Seconded. Other than a mention Windows 95 in the opening paragraph (dare I say, it's click bait?), the story has nothing to do with Windows at all. It is primarily about the possibility and consequences of cyber attacks against satellites.
"Pai's staff said that states and other localities do not have jurisdiction over broadband"
That's backwards. Federal agencies (FCC included) only have jurisdiction over interstate matters, not intrastate. So, the FCC has jurisdiction over the backbone but everything else including the "last mile" hop to the individual subscriber, is within state and local jurisdiction.
But alas, we have yet another case of a Federal agency exceeding its mandate, and states rights continue to evaporate. If only we could count on the Supreme Court to do its job and strike down bullshit like this.
> Is it time for the Electoral College to reflect the popular vote?
NO.
More importantly, do states rights still matter?
The Electoral College should vote the way the voters have indicated that they should. To do otherwise would betray the trust of the people that voted for them. Ideally we would do away with the Electoral College proxy voting nonsense and have a direct vote. But the Electoral vote allocation should stay the way it is.
A vote that reflects the statistically insignificant difference in the popular vote would send the message that states rights are indeed dead, and that heavily populated states like California and New York are now allowed to dictate policy for everyone else. Yes, Clinton did get a few more votes. But Trump got more states.
Does no one remember "tyranny of the majority" from civics class? Does no one remember why we have two houses in the Congress, one with equal representation per state (Senate) and one with population based representation (House of Representatives)? Do you think it is a coincidence that the Electoral votes per state is the sum of these two numbers?
> what is the best way to explain the need for this policy to colleagues less technically literate?
Secure Boot prevents your boot process from being hijacked. Why would you want to disable that? With shim and/or preloader and you can Secure Boot any OS that has a UEFI bootloader.
Not to rain on your parade, but the linked 'article' is complete and utter tripe. Not only is no proof offered of any wrongdoing, there aren't even any specific accusations. I can't believe any rational thinker would take it seriously. This isn't to say that Obama didn't do (whatever it is he's being accused of), just that there is nothing there that would allow one to make any sort of informed decision.
Hint: just because someone posts it on the Internet, doesn't mean its true.
Gotta call foul here. The dock appeared in Mac OS X, circa 2000. Older Macs (OS 9 and older) did not have a dock.
afaik the first appearance of the dock, was in NeXT. It is fairly common knowledge that much of OS X is derived from NeXT (also a Steve Jobs company, as other posters have pointed out), so its not surprising that it was carried over to OS X.
I agree RMS can be a bit of a nut sometimes, but this doesn't seem to be one of them.
His choice of words leaves a bit to be desired, but he's spot on pointing out the risks of cloud apps (vendor lock-in, lack of control, privacy risks). Its too bad he failed to acknowledge the upside, which is that in exchange for vendor lock-in, lack of control and privacy risks, people without the technical know-how (and/or other resources, such as time) to keep a computer up-and-running, now have the option to use applications hosted by someone who (maybe) does. The only thing thats new about "cloud" is that the app space has expanded beyond web hosting and colocation.
Looks like the screenshots have been removed. If you follow the link from the PC Authority article you get a 404, and they are nowhere to be found from the direct link.
If you visit the page, the information was not so much deleted as refactored. The old page had detailed bullet points after many of the paragraphs. The new page has split the detailed bullets to a second page (linked to at the bottom with a "read more" link) and then used the extra space to include information about positions on other technology issues (ex: biotech).
So, I believe it was tagged as "bad summary" (which seems appropriate to me) because the summary implies that the candidates positions have changed. This does not appear to be the case.
I know you were attempting to be sarcastic, but I wouldn't have any problem with that provided you didn't commit fraud by claiming medical credentials you don't have.
Bingo! That is the supposed role of government licensing requirements: How can Joe Average tell whether or not you are claiming credentials you don't have? The answer is he can't, but he might trust some official-looking papers from the government. It is the government's role in protecting its citizens from fraud that ultimately justifies licensing regulations.
They're too expensive, and not worth it. People want a warm fuzzy feeling.
And impossible. You forgot to mention impossible. Identity is not provable. All that is provable, is possession of a token (or, multiple tokens, such as access to email address, telephone, an apparently valid photo id...) that supposedly establishes identity. But most (all?) of these tokens can be faked. That's where trust comes in - sooner or later you have to blindly assume that an identity is genuine (if not for the token itself, then for the issuer of the token, or the issuer of the issuer...). So hang on to that warm fuzzy feeling. Its the best that we can hope for.
try to explain that to your average user. They want either "it's secure" or "it's not secure"
I've always felt that the messages SSH gives in this regard are pretty helpful, esp. the one it gives after you change the server key. While they may still be a little too much on the techie side, they are definitely on the right track.
otoh, the nonsense in some browsers give you (can't rem. if it was FF3 or IE7 or both), the "legitimate sites will not ask you to do this" message when encountering a self-signed cert... that is taking things in the wrong direction, IMO.
Matters a lot, actually. I'm certainly not current on California Labor Law, but afaik if you are salaried then you are probably also exempt. So no overtime for you! Hence the saying "salary is next to slavery".
As far as "slave labor is rampant in education" (great-grandparent post)... of the folks I've known over the years who work in education, I'm not convinced that educators are any more exploited than any other salaried worker. If anything, I think they are exploited less: I find that the 15 contact hours + 15 office hours FTE formula adds up to a lot more free time than the 10-12 hr day average I've seen in SW Eng (let alone those poor slobs who were subjected to "mandatory overtime"). And then there's getting the summer off...
If you read the seclists article (the second link), Mr. Spengler points out the following:
The Linux kernel has a formal policy in Documentation/SecurityBugs which states under Section 2 Disclosure: "We prefer to fully disclose the bug as soon as possible."
To the extent that this policy does exist, then Linus' position of 'they're just bugs' is clearly a problem. I don't see how you can treat them as 'regular bugs' and still have any hope of full disclosure. Put another way, if no one sees a problem with Linus' way of doing things, then it is simply untrue that Linux has a full disclosure policy.
The FA claim of "security by obscurity" seems a little much, IMO. It seems we're not talking about intentionally hiding security problems as much as lax adherence to the full disclosure policy.
Thanks for the link, it made for an interesting read.
The "allowed by POSIX" argument is amusing given that if you flip the manual page (in the linked POSIX site) over to seekdir it clearly states that seekdir(telldir()) works as the Samba code needed it to.
Ah well, at least the fix finally happened three years later.
I use S3 to mirror some of the larger files from my website. Costs me like $.07 a month. Your S3 files are accessible via a public facing URL, so any content you have that is client-side would only need S3. Also, any files you post are automatically accessible using BitTorrent as well. Last, it might interest you to know, that Linden Labs used S3 to rollout one of their more recent updates to the Second Life client.
I've been eyeing EC2 for awhile now, for this reason: I get more control of the configuration than with a typical VPS. For me, the appeal here is that I prefer Gentoo Linux to other distros, and it isn't easy to find ISP's that support Gentoo. Also, there is a nice comfort factor in knowing that if the hardware on which the instance is running fails, then it should be a "simple" matter of bringing up another instance to bring the server live again (provided the S3 storage that hosts the VM image didn't die as well...).
As for single point of failure... I don't see Amazon as any less reliable than other ISP's. On the contrary, I think that as a company Z is much more likely to be around than some fly-by-night hosting company. As for why they do it, my understanding is that they're renting out the extra capacity of their own server farm. So its very close to free money for them. Sure they could pull the plug on that, but so could any other ISP.
I have my doubts about this whole story. I question Barrett's motives. For the simple reason that the only way to find out that Paypal doesn't like Safari is to read the InfoWorld article and his quote. If you login to Paypal using Safari... nothing. Not a peep. No mail in your inbox, either. Seems to me that if Paypal really felt strongly about Safari they'd do a little more than that. But they don't. All we have is Barrett's quote. Which makes me wonder he's really after. And to me, the most plausible thing, is that as an EV early adopter, he's evangelizing how great EV is. Or maybe he has MSFT stock. Dunno. At any rate, if the user isn't looking at the URL bar in the first place, I don't know what difference it would make if it was green or not.
And don't even get me started on how effective I think the whole "keep a list of the bad guys" approach is.
My sentiments exactly! I wish I had mod points right now...
I, too, used to use MT when it was free, and I, too, remember feeling betrayed when they got greedy and started charging for it. And I agree, I wouldn't trust any promises Six Apart makes about it staying FOSS forever. They've blown their credibility on that score.
As the saying goes, "fool me once, shame on you; fool me twice, shame on me".
Slashdot Mirror
Seconded. Other than a mention Windows 95 in the opening paragraph (dare I say, it's click bait?), the story has nothing to do with Windows at all. It is primarily about the possibility and consequences of cyber attacks against satellites.
"Pai's staff said that states and other localities do not have jurisdiction over broadband"
That's backwards. Federal agencies (FCC included) only have jurisdiction over interstate matters, not intrastate. So, the FCC has jurisdiction over the backbone but everything else including the "last mile" hop to the individual subscriber, is within state and local jurisdiction.
But alas, we have yet another case of a Federal agency exceeding its mandate, and states rights continue to evaporate.
If only we could count on the Supreme Court to do its job and strike down bullshit like this.
...and only criminals will have privacy.
> Tyranny of the minority is better?
I'll take "tyranny" of the minority over mob rule anytime.
> Is it time for the Electoral College to reflect the popular vote?
NO.
More importantly, do states rights still matter?
The Electoral College should vote the way the voters have indicated that they should. To do otherwise would betray the trust of the people that voted for them. Ideally we would do away with the Electoral College proxy voting nonsense and have a direct vote. But the Electoral vote allocation should stay the way it is.
A vote that reflects the statistically insignificant difference in the popular vote would send the message that states rights are indeed dead, and that heavily populated states like California and New York are now allowed to dictate policy for everyone else. Yes, Clinton did get a few more votes. But Trump got more states.
Does no one remember "tyranny of the majority" from civics class? Does no one remember why we have two houses in the Congress, one with equal representation per state (Senate) and one with population based representation (House of Representatives)? Do you think it is a coincidence that the Electoral votes per state is the sum of these two numbers?
> what is the best way to explain the need for this policy to colleagues less technically literate?
Secure Boot prevents your boot process from being hijacked. Why would you want to disable that?
With shim and/or preloader and you can Secure Boot any OS that has a UEFI bootloader.
More accidents than expected? Really? Any programmer worth their salt saw this coming a mile away...
Actually Obama does the same and he's not even president. (yet ?)
Not to rain on your parade, but the linked 'article' is complete and utter tripe. Not only is no proof offered of any wrongdoing, there aren't even any specific accusations. I can't believe any rational thinker would take it seriously. This isn't to say that Obama didn't do (whatever it is he's being accused of), just that there is nothing there that would allow one to make any sort of informed decision.
Hint: just because someone posts it on the Internet, doesn't mean its true.
Gotta call foul here. The dock appeared in Mac OS X, circa 2000. Older Macs (OS 9 and older) did not have a dock.
afaik the first appearance of the dock, was in NeXT. It is fairly common knowledge that much of OS X is derived from NeXT (also a Steve Jobs company, as other posters have pointed out), so its not surprising that it was carried over to OS X.
I agree RMS can be a bit of a nut sometimes, but this doesn't seem to be one of them.
His choice of words leaves a bit to be desired, but he's spot on pointing out the risks of cloud apps (vendor lock-in, lack of control, privacy risks). Its too bad he failed to acknowledge the upside, which is that in exchange for vendor lock-in, lack of control and privacy risks, people without the technical know-how (and/or other resources, such as time) to keep a computer up-and-running, now have the option to use applications hosted by someone who (maybe) does. The only thing thats new about "cloud" is that the app space has expanded beyond web hosting and colocation.
Looks like the screenshots have been removed. If you follow the link from the PC Authority article you get a 404, and they are nowhere to be found from the direct link.
If you visit the page, the information was not so much deleted as refactored. The old page had detailed bullet points after many of the paragraphs. The new page has split the detailed bullets to a second page (linked to at the bottom with a "read more" link) and then used the extra space to include information about positions on other technology issues (ex: biotech).
So, I believe it was tagged as "bad summary" (which seems appropriate to me) because the summary implies that the candidates positions have changed. This does not appear to be the case.
I know you were attempting to be sarcastic, but I wouldn't have any problem with that provided you didn't commit fraud by claiming medical credentials you don't have.
Bingo! That is the supposed role of government licensing requirements: How can Joe Average tell whether or not you are claiming credentials you don't have? The answer is he can't, but he might trust some official-looking papers from the government. It is the government's role in protecting its citizens from fraud that ultimately justifies licensing regulations.
They're too expensive, and not worth it. People want a warm fuzzy feeling.
And impossible. You forgot to mention impossible. Identity is not provable. All that is provable, is possession of a token (or, multiple tokens, such as access to email address, telephone, an apparently valid photo id...) that supposedly establishes identity. But most (all?) of these tokens can be faked. That's where trust comes in - sooner or later you have to blindly assume that an identity is genuine (if not for the token itself, then for the issuer of the token, or the issuer of the issuer...). So hang on to that warm fuzzy feeling. Its the best that we can hope for.
try to explain that to your average user.
They want either "it's secure" or "it's not secure"
I've always felt that the messages SSH gives in this regard are pretty helpful, esp. the one it gives after you change the server key. While they may still be a little too much on the techie side, they are definitely on the right track.
otoh, the nonsense in some browsers give you (can't rem. if it was FF3 or IE7 or both), the "legitimate sites will not ask you to do this" message when encountering a self-signed cert... that is taking things in the wrong direction, IMO.
Matters a lot, actually. I'm certainly not current on California Labor Law, but afaik if you are salaried then you are probably also exempt. So no overtime for you! Hence the saying "salary is next to slavery".
As far as "slave labor is rampant in education" (great-grandparent post)... of the folks I've known over the years who work in education, I'm not convinced that educators are any more exploited than any other salaried worker. If anything, I think they are exploited less: I find that the 15 contact hours + 15 office hours FTE formula adds up to a lot more free time than the 10-12 hr day average I've seen in SW Eng (let alone those poor slobs who were subjected to "mandatory overtime"). And then there's getting the summer off...
If you read the seclists article (the second link), Mr. Spengler points out the following:
The Linux kernel has a formal policy in Documentation/SecurityBugs which
states under Section 2 Disclosure:
"We prefer to fully disclose the bug as soon as possible."
To the extent that this policy does exist, then Linus' position of 'they're just bugs' is clearly a problem. I don't see how you can treat them as 'regular bugs' and still have any hope of full disclosure. Put another way, if no one sees a problem with Linus' way of doing things, then it is simply untrue that Linux has a full disclosure policy.
The FA claim of "security by obscurity" seems a little much, IMO. It seems we're not talking about intentionally hiding security problems as much as lax adherence to the full disclosure policy.
I'd be real surprised if this actually makes it to court. Its much more likely to settle.
Given that the exploit requires ARD the 50% statistic seems unlikely to me. At the very least, I seem to be in the other 50%:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: Connection is invalid. (-609)
Thanks for the link, it made for an interesting read. The "allowed by POSIX" argument is amusing given that if you flip the manual page (in the linked POSIX site) over to seekdir it clearly states that seekdir(telldir()) works as the Samba code needed it to. Ah well, at least the fix finally happened three years later.
I use S3 to mirror some of the larger files from my website. Costs me like $.07 a month. Your S3 files are accessible via a public facing URL, so any content you have that is client-side would only need S3. Also, any files you post are automatically accessible using BitTorrent as well. Last, it might interest you to know, that Linden Labs used S3 to rollout one of their more recent updates to the Second Life client.
I've been eyeing EC2 for awhile now, for this reason: I get more control of the configuration than with a typical VPS. For me, the appeal here is that I prefer Gentoo Linux to other distros, and it isn't easy to find ISP's that support Gentoo. Also, there is a nice comfort factor in knowing that if the hardware on which the instance is running fails, then it should be a "simple" matter of bringing up another instance to bring the server live again (provided the S3 storage that hosts the VM image didn't die as well...).
As for single point of failure... I don't see Amazon as any less reliable than other ISP's. On the contrary, I think that as a company Z is much more likely to be around than some fly-by-night hosting company. As for why they do it, my understanding is that they're renting out the extra capacity of their own server farm. So its very close to free money for them. Sure they could pull the plug on that, but so could any other ISP.
I have my doubts about this whole story. I question Barrett's motives. For the simple reason that the only way to find out that Paypal doesn't like Safari is to read the InfoWorld article and his quote. If you login to Paypal using Safari... nothing. Not a peep. No mail in your inbox, either. Seems to me that if Paypal really felt strongly about Safari they'd do a little more than that. But they don't. All we have is Barrett's quote. Which makes me wonder he's really after. And to me, the most plausible thing, is that as an EV early adopter, he's evangelizing how great EV is. Or maybe he has MSFT stock. Dunno. At any rate, if the user isn't looking at the URL bar in the first place, I don't know what difference it would make if it was green or not.
And don't even get me started on how effective I think the whole "keep a list of the bad guys" approach is.
My sentiments exactly! I wish I had mod points right now...
I, too, used to use MT when it was free, and I, too, remember feeling betrayed when they got greedy and started charging for it. And I agree, I wouldn't trust any promises Six Apart makes about it staying FOSS forever. They've blown their credibility on that score.
As the saying goes, "fool me once, shame on you; fool me twice, shame on me".
That's what Yoda would say to him.