This is part of the problem. I don't want eternal lock-in with a monopoly, even if the products delivered by that monopoly are "better", and free software is "worse" (according to some arbitrary metric).
Freedom is more important than advance of technology, and freedom requires choice.
It is interesting to note that of the few things you named you included OS X. Interesting because it is BSD based.
It doesn't have/etc/fstab and socklen_t, and other misfeatures cause endless troubles for developers. If I want my software to compile out of the box on MacOS X, I'd have to add special compatibility hacks using autoconf (for problems like lack of socklen_t). This is ridiculous for a system which is so young.
You mean like the international 'laws' that delivered sanctions (and supposedly consequences) upon Iraq? Yeah, we saw how well that worked out.
Saddam didn't attack his neighbors, and nobody could prove so far that he supported "international terrorism" during that time (or whatever you want to call it, the elites in some neighboring countries are much better at that anyway). In addition, the inspections revealed what was still left of Saddam's arsenal, since nothing spectacular showed up after the US-led invasion.
As far as I can tell, the sanctions were quite effective, within the stated goals.
Typically, "any key" refers to any key except those labeled "Shift", "Alt", "Ctrl", "Pause", "Scroll Lock", "Print Screen", "NumLock", and some more with logos.
Is there anyone here on/.(which includes a 90% of the audience of such article anyway, let's face it...) who didn't patched all Win PC's(if any;oPPP) on the first notice of the exploit a week ago????
Wasn't the DoS version of the exploit published in July?
No, read the whitepaper. It's more like automated encryption/decryption/signature verification in the mail server. Of course, it's been implemented before, at least to some degree. There are GnuPG-based solutions as well.
Compared to pure TLS, you can ensure message integrity up to the next crypto gateway, and not just to the next SMTP hop.
Windows Update is a mixed blessing where each time it is run the user is gambling that it won't break his system.
At least Windows Update doesn't have this big fat warning that Office Update displays before you can download any patches. It basically says that the update might deliberately break your Office installation if you've got an illegal copy.
No wonder most people hesitate to install these upgrades.
More filtering will just result in more tunneling over HTTP and port 80/TCP.
Look at SOAP. Most rationales explicitly mention that CORBA and DCOM do not work across the Internet because of firewalls. That's why SOAP has to work over a HTTP tunnel.
Keep in mind that there still isn't any patch for this DCOM issue. So far, only a DoS exploit for Windows 2000 has been posted, but how can you be sure that no further, more severe attacks are possible?
Think of the ways that you can defeat this scheme:
* Print out the document and send it however you like.
You can sell print servers to fix this problem.
* Take screenshots and send the images as JPEGs.
That's one of the harder problems, but you probably can just disable the built-in screenshot hotkey. Remote Assinstence (or what's-its-name, this RDP thing which you can use to export your desktop to a remote support staff member) is a tough problem, too.
* Use the built-in fax modem to fax it somewhere.
Remote the "Send Fax" menu entry. If you need Word to render Word documents, that should be pretty safe. Or you can sell new fax servers which enforce the policy.
* Copy the text into the clipboard and paste it into another app.
Easily fixed. The Windows Clipboard API is sufficiently flexible to permit cut-and-paste between DRM-enabled appplications only.
I find the opportunities for selling additional document policy enforcement components (read: servers) quite convincing. This is going to happen, too many people at the selling end like it.
I understand that Linux is the new darling of the tech industry, but why do reviews like this completely ignore operating systems likee FreeBSD (which out performs Linux in several serving tasks, and is in general more mature)?
They don't. They just use "Linux" as a catchy term to summarize all free UNIX replacements. Only if they write about support by the big names for running their proprietary software, they write "Linux" if they mean "Red Hat Linux" (or "SuSE Linux"). But who wants to run proprietary software and reintroduce the problem of non-cooperating vendors, licensing troubles, inevitable software life cycles, and so on?
Anyone who would be able to put together an actual attack from this paper probably has enough education to get a real job -- something that doesn't go well with writing malware on the side.
The proposed approach aims at reducing the average bandwidth the attacker has to use, while maximizing the impact. Peak bandwidth requirements on the attacker side are still the same, though.
Now the interesting question: Why would anybody use a pulsed attack when he can easily send a constant rate stream which has the intended effect? Maybe to avoid detection, but this isn't really necessary because there's no shortage of well-connected hosts which can be turned easily into DDoS agents, sadly. (If you've got a few thousands of them, it doesn't even matter if they are well-connected or not.)
The paper shows some interesting research results, but I don't think you have to worry about it in practice. DDoS is still far too easy, unfortunately no such elaborate tricks are necessary.
Computer Science isnt "how to use your computer". The concepts and techniques you learn are beyond any operating system. Good algorithm design and analysis transcends linux vs windows vs mac osx.
Some of the funding is used to encourage universities to choose the right programming language for some courses, and the right examples in others. It appears as if some universities are willing to sacrifice some of their independency to acoomodate such a beneficial sponsor, even if there isn't a contractual obligation.
I find it hard to believe that the GPL can exclude this liability. Certainly the recording industry would think so if some slaps the GPL on proprietary music and starts to distribute it!
Slashdot Mirror
Open source succeeds when and where it is better.
This is part of the problem. I don't want eternal lock-in with a monopoly, even if the products delivered by that monopoly are "better", and free software is "worse" (according to some arbitrary metric).
Freedom is more important than advance of technology, and freedom requires choice.
It is interesting to note that of the few things you named you included OS X. Interesting because it is BSD based.
/etc/fstab and socklen_t, and other misfeatures cause endless troubles for developers. If I want my software to compile out of the box on MacOS X, I'd have to add special compatibility hacks using autoconf (for problems like lack of socklen_t). This is ridiculous for a system which is so young.
It doesn't have
You mean like the international 'laws' that delivered sanctions (and supposedly consequences) upon Iraq? Yeah, we saw how well that worked out.
Saddam didn't attack his neighbors, and nobody could prove so far that he supported "international terrorism" during that time (or whatever you want to call it, the elites in some neighboring countries are much better at that anyway). In addition, the inspections revealed what was still left of Saddam's arsenal, since nothing spectacular showed up after the US-led invasion.
As far as I can tell, the sanctions were quite effective, within the stated goals.
So can anyone address how this new product is any different or better than Low Bandwith X?
Despite its complexity, LBX isn't much better than SSH compression.
Typically, "any key" refers to any key except those labeled "Shift", "Alt", "Ctrl", "Pause", "Scroll Lock", "Print Screen", "NumLock", and some more with logos.
J2EE is one of the biggest things pulling linux into the mid to large webapp/middleware market!
And what's the point of that? Most stuff in the Java/J2EE context is proprietary software.
The BTX sequel actually was Datex-J.
Maybe the hardware vendors should switch to ETLAs.
Is there anyone here on /.(which includes a 90% of the audience of such article anyway, let's face it...) who didn't patched all Win PC's(if any;oPPP) on the first notice of the exploit a week ago????
Wasn't the DoS version of the exploit published in July?
No, read the whitepaper. It's more like automated encryption/decryption/signature verification in the mail server. Of course, it's been implemented before, at least to some degree. There are GnuPG-based solutions as well.
Compared to pure TLS, you can ensure message integrity up to the next crypto gateway, and not just to the next SMTP hop.
Windows Update is a mixed blessing where each time it is run the user is gambling that it won't break his system.
At least Windows Update doesn't have this big fat warning that Office Update displays before you can download any patches. It basically says that the update might deliberately break your Office installation if you've got an illegal copy.
No wonder most people hesitate to install these upgrades.
there is no excuse for anyone having RPC holes like ports 135-139 available on the internet.
What about RPC holes like ports 80 and 443? (Thanks, SOAP!)
More filtering will just result in more tunneling over HTTP and port 80/TCP.
Look at SOAP. Most rationales explicitly mention that CORBA and DCOM do not work across the Internet because of firewalls. That's why SOAP has to work over a HTTP tunnel.
There are still problems of this kind. The dependency tracking might eventually fix this, but only for new databases.
What exactly does it not back up reliably?
It sometimes dumps database objects in the wrong order, and restore fails as a consequence.
You still cannot reliably backup PostgreSQL databases, and you want to store all your files in it? Isn't his a bit premature?
Keep in mind that there still isn't any patch for this DCOM issue. So far, only a DoS exploit for Windows 2000 has been posted, but how can you be sure that no further, more severe attacks are possible?
Think of the ways that you can defeat this scheme:
* Print out the document and send it however you like.
You can sell print servers to fix this problem.
* Take screenshots and send the images as JPEGs.
That's one of the harder problems, but you probably can just disable the built-in screenshot hotkey. Remote Assinstence (or what's-its-name, this RDP thing which you can use to export your desktop to a remote support staff member) is a tough problem, too.
* Use the built-in fax modem to fax it somewhere.
Remote the "Send Fax" menu entry. If you need Word to render Word documents, that should be pretty safe. Or you can sell new fax servers which enforce the policy.
* Copy the text into the clipboard and paste it into another app.
Easily fixed. The Windows Clipboard API is sufficiently flexible to permit cut-and-paste between DRM-enabled appplications only.
I find the opportunities for selling additional document policy enforcement components (read: servers) quite convincing. This is going to happen, too many people at the selling end like it.
So here's the question: what effect do these predictions have on the ways in which companies in control of these industries approach their market?
But is the prediction true?
By 2004, Forrester is predicting 49 million US households will spend more than $184 billion online. - We might be lucky if the sum reaches $50 billion in 2003.
Here.
I understand that Linux is the new darling of the tech industry, but why do reviews like this completely ignore operating systems likee FreeBSD (which out performs Linux in several serving tasks, and is in general more mature)?
They don't. They just use "Linux" as a catchy term to summarize all free UNIX replacements. Only if they write about support by the big names for running their proprietary software, they write "Linux" if they mean "Red Hat Linux" (or "SuSE Linux"). But who wants to run proprietary software and reintroduce the problem of non-cooperating vendors, licensing troubles, inevitable software life cycles, and so on?
Anyone who would be able to put together an actual attack from this paper probably has enough education to get a real job -- something that doesn't go well with writing malware on the side.
The proposed approach aims at reducing the average bandwidth the attacker has to use, while maximizing the impact. Peak bandwidth requirements on the attacker side are still the same, though.
Now the interesting question: Why would anybody use a pulsed attack when he can easily send a constant rate stream which has the intended effect? Maybe to avoid detection, but this isn't really necessary because there's no shortage of well-connected hosts which can be turned easily into DDoS agents, sadly. (If you've got a few thousands of them, it doesn't even matter if they are well-connected or not.)
The paper shows some interesting research results, but I don't think you have to worry about it in practice. DDoS is still far too easy, unfortunately no such elaborate tricks are necessary.
Computer Science isnt "how to use your computer". The concepts and techniques you learn are beyond any operating system. Good algorithm design and analysis transcends linux vs windows vs mac osx.
Some of the funding is used to encourage universities to choose the right programming language for some courses, and the right examples in others. It appears as if some universities are willing to sacrifice some of their independency to acoomodate such a beneficial sponsor, even if there isn't a contractual obligation.
I suspect that the 20 hardcoded download sites in the current variant are a proof-of-concept, not a future strategy.
This weren't download sites, just name servers (so to speak). And it's not clear if there were only 20 of them.
Speaking of precision, will you offer fixed-point arithmetic?
Lotus 1-2-3 and Multiplan used BCD arithmetic, which had the nice effect that at least non-rounded dollar amounts always summed up correctly.
I find it hard to believe that the GPL can exclude this liability. Certainly the recording industry would think so if some slaps the GPL on proprietary music and starts to distribute it!