Sure we have NFS, and use it to good effect. I never said that it can't be done... just that the overhead involved is not, in my opinion, worth it.
however, whether you scp the directory over, or share it out via NFS... you are still doing a make install on every machine, AT BEST. (at worst your doing full compiles everywhere, whcih doesn't so much work with NFS unless you want to either do machines serially, or copy the directory locally)
You still have no registry of what file is installed where from what package (which a package manager gives you, or at least any one worth its salt, and even several that arn't).
I maintain that packages make much more sense in large corperate environments. Its not that you can't develop processes around source distribution, I just maintain that the benefits are few, and far outweighted by the costs.
Negligable performance increase, no security increase (unless you are personally auditing, in house, the code before you compile and install it), AND you miss out on the nice features of package management. Hardly a win there.
Yes, there are times when a source based distro is good. There are times when you NEED the level of control that it gives you.
Most jobs, in most environments don't. In fact, most sysadmins that I have seen just don't have the resources to exert that much control, or put that much love and care into every system.... nor should they.
I have said before, in specific cases (research computing clusters where you essentially have 3 machines, one of which is copied n times as "nodes" that can be reimaged from a new image pretty much at will - is the one case where I have really seen it used to good effect) source based distros are great. Of for your hobby machine, or you r laptop.
As soon as you start talking less about "running linux" and more about "deploying services", the focus shifts. Source based distros are a management nightmare in any manner of large or hetrogeneous environment.
Frankly, the majority of systems that I have had responsibility for havn't even had a compiler on them, never mind a full blown development environment, usually not even library headers.
Why? Because we don't want admins compiling code on just any box and tossing it in place. So, why make it easy for them to do so? Nothing should EVER EVER EVER be compiled on the production mail server, or the web server.... it should be compiled on the compiler machine, the dev box.
When you start making distinctions between the roles of boxes like that, as you should do in any larger environment, then you start to see the benefits of a source based distro melt away, and the real power of package management come into full effect.
Most linux users, the home user, will never see this. I know I didn't understand it until I had been doing it for a living for a few years.
They are not only wrong in their conclusion, but the article barely scratches the surface of the question.
Put simply, compiling software on your own is fine for a one off, or your desktop, or your hobby machine.ou.. or if you either a) need the latest wizbang features (and maybe can put up with the latest gobang bugs) or b) need really specific version control or c) can't find a precompiled package with the right ompile time options set.
Other than that, you should pretty much always use pre-built.
Sure, you can build your entire system from scratch if you like, libc on up. Why? The performance increase will be so minor that you will have to run benchmarks if you even want to be able to tell there was a change. You will then have to recompile everything you ever decide to update.
This strategy is a nightmare as the systems get more diverse and complex.
it also has nothing to do with deployment. Deployment is what you do after you have decided what you want and made it work once. Deployment is when you go and put it on some number of machines to do real work.
I would love to see them talk more about the differences in deployment. With precompiled packages from the os vendor, ala debian or redhat, its easy. You use apt-get or rpm and off you go. Maybe you even have a redhat network satalite or a local apt repository to give yourself more control. Then you can easily inject local packages or control the stream (no, sorry, I am NOT ready to upgrade to the new release)
but should you compile "most of the time"? hell no!
It is, in fact, the vast minority of software where you really need the latest features and or special compile options. Its the vast minority of the time where the performance increase will even be perceptable.
Why waste the time and cpu cycles? Takes over a day to get a full gentoo desktop going, and for what? I can have ubuntu installed and ready to go with a full desktop in maybe 2 hours.
Lets take the common scenario.... new openssl remote root exploit comes out. The email you read just basically said, in no uncertain terms, that half your network is now just waiting to be rooted by the next script kiddie who notices. Thats lets say... 50 machines.
Now your job is to deploy a new openssl to all these machines.
You could notice that the vulnerability came out in such a time frame that they allowed the OS vendors like debian to release fixes (often happens, if not they are usually out within a very reasonable time frame)... so you hit apt-get update && apt-get upgrade
or maybe you just promote the packgae into your repository, and let the automated updates deploy it for you. You go home, have a coffee, and be ready to log in remotly if anything goes tits up.
Now if you are hand compiling what do you do? Compile, test. And then um.... ahh... scp the dir to 49 machines and ssh in and do a make install on each?
How is this better than using a package manager again? Now you ahve dirs sitting around, you have to hope that your compile box is sufficiently similar to the other boxes that you didn't just add a library requirement (say because configure found that yoru dev box has libfuckmyshit.so installed and this neat new bits of openssl can make use of it)
How about when a box crashes and burns and you now need to take your lovingly handcrafted box, and rebuild it, and put all that lovingly compiles software back on it.
Fuck all that... give me a good binary distro any day of the week. I will hand compile when I HAVE to... and not before.
I went through massive caffine withdrawls in High School once. It was horrid. After that I developed a different way of working with caffine.
Still to this day, I tend to like alot during the work day... but if I continue caffine past the end of the work day, its horrid for my sleep. (instead of awake to asleep in 5 minutes, it can take 2 hours, if i have even 1 cup of coffee within 5 hours or so of sleep)
Anyway, I tend to drink alot, until I hit the very first morning headache before my coffee... then I go cold turkey for at least a week. (unless i have a deadline or other reason to need to dip a little further into the addictive cycle, but I never let that last more than an extra day or two)
Its workign so far. Lately I have found half-caf to be key. I like to drink so much coffee that if I drink it full strength, then I am so buzzed by about 1 pm that I can't focus on anything, I am just jumpy and excited.
I dunno... its what works for me. I do have to wonder, how much of these heart effects were "coffee" specifically, and how many were just caffiene? Admittedly, for the average person, coffee is the most caffinated drink that they encounter, and most regularly, so even if it is caffine solely causing these effects, its still coffee doing it most of the time... but... it does beg the question, doesn't it?
Just like I don't have an IDS that pages me on port scans... my house doesn't have a doorbell either. You either knock and get lucky, or call me. If you don't know my number, chances are, I didn't want to open the door for you anyway.
> but that definition doesn't include retards, people in > comas, or people under the age of (let's say around) 5 > years old.
Yah pretty much. However I would argue something closer to 2 or 3, have to cut it off somewhere and the beginings of learning language seem like a good cut off.
Coma? Well a person in a comma can recover. So I think we should generally let them. However, if their prognosis is that they wont recover or will be nearly brain dead.... then may as well call a spade a damned shovel and let them finish dieing.
Retards? Functional retards are one thing, but if they really just arn't ever going to be anything more than a burden on society, then I say treat them as pets. If their fammily wants them, or someone wants to adopt them, then fine. Certainly outlaw all manners of abusing them. However, otherwise, put them down.
Im all about valuing sentient beings, human, alien, or computer. However, it is not life (a mere chemical/biological process), its society. We all have to live together and share the worlds resources. Its simple social contract.
I dunno, if port 139 is open... then port 139 is open. I should now be asked to second guess the owner of the machine?
I really think we need to shift the analogy a bit. A person who connects to a port and completes a TCP handshake has just made a connection to a process on the machine that was being made available.
This is more akin to entering your enclosed porch to ring your doorbell (assuming your doorbell is on the inside of the porch, rare, but ive seen it) than it is to comming into your house. Hes there, he can ring the bell, or ask your butler (the deamon) for service etc.
Its up to the deamon to turn them away now or grant them entrance. Now, if this was about compromising deamons, thats breaking in. I would contend that everything right up to the point of actually subverting an access control, is asinine to consider anything but innocuous.
Of course we don't totally disagree here... the thing is, thats just a bad physical analogy. In fact, most analogies to the physical world break down pretty badly here.
The thing is, unlike walking down the street, you can't just glance around, back and forth, and see whats what. You can't say "oh thats a private residence" "oh thats a bar" "oh theres a function room". There are no street signs, or door bells, or much of anything.
However to use a physcial analogy. Sysadmins that call port scans "attacks" remind me of old people that never leave their house, but are always looking out the window and casting a jaundice eye on everything people do around them.
Always looking for some new boogyman to add some excitement to their otherwise mundane existance.
Whereas I am of the other mind... port scans are so frickin common, who even cares anymore?
I mean its public. If you didn't want people to poke at the machine, you shouldn't have installed it on a public network?
Frankly, I see port scanning as a completly legitimate way of seeing what services a host offers to the public. The ONLY reasonable assumption to make when a machine is connected to the net, and responds with a valid tcp handshake, is that it was intended for net users to connect to it.
Maybe there is further access control, maybe there isn't. Certainly circumventing access control is another story entirly, however, just scanning for open ports, or connecting to them to see if there is a service there that is available to the public? I see absolutly nothing wrong with that.
Even if I did, who would really care? I have much better things to do than contact ISPs and bitch about people sending me packets. I will reserve that for when I actually catch someone trying to bypass access controls or pound some shell code through an exploit.
In fact, I get hit with enough failed attempts at exploits that its not even worth bothering. shit, the net just isn't a very safe place, it would be best if we just accept that and stop trying to pretend that its not.
frankly, everything this professor asked for should fall far below the level of normal noise on the network. Wake me up when he asks them to deploy a botnet.
these machines are offering public services. All they are being asked to do is scan to see whats being publically offered, and check it out.
Not break in, not subvert the security, just check it out. Connect to the webserver and talk to it. No shell code, no expliots, just do a get request and read the fucking headers. This is all publically available info... hardly much different than walking up and down the street checking out peoples bumper stickers.
Frankly, if a machine is on the net, and it responds to a request to open a connection on a port with a valid handshake, then the ONLY REASONABLE ASSUMPTION is that this is INTENDED to be used by the public. If there are further locks keeping you out beyond that (logins with passwords, tokens etc) then... well thats that... but up to that point, you have to assume its ok to connect. This is a public network.
As an admin myself, I don't open up ports and make them publically accessable unless I damned well intend to do so. Then, I don't bitch about when people connect to them, or scan me.
Why complain about what you have no control over? Maybe you shouldn't have been a dumbass and set your IDS to alert you every time some dickhead port scans your network? Maybe if you are getting paged every 5 minutes because some innocuous packet entered your network to a port you didn't want it to, maybe...just maybe.... its your fault for setting up paging rules without investigating the situation and determining if it really is that important?
Maybe if its really so vital... you should firewall the fucker? or turn off the service? Or come up with access control rather than access complaints?
Perhaps this skew starts to happen because, freed from simple accountability (that is to say that as it becomes harder to associate you with your online identity, the bar is raised for holding you accountable, thus lowering the bar of what behaviour is safe for you to engage in)... people realise that some of our social norms, like not using phrases like "sloppy seconds" is well... silly.
I mean, these rules of social norms really serve no purpose. However in the "real world" where you may expect to be held "accountable" for certain things, one may be more conservative out of fear of reprisal than they really need to be. Perhaps in the relative anarchy of the "digital world", its not so much that we are getting more vulgar, but that we are realising that our standards for vulgarity are arbitrary and not really useful in any real way.
I always liked Chomsky's definition of anarchism as "the tendancy in human thought to oppose uneccissary forms of order". It seems appropriate here. Maybe some of the social norms that have grown up in the old climate just arn't as important as we assumed them to be, and the new more free situation of the internet is allowing people to transend these arbitrary rules that have long since ceased to have any real value (if they ever did)
Its like the people who want to give kids shit for "swearing". They say stupid things like "if you have to swear then you must have a small vocabulary"... so we are complaining about the size of ones vocabulary, and the implied answer is to remove words that function perfectly adequetly for expressing what we use them for... huh?
Why can't I get up in a buisness meeting and say "well this companies product is a peice of shit and we shouldn't choose it because..."
Sure I could have used a number o fphrases in my summary statement, but lets face it, everybody knows what shit is, and everybody knows what you do with shit... its a PERFECT analogy for what I think the product is worth and what we should do with it.
I have always felt the problem here is one of terms.
"Human Life" What do we mean by that? I mean... if I scrape skin cells off my arm, live ones that is, is that not human life? If I culture my own skin cells in a petri dish, they have 46 chromosomes. Are they not human life?
Are they not every bit as much human life as a fetus? I am not aware of it ever having been written that All living things with 46 chromosomes are endowed by their creator certain inalienable human rights.
Simply I think we need to recognize that "human rights" are endowed by social contract. "In the wild" one has no rights, because there is nothing but the laws of physics to restrict you. Once you enter into society, in order to live with others, we make concessions, including ceeding to everyone else their own right to make their own decisions for themselevs.
A fetus has no mental capacity, cannot pass a turing test, in short, is not a member of society. Hence, has no rights. An injury to it, should be considered no different than any other injury to its hosts body, until such time as it is born and learns enough language to pass a turing test (thus raising the specter of internal consciousness)
I see human rights as ONLY arising from the intersection of that specter of consciousness and the needs of the people around to live in peace with eachother.
I thought the entire discussion was whether tossing out a completly untestable hypothetical and ending it with a "maybe not" was an aacceptable argument.
Its complete fallacy. Would they have done it without violent video games? well fuck lets go get a time machine and test that one out.
May as well go back and test out aborting them... its an equally valid argument.
And its not about whether a fetus is a human life on abortion either. Its about whether a fetus deserves protection of "basic human rights". _I_ would argue that basic "rights" shouldn't be afforded to anything that can't pass a turing test (yes, I realise I am arguing that there is no moral problem with infanticide, and I mean that too)
I sort of assumed that it was more an issue of looking for a solution for a team of admins. You know... like I can put the cool tools I like in my home dir on all the machines I touch, but installing it for everyone else to use requires aproval.
Also, ssh macros shared on a team seems fine to me. Its still only triggered when an admin is using it, and its not installed on the machine. Nobody has to go in as root and start pushing files around (or tell the distribution engine to push it out to the machines)... you just pass it around to the admins as a tool that you use.
I guess whether its an appropriate solution or not depends as much on the details of the policy as anything else. Is it simply an end run around the policy? Its realy hard to tell from the question, honestly, I think its as much a misunderstanding about how ssh works as anything else.
You are absolutly right... yet so absolutly wrong.
Evolution is a theory, or rather Natural Selection is a theory, evolution is kind of the name given to the overall progression of natural selection over time, but why split hairs? we know what we mean right?
Anyway, no theory is ever proven. A theory is just a model that explains all of the available data. Which evolution/natural selection has done quite admirably.
if anybody ever actually comes up with data to the contrary, then natural selection will need to either be replaced or modified to fit the new data.
Frankly though, I think that "evolution" is on aproximatly sturdier ground than current theories on gravitation.
No, he is managing machines where he has to get aproval before using that write access. Maybe you have heard terms like "change management" or "production support".
sure he could probably go and do it unilatterally, but thats a move that doesn't have alot of CYA in it. CYA is alot more important in some places than others.
That said its not all about CYA, sure change management processes are often slow, and tedious, and often seem pointless for small changes.... but... nobody ever made a system problem worst by documenting their work.
Would you have responded to my post saying that these same kids wouldn't have done their deed if they had been aborted if you had been aborted? Definitly not!
> There is no requirement for laws to make sense however:)
Yes, but the law doesn't say that. He said you could make a case for implied license or an implied contract. Implied contract may be rare and somewhat interesting to make a case for in court, however, I think this is a strong case for one.
Afterall, its obvious just from how computers work, which both the purchaser and the seller obviously know (as one would have no need to buy and the other no ability to produce and sell without some level of such knowledge... even if that knowledge is limited to "I put the disk in the drive and click the button"), that anyone buying this is buying it explicitly for the purpose of running it in a computer.
Thus, if the absurd did happen and a company did sue on the grounds of such a copy being made, then the defendant could probably successfully argue that the obvious knowledge of how software and computers works, which was posessed by both parties at the time of sale, constituted an implied agreement to allow such a copies. (if the seller didn't want these copies to be made, he could have refused to make the sale afterall)
Its basically a collorary in the other dirction of the idea that if you sell a product with knowledge that the purchaser intends to use it to commit a crime, then you are also guilty.
Your knowledge of his intent, gives you the ability, and in the case of a crime, the duty, to use that knowledge in your decision making. If you sell a gun to a man who says he is going to kill his wife, then you are an accomplice to murder, simply by selling it. If you sell software, you know its being purchased with the intent to be loaded into a PC, you are agreeing to allow it to be loaded into a PC simply by selling it.
However, it MAY be diferent, but in related issues...
There was an mp3 distribution case a few years ago that I was reading an article on. It was RIAA vs some dude who ran morpheus I think, one of those p2p programs anyway.
One o fthe interesting things in the article is that they mentioned that both sides agreed on one thing. The case was solely about distribution. They both agreed that the "fair use" right to actually load the mp3 into a player and listen to it was held by the plaintif... EVEN IF the mp3s were not obtained legally.
The law says "owner of a copy", and a copy is a copy even if illegally made. It wouldn't be a violation of copyright law to make it if it were otherwise.
Its obvious from before the point of sale that thats the only way that software can be used, and is its intended purpose... so there is already, from the very fact that its labeled and sold as software, an implied licence for exactly that.
One might argue that putting the EULA in makes that explicit, and thus should be able to dictate terms, but since the EULA is often not even visable until AFTER one has made the purchase (and thus entered into the implied agreement), so the EULA would be an attempt to unilatterally change a made agreement after the fact.
Even without that argument (being all it is, an argument that I just made up), I would even argue that fair use doctrine covers this, making a copy for personal use, never to distribute. The courts have ruled several times in favor of similar types of copying (the "time shifting" ruling isn't too far off, i don't think)
Sure we have NFS, and use it to good effect. I never said that it can't be done... just that the overhead involved is not, in my opinion, worth it.
however, whether you scp the directory over, or share it out via NFS... you are still doing a make install on every machine, AT BEST. (at worst your doing full compiles everywhere, whcih doesn't so much work with NFS unless you want to either do machines serially, or copy the directory locally)
You still have no registry of what file is installed where from what package (which a package manager gives you, or at least any one worth its salt, and even several that arn't).
I maintain that packages make much more sense in large corperate environments. Its not that you can't develop processes around source distribution, I just maintain that the benefits are few, and far outweighted by the costs.
Negligable performance increase, no security increase (unless you are personally auditing, in house, the code before you compile and install it), AND you miss out on the nice features of package management. Hardly a win there.
-Steve
Don't apologize, you hit the nail on the head.
You learn not to.
Yes, there are times when a source based distro is good. There are times when you NEED the level of control that it gives you.
Most jobs, in most environments don't. In fact, most sysadmins that I have seen just don't have the resources to exert that much control, or put that much love and care into every system.... nor should they.
I have said before, in specific cases (research computing clusters where you essentially have 3 machines, one of which is copied n times as "nodes" that can be reimaged from a new image pretty much at will - is the one case where I have really seen it used to good effect) source based distros are great. Of for your hobby machine, or you r laptop.
As soon as you start talking less about "running linux" and more about "deploying services", the focus shifts. Source based distros are a management nightmare in any manner of large or hetrogeneous environment.
Frankly, the majority of systems that I have had responsibility for havn't even had a compiler on them, never mind a full blown development environment, usually not even library headers.
Why? Because we don't want admins compiling code on just any box and tossing it in place. So, why make it easy for them to do so? Nothing should EVER EVER EVER be compiled on the production mail server, or the web server.... it should be compiled on the compiler machine, the dev box.
When you start making distinctions between the roles of boxes like that, as you should do in any larger environment, then you start to see the benefits of a source based distro melt away, and the real power of package management come into full effect.
Most linux users, the home user, will never see this. I know I didn't understand it until I had been doing it for a living for a few years.
-Steve
Do these guys even know what deplpoyment means?
They are not only wrong in their conclusion, but the article barely scratches the surface of the question.
Put simply, compiling software on your own is fine for a one off, or your desktop, or your hobby machine.ou.. or if you either a) need the latest wizbang features (and maybe can put up with the latest gobang bugs) or b) need really specific version control or c) can't find a precompiled package with the right ompile time options set.
Other than that, you should pretty much always use pre-built.
Sure, you can build your entire system from scratch if you like, libc on up. Why? The performance increase will be so minor that you will have to run benchmarks if you even want to be able to tell there was a change. You will then have to recompile everything you ever decide to update.
This strategy is a nightmare as the systems get more diverse and complex.
it also has nothing to do with deployment. Deployment is what you do after you have decided what you want and made it work once. Deployment is when you go and put it on some number of machines to do real work.
I would love to see them talk more about the differences in deployment. With precompiled packages from the os vendor, ala debian or redhat, its easy. You use apt-get or rpm and off you go. Maybe you even have a redhat network satalite or a local apt repository to give yourself more control. Then you can easily inject local packages or control the stream (no, sorry, I am NOT ready to upgrade to the new release)
but should you compile "most of the time"? hell no!
It is, in fact, the vast minority of software where you really need the latest features and or special compile options. Its the vast minority of the time where the performance increase will even be perceptable.
Why waste the time and cpu cycles? Takes over a day to get a full gentoo desktop going, and for what? I can have ubuntu installed and ready to go with a full desktop in maybe 2 hours.
Lets take the common scenario.... new openssl remote root exploit comes out. The email you read just basically said, in no uncertain terms, that half your network is now just waiting to be rooted by the next script kiddie who notices. Thats lets say... 50 machines.
Now your job is to deploy a new openssl to all these machines.
You could notice that the vulnerability came out in such a time frame that they allowed the OS vendors like debian to release fixes (often happens, if not they are usually out within a very reasonable time frame)... so you hit apt-get update && apt-get upgrade
or maybe you just promote the packgae into your repository, and let the automated updates deploy it for you. You go home, have a coffee, and be ready to log in remotly if anything goes tits up.
Now if you are hand compiling what do you do? Compile, test. And then um.... ahh... scp the dir to 49 machines and ssh in and do a make install on each?
How is this better than using a package manager again? Now you ahve dirs sitting around, you have to hope that your compile box is sufficiently similar to the other boxes that you didn't just add a library requirement (say because configure found that yoru dev box has libfuckmyshit.so installed and this neat new bits of openssl can make use of it)
How about when a box crashes and burns and you now need to take your lovingly handcrafted box, and rebuild it, and put all that lovingly compiles software back on it.
Fuck all that... give me a good binary distro any day of the week. I will hand compile when I HAVE to... and not before.
-Steve
Itg doesn't look anything like a cigger. The outside is far too white, and when was the last time you saw a chigger with blond hair?
Nope the chiggers I know tend to have light brown skin, and black hair. Not to mention, not so amazingly hairy about the arms either.
-Steve
I went through massive caffine withdrawls in High School once. It was horrid. After that I developed a different way of working with caffine.
Still to this day, I tend to like alot during the work day... but if I continue caffine past the end of the work day, its horrid for my sleep. (instead of awake to asleep in 5 minutes, it can take 2 hours, if i have even 1 cup of coffee within 5 hours or so of sleep)
Anyway, I tend to drink alot, until I hit the very first morning headache before my coffee... then I go cold turkey for at least a week. (unless i have a deadline or other reason to need to dip a little further into the addictive cycle, but I never let that last more than an extra day or two)
Its workign so far. Lately I have found half-caf to be key. I like to drink so much coffee that if I drink it full strength, then I am so buzzed by about 1 pm that I can't focus on anything, I am just jumpy and excited.
I dunno... its what works for me. I do have to wonder, how much of these heart effects were "coffee" specifically, and how many were just caffiene? Admittedly, for the average person, coffee is the most caffinated drink that they encounter, and most regularly, so even if it is caffine solely causing these effects, its still coffee doing it most of the time... but... it does beg the question, doesn't it?
-Steve
Yup annoying...
Just like I don't have an IDS that pages me on port scans...
my house doesn't have a doorbell either. You either knock and get lucky, or call me. If you don't know my number, chances are, I didn't want to open the door for you anyway.
Anyway...
-steve
> but that definition doesn't include retards, people in
> comas, or people under the age of (let's say around) 5
> years old.
Yah pretty much. However I would argue something closer to 2 or 3, have to cut it off somewhere and the beginings of learning language seem like a good cut off.
Coma? Well a person in a comma can recover. So I think we should generally let them. However, if their prognosis is that they wont recover or will be nearly brain dead.... then may as well call a spade a damned shovel and let them finish dieing.
Retards? Functional retards are one thing, but if they really just arn't ever going to be anything more than a burden on society, then I say treat them as pets. If their fammily wants them, or someone wants to adopt them, then fine. Certainly outlaw all manners of abusing them. However, otherwise, put them down.
Im all about valuing sentient beings, human, alien, or computer. However, it is not life (a mere chemical/biological process), its society. We all have to live together and share the worlds resources. Its simple social contract.
-Steve
I dunno, if port 139 is open... then port 139 is open. I should now be asked to second guess the owner of the machine?
I really think we need to shift the analogy a bit. A person who connects to a port and completes a TCP handshake has just made a connection to a process on the machine that was being made available.
This is more akin to entering your enclosed porch to ring your doorbell (assuming your doorbell is on the inside of the porch, rare, but ive seen it) than it is to comming into your house. Hes there, he can ring the bell, or ask your butler (the deamon) for service etc.
Its up to the deamon to turn them away now or grant them entrance. Now, if this was about compromising deamons, thats breaking in. I would contend that everything right up to the point of actually subverting an access control, is asinine to consider anything but innocuous.
-Steve
Of course we don't totally disagree here... the thing is, thats just a bad physical analogy. In fact, most analogies to the physical world break down pretty badly here.
The thing is, unlike walking down the street, you can't just glance around, back and forth, and see whats what. You can't say "oh thats a private residence" "oh thats a bar" "oh theres a function room". There are no street signs, or door bells, or much of anything.
However to use a physcial analogy. Sysadmins that call port scans "attacks" remind me of old people that never leave their house, but are always looking out the window and casting a jaundice eye on everything people do around them.
Always looking for some new boogyman to add some excitement to their otherwise mundane existance.
-Steve
Whereas I am of the other mind... port scans are so frickin common, who even cares anymore?
I mean its public. If you didn't want people to poke at the machine, you shouldn't have installed it on a public network?
Frankly, I see port scanning as a completly legitimate way of seeing what services a host offers to the public. The ONLY reasonable assumption to make when a machine is connected to the net, and responds with a valid tcp handshake, is that it was intended for net users to connect to it.
Maybe there is further access control, maybe there isn't. Certainly circumventing access control is another story entirly, however, just scanning for open ports, or connecting to them to see if there is a service there that is available to the public? I see absolutly nothing wrong with that.
Even if I did, who would really care? I have much better things to do than contact ISPs and bitch about people sending me packets. I will reserve that for when I actually catch someone trying to bypass access controls or pound some shell code through an exploit.
In fact, I get hit with enough failed attempts at exploits that its not even worth bothering. shit, the net just isn't a very safe place, it would be best if we just accept that and stop trying to pretend that its not.
frankly, everything this professor asked for should fall far below the level of normal noise on the network. Wake me up when he asks them to deploy a botnet.
-Steve
Theres a big difference here....
these machines are offering public services. All they are being asked to do is scan to see whats being publically offered, and check it out.
Not break in, not subvert the security, just check it out. Connect to the webserver and talk to it. No shell code, no expliots, just do a get request and read the fucking headers. This is all publically available info... hardly much different than walking up and down the street checking out peoples bumper stickers.
Frankly, if a machine is on the net, and it responds to a request to open a connection on a port with a valid handshake, then the ONLY REASONABLE ASSUMPTION is that this is INTENDED to be used by the public. If there are further locks keeping you out beyond that (logins with passwords, tokens etc) then... well thats that... but up to that point, you have to assume its ok to connect. This is a public network.
As an admin myself, I don't open up ports and make them publically accessable unless I damned well intend to do so. Then, I don't bitch about when people connect to them, or scan me.
Why complain about what you have no control over? Maybe you shouldn't have been a dumbass and set your IDS to alert you every time some dickhead port scans your network? Maybe if you are getting paged every 5 minutes because some innocuous packet entered your network to a port you didn't want it to, maybe...just maybe.... its your fault for setting up paging rules without investigating the situation and determining if it really is that important?
Maybe if its really so vital... you should firewall the fucker? or turn off the service? Or come up with access control rather than access complaints?
-Steve
I have to ask... ho wmuch is this a bad thing?
Perhaps this skew starts to happen because, freed from simple accountability (that is to say that as it becomes harder to associate you with your online identity, the bar is raised for holding you accountable, thus lowering the bar of what behaviour is safe for you to engage in)... people realise that some of our social norms, like not using phrases like "sloppy seconds" is well... silly.
I mean, these rules of social norms really serve no purpose. However in the "real world" where you may expect to be held "accountable" for certain things, one may be more conservative out of fear of reprisal than they really need to be. Perhaps in the relative anarchy of the "digital world", its not so much that we are getting more vulgar, but that we are realising that our standards for vulgarity are arbitrary and not really useful in any real way.
I always liked Chomsky's definition of anarchism as "the tendancy in human thought to oppose uneccissary forms of order". It seems appropriate here. Maybe some of the social norms that have grown up in the old climate just arn't as important as we assumed them to be, and the new more free situation of the internet is allowing people to transend these arbitrary rules that have long since ceased to have any real value (if they ever did)
Its like the people who want to give kids shit for "swearing". They say stupid things like "if you have to swear then you must have a small vocabulary"... so we are complaining about the size of ones vocabulary, and the implied answer is to remove words that function perfectly adequetly for expressing what we use them for... huh?
Why can't I get up in a buisness meeting and say "well this companies product is a peice of shit and we shouldn't choose it because..."
Sure I could have used a number o fphrases in my summary statement, but lets face it, everybody knows what shit is, and everybody knows what you do with shit... its a PERFECT analogy for what I think the product is worth and what we should do with it.
-Steve
I have always felt the problem here is one of terms.
"Human Life" What do we mean by that? I mean... if I scrape skin cells off my arm, live ones that is, is that not human life? If I culture my own skin cells in a petri dish, they have 46 chromosomes. Are they not human life?
Are they not every bit as much human life as a fetus? I am not aware of it ever having been written that All living things with 46 chromosomes are endowed by their creator certain inalienable human rights.
Simply I think we need to recognize that "human rights" are endowed by social contract. "In the wild" one has no rights, because there is nothing but the laws of physics to restrict you. Once you enter into society, in order to live with others, we make concessions, including ceeding to everyone else their own right to make their own decisions for themselevs.
A fetus has no mental capacity, cannot pass a turing test, in short, is not a member of society. Hence, has no rights. An injury to it, should be considered no different than any other injury to its hosts body, until such time as it is born and learns enough language to pass a turing test (thus raising the specter of internal consciousness)
I see human rights as ONLY arising from the intersection of that specter of consciousness and the needs of the people around to live in peace with eachother.
-Steve
I thought the entire discussion was whether tossing out a completly untestable hypothetical and ending it with a "maybe not" was an aacceptable argument.
Its complete fallacy. Would they have done it without violent video games? well fuck lets go get a time machine and test that one out.
May as well go back and test out aborting them... its an equally valid argument.
And its not about whether a fetus is a human life on abortion either. Its about whether a fetus deserves protection of "basic human rights". _I_ would argue that basic "rights" shouldn't be afforded to anything that can't pass a turing test (yes, I realise I am arguing that there is no moral problem with infanticide, and I mean that too)
-Steve
Yes.
I sort of assumed that it was more an issue of looking for a solution for a team of admins. You know... like I can put the cool tools I like in my home dir on all the machines I touch, but installing it for everyone else to use requires aproval.
Also, ssh macros shared on a team seems fine to me. Its still only triggered when an admin is using it, and its not installed on the machine. Nobody has to go in as root and start pushing files around (or tell the distribution engine to push it out to the machines)... you just pass it around to the admins as a tool that you use.
I guess whether its an appropriate solution or not depends as much on the details of the policy as anything else. Is it simply an end run around the policy? Its realy hard to tell from the question, honestly, I think its as much a misunderstanding about how ssh works as anything else.
-Steve
You are absolutly right... yet so absolutly wrong.
Evolution is a theory, or rather Natural Selection is a theory, evolution is kind of the name given to the overall progression of natural selection over time, but why split hairs? we know what we mean right?
Anyway, no theory is ever proven. A theory is just a model that explains all of the available data. Which evolution/natural selection has done quite admirably.
if anybody ever actually comes up with data to the contrary, then natural selection will need to either be replaced or modified to fit the new data.
Frankly though, I think that "evolution" is on aproximatly sturdier ground than current theories on gravitation.
-Steve
Man I wish I modd'd instead of posting these days, because thats the funniest post that I have read in a while.
Let me know when you find such a text with any statements more complicated than "shit happens".
-Steve
If an ape species goes extinct and nobody is there to classify it, do taxonomy students make a groan?
-Steve
No, he is managing machines where he has to get aproval before using that write access. Maybe you have heard terms like "change management" or "production support".
sure he could probably go and do it unilatterally, but thats a move that doesn't have alot of CYA in it. CYA is alot more important in some places than others.
That said its not all about CYA, sure change management processes are often slow, and tedious, and often seem pointless for small changes.... but... nobody ever made a system problem worst by documenting their work.
-Steve
Would you have responded to my post saying that these same kids wouldn't have done their deed if they had been aborted if you had been aborted? Definitly not!
> There is no requirement for laws to make sense however :)
Yes, but the law doesn't say that. He said you could make a case for implied license or an implied contract. Implied contract may be rare and somewhat interesting to make a case for in court, however, I think this is a strong case for one.
Afterall, its obvious just from how computers work, which both the purchaser and the seller obviously know (as one would have no need to buy and the other no ability to produce and sell without some level of such knowledge... even if that knowledge is limited to "I put the disk in the drive and click the button"), that anyone buying this is buying it explicitly for the purpose of running it in a computer.
Thus, if the absurd did happen and a company did sue on the grounds of such a copy being made, then the defendant could probably successfully argue that the obvious knowledge of how software and computers works, which was posessed by both parties at the time of sale, constituted an implied agreement to allow such a copies. (if the seller didn't want these copies to be made, he could have refused to make the sale afterall)
Its basically a collorary in the other dirction of the idea that if you sell a product with knowledge that the purchaser intends to use it to commit a crime, then you are also guilty.
Your knowledge of his intent, gives you the ability, and in the case of a crime, the duty, to use that knowledge in your decision making. If you sell a gun to a man who says he is going to kill his wife, then you are an accomplice to murder, simply by selling it. If you sell software, you know its being purchased with the intent to be loaded into a PC, you are agreeing to allow it to be loaded into a PC simply by selling it.
-Steve
However, it MAY be diferent, but in related issues...
There was an mp3 distribution case a few years ago that I was reading an article on. It was RIAA vs some dude who ran morpheus I think, one of those p2p programs anyway.
One o fthe interesting things in the article is that they mentioned that both sides agreed on one thing. The case was solely about distribution. They both agreed that the "fair use" right to actually load the mp3 into a player and listen to it was held by the plaintif... EVEN IF the mp3s were not obtained legally.
The law says "owner of a copy", and a copy is a copy even if illegally made. It wouldn't be a violation of copyright law to make it if it were otherwise.
-Steve
> If one individual wants to censor themself (whatever that
:)
> means) that's entirely different.
Actually theres a term for that... its called shutting the fuck up.
Would these same kids have done this thing if their mothers had aborted them as fetuses before birth? Definitly not!
-Steve
One would wonder if this is even needed.
Its obvious from before the point of sale that thats the only way that software can be used, and is its intended purpose... so there is already, from the very fact that its labeled and sold as software, an implied licence for exactly that.
One might argue that putting the EULA in makes that explicit, and thus should be able to dictate terms, but since the EULA is often not even visable until AFTER one has made the purchase (and thus entered into the implied agreement), so the EULA would be an attempt to unilatterally change a made agreement after the fact.
Even without that argument (being all it is, an argument that I just made up), I would even argue that fair use doctrine covers this, making a copy for personal use, never to distribute. The courts have ruled several times in favor of similar types of copying (the "time shifting" ruling isn't too far off, i don't think)
-Steve