add spyware, but if they did so then either they have to make it closed-source (instantly suspicious!) or it will be discovered in due course and the distro would be discredited/forked/abandoned. So in practice using a fully free/libre distro like Debian or Ubuntu, and avoiding closed-source apps is an extremely good defense against spyware, and a pretty reasonable guarantee of immunity. Not a 100% guarantee, nothing ever is, but pretty reasonable all the same.
If you do the math behind it, you'll also discover that when the number of collisions is low, which starts out being the case, then increasing the population size you intend to cover increases the collision rate in proportion to the square of the population size.
Because it's not linear, that pretty much means any scheme doesn't scale up to the next bigger population size, so for example a scheme that works for London won't scale to the UK, a UK scheme won't scale to EU size, and EU scheme won't scale to World size.
The rate of increase in collisions does drop off later on as the number of collisions rises, but it's way too late by then because the point of this sort of scheme is that there need to be zero or very few collisions! It turns into a trade-off between accuracy, collision rate, and false negative matching, but unique it ain't, for any of these types of scheme.
Certainly that used to be accepted, and free software was invented to find another route. However, having seen what has been done and is being done with free software, the rules are changing (de facto if not de jure yet), and I no longer believe that we need to accept that software vendors can or should have exclusive rights to impose any restriction they choose - worse when enforced by technical restrictions, naturally, but otherwise no different in principle.
It comes back to what I said above, which is that I no longer accept the premise that vendors may impose absolutely any restriction on how I use their product, any more than I would for a tangible product, nor that a "license" is a legitimate "product" that can be sold or we need accept. A copy, a single, individual, transferrable, resellable copy (no more than that) which I can own and do with as I wish (just like a particular copy of a book or a music CD), is a different matter, and one for which there's quite a bit more precedent than the current attempt by all kinds of publisher to "license" everything with non-negotiatable, restrictive and technically enforced conditions.
Given that, I have no problem with the idea of using legislation to back that up, and it's perfectly normal to have consumer legislation that limits vendors, especially with intangible products, such as financial services. What a good idea that would be for software sales and content publishing! In the meantime, there are a few obvious ways to break the acceptance that has become far too much taken for granted that these practices are valid, reasonable, even naturally right, for vendors to use. Some of these ways might be:
You get the drift...
That is why free software is invented - because people did not accept that vendors have automatic "rights" to impose absolutely any arbitrary EULA restriction on how a copy of said software, purchased legally, might be used.
If you accept that vendors can impose conditions like this, then you can easily see a series of ever more onerous conditions that an Apple or Microsoft can impose on proprietary software, and which can now be enforced through Treacherous Computing and Digital Restrictions Managament. For example, you might get a license to use software a bit cheaper if it was restricted to only be used at the weekend, say, or only to connect to approved URL's, or only for a few months till your course ended, say with training materials.
Maybe you accept a world like that - I know I certainly don't, and that's why I use free software. Even, I'd go further than that, and say that proprietary vendors have no natural "right" to impose EULAs and should have no automatic right to impose any conditions on how a single legally purchased copy of their software is used. A restriction to being used on no more than one machine at any one time might be reasonable, since that's the single copy paid for - but no more than that, and any other end-use should fall under fair use provisions, so that if I want to take my copy and load it on different hardware (unsupported, at my own risk), then that should be possible without let or hindrance.
Imagine buying a car, for example, with a EULA along with it that said I couldn't visit, for example Cornwall, without paying an extra license fee to the vehicle manufacturer! Outrageous, obviously - but that's the style of restriction that becomes possible with hardware and software DRM capabilities.
http://www.gnu.org/philosophy/can-you-trust.html
'Nuff said
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.
It depends on your expectations. Nobody expects Windows to be toppled for a very long time.
Exactly. It's not something that happens on some specific date. What date did the Roman Empire fall? But it was falling, for an extended period of time, and that's what we're seeing with MS and Windows. It's observable, though like the Romans it's easier to recognise in hindsight.
It may well not be the case, anyway, nor be desirable for MS to be utterly wiped out - it will be sufficient for the OS market to become competitive again, and for other players to be forced to adapt to the new reality.
Also, MS may have to be dragged kicking and screaming into that new reality, as I'm not sure their corporate culture admits that it's even possible. The more they fight the tide, however, instead of addressing how they can work with what is happening, the further they are likely to fall before they can recover again.
Since I don't use OSX, I can't comment on that, though if what you say is true then I'm glad that I've gone Linux rather than OSX.
... and press return"
A school that runs Unix (e.g. Linux workstations) are hardly going to give the kids root access, are they? Any virus/worm would *have* to be able to first manage a local exploit at least, even to get started. That's hardly "just tell the user
The same sort of thing can apply to the home situation - if you're a parent, and you want your kid to be able to use the internet but you don't want the machine eaten by the malware out there, do you:
(a) Do what's listed here http://www.pcpitstop.com/spycheck/safesurfing.asp
(b) Or give them a Linux workstation, with their own user, but without root access?
Both options require the parent to learn something about the threat, and what to do about it. Which is easier? Which is more effective?
Especially amusing on the Windows safe surfing tips I thought was the stuff about only accepting ActiveX when you're "absolutely confident" it's trustworthy, as if you could ever know.
Go Linux, and that question doesn't arise. Depending on age and maturity, you can relinquish the root password at some later stage, when you would be explicitly handing over control and responsibility to the kid, if it was their own computer, or if it was a family shared computer then probably not ever.
In any case, one of the beauties about Linux is that even if it was prevalent (> 50% of machines), it *still* wouldn't be a monoculture, and would *still* be a hostile environment for this sort of malware.
That's likely to translate into fizzling rather than spreading. Perhaps the best real-world example so far of that is the attack record against Apache, as compared to IIS - we'll have to wait a bit for Linux to continue growing before we see the point replicated for desktop systems.
You're optimistic about the number of Linux machines that might be affected. This was discussing email, not download. Sites hosting malicious downloads can be taken down or blocked where email can't, and virus/worms need a vector (like email) to spread on their own. You might get trojan spyware like that, I suppose.
Anyone who knows enough to save, unzip, make, and run an unsolicited email attachment probably knows not to do it. Even with RPM's, having installed it doesn't run it in and of itself; it's very different to 'click on this and it executes'. RPM's would of course be a better vector for spyware than source, though.
And when it comes to 'Linux vulnerabilities', those exist, of course, but in an ecosystem that isn't a monoculture and where vulnerabilities get fixed fast, it's doubtful if you can engineer anything capable of spreading fast enough to be self-sustaining.
Maybe it does apply...
4 ,1,795541.story?coll=la-headlines-business&ctrack= 1&cset=true
http://www.latimes.com/business/la-fi-fedup14jan1
But it wouldn't necessarily be like that with for example Linux, would it?
Not on any Linux I know are you going to get to execute malware directly from your email with a O/S prompt like that.
You'd have to save it to disk, and explicitly make it executable, and if you know how to do that then you probably know not to do it.
Even if they want to give instructions to save it and run some sort of setup script, it's a comparatively long path from receiving the email to the bad code running. That makes it more likely that a clued up user will smell rat, that a less clued-up user will bollix up following the instructions, and it'll fail to take effect.
And even after that, for those unfortunate fools who actually manage to run it, the effort of doing so will at least act to slow down the spread of the thing. That's important, because the slower and less successfully it spreads, the more likely it is just to fizzle out completely.
"but you can be assured whom ever has the largest market share will be the one under the greatest attack in the first place."
Under greatest attack, perhaps. That doesn't translate to equally vulnerable, nor automatically likely to be a mass problem.
Any infection like this is going to be exponential, the key question is whether the exponent is greater than 1 or less than 1 at any particular point. If it's greater than 1, even for a while, you get this situation as with Windows where the number of infections rapidly becomes astronomical, until there aren't any more vulnerable systems to attack.
If the exponent is less than 1, which I suspect would be the case for Linux/Mac, even if Linux/Mac were the market-dominant OS, then the infection will have a half-life from any initial distribution, and will rapidly decay to nothing having infected only a comparatively few machines. It just won't spread effectively in such hostile conditions.
Certainly I'd agree with you regarding spam filtering that I'd heard of by other ISPs, that depends on traditional filter rules. Demon in fact refused to introduce spam filtering for a very long time, precisely for this reason.
/. article on thread. Which I found interesting, and which IME does seem to work extraordinarily well.
The Brightmail filtering, however, as described in the article, depends on using what sound like 'honeypot' addresses to attract and automatically categorise spam on the fly, in a rather similar way to the original
So the upshot is the spam gets canned on my domain, it's self-updating, I can still create email accounts as and when I like which are unaffected, and add my own processing on those if I want - it seems pretty close to being a genuine solution for the end-user.
The other reason I stay with Demon (I don't work for them, honest!) is that I generally approve of their sensible policy in such matters; the fact that they *didn't* introduce filtering for a long time, despite the spam, until they could discover a satisfactory technical means of doing it, and the fact that when they did they made the filtering wholly optional - you can turn on or off as and when you wish, as opposed to it being applied regardless by the ISP.
I had a similar problem, at about 1/10th of the level, for about a year or so. In the end what solved it for me was (mainly) was that my ISP introduced email filtering: http://www.demon.net/helpdesk/technicallibrary/faq /email/index.html
and (less) that I went on to broadband so doing any further filtering on what was left was easier. Some still gets through, but on the order of a few dozen a week, rather than thousands a day.