Actually, coordinated releases are fairly common in the security world. It's not RedHat, it's everyone. These days, it's seen as irresponsible to release a security-related bug without giving the automated patching systems a chance to prepare (or the vendor a chance to respond). The idea is to minimize the time between the announcement of a bug, and the end-users getting patched.
The problem here isn't that practice. The problem is, a huge chunk of Moz's users are not using a distro's central patch system, since they're using Windows. In that situation, the argument for coordinating loses a lot of strength.
Honestly, Mozilla is in a lose/lose situation here.
If they hold on to fixes until all the distros are ready, they get beat up for slow patch times compared to MS. If they release immediately, they get beat up by the distros for not coordinating with them.
I think this is coming up because Moz is one of the first high-profile OSS projects to support both Linux/BSD and Windows. If this were (like most other Linux/BSD apps) an OSS-OS only app, then the lack of coordination would be a real issue. But, for the Windows folks, there isn't a distro to coordinate with, so Moz has to release as soon as possible. I'm with Moz on this, honestly.
And her mother and son? Are they public figures? How many steps away does one have to be to be considered a "private" figure? A friend? Cousin? Is it okay for my personal details to be plastered across the net because I used to be a tech for a news organization (some of my friends are reporters, after all)?
You argument is nonsense. The O'Gara story *was* a huge violation of Journalistic Ethics. Not just because of the publishing of PJ's info, but the stalking and publishing of her family's info. *That* was one of the major problems.
I would like to repeat a request to the Slashdot coders that I made earlier:
Can we have a new moderation type: "-1 Wrong", please?
The above comment is just calling out to be moderated "Wrong", because it, simply, is wrong. They're wording it politely enough to avoid the troll & flamebait tags...but they're still just wrong.
I also think PJ's smart enough to see the trap here: if she sues MOG, she becomes a party in the lawsuits and mud, which gives SCO, et al, even more ammunition to fire at her that she's not impartial.
If (as seems likely) SCO was feeding O'Gara info, then PJ becomes a litigant directly against SCO, which would allow them to totally dismiss her comments as the rantings of an opponent in a lawsuit.
Ms O'Gara has been publishing a series of articles on the ongoing IBM vs SCO case that were....unusual. She generally was pro-SCO, overlooked problems with the SCO case, etc, etc.
The trigger for this whole fiasco, though, was a recent article by her. It was, to be blunt, venemous, and dirty. It published details about PJ (the maintaner of Groklaw)'s home address, her mother's home address, some supposed details about her religion, and used all of this in a really nasty attempt at ad hominem to conclude that groklaw was run by crazies who wouldn't know logic if it hit them in the face.
It has, thankfully, blown up in Ms O'Gara's face, which goes to show that there is some small sliver of justice in the world.
I know this is offtopic, but I'd like to make a request of the Slashdot coders:
Can we add a moderation type? Specifically, I'd like to add "Wrong (-1)" for posts that are simply factually incorrect. The parent post, for example, I would love to mod "Wrong". It doesn't rise to the level of flamebait, it's not redundant, it's not overrated...it's wrong.
heh. Have a look at www.yahoo.com...they're at 60 seconds. Yay Akamai.
(For those that haven't messed with Akamai, they're intentionally setting the TTL insanely low to force clients to re-request often...Akamai uses the response they give as a way of doing path optimization to clients. It's ugly, but it kinda works.)
Honestly, I think the Bitkeeper thing is about a legitimate concern. I understand the fight there. I think part of what SCO did was make the community focus on those sorts of fights rather than the more petty ones (*cough cough KDE vs Gnome cough*). There's no way a group this size will never have fights, but a common enemy makes you prioritize your fights a bit better.
I'll go farther: This is an incredibly stupid idea. It will only convince businesses that the Linux/free software folks really are the communist, business-hating zealots that they're painted as.
If you're not distributing your work, there's no reason why you should be forced to open your code or pay some silly fee.
let me remind you that you can use just as well a reqular sql server to store your content information
...except for images, (external) documents (such as pdfs,.docs, etc), authentication information, authorization information...I could go on, but you get the idea.
Don't get me wrong, I think zope/plone is very powerful, but one of my requirements when looking at zope was that it be able to use a database backend that we could hand to our DB group & have them manage...psycopgdb worked if we only wanted text & numbers (and were okay with re-building the access table if the zope box ever died)....when we tried to put jpg's and.doc's in there, it failed miserably.
Believe it or not, there is some friction up there in orbit, even though we describe it as "hard vacuum." There's not much, granted, but there's enough drag that it will eventually pull the Hubble (and anything else in orbit) down into the thicker atmosphere. Most all satellites have some thrusters/rockets built in to them to allow them to self-correct their orbits...but, those require fuel...once the satellite's out of fuel, it's coming down...the only question is where.
You sure? I think it's just that google has too many vowels for your standard Czech to feel comfortable with.
Re:I hope you have more security than CID..
on
Build Your Own PBX
·
· Score: 1
Yeah, but to spoof a number on his whitelist, the caller has to know his whitelist. Which means they have to know him. This is rare. It's much like UDP rules on a firewall...sure, they're spoofable, but you have to know which source to spoof to get through.
Is it foolproof? No. Will it help in the vast majority of cases? Absolutely.
Relying on the registrars to police this is asking for failure. How do you decide which overlaps are allowed? Do they only look for well known ones (well known to whom)? Ones that pay for the service? Any overlap?
The brutal fact is, punycode is poorly designed. I agree that internationalized domain names are a good thing...but pure punycode is not the way to do it. Until we have a good way to handle the problems that punycode's design brings up, we should disable it by default. Once we have a handle on it, and agreement on what the standards are, then turning it back on by default is a reasonable step.
Not if they're your faction. There's no intra-faction PvP. What you need to do is talk some of the other faction into going after the guy, which is hard, since you can't communicate between factions.
I know the point of this is to be available in developing countries, but I can see this being very popular in "first-world" countries as well. (heck, I'd buy one) They may have to control how they're sold/distributed to keep the developed world from snapping them all up.
I know it's bad form to reply to your own posts, but having re-read the Ask Slashdot question (reading comprehension good), it seems he's not looking for a list of good open-source tools. Instead, he's looking for a discussion of "why you don't need to spend thousands of dollars" on expensive tools.
Ummm...'cause tools with the same functionality are available for free? Seriously, I think part of it's just social...the hackers who write the tools tend to be more the open-source mentality than the corporate thought-process.
The other reason they may want to be a registrar is to avoid what happened to panix a few weeks ago.
For those that missed it, panix.com got hijacked because a domain re-seller (melbourne IT) didn't check that their customer (the supposed recipient of the domain transfer) had the proper authorizations in place to request a registrar move for panix. Panix had (apparently) forgotten to request a registrar lock on their domain, and their registrar didn't protest the move, so the request went through, moving panix to a new registrar. Once it was moved (changing ownership in the process), changing the authoritative DNS servers for it was easy...hence, hijack.
If google were their own registrar, they could enforce their own registrar lock for google.com, as well as setting up automatic refusals for any attempt to transfer google.com.
It wasn't mine...I was correcting a flaw in the original poster's example, which allowed you to weasel out of answering the main question. Unfortunately, you did it again with my correction. So, I will ask the question straight up, without examples, as you seem to be avoiding it:
Does legality = morality?
The original quote that started this (now massively off-topic) thread claimed absolutely yes. Others took issue with it. You have not defeneded that answer, only attacked the examples.
Okay, change the analogy, then: are sweat-shops "free-market capitalism"? They're not "feudal history" since they're happening now, and they are legal by the standards of the countries they exist in...the question is: are they okay? Is it morally okay to do something just because it's legal?
Slashdot Mirror
Actually, coordinated releases are fairly common in the security world. It's not RedHat, it's everyone. These days, it's seen as irresponsible to release a security-related bug without giving the automated patching systems a chance to prepare (or the vendor a chance to respond). The idea is to minimize the time between the announcement of a bug, and the end-users getting patched.
The problem here isn't that practice. The problem is, a huge chunk of Moz's users are not using a distro's central patch system, since they're using Windows. In that situation, the argument for coordinating loses a lot of strength.
Honestly, Mozilla is in a lose/lose situation here.
If they hold on to fixes until all the distros are ready, they get beat up for slow patch times compared to MS. If they release immediately, they get beat up by the distros for not coordinating with them.
I think this is coming up because Moz is one of the first high-profile OSS projects to support both Linux/BSD and Windows. If this were (like most other Linux/BSD apps) an OSS-OS only app, then the lack of coordination would be a real issue. But, for the Windows folks, there isn't a distro to coordinate with, so Moz has to release as soon as possible. I'm with Moz on this, honestly.
And her mother and son? Are they public figures? How many steps away does one have to be to be considered a "private" figure? A friend? Cousin? Is it okay for my personal details to be plastered across the net because I used to be a tech for a news organization (some of my friends are reporters, after all)?
You argument is nonsense. The O'Gara story *was* a huge violation of Journalistic Ethics. Not just because of the publishing of PJ's info, but the stalking and publishing of her family's info. *That* was one of the major problems.
I prefer this way:
named.conf:
zone sys-con.com{
type master;
file sys-con.com.blackhole;
};
zone sys-con.tv{
type master;
file sys-con.tv.blackhole;
};
put an SOA for sys-con.com and sys-con.tv in the respective files, and a wildcard A record pointing to 127.0.0.1.
Poof...sys-con's gone. Doesn't matter what they change their names to.
I would like to repeat a request to the Slashdot coders that I made earlier:
Can we have a new moderation type: "-1 Wrong", please?
The above comment is just calling out to be moderated "Wrong", because it, simply, is wrong. They're wording it politely enough to avoid the troll & flamebait tags...but they're still just wrong.
I also think PJ's smart enough to see the trap here: if she sues MOG, she becomes a party in the lawsuits and mud, which gives SCO, et al, even more ammunition to fire at her that she's not impartial.
If (as seems likely) SCO was feeding O'Gara info, then PJ becomes a litigant directly against SCO, which would allow them to totally dismiss her comments as the rantings of an opponent in a lawsuit.
Ms O'Gara has been publishing a series of articles on the ongoing IBM vs SCO case that were....unusual. She generally was pro-SCO, overlooked problems with the SCO case, etc, etc.
The trigger for this whole fiasco, though, was a recent article by her. It was, to be blunt, venemous, and dirty. It published details about PJ (the maintaner of Groklaw)'s home address, her mother's home address, some supposed details about her religion, and used all of this in a really nasty attempt at ad hominem to conclude that groklaw was run by crazies who wouldn't know logic if it hit them in the face.
It has, thankfully, blown up in Ms O'Gara's face, which goes to show that there is some small sliver of justice in the world.
I know this is offtopic, but I'd like to make a request of the Slashdot coders:
Can we add a moderation type? Specifically, I'd like to add "Wrong (-1)" for posts that are simply factually incorrect. The parent post, for example, I would love to mod "Wrong". It doesn't rise to the level of flamebait, it's not redundant, it's not overrated...it's wrong.
heh. Have a look at www.yahoo.com...they're at 60 seconds. Yay Akamai.
(For those that haven't messed with Akamai, they're intentionally setting the TTL insanely low to force clients to re-request often...Akamai uses the response they give as a way of doing path optimization to clients. It's ugly, but it kinda works.)
Honestly, I think the Bitkeeper thing is about a legitimate concern. I understand the fight there. I think part of what SCO did was make the community focus on those sorts of fights rather than the more petty ones (*cough cough KDE vs Gnome cough*). There's no way a group this size will never have fights, but a common enemy makes you prioritize your fights a bit better.
I'll go farther: This is an incredibly stupid idea. It will only convince businesses that the Linux/free software folks really are the communist, business-hating zealots that they're painted as.
If you're not distributing your work, there's no reason why you should be forced to open your code or pay some silly fee.
I hope this whole story is a troll...I really do.
And I thought: flying squirrels? TiVo? Really?
Don't get me wrong, I think zope/plone is very powerful, but one of my requirements when looking at zope was that it be able to use a database backend that we could hand to our DB group & have them manage...psycopgdb worked if we only wanted text & numbers (and were okay with re-building the access table if the zope box ever died)....when we tried to put jpg's and
Believe it or not, there is some friction up there in orbit, even though we describe it as "hard vacuum." There's not much, granted, but there's enough drag that it will eventually pull the Hubble (and anything else in orbit) down into the thicker atmosphere. Most all satellites have some thrusters/rockets built in to them to allow them to self-correct their orbits...but, those require fuel...once the satellite's out of fuel, it's coming down...the only question is where.
You sure? I think it's just that google has too many vowels for your standard Czech to feel comfortable with.
Yeah, but to spoof a number on his whitelist, the caller has to know his whitelist. Which means they have to know him. This is rare. It's much like UDP rules on a firewall...sure, they're spoofable, but you have to know which source to spoof to get through.
Is it foolproof? No. Will it help in the vast majority of cases? Absolutely.
I'm completely lost
The problem is, right now so are the Europeans.
Summary, for those too lazy to click: 9/10 Europeans polled in January knew "little or nothing" about the European consititution.
The brutal fact is, punycode is poorly designed. I agree that internationalized domain names are a good thing...but pure punycode is not the way to do it. Until we have a good way to handle the problems that punycode's design brings up, we should disable it by default. Once we have a handle on it, and agreement on what the standards are, then turning it back on by default is a reasonable step.
</security curmudgeon >
Not if they're your faction. There's no intra-faction PvP. What you need to do is talk some of the other faction into going after the guy, which is hard, since you can't communicate between factions.
I know the point of this is to be available in developing countries, but I can see this being very popular in "first-world" countries as well. (heck, I'd buy one) They may have to control how they're sold/distributed to keep the developed world from snapping them all up.
I know it's bad form to reply to your own posts, but having re-read the Ask Slashdot question (reading comprehension good), it seems he's not looking for a list of good open-source tools. Instead, he's looking for a discussion of "why you don't need to spend thousands of dollars" on expensive tools.
Ummm...'cause tools with the same functionality are available for free? Seriously, I think part of it's just social...the hackers who write the tools tend to be more the open-source mentality than the corporate thought-process.
Snort's not really a pen-test tool, though.
For pen-testing, check out the Metasploit framework. It's truly cool.
Also, have a look for scanrand, part of paketto keiretsu (doxpara.com appears to be having trouble right now, so don't go looking right now).
There's always the old standbys, as well, like dsniff.
The other reason they may want to be a registrar is to avoid what happened to panix a few weeks ago.
For those that missed it, panix.com got hijacked because a domain re-seller (melbourne IT) didn't check that their customer (the supposed recipient of the domain transfer) had the proper authorizations in place to request a registrar move for panix. Panix had (apparently) forgotten to request a registrar lock on their domain, and their registrar didn't protest the move, so the request went through, moving panix to a new registrar. Once it was moved (changing ownership in the process), changing the authoritative DNS servers for it was easy...hence, hijack.
If google were their own registrar, they could enforce their own registrar lock for google.com, as well as setting up automatic refusals for any attempt to transfer google.com.
Way to dodge your last one!
It wasn't mine...I was correcting a flaw in the original poster's example, which allowed you to weasel out of answering the main question. Unfortunately, you did it again with my correction. So, I will ask the question straight up, without examples, as you seem to be avoiding it:
Does legality = morality?
The original quote that started this (now massively off-topic) thread claimed absolutely yes. Others took issue with it. You have not defeneded that answer, only attacked the examples.
Okay, change the analogy, then: are sweat-shops "free-market capitalism"? They're not "feudal history" since they're happening now, and they are legal by the standards of the countries they exist in...the question is: are they okay? Is it morally okay to do something just because it's legal?