Of course, this may be a recent development in HP laser printers. However, I'd appreciate a source to your claim.
The newer toner cartridges come with those chips, too. Apparently, you can ignore "low toner" warnings if there's still enough toner (i.e. the printer doesn't refuse to print), and the chips are just there to make things harder for the refilling competition.
If you'd looked at Google before posting something like this, you'd have noticed that this is a quote that has been floating around for a while. So it's just part of the author's signature.
Apparently, people work add Diebold who like to make a bit of fun of themselves. Kind of surprising, huh?
LG/GoldStar was one of the first companies to print a "Runs with Linux" tag on its boxes. But unfortunately, a CD-ROM drive was one of the few which weren't Linux-compatible at all.
"'The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux.'"
And he's right. Most free software developers don't know what procedures to follow when disclosing security bugs, even if the software is mainly used to create infrastructure that is used by more than 100,000 concurrent users.
Another problem is the lack of useful information in the descriptive part of typical seucrity advisories for free software. Often, no attack requirements are mentioned, the affected software component is not correctly identified, or the impact is not properly described.
For example, Red Hat recently released an advisory which claimed that the Linux forwarding table could be reconfigured over the network. They failed to mention that it was not the IP forwarding table, so hardly anyone was affected. Nevertheless, such things must not happen. On the other hand, Microsoft missed a few attack vectors in one of the RPC advisories. Microsoft engineers, however, acknowledge the problem and agree that things have to improve. Free software vendors (and their followers) claim that their advisories are complete and correct, and that there isn't a problem. Of course, anyone can read the diffs -- but anyone could have read the source code and discovered the security vulnerability before he or she installed the program. Both options are rather theoretical, and as long as the free software security crowd (is there such a thing) recognizes that there are problems, we won't see any improvements.
We are reaching a stage in which Microsoft, the company that tries to mark full disclosure als illegal, issues the best security advisories in the industry. Scary, huh?
Most software already comes with various warnings attached, so I don't see the fundamental problem of showing them more prominently. Furthermore, I find it hard to believe that a web browser (or any network-related software for consumers) exists for which this warning is unjustified.
(Obviously, there is no P2P connection at all. That is just Slashdot spinning.)
I'm sure it's been documented countless times, but here are the basic steps:
First, you read the advisory. Are you running the listed software components in vulnerable versions? Maybe you have disabled the vulnerable component. Then you look at the attack vectors. Maybe the attackers would have to use protocols/ports you block at the next packet filter. Maybe you have activated special tools that thwart the attack (like that URL filter Microsoft provides).
If you determine that you are vulnerable to attacks, you examine the impact and relate it to the obstacles a potential attacker has to face (access to internal network, for example). Perhaps it's better to live with a DoS risk than to apply a hotfix in an unscheduled manner. If thinks look really bad, you have to apply the patch, but this is just a measure of last resort. If you chose not patch this time, you schedule it for the next routine maintainance. In the meantime, you can check whether problems with the patch are reported.
In my experience, the whole preparation process takes up to three hours for free software because the advisory quality is typically quite poor, and you have to browse source code and patches. Official patches might not be isolated from other functionality changes or might be just incomplete. Often, it's a good idea to look at vendor patches backporting just the fixes.
I'd believe it's somewhat faster for proprietary software because you have less information, and you don't yet look at object code diffs to better understand the problem. So you stop pretty early and rely on the vendor assassment only. Fortunately, Microsoft typically provides most of the information you need, unlike any other vendor (free or proprietary), and let's hope that the PSS team now double-checks and ensures that no attack vectors are missed.
SUS is suitable for clients and non-critical servers. If you worry about service interruption due to patching and reboots, you are certainly not in the position to use SUS (or any other automated service) to apply the patches.
How do you determine who the trademark holder(s) are when I type in Ford?
In short, you don't. You simply ask the clients to whome you sell ads to indemnify you for all damages caused by their selection of search keywords. Or you charge all clients a little more to compensate for the risk.
Paper, once written, cannot be changed and can always be recounted.
This matters only in theory. Apparently, the US voting system is so flawed that electronic voting is "good enough", compared to the other irregularities. Please keep in mind that the result of the last US presidental election in Florida was determined by (re)counting, but by a decision of the locall state parliament, and also that voter registration seems to introduce quite a bias in who is eligible to vote.
Maybe 15% think that the current case demonstrates that GNU/Linux users have little to fear from such actions, and encouraged their technical staff to migrate to GNU/Linux?
You won't get this performance over GEANT and Internet2 (despite all the hype around it). Even pure DDoS traffic from Internet2 sources (where security is pretty low in general) is typically much lower in bandwidth...
Is TCP's performance really that poor? Some UDT presentations quote 2.4 MBytes per second. Over a low-latency WAN (few dozen milliseconds), performance is actually quite good, and sometimes, it used to be faster to fetch a file from a site a few hundred kilometers way than from the local FTP server (although the latter was connected to the LAN using a 100 MBit link).
(Stallman declined to be interviewed unless this article used his nomenclature throughout.) Imagine that.
The article even refers to the kernel licence as "Linux GPL". Maybe it's correct in a technical because the kernel is licensed under the GPL with an additional permission grant (and some parts of the kernel do not include source code), but it's also unfair to neglect the GNU contribution so completely.
It's nowhere near as difficult to set up as BIND, it's more secure than BIND, and there's a patch [tinydns.org] available to block Verisign's wildcard lookups.
Your characterization of that patch is incorrect. It blocks A RRs which contain a specifc IPv4 address. This is not what the BIND patch does, it's far more general.
zone "com" {type delegation-only;}; zone "net" { type delegation-only;};
So how it's breaking all these other zones is a farking mystery to me.
There's another option which makes delegation-only the default for top-level zones, and you have to list the exceptions explicitly. This can break all zones you fail to mention and which are not delegation-only.
I think that DNS operators should think twice before applying code that tampers with authoritive answers from root nameservers.
The BIND patch doesn't alter the contents of the root zone (small nitpick).
The path to follow was via ICANN, or if you still wanted to disable the sitefinder, just insert a route for the/32 in your favourite IGP and reroute the traffic to/dev/null or your ISP's site.
Tampering with Internet routing could be viewed as damaging as dealing with DNS. Route manipulation is almost universally accepted. I guess if we had the tools to filter and/or rewrite DNS requests (like route-maps for most BGP implementations), the sacrosanct nature of DNS would change as well.
However, null routing doens't restore the original behavior. The BIND configuration option does. It's a kludge, but it's the best option to restore the zone contents (from the point of view of your clients).
The first feature (which is the one that was implemented initially) supports marking selected zones as delegation-only. This is safe, as long as VeriSign doesn't rush ahead and offers a special DNS service (with alleged super-high reliability) which involves A records directly in the COM and NET zones.
The second feature is much more dangerous because you have to explicitly mark the TLD zones which contain records which aren't delegations--all other zones are assumed to be delegation-only. Some zones have lots of in-zone A and/or MX records (DE, for example), so you have to do some research before you can enable this feature.
If the second feature is incorrectly configured, there will be some local disruption of service. While it might contribute slightly to the instability of the Internet, it's just a localized configuration error (mind that BIND doesn't even have a default for the configuration option), and it's not comparable to what VeriSign did on a global scale.
Pressing the shift key is not a violation of the DMCA. Telling someone to press the shift key is a violation of the DMCA.
It's not about the shift key, it's about deleting a few files from your own computer. SunnComm doesn't believe you are allowed to remove the Trojan Horse they put onto your computer. It's far from obvious if they are wrong or not, as the Trojan Horse is certainly an effective way to restrict copying on a machine on which it has been installed.
(This reminds me that I should write an IETF draft for a very simple DRM scheme for HTTP which relies on the DMCA and other laws for effectiveness.)
What about RMS, he has done a lot of work for Free Software.
He was very successful as a programmer and project coordinator, but as an "agenda setter", he wasn't as good. Linux-based distributions made it practical to use the GNU system, but the hype around "Linux" almost completely hid the agenda of the GNU project. Suddenly, other things were more important than free software: writing cool software using cool tools, or being anti-Microsoft. It's a bit sad, but RMS' political message has much less influence than his software (after all, it's quite controversal).
CPU virtualization isn't simple, either, but I guess coordinating shared access to dozens of brands of graphics cards, NICs, etc. from widely different operating systems still requires plenty of changes to operating systems, or a complicated monitor process implemented in software (maybe running on the third core? who knows). You can get both without multi-core CPUs today, so I don't see the point. In particular, I don't understand why someone would want to put such beasts into ordinary desktop machines.
Slashdot Mirror
Of course, this may be a recent development in HP laser printers. However, I'd appreciate a source to your claim.
The newer toner cartridges come with those chips, too. Apparently, you can ignore "low toner" warnings if there's still enough toner (i.e. the printer doesn't refuse to print), and the chips are just there to make things harder for the refilling competition.
HP imposes artificial limits on toner mileage, too.
Since Diebold will rely heavily on image and trust to sell products, this might set them back a few dollars...
I think they put more efforts into lobbying than into building up trust. After all, it's not the voters who buy their machines.
If you'd looked at Google before posting something like this, you'd have noticed that this is a quote that has been floating around for a while. So it's just part of the author's signature.
Apparently, people work add Diebold who like to make a bit of fun of themselves. Kind of surprising, huh?
Non of three motherboards supports more than (max) 3G memory, what is the purpose of using 64bit cpu?
AMD64 has a larger register file, which helps some compilers to generate better code.
LG/GoldStar was one of the first companies to print a "Runs with Linux" tag on its boxes. But unfortunately, a CD-ROM drive was one of the few which weren't Linux-compatible at all.
"'The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux.'"
And he's right. Most free software developers don't know what procedures to follow when disclosing security bugs, even if the software is mainly used to create infrastructure that is used by more than 100,000 concurrent users.
Another problem is the lack of useful information in the descriptive part of typical seucrity advisories for free software. Often, no attack requirements are mentioned, the affected software component is not correctly identified, or the impact is not properly described.
For example, Red Hat recently released an advisory which claimed that the Linux forwarding table could be reconfigured over the network. They failed to mention that it was not the IP forwarding table, so hardly anyone was affected. Nevertheless, such things must not happen. On the other hand, Microsoft missed a few attack vectors in one of the RPC advisories. Microsoft engineers, however, acknowledge the problem and agree that things have to improve. Free software vendors (and their followers) claim that their advisories are complete and correct, and that there isn't a problem. Of course, anyone can read the diffs -- but anyone could have read the source code and discovered the security vulnerability before he or she installed the program. Both options are rather theoretical, and as long as the free software security crowd (is there such a thing) recognizes that there are problems, we won't see any improvements.
We are reaching a stage in which Microsoft, the company that tries to mark full disclosure als illegal, issues the best security advisories in the industry. Scary, huh?
Most software already comes with various warnings attached, so I don't see the fundamental problem of showing them more prominently. Furthermore, I find it hard to believe that a web browser (or any network-related software for consumers) exists for which this warning is unjustified.
(Obviously, there is no P2P connection at all. That is just Slashdot spinning.)
I'm sure it's been documented countless times, but here are the basic steps:
First, you read the advisory. Are you running the listed software components in vulnerable versions? Maybe you have disabled the vulnerable component. Then you look at the attack vectors. Maybe the attackers would have to use protocols/ports you block at the next packet filter. Maybe you have activated special tools that thwart the attack (like that URL filter Microsoft provides).
If you determine that you are vulnerable to attacks, you examine the impact and relate it to the obstacles a potential attacker has to face (access to internal network, for example). Perhaps it's better to live with a DoS risk than to apply a hotfix in an unscheduled manner. If thinks look really bad, you have to apply the patch, but this is just a measure of last resort. If you chose not patch this time, you schedule it for the next routine maintainance. In the meantime, you can check whether problems with the patch are reported.
In my experience, the whole preparation process takes up to three hours for free software because the advisory quality is typically quite poor, and you have to browse source code and patches. Official patches might not be isolated from other functionality changes or might be just incomplete. Often, it's a good idea to look at vendor patches backporting just the fixes.
I'd believe it's somewhat faster for proprietary software because you have less information, and you don't yet look at object code diffs to better understand the problem. So you stop pretty early and rely on the vendor assassment only. Fortunately, Microsoft typically provides most of the information you need, unlike any other vendor (free or proprietary), and let's hope that the PSS team now double-checks and ensures that no attack vectors are missed.
SUS is suitable for clients and non-critical servers. If you worry about service interruption due to patching and reboots, you are certainly not in the position to use SUS (or any other automated service) to apply the patches.
How do you determine who the trademark holder(s) are when I type in Ford?
In short, you don't. You simply ask the clients to whome you sell ads to indemnify you for all damages caused by their selection of search keywords. Or you charge all clients a little more to compensate for the risk.
Choice, choice, choice. Yeah, that's the Microsoft Way, isn't it?
Actually, it is. Just ask a few Microsoft Windows users why they can't switch. They tell you that they need the wide choice of applications.
I'm sure Microsoft users understand that argument.
Paper, once written, cannot be changed and can always be recounted.
This matters only in theory. Apparently, the US voting system is so flawed that electronic voting is "good enough", compared to the other irregularities. Please keep in mind that the result of the last US presidental election in Florida was determined by (re)counting, but by a decision of the locall state parliament, and also that voter registration seems to introduce quite a bias in who is eligible to vote.
Maybe 15% think that the current case demonstrates that GNU/Linux users have little to fear from such actions, and encouraged their technical staff to migrate to GNU/Linux?
If you explicitly have to whitelist non-delegation-only zones for TLDs, you discourage others repeating the VeriSign experiment.
Sounds like Internet2 to me.
You won't get this performance over GEANT and Internet2 (despite all the hype around it). Even pure DDoS traffic from Internet2 sources (where security is pretty low in general) is typically much lower in bandwidth...
The original press release is here.
Is TCP's performance really that poor? Some UDT presentations quote 2.4 MBytes per second. Over a low-latency WAN (few dozen milliseconds), performance is actually quite good, and sometimes, it used to be faster to fetch a file from a site a few hundred kilometers way than from the local FTP server (although the latter was connected to the LAN using a 100 MBit link).
(Stallman declined to be interviewed unless this article used his nomenclature throughout.) Imagine that.
The article even refers to the kernel licence as "Linux GPL". Maybe it's correct in a technical because the kernel is licensed under the GPL with an additional permission grant (and some parts of the kernel do not include source code), but it's also unfair to neglect the GNU contribution so completely.
It's nowhere near as difficult to set up as BIND, it's more secure than BIND, and there's a patch [tinydns.org] available to block Verisign's wildcard lookups.
Your characterization of that patch is incorrect. It blocks A RRs which contain a specifc IPv4 address. This is not what the BIND patch does, it's far more general.
zone "com" {type delegation-only;};
zone "net" { type delegation-only;};
So how it's breaking all these other zones is a farking mystery to me.
There's another option which makes delegation-only the default for top-level zones, and you have to list the exceptions explicitly. This can break all zones you fail to mention and which are not delegation-only.
I think that DNS operators should think twice before applying code that tampers with authoritive answers from root nameservers.
/32 in your favourite IGP and reroute the traffic to /dev/null or your ISP's site.
The BIND patch doesn't alter the contents of the root zone (small nitpick).
The path to follow was via ICANN, or if you still wanted to disable the sitefinder, just insert a route for the
Tampering with Internet routing could be viewed as damaging as dealing with DNS. Route manipulation is almost universally accepted. I guess if we had the tools to filter and/or rewrite DNS requests (like route-maps for most BGP implementations), the sacrosanct nature of DNS would change as well.
However, null routing doens't restore the original behavior. The BIND configuration option does. It's a kludge, but it's the best option to restore the zone contents (from the point of view of your clients).
The first feature (which is the one that was implemented initially) supports marking selected zones as delegation-only. This is safe, as long as VeriSign doesn't rush ahead and offers a special DNS service (with alleged super-high reliability) which involves A records directly in the COM and NET zones.
The second feature is much more dangerous because you have to explicitly mark the TLD zones which contain records which aren't delegations--all other zones are assumed to be delegation-only. Some zones have lots of in-zone A and/or MX records (DE, for example), so you have to do some research before you can enable this feature.
If the second feature is incorrectly configured, there will be some local disruption of service. While it might contribute slightly to the instability of the Internet, it's just a localized configuration error (mind that BIND doesn't even have a default for the configuration option), and it's not comparable to what VeriSign did on a global scale.
Pressing the shift key is not a violation of the DMCA. Telling someone to press the shift key is a violation of the DMCA.
It's not about the shift key, it's about deleting a few files from your own computer. SunnComm doesn't believe you are allowed to remove the Trojan Horse they put onto your computer. It's far from obvious if they are wrong or not, as the Trojan Horse is certainly an effective way to restrict copying on a machine on which it has been installed.
(This reminds me that I should write an IETF draft for a very simple DRM scheme for HTTP which relies on the DMCA and other laws for effectiveness.)
What about RMS, he has done a lot of work for Free Software.
He was very successful as a programmer and project coordinator, but as an "agenda setter", he wasn't as good. Linux-based distributions made it practical to use the GNU system, but the hype around "Linux" almost completely hid the agenda of the GNU project. Suddenly, other things were more important than free software: writing cool software using cool tools, or being anti-Microsoft. It's a bit sad, but RMS' political message has much less influence than his software (after all, it's quite controversal).
And I believe they are missing something else.
CPU virtualization isn't simple, either, but I guess coordinating shared access to dozens of brands of graphics cards, NICs, etc. from widely different operating systems still requires plenty of changes to operating systems, or a complicated monitor process implemented in software (maybe running on the third core? who knows). You can get both without multi-core CPUs today, so I don't see the point. In particular, I don't understand why someone would want to put such beasts into ordinary desktop machines.