If the linux host operating system was completely secure, in that it ran no services and provided stateful firewalling on the network interface, it may be able to protect the data that resides on the disk (including the virtual disk of the guest OS).
Encrypting the vmware virtual disk would be help, but there are still ways to get at the data if they do gain access to the host operating system. They could either reverse-engineer the Vmware binary, they could try to grab the key out of the running vmware process, or they could even just access vmware's
memory segment (or other kernel structures) directly to get the data. (not to mention offline
brute-force attacks against the encrypted data).
Anyway, keeping the host operating system secure is critical.
I think they will be able to provide ample security to protect even their sensitive data if they do it right, though. Obviously, the host operating system would be behind the firewall anyway.
Qmail suggests against using mbox format, but I prefer the mbox format because it a long-time standard. There are advantages to using maildir format, but I won't switch until most mail applications support it out of the box, by default. Currently that isn't the case. So I configured qmail to deliver to ~/Mailbox on all users (a single mbox format file).
So far I haven't had any problems, except when a file gets extremely large, it does get extremely slow to process. I use pine and prefer imap over pop as well.
I would find that very curious. Yahoo should be commended for what they have done. Yahoo was the first major search engine I used, back when they were located at Stanford university. They have became much more commercial since them, and they have added lots of strange or silly concepts, but to me they are still the grass roots of the internet.
They were one of the first, they have held out from being bought so long already, it would be tragic if it were to happen this late in the game.
It was also an excellent choice for them to use google as the back-end to their searches as well.
Don't send them back empty, put something cool in
it. I get enough junkmail that it's fun to show them the better offers their competitors are providing. Or maybe throw in a wrapper of what I had for dinner tonight. Or just send them the pile of extra junk back, you know those "don't open this unless you have decided to not accept this offer" pamplhets and such.
-- Twivel
Our problems are tiny compared to other countries. Imagine going to work only to find that the building has been destroyed by a terrorist bomb.
Imagine living in Chechnea and being scared for your life every day. Or in China, where human rights violations are a part of the political process.
You are worried about listening to digital content while other people are worried about what they are going to eat tomorrow, or whether their kids will live until monday.
The US still has quite a bit of freedom that exists almost no-where else in the world. On the digital front, at least the US is lessening encryption laws. Look at the laws passed in Europe - You can be jailed just for not giving up your encryption keys (was this overturned yet?).
Stay a patriot - you are still in a good country.
-- Twivel
Fundamentals are everything...
on
CS vs CIS
·
· Score: 1
Learn programming, learn architecture, learn everything you can. You will need it. If you get a good understanding of the fundamentals, you can apply it in so many areas - Including CIS, programming, systems maintanance, networking, etc.
Those difficult projects and fundamentals you do in most CS classes teach you many things that you can apply to the real world: "Frustration", "Headaches", "Sleepless nights", but most importantly, they teach you to do things the right way. You'll either fail trying, or become a very good at troubleshooting. This is the most critical aspect anyone in any CS/CIS/computer field can have.
Quick troubleshooting and good fundamentals - not knowledge, is really what sorts the elite from the beggars. Because someone who has those two can pick up new knowledge extremely quick.
The world will be a tough place. Right now anyone who can type ctl-alt-del on a keyboard can get a job in CS/CIS/etc. This won't always be the case - and at that time, it will make a difference.
You are being very cross-eyed if you are only asking for the easy route to success, because the markets can change on a whim. Thats when they'll sort out the great from the "maybe I should take the easy route" people. Yes, I know, many people in college ask this question all the time. But not everyone does.
You picked CS - either stick with it or pick up basket weaving. We need more elite people in this field, not those who take the easy route so they can get into the same place to work that I do, make the same ammount of money as I do - and then spend all of my time holding their hands and answering questions.
--
Twivel
Napster has already made their case on this.
on
Nazis on Napster
·
· Score: 1
Napster is not responsible for the music shared
on their system. They are not responsible for
copyright violations - and have no technology
to find them.
Finding offensive music is exactly the same issue.
--
Twivel
I am a long-time subscriber to bugtraq. I have mostly used it as a resource for securing operating systems. My concern with disallowing certain posts is that the vendors may discontinue using bugtraq all together, thus splintering the distribution of information to many other sources.
This is definitely a struggle for control of information. bugtraq wants it all on their list and the vendor want's it back on their website. I honestly prefer to have the information available on a vendor-neutral site like bugtraq, but I fear trying to force vendors to do this may cause more problems than it solves.
I want to use bugtraq as my primary source for security updates - and if all of the posts are not sent to bugtraq. And especially if groups like l0pht or others stop sending them through bugtraq, I'll end up having to follow many more websites and mailing lists for my updates. This is not good for the security community at all.
-- Twivel
Well, I too am a Linux zealot. I just think maybe google deserves a little show of dissapointment from our crowd over using software patents. Google themselves are "linux zealots", they probably read slashdot too - so I'm sure there are many inside their company who could put some pressure on them to avoid abusing software patents.
Maybe knowing their intent is important. If this is a defensive patent (to avoid someone else from using it against them) it would be one thing. But if they intend to use it to pull license fees from other companies - well thats entirely different all together.
One of the most important things about the linux developers is our ability to reverse engineer other technology. Software patents make us unable to do such a thing. Google relies on Linux/free software that only exists because we were able to reverse engineer hardware and software. If they use software patents as a strategy, they are in effect shooting themselves in the foot.
This is a really cool idea in that it opens up lots of kernel functionality to ORBIT.
This can easily speed development for new and unique ideas, but at the same time it can be a pain in the ass to control.
I realize they say on their site that security is not yet implemented, but I'd venture to say that adding security to it will be a nightmare - if not nearly impossible.
The Linux kernel mode was designed to have 'kerenl space' and 'user space' seperation. As orbit is used with gnome, any user-space process can connect and perform actions in ORBIT. Now we've collided an 'assumed secure' environment (kernel space) with a 'known unsecure' environment (orbit). The security problems with colliding these assumptions are so bad that it may be impossible to think about every potential exploit.
This is exactly what microsoft did when they opened up their internal OS stuff to ActiveX instructions. This provided web developers with lots of functionality and neat features, but it also created weekly security exploits for windows/ActiveX.
ActiveX was supposed to be a competitor to Java, Microsoft has since ditched pushing ActiveX and moved to providing their own proprietary java environment instead.
I hope KDE is very successful in converting more
windows users.
I think the infighting between KDE and Gnome is
silly. The whole point about linux and free software is the choice it gives us. We all have the choice to choose between the many wonderful interfaces out there.
I don't personally use a "desktop environment", I use a window manager and an application launcher of some sort. But that doesn't mean I have the right to flame someone for using KDE or Gnome just because I choose to not use either of them.
(I don't need drag/drop, desktop icons, a GUI file manager, etc anyway - I'm a command line freak.)
Anyway, for those of you who flame someone from either crowd, you just look childish - go light your pants on fire if you're that bored. Me, I've got better things todo - like contribute to some of the cooler open free software projects.
There are plenty of office apps available for
linux right now that are either commercial or
free, but they are all native to the platform.
The reason to choose something that natively
runs on Linux is to support development efforts
for Linux software. Don't support companies
by purchasing software that is not available on
your platform of choice.
You could take it to the next level by supporting
only free software when available as well!
Very well written article. One of the most
important foundations of a moral society is the
ability to own your own property and sell it as
you see fit.
The flip side of the coin is even as powerful.
The buyers have all of the power. Everytime
we buy a CD from the RIAA, we empower them to
act in a way that we disagree with.
If we boycot the RIAA because we don't believe
in their tactics, artists will be forsed to go
to different measures to distribute media so
they can still make a living and feed their kids.
You buck the system by talking with your money,
not by destroying the concept of civilization and
stealing property.
Look, this is a free market. They set the prices
to what people are willing to pay. Sure there
may be price fixing going on, but if enough people
really wanted to buy single songs - they would be
forced into selling single songs.
You are a buyer, you control the market, you can
change it with your spending habits. You cannot
destroy the entire market by stealing.
The RIAA is in this for money too. They have
something people are willing to pay for. As
long as that happens, they make lots of money.
The right way to deal with the RIAA is to talk
with your money in a legal fashion. If no-one
buys RIAA produced CD's, artists will tell the
RIAA off and look for other methods to distribute
their media.
Take your argument to the logical extreme. A group devotes about six months coming up with enough songs for a CD, maybe purchases the rights to a song or two as well. The artist then spends another few months recording (and re-recording) the album in its entirety to get it right.
(Hypothetical Numbers:)
Five artists wages for 9 months:
Salary for 9 months*6 artists: $270,000
(just assuming they only make 60k/year each)
Studio Fees: $30,000
One CD Media costs: $.75
Distribution costs: $1,000
-----------------------------
$301,000.75
Now you're saying we should only have to pay for
it once... so that first CD costs 301,000.75 and
everyone else gets it for free from napster, right? Are you willing to buy that first CD?
Now I'm not saying the current RIAA system is
good. I don't believe it is. But the "paying for
something once" idea to get music just means that
fewer CD's are made. Fewer CD's means the price
for each CD needs to be higher.
I believe copyright laws are fair. I don't think
the RIAA is fair - thats another debate.
The artists themselves have every right under
copyright laws to charge for music. You as a
buyer have every right to not buy their music.
But you don't have the right to listen to it
without paying for it.
If you take your argument of paying *one time*
to the personal level, then I 100% agree. If
I buy a single CD, I should not have to pay a
license fee to copy it to mp3, tape, or whatever.
If an artist wants to give his/her music away
for free, that's another story. But artists need
to eat just like software developers. His
comparison of mp3's to software is perfectly
relavent. If you want to release your software
for free, PERFECT! If you choose to not release
it for free, you should have to. Remember, there
are two parts to the equation. A buyer and a
seller. It's like a contract - both sides need
to be happy with the deal. The seller doesn't
have to make the music you like and you don't have
to pay for music you don't like!
!Twivel!
You have a point, but you are making a major flaw
in your reasoning.
The first person *never* *ever* pays the costs
to produce an item.
The cost to produce an item is spread out among
all purchasers of that item.
So lets talk manufacturing. Say the cost of
producting a motherboard is 70.00 (price of the
board, chips to solder in, labor to monitor the
machines that create it, labor to package it,etc)
You still have to add in the initial hundereds of
thousands of dollars to purchase the equipment
that mass-produces these items. You need to
spread that cost out among all purchasers.
What I'm saying is this: the tangible product is
usually *tiny* in price compared to the cost that
was incurred to actually produce the item.
Slashdot Mirror
--
Twivel
--
Twivel
I've sent this letter to cmgi's public relations address, I will document their replies at this URL as well. Here is the link
They were one of the first, they have held out from being bought so long already, it would be tragic if it were to happen this late in the game.
It was also an excellent choice for them to use google as the back-end to their searches as well.
--
Twivel
Don't send them back empty, put something cool in it. I get enough junkmail that it's fun to show them the better offers their competitors are providing. Or maybe throw in a wrapper of what I had for dinner tonight. Or just send them the pile of extra junk back, you know those "don't open this unless you have decided to not accept this offer" pamplhets and such.
--
Twivel
Imagine living in Chechnea and being scared for your life every day. Or in China, where human rights violations are a part of the political process.
You are worried about listening to digital content while other people are worried about what they are going to eat tomorrow, or whether their kids will live until monday.
The US still has quite a bit of freedom that exists almost no-where else in the world. On the digital front, at least the US is lessening encryption laws. Look at the laws passed in Europe - You can be jailed just for not giving up your encryption keys (was this overturned yet?).
Stay a patriot - you are still in a good country.
--
Twivel
Maybe DELL should invest in a few of these.
Those difficult projects and fundamentals you do in most CS classes teach you many things that you can apply to the real world: "Frustration", "Headaches", "Sleepless nights", but most importantly, they teach you to do things the right way. You'll either fail trying, or become a very good at troubleshooting. This is the most critical aspect anyone in any CS/CIS/computer field can have.
Quick troubleshooting and good fundamentals - not knowledge, is really what sorts the elite from the beggars. Because someone who has those two can pick up new knowledge extremely quick.
The world will be a tough place. Right now anyone who can type ctl-alt-del on a keyboard can get a job in CS/CIS/etc. This won't always be the case - and at that time, it will make a difference.
You are being very cross-eyed if you are only asking for the easy route to success, because the markets can change on a whim. Thats when they'll sort out the great from the "maybe I should take the easy route" people. Yes, I know, many people in college ask this question all the time. But not everyone does.
You picked CS - either stick with it or pick up basket weaving. We need more elite people in this field, not those who take the easy route so they can get into the same place to work that I do, make the same ammount of money as I do - and then spend all of my time holding their hands and answering questions.
--
Twivel
Finding offensive music is exactly the same issue.
--
Twivel
Lets hope they do their conversions from metric correctly this time... I'd hate to see another space vehicle end up in a crater.
This is definitely a struggle for control of information. bugtraq wants it all on their list and the vendor want's it back on their website. I honestly prefer to have the information available on a vendor-neutral site like bugtraq, but I fear trying to force vendors to do this may cause more problems than it solves.
I want to use bugtraq as my primary source for security updates - and if all of the posts are not sent to bugtraq. And especially if groups like l0pht or others stop sending them through bugtraq, I'll end up having to follow many more websites and mailing lists for my updates. This is not good for the security community at all.
--
Twivel
Well, I too am a Linux zealot. I just think maybe google deserves a little show of dissapointment from our crowd over using software patents. Google themselves are "linux zealots", they probably read slashdot too - so I'm sure there are many inside their company who could put some pressure on them to avoid abusing software patents.
Maybe knowing their intent is important. If this is a defensive patent (to avoid someone else from using it against them) it would be one thing. But if they intend to use it to pull license fees from other companies - well thats entirely different all together.
One of the most important things about the linux developers is our ability to reverse engineer other technology. Software patents make us unable to do such a thing. Google relies on Linux/free software that only exists because we were able to reverse engineer hardware and software. If they use software patents as a strategy, they are in effect shooting themselves in the foot.
--
Twivel
I wonder why that little detail has been left out after the stance slashdot already takes on software patents?
Because google is such a great search engine (relavent and without clutter), does that mean we overlook them when they use software patents?
--
Twivel
This can easily speed development for new and unique ideas, but at the same time it can be a pain in the ass to control.
I realize they say on their site that security is not yet implemented, but I'd venture to say that adding security to it will be a nightmare - if not nearly impossible.
The Linux kernel mode was designed to have 'kerenl space' and 'user space' seperation. As orbit is used with gnome, any user-space process can connect and perform actions in ORBIT. Now we've collided an 'assumed secure' environment (kernel space) with a 'known unsecure' environment (orbit). The security problems with colliding these assumptions are so bad that it may be impossible to think about every potential exploit.
This is exactly what microsoft did when they opened up their internal OS stuff to ActiveX instructions. This provided web developers with lots of functionality and neat features, but it also created weekly security exploits for windows/ActiveX.
ActiveX was supposed to be a competitor to Java, Microsoft has since ditched pushing ActiveX and moved to providing their own proprietary java environment instead.
--
Twivel
Why would I want everyone who visits my homepage to know my phone number?
I think the infighting between KDE and Gnome is silly. The whole point about linux and free software is the choice it gives us. We all have the choice to choose between the many wonderful interfaces out there.
I don't personally use a "desktop environment", I use a window manager and an application launcher of some sort. But that doesn't mean I have the right to flame someone for using KDE or Gnome just because I choose to not use either of them. (I don't need drag/drop, desktop icons, a GUI file manager, etc anyway - I'm a command line freak.)
Anyway, for those of you who flame someone from either crowd, you just look childish - go light your pants on fire if you're that bored. Me, I've got better things todo - like contribute to some of the cooler open free software projects.
--
Twivel
There are plenty of office apps available for
linux right now that are either commercial or
free, but they are all native to the platform.
The reason to choose something that natively
runs on Linux is to support development efforts
for Linux software. Don't support companies
by purchasing software that is not available on
your platform of choice.
You could take it to the next level by supporting
only free software when available as well!
~
Twivel
Come now, the UltraSparc volumes would make intel and amd roll over laughing.
Lets hope the CPU Software is not easily programmed from the OS, otherwise it opens the door for a virus that could take out the CPU itself.
--
Twivel
I just tried talking to my palm. It didn't work
So I tried screaming it it. Still no luck. Am
I doing something wrong or is my palm defective?
~
Twivel
CmdrTaco,
Why would you wait until the lawsuit is over to
use DeCSS under linux? I'm sure you already
have a copy anyway.
~
Twivel
Adam,
Very well written article. One of the most
important foundations of a moral society is the
ability to own your own property and sell it as
you see fit.
The flip side of the coin is even as powerful.
The buyers have all of the power. Everytime
we buy a CD from the RIAA, we empower them to
act in a way that we disagree with.
If we boycot the RIAA because we don't believe
in their tactics, artists will be forsed to go
to different measures to distribute media so
they can still make a living and feed their kids.
You buck the system by talking with your money,
not by destroying the concept of civilization and
stealing property.
~Twivel
Look, this is a free market. They set the prices
to what people are willing to pay. Sure there
may be price fixing going on, but if enough people
really wanted to buy single songs - they would be
forced into selling single songs.
You are a buyer, you control the market, you can
change it with your spending habits. You cannot
destroy the entire market by stealing.
The RIAA is in this for money too. They have
something people are willing to pay for. As
long as that happens, they make lots of money.
The right way to deal with the RIAA is to talk
with your money in a legal fashion. If no-one
buys RIAA produced CD's, artists will tell the
RIAA off and look for other methods to distribute
their media.
!Twivel!
Take your argument to the logical extreme. A group devotes about six months coming up with enough songs for a CD, maybe purchases the rights to a song or two as well. The artist then spends another few months recording (and re-recording) the album in its entirety to get it right. (Hypothetical Numbers:) Five artists wages for 9 months: Salary for 9 months*6 artists: $270,000 (just assuming they only make 60k/year each) Studio Fees: $30,000 One CD Media costs: $.75 Distribution costs: $1,000 ----------------------------- $301,000.75 Now you're saying we should only have to pay for it once... so that first CD costs 301,000.75 and everyone else gets it for free from napster, right? Are you willing to buy that first CD? Now I'm not saying the current RIAA system is good. I don't believe it is. But the "paying for something once" idea to get music just means that fewer CD's are made. Fewer CD's means the price for each CD needs to be higher. I believe copyright laws are fair. I don't think the RIAA is fair - thats another debate. The artists themselves have every right under copyright laws to charge for music. You as a buyer have every right to not buy their music. But you don't have the right to listen to it without paying for it. If you take your argument of paying *one time* to the personal level, then I 100% agree. If I buy a single CD, I should not have to pay a license fee to copy it to mp3, tape, or whatever. If an artist wants to give his/her music away for free, that's another story. But artists need to eat just like software developers. His comparison of mp3's to software is perfectly relavent. If you want to release your software for free, PERFECT! If you choose to not release it for free, you should have to. Remember, there are two parts to the equation. A buyer and a seller. It's like a contract - both sides need to be happy with the deal. The seller doesn't have to make the music you like and you don't have to pay for music you don't like! !Twivel!
You have a point, but you are making a major flaw
in your reasoning.
The first person *never* *ever* pays the costs
to produce an item.
The cost to produce an item is spread out among
all purchasers of that item.
So lets talk manufacturing. Say the cost of
producting a motherboard is 70.00 (price of the
board, chips to solder in, labor to monitor the
machines that create it, labor to package it,etc)
You still have to add in the initial hundereds of
thousands of dollars to purchase the equipment
that mass-produces these items. You need to
spread that cost out among all purchasers.
What I'm saying is this: the tangible product is
usually *tiny* in price compared to the cost that
was incurred to actually produce the item.