Ignoring for a moment whether or not rights are subjective.
Earlier on you awkwardly defined rights as "things that it is wrong for the government to interfere with its citizens doing". Rights are much better defined as entitlements or permissions granted by agreement.
As another poster pointed out this is an issue about freedom of speech versus the right to privacy.
In this case you clearly seem to value freedom of speech over the right of privacy. However, that doesn't make it right (no pun intended) for you to say that the original poster doesn't "understand what a right is".
Ok so by your own admittance we've proven that asus-uk.com at the very least is in fact an official Asus website. Right now let's take it one step further, here's a link to another page on that same domain:
I'd like to hear how you're going to wiggle your way out of this one. Oh it was just the UK branch, you say? Oh, it was just a lone mad sales guy? Asus was never serious about putting Linux on their netbooks, laptops or whatever from the get go. If you've ever used an Eee pc you'd know that the custom Xandros distro stuff was a disaster and anyone worth their salt would immediately replace it a properly configured distro (in a lot of cases Ubuntu). Asus well never get any money from me again.
Your entire post did nothing to counter the statement made by the GP that Firefox users are stingy or even elaborate as to how you yourself could not be called stingy. Judging by some of the other posts you've made you certainly sound stingy to me.
It doesn't really have anything to do with a conspiracy. I know some people will immediately go in a frenzy for me even recommending this but if you haven't consider reading some of Chomsky's political stuff such as Manufacturing Consent or Media Control. Then to balance everything out take a look at the criticism section from Wikipedia's article on Chomsky. But most important of all, stay critical and form your own opinion.
And with key based authentication, key(board) loggers aren't a worry.
They're not? Correct me if I'm wrong but if there's a keylogger on your system your private key has already been compromised and all that the attacker needs is the passphrase. It may even be possible to simply do stuff behind the users back while the passphrase is cached.
Same reason I'm not sure if your idea about introducing another machine or VM and then remoting into that makes sense. A dedicated machine would help but you'd actually need to have a KVM switch.
Exactly, the confusion here might be in the terminology. Password versus passhrase.
Anyways, just using keys doesn't magically make everything more secure, it just negates brute force password attacks. From the few high profile cases I remember the compromise was the result of somebody's private key being compromised (e.g. the Debian compromises).
The only true solution is a combination of the principle of least privilege, sandboxing (SELinux etc.), proper monitoring and a whole host of other security measures.
I'd say that it depends on a lot of factors really.
First of all it depends on how mission critical the services that run on that system are considered and what kind of chances you're willing to take that a particular package might break something. The experience and available time of your system administrator also plays a significant role.
I currently manage just a single box (combination of a public web server and internal supporting infrastructure) for the company I work at and have it automatically install both security and normal updates.
I personally trust the distro maintainers to properly QA everything that is packaged. Also, I don't think any single system administrator has the experience or knowledge to be able to actually verify whether or not an update is going to be installed without any problems. The best effort one can make is determine whether or not an update is really needed and then keep an eye on the server while the update is being applied.
In the case of security updates it's a no-brainer for me, they need to be applied ASAP. I haven't had the energy to setup a proper monitoring solution and I've never even seen Red Hat Network in action. So if I had to manually verify available updates (or even setup some shell scripts to help me here) it would be just too much effort considering the low mission criticality of the server. If there does happen to be a problem with the server I'll find out about it fast enough then I'll take a peak at the APT log and take it from there.
Set up key based login and you don't even have to type passwords.
Since you basically need root access to do updates this definitely poses a security hazard as when your client is compromised there is direct access to the server. Then again, an attacker could always use a keylogger to capture the password anyways.
If you even attempt to do this I'd setup a different user account specifically for the process of updating and limit the rights accordingly and then I'd restrict the commands that can be executed (you can do this per key).
There may actually be better ways but I'm not a very experienced sysadmin. Most experience I have is from managing a single web server and my local desktop obviously. Be sure to correct me (in a friendly manner) if I'm wrong.
Then again, if you do this from the same machine as your normal account is located on you'll still have the same issues in case of a compromised client. Probably just best to limit every single account to just that what is specifically needed and setup proper host based intrusion detection (OSSEC?) to be notified when something goes wrong. This stuff is hard...
Re:Oracle + Sun MUCH better than IBM + Sun
on
Oracle Buys Sun
·
· Score: 1
IBM would have killed Star/OpenOffice (they have their own office suite, no matter how crappy). Again, OpenOffice is opensource, so...
Uhm, IBM Lotus Symphony is basically a fork of OpenOffice.org 1.1.4.
47,- euros a month for unlimited access? Is it bound to a specific route?
I live in The Netherlands and my costs far outweigh that number. For the sake of simplicity let's assume I travel the same route 5 days a week.
A yearly subscription for the train between on a route of +/- 55km would cost me 132.40,- euros a month. Because I recently graduated I received a subsidized public transit subscription which allows me to currently bring this down to about 100,- euros a month (ignoring any taxes, again for the sake of simplicity). Add to that the fact that just traveling back-and-forth between the train station with the bus (+/- 10km) costs me about 4,- euros per trip. That's 80,- euros without a subscription, I could possibly bring that down to about 60,- euros a month with a subscription.
So in a best case scenario (without the subsidized subscription) using public transit costs me roughly 2300,- euros on a yearly basis.
Back on-topic. What I'm wondering is just how much spending is included with the bill that mandates this website. I actually opened it with the intention of at least somewhat reading it, but it has a gazillion more pages than I'm willing to read right now. Starting with a bill that mandates actually reading the bills sounds like a plan to me.
If that is there, then what makes the awesome bar any different or special in that is doesn't need to apply to those same rules or idea set out so long ago? Of course the answer to that is nothing is special about it in that regard.
Basically ignoring the rest of your post (though I had an hilarious time reading it). The awesome bar has not been exempted from the Clear Private Data functionality (just tick "Browsing History"). However, it does search bookmarks which obviously aren't cleared.
Everything you bring up to somehow prove your point that the awesome bar is a privacy risk makes no sense at all. I can tell you this much, your problems don't lie in the awesome bar.
Yes, seriously. In your initial post you stated that Stallman blasts companies for opening up, you are wrong and I asked for citations and the information you in turn provide doesn't support your previous statement (more anecdotes and still no citations). You, and many others, are trying to paint Stallman as a raving lunatic even though in actuality the statements he makes are rather balanced. Note how in your little anecdote you didn't even mention Microsoft, though in your original post you stated that Stallman blasted Microsoft for opening up documentation, standards and protocols.
In reality Stallman does tend to commend companies that open up, but he will not turn a blind eye when that company engages in hypocricy or activities that blatantly go against the Free Software ideology (which is not only entirely logical, but essential for preserving the ideals he cherishes). For an example of where he commended a company for opening up see his statements regarding Sun Microsystems decision to open up Java in 2006, he stated:
I think Sun has, well with this contribution, have contributed more than any other company to the free software community, in the form of software. And it shows leadership - it's an example I hope others will follow.
So, I've taken the liberty (read: did the actual hard work you refused to do) to Google around and see what Stallman has really said regarding the matter you've brought up:
The license for those binaries is unacceptable for several reasons. For instance, it says you give Google the right to change your software and requires you to accept whatever changes they decide to impose. It purports to forbid reverse engineering. It also uses the confusing and biased propaganda term "intellectual property". [...] You should not agree to those terms.
10.2 You may not (and you may not permit anyone else to) copy, modify, create a derivative work of, reverse engineer, decompile or otherwise attempt to extract the source code of the Software or any part thereof, unless this is expressly permitted or required by law, or unless you have been specifically told that you may do so by Google, in writing.
Regarding cloud computing. Hold on, even though Google embraces open standards you do understand that by using their proprietary services (Google Search, GMail, Google Apps) you certainly run the risk of becoming dependent (locked in) on functionality offered?
If Microsoft opens more documentation, standards and protocols, he blasts them for it. If Google opens up a bunch of their code, he blasts them for it. Over and over again.
From what I understand creators of distributions aren't being coerced in following these guidelines and end-users aren't coerced into using a distribution that follows these guidelines. Seems it's entirely voluntarily to me. So, what's the problem?
If not, then you'd lose out on the freedom to use your computer as you see fit.
However by freely choosing to use proprietary software (depending on how restrictive the license is) you lose out on a lot of other freedoms, such as the freedom to run, copy, distribute, study, change and/or improve the software.
It simply seems you value certain freedoms more than others.
Slashdot Mirror
Ignoring for a moment whether or not rights are subjective.
Earlier on you awkwardly defined rights as "things that it is wrong for the government to interfere with its citizens doing". Rights are much better defined as entitlements or permissions granted by agreement.
As another poster pointed out this is an issue about freedom of speech versus the right to privacy.
In this case you clearly seem to value freedom of speech over the right of privacy. However, that doesn't make it right (no pun intended) for you to say that the original poster doesn't "understand what a right is".
Yes, they are.
Nothing you just said counters the statement that "rights are highly subjective".
It's you who doesn't seem to understand that rights are highly subjective.
Right Mister investigative journalist, how do you disprove the following:
Ok so by your own admittance we've proven that asus-uk.com at the very least is in fact an official Asus website. Right now let's take it one step further, here's a link to another page on that same domain:
Still asus-uk.com right? Read the page and see that it states: "It's better with Windows®" and links to http://www.itsbetterwithwindows.com/
I'd like to hear how you're going to wiggle your way out of this one. Oh it was just the UK branch, you say? Oh, it was just a lone mad sales guy? Asus was never serious about putting Linux on their netbooks, laptops or whatever from the get go. If you've ever used an Eee pc you'd know that the custom Xandros distro stuff was a disaster and anyone worth their salt would immediately replace it a properly configured distro (in a lot of cases Ubuntu). Asus well never get any money from me again.
Your entire post did nothing to counter the statement made by the GP that Firefox users are stingy or even elaborate as to how you yourself could not be called stingy. Judging by some of the other posts you've made you certainly sound stingy to me.
It doesn't really have anything to do with a conspiracy. I know some people will immediately go in a frenzy for me even recommending this but if you haven't consider reading some of Chomsky's political stuff such as Manufacturing Consent or Media Control. Then to balance everything out take a look at the criticism section from Wikipedia's article on Chomsky. But most important of all, stay critical and form your own opinion.
And with key based authentication, key(board) loggers aren't a worry.
They're not? Correct me if I'm wrong but if there's a keylogger on your system your private key has already been compromised and all that the attacker needs is the passphrase. It may even be possible to simply do stuff behind the users back while the passphrase is cached.
Same reason I'm not sure if your idea about introducing another machine or VM and then remoting into that makes sense. A dedicated machine would help but you'd actually need to have a KVM switch.
Exactly, the confusion here might be in the terminology. Password versus passhrase.
Anyways, just using keys doesn't magically make everything more secure, it just negates brute force password attacks. From the few high profile cases I remember the compromise was the result of somebody's private key being compromised (e.g. the Debian compromises).
The only true solution is a combination of the principle of least privilege, sandboxing (SELinux etc.), proper monitoring and a whole host of other security measures.
I'd say that it depends on a lot of factors really.
First of all it depends on how mission critical the services that run on that system are considered and what kind of chances you're willing to take that a particular package might break something. The experience and available time of your system administrator also plays a significant role.
There's also the very highly unlikely scenario that a certain update might include "something bad", for example when the update servers are compromised. See Debian's compromises at Debian Investigation Report after Server Compromises from 2003, Debian Server restored after Compromise from 2006, and Fedora's at Infrastructure report, 2008-08-22 UTC 1200.
I currently manage just a single box (combination of a public web server and internal supporting infrastructure) for the company I work at and have it automatically install both security and normal updates.
I personally trust the distro maintainers to properly QA everything that is packaged. Also, I don't think any single system administrator has the experience or knowledge to be able to actually verify whether or not an update is going to be installed without any problems. The best effort one can make is determine whether or not an update is really needed and then keep an eye on the server while the update is being applied.
In the case of security updates it's a no-brainer for me, they need to be applied ASAP. I haven't had the energy to setup a proper monitoring solution and I've never even seen Red Hat Network in action. So if I had to manually verify available updates (or even setup some shell scripts to help me here) it would be just too much effort considering the low mission criticality of the server. If there does happen to be a problem with the server I'll find out about it fast enough then I'll take a peak at the APT log and take it from there.
Set up key based login and you don't even have to type passwords.
Since you basically need root access to do updates this definitely poses a security hazard as when your client is compromised there is direct access to the server. Then again, an attacker could always use a keylogger to capture the password anyways.
If you even attempt to do this I'd setup a different user account specifically for the process of updating and limit the rights accordingly and then I'd restrict the commands that can be executed (you can do this per key).
There may actually be better ways but I'm not a very experienced sysadmin. Most experience I have is from managing a single web server and my local desktop obviously. Be sure to correct me (in a friendly manner) if I'm wrong.
Then again, if you do this from the same machine as your normal account is located on you'll still have the same issues in case of a compromised client. Probably just best to limit every single account to just that what is specifically needed and setup proper host based intrusion detection (OSSEC?) to be notified when something goes wrong. This stuff is hard...
IBM would have killed Star/OpenOffice (they have their own office suite, no matter how crappy). Again, OpenOffice is opensource, so...
Uhm, IBM Lotus Symphony is basically a fork of OpenOffice.org 1.1.4.
47,- euros a month for unlimited access? Is it bound to a specific route?
I live in The Netherlands and my costs far outweigh that number. For the sake of simplicity let's assume I travel the same route 5 days a week.
A yearly subscription for the train between on a route of +/- 55km would cost me 132.40,- euros a month. Because I recently graduated I received a subsidized public transit subscription which allows me to currently bring this down to about 100,- euros a month (ignoring any taxes, again for the sake of simplicity). Add to that the fact that just traveling back-and-forth between the train station with the bus (+/- 10km) costs me about 4,- euros per trip. That's 80,- euros without a subscription, I could possibly bring that down to about 60,- euros a month with a subscription.
So in a best case scenario (without the subsidized subscription) using public transit costs me roughly 2300,- euros on a yearly basis.
Back on-topic. What I'm wondering is just how much spending is included with the bill that mandates this website. I actually opened it with the intention of at least somewhat reading it, but it has a gazillion more pages than I'm willing to read right now. Starting with a bill that mandates actually reading the bills sounds like a plan to me.
So your saying that books marks separate from your regular book marks are kept in the Awesome Bar?
No I am not. I'm saying the AwesomeBar searches bookmarks.
It isn't like we are making it up.
;-) Find me a Bug # and I might believe you. Also try using a clean profile (firefox -P).
WORKSFORME
I'm led to believe you're just seeing bookmarks.
If that is there, then what makes the awesome bar any different or special in that is doesn't need to apply to those same rules or idea set out so long ago? Of course the answer to that is nothing is special about it in that regard.
Basically ignoring the rest of your post (though I had an hilarious time reading it). The awesome bar has not been exempted from the Clear Private Data functionality (just tick "Browsing History"). However, it does search bookmarks which obviously aren't cleared.
Everything you bring up to somehow prove your point that the awesome bar is a privacy risk makes no sense at all. I can tell you this much, your problems don't lie in the awesome bar.
Wouldn't the solution be to create a separate profile to do your "sensitive browsing" (which clears all private data after you're done)?
but how much are people really missing out on by refusing the updates?
*shakes his head*.
This is still Slashdot is it? Here's a good one, security updates! Think browser exploits, here's a list.
most of Europe
Hold on, are there any countries apart from Germany that have banned the swastika?
Yes, seriously. In your initial post you stated that Stallman blasts companies for opening up, you are wrong and I asked for citations and the information you in turn provide doesn't support your previous statement (more anecdotes and still no citations). You, and many others, are trying to paint Stallman as a raving lunatic even though in actuality the statements he makes are rather balanced. Note how in your little anecdote you didn't even mention Microsoft, though in your original post you stated that Stallman blasted Microsoft for opening up documentation, standards and protocols.
In reality Stallman does tend to commend companies that open up, but he will not turn a blind eye when that company engages in hypocricy or activities that blatantly go against the Free Software ideology (which is not only entirely logical, but essential for preserving the ideals he cherishes). For an example of where he commended a company for opening up see his statements regarding Sun Microsystems decision to open up Java in 2006, he stated:
I think Sun has, well with this contribution, have contributed more than any other company to the free software community, in the form of software. And it shows leadership - it's an example I hope others will follow.
So, I've taken the liberty (read: did the actual hard work you refused to do) to Google around and see what Stallman has really said regarding the matter you've brought up:
Regarding Google Chrome. Stallman in an interview taken on 17 September 2008 stated that:
The license for those binaries is unacceptable for several reasons. For instance, it says you give Google the right to change your software and requires you to accept whatever changes they decide to impose. It purports to forbid reverse engineering. It also uses the confusing and biased propaganda term "intellectual property". [...] You should not agree to those terms.
Note that I believe he is referring to the EULA that one has to accept when downloading or using the Google Chrome binaries from Google, which at this time still states:
10.2 You may not (and you may not permit anyone else to) copy, modify, create a derivative work of, reverse engineer, decompile or otherwise attempt to extract the source code of the Software or any part thereof, unless this is expressly permitted or required by law, or unless you have been specifically told that you may do so by Google, in writing.
Regarding cloud computing. Hold on, even though Google embraces open standards you do understand that by using their proprietary services (Google Search, GMail, Google Apps) you certainly run the risk of becoming dependent (locked in) on functionality offered?
In what I believe to be a short conversation with a reporter from the Guardian (here's the Slashdot discussion) that's the point Stallman was trying to make regarding the concept of SaaS/cloud computing/whatchamacallit (taking into account that Stallman personally just isn't very interested, to put it lightly, in web applications):
If you use a proprietary program or somebody else's web server, you're defenceless. You're putty in the hands of whoever developed that software.
I'm looking forward to your response.
If Microsoft opens more documentation, standards and protocols, he blasts them for it. If Google opens up a bunch of their code, he blasts them for it. Over and over again.
Citations?
From what I understand creators of distributions aren't being coerced in following these guidelines and end-users aren't coerced into using a distribution that follows these guidelines. Seems it's entirely voluntarily to me. So, what's the problem?
If not, then you'd lose out on the freedom to use your computer as you see fit.
However by freely choosing to use proprietary software (depending on how restrictive the license is) you lose out on a lot of other freedoms, such as the freedom to run, copy, distribute, study, change and/or improve the software.
It simply seems you value certain freedoms more than others.
Which statements?
Ignore the missing quote tag :'(