First, we have no idea whether or not Comcast is technically doing bad things(tm) with our data or not. I'm glad they're not collecting it any more, but i never really cared in the first place. "You have no privacy... get over it."
Second, couldn't AOL technically be considered to do the exact same thing? Every web page you access on AOL is not direct but through AOL's proxies. That proxy is a store for pages and, though it's not necessarily tied to individual users, it certainly could be if they so desire. Is this what Comcast was doing? Or something similar?
I mean look at what AOL's proxies do. They:
a) Take a request from a user
b) Go out and gets that information
c) Hold a store of that information (so other users can access it in the future)
all you need is:
d) Store a record of who requested it
And you've got the exact same thing. And Comcast (claimed) that they never tied individual records to a single account... without the technical details on what each of them is doing, that's the same thing to me.
Ah, but you didn't need the source to do any of that! I'm not against open source (the open source mov't is another matter however... movements tend to be icky things with ideologies and much lameness). The fact of the matter is that if closed source programs were sufficiently customizeable, you'd be able to do everything you describe. Given open apis, you could easily write a patch for the processor, the video card, the OS that you happen to be running without seeing the source code once.
The other night I was compiling ytalk on a box and I couldn't figure out where it was getting the default IP from (i had recently changed IPs and it was using the old one). I did a find / -exec grep "my old ip" {} \; -print at one point i was so frustrated. Eventually I looked at the source code and found out it was getting it from the dns server that hadn't been correctly updated yet. Did source code solve my problem? YES. But did I need the source code to solve the problem? NO. In fact, two lines in the documentation somewhere would have solved it. Source code is one way of solving a lot of these problems but in many/most cases there are much easier ways. Why bother to recompile all of x86 when you could have a simple binary patch that works for your vid card?
Fine, maybe I'm a cynical corporate guy, but I'm pretty UNIMPRESSED with linux world as a whole. Linux on the mainframe = z/OS and nothing more. And that's all we're hearing! All day everyday, linux on the mainframe. Huge sections of the floor are curtained off, most of the sessions are half full. I'm sorry, but I'm more depressed than when I came here.
Except for the golden penguin, which was truly a nerd's delight, this doesn't bode well. It's all basically OEMs (where are the ISVs?!?) moving from HPUX/AIX/etc to Linux... which means forking and proprietary code soon enough.
I realize I may get flamed/labeled troll here, but this is too much. As much as/. bags on MS, we've NEVER allowed them to post a response right next to the article. Just because this is released under the GPL, we'll make a special exception? What about the kernel devs or the mutt developers when a bug comes out? Shouldn't they get a shot?
THEN the guy goes on to blame pppd and FreeSWAN which comes bundled with the product for using plain text passwords. Are you joking? If you want one that's secure write it yourself. I don't care who wrote the thing originally, if you want a secure product, then follow the openbsd model and check and recode every line yourself. We don't blame MS Indexing Server (the cause of many of the recent MS bugs), we blame IIS.
Of course... that's why you have to reinstall other software from your original disks as well... and all of your configuration is saved by the programs, automatically (unless a programmer went out of their way to not use standard windows APIs)
A bit off topic, to be sure, but it IS really easy to make a brutal error on Linux, much easier than on Windows.
I was deleting a package a few days ago, and I was in/etc and had to work under root permissions (using sudo). I typed something like the following command:
sudo rm -rf packagename *
thank the lord i caught it in time. Obviously the only difference between that and
sudo rm -rf packagename*
is only a space, but the damage is massive, unrepairable and only salvageable from a backup. And before everyone comes down and says "don't use -f" or "Turn on -i", be serious. It's just such a habit that you get into, and there's almost no room for error.
I used to do similar tests when it came to MacOS v. anything else. Let two people go at the Mac system and anything else on the alternate. Then have them switch computers and get it back to a running state. Mac always wins (all you need to do is boot with a system cd in the drive and hold down C and the machine is useable).
HOWEVER, if you have all original software and someone less than well versed in both systems, the situation you describe seems to favor the windows solution. I can do a reinstallation of all programs on Windows without losing my settings automatically just by using the CDs that came with the software. It takes some degree of knowledge to avoid doing that on Linux even with the original CDs. Additionally, I'd say the comparison isn't very fair. If you want a real comparison, drop a linked library allowing a feature of apache to run from the Linux box, and drop an important office DLL or some such from the Windows box.
Not to be a troll, but 1 and 3 are doable (and quite well) using UltimateTV. I had a TiVO and actually switched to UltimateTV for the those reasons PLUS:
Picture in Picture
UltimateTV Sports (you can see live box scores and alerts when teams get in the red zone for example)
30 Second skip ahead
Remote Recording (being able to log in to a website and tell it to record a show (i can't tell you how many times i've been at work and forgotten to record something at home)
Uh, you're dead wrong. Sun has the most restrictive NDAs when it comes to talking about hardware or software bugs. The ECC RAM issue is the most recent one which actually got out into the press.
I'm not trying to troll... do you have another source that says MS Windows was the problem? It doesn't even say what the problem was... it could have been a bunch of passwords set to "password" for all we know.
The problem is that RMS's position does not allow for this.
"If you write code then it is your responsibility to make it open" != "If you write the code, do whatever you want with it"
Disclaimer: I work for a company that writes code and makes money for it. I don't like RMS's position at all. I like the BSD license... if you want to make something publicly available, which I do from time to time, then do it and let people do whatever they want with it.
I am in no way saying the private prosecutors decision is correct or incorrect. HOWEVER,
You really can't do anything even remotely as you're suggestion. If that was the case the following people would go out of business: Everybody.
The first car off the line would be $200 M dollars, the second would be $500.
The first drug off the line would be $1 B, the second pill would be $0.01.
The first jacket off the line would be $500000, the second would be $12.
The first book off the line would be $5M, the second would be $1.
Companies MUST break out the cost and try and match revenue on future goods against past investments. What you'll never see is the 10 car models that got thrown into the garbage, the 1000 drug formulas that were rejected, the 15 lines of software which didn't make it off the cutting floor, etc. All companies are about IP in one way or another... just because the distribution model for this one lends itself to a very low COGS doesn't BY ITSELF mean that it's anymore right or wrong. This is not just a lawyer trick or an accounting bubble... MS internally and externally really evaluates that software they are giving away at the price at which they are claiming. The only question is whether or not the company would have been able to sell into those accounts at the price they claim. Even if 1/10th of them would have been sales, they're losing money. And this doesn't avoid the fact that $200M of the settlement is hardware, which MS doesn't even make.
I hate to bring general accounting practices into it BUT:
MS put thousands upon thousands of man hours, among other things, against the products that they are giving away. These things aren't free, and have to be amortized across the sale of the software. So fine that the CD and box are $0.01, that doesn't mean there's not a large cost for the software. Though margins are better on software than hardware, software margins are 50% not +NAN%.
Actually, that's a great point. I hadn't thought of that, and you're absolutely right. However, it doesn't make sense that that exploit should have been there as long as it was if the open source method was as accurate as it should have been about finding bugs.
One thing that MS does really well and Linux or the Linux community doesn't is test in a formalized way before it's released. Yes there are exceptions on both sides... but so much impetus is put on the hands of the users of the system with Linux to test and make sure the patch doesn't cause more problems. Unfortunately, I don't see a solution for that until Linux maintainers have giant server farms with many different configurations to test builds. Basically, the Linux theory is that if it compiles, it can be released. In the same way, I don't think you should penalize MS just for trying to make sure a patch fixes the bug and doesn't cause any more before releasing it. No amount speedy coders will ever solve that problem. In the same way you want to compare apples to apples, don't expect that a patch that comes out the same day has been tested to the same degree that one that has been sent through a server farm has.
I'm sorry, but I completely disagree with your position. I think the MS fellow is saying the following:
a) Publish name/products affected by the bug
b) Publish suggestions on how to fix it
c) Publish anything else that might help people stop the bug from proliferating
d) DO NOT publish step by step instructions for how to exploit! Pass that information to the people who need to alter the buffer/variable/etc that requires fixing and let them do it. How does the sysadmin knowing that you must do exactly x, y, and z to exploit help him do his job? Though Linux is popular, the vast majority of its users don't do kernel compilation or source editing.
This is exactly why a very popular bug and security list was restricted in the past few years. Simply suggesting that it's an open source v. closed source issue.
Further, I realize that this may be a massive troll, but I don't care:
My company can adopt a corporate policy that only open source software will be used for all mission critical systems because only open source has a proven track record of quick security fixes.
I don't agree with this at all. There was recently a local root exploit that had been in the kernel since 2.2.0... a fricken long time ago. I have yet to see a root level exploit in windows that has lasted even near as long before being patched. How do you explain the failure there? Simple, no one was assigned to fix it.
I suppose it won't stop the flames that I run Linux and FreeBSD (as well as win2k and winxp) and I'm rather fond of FreeBSD, but your arrogance is exactly what causes CIOs NOT to go to open source...
I realize that it lists commercial skip as part of the lawsuit, but i genuinely think that's just as red herring. ReplayTV didn't get sued before SonicBlue had this announcement, and UltimateTV (by MS) hasn't gotten sued, and both of those had this feature.
The crux of the issue is the same as you hear before/during and after every sporting event. Material broadcast is the property of the broadcaster... you cannot rebroadcast without expressed written permission by everyone involved. Just copyright law 101 (for better or worse). SonicBlue allows this, and SonicBlue is getting sued.
I haven't had to re-install Linux on any of the boxes I admin since we went to RH 6.2
I would consider a recompilation of the kernel to be a reinstallation. Not in difficulty, or time, but it is a reinstallation. If you haven't recompiled the kernel, then you're asking for trouble. Yes i know the difference between a local and a remote hole, but there are MANY remote holes in applications that give local priveledges, and from that it's a small step to getting rooted.
I've been running XP for a few months, and win2k since before that. I would say the majority of patches I have downloaded (automatically downloaded in XP:) do not require rebooting.
Slashdot Mirror
Second, couldn't AOL technically be considered to do the exact same thing? Every web page you access on AOL is not direct but through AOL's proxies. That proxy is a store for pages and, though it's not necessarily tied to individual users, it certainly could be if they so desire. Is this what Comcast was doing? Or something similar?
I mean look at what AOL's proxies do. They:
a) Take a request from a user
b) Go out and gets that information
c) Hold a store of that information (so other users can access it in the future)
all you need is:
d) Store a record of who requested it
And you've got the exact same thing. And Comcast (claimed) that they never tied individual records to a single account... without the technical details on what each of them is doing, that's the same thing to me.
Bungie was bought because:
a) They were going bankrupt and looking to sell
b) MS wanted a top flight gaming company to produce exclusives.
That's pretty much it.
Ah, but you didn't need the source to do any of that! I'm not against open source (the open source mov't is another matter however... movements tend to be icky things with ideologies and much lameness). The fact of the matter is that if closed source programs were sufficiently customizeable, you'd be able to do everything you describe. Given open apis, you could easily write a patch for the processor, the video card, the OS that you happen to be running without seeing the source code once.
The other night I was compiling ytalk on a box and I couldn't figure out where it was getting the default IP from (i had recently changed IPs and it was using the old one). I did a find / -exec grep "my old ip" {} \; -print at one point i was so frustrated. Eventually I looked at the source code and found out it was getting it from the dns server that hadn't been correctly updated yet. Did source code solve my problem? YES. But did I need the source code to solve the problem? NO. In fact, two lines in the documentation somewhere would have solved it. Source code is one way of solving a lot of these problems but in many/most cases there are much easier ways. Why bother to recompile all of x86 when you could have a simple binary patch that works for your vid card?
Flamesuit on.
Fine, maybe I'm a cynical corporate guy, but I'm pretty UNIMPRESSED with linux world as a whole. Linux on the mainframe = z/OS and nothing more. And that's all we're hearing! All day everyday, linux on the mainframe. Huge sections of the floor are curtained off, most of the sessions are half full. I'm sorry, but I'm more depressed than when I came here.
Except for the golden penguin, which was truly a nerd's delight, this doesn't bode well. It's all basically OEMs (where are the ISVs?!?) moving from HPUX/AIX/etc to Linux... which means forking and proprietary code soon enough.
That's because windows XP is not the server side OS. That's Windows.NET which will be coming out later this year.
You've got that backwards. MS has 1 security certificate, DB/2 has 0.
There is a standard gui to have ANY error deliver a customized page.
I realize I may get flamed/labeled troll here, but this is too much. As much as /. bags on MS, we've NEVER allowed them to post a response right next to the article. Just because this is released under the GPL, we'll make a special exception? What about the kernel devs or the mutt developers when a bug comes out? Shouldn't they get a shot?
THEN the guy goes on to blame pppd and FreeSWAN which comes bundled with the product for using plain text passwords. Are you joking? If you want one that's secure write it yourself. I don't care who wrote the thing originally, if you want a secure product, then follow the openbsd model and check and recode every line yourself. We don't blame MS Indexing Server (the cause of many of the recent MS bugs), we blame IIS.
I'm sorry but this is just terrible.
Of course... that's why you have to reinstall other software from your original disks as well... and all of your configuration is saved by the programs, automatically (unless a programmer went out of their way to not use standard windows APIs)
- sudo rm -rf packagename *
thank the lord i caught it in time. Obviously the only difference between that and- sudo rm -rf packagename*
is only a space, but the damage is massive, unrepairable and only salvageable from a backup. And before everyone comes down and says "don't use -f" or "Turn on -i", be serious. It's just such a habit that you get into, and there's almost no room for error.I used to do similar tests when it came to MacOS v. anything else. Let two people go at the Mac system and anything else on the alternate. Then have them switch computers and get it back to a running state. Mac always wins (all you need to do is boot with a system cd in the drive and hold down C and the machine is useable).
HOWEVER, if you have all original software and someone less than well versed in both systems, the situation you describe seems to favor the windows solution. I can do a reinstallation of all programs on Windows without losing my settings automatically just by using the CDs that came with the software. It takes some degree of knowledge to avoid doing that on Linux even with the original CDs. Additionally, I'd say the comparison isn't very fair. If you want a real comparison, drop a linked library allowing a feature of apache to run from the Linux box, and drop an important office DLL or some such from the Windows box.
Not to be a troll, but 1 and 3 are doable (and quite well) using UltimateTV. I had a TiVO and actually switched to UltimateTV for the those reasons PLUS:
Picture in Picture
UltimateTV Sports (you can see live box scores and alerts when teams get in the red zone for example)
30 Second skip ahead
Remote Recording (being able to log in to a website and tell it to record a show (i can't tell you how many times i've been at work and forgotten to record something at home)
Uh, you're dead wrong. Sun has the most restrictive NDAs when it comes to talking about hardware or software bugs. The ECC RAM issue is the most recent one which actually got out into the press.
In fact there was another bug that was absolu...
%2&;(
NO CARRIER
IE 6 behaves correctly by default as well (opens it in notepad).
That doesn't say windows.
I'm not trying to troll... do you have another source that says MS Windows was the problem? It doesn't even say what the problem was... it could have been a bunch of passwords set to "password" for all we know.
The problem is that RMS's position does not allow for this.
"If you write code then it is your responsibility to make it open" != "If you write the code, do whatever you want with it"
Disclaimer: I work for a company that writes code and makes money for it. I don't like RMS's position at all. I like the BSD license... if you want to make something publicly available, which I do from time to time, then do it and let people do whatever they want with it.
I am in no way saying the private prosecutors decision is correct or incorrect. HOWEVER,
You really can't do anything even remotely as you're suggestion. If that was the case the following people would go out of business: Everybody.
The first car off the line would be $200 M dollars, the second would be $500.
The first drug off the line would be $1 B, the second pill would be $0.01.
The first jacket off the line would be $500000, the second would be $12.
The first book off the line would be $5M, the second would be $1.
Companies MUST break out the cost and try and match revenue on future goods against past investments. What you'll never see is the 10 car models that got thrown into the garbage, the 1000 drug formulas that were rejected, the 15 lines of software which didn't make it off the cutting floor, etc. All companies are about IP in one way or another... just because the distribution model for this one lends itself to a very low COGS doesn't BY ITSELF mean that it's anymore right or wrong. This is not just a lawyer trick or an accounting bubble... MS internally and externally really evaluates that software they are giving away at the price at which they are claiming. The only question is whether or not the company would have been able to sell into those accounts at the price they claim. Even if 1/10th of them would have been sales, they're losing money. And this doesn't avoid the fact that $200M of the settlement is hardware, which MS doesn't even make.
I hate to bring general accounting practices into it BUT:
MS put thousands upon thousands of man hours, among other things, against the products that they are giving away. These things aren't free, and have to be amortized across the sale of the software. So fine that the CD and box are $0.01, that doesn't mean there's not a large cost for the software. Though margins are better on software than hardware, software margins are 50% not +NAN%.
you mean like java? if IBM got behind c# and used it elsewhere, would that make it any better for you?
Actually, that's a great point. I hadn't thought of that, and you're absolutely right. However, it doesn't make sense that that exploit should have been there as long as it was if the open source method was as accurate as it should have been about finding bugs.
One thing that MS does really well and Linux or the Linux community doesn't is test in a formalized way before it's released. Yes there are exceptions on both sides... but so much impetus is put on the hands of the users of the system with Linux to test and make sure the patch doesn't cause more problems. Unfortunately, I don't see a solution for that until Linux maintainers have giant server farms with many different configurations to test builds. Basically, the Linux theory is that if it compiles, it can be released. In the same way, I don't think you should penalize MS just for trying to make sure a patch fixes the bug and doesn't cause any more before releasing it. No amount speedy coders will ever solve that problem. In the same way you want to compare apples to apples, don't expect that a patch that comes out the same day has been tested to the same degree that one that has been sent through a server farm has.
I'm sorry, but I completely disagree with your position. I think the MS fellow is saying the following:
a) Publish name/products affected by the bug
b) Publish suggestions on how to fix it
c) Publish anything else that might help people stop the bug from proliferating
d) DO NOT publish step by step instructions for how to exploit! Pass that information to the people who need to alter the buffer/variable/etc that requires fixing and let them do it. How does the sysadmin knowing that you must do exactly x, y, and z to exploit help him do his job? Though Linux is popular, the vast majority of its users don't do kernel compilation or source editing.
This is exactly why a very popular bug and security list was restricted in the past few years. Simply suggesting that it's an open source v. closed source issue.
Further, I realize that this may be a massive troll, but I don't care:
My company can adopt a corporate policy that only open source software will be used for all mission critical systems because only open source has a proven track record of quick security fixes.
I don't agree with this at all. There was recently a local root exploit that had been in the kernel since 2.2.0... a fricken long time ago. I have yet to see a root level exploit in windows that has lasted even near as long before being patched. How do you explain the failure there? Simple, no one was assigned to fix it.
I suppose it won't stop the flames that I run Linux and FreeBSD (as well as win2k and winxp) and I'm rather fond of FreeBSD, but your arrogance is exactly what causes CIOs NOT to go to open source...
But look at who they're suing! They're not suing other people who have the content skip... they're only suing the ones who have the file sharing.
I realize that it lists commercial skip as part of the lawsuit, but i genuinely think that's just as red herring. ReplayTV didn't get sued before SonicBlue had this announcement, and UltimateTV (by MS) hasn't gotten sued, and both of those had this feature.
The crux of the issue is the same as you hear before/during and after every sporting event. Material broadcast is the property of the broadcaster... you cannot rebroadcast without expressed written permission by everyone involved. Just copyright law 101 (for better or worse). SonicBlue allows this, and SonicBlue is getting sued.
I haven't had to re-install Linux on any of the boxes I admin since we went to RH 6.2
:) do not require rebooting.
I would consider a recompilation of the kernel to be a reinstallation. Not in difficulty, or time, but it is a reinstallation. If you haven't recompiled the kernel, then you're asking for trouble. Yes i know the difference between a local and a remote hole, but there are MANY remote holes in applications that give local priveledges, and from that it's a small step to getting rooted.
I've been running XP for a few months, and win2k since before that. I would say the majority of patches I have downloaded (automatically downloaded in XP