I think you post proves that an incompetent windows user can be an incompetent linux user.
I second this part. The main point of failure with computer security is the user, and the main point of failure with the user is lack of training, or unwillingness to apply common sense when behind the keyboard. Hands up all of you have had had at least one user who insisted on clicking links or running every funny program or opening every bloody email attachment or (god forbid but it happens) have sent money to that nigerian prince or even "updated" their banking details on that site in that link.
You can make the system as safe as possible, but the point of failure will need to be addressed and I submit that is nearly impossible, if not entirely impossible.
The catch is that you need to KNOW these commands. I spend a lot of time in terminal personally, but I can think that someone who does not know will struggle.
+1 for lynx, absolutely killer for testing a website from remote servers via ssh if you are to lazy to telnet to:80 and call up the page source from there...
Is that sustained speed or burst speed? I heard (way back in my youth in Biology class or... somewhere) that they reach these speeds in short bursts or when changing direction.
Well the shipping container does not HAVE to be brought ashore. In a busy port it can be detonated while on the ship. Granted you cut your kill radius basically in half (the area facing the sea will have less damage then the side where the land is) it is still a potent statement.
Also, taking out a busy seaport could have the added economic impact of taking a trade-port out of comission for a few years. Do it near manhattan (I have no idea if there are large ports there...) and you could do serious damage with a container loaded onto a tugboat and driven to a convenient spot...
the THEY you are referring to are the uninformed masses. THEY have the buying power and THEY generally trust the large corporations more than they trust the informed among us, because there is a mentality of "If I saw it on TV (or amazon.com for that matter) it MUST be more trustworthy than the neighbourhood geek"
Sigh... we geeks really have to work on our marketing... we need an image consultant!
You forget that Canonical has a rather close relationship with Google - notice how they provided developers to help out with the ChromeOS release. It is not much of a stretch to believe that Google might reciprocate in some way by providing resources, code or even finished product to Canonical.
You are referencing a SCRIPT that was MEANT TO DO HARM.
There is a difference. The "malware" was really a simple script that asked for root before it got installed and used pre-installed programs that are available in the Ubuntu install to ping a server and download a file from another to do... something nefarious.
The easiest fix in the case of that script would be to force wget to launch with a tty attached instead of being launched in the background. Presto you have plugged a hole that this script exploited right there.
Security holes will be found continuously, by both sides of the fight - it is just up to who finds them first that dictates which way that scenario goes. Now if you compare the proprietary vs the open source software vendor's security track records you will note that the OSS guys are doing rather better than the proprietary guys.
Why? In OSS the source is available for those who protect AS WELL AS those who exploit, yet the exploits are less, and are patched quicker. In proprietary land the source is available ONLY to the vendors - yet exploits abound.
Another point is that you are comparing a targeted attack on a discovered weakness to a possible software bug that migh cause problems in the future.
Also, you forget that in the case we are discussing the fix HAS to come from Microsoft - they responded admirably quickly with a hotfix btw - but in the case of OpenOffice (for instance) you would be able to implement fixes from a larger number of vendors, or their partners or well meaning codesmiths all over the world.
The odds just favour OSS in this scenario to perform better, and to be fixed quicker if something breaks.
I was about to type out a long post extolling the virtues of... erm... something... and then I blinked back to my screen and realised I had just envisaged what a mistake like this from an upstream supplier (in this case Microsoft) would have on my work day.
I am in IT and I would have had hundreds of phonecalls for this by now, and it is only 09:24... sheesh to apply a hotfix like this to all my clients...
woops there I went again imagining what this would mean for my workday... I can't actually say that any of our clients use the RMS service on their office documents.
Wowee, dodged a bullet there.
Good luck to all the IT grunts out there in the trenches trying to get this fixed right now...
My boss has one he uses while going motorbiking, not identical to this one mind you - his has got the swively touchscreen, GPS and a more powerful processor than that one, a dual core joppie of some kind (I havent worked with that one in a while so the exact processor specs elude me.)
You want to protect your kids? Great, go do it. Leave the rest of us the fuck alone and stop pushing your responsibility on other people.
Did you read the bloody rest of my post?
Let me help you out there: "That said, protecting my kids begins with my parenting - if I sit back and let laws do my parenting then I am just as culpable if they get hurt as the person who hurts them, my kids are my responsibility after all, I need to take their well-being to heart and not expect government to do my job for me. Sure laws are necessary, and government obviously has a role to play in the well-being of my kids, but the buck stops with me."
Goodness - I hate it when people read the first line of a post and start jumping to bloody conclusions.
I agree with the way you allowed your kids to go on the internet or not. That is responsible parenting. I will do the same. I said as much in my post.
Well I agree, that's why I said "the buck stops with me" I do not believe that parenting my children should be left to the state while I sit back and do nothing.
Of course this started with good intentions. It might be miss directed, and like the rest of my post (which I doubt you read) gets at, there are better ways of protecting kids.
Good point. Lending help with a kids computer via an IRC chat session could suddenly get very dangerous, and without defining what a conversation is the Ubuntu help forums (to name an example that came readily to mind, please don't stone me) could suddenly land a lot of people in trouble...
I have two kids and this is one of those well intentioned potentially good laws. I would want my kids protected as much as possible while they are online, and in "real" life.
I do think though that this is like the death penalty - it is approached from the wrong end, take the death penalty as a metaphor for this law: (I copied this verbatim from a post on the death of the DC sniper over at godgab.org)
I think when people thing "deterrence" they think to far up the chain of human reasoning.
Death penalty or lifelong imprisonment are likely consequences of getting found guilty, and getting found guilty is a likely consequence of getting caught.
So for the average person the death penalty or lifelong imprisonment does not factor in their thinking when committing a crime, they think "will I get caught?"
Increasing the possibility of getting caught will have a greater impact on a person's decision to commit a crime than would increasing the possibility of getting the death penalty.
You see, if a person has a reasonable expectation that they will not get caught after committing a crime, the threat of death upon getting caught does not factor in their thinking. It's almost like Maslow's hierarchy of needs. There is a hierarchy in every person's chain of thought, and the same holds for a criminal.
I would suggest loosely that it goes something like this:
Commit crime:
1. What stops me from committing it in society? (Is crime acceptable in society? What will the societal impact be of being a known criminal? Do I need to commit a crime to survive/fulfil my needs/etc? Has a demographic engendered hate in me (i.e. racism) that I want to commit a crime against them (i.e. murder)) 2. What stops me from committing it in this situation? (Security measures, time of day, my immediate needs etc.) 3. What is the likelihood of me being caught? (Effective policing, alert population) 4. What is likely to happen if I get caught during the act? (Is my victim armed, are there others close by to help the victim?) 5. What is likely to happen if I get caught after the fact? (Effective legal system) 6. What is my likely punishment? (Life in prison, death penalty?)
So you see, I think the death penalty or not argument is a waste of time. The problem of crime should be approached in a hierarchy from the basic deterrents to the eventual punishment. The punishment alone is not a deterrent, and will never be unless the other pieces of the puzzle have been filled in.
So there you have it. Writing new laws to threaten pedophiles with has no bearing on the crime if there is no reasonable expectation of getting caught. That said, protecting my kids begins with my parenting - if I sit back and let laws do my parenting then I am just as culpable if they get hurt as the person who hurts them, my kids are my responsibility after all, I need to take their well-being to heart and not expect government to do my job for me. Sure laws are necessary, and government obviously has a role to play in the well-being of my kids, but the buck stops with me.
Slashdot Mirror
Oh bravo! THAT is brilliant.
Ironic.
I opened all the links in the summary, gave them a cursory glance and spent the rest of the last hour reading bash.org...
I think you post proves that an incompetent windows user can be an incompetent linux user.
I second this part. The main point of failure with computer security is the user, and the main point of failure with the user is lack of training, or unwillingness to apply common sense when behind the keyboard. Hands up all of you have had had at least one user who insisted on clicking links or running every funny program or opening every bloody email attachment or (god forbid but it happens) have sent money to that nigerian prince or even "updated" their banking details on that site in that link.
You can make the system as safe as possible, but the point of failure will need to be addressed and I submit that is nearly impossible, if not entirely impossible.
UH, to visit an attack page you still need to click on something.
AH. I missed it.
The catch is that you need to KNOW these commands. I spend a lot of time in terminal personally, but I can think that someone who does not know will struggle.
+1 for lynx, absolutely killer for testing a website from remote servers via ssh if you are to lazy to telnet to :80 and call up the page source from there...
You watch All My Children!?
Dude...
Is that sustained speed or burst speed? I heard (way back in my youth in Biology class or... somewhere) that they reach these speeds in short bursts or when changing direction.
Well the shipping container does not HAVE to be brought ashore. In a busy port it can be detonated while on the ship. Granted you cut your kill radius basically in half (the area facing the sea will have less damage then the side where the land is) it is still a potent statement.
Also, taking out a busy seaport could have the added economic impact of taking a trade-port out of comission for a few years. Do it near manhattan (I have no idea if there are large ports there...) and you could do serious damage with a container loaded onto a tugboat and driven to a convenient spot...
Hey! I actually read that journal entry before!
the THEY you are referring to are the uninformed masses. THEY have the buying power and THEY generally trust the large corporations more than they trust the informed among us, because there is a mentality of "If I saw it on TV (or amazon.com for that matter) it MUST be more trustworthy than the neighbourhood geek"
Sigh... we geeks really have to work on our marketing... we need an image consultant!
While I agree that Google would be able to repackage stuff if need be, I disagree with your statement that all Canonical does is repackage stuff.
It might be a large part of what they do, but they write a lot of new code as well.
Unless that is exactly what you meant when you said "typically"
You forget that Canonical has a rather close relationship with Google - notice how they provided developers to help out with the ChromeOS release. It is not much of a stretch to believe that Google might reciprocate in some way by providing resources, code or even finished product to Canonical.
You are referencing a SCRIPT that was MEANT TO DO HARM.
There is a difference. The "malware" was really a simple script that asked for root before it got installed and used pre-installed programs that are available in the Ubuntu install to ping a server and download a file from another to do... something nefarious.
The easiest fix in the case of that script would be to force wget to launch with a tty attached instead of being launched in the background. Presto you have plugged a hole that this script exploited right there.
Security holes will be found continuously, by both sides of the fight - it is just up to who finds them first that dictates which way that scenario goes. Now if you compare the proprietary vs the open source software vendor's security track records you will note that the OSS guys are doing rather better than the proprietary guys.
Why? In OSS the source is available for those who protect AS WELL AS those who exploit, yet the exploits are less, and are patched quicker. In proprietary land the source is available ONLY to the vendors - yet exploits abound.
Another point is that you are comparing a targeted attack on a discovered weakness to a possible software bug that migh cause problems in the future.
Also, you forget that in the case we are discussing the fix HAS to come from Microsoft - they responded admirably quickly with a hotfix btw - but in the case of OpenOffice (for instance) you would be able to implement fixes from a larger number of vendors, or their partners or well meaning codesmiths all over the world.
The odds just favour OSS in this scenario to perform better, and to be fixed quicker if something breaks.
I don't know either, but whoever did is very upset right now, and I bet so is their IT support.
I was about to type out a long post extolling the virtues of... erm... something... and then I blinked back to my screen and realised I had just envisaged what a mistake like this from an upstream supplier (in this case Microsoft) would have on my work day.
I am in IT and I would have had hundreds of phonecalls for this by now, and it is only 09:24... sheesh to apply a hotfix like this to all my clients...
woops there I went again imagining what this would mean for my workday... I can't actually say that any of our clients use the RMS service on their office documents.
Wowee, dodged a bullet there.
Good luck to all the IT grunts out there in the trenches trying to get this fixed right now...
Well the smaller sony laptops certainly qualify don't you think?
Here is an example from a google search: http://www.google.com/products/catalog?hl=en&safe=off&q=sony+laptops&cid=13362534904527965375&sa=title#p
(Apologies for the ugly linkage)
My boss has one he uses while going motorbiking, not identical to this one mind you - his has got the swively touchscreen, GPS and a more powerful processor than that one, a dual core joppie of some kind (I havent worked with that one in a while so the exact processor specs elude me.)
Good enough?
Fair enough.
I really like how you manage the internet in your house. Sadly I think this is happening less and less these days.
Cheers.
You want to protect your kids? Great, go do it. Leave the rest of us the fuck alone and stop pushing your responsibility on other people.
Did you read the bloody rest of my post?
Let me help you out there: "That said, protecting my kids begins with my parenting - if I sit back and let laws do my parenting then I am just as culpable if they get hurt as the person who hurts them, my kids are my responsibility after all, I need to take their well-being to heart and not expect government to do my job for me. Sure laws are necessary, and government obviously has a role to play in the well-being of my kids, but the buck stops with me."
Goodness - I hate it when people read the first line of a post and start jumping to bloody conclusions.
I agree with the way you allowed your kids to go on the internet or not. That is responsible parenting. I will do the same. I said as much in my post.
heck!
Well I agree, that's why I said "the buck stops with me" I do not believe that parenting my children should be left to the state while I sit back and do nothing.
haha had much coffee lately?
Of course this started with good intentions. It might be miss directed, and like the rest of my post (which I doubt you read) gets at, there are better ways of protecting kids.
Good point. Lending help with a kids computer via an IRC chat session could suddenly get very dangerous, and without defining what a conversation is the Ubuntu help forums (to name an example that came readily to mind, please don't stone me) could suddenly land a lot of people in trouble...
I have two kids and this is one of those well intentioned potentially good laws. I would want my kids protected as much as possible while they are online, and in "real" life.
I do think though that this is like the death penalty - it is approached from the wrong end, take the death penalty as a metaphor for this law: (I copied this verbatim from a post on the death of the DC sniper over at godgab.org)
I think when people thing "deterrence" they think to far up the chain of human reasoning.
Death penalty or lifelong imprisonment are likely consequences of getting found guilty, and getting found guilty is a likely consequence of getting caught.
So for the average person the death penalty or lifelong imprisonment does not factor in their thinking when committing a crime, they think "will I get caught?"
Increasing the possibility of getting caught will have a greater impact on a person's decision to commit a crime than would increasing the possibility of getting the death penalty.
You see, if a person has a reasonable expectation that they will not get caught after committing a crime, the threat of death upon getting caught does not factor in their thinking. It's almost like Maslow's hierarchy of needs. There is a hierarchy in every person's chain of thought, and the same holds for a criminal.
I would suggest loosely that it goes something like this:
Commit crime:
1. What stops me from committing it in society? (Is crime acceptable in society? What will the societal impact be of being a known criminal? Do I need to commit a crime to survive/fulfil my needs/etc? Has a demographic engendered hate in me (i.e. racism) that I want to commit a crime against them (i.e. murder))
2. What stops me from committing it in this situation? (Security measures, time of day, my immediate needs etc.)
3. What is the likelihood of me being caught? (Effective policing, alert population)
4. What is likely to happen if I get caught during the act? (Is my victim armed, are there others close by to help the victim?)
5. What is likely to happen if I get caught after the fact? (Effective legal system)
6. What is my likely punishment? (Life in prison, death penalty?)
So you see, I think the death penalty or not argument is a waste of time. The problem of crime should be approached in a hierarchy from the basic deterrents to the eventual punishment. The punishment alone is not a deterrent, and will never be unless the other pieces of the puzzle have been filled in.
So there you have it. Writing new laws to threaten pedophiles with has no bearing on the crime if there is no reasonable expectation of getting caught. That said, protecting my kids begins with my parenting - if I sit back and let laws do my parenting then I am just as culpable if they get hurt as the person who hurts them, my kids are my responsibility after all, I need to take their well-being to heart and not expect government to do my job for me. Sure laws are necessary, and government obviously has a role to play in the well-being of my kids, but the buck stops with me.
Never bought it bro. I was responding to the comment. But good on you for calling me an idiot just to defend Microsoft.
And mindless microsoft bash yourself - it is a valid point.