I think this is behaving in a responsible way towards users of the software. The Apache group work in a similar fashion; from the Apache website:
Reporting Security Problems with Apache The Apache Group takes a very active stance in eliminating security problems and denial of service attacks against the Apache web server. We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum. The mailing address is: I-found-a-security-problem-in-the-apache-source-co de@apache.org. We cannot accept regular bug reports or other queries at this address, we ask that you use our bug reporting page for those. All mail sent to this address that does not relate to security issues will be ignored.
Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs.
Am I the only one that thinks the constant flameage about the mass-media substituting the term "Hacker" for "Cracker" is a pointless waste of energy about what amounts to be a semantic non-issue?
There is a long history of words being subverted to other meanings in the English language. Hacker now means someone who maliciously breaks into computers and any amount of moaning will not change that.
When you buy a DVD, CD, whatever, you are purchasing a license to play it at home, with restrictions. You don't own the content, you own the media. The intellectual property owner owns the content and can impose any restrictions they like. If you don't like it tough, don't buy it.
Your rant is pretty fucking objectionable. I like the majority of my fellow citizens do not want to run around machine gunning each other, You quote hungerford and blame this on legislation. OK i'll quote that shitty thing that happened in your south. What caused this? Well Xena Warrior Princess of course. We have a stupidly low death rate in the UK precisely because we dont have guns. Want to argue? knock yourself out. Free guns for everyone, fuck you & dont come to england please
notwithstanding the official IBM lets suppourt apache (instead of domino?) there is a huge developmental resource that lives at IBM.
AFAIK, Rasmus Ledorf and some of the other PHP hackers work at IBM, and a fairly large cross section of the Apache core either work their or are supported...
Your manager wants to switch to Linux but you are insisting on using ASP? Your concerned about Apache staying up? hmmm. get PostgreSQL, PHP & Apache. Compile. Sit back and be happy at the flexible & rock solid web environment you just got for free. From my experience Apache is a *lot* stabler than IIS. IIS at it's worst crashed daily because of a bug in Transaction Server. Apache under a similar load ran for months and months no problem.
There are a couple of things that are changing in the way games are handled for Linux.
The first is perception. As more and more games become available, the Publishers will start to realise that Linux is a viable platform to port software to - the desktop marketshare isn't there yet but more games arriving means a virtuous circle of more gamers making the switch means more games arrive....
The second is libraries. Loki (amongst others) are doing an admirable job of creating software libraries to support games production. I'm assuming more and more libraries will become available, from handling different video cards to whole 3d engines. I don't think Linux libraries can compete with DirectX yet at least in terms of mindshare, but it's only a matter of time and with the increasing availability of OSS engines the cost of market entry becomes substantially lower for developers. There will be little need to pay six figure sums for a 3d engine.
With reduced costs, hopefully the publishers will be a little more adventurous in the projects they green light.
I completely agree with your points *but* I was trying to use this as an example of US (and by extension all developed nations) culltural imperialism. (guess i did it badly)
sorry, oz was the wrong example to use, lets get hypothetical:
some country historically has female circumcision, but disallows unfettered net access for cultural reasons. Of course western view points are offended by this, but that doesn't neccesarily make them more valid than this countries opinions - probably they are less valid because of the weight of culture.
i just saw a glimmer of this in the situation and it got my shackles up:)
The target production environment we have is a Sun E10K, at the moment we do the majority of our dev work on old retired Proliant's running Solaris x86 - when thats done, we port to an old Netra thats sitting around and need to recompile sor UltraSparc.
This announcement from Sun allows us to dump the crappy Solaris x86 boxes and compile stuff directly on a Sparc and move it into production - awesome!
Wouldn't have one at home though, Win95 / *BSD suits me fine.
didn't Hilary Clinton recently get stung in NY for shamelessly trying to buy some ethnic minority vote?
now this guy is in Silicon Valley, a pretty wired up place - is the population of tech people here high enough to count as an 'ethnic' minority? (note quotes). Isn't he shamelessly trying to get the backing of a large swathe of the population (the richest segment).
strikes me as though he could care less about Microsoft, politics and votes from the geek sector seem more important to him.
Aide: Use the anti-microsoft sentiment Senator: Who are Microsoft? Aide: 27% of your votors hate them, the rest are indifferent. Senator: Those bastards! This is unamerican and anti competitive, lets break them up! Aide: Yessir, the gravy train will come in for you sir.
The Hacker Crackdown. Was the OSS of that novel worth it? What hassle did you go through with the publishers? Did it convince them to change their opinions - I myself grabbed it from a friend, but now keep a copy of the freeware version on my desktop.
Slashdot How do you feel about being a/.ed focal point? Is that a good or bad thing? How good is it to have MUD's based on your work? Do you play them?
Is there a sequel for heavy weather coming? Did the world get trashed?
the env to target for is CDE, the Common Desktop Environment. Think past the Linux box, CDE targets pretty much any Unix type OS and is pretty damn usable.
KDE & Gnome are divisive. CDE is inclusive - Linux, *BSD, Irix, Solaris, AIX....
hate to say this but US laws do not apply here, if the *majority* of Ozzies (sp) agree to this then who are we to complain? judge?
sure i feel for you & i know this place aint much better (uk). BUT, just because the US constitution is against this, does it neccesarily mean it is wrong, at least for that place?
5% of people disagree, 40% dont care and the rest are pro, does that mean the remaining 95% are wrong?
this offends me, but as a self professed geek, my opinions differ from the norm - and i'm in no position to force my opinions on the majority.
They have no right to override a vendor in this manner and possibly drive them out of business or really harm them for what may have been a very honest mistake.
They have every right to do what the want to, however I stand by my initial assertation that the way they go about displaying their knowledge is irresponsible.
I'm fairly sure they'd get more respect from the majority if they did, whether they want this respect or not is another matter entirely.
I'm not sure thats a valid argument, perhaps the way this (hypothetical) ISP could differentiate itself from its competitors (and it *is* a competitive market) was that it could provide Coldfusion hosting - there are after all plenty of CF developers. Should they be penalised for finding a niche? I think not.
I'm with the AC that said l0pht should post a warning of impending security hole announcement at the same time as notifying the vendor on this.
This isn't a tirade against OSS at all, I agree it is easier to audit - all i'm saying is their are valid reasons to go proprietary.
I know they are very big on their neutrality, but some of the attitudes seem irresponsible to me.
"We were trained by the vendors to go public," says Mudge, "to give them a black eye."
This was in relation to the coldfusion 'sploit. Not only did it give the vendors a black eye, but also a lot of customers who use coldfusion for whatever reason. They didn't deserve a black eye for it.
Hypothetical:
An ISP provided Coldfusion hosting for many high profile sites, these all got hacked due to this exploit and the ISP's reputation suffered. They went bust. Could happen. (Maybe it did?)
Surely the responsible action would have been to notify Allaire of the exploit and warn them that they were posting it in a week? This would have given Allaire time to fix it and notify their customers. Allaire's reputation suffers a little & only the lazy / stupid customers are damaged.
From comments later in the article it seems they may be heading in this direction. I hope they do.
Slashdot Mirror
I think this is behaving in a responsible way towards users of the software. The Apache group work in a similar fashion; from the Apache website:
o de@apache.org. We cannot accept regular bug reports or other queries at this address, we ask that you use our bug reporting page for those. All mail sent to this address that does not relate to security issues will be ignored.
Reporting Security Problems with Apache
The Apache Group takes a very active stance in eliminating security problems and denial of service attacks against the Apache web server. We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum. The mailing address is: I-found-a-security-problem-in-the-apache-source-c
Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs.
Am I the only one that thinks the constant flameage about the mass-media substituting the term "Hacker" for "Cracker" is a pointless waste of energy about what amounts to be a semantic non-issue?
There is a long history of words being subverted to other meanings in the English language. Hacker now means someone who maliciously breaks into computers and any amount of moaning will not change that.
...wouldn't it be nice to see a Dreamcast port? That would certainly be a big screw you SOny for all the legal hassles, and give Sega a nice boost.
When you buy a DVD, CD, whatever, you are purchasing a license to play it at home, with restrictions. You don't own the content, you own the media. The intellectual property owner owns the content and can impose any restrictions they like. If you don't like it tough, don't buy it.
...who exactly is going to stir this liquid at the speed of light?
...but linux is a registered trademark of Linus Torvalds right?
didn't he also say that he registered the name to prevent this kind of profiteering?
perhaps the money raised by Fred VanKampen should go into some foundation.
it's the mpeg layer 2 compression format that you pay $$$ for.
yeah, it's Brighton :)
Your rant is pretty fucking objectionable. I like the majority of my fellow citizens do not want to run around machine gunning each other, You quote hungerford and blame this on legislation. OK i'll quote that shitty thing that happened in your south. What caused this? Well Xena Warrior Princess of course. We have a stupidly low death rate in the UK precisely because we dont have guns. Want to argue? knock yourself out. Free guns for everyone, fuck you & dont come to england please
I like the kickass clubs, beach, pier, social scene and the relatively easy commute to London 60 miles north.
just make it realtime and i'll have your babies :)
notwithstanding the official IBM lets suppourt apache (instead of domino?) there is a huge developmental resource that lives at IBM.
AFAIK, Rasmus Ledorf and some of the other PHP hackers work at IBM, and a fairly large cross section of the Apache core either work their or are supported...
Your manager wants to switch to Linux but you are insisting on using ASP? Your concerned about Apache staying up? hmmm. get PostgreSQL, PHP & Apache. Compile. Sit back and be happy at the flexible & rock solid web environment you just got for free. From my experience Apache is a *lot* stabler than IIS. IIS at it's worst crashed daily because of a bug in Transaction Server. Apache under a similar load ran for months and months no problem.
There are a couple of things that are changing in the way games are handled for Linux.
The first is perception. As more and more games become available, the Publishers will start to realise that Linux is a viable platform to port software to - the desktop marketshare isn't there yet but more games arriving means a virtuous circle of more gamers making the switch means more games arrive....
The second is libraries. Loki (amongst others) are doing an admirable job of creating software libraries to support games production. I'm assuming more and more libraries will become available, from handling different video cards to whole 3d engines. I don't think Linux libraries can compete with DirectX yet at least in terms of mindshare, but it's only a matter of time and with the increasing availability of OSS engines the cost of market entry becomes substantially lower for developers. There will be little need to pay six figure sums for a 3d engine.
With reduced costs, hopefully the publishers will be a little more adventurous in the projects they green light.
I completely agree with your points *but* I was trying to use this as an example of US (and by extension all developed nations) culltural imperialism. (guess i did it badly)
:)
sorry, oz was the wrong example to use, lets get hypothetical:
some country historically has female circumcision, but disallows unfettered net access for cultural reasons. Of course western view points are offended by this, but that doesn't neccesarily make them more valid than this countries opinions - probably they are less valid because of the weight of culture.
i just saw a glimmer of this in the situation and it got my shackles up
The target production environment we have is a Sun E10K, at the moment we do the majority of our dev work on old retired Proliant's running Solaris x86 - when thats done, we port to an old Netra thats sitting around and need to recompile sor UltraSparc.
This announcement from Sun allows us to dump the crappy Solaris x86 boxes and compile stuff directly on a Sparc and move it into production - awesome!
Wouldn't have one at home though, Win95 / *BSD suits me fine.
didn't Hilary Clinton recently get stung in NY for shamelessly trying to buy some ethnic minority vote?
now this guy is in Silicon Valley, a pretty wired up place - is the population of tech people here high enough to count as an 'ethnic' minority? (note quotes). Isn't he shamelessly trying to get the backing of a large swathe of the population (the richest segment).
strikes me as though he could care less about Microsoft, politics and votes from the geek sector seem more important to him.
Aide: Use the anti-microsoft sentiment
Senator: Who are Microsoft?
Aide: 27% of your votors hate them, the rest are indifferent.
Senator: Those bastards! This is unamerican and anti competitive, lets break them up!
Aide: Yessir, the gravy train will come in for you sir.
Bruce,
/.ed focal point? Is that a good or bad thing? How good is it to have MUD's based on your work? Do you play them?
The Hacker Crackdown.
Was the OSS of that novel worth it? What hassle did you go through with the publishers? Did it convince them to change their opinions - I myself grabbed it from a friend, but now keep a copy of the freeware version on my desktop.
Slashdot
How do you feel about being a
Is there a sequel for heavy weather coming? Did the world get trashed?
answer what you like...
I predict that the same four people that went to see the Beastmaster go and see this film. In the UK it goes straight to video.
The cartoon was better.
oops sorry for the exclamations...
dont write for KDE, dont write for Gnome.
the env to target for is CDE, the Common Desktop Environment. Think past the Linux box, CDE targets pretty much any Unix type OS and is pretty damn usable.
KDE & Gnome are divisive. CDE is inclusive - Linux, *BSD, Irix, Solaris, AIX....
something smallish compnaies like Allaire dont have vast amounts of.
they basically make good software, we should help them - not smack them down
hate to say this but US laws do not apply here, if the *majority* of Ozzies (sp) agree to this then who are we to complain? judge?
sure i feel for you & i know this place aint much better (uk). BUT, just because the US constitution is against this, does it neccesarily mean it is wrong, at least for that place?
5% of people disagree, 40% dont care and the rest are pro, does that mean the remaining 95% are wrong?
this offends me, but as a self professed geek, my opinions differ from the norm - and i'm in no position to force my opinions on the majority.
They have no right to override a vendor in this manner and possibly drive them out of business or really harm them for what may have been a very honest mistake.
They have every right to do what the want to, however I stand by my initial assertation that the way they go about displaying their knowledge is irresponsible.
I'm fairly sure they'd get more respect from the majority if they did, whether they want this respect or not is another matter entirely.
I'm not sure thats a valid argument, perhaps the way this (hypothetical) ISP could differentiate itself from its competitors (and it *is* a competitive market) was that it could provide Coldfusion hosting - there are after all plenty of CF developers. Should they be penalised for finding a niche? I think not.
I'm with the AC that said l0pht should post a warning of impending security hole announcement at the same time as notifying the vendor on this.
This isn't a tirade against OSS at all, I agree it is easier to audit - all i'm saying is their are valid reasons to go proprietary.
I know they are very big on their neutrality, but some of the attitudes seem irresponsible to me.
"We were trained by the vendors to go public," says Mudge, "to give them a black eye."
This was in relation to the coldfusion 'sploit. Not only did it give the vendors a black eye, but also a lot of customers who use coldfusion for whatever reason. They didn't deserve a black eye for it.
Hypothetical:
An ISP provided Coldfusion hosting for many high profile sites, these all got hacked due to this exploit and the ISP's reputation suffered. They went bust. Could happen. (Maybe it did?)
Surely the responsible action would have been to notify Allaire of the exploit and warn them that they were posting it in a week? This would have given Allaire time to fix it and notify their customers. Allaire's reputation suffers a little & only the lazy / stupid customers are damaged.
From comments later in the article it seems they may be heading in this direction. I hope they do.