yet, people choose air, road over rail to a truly massive degree all over the world, even in countries where the rail system is reputed to be superb.
Are you trying to imply that trains are running empty in those countries with superb rail systems? People in such countries use rail for different purposes than they use car or airplanes. Air travel is for long distance, rail is for medium distance and car is for short distance. At least, this applies to passenger travel in nations with affordable high-speed rail. Goods transport is a little bit different currently, but with increased environmental concerns, I think that we may see a shift back from lorries to rail for medium distance freight.
Are you claiming that it is possible to conduct a man-in-the-middle attack on an SSL connection without operating your own CA service and without inserting your CA certificate into the browser list of trusted CAs? Sorry, but I still think you are wrong then.
As to thinning the herd, that would be the biggest mistake.
Fortunately, that is simply not possible. Nobody has a mandate to declare that only a few distros can exist, and distro maintainers have to answer to no one guy. They can happily continue to maintain their distro forever, giving the "we must thin the herd" crowd the raised middle finger.
Heres an example, I have a production server I need to run VMware server on, if my running kernel doesn't exactly match one of the 50+ modules VMware was nice enough to compile and include (wasting their time), I have to keep a build toolchain on a production server just to install the kernel module. That is not acceptable.
Then why not keep a test machine with exactly the same configuration as the production server? This could have the build toolchain installed, and you could just transfer the modules to the production server.
Actually, I'm surprised that you don't already do this, as competent admins usually do.
Sorry, but multiple versions is holding Linux back at the enterprise level
Why is this only a problem for Linux? <sarcasm>Wouldn't it be better if there were only one or two manufacturers for cellphones, computer hardware, tv sets, cars, shoes, food, etc? It is so tedious to choose, why cannot the other manufacturers just go away and die, so that I won't have to choose which one to buy? Monopolies are A Good Thing.</sarcasm>
Actually, I think that this is a really shady practice. It would be much better to just disallow SSL from the library terminal. With an SSL proxy, it gives the appearance of a secure connection (the little padlock in the corner), while it really isn't. Given the average competence of sysadmins of libraries that I have visited that offer internet connection, I'd guess that the proxy is already cracked with some russian mafia dude capturing all interesting information passing through the proxy.
Since the hostname is embedded within the server certificate, the proxy cannot pretend that it is the server the user requested. The browser would still present a nice warning that something bad might be going on. It might be the case that this warning wouldn't come up if the ISP had managed to get a signed certificate for the remote site from a certificate authority, but that seem to be unlikely, as such a CA would be bust if it turned out that its services could not be trusted. The other option would be for the ISP to act as its own CA, but that requires it to install its CA certificate into the users' list of trusted CAs.
We do something similar to this on all our public Internet access PCs - every PC has our own root certificate installed on it and all connections from the PCs to any port 443 host outside our network is routed through a transparent proxy that decrypts the connection at the proxy, then generates a new certificate (that is then cached for later access) signed by our root cert, reencrypts the connection and passes it back to the PC.
Won't this still cause the web browser to complain that the certificate does not match the host name?
While probably your distro X is packaging Linux software (a truly wonderful thing), let's not forget that Novell are the ones ensuring that developers can work on this free software.
My distro is Red Hat. Anything else that you have to say?;)
Only Microsoft knows that, but it is a suspicion I've had for some time. Issuing public threats is bad PR, and would only be done in an emergency. If Vista and Office 2007 sales were shooting through the roof, why hurt the company's reputation by starting to make vague threats left and right?
Care to elaborate? I installed Fedora 7 on my laptop two weeks ago, and it is arguably the best distro I have ever tried. What is it that makes it crap in your eyes?
I hate Linux man pages for that reason. Put a sample in there!
I suggest the Perl man pages then, they have a good number of examples. I'd say most Perl functions I have looked up in the man pages have at least one but often several examples of its use.
Why, pray tell, would any 'average' user wish to dick around with vi and text-editting config files? Hint: They wouldn't.
True, but I also think that most average users would take a text-based configuration file, especially one with instructive comments, over the Windows Registry any day of the week.
I'm not saying that registry editing is a usual occurrence, but sometimes it needs to be done, and I would prefer clear text files every time. Especially those parts of the registry indexed on class GUID are really opaque.
Ehrm, what? Every operating system and application need to be compiled to run. I guess that you mean compiling yourself, but that would still be wrong, as applications does not automatically become smoother just because you compile them yourself.
SP2 for XP was pretty significant; I think that's when the built-in firewall was added
Umm, no, that was when they actually enabled it on default and made the configuration slightly more accessible through the use of the new Security Center. The firewall itself existed from day one of Windows XP, but it was turned off by default.
There's probably more examples, but I'm having a hard time picturing XP SP1, let alone pre-SP1.
Unlike SP2, SP1 did not have any visible differences from pre-SP1, it was just a packaged bunch of security updates and possibly some other updates. The difference to the user was pretty much nil.
It is true that the individual electron's travel near the speed of light
Ehrm, no. The electrons in an electric current travel very slowly, in the order of a few feet per second (maybe even lower). The signal on the other hand is propagated at a very high speed, such as a significant fraction of the speed of light. To use an analogy: Imagine that you have a thin pipe filled with peas. If you push another pea into one end, a pea will almost instantaneously fall out the other end. The peas themselves just moved a short distance though.
Slashdot Mirror
Are you trying to imply that trains are running empty in those countries with superb rail systems? People in such countries use rail for different purposes than they use car or airplanes. Air travel is for long distance, rail is for medium distance and car is for short distance. At least, this applies to passenger travel in nations with affordable high-speed rail. Goods transport is a little bit different currently, but with increased environmental concerns, I think that we may see a shift back from lorries to rail for medium distance freight.
Are you claiming that it is possible to conduct a man-in-the-middle attack on an SSL connection without operating your own CA service and without inserting your CA certificate into the browser list of trusted CAs? Sorry, but I still think you are wrong then.
Fortunately, that is simply not possible. Nobody has a mandate to declare that only a few distros can exist, and distro maintainers have to answer to no one guy. They can happily continue to maintain their distro forever, giving the "we must thin the herd" crowd the raised middle finger.
Then why not keep a test machine with exactly the same configuration as the production server? This could have the build toolchain installed, and you could just transfer the modules to the production server.
Actually, I'm surprised that you don't already do this, as competent admins usually do.
Why is this only a problem for Linux? <sarcasm>Wouldn't it be better if there were only one or two manufacturers for cellphones, computer hardware, tv sets, cars, shoes, food, etc? It is so tedious to choose, why cannot the other manufacturers just go away and die, so that I won't have to choose which one to buy? Monopolies are A Good Thing.</sarcasm>
Actually, I think that this is a really shady practice. It would be much better to just disallow SSL from the library terminal. With an SSL proxy, it gives the appearance of a secure connection (the little padlock in the corner), while it really isn't. Given the average competence of sysadmins of libraries that I have visited that offer internet connection, I'd guess that the proxy is already cracked with some russian mafia dude capturing all interesting information passing through the proxy.
Since the hostname is embedded within the server certificate, the proxy cannot pretend that it is the server the user requested. The browser would still present a nice warning that something bad might be going on. It might be the case that this warning wouldn't come up if the ISP had managed to get a signed certificate for the remote site from a certificate authority, but that seem to be unlikely, as such a CA would be bust if it turned out that its services could not be trusted. The other option would be for the ISP to act as its own CA, but that requires it to install its CA certificate into the users' list of trusted CAs.
That is a prime example of a man-in-the-middle attack. If SSL would not protect against it, I'd be very concerned, and very surprised.
Won't this still cause the web browser to complain that the certificate does not match the host name?
My distro is Red Hat. Anything else that you have to say? ;)
Only Microsoft knows that, but it is a suspicion I've had for some time. Issuing public threats is bad PR, and would only be done in an emergency. If Vista and Office 2007 sales were shooting through the roof, why hurt the company's reputation by starting to make vague threats left and right?
The name you are looking for is Alexis de Tocqueville Institute.
Care to elaborate? I installed Fedora 7 on my laptop two weeks ago, and it is arguably the best distro I have ever tried. What is it that makes it crap in your eyes?
No, but why pay for Windows if you're just going to delete it when the computer is delivered?
I didn't say that they was no new functionality, only that higher reliability does not qualify as such.
I suggest the Perl man pages then, they have a good number of examples. I'd say most Perl functions I have looked up in the man pages have at least one but often several examples of its use.
True, but I also think that most average users would take a text-based configuration file, especially one with instructive comments, over the Windows Registry any day of the week.
I'm not saying that registry editing is a usual occurrence, but sometimes it needs to be done, and I would prefer clear text files every time. Especially those parts of the registry indexed on class GUID are really opaque.
Ehrm, what? Every operating system and application need to be compiled to run. I guess that you mean compiling yourself, but that would still be wrong, as applications does not automatically become smoother just because you compile them yourself.
It can be used as a desktop system. If it weren't meant to, they would hardly include Compiz in the distro.
And Ballmer wants your chair.
Higher reliability hardly qualifies as new functionality. It is simply a correction of their previous screwup.
Umm, no, that was when they actually enabled it on default and made the configuration slightly more accessible through the use of the new Security Center. The firewall itself existed from day one of Windows XP, but it was turned off by default.
There's probably more examples, but I'm having a hard time picturing XP SP1, let alone pre-SP1.Unlike SP2, SP1 did not have any visible differences from pre-SP1, it was just a packaged bunch of security updates and possibly some other updates. The difference to the user was pretty much nil.
One could guess that the same thing happens inside the United States, not just abroad.
Ehrm, no. The electrons in an electric current travel very slowly, in the order of a few feet per second (maybe even lower). The signal on the other hand is propagated at a very high speed, such as a significant fraction of the speed of light. To use an analogy: Imagine that you have a thin pipe filled with peas. If you push another pea into one end, a pea will almost instantaneously fall out the other end. The peas themselves just moved a short distance though.
They might not need a warchest of money, but rather a warchest of already signed deals.